中小型企业网网络搭建ensp模拟
本期模拟中小型企业的万能组网,该场景为总部与分部之间的跨运营商互访,如果拆开来,就是小型企业的内网环境,技术可以任意搭配
场景1:总部部署STP\RSTP\VRRP\OSPF\静态,基于防火墙的GRE VPN\IPSEC VPN、NAT
场景2:总部部署STP\MSTP\VRRP负载\OSPF\静态,基于防火墙的GRE VPN\IPSEC VPN、NAT
场景3:只有总部,没有分部,部署STP\MSTP\VRRP负载\OSPF\静态,基于防火墙的NAT
本期模拟的是场景2,选配GRE隧道方式实现总部与分部之间访问,灰色区域为接入层设备,橘色为核心层设备,直接上配置
总部接入层配置
sysname sw1
#
vlan batch 10
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
总部核心交换机1
#
sysname HX-1
#
vlan batch 10 20 30 40 100
#
stp instance 1 root primary
stp instance 2 root secondary
#
dhcp enable
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
vrrp vrid 10 track interface GigabitEthernet0/0/7 reduced 30
dhcp select interface
#
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 120
vrrp vrid 20 track interface GigabitEthernet0/0/7 reduced 30
dhcp select interface
#
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
dhcp select interface
#
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
dhcp select interface
#
interface Vlanif100
ip address 192.168.1.1 255.255.255.252
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/5
eth-trunk 1
#
interface GigabitEthernet0/0/6
eth-trunk 1
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 192.168.1.1 0.0.0.0
area 0.0.0.1
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
总部核心交换机2
sysname HX-2
#
vlan batch 10 20 30 40 100
#
stp instance 1 root secondary
stp instance 2 root primary
#
dhcp enable
#
stp region-configuration
region-name huawei
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 192.168.10.253 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
dhcp select interface
#
interface Vlanif20
ip address 192.168.20.253 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
dhcp select interface
#
interface Vlanif30
ip address 192.168.30.253 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 120
vrrp vrid 30 track interface GigabitEthernet0/0/7 reduced 30
dhcp select interface
#
interface Vlanif40
ip address 192.168.40.253 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 120
vrrp vrid 40 track interface GigabitEthernet0/0/7 reduced 30
dhcp select interface
#
interface Vlanif100
ip address 192.168.1.5 255.255.255.252
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/5
eth-trunk 1
#
interface GigabitEthernet0/0/6
eth-trunk 1
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 192.168.1.5 0.0.0.0
area 0.0.0.1
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
出口防火墙
sysname FW1
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.252
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.1.6 255.255.255.252
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 200.1.1.1 255.255.255.252
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 192.168.50.254 255.255.255.0
#
interface Tunnel0
ip address 10.1.12.1 255.255.255.0
tunnel-protocol gre
source 200.1.1.1
destination 210.1.1.2
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
add interface GigabitEthernet1/0/1
add interface Tunnel0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/2
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/3
#
ospf 1
default-route-advertise
area 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.1.4 0.0.0.3
network 192.168.50.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
ip route-static 172.16.10.0 255.255.255.0 Tunnel0
ip route-static 172.16.20.0 255.255.255.0 Tunnel0
#
security-policy
rule name t-u
source-zone trust
destination-zone untrust
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
source-address 192.168.50.0 mask 255.255.255.0
action permit
rule name t-dmz
source-zone trust
destination-zone dmz
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
destination-address 192.168.50.0 mask 255.255.255.0
action permit
rule name u-dmz
source-zone untrust
destination-zone dmz
source-address 172.16.10.0 mask 255.255.255.0
source-address 172.16.20.0 mask 255.255.255.0
destination-address 192.168.50.0 mask 255.255.255.0
action permit
rule name l-u
source-zone local
source-zone untrust
destination-zone local
destination-zone untrust
action permit
rule name gre
source-zone trust
destination-zone untrust
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
source-address 192.168.50.0 mask 255.255.255.0
destination-address 172.16.10.0 mask 255.255.255.0
destination-address 172.16.20.0 mask 255.255.255.0
action permit
rule name gre-
source-zone untrust
destination-zone trust
source-address 172.16.10.0 mask 255.255.255.0
source-address 172.16.20.0 mask 255.255.255.0
destination-address 192.168.10.0 mask 255.255.255.0
destination-address 192.168.20.0 mask 255.255.255.0
destination-address 192.168.30.0 mask 255.255.255.0
destination-address 192.168.50.0 mask 255.255.255.0
action permit
#
nat-policy
rule name gre
source-zone trust
destination-zone untrust
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
source-address 192.168.50.0 mask 255.255.255.0
destination-address 172.16.10.0 mask 255.255.255.0
destination-address 172.16.20.0 mask 255.255.255.0
action no-nat
rule name t-u
source-zone trust
destination-zone untrust
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
action source-nat easy-ip
分部接入交换机
sysname xiaoshoubu
#
vlan batch 10 20
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
分部核心交换机
sysname hx
#
vlan batch 10 20 100
#
stp instance 0 root primary
#
interface Vlanif10
ip address 172.16.10.254 255.255.255.0
#
interface Vlanif20
ip address 172.16.20.254 255.255.255.0
#
interface Vlanif100
ip address 192.168.1.9 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
#
ospf 1
area 0.0.0.0
network 192.168.1.8 0.0.0.3
network 172.16.10.0 0.0.0.255
network 172.16.20.0 0.0.0.255
分部出口防火墙
sysname FW2
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.10 255.255.255.252
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 210.1.1.2 255.255.255.252
#
interface Tunnel0
ip address 10.1.12.2 255.255.255.0
tunnel-protocol gre
source 210.1.1.2
destination 200.1.1.1
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
add interface Tunnel0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
firewall zone dmz
set priority 50
#
ospf 1
default-route-advertise
area 0.0.0.0
network 192.168.1.8 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 210.1.1.1
ip route-static 192.168.10.0 255.255.255.0 Tunnel0
ip route-static 192.168.20.0 255.255.255.0 Tunnel0
ip route-static 192.168.30.0 255.255.255.0 Tunnel0
ip route-static 192.168.50.0 255.255.255.0 Tunnel0
#
security-policy
rule name t-u
source-zone trust
destination-zone untrust
source-address 172.16.10.0 mask 255.255.255.0
source-address 172.16.20.0 mask 255.255.255.0
action permit
rule name l-u
source-zone local
source-zone untrust
destination-zone local
destination-zone untrust
action permit
rule name gre
source-zone untrust
destination-zone trust
source-address 192.168.10.0 mask 255.255.255.0
source-address 192.168.20.0 mask 255.255.255.0
source-address 192.168.30.0 mask 255.255.255.0
source-address 192.168.50.0 mask 255.255.255.0
destination-address 172.16.10.0 mask 255.255.255.0
destination-address 172.16.20.0 mask 255.255.255.0
action permit
rule name gre-
source-zone trust
destination-zone untrust
source-address 172.16.10.0 mask 255.255.255.0
source-address 172.16.20.0 mask 255.255.255.0
destination-address 192.168.10.0 mask 255.255.255.0
destination-address 192.168.20.0 mask 255.255.255.0
destination-address 192.168.30.0 mask 255.255.255.0
destination-address 192.168.50.0 mask 255.255.255.0
action permit
#
nat-policy
rule name gre
source-zone trust
destination-zone untrust
source-address 172.16.10.0 mask 255.255.255.0
destination-address 192.168.10.0 mask 255.255.255.0
destination-address 192.168.20.0 mask 255.255.255.0
destination-address 192.168.30.0 mask 255.255.255.0
destination-address 192.168.50.0 mask 255.255.255.0
action no-nat
rule name isp
source-zone trust
destination-zone untrust
source-address 172.16.10.0 mask 255.255.255.0
source-address 172.16.20.0 mask 255.255.255.0
action source-nat easy-ip
实验测试验证
MSTP验证
Vrrp验证
Dhcp验证
Ospf验证
Nat验证
连通性测试
注意:进入隧道的流量,一定要在防火的的nat策略中或路由的高级acl中禁掉,再放行各自的源ip到外网的策略
中小型企业网网络搭建ensp模拟相关推荐
- 网络工程生产实习——构建中小型企业网(eNSP)
搭建中小型企业网完成DHCP动态分配地址,划分VLAN,NAT协议地址转换模拟访问外网 项目文件在本人资源中 目录 一.网络拓扑结构 二.IP地址的划分 三.VLAN的划分和互通 1.VLAN 10 ...
- eNSP模拟简单网络环境
eNSP模拟简单网络环境 实验环境 用ensp搭建图中拓扑,其中cloud1所在的网络为vmnet1,VMware Workstation中开启一台windows7计算机,网络桥接在VMnet1,IP ...
- 华为ensp的缺省_利用华为ENSP模拟器分析和配置中小型企业网络的综合实验
增强分析和配置中小型企业网络的综合能力 本实验模拟了一个企业网络场景,其中R1为公司总部的路由器,交换机S1,S2,S3,S4,服务器,终端等设备组成了公司总部的园区网,R2,R3,R4为公司分部的路 ...
- 多计算机网络企业网 开题报告,(中小型企业网络设计开题报告.doc
(中小型企业网络设计开题报告 湖 南 工 业 大 学 专科毕业设计(论文)开题报告 (2009届) 学 院(部): 计算机与通信学院 专 业: 计算机网络技术 学 生 姓 名: 刘 班 级: 计网09 ...
- 计算机网络工程小型校园网搭建,(毕业论文)中小型校园网络组建方案设计.doc
您所在位置:网站首页 > 海量文档  > 学术论文 > 毕业论文 (毕业论文)中小型校园网络组建方案设计.doc38页 ...
- 2021 年江西省职业院校技能大赛网络搭建与应用技能竞赛方案(中职组)
2021 年江西省职业院校技能大赛 网络搭建与应用技能竞赛方案(中职组) 各高职院校(中专部).中等职业学校: 根据江西省教育厅<关于举办2021 年江西省职业院校技能大赛的通知>(赣教职 ...
- 【干货】大中型企业网络搭建
今天简单了解一下,大中型公司的网络搭建. 对于很多大型公司来讲,网络的稳定性,会直接影响到公司的收益,比如,双十一的阿里巴巴,京东,等等.如果这个时候网络出现问题,对于公司的损失将会是不可估量的.可见 ...
- 2021年安徽省职业院校技能大赛网络搭建与应用竞赛
2021年安徽省职业院校技能大赛 网络搭建与应用竞赛 技能要求 (总分1000分) 网络搭建与应用赛项执委会及专家组 2021年4月 竞赛说明 一.竞赛内容分布 "网络搭建与应用" ...
- 园区网络—中小型企业网络工程项目实践(思科模拟器)
园区网络(思科模拟器实现) 一.背景概述 二.需求分析 三.网络实践 网络拓扑图: 代码行: 验证测试 四.总结与分析 五.附言 一.背景概述 某企业计划建设自己的企业园区网络,希望通过这个新建的 网 ...
最新文章
- 如何找回误删并清除了回收站的文档
- 安装vue脚手架创建项目
- 可以与空间耦合的神经网络分子微扰模型BeO
- Zabbix 监控TCP的SYN,establised
- 【Linux部署】elasticsearch can not run elasticsearch as root+vm.max_map_count [65530] is too low 问题解决
- 前端学习(1993)vue之电商管理系统电商系统之根据id删除数据
- 星际争霸战略战术的发展和创新
- sql server高可用_SQL Server始终在线可用性组采访问题与解答
- 如何在Premiere Pro 中使用动态图形模板
- 华为鸿蒙ota真机测试,华为鸿蒙OS 2.0测试版继续推进:新增机型一览
- Python 多线程基本步骤
- java王者荣耀英雄代码_王者荣耀英雄代码大全
- 20210223-广东省通信管理局
- Win7下64位扫雷逆向以及辅助制作
- Android异步通信:深入剖析Handler机制源码
- Mac下Idea安装插件后不能启动的问题
- 项目实训(一)基于unity的2D多人乱斗闯关游戏设计与开发 unity的下载及了解
- Python-Snap7与 1212 PLC通信并保存到sqlite3中
- 马丁福勒《UML精粹》读书笔记_第六章
- 高德地图搜索以后生成的marker的点击事件