跟着B站上的老师,用华为ensp模拟搭建了一个园区网络,感觉挺好玩的
虽然老师说这个很简单,但还是比我公司里的拓扑复杂
LSW3配置
上行端口3/4配置为串口,下行端口1/2为access口用于连接终端
[Huawei]vlan batch 10 20 --创建vlan
[Huawei]port-group group-member e0/0/3 e0/0/4 --端口组
[Huawei-port-group]p l t --串口
[Huawei-port-group]p t a v 10 20 --放行vlan
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a --A口
[Huawei-Ethernet0/0/1]p d v 20 --默认vlan
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 10
LSW4配置
[Huawei]sys LSW4 --重命名
[LSW4]vlan batch 30 40 50 --创建vlan
[LSW4]port-group group-member e0/0/3 e0/0/4 --端口组
[LSW4-port-group]p l t --串口
[LSW4-port-group]p t a v 30 40 50 --放行vlan
[LSW4]int e0/0/1
[LSW4-Ethernet0/0/1]p l a --A口
[LSW4-Ethernet0/0/1]p d v 30 --默认vlan
[LSW4-Ethernet0/0/1]int e0/0/2
[LSW4-Ethernet0/0/2]p l a
[LSW4-Ethernet0/0/2]p d v 40
[LSW4-Ethernet0/0/2]int e0/0/5
[LSW4-Ethernet0/0/5]p l a
[LSW4-Ethernet0/0/5]p d v 50
LSW5配置
[LSW5]port-group group-member g0/0/1 g0/0/2 g0/0/3
[LSW5-port-group]p l a
[LSW5-port-group]p d v 70
[LSW5]int vlan70
[LSW5-Vlanif70]ip address 10.20.70.2 24
LSW1配置
[Huawei]sys LSW1
[LSW1]vlan batch 10 20 30 40 50 60 70 80 90 --创建vlan
[LSW1]port-group group-member g0/0/1 g0/0/4 --端口组
[LSW1-port-group]p l t
[LSW1-port-group]p t a v 10 20 30 40 50 70 80
[LSW1-Eth-Trunk1]trunkport g 0/0/2 0/0/3 --链路聚合
[LSW1-Eth-Trunk1]p l t
[LSW1-Eth-Trunk1]p t a v 10 20 30 40 50 70 80
[LSW1-Eth-Trunk1]int g0/0/5
[LSW1-GigabitEthernet0/0/5]p l a
[LSW1-GigabitEthernet0/0/5]p d v 90 --vlan90为边界,连接出口路由器
[LSW1-GigabitEthernet0/0/5]int g0/0/6
[LSW1-GigabitEthernet0/0/6]p l a
[LSW1-GigabitEthernet0/0/6]p d v 70
[LSW1]int vlan80
[LSW1-Vlanif80]ip address 10.20.80.1 24 --创建vlanif 用于ospf连接
[LSW1]int vlan70
[LSW1-Vlanif70]ip address 10.20.70.1 24 --创建vlanif 用于数据中心连接
[LSW1-Vlanif70]int vlan90
[LSW1-Vlanif90]ip address 10.20.90.1 24 --创建vlanif 用于边界路由连接
LSW2配置
[Huawei]sys LSW2
[LSW2]vlan batch 10 20 30 40 50 60 70 80 --创建vlan
[LSW2]port-group group-member g0/0/1 g0/0/4 --端口组
[LSW2-port-group]p l t --串口
[LSW2-port-group]p t a v 10 20 30 40 50 60 70 80 --放行vlan
[LSW2]int g0/0/5
[LSW2-GigabitEthernet0/0/5]p l t
[LSW2-GigabitEthernet0/0/5]p t a v 50 60 --放行无线vlan
[LSW2]int Eth-Trunk 1 --链路聚合
[LSW2-Eth-Trunk1]trunkport g 0/0/2 0/0/3
[LSW2-Eth-Trunk1]p t a v 10 20 30 40 50 60 70 80
[LSW2]int vlan 50
[LSW2-Vlanif50]ip address 10.20.50.1 24 --50用于连接AC
[LSW2-Vlanif50]int vlan 80
[LSW2-Vlanif80]ip address 10.20.80.2 24 --80用于ospf
[LSW2-Vlanif60]ip address 10.20.60.2 24 --AC的业务VLAN
AC配置
配置通过隧道转发的WLAN
[AC6005]vlan batch 50 60 --创建vlan
[AC6005]dhcp enable --启用dhcp
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]p l t
[AC6005-GigabitEthernet0/0/1]p t a v 50 60
[AC6005]int vlan 50
[AC6005-Vlanif50]ip address 10.20.50.2 24
[AC6005-Vlanif50]dhcp select interface --基于接口的dhcp
[AC6005-Vlanif50]dhcp server gateway-list 10.20.50.1
[AC6005-Vlanif50]dhcp server lease day 0 hour 8
[AC6005]capwap source interface vlanif 50 --指定capwap源
[AC6005]wlan
[AC6005-wlan-view]ssid-profile name jd --创建ssid模板
[AC6005-wlan-ssid-prof-jd]ssid jd --定义wifi名称
[AC6005-wlan-view]security-profile name jd --创建sec模版
[AC6005-wlan-sec-prof-jd]security wpa2 psk pass-phrase Lyu123!! aes --定义密码
[AC6005-wlan-view]vap-profile name jd --创建vap模板
[AC6005-wlan-vap-prof-jd]ssid-profile jd
[AC6005-wlan-vap-prof-jd]security-profile jd
[AC6005-wlan-vap-prof-jd]forward-mode tunnel --配置转发模式
[AC6005-wlan-vap-prof-jd]service-vlan vlan-id 60 --定义业务vlan
[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fcfe-2c00 --绑定AP
[AC6005-wlan-ap-0]ap-name AP1 --AP命名
[AC6005-wlan-ap-group-jd]vap-profile jd --创建AP组
[AC6005-wlan-ap-group-jd]vap-profile jd wlan 1 radio 1 --领用vap模板 配置射频
[AC6005-wlan-ap-group-jd]ap-id 0
[AC6005-wlan-ap-0]ap-group jd --AP加组
[AC6005-Vlanif60]ip address 10.20.60.1 24 --创建业务vlan的dhcp
[AC6005-Vlanif60]dhcp select interface
DHCP配置
#LSW1
[LSW1]dhcp enable
[LSW1]ip pool vlan10 --创建地址池
[LSW1-ip-pool-vlan10]network 10.20.10.0 mask 24
[LSW1-ip-pool-vlan10]gateway-list 10.20.10.1
[LSW1-ip-pool-vlan10]lease day 0 hour 8
[LSW1-ip-pool-vlan10]dns-list 8.8.8.8
[LSW1]int Vlanif 10
[LSW1-Vlanif10]ip address 10.20.10.1 24
[LSW1-Vlanif10]dhcp select global --启用全局dhcp
[LSW1]ip pool vlan20
[LSW1-ip-pool-vlan20]network 10.20.20.0 mask 24
[LSW1-ip-pool-vlan20]gateway-list 10.20.20.1
[LSW1-ip-pool-vlan20]dns-list 202.96.128.86
[LSW1-ip-pool-vlan20]lease day 0 hour 8
[LSW1]int vlan20
[LSW1-Vlanif20]ip address 10.20.20.1 24
[LSW1-Vlanif20]dhcp select global
#LSW2
[LSW2]dhcp enable
[LSW2]int vlan30
[LSW2-Vlanif30]ip address 10.20.30.1 24
[LSW2-Vlanif30]dhcp select interface
[LSW2-Vlanif30]dhcp server dns-list 114.114.114.114
[LSW2-Vlanif30]dhcp server lease day 0 hour 8
[LSW2]int vlan40
[LSW2-Vlanif40]ip address 10.20.40.1 24
[LSW2-Vlanif40]dhcp select interface
[LSW2-Vlanif40]dhcp server dns-list 202.96.128.86
[LSW2-Vlanif40]dhcp server lease day 0 hour 8
IPS配置
模拟运营商设备
#创建地址池
[IPS]ip pool BH --创建地址池
[IPS-ip-pool-BH]network 10.20.100.0 mask 24 --宣告地址池网段
[IPS-ip-pool-BH]gateway-list 10.20.100.1
#创建3A认证用户
[IPS]aaa
[IPS-aaa]local-user huawei password cipher 123 --创建本地用户
[IPS-aaa]local-user huawei service-type ppp --创建服务模式为ppp
[IPS]int Virtual-Template 1 --进入虚拟模板
[IPS-Virtual-Template1]ip address 10.20.100.2 24
[IPS-Virtual-Template1]ppp authentication-mode chap --挑战握手,密码通过哈希计算,安全性高
[IPS-Virtual-Template1]remote address pool BH
#进入接口绑定vt
[IPS-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
AR1配置-NAT-PPP
配置ospf 与NAT地址转换
只允许10 40 50 访问网络
#配置ospf
[Huawei]sys AR1
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 10.20.90.2 24
#配置NAT
[AR1]acl 2000 --创建acl
[AR1-acl-basic-2000]rule permit source 10.20.10.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 10.20.40.0 0.0.0.255
[AR1-acl-basic-2000]rule permit source 10.20.50.0 0.0.0.255
[AR1-acl-basic-2000]rule deny source any
[AR1]int Dialer 0 --在拨号端口领用acl 2000
[AR1-Dialer0]nat outbound 2000
[AR1-Dialer0]ip address 10.20.100.1 24 --对端IPS网段为100
[AR1]ip route-static 0.0.0.0 0 Dialer 0 --配置缺省路由
[AR1-ospf-1]default-route-advertise --下发缺省路由
#配置拨号上网
[AR1]int Dialer 0
[AR1-Dialer0]dialer user user1
[AR1-Dialer0]dialer bundle 1
[AR1-Dialer0]ppp chap user huawei
[AR1-Dialer0]ppp chap password cipher 123
[AR1-Dialer0]ip address ppp-negotiate ---ppp协商获取IP
[AR1-Dialer0]int g0/0/0 --进入物理接口
[AR1-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 1 --绑定bundle
[AR1]dis ip int brief --查看接口IP,验证是否拨号成功
Interface IP Address/Mask Physical Protocol
Dialer0 10.20.100.254/32 up
OSPF配置
用于设备之间互相学习路由
#创建OSPF
[LSW1]ospf 1 --LSW1
[LSW1-ospf-1]a
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0] network 10.20.80.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0] network 10.20.70.0 0.0.0.255 --宣告接口IP
[LSW1-ospf-1-area-0.0.0.0] network 10.20.20.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0] network 10.20.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0] network 10.20.90.0 0.0.0.255
-- LSW2配置
[LSW2]ospf 1
[LSW2-ospf-1]ar
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 10.20.80.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.20.30.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.20.40.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.20.50.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.20.60.0 0.0.0.255
--AR1配置
[AR1]ospf 1
[AR1-ospf-1-area-0.0.0.0]network 10.20.90.0 0.0.0.255
STP配置
通过STP阻塞LSW3的4接口 和 LSW4的3接口
[LSW1]stp root primary --设置为根网桥
[LSW2]stp root secondary --设置为备用网桥
[LSW3]dis stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Ethernet0/0/3 ROOT FORWARDING NONE
0 Ethernet0/0/4 ALTE DISCARDING NONE
[LSW4]dis stp brief
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Ethernet0/0/3 **ALTE DISCARDING** NONE
0 Ethernet0/0/4 ROOT FORWARDING NONE
0 Ethernet0/0/5 DESI FORWARDING NONE