华为eNSP中型企业局域网网络规划设计(下)

  • 开发
  • 13

→b站传送门,感谢大佬←

→华为eNSP中型企业局域网网络规划设计(上)←

→拓扑图传送门,可以自己配置着玩←
在这里插入图片描述

配置ospf

AR3

[AR3]ospf 1 router-id 3.3.3.3
//出口默认路由
[AR3-ospf-1]default-route-advertise always
#
 area 0.0.0.0 
  network 100.1.11.3 0.0.0.0 
  network 100.1.33.3 0.0.0.0 
  network 192.168.13.3 0.0.0.0 
  network 192.168.23.3 0.0.0.0 
#

AR1

[AR1]ospf 1 router-id 1.1.1.1
#
 area 0.0.0.0 
  network 192.168.12.1 0.0.0.0 
  network 192.168.13.1 0.0.0.0 
  network 192.168.77.1 0.0.0.0 
  network 192.168.87.1 0.0.0.0 
  network 192.168.91.1 0.0.0.0 
#

AR2

[AR2]ospf 1 router-id 2.2.2.2
#
 area 0.0.0.0 
  network 192.168.12.2 0.0.0.0 
  network 192.168.23.2 0.0.0.0 
  network 192.168.78.2 0.0.0.0 
  network 192.168.88.2 0.0.0.0 
  network 192.168.92.2 0.0.0.0 
#

SW9

[SW9]ospf 1 router-id 9.9.9.9
#
 area 0.0.0.0
  network 192.168.91.254 0.0.0.0
  network 192.168.92.254 0.0.0.0
#
 area 0.0.0.200
  network 192.168.200.254 0.0.0.0
#
 area 0.0.0.201
  network 192.168.201.254 0.0.0.0
#

SW7

[SW7]ospf 1 router-id 7.7.7.7
#
 area 0.0.0.0
  network 192.168.10.7 0.0.0.0
  network 192.168.20.7 0.0.0.0
  network 192.168.30.7 0.0.0.0
  network 192.168.40.7 0.0.0.0
  network 192.168.50.7 0.0.0.0
  network 192.168.60.7 0.0.0.0
  network 192.168.77.7 0.0.0.0
  network 192.168.78.7 0.0.0.0
#

SW8

[SW8]ospf 1 router-id 8.8.8.8
#
 area 0.0.0.0
  network 192.168.10.8 0.0.0.0
  network 192.168.20.8 0.0.0.0
  network 192.168.30.8 0.0.0.0
  network 192.168.40.8 0.0.0.0
  network 192.168.50.8 0.0.0.0
  network 192.168.60.8 0.0.0.0
  network 192.168.87.8 0.0.0.0
  network 192.168.88.8 0.0.0.0
#

配置出口动态nat

AR3

//配置静态出口路由
[AR3]ip route-static 0.0.0.0 0 100.1.11.5 preference 70
[AR3]ip route-static 0.0.0.0 0 100.1.33.5

//访问出口的流量
#
acl number 3000  
 rule 5 permit ip source 192.168.10.0 0.0.0.255 
 rule 10 permit ip source 192.168.20.0 0.0.0.255 
 rule 15 permit ip source 192.168.30.0 0.0.0.255 
 rule 20 permit ip source 192.168.40.0 0.0.0.255 
 rule 25 permit ip source 192.168.50.0 0.0.0.255 
 rule 30 permit ip source 192.168.60.0 0.0.0.255 
#
//配置动态nat
#
interface GigabitEthernet4/0/0
 ip address 100.1.33.3 255.255.255.0 
 nat outbound 3000
#
interface GigabitEthernet0/0/2
 ip address 100.1.11.3 255.255.255.0 
 nat outbound 3000
#

配置acl使各部门无法互访

SW1

#
acl number 3000
 rule 5 deny ip source 192.168.20.0 0.0.0.255
 rule 10 deny ip source 192.168.30.0 0.0.0.255
 rule 15 deny ip source 192.168.40.0 0.0.0.255
 rule 20 deny ip source 192.168.50.0 0.0.0.255
 rule 25 deny ip source 192.168.60.0 0.0.0.255
#

[SW1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
//或者deny ip destination xxx,接口上inbound acl

SW2

#
acl number 3000
 rule 5 deny ip source 192.168.10.0 0.0.0.255
 rule 10 deny ip source 192.168.30.0 0.0.0.255
 rule 15 deny ip source 192.168.40.0 0.0.0.255
 rule 20 deny ip source 192.168.50.0 0.0.0.255
 rule 25 deny ip source 192.168.60.0 0.0.0.255
#

[SW2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW3

#
acl number 3000
 rule 5 deny ip source 192.168.10.0 0.0.0.255
 rule 10 deny ip source 192.168.20.0 0.0.0.255
 rule 15 deny ip source 192.168.40.0 0.0.0.255
 rule 20 deny ip source 192.168.50.0 0.0.0.255
 rule 25 deny ip source 192.168.60.0 0.0.0.255
#

[SW3-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW4

#
acl number 3000
 rule 5 deny ip source 192.168.10.0 0.0.0.255
 rule 10 deny ip source 192.168.20.0 0.0.0.255
 rule 15 deny ip source 192.168.30.0 0.0.0.255
 rule 20 deny ip source 192.168.50.0 0.0.0.255
 rule 25 deny ip source 192.168.60.0 0.0.0.255
#

[SW4-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW5

#
acl number 3000
 rule 5 deny ip source 192.168.10.0 0.0.0.255
 rule 10 deny ip source 192.168.20.0 0.0.0.255
 rule 15 deny ip source 192.168.30.0 0.0.0.255
 rule 20 deny ip source 192.168.40.0 0.0.0.255
 rule 25 deny ip source 192.168.60.0 0.0.0.255
#

[SW5-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW6

#
acl number 3000
 rule 5 deny ip source 192.168.10.0 0.0.0.255
 rule 10 deny ip source 192.168.20.0 0.0.0.255
 rule 15 deny ip source 192.168.30.0 0.0.0.255
 rule 20 deny ip source 192.168.40.0 0.0.0.255
 rule 25 deny ip source 192.168.50.0 0.0.0.255
#

[SW6-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

优化网络架构

  • SW7、SW8增加cost 使ospf不绕路

    SW7

    [SW7]int vlan40
[SW7-Vlanif40]ospf cost 10
[SW7-Vlanif40]int vlan 50
[SW7-Vlanif50]ospf cost 10
[SW7-Vlanif50]int vlan 60
[SW7-Vlanif60]ospf cost 10

    SW8

    //增加cost 使ospf不绕路
[SW8]int vlan10
[SW8-Vlanif10]ospf cost 10
[SW8-Vlanif10]int vlan 20
[SW8-Vlanif20]ospf cost 10
[SW8-Vlanif20]int vlan 30
[SW8-Vlanif30]ospf cost 10

  • SW7、SW8配置根保护

    SW7、SW8

    [SW7]port-group trunk
[SW7-port-group-trunk]stp root-protection

  • SW1~6开启边缘端口保护

    SW1~6

    [SW1]stp bpdu-protection
阅读全部

相关推荐

  7. 华为eNSP网络模拟器 eNSP设备基础配置

    2024-05-13 10:46:03       39 阅读

最近更新

  4. TCP协议是安全的吗?

    2024-05-13 10:46:03       18 阅读

  12. 阿里云服务器执行yum,一直下载docker-ce-stable失败

    2024-05-13 10:46:03       19 阅读

  13. 【Python教程】压缩PDF文件大小

    2024-05-13 10:46:03       19 阅读

  18. 通过文章id递归查询所有评论(xml)

    2024-05-13 10:46:03       20 阅读

热门阅读

  1. 旅行商要点和难点实际应用和代码案例代码解析

    2024-05-13 10:46:03       14 阅读

  2. Docker 快速搭建 Kafka 集群

    2024-05-13 10:46:03       13 阅读

  6. Python模块介绍

    2024-05-13 10:46:03       14 阅读

  7. REACT 条件渲染

    2024-05-13 10:46:03       16 阅读

  14. 深入探索Python协程:从基础到实践的学习笔记-01

    2024-05-13 10:46:03       11 阅读

  17. pytest并发执行用例方案

    2024-05-13 10:46:03       14 阅读

  26. 从零开始精通RTSP之多播传输

    2024-05-13 10:46:03       14 阅读

  27. 使用Python构建一个简单的图书管理系统

    2024-05-13 10:46:03       11 阅读

  29. 前端怎么用 EventSource? EventSource怎么配置请求头及加参数? EventSourcePolyfill使用方法

    2024-05-13 10:46:03       12 阅读

  30. Python 中字符串列表的排序

    2024-05-13 10:46:03       10 阅读