国产 无码 综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

  1. Toy模板網(wǎng)首頁
  2. >Toy博客

HCIA-Datacom園區(qū)網(wǎng)絡(luò)項(xiàng)目實(shí)戰(zhàn) 華為認(rèn)證實(shí)驗(yàn)手冊 ENSP配置

2年前作者:網(wǎng)工教室分類:Toy博客閱讀(35)違法舉報(bào)

這篇具有很好參考價(jià)值的文章主要介紹了HCIA-Datacom園區(qū)網(wǎng)絡(luò)項(xiàng)目實(shí)戰(zhàn) 華為認(rèn)證實(shí)驗(yàn)手冊 ENSP配置。希望對大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方,請大家不吝賜教,您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問。

HCIA-Datacom園區(qū)網(wǎng)絡(luò)項(xiàng)目實(shí)戰(zhàn)
HCIA-Datacom園區(qū)網(wǎng)絡(luò)項(xiàng)目實(shí)戰(zhàn) 華為認(rèn)證實(shí)驗(yàn)手冊 ENSP配置

配置步驟

一、 二層配置
背景信息:
? 有線網(wǎng)絡(luò)VLAN劃分:
? 一樓核心機(jī)房的接入交換機(jī)GE0/0/2~GE0/0/10連接服務(wù)器,屬于同一個(gè)VLAN。
? 二樓除F2-ACC2連接總經(jīng)理辦公室外,其他交換機(jī)連接行政部,兩個(gè)部門屬于不同的VLAN。
? 三樓的F3-ACC1和F3-ACC3的E0/0/1E0/0/10屬于市場部,E0/0/11E0/0/20屬于研發(fā)部。
? F3-ACC2的E0/0/1~E0/0/19屬于市場部。
? 無線網(wǎng)絡(luò)VLAN劃分:
? 各個(gè)樓層的無線終端需要屬于不同的VLAN。
? 各個(gè)樓層的無線管理VLAN不同。
注:需要預(yù)留設(shè)備互聯(lián)VLAN、設(shè)備管理VLAN等。
1.F1-ACC1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F1-ACC1
[F1-ACC1]vlan batch 100 105 205
[F1-ACC1]port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/10
[F1-ACC1-port-group]port link-type access
[F1-ACC1-port-group]port default vlan 100
[F1-ACC1]interface GigabitEthernet 0/0/1
[F1-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F1-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 105 205
[F1-ACC1]interface GigabitEthernet 0/0/20
[F1-ACC1-GigabitEthernet0/0/20]port link-type trunk
[F1-ACC1-GigabitEthernet0/0/20]port trunk pvid vlan 205
[F1-ACC1-GigabitEthernet0/0/20]port trunk allow-pass vlan 105 205

2.F2-ACC1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC1
[F2-ACC1]vlan batch 2 102
[F2-ACC1]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/22
[F2-ACC1-port-group]port link-type access
[F2-ACC1-port-group]port default vlan 102
[F2-ACC1]interface GigabitEthernet 0/0/1
[F2-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC1-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 102

3.F2-ACC2二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC2
[F2-ACC2]vlan batch 2 101 106 206
[F2-ACC2]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/19
[F2-ACC2-port-group]port link-type access
[F2-ACC2-port-group]port default vlan 101
[F2-ACC2]interface GigabitEthernet 0/0/1
[F2-ACC2-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC2-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 101 106 206
[F2-ACC2]interface Ethernet 0/0/20
[F2-ACC2-Ethernet 0/0/20]port link-type trunk
[F2-ACC2-Ethernet 0/0/20]port trunk pvid vlan 206
[F2-ACC2-Ethernet 0/0/20]port trunk allow-pass vlan 106 206

4.F2-ACC3二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-ACC3
[F2-ACC3]vlan batch 2 102
[F2-ACC3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/22
[F2-ACC3-port-group]port link-type access
[F2-ACC3-port-group]port default vlan 102
[F2-ACC3]interface GigabitEthernet 0/0/1
[F2-ACC3-GigabitEthernet0/0/1]port link-type trunk
[F2-ACC3-GigabitEthernet0/0/1]port trunk pvid vlan 2
[F2-ACC3-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 102

5.F3-ACC1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC1
[F3-ACC1]vlan batch 3 103 104
[F3-ACC1]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/10
[F3-ACC1-port-group]port link-type access
[F3-ACC1-port-group]port default vlan 103
[F3-ACC1]port-group group-member Ethernet 0/0/11 to Ethernet 0/0/20
[F3-ACC1-port-group]port link-type access
[F3-ACC1-port-group]port default vlan 104
[F3-ACC1]interface GigabitEthernet 0/0/1
[F3-ACC1-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC1-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 104

6.F3-ACC2二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC2
[F3-ACC2]vlan batch 3 103 107 207
[F3-ACC2]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/19
[F3-ACC2-port-group]port link-type access
[F3-ACC2-port-group]port default vlan 103
[F3-ACC2]interface GigabitEthernet 0/0/1
[F3-ACC2-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC2-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC2-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 107 207
[F3-ACC2]interface Ethernet 0/0/20
[F3-ACC2-Ethernet 0/0/20]port link-type trunk
[F3-ACC2-Ethernet 0/0/20]port trunk pvid vlan 207
[F3-ACC2-Ethernet 0/0/20]port trunk allow-pass vlan 107 207

7.F3-ACC3二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-ACC3
[F3-ACC3]vlan batch 3 103 104
[F3-ACC3]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/10
[F3-ACC3-port-group]port link-type access
[F3-ACC3-port-group]port default vlan 103
[F3-ACC3]port-group group-member Ethernet 0/0/11 to Ethernet 0/0/20
[F3-ACC3-port-group]port link-type access
[F3-ACC3-port-group]port default vlan 104
[F3-ACC3]interface GigabitEthernet 0/0/1
[F3-ACC3-GigabitEthernet0/0/1]port link-type trunk
[F3-ACC3-GigabitEthernet0/0/1]port trunk pvid vlan 3
[F3-ACC3-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 103 104

8.F2-AGG1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F2-AGG1
[F2-AGG1]vlan batch 2 101 102 106 206 201 203
[F2-AGG1]interface GigabitEthernet0/0/1
[F2-AGG1-GigabitEthernet0/0/1] port link-type access
[F2-AGG1-GigabitEthernet0/0/1] port default vlan 201
[F2-AGG1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[F2-AGG1-GigabitEthernet0/0/2] port link-type access
[F2-AGG1-GigabitEthernet0/0/2] port default vlan 203
[F2-AGG1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/11
[F2-AGG1-GigabitEthernet0/0/11] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/11] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/11] port trunk allow-pass vlan 2 102
[F2-AGG1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[F2-AGG1-GigabitEthernet0/0/12] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/12] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/12] port trunk allow-pass vlan 2 101 106 206
[F2-AGG1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
[F2-AGG1-GigabitEthernet0/0/13] port link-type trunk
[F2-AGG1-GigabitEthernet0/0/13] port trunk pvid vlan 2
[F2-AGG1-GigabitEthernet0/0/13] port trunk allow-pass vlan 2 102

9.F3-AGG1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname F3-AGG1
[F3-AGG1]vlan batch 3 103 to 104 107 202 to 203 207
[F3-AGG1]interface GigabitEthernet0/0/1
[F3-AGG1-GigabitEthernet0/0/1] port link-type access
[F3-AGG1-GigabitEthernet0/0/1] port default vlan 202
[F3-AGG1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[F3-AGG1-GigabitEthernet0/0/2] port link-type access
[F3-AGG1-GigabitEthernet0/0/2] port default vlan 203
[F3-AGG1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/11
[F3-AGG1-GigabitEthernet0/0/11] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/11] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/11] port trunk allow-pass vlan 3 103 to 104
[F3-AGG1-GigabitEthernet0/0/11]interface GigabitEthernet0/0/12
[F3-AGG1-GigabitEthernet0/0/12] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/12] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/12] port trunk allow-pass vlan 3 103 107 207
[F3-AGG1-GigabitEthernet0/0/12]interface GigabitEthernet0/0/13
[F3-AGG1-GigabitEthernet0/0/13] port link-type trunk
[F3-AGG1-GigabitEthernet0/0/13] port trunk pvid vlan 3
[F3-AGG1-GigabitEthernet0/0/13] port trunk allow-pass vlan 3 103 to 104

10.CORE1二層配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname CORE1
[CORE1]vlan batch 100 105 201 to 202 204 to 205
[CORE1]interface GigabitEthernet0/0/1
[CORE1-GigabitEthernet0/0/1] port link-type trunk
[CORE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 105 205
[CORE1-GigabitEthernet0/0/1]#
[CORE1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[CORE1-GigabitEthernet0/0/2] port link-type access
[CORE1-GigabitEthernet0/0/2] port default vlan 201
[CORE1-GigabitEthernet0/0/2]#
[CORE1-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[CORE1-GigabitEthernet0/0/3] port link-type access
[CORE1-GigabitEthernet0/0/3] port default vlan 202
[CORE1-GigabitEthernet0/0/3]#
[CORE1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[CORE1-GigabitEthernet0/0/4] port link-type access
[CORE1-GigabitEthernet0/0/4] port default vlan 205
[CORE1-GigabitEthernet0/0/4]#
[CORE1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[CORE1-GigabitEthernet0/0/5] port link-type access
[CORE1-GigabitEthernet0/0/5] port default vlan 204

11.AC二層配置
system-view
[AC6605]undo info-center enable
[AC6605] sysname AC
[AC]vlan 205
[AC]interface GigabitEthernet0/0/1
[AC-GigabitEthernet0/0/1] port link-type access
[AC-GigabitEthernet0/0/1] port default vlan 205
二、 三層配置
背景信息:
? 地址配置,采用192.168.0.0/16地址段,具體需求如下:
? 一樓:
? 服務(wù)器采用靜態(tài)IP地址。無線客戶端和無線AP由CORE1通過DHCP分配地址,網(wǎng)關(guān)均在CORE1上。
? 接入交換機(jī)管理IP采用靜態(tài)地址配置,網(wǎng)關(guān)在CORE1上。
? 二樓和三樓:
? 所有有線終端、無線終端、無線AP的地址均由對應(yīng)樓層匯聚交換機(jī)通過DHCP分配,網(wǎng)關(guān)在匯聚交換機(jī)上。
? 接入交換機(jī)管理IP采用靜態(tài)地址配置,網(wǎng)關(guān)在各自樓層匯聚交換機(jī)上。
? 全網(wǎng)采用OSPF動(dòng)態(tài)路由協(xié)議實(shí)現(xiàn)業(yè)務(wù)網(wǎng)段之間的互聯(lián)互通,所有終端通過Router訪問Internet。

(一)接口ip地址和靜態(tài)配置:

  1. 一樓接入,靜態(tài)配置,網(wǎng)關(guān)在CORE1上,默認(rèn)路由指向CORE1
    [F1-ACC1]interface Vlanif1
    [F1-ACC1-Vlanif1] ip address 192.168.1.1 255.255.255.0

2.二樓接入,靜態(tài)配置,網(wǎng)關(guān)在F2-AGG1上,默認(rèn)路由指向F2-AGG1
[F2-ACC1]interface Vlanif2
[F2-ACC1-Vlanif2] ip address 192.168.2.1 255.255.255.0
[F2-ACC2]interface Vlanif2
[F2-ACC2-Vlanif2] ip address 192.168.2.2 255.255.255.0
[F2-ACC3]interface Vlanif2
[F2-ACC3-Vlanif2] ip address 192.168.2.3 255.255.255.0

3.三樓接入,靜態(tài)配置,網(wǎng)關(guān)在F3-AGG1上,默認(rèn)路由指向F3-AGG1
[F3-ACC1]interface Vlanif3
[F3-ACC1-Vlanif3] ip address 192.168.3.1 255.255.255.0
[F3-ACC2]interface Vlanif3
[F3-ACC2-Vlanif3] ip address 192.168.3.2 255.255.255.0
[F3-ACC3]interface Vlanif3
[F3-ACC3-Vlanif3] ip address 192.168.3.3 255.255.255.0

4.手動(dòng)配置兩個(gè)服務(wù)器的IP地址
server1:192.168.100.1/24 網(wǎng)關(guān):192.168.100.254(網(wǎng)關(guān)在CORE1上的vlanif 100接口)
server2:192.168.100.2/24 網(wǎng)關(guān):192.168.100.254(網(wǎng)關(guān)在CORE1上的vlanif 100接口)

5.核心交換機(jī)CORE1邏輯接口IP配置
[CORE1]interface Vlanif1
[CORE1-Vlanif1] ip address 192.168.1.254 255.255.255.0
[CORE1-Vlanif1]interface Vlanif100
[CORE1-Vlanif100] ip address 192.168.100.254 255.255.255.0
[CORE1-Vlanif100]interface Vlanif105
[CORE1-Vlanif105] ip address 192.168.105.254 255.255.255.0
[CORE1-Vlanif105]interface Vlanif201
[CORE1-Vlanif201] ip address 192.168.201.1 255.255.255.252
[CORE1-Vlanif201]interface Vlanif202
[CORE1-Vlanif202] ip address 192.168.202.1 255.255.255.252
[CORE1-Vlanif202]interface Vlanif204
[CORE1-Vlanif204] ip address 192.168.204.2 255.255.255.252
[CORE1-Vlanif204]interface Vlanif205
[CORE1-Vlanif205] ip address 192.168.205.254 255.255.255.0

6.二樓F2-AGG1邏輯接口配置
[F2-AGG1]interface Vlanif2
[F2-AGG1-Vlanif2] ip address 192.168.2.254 255.255.255.0
[F2-AGG1-Vlanif2]interface Vlanif101
[F2-AGG1-Vlanif101] ip address 192.168.101.254 255.255.255.0
[F2-AGG1-Vlanif101]interface Vlanif102
[F2-AGG1-Vlanif102] ip address 192.168.102.254 255.255.255.0
[F2-AGG1-Vlanif102]interface Vlanif106
[F2-AGG1-Vlanif106] ip address 192.168.106.254 255.255.255.0
[F2-AGG1-Vlanif106]interface Vlanif201
[F2-AGG1-Vlanif201] ip address 192.168.201.2 255.255.255.252
[F2-AGG1-Vlanif201]interface Vlanif203
[F2-AGG1-Vlanif203] ip address 192.168.203.1 255.255.255.252
[F2-AGG1-Vlanif203]interface Vlanif206
[F2-AGG1-Vlanif206] ip address 192.168.206.254 255.255.255.0

  1. 三樓F3-AGG1邏輯接口配置
    [F3-AGG1]interface Vlanif3
    [F3-AGG1-Vlanif3] ip address 192.168.3.254 255.255.255.0
    [F3-AGG1-Vlanif3]interface Vlanif103
    [F3-AGG1-Vlanif103] ip address 192.168.103.254 255.255.255.0
    [F3-AGG1-Vlanif103]interface Vlanif104
    [F3-AGG1-Vlanif104] ip address 192.168.104.254 255.255.255.0
    [F3-AGG1-Vlanif104]interface Vlanif107
    [F3-AGG1-Vlanif107] ip address 192.168.107.254 255.255.255.0
    [F3-AGG1-Vlanif107]interface Vlanif202
    [F3-AGG1-Vlanif202] ip address 192.168.202.2 255.255.255.252
    [F3-AGG1-Vlanif202]interface Vlanif203
    [F3-AGG1-Vlanif203] ip address 192.168.203.2 255.255.255.252
    [F3-AGG1-Vlanif203]interface Vlanif207
    [F3-AGG1-Vlanif207] ip address 192.168.207.254 255.255.255.0

8.路由器接口IP配置
system-view
[Huawei]undo info-center enable
[Huawei]sysname Router
[Router-GigabitEthernet0/0/0] ip address 1.1.1.1 255.255.255.0
[Router-GigabitEthernet0/0/1] ip address 192.168.204.1 255.255.255.252

(二)路由配置
1.靜態(tài)路由:
[F1-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
[F2-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F2-ACC2]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F2-ACC3]ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
[F3-ACC1]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[F3-ACC2]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[F3-ACC3]ip route-static 0.0.0.0 0.0.0.0 192.168.3.254
[Router]ip route-static 0.0.0.0 0.0.0.0 1.1.1.254
[AC]ip route-static 0.0.0.0 0.0.0.0 192.168.205.2542.

2.動(dòng)態(tài)路由OSPF:
路由器:
[Router]ospf 1
[Router-ospf-1] default-route-advertise always
[Router-ospf-1] area 0.0.0.0
[Router-ospf-1-area-0.0.0.0] network 192.168.204.0 0.0.0.3

核心交換機(jī)CORE1:
[CORE1]ospf 1
[CORE1-ospf-1] area 0.0.0.0
[CORE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.100.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.105.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.205.0 0.0.0.255
[CORE1-ospf-1-area-0.0.0.0] network 192.168.201.0 0.0.0.3
[CORE1-ospf-1-area-0.0.0.0] network 192.168.202.0 0.0.0.3
[CORE1-ospf-1-area-0.0.0.0] network 192.168.204.0 0.0.0.3

二樓匯聚交換機(jī)F2-AGG1:
[F2-AGG1]ospf 1
[F2-AGG1-ospf-1] area 0.0.0.0
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.101.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.102.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.106.0 0.0.0.255
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.201.0 0.0.0.3
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.203.0 0.0.0.3
[F2-AGG1-ospf-1-area-0.0.0.0] network 192.168.206.0 0.0.0.255

三樓匯聚交換機(jī)F3-AGG1:
[F3-AGG1]ospf 1
[F3-AGG1-ospf-1] area 0.0.0.0
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.103.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.104.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.107.0 0.0.0.255
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.202.0 0.0.0.3
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.203.0 0.0.0.3
[F3-AGG1-ospf-1-area-0.0.0.0] network 192.168.207.0 0.0.0.255

(三)DHCP配置
1.核心交換機(jī)CORE1為一樓的無線終端和管理vlan提供DHCP服務(wù)
[CORE1]dhcp enable
[CORE1]ip pool ap-f1
[CORE1-ip-pool-ap-f1] gateway-list 192.168.205.254
[CORE1-ip-pool-ap-f1] network 192.168.205.0 mask 255.255.255.0
[CORE1-ip-pool-ap-f1] excluded-ip-address 192.168.205.253
[CORE1-ip-pool-ap-f1]ip pool sta-f1
[CORE1-ip-pool-sta-f1] gateway-list 192.168.105.254
[CORE1-ip-pool-sta-f1] network 192.168.105.0 mask 255.255.255.0
[CORE1]interface Vlanif105
[CORE1-Vlanif105] dhcp select global
[CORE1]interface Vlanif205
[CORE1-Vlanif205] dhcp select global

2.匯聚交換機(jī)F2-AGG1為無線終端、無線管理vlan、總經(jīng)理辦公室、行政部提供DHCP服務(wù)
[F2-AGG1]dhcp enable
[F2-AGG1]ip pool admin
[F2-AGG1-ip-pool-admin] gateway-list 192.168.102.254
[F2-AGG1-ip-pool-admin] network 192.168.102.0 mask 255.255.255.0
[F2-AGG1-ip-pool-admin]ip pool ap-f2
[F2-AGG1-ip-pool-ap-f2] gateway-list 192.168.206.254
[F2-AGG1-ip-pool-ap-f2] network 192.168.206.0 mask 255.255.255.0
[F2-AGG1-ip-pool-ap-f2] option 43 sub-option 3 ascii 192.168.205.253
[F2-AGG1-ip-pool-ap-f2]ip pool manager
[F2-AGG1-ip-pool-manager] gateway-list 192.168.101.254
[F2-AGG1-ip-pool-manager] network 192.168.101.0 mask 255.255.255.0
[F2-AGG1-ip-pool-manager]ip pool sta-f2
[F2-AGG1-ip-pool-sta-f2] gateway-list 192.168.106.254
[F2-AGG1-ip-pool-sta-f2] network 192.168.106.0 mask 255.255.255.0
[F2-AGG1]interface Vlanif101
[F2-AGG1-Vlanif101] dhcp select global
[F2-AGG1-Vlanif101]interface Vlanif102
[F2-AGG1-Vlanif102] dhcp select global
[F2-AGG1-Vlanif102]interface Vlanif106
[F2-AGG1-Vlanif106] dhcp select global
[F2-AGG1]interface Vlanif206
[F2-AGG1-Vlanif206] dhcp select global

  1. 匯聚交換機(jī)F2-AGG1為無線終端、無線管理vlan、市場部、研發(fā)部提供DHCP服務(wù)

[F3-AGG1]dhcp enable
[F3-AGG1]ip pool ap-f3
[F3-AGG1-ip-pool-ap-f3] gateway-list 192.168.207.254
[F3-AGG1-ip-pool-ap-f3] network 192.168.207.0 mask 255.255.255.0
[F3-AGG1-ip-pool-ap-f3] option 43 sub-option 3 ascii 192.168.205.253
[F3-AGG1-ip-pool-ap-f3]ip pool marketing
[F3-AGG1-ip-pool-marketing] gateway-list 192.168.103.254
[F3-AGG1-ip-pool-marketing] network 192.168.103.0 mask 255.255.255.0
[F3-AGG1-ip-pool-marketing]ip pool rd
[F3-AGG1-ip-pool-rd] gateway-list 192.168.104.254
[F3-AGG1-ip-pool-rd] network 192.168.104.0 mask 255.255.255.0
[F3-AGG1-ip-pool-rd]ip pool sta-f3
[F3-AGG1-ip-pool-sta-f3] gateway-list 192.168.107.254
[F3-AGG1-ip-pool-sta-f3] network 192.168.107.0 mask 255.255.255.0

三、 WLAN配置

AC配置wlan配置
[AC]wlan
[AC-wlan-view]
[AC-wlan-view]security-profile name WLAN-F1
[AC-wlan-sec-prof-WLAN-F1] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F1] security-profile name WLAN-F2
[AC-wlan-sec-prof-WLAN-F2] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F2] security-profile name WLAN-F3
[AC-wlan-sec-prof-WLAN-F3] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
[AC-wlan-sec-prof-WLAN-F3]ssid-profile name WLAN-F1
[AC-wlan-ssid-prof-WLAN-F1] ssid WLAN-F1
[AC-wlan-ssid-prof-WLAN-F1] ssid-profile name WLAN-F2
[AC-wlan-ssid-prof-WLAN-F2] ssid WLAN-F2
[AC-wlan-ssid-prof-WLAN-F2] ssid-profile name WLAN-F3
[AC-wlan-ssid-prof-WLAN-F3] ssid WLAN-F3
[AC-wlan-ssid-prof-WLAN-F3] vap-profile name WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] service-vlan vlan-id 105
[AC-wlan-vap-prof-WLAN-F1] ssid-profile WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] security-profile WLAN-F1
[AC-wlan-vap-prof-WLAN-F1] vap-profile name WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] service-vlan vlan-id 106
[AC-wlan-vap-prof-WLAN-F2] ssid-profile WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] security-profile WLAN-F2
[AC-wlan-vap-prof-WLAN-F2] vap-profile name WLAN-F3
[AC-wlan-vap-prof-WLAN-F3] service-vlan vlan-id 107
[AC-wlan-vap-prof-WLAN-F3] ssid-profile WLAN-F3
[AC-wlan-vap-prof-WLAN-F3] security-profile WLAN-F3
[AC-wlan-vap-prof-WLAN-F3]ap-group name WLAN-F1
[AC-wlan-ap-group-WLAN-F1] radio 0
[AC-wlan-group-radio-WLAN-F1/0] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/0] radio 1
[AC-wlan-group-radio-WLAN-F1/1] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/1] radio 2
[AC-wlan-group-radio-WLAN-F1/2] vap-profile WLAN-F1 wlan 1
[AC-wlan-group-radio-WLAN-F1/2] ap-group name WLAN-F2
[AC-wlan-ap-group-WLAN-F2] radio 0
[AC-wlan-group-radio-WLAN-F2/0] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/0] radio 1
[AC-wlan-group-radio-WLAN-F2/1] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/1] radio 2
[AC-wlan-group-radio-WLAN-F2/2] vap-profile WLAN-F2 wlan 2
[AC-wlan-group-radio-WLAN-F2/2] ap-group name WLAN-F3
[AC-wlan-ap-group-WLAN-F3] radio 0
[AC-wlan-group-radio-WLAN-F3/0] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/0] radio 1
[AC-wlan-group-radio-WLAN-F3/1] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/1] radio 2
[AC-wlan-group-radio-WLAN-F3/2] vap-profile WLAN-F3 wlan 2
[AC-wlan-group-radio-WLAN-F3/2] ap-id 0 type-id 60 ap-mac 00e0-fcce-2ad0 ap-sn 2
10235448310E7552512
[AC-wlan-ap-0] ap-name F1-AP1
[AC-wlan-ap-0] ap-group WLAN-F1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 輸入Y,回車
[AC-wlan-ap-0] ap-id 1 type-id 60 ap-mac 00e0-fc2e-2d20 ap-sn 2102354483105404F7
54
[AC-wlan-ap-1] ap-name F2-AP1
[AC-wlan-ap-1] ap-group WLAN-F2
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 輸入Y,回車
[AC-wlan-ap-1]ap-id 2 type-id 60 ap-mac 00e0-fcb1-7140 ap-sn 2102354483106439D86
5
[AC-wlan-ap-2] ap-name F3-AP1
[AC-wlan-ap-2] ap-group WLAN-F3
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]: 輸入Y,回車

四、 安全及出口設(shè)計(jì)
背景信息:
? 禁止從一樓的訪客SSID接入的用戶訪問公司內(nèi)部網(wǎng)絡(luò)。
? 僅無線終端可以訪問Internet。
? Router采用靜態(tài)IP地址方式接入互聯(lián)網(wǎng),運(yùn)營商分配了1.1.1.1-1.1.1.10地址段(掩碼長度為24),Router到達(dá)Internet的下一跳地址為1.1.1.254。
? 公司內(nèi)部有一臺(tái)Web服務(wù)器需要對外提供服務(wù),其私網(wǎng)IP地址為192.168.100.1,端口號(hào)為80。為了保證服務(wù)器安全性,只提供Web服務(wù)的NAT映射。

1、 禁止從一樓的訪客SSID接入的用戶訪問公司內(nèi)部網(wǎng)絡(luò)。
[CORE1]acl name F1ap-neibu 3000
[CORE1-acl-adv-F1ap-neibu]rule 5 deny ip source 192.168.105.0 0.0.0.255 destinat
ion 192.168.0.0 0.0.255.255
[CORE1-acl-adv-F1ap-neibu]rule 10 permit ip
[CORE1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

2、僅無線終端可以訪問Internet。
? Router采用靜態(tài)IP地址方式接入互聯(lián)網(wǎng),運(yùn)營商分配了1.1.1.1-1.1.1.10地址段(掩碼長度為24),Router到達(dá)Internet的下一跳地址為1.1.1.254。
[Router]nat address-group 1 1.1.1.2 1.1.1.10
[Router-acl-basic-ap-internet]rule 5 permit source 192.168.105.0 0.0.0.255
[Router-acl-basic-ap-internet]rule 10 permit source 192.168.106.0 0.0.0.255
[Router-acl-basic-ap-internet]rule 15 permit source 192.168.107.0 0.0.0.255
[Router-GigabitEthernet0/0/0]nat outbound 2000 address-group 1

3、公司內(nèi)部有一臺(tái)Web服務(wù)器需要對外提供服務(wù),其私網(wǎng)IP地址為192.168.100.1,端口號(hào)為80。為了保證服務(wù)器安全性,只提供Web服務(wù)的NAT映射。
[Router-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80
80 inside 192.168.100.1 www文章來源地址http://www.zghlxwxcb.cn/news/detail-474223.html

到了這里,關(guān)于HCIA-Datacom園區(qū)網(wǎng)絡(luò)項(xiàng)目實(shí)戰(zhàn) 華為認(rèn)證實(shí)驗(yàn)手冊 ENSP配置的文章就介紹完了。如果您還想了解更多內(nèi)容,請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章,希望大家以后多多支持TOY模板網(wǎng)!

本文來自互聯(lián)網(wǎng)用戶投稿,該文觀點(diǎn)僅代表作者本人,不代表本站立場。本站僅提供信息存儲(chǔ)空間服務(wù),不擁有所有權(quán),不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載,請注明出處: 如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實(shí)不符,請點(diǎn)擊違法舉報(bào)進(jìn)行投訴反饋,一經(jīng)查實(shí),立即刪除!

領(lǐng)支付寶紅包贊助服務(wù)器費(fèi)用

相關(guān)文章

覺得文章有用就打賞一下文章作者

支付寶掃一掃打賞

博客贊助

微信掃一掃打賞

請作者喝杯咖啡吧~博客贊助

支付寶掃一掃領(lǐng)取紅包,優(yōu)惠每天領(lǐng)

二維碼1

領(lǐng)取紅包

二維碼2

領(lǐng)紅包