知方号

知方号

小型企业网络设计与规划<计算机网络企业网络安全设计毕业论文题目>

小型企业网络设计与规划

《计算机网络》课程设计报告

1 前言

随着现代科学技术和互联网的迅猛发展,以计算机和通讯技术为基础的管理系统正处于高速发展的时期。同时,伴随着经济文化水平的显著提高,人们对生活质量的要求也在不断提升,对工作的环境以及要求也日益提高。一个园区内进行办公的人们之间需要相互的通信,同时在相互通信的过程中又能确保信息通畅与保密,于是对此园区的一个网络规划与设计应运而生。

本课题简要地讨论了企业网络规划设计中涉及到的网络技术、规划设计方法、等问题﹐为企业网络的规划、设计和升级改造等方面在技术及应用上提供参考,以使在建或规划中的园区网络具备较高的整体性能。通过eNSP模拟企业园区网中的接入交换机、汇聚交换机等网络设备,并在网络设备上采用VLAN虚拟局域网、MSTP多生成树协议、[1] LACP链路聚合和VLAN聚合等多种协议配置,使构建的网络不仅具有较高的通信可靠性,并且能够满足企业的多业务需求,时也要实现高利用率高可靠性,从一些闲置的设备中提高资源的利用率,不同的流量在不同的链路上传输,链路得到充分利用,实现[3] 流量的负载分担。

通过对园区网络的分析,从性能和价值上满足园区网络的需求﹐然后对企业园区网络进行划分vlan、设置管理域等配置,不断的优化企业的网络,从而达到企业安全、快速访问网络资源的目的。

2 园区网项目背景和需求分析 2.1项目背景

某公司因业务发展需要,在园区A申请了一栋楼作为公司总部,准备创建一张全新的园区网络,考虑到公司可持续发展,决定也在建立园区B建立分部,公司园区A总部设有研发部、市场部、行政部、信息中心、网络管理组和访客接待中心。而访客接待中心提供Wi-Fi服务供访客使用。公司园区B分部,设有销售部。为方便公司开展业务,需要自动获取公司DNS服务器IP地址。公司已经申请了一条互联网专线并配有一个公网IP,希望所有员工都能访问Internet。后期规划所有设备可由网络管理员进行远程管理。建立IPV4与IPV6的双栈网络。

2.2项目需求分析

1.总部园区A和园区B要求网络拓扑简单,维护方便,网络具有扩展性和冗余性。

2.总部园区A提供有线接入供员工办公使用,分别为市场部、研发部、行政部、信息中心、网络管理组。而访客接待中心提供Wi-Fi服务供访客使用,做到简单的网络流量管理,提供一定的安全性

3.园区A和园区B为方便员工获取DNS服务器IP地址,可以采用DHCP方式为该局域网自动分配IP及DNS地址。

4.园区A要求核心交换机具有冗余性,高可靠性,扩展性。配置资源服务器。

5.公司有两个公网IP,园区A和园区B各部门所有员工都有访问Internet的需求,可以在出口路由器上配置网络地址转换。

6.为方便网络管理员对设备进行远程管理,需要启用所有设备的SSH服务。

7.为了公司发展园区A和园区B之间还需要采用IPV4和IPV6的双栈技术。

8.园区A和园区B之间的IPV4通信采用VPN的方案。

  

3 项目设计规划 3.1 项目设计方案 3.1.1 公司内网设计

采用三层结构组网,接入层,核心层,出口层。[4].使用MSTP+VRRP实现网关冗余,流量的负载均衡。[5].开启DHCP功能,DHCP也做成冗余备份,防止单台设备故障,造成DHCP故障,提高网络的可靠性。核心层之间的交换机配置链路聚合,实现链路的冗余性。VRRP6和DHCPV6同理做成以上配置需求。将这些服务都放在三层核心交换机,这样可以减轻出口路由器的负担,因为出口路由器将要承载大量的路由。在三层核心交换机上,旁挂资源服务器,方便公司方员工访问和上传公司的内部资源;旁挂无线AC控制器,方便网络管理员维护无线网络,也为公司的后续发展提供扩展性。内网IPV4网络使用OSPFV2协议,联通内网,IPV6网络使用OSPFV3协议联通内网;[6].NAT出口网关设置,使用静态路由,用 Easy IP 直接使用接口的公网地址作为私网转换后访问公网的地址,不需要配置 NAT 地址池。分部园区B也是采用相同的组网方式。

3.1.2 园区A和园区B之间通信设计

由于运营商网络没有IPV6网络,因此园区A和园区B均采用了IPV4和IPV6的双栈设计,IPV4之间的通信配置为GRE over IPsec VPN;IPV6之间的通信设计为IPv6 over IPv4 GRE隧道。

3.1.3 项目拓扑设计

图3-1 网络拓扑图

3.2 子网划分及IP地址 3.2.1 子网划分

园区A:

设备名称

端口

链路类型

VLAN参数

LSW1

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

GE0/0/3

Trunk

Allow pass: 11 to 16

GE0/0/4

Trunk

Allow pass: 11 to 16

GE0/0/5

Trunk

Allow pass: 11 to 16

GE0/0/6

Trunk

Allow pass: 11 to 16

GE0/0/10

Trunk

Allow pass: 11 to 16

GE0/0/11

Trunk

Allow pass: 11 to 16

GE0/0/20

Access

PVID:100

GE0/0/24

Access

PVID:106

LSW2

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

GE0/0/3

Trunk

Allow pass: 11 to 16

GE0/0/4

Trunk

Allow pass: 11 to 16

GE0/0/5

Trunk

Allow pass: 11 to 16

GE0/0/6

Trunk

Allow pass: 11 to 16

GE0/0/10

Trunk

Allow pass: 11 to 16

GE0/0/11

Trunk

Allow pass: 11 to 16

GE0/0/20

Access

PVID:200

GE0/0/24

Access

PVID:201

LSW3

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/11

Access

PVID:11

LSW4

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/11

Access

PVID:12

LSW5

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/11

Access

PVID:13

LSW6

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/11

Access

PVID:14

LSW7

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/11

Access

PVID:15

LSW8

GE0/0/1

Trunk

Allow pass: 11 to 16

GE0/0/2

Trunk

Allow pass: 11 to 16

ET0/0/1

Access

PVID:16

ET0/0/11

Trunk

PVID:10

Allow pass: 10 to 16

AC1

GE0/0/1

Trunk

Allow pass: 201

园区B

设备名称

端口

链路类型

VLAN参数

LSW9

GE0/0/1

Access

PVID:300

GE0/0/2

Trunk

Allow pass: 17

LSW10

GE0/0/2

Trunk

Allow pass: 10 to 16

ET0/0/1

Access

PVID:17

3.2.2 IP地址

IPV4地址规划

园区A

设备名称

接口

IP地址

AR1

GE0/0/1

10.1.1.1/30

GE0/0/2

10.2.1.1/30

GE0/0/3

200.1.1.1/29

LoopBack0   

172.16.1.11/32

Tunnel 0/0/1

100.1.1.1/30

LSW1

Vlanif 11

192.168.11.251/24

Vlanif 12

192.168.12.251/24

Vlanif 13

192.168.13.251/24

Vlanif 14

192.168.14.251/24

Vlanif 15

192.168.15.251/24

Vlanif 16

192.168.16.251/24

Vlanif 100

10.1.1.2/30

Vlanif 106

10.6.6.5/30

LoopBack0   

172.16.1.1/32

LSW2

Vlanif 10

10.23.10.1/24

Vlanif 11

192.168.11.252/24

Vlanif 12

192.168.12.252/24

Vlanif 13

192.168.13.252/24

Vlanif 14

192.168.14.252/24

Vlanif 15

192.168.15.252/24

Vlanif 16

192.168.16.252/24

Vlanif 200

10.2.1.2/30

Vlanif 201

10.23.100.2/24

LoopBack0   

172.16.1.2/32

Server1

ET0/0/0

10.6.6.6/30

AC1

Vlanif 201

10.23.100.1/24

LoopBack0   

172.16.1.100/32

园区B:

设备名称

接口

IP地址

AR3

GE0/0/0

200.2.1.1/29

GE0/0/1

10.3.1.1/30

LoopBack0  

172.16.1.33/32

Tunnel 0/0/1

100.1.1.2/30

LSW9

LoopBack0

172.16.1.9/32

Vlanif 17

192.168.17.254/24

Vlanif 300

10.3.1.2/30

运营商:

设备名称

接口

IP地址

AR3

GE0/0/0

200.1.1.2/29

GE0/0/1

200.2.1.2/29

LoopBack0  

1.1.1.1/32

IPV6地址规划

园区A:

设备名称

接口

IP地址

AR1

GE0/0/1

2001:10:1:1::1/64

GE0/0/2

2001:10:2:1::1/64

Tunnel 0/0/2

2001:1313::1/64

LSW1

Vlanif 11

2001:192:168:11::251/64

Vlanif 12

2001:192:168:12::251/64

Vlanif 13

2001:192:168:13::251/64

Vlanif 14

2001:192:168:14::251/64

Vlanif 15

2001:192:168:15::251/64

Vlanif 16

2001:192:168:16::251/64

Vlanif 100

2001:10:1:1::2/64

LSW2

Vlanif 11

2001:192:168:11::252/64

Vlanif 12

2001:192:168:12::252/64

Vlanif 13

2001:192:168:13::252/64

Vlanif 14

2001:192:168:14::252/64

Vlanif 15

2001:192:168:15::252/64

Vlanif 16

2001:192:168:16::252/64

Vlanif 200

2001:10:2:1::2/64

园区B:

设备名称

接口

IP地址

AR3

GE0/0/1

2001:10:3:1::1/64

Tunnel 0/0/2

2001:1313::3/64

LSW9

Vlanif 17

2001:192:168:17::254/64

Vlanif 300

2001:10:3:1::2/64

4 设备配置 4.1 园区A 4.1.1 AR1配置

配置NAT,BFD,SSH,IPv6 over IPv4 GRE隧道,GRE over IPsec VPN,OSPFV2 和 OSPFV3路由协议。

#

ipv6   

#

dhcp enable   

#

stelnet server enable       

rsa local-key-pair create   

Input the bits in the modulus[default = 512]:1024

#

aaa

 local-user user-ssh password cipher huawei

 local-user user-ssh privilege level 15

 local-user user-ssh service-type ssh  

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh    

quit

ssh user user-ssh authentication-type all

#

bfd

#

acl number 2001                         

 rule 5 permit source 192.168.11.0 0.0.0.255

 rule 10 permit source 192.168.12.0 0.0.0.255

 rule 15 permit source 192.168.13.0 0.0.0.255

 rule 20 permit source 192.168.14.0 0.0.0.255

 rule 25 permit source 192.168.15.0 0.0.0.255

 rule 30 permit source 192.168.16.0 0.0.0.255

#

acl number 3000  

 rule 5 permit ip source 200.1.1.1 0 destination 200.2.1.1 0

#

ipsec proposal 1

 encapsulation-mode transport

 esp authentication-algorithm sha2-256

 esp encryption-algorithm aes-192

#

ike proposal 1

 encryption-algorithm aes-cbc-128

 dh group14

#

ike peer 1 v1

 pre-shared-key cipher huawei

 ike-proposal 1

 remote-address 200.2.1.1

#

ipsec policy ATOB 1 isakmp

 security acl 3000

 ike-peer 1

 proposal 1

#

dhcpv6 pool 11

 address prefix 2001:192:168:11::/64

 excluded-address 2001:192:168:11::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

dhcpv6 pool 12

 address prefix 2001:192:168:12::/64

 excluded-address 2001:192:168:12::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

dhcpv6 pool 13

 address prefix 2001:192:168:13::/64

 excluded-address 2001:192:168:13::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

dhcpv6 pool 14

 address prefix 2001:192:168:14::/64

 excluded-address 2001:192:168:14::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

dhcpv6 pool 15

 address prefix 2001:192:168:15::/64

 excluded-address 2001:192:168:15::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

dhcpv6 pool 16

 address prefix 2001:192:168:16::/64

 excluded-address 2001:192:168:16::254

 dns-server 3000:8:8:8::8

 dns-domain-name hauwei.com

#

ospfv3 32

 router-id 172.16.1.11

 import-route static

#

interface GigabitEthernet0/0/0

 ip address 200.1.1.1 255.255.255.248

 ipsec policy ATOB

 nat outbound 2001

#

interface GigabitEthernet0/0/1

 ipv6 enable

 ip address 10.1.1.1 255.255.255.252

 ipv6 address 2001:10:1:1::1/64

 ospfv3 32 area 0.0.0.0

#

interface GigabitEthernet0/0/2

 ipv6 enable

 ip address 10.2.1.1 255.255.255.252

 ipv6 address 2001:10:2:1::1/64

 ospfv3 32 area 0.0.0.0

#

interface LoopBack0

 ipv6 enable

 ip address 172.16.1.11 255.255.255.255

 ipv6 address 2001:172:16:1::11/64

 ospfv3 32 area 0.0.0.0

#

interface Tunnel0/0/1

 ip address 100.1.1.1 255.255.255.252

 tunnel-protocol gre

 source 200.1.1.1

 destination 200.2.1.1

#

interface Tunnel0/0/2

 ipv6 enable

 ipv6 address 2001:1313::1/64

 tunnel-protocol ipv6-ipv4

 source 200.1.1.1

 destination 200.2.1.1

#

bfd 1 bind peer-ip 10.1.1.2 source-ip 10.1.1.1 auto

 commit

#

bfd 2 bind peer-ip 10.2.1.2 source-ip 10.2.1.1 auto

 commit

#

ospf 32 router-id 172.16.1.11

 default-route-advertise

 area 0.0.0.0

  network 10.1.1.0 0.0.0.3

  network 10.2.1.0 0.0.0.3

  network 172.16.1.11 0.0.0.0

#

ip route-static 0.0.0.0 0.0.0.0 200.1.1.2

ip route-static 192.168.17.0 255.255.255.0 Tunnel0/0/1

#

ipv6 route-static 2001:192:168:17:: 64 Tunnel0/0/2

#

4.1.2 LSW1配置

配置MSTP,VRRP,SSH,DHCP,VRRP6,DHCPV6,Eth-Trunk,BFD;vlan11,vlan13,vlan15在此设备作为MSTP的根桥。同样也是VRRP和VRRP6的Master端,配置联动BFD配置追踪上行链路。也是DHCP和DHCPV6的主服务器。vlan12,vlan14,vlan16均作为备份根桥,备份VRRP和VRRP6,备份DHCP和DHCPV6服务器。配置OSPFV2和OSPFV3联通内网。

sysname LSW1

#

ipv6

#

stelnet server enable       

rsa local-key-pair create   

Input the bits in the modulus[default = 512]:1024

#

aaa

 local-user user-ssh password cipher huawei

 local-user user-ssh privilege level 15

 local-user user-ssh service-type ssh  

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh    

quit

ssh user user-ssh authentication-type all

#

vlan batch 11 to 16 100 106

#

stp instance 11 root primary

stp instance 12 root secondary

stp instance 13 root primary

stp instance 14 root secondary

stp instance 15 root primary

stp instance 16 root secondary

#

dhcp enable

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

bfd

#

ip pool 11

 gateway-list 192.168.11.254

 network 192.168.11.0 mask 255.255.255.0

 excluded-ip-address 192.168.11.128 192.168.11.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 12

 gateway-list 192.168.12.254

 network 192.168.12.0 mask 255.255.255.0

 excluded-ip-address 192.168.12.128 192.168.12.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 13

 gateway-list 192.168.13.254

 network 192.168.13.0 mask 255.255.255.0

 excluded-ip-address 192.168.13.128 192.168.13.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 14

 gateway-list 192.168.14.254

 network 192.168.14.0 mask 255.255.255.0

 excluded-ip-address 192.168.14.128 192.168.14.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 15

 gateway-list 192.168.15.254

 network 192.168.15.0 mask 255.255.255.0

 excluded-ip-address 192.168.15.128 192.168.15.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 16

 gateway-list 192.168.16.254

 network 192.168.16.0 mask 255.255.255.0

 excluded-ip-address 192.168.16.128 192.168.16.253

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ospfv3 32

 router-id 172.16.1.1

#

interface Vlanif1

#

interface Vlanif11

 ipv6 enable

 ip address 192.168.11.251 255.255.255.0

 ipv6 address 2001:192:168:11::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 11 virtual-ip 192.168.11.254

 vrrp vrid 11 priority 105

 vrrp vrid 11 preempt-mode timer delay 60

 vrrp vrid 11 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 11 virtual-ip FE80::11 link-local

 vrrp6 vrid 11 virtual-ip 2001:192:168:11::254

 vrrp6 vrid 11 priority 105

 vrrp6 vrid 11 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif12

 ipv6 enable

 ip address 192.168.12.251 255.255.255.0

 ipv6 address 2001:192:168:12::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 12 virtual-ip 192.168.12.254

 vrrp6 vrid 12 virtual-ip FE80::12 link-local

 vrrp6 vrid 12 virtual-ip 2001:192:168:12::254

 dhcp select global

#

interface Vlanif13

 ipv6 enable

 ip address 192.168.13.251 255.255.255.0

 ipv6 address 2001:192:168:13::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 13 virtual-ip 192.168.13.254

 vrrp vrid 13 priority 105

 vrrp vrid 13 preempt-mode timer delay 60

 vrrp vrid 13 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 13 virtual-ip FE80::13 link-local

 vrrp6 vrid 13 virtual-ip 2001:192:168:13::254

 vrrp6 vrid 13 priority 105

 vrrp6 vrid 13 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif14

 ipv6 enable

 ip address 192.168.14.251 255.255.255.0

 ipv6 address 2001:192:168:14::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 14 virtual-ip 192.168.14.254

 vrrp6 vrid 14 virtual-ip FE80::14 link-local

 vrrp6 vrid 14 virtual-ip 2001:192:168:14::254

 dhcp select global

#

interface Vlanif15

 ipv6 enable

 ip address 192.168.15.251 255.255.255.0

 ipv6 address 2001:192:168:15::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 15 virtual-ip 192.168.15.254

 vrrp vrid 15 priority 105

 vrrp vrid 15 preempt-mode timer delay 60

 vrrp vrid 15 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 15 virtual-ip FE80::15 link-local

 vrrp6 vrid 15 virtual-ip 2001:192:168:15::254

 vrrp6 vrid 15 priority 105

 vrrp6 vrid 15 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif16

 ipv6 enable

 ip address 192.168.16.251 255.255.255.0

 ipv6 address 2001:192:168:16::251/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 16 virtual-ip 192.168.16.254

 vrrp6 vrid 16 virtual-ip FE80::16 link-local

 vrrp6 vrid 16 virtual-ip 2001:192:168:16::254

 dhcp select global

#

interface Vlanif100

 ipv6 enable

 ip address 10.1.1.2 255.255.255.252

 ipv6 address 2001:10:1:1::2/64

 ospfv3 32 area 0.0.0.0

#

interface Vlanif106

 ip address 10.6.6.5 255.255.255.252

#

interface Eth-Trunk12

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/4

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/5

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/6

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/10

 eth-trunk 12

#

interface GigabitEthernet0/0/11

 eth-trunk 12

#

interface GigabitEthernet0/0/20

 port link-type access

 port default vlan 100

#

interface GigabitEthernet0/0/24

 port link-type access

 port default vlan 106

#

interface LoopBack0

 ip address 172.16.1.1 255.255.255.255

#

bfd 1 bind peer-ip 10.1.1.1 source-ip 10.1.1.2 auto

 commit

#

ospf 32 router-id 172.16.1.1

 area 0.0.0.0

  network 192.168.11.0 0.0.0.255

  network 192.168.13.0 0.0.0.255

  network 192.168.15.0 0.0.0.255

  network 10.1.1.0 0.0.0.3

  network 10.6.6.4 0.0.0.3

  network 172.16.1.1 0.0.0.0

  network 192.168.12.0 0.0.0.255

  network 192.168.14.0 0.0.0.255

  network 192.168.16.0 0.0.0.255

#

return

4.1.3 LSW2配置

配置MSTP,VRRP,SSH,DHCP,VRRP6,DHCPV6,Eth-Trunk;vlan12,vlan14,vlan16在此设备作为MSTP的根桥。同样也是VRRP和VRRP6的Master端,配置联动BFD配置追踪上行链路。也是DHCP和DHCPV6的主服务器。vlan11,vlan13,vlan15均作为备份根桥,备份VRRP和VRRP6,备份DHCP和DHCPV6服务器。配置OSPFV2和OSPFV3联通内网。

#

ipv6

#

stelnet server enable       

rsa local-key-pair create   

Input the bits in the modulus[default = 512]:1024

#

aaa

 local-user user-ssh password cipher huawei

 local-user user-ssh privilege level 15

 local-user user-ssh service-type ssh  

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh    

quit

ssh user user-ssh authentication-type all

#

vlan batch 10 to 16 200 to 201

#

stp instance 11 root secondary

stp instance 12 root primary

stp instance 13 root secondary

stp instance 14 root primary

stp instance 15 root secondary

stp instance 16 root primary

#

dhcp enable

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

bfd

#

ip pool 11

 gateway-list 192.168.11.254

 network 192.168.11.0 mask 255.255.255.0

 excluded-ip-address 192.168.11.1 192.168.11.127

 dns-list 8.8.8.8

#

ip pool 12

 gateway-list 192.168.12.254

 network 192.168.12.0 mask 255.255.255.0

 excluded-ip-address 192.168.12.1 192.168.12.127

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 13

 gateway-list 192.168.13.254

 network 192.168.13.0 mask 255.255.255.0

 excluded-ip-address 192.168.13.1 192.168.13.127

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 14

 gateway-list 192.168.14.254

 network 192.168.14.0 mask 255.255.255.0

 excluded-ip-address 192.168.14.1 192.168.14.127

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 15

 gateway-list 192.168.15.254

 network 192.168.15.0 mask 255.255.255.0

 excluded-ip-address 192.168.15.1 192.168.15.127

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ip pool 16

 gateway-list 192.168.16.254

 network 192.168.16.0 mask 255.255.255.0

 excluded-ip-address 192.168.16.1 192.168.16.127

 lease day 3 hour 0 minute 0

 dns-list 8.8.8.8

#

ospfv3 32

 router-id 172.16.1.2

#

interface Vlanif10

 ip address 10.23.10.1 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 10.23.100.1

#

interface Vlanif11

 ipv6 enable

 ip address 192.168.11.252 255.255.255.0

 ipv6 address 2001:192:168:11::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 11 virtual-ip 192.168.11.254

 vrrp6 vrid 11 virtual-ip FE80::11 link-local

 vrrp6 vrid 11 virtual-ip 2001:192:168:11::254

 dhcp select global

#

interface Vlanif12

 ipv6 enable

 ip address 192.168.12.252 255.255.255.0

 ipv6 address 2001:192:168:12::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 12 virtual-ip 192.168.12.254

 vrrp vrid 12 priority 105

 vrrp vrid 12 preempt-mode timer delay 60

 vrrp vrid 12 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 12 virtual-ip FE80::12 link-local

 vrrp6 vrid 12 virtual-ip 2001:192:168:12::254

 vrrp6 vrid 12 priority 105

 vrrp6 vrid 12 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif13

 ipv6 enable

 ip address 192.168.13.252 255.255.255.0

 ipv6 address 2001:192:168:13::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 13 virtual-ip 192.168.13.254

 vrrp6 vrid 13 virtual-ip FE80::13 link-local

 vrrp6 vrid 13 virtual-ip 2001:192:168:13::254

 dhcp select global

#

interface Vlanif14

 ipv6 enable

 ip address 192.168.14.252 255.255.255.0

 ipv6 address 2001:192:168:14::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 14 virtual-ip 192.168.14.254

 vrrp vrid 14 priority 105

 vrrp vrid 14 preempt-mode timer delay 60

 vrrp vrid 14 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 14 virtual-ip FE80::14 link-local

 vrrp6 vrid 14 virtual-ip 2001:192:168:14::254

 vrrp6 vrid 14 priority 105

 vrrp6 vrid 14 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif15

 ipv6 enable

 ip address 192.168.15.252 255.255.255.0

 ipv6 address 2001:192:168:15::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 15 virtual-ip 192.168.15.254

 vrrp6 vrid 15 virtual-ip FE80::15 link-local

 vrrp6 vrid 15 virtual-ip 2001:192:168:15::254

 dhcp select global

#

interface Vlanif16

 ipv6 enable

 ip address 192.168.16.252 255.255.255.0

 ipv6 address 2001:192:168:16::252/64

 ospfv3 32 area 0.0.0.0

 vrrp vrid 16 virtual-ip 192.168.16.254

 vrrp vrid 16 priority 105

 vrrp vrid 16 preempt-mode timer delay 60

 vrrp vrid 16 track bfd-session session-name 1 reduced 20

 vrrp6 vrid 16 virtual-ip FE80::16 link-local

 vrrp6 vrid 16 virtual-ip 2001:192:168:16::254

 vrrp6 vrid 16 priority 105

 vrrp6 vrid 16 preempt-mode timer delay 60

 dhcp select global

#

interface Vlanif200

 ipv6 enable

 ip address 10.2.1.2 255.255.255.252

 ipv6 address 2001:10:2:1::2/64

 ospfv3 32 area 0.0.0.0

#

interface Vlanif201

 ip address 10.23.100.2 255.255.255.0

#

interface Eth-Trunk12

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/4

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/5

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/6

 port link-type trunk

 port trunk allow-pass vlan 10 to 16

#

interface GigabitEthernet0/0/10

 eth-trunk 12

#

interface GigabitEthernet0/0/11

 eth-trunk 12

#

interface GigabitEthernet0/0/20

 port link-type access

 port default vlan 200

#

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 201

#

interface LoopBack0

 ip address 172.16.1.2 255.255.255.255

#

bfd 1 bind peer-ip 10.2.1.1 source-ip 10.2.1.2 auto

 commit

#

ospf 32 router-id 172.16.1.2

 import-route static

 area 0.0.0.0

  network 192.168.12.0 0.0.0.255

  network 192.168.14.0 0.0.0.255

  network 192.168.16.0 0.0.0.255

  network 10.2.1.0 0.0.0.3

  network 172.16.1.2 0.0.0.0

  network 192.168.11.0 0.0.0.255

  network 192.168.13.0 0.0.0.255

  network 192.168.15.0 0.0.0.255

  network 10.23.100.0 0.0.0.255

  network 10.23.10.0 0.0.0.255

#

ip route-static 172.16.1.100 255.255.255.255 10.23.100.1

#

return

4.1.4 LSW3配置

配置MSTP,设置接口类型。

sysname LSW3

#

vlan batch 11 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 11

 stp edged-port enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

4.1.5 LSW4配置

配置MSTP,设置接口类型。

sysname LSW3

#

vlan batch 11 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 12

 stp edged-port enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

4.1.6 LSW5配置

配置MSTP,设置接口类型。

sysname LSW3

#

vlan batch 11 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 13

 stp edged-port enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

4.1.7 LSW6配置

配置MSTP,设置接口类型。

sysname LSW3

#

vlan batch 11 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 14

 stp edged-port enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

4.1.8 LSW7配置

配置MSTP,设置接口类型。

sysname LSW3

#

vlan batch 11 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 15

 stp edged-port enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 11 to 16

#

4.1.9 LSW8配置

配置MSTP,设置接口类型。

sysname LSW8

#

vlan batch 10 to 16

#

stp region-configuration

 region-name QYW

 revision-level 12

 instance 11 vlan 11

 instance 12 vlan 12

 instance 13 vlan 13

 instance 14 vlan 14

 instance 15 vlan 15

 instance 16 vlan 16

 active region-configuration

#

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 2 to 4094

#

interface Ethernet0/0/11

 port link-type access

 port default vlan 16

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 10 to 16

#

4.1.10 AC1配置

配置AC无线。

vlan batch 16 201

#

vlan pool sta-pool

 vlan 16

#

dhcp enable

#

ip pool huawei

 gateway-list 10.23.10.1

 network 10.23.10.0 mask 255.255.255.0

 option 43 sub-option 3 ascii 10.23.100.1

#

interface Vlanif201

 ip address 10.23.100.1 255.255.255.0

 dhcp select global

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 201

#

ip route-static 0.0.0.0 0.0.0.0 10.23.100.2

#

capwap source interface vlanif201

#

wlan

 security-profile name visitors

  security wpa-wpa2 psk pass-phrase a1234567 aes

 ssid-profile name visitors

  ssid visitors

 vap-profile name visitors

  service-vlan vlan-pool sta-pool

  ssid-profile visitors

  security-profile visitors

 ap-group name ap-group1

  radio 0

   vap-profile visitors wlan 1

  radio 1

   vap-profile visitors wlan 1

 ap-id 0 type-id 35 ap-mac 00e0-fc1e-65b0 ap-sn 210235448310FF534D33

  ap-name area_1

  ap-group ap-group1

  radio 0

   channel 20mhz 6

   eirp 127

  radio 1

   channel 20mhz 149

   eirp 127

#

4.2 园区B配置 4.2.1 AR3配置

配置NAT,SSH,IPv6 over IPv4 GRE隧道,GRE over IPsec VPN,OSPFV2 和 OSPFV3路由协议。

#

 sysname AR3

#

stelnet server enable       

rsa local-key-pair create   

Input the bits in the modulus[default = 512]:1024

#

aaa

 local-user user-ssh password cipher huawei

 local-user user-ssh privilege level 15

 local-user user-ssh service-type ssh  

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh    

quit

ssh user user-ssh authentication-type all

#

acl number 2001  

 rule 5 permit source 192.168.17.0 0.0.0.255

#

acl number 3000  

 rule 5 permit ip source 200.2.1.1 0 destination 200.1.1.1 0

acl number 3001  

#

ipsec proposal 1

 encapsulation-mode transport

 esp authentication-algorithm sha2-256

 esp encryption-algorithm aes-192

#

ike proposal 1

 encryption-algorithm aes-cbc-128

 dh group14

#

ike peer 1 v1

 pre-shared-key cipher huawei

 ike-proposal 1

 remote-address 200.1.1.1

#

ipsec policy BTOA 1 isakmp

 security acl 3000

 ike-peer 1

 proposal 1

#

ospfv3 32

 router-id 172.16.1.33

 import-route static

#

interface GigabitEthernet0/0/0

 ip address 200.2.1.1 255.255.255.248

 ipsec policy BTOA

 nat outbound 2001

#

interface GigabitEthernet0/0/1

 ipv6 enable

 ip address 10.3.1.1 255.255.255.252

 ipv6 address 2001:10:3:1::1/64

 ospfv3 32 area 0.0.0.0

#

interface LoopBack0

 ip address 172.16.1.33 255.255.255.255

#

interface Tunnel0/0/1

 ip address 100.1.1.2 255.255.255.252

 tunnel-protocol gre

 source 200.2.1.1

 destination 200.1.1.1

#

interface Tunnel0/0/2

 ipv6 enable

 ipv6 address 2001:1313::3/64

 tunnel-protocol ipv6-ipv4

 source 200.2.1.1

 destination 200.1.1.1

#

ospf 32

 default-route-advertise

 area 0.0.0.0

  network 10.3.1.0 0.0.0.3

  network 172.16.1.33 0.0.0.0

#

ip route-static 0.0.0.0 0.0.0.0 200.2.1.2

ip route-static 10.6.6.4 255.255.255.252 Tunnel0/0/1

ip route-static 192.168.0.0 255.255.0.0 Tunnel0/0/1

#

ipv6 route-static 2001:192:168:11:: 64 Tunnel0/0/2

ipv6 route-static 2001:192:168:12:: 64 Tunnel0/0/2

ipv6 route-static 2001:192:168:13:: 64 Tunnel0/0/2

ipv6 route-static 2001:192:168:14:: 64 Tunnel0/0/2

ipv6 route-static 2001:192:168:15:: 64 Tunnel0/0/2

#

4.2.9 LSW9配置

配置DHCP服务器,IPV6,OSPFV2 和 OSPFV3路由协议。

#

ipv6

#

vlan batch 17 300

#

stelnet server enable       

rsa local-key-pair create   

Input the bits in the modulus[default = 512]:1024

#

aaa

 local-user user-ssh password cipher huawei

 local-user user-ssh privilege level 15

 local-user user-ssh service-type ssh  

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh    

quit

ssh user user-ssh authentication-type all

#

ospfv3 32

 router-id 172.16.1.9

#

dhcp enable

#

ip pool 17

 gateway-list 192.168.17.254

 network 192.168.17.0 mask 255.255.255.0

 dns-list 8.8.8.8

#

interface Vlanif17

 ipv6 enable

 ip address 192.168.17.254 255.255.255.0

 ipv6 address 2001:192:168:17::254/64

 ospfv3 32 area 0.0.0.0

 dhcp select global

#

interface Vlanif300

 ipv6 enable

 ip address 10.3.1.2 255.255.255.252

 ipv6 address 2001:10:3:1::2/64

 ospfv3 32 area 0.0.0.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 300

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 17

#

interface LoopBack0

 ip address 172.16.1.9 255.255.255.255

#

ospf 32

 area 0.0.0.0

  network 10.3.1.0 0.0.0.3

  network 192.168.17.0 0.0.0.255

  network 172.16.1.9 0.0.0.0

#

4.2.3 LSW10配置

配置MSTP,设置接口类型。

#

sysname LSW10

#

vlan batch 17

#

interface Ethernet0/0/1

 port link-type access

 port default vlan 17

#

interface Ethernet0/0/2

 port link-type trunk

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 17

#

4.3 运营商配置 4.3.1 AR2配置 

配置静态路由,设置环回口模拟外网,运营商。

interface GigabitEthernet0/0/0

 ip address 200.1.1.2 255.255.255.248

#

interface GigabitEthernet0/0/1

 ip address 200.2.1.2 255.255.255.248

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

5 验证与测试 5.1结果测试 5.1.1主机通过DHCP获取地址

 

 

 

5.1.2 AP无线WiFi获取

访问外网1.1.1.1。

访问内网资源服务器 10.6.6.6;访问内网市场部 192.168.11.127。

5.1.3 IPV4内网连通性测试

PC1为例访问PC2、PC3、PC4、PC5、PC9。

 

5.1.4 IPV6内网连通性测试

PC1为例访问PC2、PC3、PC4、PC5、PC9。

5.1.5 SSH验证

以LSW1为例SSH登录AR1

5.1.6 园区A和园区B通过NAT访问外网测试

园区A以PC1为例访问外网 1.1.1.1

园区B以PC6 访问外网 1.1.1.1

5.1.7 园区A访问园区B通过VPN和双栈测试

园区A通过GRE over IPsec VPN访问园区B

园区B通过GRE over IPsec VPN访问园区A资源服务器

园区A通过IPv6 over IPv4 GRE隧道访问园区B

5.2可靠性和冗余性测试 5.2.1 MSTP冗余性测试 

LSW1上,GE0/0/1 shutdown后用PC1访问172.16.1.11,走LSW2

LSW2上,GE0/0/1 shutdown后用PC2访问172.16.1.11,走LSW1

5.2.2 VRRP和VRRP6冗余性测试 

LSW1上,GE0/0/20用PC1访问1.1.1.1,走LSW2

LSW2上,GE0/0/20用PC2访问1.1.1.1,走LSW1

LSW1上,GE0/0/20用PC1访问2001:172:16:1::1,走LSW2

LSW2上,GE0/0/20用PC2访问2001:172:16:1::1,走LSW1

5.2.3 DHCP冗余性测试 

将LSW1关闭,模拟DHCP故障,LSW2将启用备份DHCP服务器。

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至lizi9903@foxmail.com举报,一经查实,本站将立刻删除。

上一篇 没有了

下一篇没有了

相关文章