网站做点击收费标准,中国包装创意设计大赛,湄潭建设局官方网站,网站建设推广优化公司前言
今天给大家分享一个ensp的小实验#xff0c;里面包含了ospf、dhcp、防火墙的内容#xff0c;如果需要文件的可以私我。 一、拓扑图 二、实训需求
某学校新建一个分校区网络#xff0c;经过与校领导和网络管理员的沟通#xff0c;现通过了设备选型和组网解决方案里面包含了ospf、dhcp、防火墙的内容如果需要文件的可以私我。 一、拓扑图 二、实训需求
某学校新建一个分校区网络经过与校领导和网络管理员的沟通现通过了设备选型和组网解决方案作为售后工程师你需要按照方案进行网络建设与调试使网络满足校方要求并顺利验收。
网络说明和主要工作包括
校园内部网络拟定采用C类地址192.168.x.0/24进行规划需要按照图示进行子网划分以满足组网IP需求。网络分为接入、汇聚、核心三个层次接入层交换机采用华为S3700为二层交换机主要进行用户的接入为区分不同业务进行了VLAN划分各交换机均连接了不同VLAN的用户并能保证把不同用户的数据向汇聚层发送。汇聚层设备采用华为S5700交换机为三层交换机下行接口vlanif10、vlanif20、vlanif30和vlanif40分别作为不同用户的网关GW使内网用户能够上网。核心层设备选用华为AR2200路由器用于连接核心交换机。核心路由器和分布层交换机、防火墙之间通过运行动态路由协议OSPF来学习路由信息以实现内网各网段之间的互通。核心交换机选用华为S5700交换机为二层交换机主要负责内网、外网和内网服务器的VLAN隔离。内网设置防火墙来保障网络安全。设备选用华为USG5500防火墙。要求通过防火墙使内网不同用户通过NAT来实现访问外网而同时不被外网所攻击。Trust区1-4号PC和7-10号PC可以访问所有的其他PC。Untrust区域的Client1只可以访问Server其他禁止。DMZ的Server1不能访问任何PC。防火墙出口做EasyIP soure-nat转换。防火墙出口做NAT server使外网Client1可以访问内网服务器Server1。汇聚层交换机SW2和SW5使用基于接口的DHCP功能。主机利用DHCP获取IP地址。
三、设备配置命令
防火墙
interface GigabitEthernet0/0/1
ip address 192.168.50.1 255.255.255.0 interface GigabitEthernet0/0/2
ip address 192.168.60.1 255.255.255.0 interface GigabitEthernet0/0/3
ip address 192.168.70.1 255.255.255.0 firewall zone trust
add interface GigabitEthernet0/0/1firewall zone untrust
add interface GigabitEthernet0/0/3firewall zone dmz
add interface GigabitEthernet0/0/2ospf 1
area 0.0.0.0
network 192.168.70.0 0.0.0.255
area 0.0.0.1
network 192.168.50.0 0.0.0.255
area 0.0.0.2
network 192.168.60.0 0.0.0.255 nat server 0 protocol tcp global interface GigabitEthernet0/0/3 8080 inside 192.168.60.2 wwwpolicy interzone trust untrust outbound
policy 10
action permit policy interzone trust dmz outbound
policy 10
action permit policy interzone dmz untrust inbound
policy 10
action permit
policy source 192.168.80.2 mask 32
policy destination 192.168.60.2 mask 32nat-policy interzone trust untrust outbound
policy 10
action source-nat
easy-ip GigabitEthernet0/0/3SW1 sysname SW1vlan batch 10 20 30 40 50interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 50interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30 40 50interface GigabitEthernet0/0/3
port link-type access
port default vlan 50SW2 sysname SW2vlan batch 10 20 50
dhcp enableinterface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interfaceinterface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select interfaceinterface Vlanif50
ip address 192.168.50.2 255.255.255.0 interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 50interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20ospf 1
area 0.0.0.1
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.50.0 0.0.0.255
SW3 sysname SW3vlan batch 10 20interface Ethernet0/0/1
port link-type access
port default vlan 10interface Ethernet0/0/2
port link-type access
port default vlan 20interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20SW4 sysname SW4vlan batch 10 20interface Ethernet0/0/1
port link-type access
port default vlan 10interface Ethernet0/0/2
port link-type access
port default vlan 20interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
SW5 sysname SW5vlan batch 30 40 50dhcp enableinterface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp select interfaceinterface Vlanif40
ip address 192.168.40.1 255.255.255.0
dhcp select interfaceinterface Vlanif50
ip address 192.168.50.3 255.255.255.0 interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40 50interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30 40interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30 40ospf 1
area 0.0.0.1
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
SW6
sysname SW6vlan batch 30 40interface Ethernet0/0/1
port link-type access
port default vlan 30interface Ethernet0/0/2
port link-type access
port default vlan 40interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40SW7
sysname SW7vlan batch 30 40interface Ethernet0/0/1
port link-type access
port default vlan 30interface Ethernet0/0/2
port link-type access
port default vlan 40interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40AR1 sysname R1interface GigabitEthernet0/0/0
ip address 192.168.70.2 255.255.255.0 interface GigabitEthernet0/0/1
ip address 192.168.80.1 255.255.255.0 ospf 1
area 0.0.0.0
network 192.168.70.0 0.0.0.255
area 0.0.0.3
network 192.168.80.0 0.0.0.255
四、网络测试
PC1 ping Server PC1 ping Client1 PC7 ping Server PC7 ping Client1 Client1 ping Server Client1 ping PC1 Server ping PC1 Server ping PC7 Easy-ip
