本文主要是介绍华为eNSP中型企业局域网网络规划设计(下),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
→b站传送门,感谢大佬←
→华为eNSP中型企业局域网网络规划设计(上)←
→拓扑图传送门,可以自己配置着玩←
配置ospf
AR3
[AR3]ospf 1 router-id 3.3.3.3
//出口默认路由
[AR3-ospf-1]default-route-advertise always
#area 0.0.0.0 network 100.1.11.3 0.0.0.0 network 100.1.33.3 0.0.0.0 network 192.168.13.3 0.0.0.0 network 192.168.23.3 0.0.0.0
#
AR1
[AR1]ospf 1 router-id 1.1.1.1
#area 0.0.0.0 network 192.168.12.1 0.0.0.0 network 192.168.13.1 0.0.0.0 network 192.168.77.1 0.0.0.0 network 192.168.87.1 0.0.0.0 network 192.168.91.1 0.0.0.0
#
AR2
[AR2]ospf 1 router-id 2.2.2.2
#area 0.0.0.0 network 192.168.12.2 0.0.0.0 network 192.168.23.2 0.0.0.0 network 192.168.78.2 0.0.0.0 network 192.168.88.2 0.0.0.0 network 192.168.92.2 0.0.0.0
#
SW9
[SW9]ospf 1 router-id 9.9.9.9
#area 0.0.0.0network 192.168.91.254 0.0.0.0network 192.168.92.254 0.0.0.0
#area 0.0.0.200network 192.168.200.254 0.0.0.0
#area 0.0.0.201network 192.168.201.254 0.0.0.0
#
SW7
[SW7]ospf 1 router-id 7.7.7.7
#area 0.0.0.0network 192.168.10.7 0.0.0.0network 192.168.20.7 0.0.0.0network 192.168.30.7 0.0.0.0network 192.168.40.7 0.0.0.0network 192.168.50.7 0.0.0.0network 192.168.60.7 0.0.0.0network 192.168.77.7 0.0.0.0network 192.168.78.7 0.0.0.0
#
SW8
[SW8]ospf 1 router-id 8.8.8.8
#area 0.0.0.0network 192.168.10.8 0.0.0.0network 192.168.20.8 0.0.0.0network 192.168.30.8 0.0.0.0network 192.168.40.8 0.0.0.0network 192.168.50.8 0.0.0.0network 192.168.60.8 0.0.0.0network 192.168.87.8 0.0.0.0network 192.168.88.8 0.0.0.0
#
配置出口动态nat
AR3
//配置静态出口路由
[AR3]ip route-static 0.0.0.0 0 100.1.11.5 preference 70
[AR3]ip route-static 0.0.0.0 0 100.1.33.5//访问出口的流量
#
acl number 3000 rule 5 permit ip source 192.168.10.0 0.0.0.255 rule 10 permit ip source 192.168.20.0 0.0.0.255 rule 15 permit ip source 192.168.30.0 0.0.0.255 rule 20 permit ip source 192.168.40.0 0.0.0.255 rule 25 permit ip source 192.168.50.0 0.0.0.255 rule 30 permit ip source 192.168.60.0 0.0.0.255
#
//配置动态nat
#
interface GigabitEthernet4/0/0ip address 100.1.33.3 255.255.255.0 nat outbound 3000
#
interface GigabitEthernet0/0/2ip address 100.1.11.3 255.255.255.0 nat outbound 3000
#
配置acl使各部门无法互访
SW1
#
acl number 3000rule 5 deny ip source 192.168.20.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
//或者deny ip destination xxx,接口上inbound acl
SW2
#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
SW3
#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW3-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
SW4
#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW4-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
SW5
#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW5-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
SW6
#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.50.0 0.0.0.255
#[SW6-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
优化网络架构
-
SW7、SW8增加cost 使ospf不绕路
SW7
[SW7]int vlan40 [SW7-Vlanif40]ospf cost 10 [SW7-Vlanif40]int vlan 50 [SW7-Vlanif50]ospf cost 10 [SW7-Vlanif50]int vlan 60 [SW7-Vlanif60]ospf cost 10
SW8
//增加cost 使ospf不绕路 [SW8]int vlan10 [SW8-Vlanif10]ospf cost 10 [SW8-Vlanif10]int vlan 20 [SW8-Vlanif20]ospf cost 10 [SW8-Vlanif20]int vlan 30 [SW8-Vlanif30]ospf cost 10
-
SW7、SW8配置根保护
SW7、SW8
[SW7]port-group trunk [SW7-port-group-trunk]stp root-protection
-
SW1~6开启边缘端口保护
SW1~6
[SW1]stp bpdu-protection
这篇关于华为eNSP中型企业局域网网络规划设计(下)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!