当前位置: 首页 > news >正文

华为eNSP中型企业局域网网络规划设计(下)

news 2025/8/16 12:51:22

→b站传送门,感谢大佬←

→华为eNSP中型企业局域网网络规划设计(上)←

→拓扑图传送门,可以自己配置着玩←
在这里插入图片描述

配置ospf

AR3

[AR3]ospf 1 router-id 3.3.3.3
//出口默认路由
[AR3-ospf-1]default-route-advertise always
#area 0.0.0.0 network 100.1.11.3 0.0.0.0 network 100.1.33.3 0.0.0.0 network 192.168.13.3 0.0.0.0 network 192.168.23.3 0.0.0.0 
#

AR1

[AR1]ospf 1 router-id 1.1.1.1
#area 0.0.0.0 network 192.168.12.1 0.0.0.0 network 192.168.13.1 0.0.0.0 network 192.168.77.1 0.0.0.0 network 192.168.87.1 0.0.0.0 network 192.168.91.1 0.0.0.0 
#

AR2

[AR2]ospf 1 router-id 2.2.2.2
#area 0.0.0.0 network 192.168.12.2 0.0.0.0 network 192.168.23.2 0.0.0.0 network 192.168.78.2 0.0.0.0 network 192.168.88.2 0.0.0.0 network 192.168.92.2 0.0.0.0 
#

SW9

[SW9]ospf 1 router-id 9.9.9.9
#area 0.0.0.0network 192.168.91.254 0.0.0.0network 192.168.92.254 0.0.0.0
#area 0.0.0.200network 192.168.200.254 0.0.0.0
#area 0.0.0.201network 192.168.201.254 0.0.0.0
#

SW7

[SW7]ospf 1 router-id 7.7.7.7
#area 0.0.0.0network 192.168.10.7 0.0.0.0network 192.168.20.7 0.0.0.0network 192.168.30.7 0.0.0.0network 192.168.40.7 0.0.0.0network 192.168.50.7 0.0.0.0network 192.168.60.7 0.0.0.0network 192.168.77.7 0.0.0.0network 192.168.78.7 0.0.0.0
#

SW8

[SW8]ospf 1 router-id 8.8.8.8
#area 0.0.0.0network 192.168.10.8 0.0.0.0network 192.168.20.8 0.0.0.0network 192.168.30.8 0.0.0.0network 192.168.40.8 0.0.0.0network 192.168.50.8 0.0.0.0network 192.168.60.8 0.0.0.0network 192.168.87.8 0.0.0.0network 192.168.88.8 0.0.0.0
#

配置出口动态nat

AR3

//配置静态出口路由
[AR3]ip route-static 0.0.0.0 0 100.1.11.5 preference 70
[AR3]ip route-static 0.0.0.0 0 100.1.33.5//访问出口的流量
#
acl number 3000  rule 5 permit ip source 192.168.10.0 0.0.0.255 rule 10 permit ip source 192.168.20.0 0.0.0.255 rule 15 permit ip source 192.168.30.0 0.0.0.255 rule 20 permit ip source 192.168.40.0 0.0.0.255 rule 25 permit ip source 192.168.50.0 0.0.0.255 rule 30 permit ip source 192.168.60.0 0.0.0.255 
#
//配置动态nat
#
interface GigabitEthernet4/0/0ip address 100.1.33.3 255.255.255.0 nat outbound 3000
#
interface GigabitEthernet0/0/2ip address 100.1.11.3 255.255.255.0 nat outbound 3000
#

配置acl使各部门无法互访

SW1

#
acl number 3000rule 5 deny ip source 192.168.20.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
//或者deny ip destination xxx,接口上inbound acl

SW2

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.30.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW2-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW3

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.40.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW3-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW4

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.50.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW4-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW5

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.60.0 0.0.0.255
#[SW5-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

SW6

#
acl number 3000rule 5 deny ip source 192.168.10.0 0.0.0.255rule 10 deny ip source 192.168.20.0 0.0.0.255rule 15 deny ip source 192.168.30.0 0.0.0.255rule 20 deny ip source 192.168.40.0 0.0.0.255rule 25 deny ip source 192.168.50.0 0.0.0.255
#[SW6-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

优化网络架构

  • SW7、SW8增加cost 使ospf不绕路

    SW7

    [SW7]int vlan40
[SW7-Vlanif40]ospf cost 10
[SW7-Vlanif40]int vlan 50
[SW7-Vlanif50]ospf cost 10
[SW7-Vlanif50]int vlan 60
[SW7-Vlanif60]ospf cost 10

    SW8

    //增加cost 使ospf不绕路
[SW8]int vlan10
[SW8-Vlanif10]ospf cost 10
[SW8-Vlanif10]int vlan 20
[SW8-Vlanif20]ospf cost 10
[SW8-Vlanif20]int vlan 30
[SW8-Vlanif30]ospf cost 10

  • SW7、SW8配置根保护

    SW7、SW8

    [SW7]port-group trunk
[SW7-port-group-trunk]stp root-protection

  • SW1~6开启边缘端口保护

    SW1~6

    [SW1]stp bpdu-protection
http://www.lryc.cn/news/346452.html

相关文章:

  • C语言(指针)1
  • perl:用 MIDI::Simple 生成midi文件,用 pygame 播放 mid文件
  • 数据库-脏读
  • react 用合计项
  • IP 地址追踪工具促进有效的 IP 管理
  • 快手蓝V商家电话采集软件操作教程
  • 工业机器人应用实践之玻璃涂胶(篇二)
  • C++ 455. 分发饼干
  • 未来娱乐新地标?气膜球幕影院的多维体验—轻空间
  • 工业机器人应用实践之玻璃涂胶(篇三)
  • 基于Huffman编码的字符串统计及WPL计算
  • 处理VS2022中(C/C++)scanf报错问题(3种)
  • C#面:Session 喜欢丢值且占内存,Cookis不安全,请问 C# 可以用什么办法代替这两种原始的方法
  • Python并发编程 05 锁、同步条件、信号量、线程队列、生产者消费者模型
  • UIKit之UIButton
  • 阿里云VOD视频点播流程(2)
  • 在Ubuntu上搭建幻兽帕鲁服务器
  • Java中常用类String的不可变性详解
  • uniapp 自定义App UrlSchemes
  • MSP430环境搭建
  • 【Qt C++实现蓝牙互联】
  • AI绘画已如此厉害,为何我们仍需学习绘画?
  • Android 实现背景图片不被拉伸的效果 9-patch图片 .9图
  • Java EE/Jakarta EE范畴一览
  • 洛谷 P3391:文艺平衡树 ← Splay树模板题
  • 【高校科研前沿】北师大陈晋教授团队在遥感顶刊发表最新成果:ClearSCD模型:在高空间分辨率遥感影像中综合利用语义和变化关系进行语义变化检测
  • 关于YOLO8学习(五)安卓部署ncnn模型--视频检测
  • 从哪些方面可以看出光伏的未来发展好?
  • VBA_MF系列技术资料1-605
  • 算法题① —— 数组专栏