搜索歷史

清空
搜索熱詞
      0
      • 聊天消息
      • 系統(tǒng)消息
      • 評論與回復(fù)
      VIP于 到期 續(xù)費
      登錄后你可以
      • 下載海量資料
      • 學習在線課程
      • 觀看技術(shù)視頻
      • 寫文章/發(fā)帖/加入社區(qū)
      會員中心
      創(chuàng)作中心
      發(fā)布
      創(chuàng)作活動

      完善資料讓更多小伙伴認識你,還能領(lǐng)取20積分哦,立即完善>

      3天內(nèi)不再提示

      如何使用華為ensp模擬器設(shè)計實現(xiàn)企業(yè)網(wǎng)絡(luò)?

      jf_HnAzBl9o ? 來源:網(wǎng)絡(luò)工程師筆記 ? 2023-03-29 09:32 ? 次閱讀

      本次實驗在華為ensp模擬器具體實現(xiàn)。

      拓撲圖

      b25e6da4-cdc5-11ed-bfe3-dac502259ad0.png

      網(wǎng)段劃分

      區(qū)域 VLAN 網(wǎng)段
      技術(shù)部 VLAN 10 192.168.10.0/24
      人事部 VLAN 20 192.168.20.0/24
      財務(wù)部 VLAN 30 192.168.30.0/24
      領(lǐng)導(dǎo)部門 VLAN 40 192.168.40.0/24
      來訪客戶 VLAN 100 192.168.100.0/24
      服務(wù)器DMZ VLAN 90 192.138.90.0/24

      辦公區(qū)

      VLAN+端口配置(二層)

      LSW1

      vlanbatch10

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan10

inte0/0/10
portlink-typeaccess
portdefaultvlan10

      LSW2

      vlanbatch20

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan20

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

inte0/0/10
portlink-typeaccess
portdefaultvlan20

      LSW3

      vlanbatch30

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan30

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan30

inte0/0/10
portlink-typeaccess
portdefaultvlan30

      LSW4

      vlanbatch40

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan40

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan40

inte0/0/10
portlink-typeaccess
portdefaultvlan40

      H_SW1

      vlanbatch10203040

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

intg0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

intg0/0/3
portlink-typetrunk
porttrunkallow-passvlan30

intg0/0/4
portlink-typetrunk
porttrunkallow-passvlan40

      H_SW2

      vlanbatch10203040

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

intg0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

intg0/0/3
portlink-typetrunk
porttrunkallow-passvlan30

intg0/0/4
portlink-typetrunk
porttrunkallow-passvlan40

      無線網(wǎng)絡(luò)配置

      H_SW1

      vlanbatch1001000

intg0/0/5
portlink-typetrunk
porttrunkallow-passvlanall

intg0/0/6
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable
intvlanif100
ipadd192.168.100.124
dhcpselectinterface
dhcpserverdns-list8.8.8.8

      H_SW2

      vlanbatch1001000

intg0/0/5
portlink-typetrunk
porttrunkallow-passvlanall

intg0/0/6
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable

      LSW5

      vlanbatch1001000

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlanall

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlanall

inte0/0/10
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable

      LSW6

      vlanbatch1001000

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan1001000

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan1001000

inte0/0/10
portlink-typetrunk
porttrunkallow-passvlan1001000
porttrunkpvidvlan1000

dhcpenable

      AC

      utm
sys
sysnameAC

vlanbatch1001000

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable
intvlanif1000
ipadd192.168.101.124
dhcpselectinterface

capwapsourceinterfaceVlanif1000

wlan
ap-groupnameap-group1
regulatory-domain-profiledefault
y
quit

apauth-modemac-auth

ap-id0ap-mac00e0-fc25-3910
ap-namearea_1
ap-groupap-group1
y
quit

security-profilenameWLAN
securitywpa-wpa2pskpass-phrasea1234567aes
quit

ssid-profilenameWLAN
ssidWLAN
quit

vap-profilenameWLAN
forward-modedirect-forward
service-vlanvlan-id100
security-profileWLAN
ssid-profileWLAN
quit

ap-groupnameap-group1
vap-profileWLANwlan1radio0
vap-profileWLANwlan1radio1

      DHCP配置

      H_SW1

      dhcpenable
ippoolvlan10
gateway-list192.168.10.254
network192.168.10.0mask24
excluded-ip-address192.168.10.1192.168.10.10
excluded-ip-address192.168.10.150192.168.10.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan20
gateway-list192.168.20.254
network192.168.20.0mask255.255.255.0
excluded-ip-address192.168.20.1192.168.20.10
excluded-ip-address192.168.20.150192.168.20.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan30
gateway-list192.168.30.254
network192.168.30.0mask255.255.255.0
excluded-ip-address192.168.30.1192.168.30.10
excluded-ip-address192.168.30.150192.168.30.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan40
gateway-list192.168.40.254
network192.168.40.0mask255.255.255.0
excluded-ip-address192.168.40.1192.168.40.10
excluded-ip-address192.168.40.150192.168.40.253
dns-list8.8.8.8
domain-nameblue.com

intvlanif10
ipadd192.168.10.1255.255.255.0
dhcpselectglobal

intvlanif20
ipadd192.168.20.1255.255.255.0
dhcpselectglobal

intvlanif30
ipadd192.168.30.1255.255.255.0
dhcpselectglobal

intvlanif40
ipadd192.168.40.1255.255.255.0
dhcpselectglobal

      H_SW2

      dhcpenable
ippoolvlan10
gateway-list192.168.10.254
network192.168.10.0mask255.255.255.0
excluded-ip-address192.168.10.1192.168.10.149
excluded-ip-address192.168.10.250192.168.10.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan20
gateway-list192.168.20.254
network192.168.20.0mask255.255.255.0
excluded-ip-address192.168.20.1192.168.20.149
excluded-ip-address192.168.20.250192.168.20.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan30
gateway-list192.168.30.254
network192.168.30.0mask255.255.255.0
excluded-ip-address192.168.30.1192.168.30.149
excluded-ip-address192.168.30.250192.168.30.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan40
gateway-list192.168.40.254
network192.168.40.0mask255.255.255.0
excluded-ip-address192.168.40.1192.168.40.149
excluded-ip-address192.168.40.250192.168.40.253
dns-list8.8.8.8
domain-nameblue.com

interfaceVlanif10
ipaddress192.168.10.2255.255.255.0
dhcpselectglobal

interfaceVlanif20
ipaddress192.168.20.2255.255.255.0
dhcpselectglobal

interfaceVlanif30
ipaddress192.168.30.2255.255.255.0
dhcpselectglobal

interfaceVlanif40
ipaddress192.168.40.2255.255.255.0
dhcpselectglobal

      在IP地址池創(chuàng)建的過程中,使用了excluded-ip-address命令,使得在主備交換機切換時分配的地址池相互排除,防止主備交換機切換后出現(xiàn)IP地址分配沖突導(dǎo)致網(wǎng)絡(luò)故障。

      VRRP配置

      H_SW1

      intvlanif10
vrrpvrid10virtual-ip192.168.10.254
vrrpvrid10priority105

intvlanif20
vrrpvrid20virtual-ip192.168.20.254
vrrpvrid20priority105

intvlanif30
vrrpvrid30virtual-ip192.168.30.254

intvlanif40
vrrpvrid40virtual-ip192.168.40.254

      H_SW2

      intvlanif10
vrrpvrid10virtual-ip192.168.10.254

intvlanif20
vrrpvrid20virtual-ip192.168.20.254

intvlanif30
vrrpvrid30virtual-ip192.168.30.254
vrrpvrid30priority105

intvlanif40
vrrpvrid40virtual-ip192.168.40.254
vrrpvrid40priority105

      STP配置

      LSW1

      stpregion-configuration
region-nameBlue_mstp
revision-level1
instance10vlan10
activeregion-configuration

inte0/0/10
stpedged-portenable

      LSW2

      stpregion-configuration
region-nameBlue_mstp
revision-level1
instance10vlan10
activeregion-configuration

inte0/0/10
stpedged-portenable

      LSW3

      stpregion-configuration
region-nameBlue_mstp
revision-level1
instance30vlan30
activeregion-configuration
quit

inte0/0/10
stpedged-portenable

      LSW4

      stpregion-configuration
region-nameBlue_mstp
revision-level1
instance40vlan40
activeregion-configuration

inte0/0/10
stpedged-portenable

      H_SW1

      stpinstance12rootprimary
stpinstance34rootsecondary
stpregion-configuration
region-nameBlue_mstp
revision-level1
instance12vlan1020
instance34vlan3040
activeregion-configuration

intg0/0/11
stpdisable
intg0/0/12
stpdisable

      H_SW2

      stpinstance12rootsecondary
stpinstance34rootprimary
stpregion-configuration
region-nameBlue_mstp
revision-level1
instance12vlan1020
instance34vlan3040
activeregion-configuration

intg0/0/11
stpdisable
intg0/0/12
stpdisable

      ACL配置

      H_SW1

      aclnumber3002
rule5denyipsource192.168.100.00.0.0.255destination192.168.0.00.0.255.255

intg0/0/5
traffic-filterinboundacl3002

      H_SW2

      aclnumber3002
rule5denyipsource192.168.100.00.0.0.255destination192.168.0.00.0.255.255

intg0/0/5
traffic-filterinboundacl3002

      LACP配置

      LACP鏈路聚合,鏈路聚合的原理是將一組相同屬性的物理接口捆綁在一起為一個邏輯接口來增加帶寬和可靠性的一種方法。有以下優(yōu)勢:
      增加帶寬、提高冗余(提高可靠性)、負載分擔、節(jié)省成本、配置量小
      1.增加帶寬:鏈路聚合接口的最大帶寬可以達到各個成員接口帶寬之和。
      2提高冗余:當某條路線出現(xiàn)故障的時候,流量可以切到其他可用的成員鏈路上。流量會切到其他可用鏈路上,從而提高鏈路聚合接口的冗余性。并不會影響數(shù)據(jù)的傳輸,相對來說也具有穩(wěn)定性。
      3負載分擔:在一個鏈路聚合組內(nèi),可以實現(xiàn)在各成員活動鏈路上的負載分擔。
      4節(jié)省成本:管理員不需要升級鏈路速度,對已有的接口進行捆綁。
      5配置量小:大部分的配置在組Eth-Trunk下完成。
      主要的優(yōu)勢是能增加帶寬、提高可靠性和負載分擔。

      H_SW1

      lacppriority100

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/13
eth-trunk1
lacppriority100
intg0/0/14
eth-trunk1

      H_SW2

      inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/13
eth-trunk1
intg0/0/14
eth-trunk1

      OSPF配置

      LSW1

      intloopback0
ipadd192.168.1.132

      LSW2

      interfaceLoopBack0
ipaddress192.168.2.2255.255.255.255

      LSW3

      interfaceLoopBack0
ipaddress192.168.3.3255.255.255.255

      LSW4

      interfaceLoopBack0
ipaddress192.168.4.4255.255.255.255

      H_SW1

      intloopback0
ipadd192.168.5.532

ospf10router-id192.168.5.5
silent-interfaceVlanif10
silent-interfaceVlanif20
silent-interfaceVlanif30
silent-interfaceVlanif40
area0
network192.168.5.50.0.0.0
network192.168.10.10.0.0.0
network192.168.20.10.0.0.0
network192.168.30.10.0.0.0
network192.168.40.10.0.0.0
network192.168.25.50.0.0.0
network192.168.35.50.0.0.0
network192.168.100.10.0.0.0

      H_SW2

      interfaceLoopBack0
ipaddress192.168.6.6255.255.255.255

ospf10router-id192.168.6.6
silent-interfaceVlanif10
silent-interfaceVlanif20
silent-interfaceVlanif30
silent-interfaceVlanif40
area0.0.0.0
network192.168.6.60.0.0.0
network192.168.10.20.0.0.0
network192.168.20.20.0.0.0
network192.168.30.20.0.0.0
network192.168.40.20.0.0.0
network192.168.24.60.0.0.0
network192.168.36.60.0.0.0
network192.168.100.20.0.0.0

      核心層

      VLAN劃分+配置端口

      核心交換機

      C_SW1

      vlanbatch22to25

intg0/0/1
portlink-typeaccess
portdefaultvlan25
stpdisable

intg0/0/2
portlink-typeaccess
portdefaultvlan24
stpdisable

intg0/0/11
portlink-typeaccess
portdefaultvlan22
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan23
stpdisable


interfaceVlanif22
ipaddress192.168.22.7255.255.255.0

interfaceVlanif23
ipaddress192.168.23.7255.255.255.0

interfaceVlanif24
ipaddress192.168.24.7255.255.255.0

interfaceVlanif25
ipaddress192.168.25.7255.255.255.0

      C_SW2

      vlanbatch33to364455

intg0/0/1
portlink-typeaccess
portdefaultvlan35
stpdisable

intg0/0/2
portlink-typeaccess
portdefaultvlan36
stpdisable

intg0/0/11
portlink-typeaccess
portdefaultvlan34
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan33
stpdisable


interfaceVlanif33
ipaddress192.168.33.8255.255.255.0

interfaceVlanif34
ipaddress192.168.34.8255.255.255.0

interfaceVlanif35
ipaddress192.168.35.8255.255.255.0

interfaceVlanif36
ipaddress192.168.36.8255.255.255.0

interfaceVlanif44
ipaddress192.168.44.8255.255.255.0

interfaceVlanif55
ipaddress192.168.55.8255.255.255.0

      匯聚層連接核心交換機

      H_SW1

      vlanbatch2535

intg0/0/11
portlink-typeaccess
portdefaultvlan25
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan35
stpdisable


intvlanif25
ipadd192.168.25.524

intvlanif35
ipadd192.168.35.524

      H_SW2

      vlanbatch2436

intg0/0/11
portlink-typeaccess
portdefaultvlan24
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan36
stpdisable


intvlanif24
ipadd192.168.24.624

intvlanif36
ipadd192.168.36.624

      STP配置

      C_SW1

      intg0/0/1
stpdisable

intg0/0/2
stpdisable

intg0/0/11
stpdisable

intg0/0/12
stpdisable

      C_SW2

      intg0/0/1
stpdisable

intg0/0/2
stpdisable

intg0/0/11
stpdisable

intg0/0/12
stpdisable

      LACP鏈路聚合

      C_SW1

      lacppriority100

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/3
eth-trunk1
lacppriority100
intg0/0/4
eth-trunk1

      C_SW2

      inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/3
eth-trunk1
intg0/0/4
eth-trunk1

      OSPF配置

      C_SW1

      interfaceLoopBack0
ipaddress192.168.7.7255.255.255.255

ospf10router-id192.168.7.7
area0.0.0.0
network192.168.7.70.0.0.0
network192.168.22.70.0.0.0
network192.168.23.70.0.0.0
network192.168.44.70.0.0.0
network192.168.55.70.0.0.0
network192.168.24.70.0.0.0
network192.168.25.70.0.0.0

      C_SW2

      interfaceLoopBack0
ipaddress192.168.8.8255.255.255.255

ospf10router-id192.168.8.8
area0.0.0.0
network192.168.8.80.0.0.0
network192.168.33.80.0.0.0
network192.168.34.80.0.0.0
network192.168.35.80.0.0.0
network192.168.36.80.0.0.0
network192.168.44.80.0.0.0
network192.168.55.80.0.0.0

      防火墻

      基本配置

      FW1

      用戶名:admin
原始密碼:Admin@123
密碼:P@ssw0rd
新密碼:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW1

#配置連接防火墻web的接口,IP為虛擬網(wǎng)絡(luò)對應(yīng)網(wǎng)段的地址
intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.224
service-manageallpermit

      FW2

      用戶名:admin
原始密碼:Admin@123
密碼:P@ssw0rd
新密碼:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW2

intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.324
service-manageallpermit

      規(guī)劃網(wǎng)段

      FW1

      intg1/0/0
undoshutdown
ipadd192.168.90.1255.255.255.0

intg1/0/1
undoshutdown
ipadd192.168.22.1255.255.255.0
service-manageallpermit

intg1/0/2
undoshutdown
ipadd192.168.34.1255.255.255.0

intg1/0/3
undoshutdown

intg1/0/4
undoshutdown

intg1/0/5
undoshutdown
ipaddress100.100.100.1255.255.255.0
service-managepingpermit

intg1/0/6
undoshutdown
ipadd200.200.200.1255.255.255.0
service-managepingpermit

      FW2

      intg1/0/0
undoshutdown
ipadd192.168.90.2255.255.255.0

intg1/0/1
undoshutdown
ipadd192.168.23.1255.255.255.0
service-manageallpermit

intg1/0/2
undoshutdown
ipadd192.168.33.1255.255.255.0

intg1/0/3
undoshutdown

intg1/0/4
undoshutdown

intg1/0/5
undoshutdown
ipaddress100.100.100.2255.255.255.0
service-managepingpermit

intg1/0/6
undoshutdown
ipadd200.200.200.2255.255.255.0

      LACP鏈路聚合

      FW1

      inteth-trunk2
ipadd192.168.2.1255.255.255.0
modelacp-static

intg1/0/3
eth-trunk2
intg1/0/4
eth-trunk2

      FW2

      inteth-trunk2
ipadd192.168.2.2255.255.255.0
modelacp-static

intg1/0/3
eth-trunk2
intg1/0/4
eth-trunk2

      規(guī)劃安全區(qū)域

      根據(jù)拓撲,將接口劃入對應(yīng)的安全區(qū)域

      注意:兩個防火墻之間的心跳接口要必須放進信任區(qū)域

      FW1

      firewallzonetrust
addintg1/0/1
addintg1/0/2

firewallzonedmz
addintg1/0/0

firewallzonenameheartid4
setpriority75
addinteth-trunk2

firewallzonenameISP1id5
setpriority20
addintg1/0/5

firewallzonenameISP2id6
setpriority15
addintg1/0/6

      FW2

      firewallzonetrust
addintg1/0/1
addintg1/0/2

firewallzonedmz
addintg1/0/0

firewallzonenameheartid4
setpriority75
addinteth-trunk2

firewallzonenameISP1id5
setpriority15
addintg1/0/5

firewallzonenameISP2id6
setpriority20
addintg1/0/6

      指定鏈路接口組名稱

      FW1

      ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

      FW2

      ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

      安全策略精要

      BGP、BFD、DHCP、DHCPv6、LDP和OSPF是否受安全策略控制,由基礎(chǔ)協(xié)議控制開關(guān)(firewall packet-filter basic-protocol enable)決定。

      FW1

      firewallpacket-filterbasic-protocolenable

firewalldefendport-scanenable
firewalldefendip-sweepenable
firewalldefendteardropenable
firewalldefendtime-stampenable
firewalldefendroute-recordenable
firewalldefendsource-routeenable
firewalldefendip-fragmentenable
firewalldefendtcp-flagenable
firewalldefendwinnukeenable
firewalldefendfraggleenable
firewalldefendtracertenable
firewalldefendicmp-unreachableenable
firewalldefendicmp-redirectenable
firewalldefendlarge-icmpenable
firewalldefendping-of-deathenable
firewalldefendsmurfenable
firewalldefendlandenable
firewalldefendip-spoofingenable

      FW2

      firewallpacket-filterbasic-protocolenable

firewalldefendport-scanenable
firewalldefendip-sweepenable
firewalldefendteardropenable
firewalldefendtime-stampenable
firewalldefendroute-recordenable
firewalldefendsource-routeenable
firewalldefendip-fragmentenable
firewalldefendtcp-flagenable
firewalldefendwinnukeenable
firewalldefendfraggleenable
firewalldefendtracertenable
firewalldefendicmp-unreachableenable
firewalldefendicmp-redirectenable
firewalldefendlarge-icmpenable
firewalldefendping-of-deathenable
firewalldefendsmurfenable
firewalldefendlandenable
firewalldefendip-spoofingenable

      安全策略配置

      FW1

      security-policy

#管理區(qū)
rulenameTrust_Local
descriptionManagement
source-zonetrust
destination-zonelocal
actionpermit

      FW2

      security-policy

#管理區(qū)
rulenameTrust_Local
descriptionManagement
source-zonetrust
destination-zonelocal
actionpermit

      配置IP-link

      FW1

      ip-linkcheckenable
ip-linknameisp1
destination100.100.100.100interfaceGigabitEthernet1/0/5modeicmp
ip-linknameisp2
destination200.200.200.200interfaceGigabitEthernet1/0/6modeicmp

#安全策略配置
security-policy
rulenameLocal_ISP
descriptionip-link
source-zonelocal
destination-zoneISP1
destination-zoneISP2
actionpermit

      FW2

      ip-linkcheckenable
ip-linknameisp1
destination100.100.100.100interfaceGigabitEthernet1/0/5modeicmp
ip-linknameisp2
destination200.200.200.200interfaceGigabitEthernet1/0/6modeicmp

#安全策略配置
security-policy
rulenameLocal_ISP
descriptionip-link
source-zonelocal
destination-zoneISP1
destination-zoneISP2
actionpermit

      配置靜態(tài)路由

      FW1

      iproute-static0.0.0.00.0.0.0100.100.100.100preference50trackip-linkisp1
iproute-static0.0.0.00.0.0.0200.200.200.200preference50
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/5100.100.100.100
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/6200.200.200.200
iproute-static10.20.100.0255.255.255.0NULL0

      FW2

      iproute-static0.0.0.00.0.0.0100.100.100.100
iproute-static0.0.0.00.0.0.0200.200.200.200preference50
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/5100.100.100.100
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/6200.200.200.200
iproute-static10.20.100.0255.255.255.0NULL0

      配置OSPF動態(tài)路由

      步驟一:配置動態(tài)路由

      FW1

      interfaceLoopBack0
ipaddress192.168.11.11255.255.255.255

ospf10router-id192.168.11.11
default-route-advertise
area0.0.0.0
network192.168.11.110.0.0.0
network192.168.22.10.0.0.0
network192.168.34.10.0.0.0 
network192.168.90.10.0.0.0

      FW2

      interfaceLoopBack0
ipaddress192.168.22.22255.255.255.255

ospf10router-id192.168.22.22
default-route-advertise
area0.0.0.0
network192.168.22.220.0.0.0
network192.168.23.10.0.0.0
network192.168.33.10.0.0.0
network192.168.90.20.0.0.0

      步驟二:配置安全策略

      FW1

      security-policy
rulenameLocal_Trust
descriptionOSPF
source-zonelocal
destination-zonetrust
actionpermit

      FW2

      security-policy
rulenameLocal_Trust
descriptionOSPF
source-zonelocal
destination-zonetrust
actionpermit

      雙機熱備

      步驟1:配置VRRP備份組

      主設(shè)備:FW1

      intg1/0/5
vrrpvrid1virtual-ip100.100.100.5active
vrrpvirtual-macenable

intg1/0/6
vrrpvrid2virtual-ip200.200.200.5standby
vrrpvirtual-macenable

      備份設(shè)備:FW2

      intg1/0/5
vrrpvrid1virtual-ip100.100.100.5standby
vrrpvirtual-macenable

intg1/0/6
vrrpvrid2virtual-ip200.200.200.5active
vrrpvirtual-macenable

      步驟2:開啟HRP協(xié)議,并配置心跳接口和會話備份功能

      FW1

      hrpenable
hrpinteth-trunk2remote192.168.2.2
hrpmirrorsessionenable
hrpstandbyconfigenable

      FW2

      hrpenable
hrpinteth-trunk2remote192.168.2.1
hrpmirrorsessionenable
hrpstandbyconfigenable

      步驟3:配置安全策列

      是內(nèi)網(wǎng)用戶可以訪問服務(wù)器和外網(wǎng)用戶;外網(wǎng)用戶只能訪問服務(wù)器。
      注意:只需要配置Master即可,Backup設(shè)備不用配置,配置命令會自動從主設(shè)備備份到備份設(shè)備。

      FW1

      security-policy
rulenameheart
source-zoneheart
source-zonelocal
destination-zoneheart
destination-zonelocal
actionpermit

      FW2

      security-policy
defaultactionpermit
rulenameheart
source-zoneheart
source-zonelocal
destination-zoneheart
destination-zonelocal
actionpermit

      NAT配置

      定義轉(zhuǎn)換的IP地址范圍

      FW1

      ipaddress-setWeb_IPtypeobject
address0100.100.100.5mask32
address1200.200.200.5mask32
ipaddress-setPCtypeobject
address0192.168.10.0mask24
address1192.168.20.0mask24
address2192.168.30.0mask24
address 3 192.168.40.0 mask 24 來源:網(wǎng)絡(luò)技術(shù)干貨

      FW2

      ipaddress-setWeb_IPtypeobject
address0100.100.100.5mask32
address1200.200.200.5mask32
ipaddress-setPCtypeobject
address0192.168.10.0mask24
address1192.168.20.0mask24
address2192.168.30.0mask24
address3192.168.40.0mask24

      配置安全策略

      FW1

      security-policy
rulenameTrust_ISP
descriptionNAT
source-zonetrust
destination-zoneISP1
destination-zoneISP2
source-addressaddress-setPC
actionpermit

      FW2

      security-policy
rulenameTrust_ISP
descriptionNAT
source-zonetrust
destination-zoneISP1
destination-zoneISP2
source-addressaddress-setPC
actionpermit

      配置NAT策略

      FW1

      nataddress-groupisp10
modepat
section0100.100.100.1100.100.100.2

nataddress-groupisp21
modepat
section0200.200.200.1200.200.200.2

nat-policy
rulenameNO_NAT_ISP1
source-zonetrust
destination-zoneISP1
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNO_NAT_ISP2
source-zonetrust
destination-zoneISP2
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNAT_ISP1
source-zonetrust
destination-zoneISP1
actionsource-nataddress-groupisp1
rulenameNAT_ISP2
source-zonetrust
destination-zoneISP2
actionsource-nataddress-groupisp2

      FW2

      nataddress-groupisp10
modepat
section0100.100.100.1100.100.100.2

nataddress-groupisp21
modepat
section0200.200.200.1200.200.200.2

nat-policy
rulenameNO_NAT_ISP1
source-zonetrust
destination-zoneISP1
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNO_NAT_ISP2
source-zonetrust
destination-zoneISP2
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNAT_ISP1
source-zonetrust
destination-zoneISP1
actionsource-nataddress-groupisp1
rulenameNAT_ISP2
source-zonetrust
destination-zoneISP2
actionsource-nataddress-groupisp2

      SNMP配置

      FW1

      snmp-agentsession-ratetrapthreshold100

      FW2

      snmp-agentsession-ratetrapthreshold100

      IPsec配置

      步驟一:配置ACL

      FW1

      aclnumber3000
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255
aclnumber3001
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255

      FW2

      aclnumber3000
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255
aclnumber3001
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255

      步驟二:配置IPsec proposal

      這是IKE階段二的策略,在階段二的策略中安全協(xié)議采用ESP,加密算法使用aes-256,驗證算法使用sha2-256

      FW1

      ipsecproposalprop23101638529
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101639469
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

      FW2

      ipsecproposalprop23101638529
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101639469
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

      步驟三:配置IKE proposal

      配置IKE Proposal,這是IKE階段一的策略,在FW1/FW2上部署的相關(guān)策略均需與FW3相匹配。IKE階段一的策略中,身份驗證使用的是預(yù)共享的認證方式,驗證算法使用的是sha2-256,加密算法使用aes-256

      FW1

      ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

      FW2

      ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

      步驟四:配置IKE peer

      定義預(yù)共享秘鑰、關(guān)聯(lián)IKE proposal并指定隧道對端節(jié)點IP

      FW1

      ikepeerike231016385293
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idC1
dpdtypeperiodic
ikenegotiatecompatible
ikepeerike231016394699
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idc2
dpdtypeperiodic
ikenegotiatecompatible

      FW2

      ikepeerike231016385293
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idC1
dpdtypeperiodic
ikenegotiatecompatible
ikepeerike231016394699
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idC2
dpdtypeperiodic
ikenegotiatecompatible

      步驟五:配置IPsec Policy

      創(chuàng)建ipsec policy,綁定ipsec proposal、Ike peer、ACL感興趣流、配置本地站點地址。

      FW1

      ipsecpolicy-templatetpl2310163852931
securityacl3000
ike-peerike231016385293
proposalprop23101638529
tunnellocal100.100.100.5
aliasIPsec-1
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicy-templatetpl2310163946991
securityacl3001
ike-peerike231016394699
proposalprop23101639469
tunnellocal200.200.200.5
aliasIPsec-2
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec231016385210000isakmptemplatetpl231016385293
ipsecpolicyipsec231016394610000isakmptemplatetpl231016394699

      FW2

      ipsecpolicy-templatetpl2310163852931
securityacl3000
ike-peerike231016385293
proposalprop23101638529
tunnellocal100.100.100.5
aliasIPsec-1
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic
ipsecpolicy-templatetpl2310163946991
securityacl3001
ike-peerike231016394699
proposalprop23101639469
tunnellocal200.200.200.5
aliasIPsec-2
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec231016385210000isakmptemplatetpl231016385293
ipsecpolicyipsec231016394610000isakmptemplatetpl231016394699

      步驟六:應(yīng)用IPsec Policy到接口

      FW1

      intg1/0/5
ipsecpolicyipsec2310163852master

intg1/0/6
ipsecpolicyipsec2310163946slave

      FW2

      intg1/0/5
ipsecpolicyipsec2310163852slave

intg1/0/6
ipsecpolicyipsec2310163946master

      步驟七:配置策略

      FW1

      #基于策略路由
policy-based-route
rulenameTrust_DMZ1
source-zonetrust
destination-addressaddress-setWeb_IP
actionpbrnext-hop192.168.90.3
rulenameISP12
source-zonetrust
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/5next-hop100.100.100.100
rulenameISP23
source-zonetrust
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/6next-hop200.200.200.200

#安全策略配置
security-policy
rulenameISP_Local
descriptionIPSec
source-zoneISP1
source-zoneISP2
destination-zonelocal
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit
rulenameISP_Trust
descriptionVPN
source-zoneISP1
source-zoneISP2
destination-zonetrust
destination-address192.168.0.0mask255.255.0.0
actionpermit

      FW2

      #基于策略路由
policy-based-route
rulenameTrust_DMZ1
source-zonetrust
destination-addressaddress-setWeb_IP
actionpbrnext-hop192.168.90.3
rulenameISP12
source-zonetrust
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/5next-hop100.100.100.100
rulenameISP23
source-zonetrust
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/6next-hop200.200.200.200

#安全策略配置
security-policy
rulenameISP_Local
descriptionIPSec
source-zoneISP1
source-zoneISP2
destination-zonelocal
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit
rulenameISP_Trust
descriptionVPN
source-zoneISP1
source-zoneISP2
destination-zonetrust
destination-address192.168.0.0mask255.255.0.0
actionpermit

      L2TP配置

      打開防火墻的web界面,依次選擇 對象->用戶->default,然后新建一個用于登錄L2TP VPN的用戶,再點擊應(yīng)用。

      FW1

      l2tpenable

aaa
service-schemewebServerScheme1649076535499
quit
domaindefault
service-schemewebServerScheme1649076535499
service-typel2tpike
internet-accessmodepassword
referenceusercurrent-domain
manager-userpassword-modifyenable
manager-useraudit-admin
passwordcipherBlue@123
service-typewebterminal
level15

l2tp-group1
tunnelpasswordcipherblue@123
tunnelnameLNS
allowl2tpvirtual-template1remoteL2TP-Clientdomaindefault

interfaceVirtual-Template0
pppauthentication-modechap
y
remoteaddress172.16.1.10
ipaddress172.16.1.1255.255.255.0
service-managepingpermit

      路由配置

      接口配置地址

      ISP

      intg0/0/1
ipadd10.10.100.324

intg0/0/2
ipadd10.10.200.324

intg0/0/3
ipadd150.150.150.124

inte0/0/0
ipadd8.8.8.124

inte0/0/1
ipadd192.168.94.5024

      ISP_1

      intg0/0/1
ipadd100.100.100.10024

intg0/0/2
ipadd10.10.100.124

      ISP_2

      intg0/0/1
ipadd200.200.200.20024

intg0/0/2
ipadd10.10.200.224

      配置IS-IS

      ISP

      intloopback0
ipadd3.3.3.332

isis26
network-entity49.0010.0030.0300.3003.00
is-levellevel-2
cost-stylewide
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intg0/0/3
isisenable26

inte0/0/0
isisenable26

inte0/0/1
isisenable26

intloopback0
isisenable26

      ISP_1

      intloopback0
ipadd1.1.1.132

isis26
is-levellevel-2
cost-stylewide
network-entity49.0010.0010.0100.1001.00
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intloopback0
isisenable26

      ISP_2

      intloopback0
ipadd2.2.2.232

isis26
is-levellevel-2
cost-stylewide
network-entity49.0010.0020.0200.2002.00
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intloopback0
isisenable26

      公司配置

      防火墻

      初始化配置

      用戶名:admin
原始密碼:Admin@123
密碼:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW3

intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.424
service-manageallpermit

      規(guī)劃網(wǎng)段

      intg1/0/0
undoshutdown
ipadd150.150.150.150255.255.255.0
service-managepingpermit

intg1/0/1
undoshutdown
ipadd10.20.100.254255.255.255.0
service-managepingpermit

#創(chuàng)建Tunnel接口并綁定接口
intTunnel1
ipaddunnumberedintg1/0/0
aliasTunnel1
service-managepingpermit

intTunnel2
ipaddunnumberedintg1/0/0
aliasTunnel2
service-managepingpermit

      規(guī)劃安全區(qū)域

      firewallzonetrust
addinterfaceGigabitEthernet1/0/1

firewallzoneuntrust
addinterfaceGigabitEthernet1/0/0
addinterfaceTunnel1
addinterfaceTunnel2

      指定鏈路接口組名稱

      ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

      安全策略配置

      #基礎(chǔ)協(xié)議控制開關(guān)
firewallpacket-filterbasic-protocolenable

#安全策略
security-policy
rulenameTrust_Untrust
source-zonetrust
destination-zoneuntrust
actionpermit

      配置IP-Link

      ip-linkcheckenable

ip-linknamelink_100
destination100.100.100.5interfaceGigabitEthernet1/0/1modeicmp

ip-linknamelink_200
destination200.200.200.5interfaceGigabitEthernet1/0/1modeicmp

      配置靜態(tài)路由

      iproute-static0.0.0.00.0.0.0150.150.150.1
iproute-static192.168.0.0255.255.0.0NULL0
iproute-static192.168.10.0255.255.255.0Tunnel1preference10trackip-linklink_100
iproute-static192.168.10.0255.255.255.0Tunnel2preference20
iproute-static192.168.20.0255.255.255.0Tunnel1preference10trackip-linklink_100
iproute-static192.168.20.0255.255.255.0Tunnel2preference20
iproute-static192.168.30.0255.255.255.0Tunnel2preference10trackip-linklink_200
iproute-static192.168.30.0255.255.255.0Tunnel1preference20
iproute-static192.168.40.0255.255.255.0Tunnel2preference10trackip-linklink_200
iproute-static192.168.40.0255.255.255.0Tunnel1preference20

      NAT配置

      #配置NAT策略
nat-policy
rulenameNO_NAT
source-zonetrust
destination-zoneuntrust
source-address10.20.100.0mask255.255.255.0
destination-address192.168.0.0mask255.255.0.0
actionno-nat
rulenameNAT
source-zonetrust
destination-zoneuntrust
actionsource-nateasy-ip

      配置IPSec VPN

      步驟一:配置ACL

      aclnumber3000
rule5permitipsource10.20.100.00.0.0.255destination192.168.0.00.0.255.255

aclnumber3001
rule5permitipsource10.20.100.00.0.0.255destination192.168.0.00.0.255.255

      步驟二:配置IPSec proposal

      ipsecproposalprop23101712198
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101713129
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

      步驟三:配置IKE proposal

      ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

      步驟四:配置IKE peer

      ikepeerike231017121983
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idBr1
dpdtypeperiodic
remote-address100.100.100.5
ikepeerike231017131292
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idBr2
dpdtypeperiodic
remote-address200.200.200.5

      步驟五:配置IPSec Policy

      ipsecpolicyipsec23101712191isakmp
securityacl3000
ike-peerike231017121983
proposalprop23101712198
tunnellocalapplied-interface
aliasIPSec-1
satrigger-modeauto
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec23101713121isakmp
securityacl3001
ike-peerike231017131292
proposalprop23101713129
tunnellocalapplied-interface
aliasIPSec-2
satrigger-modeauto
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

      步驟六:應(yīng)用IPSec Policy到接口

      intTunnel1
tunnel-protocolipsec
ipsecpolicyipsec2310171219

intTunnel2
tunnel-protocolipsec
ipsecpolicyipsec2310171312

      步驟七:配置策略

      security-policy
rulenameLocal_Untrust
descriptionIPSECUPD500
source-zonelocal
destination-zoneuntrust
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit

rulenameUntrust_Local
descriptionIPSec_esp
source-zoneuntrust
destination-zonelocal
source-address100.100.100.5mask255.255.255.255
source-address200.200.200.5mask255.255.255.255
actionpermit

rulenameUntrust_Trust
descriptionVPN
source-zoneuntrust
destination-zonetrust
source-address192.168.0.0mask255.255.0.0
destination-address10.20.100.0mask255.255.255.0
actionpermit

      服務(wù)區(qū)域DMZ

      VLAN+端口配置

      LSW9

      vlanbatch90
intvlanif90
ipaddress192.168.90.3255.255.255.0

intg0/0/11
portlink-typeaccess
portdefaultvlan90

intg0/0/12
portlink-typeaccess
portdefaultvlan90

intg0/0/13
portlink-typeaccess
portdefaultvlan90

intg0/0/1
portlink-typeaccess
portdefaultvlan90

intg0/0/2
portlink-typeaccess
portdefaultvlan90

      ospf配置

      LSW9

      intloopback0
ipadd192.168.9.932

ospf10router-id192.168.9.9
default-route-advertise
area0.0.0.0
network192.168.9.90.0.0.0
network192.168.90.30.0.0.0

      安全策略配置

      FW1

      #外網(wǎng)訪問服務(wù)、防火墻到服務(wù)器、內(nèi)網(wǎng)訪問服務(wù)

      security-policy
rulenameISP_DMZ
descriptionWWW
source-zoneISP1
source-zoneISP2
destination-zonedmz
destination-addressaddress-setWeb_IP
servicedns
serviceftp
servicehttp
serviceicmp
long-linkenable
long-linkaging-time10
actionpermit

rulenameLocal_DMZ
descriptionOSPF
source-zonelocal
destination-zonedmz
destination-address192.168.90.0mask255.255.255.0
serviceicmp
actionpermit

rulenameTrust_DMZ
source-zonetrust
destination-zonedmz
servicehttp
actionpermit

      FW2

      security-policy
rulenameISP_DMZ
descriptionWWW
source-zoneISP1
source-zoneISP2
destination-zonedmz
destination-addressaddress-setWeb_IP
servicedns
serviceftp
servicehttp
serviceicmp
long-linkenable
long-linkaging-time10
actionpermit

rulenameLocal_DMZ
descriptionOSPF
source-zonelocal
destination-zonedmz
destination-address192.168.90.0mask255.255.255.0
serviceicmp
actionpermit

rulenameTrust_DMZ
source-zonetrust
destination-zonedmz
servicehttp
actionpermit

      服務(wù)器負載均衡SLB

      FW1

      slbenable

slb
group0server
metricroundrobin
health-checktypeicmp
rserver1rip192.168.90.10port80max-connection10descriptionserver1
rserver2rip192.168.90.20port80max-connection20descriptionserver2
rserver3rip192.168.90.30port80max-connection30descriptionserver3
actionoptimize
vserver0WEB
vip0100.100.100.5
vip1200.200.200.5
protocolhttp
vport80
groupserver

      FW2

      slbenable

slb
group0server
metricroundrobin
health-checktypeicmp
rserver1rip192.168.90.10port80max-connection10descriptionserver1
rserver2rip192.168.90.20port80max-connection20descriptionserver2
rserver3rip192.168.90.30port80max-connection30descriptionserver3
actionoptimize
vserver0WEB
vip0100.100.100.5
vip1200.200.200.5
protocolhttp
vport80
groupserver

      審核編輯 :李倩


      聲明:本文內(nèi)容及配圖由入駐作者撰寫或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點僅代表作者本人,不代表電子發(fā)燒友網(wǎng)立場。文章及其配圖僅供工程師學習之用,如有內(nèi)容侵權(quán)或者其他違規(guī)問題,請聯(lián)系本站處理。 舉報投訴
      • 華為
        +關(guān)注

        關(guān)注

        216

        文章

        34437

        瀏覽量

        251754
      • VLAN
        +關(guān)注

        關(guān)注

        1

        文章

        278

        瀏覽量

        35661
      • 模擬器
        +關(guān)注

        關(guān)注

        2

        文章

        875

        瀏覽量

        43224

      原文標題:【項目案例】如何使用華為ensp模擬器設(shè)計實現(xiàn)企業(yè)網(wǎng)絡(luò)?

      文章出處:【微信號:網(wǎng)絡(luò)工程師筆記,微信公眾號:網(wǎng)絡(luò)工程師筆記】歡迎添加關(guān)注!文章轉(zhuǎn)載請注明出處。

      收藏 人收藏

        評論

        相關(guān)推薦

        [下載]華為的路由模擬器3.0

        華為的路由模擬器3.0
        發(fā)表于 07-02 08:29

        玩轉(zhuǎn)云企業(yè)網(wǎng)(上):為什么需要云企業(yè)網(wǎng)

        不需要額外配置,網(wǎng)絡(luò)通過控制實現(xiàn)多節(jié)點,多級路由的自動轉(zhuǎn)發(fā)與學習,實現(xiàn)全網(wǎng)的路由快速收斂。2) 低時延高速率云企業(yè)網(wǎng)提供低延遲,高速的
        發(fā)表于 06-05 18:12

        N2X企業(yè)網(wǎng)絡(luò)最好的測試設(shè)備

        N2X 企業(yè)網(wǎng)絡(luò)最好的測試設(shè)備
        發(fā)表于 09-10 08:18

        企業(yè)網(wǎng)絡(luò),什么是企業(yè)網(wǎng)絡(luò)

        企業(yè)網(wǎng)絡(luò),什么是企業(yè)網(wǎng)絡(luò) 企業(yè)網(wǎng)絡(luò)(Enterprise Network)是允許通信和資源在一個公司內(nèi)的所有商業(yè)功能和工人之間共享的網(wǎng)絡(luò)。這些資
        發(fā)表于 03-22 11:08 ?4403次閱讀

        eNSP模擬器的簡要的操作詳細資料說明

        本文檔的主要內(nèi)容詳細介紹的是eNSP模擬器的簡要的操作詳細資料說明。
        發(fā)表于 12-12 08:00 ?6次下載
        <b class='flag-5'>eNSP</b><b class='flag-5'>模擬器</b>的簡要的操作詳細資料說明

        eNSP華為模擬器軟件安裝指南

        eNSP華為模擬器軟件安裝指南
        發(fā)表于 08-20 17:47 ?4次下載

        2分鐘快速教你如何在華為模擬器ensp上進行抓包?

        2分鐘快速教你如何在華為模擬器ensp上進行抓包?
        的頭像 發(fā)表于 12-05 11:25 ?4565次閱讀

        華為新版模擬器eNSP Lite安裝攻略

        最近華為發(fā)布了新版模擬器eNSP Lite的產(chǎn)品手冊,根據(jù)產(chǎn)品手冊描述,新版模擬器eNSP Lite基于云端發(fā)布,所以安裝和登錄新版
        的頭像 發(fā)表于 05-17 10:25 ?7206次閱讀
        <b class='flag-5'>華為</b>新版<b class='flag-5'>模擬器</b><b class='flag-5'>eNSP</b> Lite安裝攻略

        華為新版模擬器eNSP Lite

        同時eNSP Lite在保留舊版模擬器eNSP操作界面的基本功能的基礎(chǔ)上,也增加了新的功能,比如tcpdump功能,這個功能可以替代wireshark,完成對報文的抓取和分析。根據(jù)手冊整理,下面從登錄、創(chuàng)建沙箱、設(shè)備基本操作三部
        的頭像 發(fā)表于 05-19 14:58 ?6002次閱讀
        <b class='flag-5'>華為</b>新版<b class='flag-5'>模擬器</b><b class='flag-5'>eNSP</b> Lite

        什么是eNSP?華為網(wǎng)絡(luò)仿真平臺eNSP的使用方法

        Ensp(Enterprise Network Simulation Platform)是華為提供的一款網(wǎng)絡(luò)仿真平臺,主要用于學習、實踐和測試企業(yè)網(wǎng)絡(luò)場景。
        的頭像 發(fā)表于 08-07 09:48 ?1.6w次閱讀
        什么是<b class='flag-5'>eNSP</b>?<b class='flag-5'>華為</b><b class='flag-5'>網(wǎng)絡(luò)</b>仿真平臺<b class='flag-5'>eNSP</b>的使用方法

        華為eNSP模擬器安裝教程

        華為eNSP模擬器安裝教程
        的頭像 發(fā)表于 08-11 10:57 ?3063次閱讀
        <b class='flag-5'>華為</b><b class='flag-5'>eNSP</b><b class='flag-5'>模擬器</b>安裝教程

        新版華為模擬器eNSP Pro的安裝方法

        大家都期待了很久的eNSP Pro新玩法來了!
        的頭像 發(fā)表于 08-22 09:53 ?3852次閱讀
        新版<b class='flag-5'>華為</b><b class='flag-5'>模擬器</b><b class='flag-5'>eNSP</b> Pro的安裝方法

        華為ensp模擬器vlan配置命令

        華為eNSP(Enterprise Network Simulation Platform)是華為公司開發(fā)的一款網(wǎng)絡(luò)模擬器軟件,可以
        的頭像 發(fā)表于 12-08 14:04 ?4614次閱讀

        如何配置華為eNSP模擬器設(shè)備路由的ssh登錄

        本博文主要講解了如何配置華為eNSP模擬器設(shè)備路由的ssh登錄,以便自動化應(yīng)用可以更好的控制管理相關(guān)網(wǎng)絡(luò)設(shè)備。
        的頭像 發(fā)表于 10-25 09:31 ?1071次閱讀
        如何配置<b class='flag-5'>華為</b><b class='flag-5'>eNSP</b><b class='flag-5'>模擬器</b>設(shè)備路由<b class='flag-5'>器</b>的ssh登錄