日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

公告:魔扣目錄網為廣大站長提供免費收錄網站服務,提交前請做好本站友鏈:【 網站目錄:http://www.ylptlb.cn 】, 免友鏈快審服務(50元/站),

點擊這里在線咨詢客服
新站提交
  • 網站:51998
  • 待審:31
  • 小程序:12
  • 文章:1030137
  • 會員:747

中小型網絡思路規劃配置分享,H3C HCL模擬器

發布時間:2023-07-03 02:14:15 作者:網友整理

中小型網絡思路規劃配置分享,H3C HCL模擬器

 

整體規劃

采用三層網絡結構,核心、匯聚三層互聯,堆疊采用40G網絡,匯聚10G,接入1G,網關下放到匯聚,交換機采用獨立管理VLAN,模擬某工廠真實網絡情況。

功能實現

1、核心、匯聚堆疊,動態端口聚合
2、配置DHCP服務器為多個VLAN服務
3、靜態路由與OSPF配置
4、外網NAT訪問實現
5、接入交換機Telnet、管理IP實現
6、SNMP網管服務部署
7、監控攝像頭隔離
8、DHCP仿冒防御
9、端口隔離

 

配置詳情

1、設置固定IP,配置主機名
如圖片所示

2、核心堆疊,采用40G口堆疊
核心1

<hexin1>sys
System View: return to User View with Ctrl+Z.
[hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54
[hexin1-if-range]shu
[hexin1-if-range]quit
[hexin1]irf member 1 priority 32
[hexin1]irf-port 1/1
[hexin1-irf-port1/1]port group interface FortyGigE 1/0/53
[hexin1-irf-port1/1]port group interface FortyGigE 1/0/54
[hexin1-irf-port1/1]quit
[hexin1]irf-port-configuration active
[hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54
[hexin1-if-range]un sh
[hexin1-if-range]save

核心2

[hexin2]sys
[hexin2]irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue?[Y/N]:y
[hexin2]quit
<hexin2>reboot
<hexin2>sys
System View: return to User View with Ctrl+Z.
[hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54
[hexin2-if-range]shu
[hexin2-if-range]quit
[hexin2]irf member 2 priority 1
[hexin2]irf-port 2/2
[hexin2-irf-port2/2]port group interface FortyGigE 2/0/53
[hexin2-irf-port2/2]port group interface FortyGigE 2/0/54
[hexin2-irf-port2/2]qui
[hexin2]irf-port-configuration  active
[hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54
[hexin2-if-range]un sh
[hexin2-if-range]quit
[hexin2]save

連接堆疊線后,機器自動重啟,此時兩臺交換機終端都會顯示為 hexin1

3、車間匯聚堆疊,采用40G口
步驟與核心相同,堆疊后兩臺終端都會顯示為 chejianhuiju1

4、按圖片為交換機配置IP和VLAN,三層采用路由模式,匯聚下聯trunk,接入上聯trunk,下聯對應vlan
車間匯聚做端口聚合

[chejianhuiju1]vlan 1004
[chejianhuiju1-vlan1004]int vlan 1004
[chejianhuiju1-Vlan-interface1004]ip add 10.0.4.254 24
[chejianhuiju1-Vlan-interface1004]quit
[chejianhuiju1]int Bridge-Aggregation 1
[chejianhuiju1-Bridge-Aggregation1]link-aggregation mode dynamic
[chejianhuiju1-Bridge-Aggregation1]quit
[chejianhuiju1]int g1/0/1
[chejianhuiju1-GigabitEthernet1/0/1]port link-aggregation group 1
[chejianhuiju1-GigabitEthernet1/0/1]int g2/0/1
[chejianhuiju1-GigabitEthernet2/0/1]port link-aggregation group 1
[chejianhuiju1-GigabitEthernet2/0/1]dis link-aggregation verbose
  GE1/0/1             0       32768    0         0x8000, 0000-0000-0000 {EF}
  GE2/0/1             0       32768    0         0x8000, 0000-0000-0000 {EF}
[chejianhuiju1-GigabitEthernet2/0/1]vlan 1004
[chejianhuiju1-vlan1004]port Bridge-Aggregation 1
[chejianhuiju1]int Bridge-Aggregation 1
[chejianhuiju1-Bridge-Aggregation1]port link-type trunk
[chejianhuiju1-Bridge-Aggregation1]port trunk permit vlan all
[chejianhuiju1-Bridge-Aggregation1]save

驗證生產設備,ping 10.0.20.4 10.0.50.5 10.0.4.254 都通

5、配置OSPF,實現車間、辦公、生產服務器、基礎服務器互通

配置核心

<hexin1>sys
System View: return to User View with Ctrl+Z.
[hexin1]ospf
[hexin1-ospf-1]area 0
[hexin1-ospf-1-area-0.0.0.0]netwo
[hexin1-ospf-1-area-0.0.0.0]network 10.0.70.0 0.0.0.255
[hexin1-ospf-1-area-0.0.0.0]network 10.0.40.0 0.0.0.255
[hexin1-ospf-1-area-0.0.0.0]network 10.0.60.0 0.0.0.255
[hexin1-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255
[hexin1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255
[hexin1-ospf-1-area-0.0.0.0]quit

配置車間匯聚

<chejianhuiju1>sys
System View: return to User View with Ctrl+Z.
[chejianhuiju1]ospf
[chejianhuiju1-ospf-1]area 0
[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.4.0 0.0.0.255
[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255
[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255
[chejianhuiju1-ospf-1-area-0.0.0.0]quit

生產設備ping核心通,其他配置類似。

6、配置DHCP服務器
使用三層交換機搭建DHCP服務器,ping測試

[H3C]hostname dhcp
[dhcp]int g1/0/1
[dhcp-GigabitEthernet1/0/1]port link-mode route
[dhcp-GigabitEthernet1/0/1]ip add 10.0.0.1 24
[dhcp-GigabitEthernet1/0/1]save
[dhcp-GigabitEthernet1/0/1]quit
[dhcp]ip route-static 0.0.0.0 0 10.0.0.254
[dhcp]ping 10.0.0.254
Ping 10.0.0.254 (10.0.0.254): 56 data bytes, press CTRL_C to break
56 bytes from 10.0.0.254: icmp_seq=0 ttl=255 time=0.000 ms

創建DHCP池

[dhcp]dhcp enable

dhcp server ip-pool bangong
 gateway-list 10.0.3.254
 network 10.0.3.0 mask 255.255.255.0
 address range 10.0.3.100 10.0.3.200
 DNS-list 8.8.8.8
 expired day 3
#
dhcp server ip-pool wuxian
 gateway-list 10.0.2.254
 network 10.0.2.0 mask 255.255.255.0
 address range 10.0.2.150 10.0.2.200
 dns-list 114.114.114.114
 expired day 3
#

沿途匯聚、核心都要開啟DHCP中繼,二層只要有對應VLAN并trunk即可。

[jichuhuiju]dhcp enable
#
interface Vlan-interface1002
 dhcp select relay
 dhcp relay server-address 10.0.0.1
#
interface Vlan-interface1003
 dhcp select relay
 dhcp relay server-address 10.0.0.1
#

查看客戶端IP,成功獲取IP

[dhcp]display dhcp server ip-in-use
IP address       Client identifier/    Lease expiration      Type
                 Hardware address
10.0.2.150       0038-6163-312e-3334-  Jun 26 20:35:43 2021  Auto(C)
                 3266-2e31-3730-362d-
                 4745-302f-302f-31
10.0.3.100       0038-6137-362e-3466-  Jun 28 20:35:31 2021  Auto(C)
                 3864-2e31-3230-362d-
                 4745-302f-302f-31

7、配置專線,僅辦公和無線可以訪問
辦公匯聚、無線匯聚、核心、專線靜態路由

[wuxianhuiju] ip route-static 10.1.0.0 24 10.0.60.10
[hexin1]ip route-static 10.1.0.0 24 10.0.90.18
[zhuanxianwangguan]ip route-static 10.0.2.0 24 10.0.90.15

測試辦公和無線都可以訪問專線IP10.1.0.2

8、配置辦公和無線能訪問外網,但外網無法直接訪問內網
辦公匯聚、無線匯聚、核心默認路由,外網網關靜態路由

[bangonghuiju]ip route-static 0.0.0.0 0 10.0.30.6
[wuxianhuiju]ip route-static 0.0.0.0 0 10.0.60.10
[hexin1]ip route-static 0.0.0.0 0 10.0.10.1

[waibuwangguan]ip route-static 10.0.3.0 24 10.0.10.2
[waibuwangguan]ip route-static 10.0.2.0 24 10.0.10.2

配置最簡單NAT訪問方式Easy IP

[waibuwangguan]acl basic 200
[waibuwangguan-acl-ipv4-basic-2000]rule 0 permit source 10.0.2.0 0.0.0.255
[waibuwangguan-acl-ipv4-basic-2000]acl basic 2001
[waibuwangguan-acl-ipv4-basic-2001]rule 0 permit source 10.0.3.0 0.0.0.255
[waibuwangguan-acl-ipv4-basic-2001]quit
[waibuwangguan]int g0/0
[waibuwangguan-GigabitEthernet0/0]nat outbound 2001
[waibuwangguan-GigabitEthernet0/0]nat outbound 2000

辦公和無線ping外網1.1.1.2通,外網ping內網不通

9、POE供電
受模擬器限制無法實現,實際在無線接入執行 poe enable 即可

10、辦公人員通過telnet遠程管理車間接入交換機
車間匯聚創建管理vlan2000

[chejianhuiju1]vlan 2000
[chejianhuiju1-vlan2000]int vlan 2000
[chejianhuiju1-Vlan-interface2000]ip add 192.168.1.254 24

車間接入創建管理vlan,開啟telnet服務,設置默認路由

<chejianjieru>sys
System View: return to User View with Ctrl+Z.
[chejianjieru]vlan 2000
[chejianjieru-vlan2000]int vlan 2000
[chejianjieru-Vlan-interface2000]ip add 192.168.1.2 24
[chejianjieru-Vlan-interface2000]quit
[chejianjieru]user-interface vty 0 4
[chejianjieru-line-vty0-4]authentication-mode scheme
[chejianjieru-line-vty0-4]quit
[chejianjieru]local-user admin
New local user added.
[chejianjieru-luser-manage-admin]password simple 123456
[chejianjieru-luser-manage-admin]authorization-attribute user-role level-15
[chejianjieru-luser-manage-admin]service-type telnet
[chejianjieru-luser-manage-admin]quit
[chejianjieru]telnet server enable
[chejianjieru]save
[chejianjieru]ip route-static 0.0.0.0 0 192.168.1.254

核心添加靜態路由

[hexin1]ip route-static 192.168.1.0 24 10.0.20.4

辦公人員遠程telnet

<bangonghuiju>telnet 192.168.1.2
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ...

******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

login: admin
Password:
<chejianjieru>

11、配置snmp網絡管理協議
配置向10.0.0.1發送設備信息

snmp-agent
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.0.0.1 params securityname public v2c

12、配置監控網絡,辦公和無線可以訪問監控服務器,不可訪問攝像頭,攝像頭僅與監控服務器互相訪問
核心設置靜態路由,監控匯聚設置默認路由

[hexin1]ip route-static 10.0.5.0 24 10.0.80.17
[jiankonghuiju]ip route-static 0.0.0.0 0 10.0.80.16

在監控匯聚上聯接口配置ACL規則,只允許訪問10.0.5.1發出,其他禁止,從而達到只允許監控服務器被訪問的目的

[jiankonghuiju]acl basic 2000
[jiankonghuiju-acl-ipv4-basic-2000]rule 0 permit source 10.0.5.1 0
[jiankonghuiju-acl-ipv4-basic-2000]rule 1 deny
[jiankonghuiju-acl-ipv4-basic-2000]quit
[jiankonghuiju]int Ten-GigabitEthernet1/0/49
[jiankonghuiju-Ten-GigabitEthernet1/0/49]packet-filter 2000 outbound

測試辦公可以ping通10.0.5.1,不能ping通10.0.5.2

13、配置DHCP snooping,防止仿冒攻擊
全局開啟dhcp snooping,上聯端口啟用dhcp信任

[bangongjieru]dhcp snooping enable
[bangongjieru]interface GigabitEthernet1/0/2
[bangongjieru]dhcp snooping trust

14、配置端口隔離,減少接入傻瓜交換機造成的網絡風暴,防御ARP攻擊

[H3C]port-isolate group 2
[H3C]int g1/0/1
[H3C-GigabitEthernet1/0/1]port-isolate enable group 2
[H3C-GigabitEthernet1/0/1]int g1/0/2
[H3C-GigabitEthernet1/0/2]port-isolate enable group 2
[H3C-GigabitEthernet1/0/2]quit
[H3C]dis port-isolate group 2
Port isolation group information:
Group ID: 2
Group members:
GigabitEthernet1/0/1          GigabitEthernet1/0/2

總結

分享到:
標簽:網絡
用戶無頭像

網友整理

注冊時間:

網站:5 個   小程序:0 個  文章:12 篇

  • 51998

    網站

  • 12

    小程序

  • 1030137

    文章

  • 747

    會員

趕快注冊賬號,推廣您的網站吧!
最新入駐小程序

數獨大挑戰2018-06-03

數獨一種數學游戲,玩家需要根據9

答題星2018-06-03

您可以通過答題星輕松地創建試卷

全階人生考試2018-06-03

各種考試題,題庫,初中,高中,大學四六

運動步數有氧達人2018-06-03

記錄運動步數,積累氧氣值。還可偷

每日養生app2018-06-03

每日養生,天天健康

體育訓練成績評定2018-06-03

通用課目體育訓練成績評定