江苏龙网

  1. 主页 > 生活百科 > >

一文教你明明白白完整配置大型企业网络

企业网络

写了不少文章讲解不同厂商设备的配置,很多小伙伴希望我给讲讲如何构建一个大型企业网,这里我借一个实例讲讲中大型企业网络如何搭建 。所有实验配置我全部无偿奉献给各位小伙伴,该网络涉及到防火墙的配置、无线网络组网、VRRP、mstp、OSPF及认证、BGP、DHCP中继、nat技术、路由选路,欢迎有兴趣的小伙伴收藏加关注 。
需求如下:
1.做必要隔离,且放环;
2.终端接口接入网络后无延迟转发;
3.汇聚后交换机之间要增加带宽;
4.网关配置在汇聚层上,要保证网关冗余;
5.内部使用可靠的IGP进行路由学习和发布,并保证设备身份的合法性;
6.通过BGP协议跟总部进行路由学习,实现互访,要求缺省互访流量都经过AR1访问总部,当AR1出现故障能自动切换至AR2;
7.要求园区网内所有PC终端都通过公司统一的DHCP服务器完成地址分发;
8.使用AC+瘦AP进行无线网络组网;
9.出口防火墙需要做必要的安全策略,只能内网主动发起访问外网;
10.出口防火墙要配置必要的NAT技术使得内网能够访问ISP或者互联网 。
 

一文教你明明白白完整配置大型企业网络

文章插图
 
具体配置如下:
AR1配置:
interface Ethe.NET3/0/0
ip address 10.1.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.1.100.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.103.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.12.1 255.255.255.0
#
interface Pos5/0/0
link-protocol ppp
ip address 10.1.13.1 255.255.255.0
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
interface Ethernet3/0/1
ip address 10.1.15.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
area 0
network 10.1.14.1 0.0.0.0
network 10.1.15.1 0.0.0.0
network 10.1.100.1 0.0.0.0
network 10.1.12.1 0.0.0.0
network 10.1.103.1 0.0.0.0
network 10.1.13.1 0.0.0.0
network 10.1.1.1 0.0.0.0
authentication-mode md5 1 cipher huawei@123
AR2配置:
interface GigabitEthernet0/0/0
ip address 10.1.102.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.104.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.12.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.23.2 255.255.255.0
#
interface LoopBack0
ip address 10.1.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
area 0
network 10.1.2.2 0.0.0.0
network 10.1.12.2 0.0.0.0
network 10.1.23.2 0.0.0.0
network 10.1.102.2 0.0.0.0
network 10.1.104.2 0.0.0.0
authentication-mode md5 1 cipher huawei@123
AR3配置:
interface Pos2/0/0
ip address 10.1.23.3 255.255.255.0
#
interface Pos5/0/0
ip address 10.1.13.3 255.255.255.0
#
interface LoopBack0
ip address 200.200.200.200 255.255.255.255
AR4配置:
#
interface GigabitEthernet0/0/0
ip address 10.1.14.4 255.255.255.0
#
interface LoopBack0
ip address 10.1.4.4 255.255.255.0
#
dhcp enable
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.251 192.168.10.253
DNS-list 114.114.114.114
domain-name hcie
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.251 192.168.20.253
dns-list 114.114.114.114
domain-name hcie
#
#
ip pool vlan30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.251 192.168.30.253
dns-list 114.114.114.114
domain-name hcie
#
#
ip pool vlan40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.251 192.168.40.253
dns-list 114.114.114.114
domain-name hcie
#
ip route-static 0.0.0.0 0.0.0.0 10.1.14.1
FW配置:
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.15.11 255.255.255.0
service-manage ping permit
#
firewall zone trust
add interface GigabitEthernet1/0/2
#
inter gig 1/0/1
ip addre 202.1.10.1 24
#
firewall zone untrust
add interface GigabitEthernet1/0/1
#
ospf 1 router-id 33.33.33.33
area 0
network 10.1.15.11 0.0.0.0
authentication-mode md5 1 cipher huawei@123
quit
#
security-policy


推荐阅读


上一篇:AI绘画日赚千元?百度、谷歌已入局,流水线画师要被抢单了

下一篇:Htmx意外走红,我们从React“退回去”后:代码行数减少 67%,JS 依赖项从 255 下降到 9