当前位置:网站首页>网络运维管理从基础到实战-自用笔记(1)构建综合园区网、接入互联网
网络运维管理从基础到实战-自用笔记(1)构建综合园区网、接入互联网
2022-08-04 18:34:00 【筐瓢大师小吕】
注
本篇博文内容来自于书籍《网络运维管理从基础到实战》,笔者仅参照书籍中的项目跟做实验及部分笔记,感兴趣的朋友们若觉得内容合适,敬请支持正版。
《网络运维管理从基础到实战》(许成刚 阮晓龙 杜宇飞 刘海滨 刘明哲 编著)【简介_书评_在线阅读】 - 当当图书
“本书共设计10个工程项目。从构建有线/无线混合园区网到接入互联网,从园区网设备的远程统一管理及基础网络服务管理到构建覆盖全网的运维监控系统,从网络安全管理的实现到基于防火墙的用户上网认证及上网行为分析。
项目一,构建综合园区网,基于eNSP仿真环境构建有线/无线混合园区网,将该项目作为本书后续各项目的基础。
项目二,接入互联网。重点掌握NAT技术的应用,并且将已经建成的园区网通过NAT方式接入互联网。
项目三,园区网设备的集中管理。通过Telnet和SSH方式,实现对园区网内部各网络设备的集中远程管理。
项目四~项目六,构建网络运维管理基础服务,包括域名管理(DNS)、时间服务管理(NTP)、IP地址管理(DHCP)
项目七,建设覆盖全网的运维监控系统。分别通过Cacti和Zabbix构建覆盖整个园区网的监控体系,实现对所有网络服务、网络设备的监控和运行分析。
项目八,网络安全。利用防火墙加强园区网访问及管理服务。
项目九,用户行为管理。基于防火墙实现用户上网认证以及用户上网行为分析。
项目十,通过VPN访问园区网内部资源。通过VPN方式,使位于互联网上的指定用户能够安全地访问园区网内部资源。”
另,笔者仅在自身薄弱知识处做笔记、配置以及额外查找资料补充,此外的问题敬请朋友们自行研究书本内容。
在eNSP中部署网络
设备选型:
交换机:S5700、S3700
路由器:AR2220(出口路由器需额外增添一块4GEW-T板卡以增添接口)
无线AC:AC6605
无线AP:AP3030
地址规划:
Server-1(用PC替代Server,仅为测试连通性):172.16.64.10 /24 Gateway:172.16.64.254
Server-2(同上):172.16.65.10 /24 Gateway:172.16.65.254
A-C-1:192.168.64.10 /24 Gateway:192.168.64.254
A-C-2:192.168.65.10 /24 Gateway:192.168.65.254
B-C-1:192.168.68.10 /24 Gateway:192.168.68.254
B-C-2:192.168.68.10 /24 Gateway:192.168.68.254
Cloud1、2:以太网(有线网卡)192.168.1.1.100
其他设置请查看各设备配置
各设备配置:
A-SW-1(接入交换机)
sysname A-SW-1
#
undo info-center enable
#
vlan batch 21 to 22 200 to 202
#
interface Ethernet0/0/1
port link-type access
port default vlan 21
#
interface Ethernet0/0/2
port link-type access
port default vlan 22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 21 to 22 200 to 202
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 200 to 202B-SW-1(接入交换机)
sysname B-SW-1
#
undo info-center enable
#
vlan batch 23 to 24 200 to 202
#
interface Ethernet0/0/1
port link-type access
port default vlan 23
#
interface Ethernet0/0/2
port link-type access
port default vlan 24
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 23 to 24 200 to 202
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 200 to 202A-RS-1(汇聚交换机,终结二层)
sysname A-RS-1
#
undo info-center enable
#
vlan batch 21 to 22 100 to 101 200 to 202
#
dhcp enable
#
interface Vlanif21
ip address 192.168.64.254 255.255.255.0
#
interface Vlanif22
ip address 192.168.65.254 255.255.255.0
#
interface Vlanif100
ip address 10.0.1.2 255.255.255.252
#
interface Vlanif101
ip address 10.0.1.10 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.14 255.255.255.240
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif201
ip address 192.168.66.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif202
ip address 192.168.67.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 21 to 22 200 to 202
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.1
network 192.168.64.0 0.0.0.255
network 192.168.65.0 0.0.0.255
network 10.0.1.0 0.0.0.3
network 10.0.1.8 0.0.0.3
network 192.168.66.0 0.0.0.255
network 192.168.67.0 0.0.0.255
network 10.0.200.0 0.0.0.15B-RS-1:
sysname B-RS-1
#
undo info-center enable
#
vlan batch 23 to 24 100 to 101 200 to 202
#
dhcp enable
#
interface Vlanif23
ip address 192.168.68.254 255.255.255.0
#
interface Vlanif24
ip address 192.168.69.254 255.255.255.0
#
interface Vlanif100
ip address 10.0.1.14 255.255.255.252
#
interface Vlanif101
ip address 10.0.1.6 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.30 255.255.255.240
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif201
ip address 192.168.70.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface Vlanif202
ip address 192.168.71.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.0.200.254
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 23 to 24 200 to 202
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.1
network 10.0.1.4 0.0.0.3
network 10.0.1.12 0.0.0.3
network 192.168.68.0 0.0.0.255
network 192.168.69.0 0.0.0.255
network 10.0.200.16 0.0.0.15
network 192.168.70.0 0.0.0.255
network 192.168.71.0 0.0.0.255O-R-1:
sysname O-R-1
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.64.0 0.0.7.255
rule 10 permit source 172.16.64.0 0.0.1.255
#
interface GigabitEthernet0/0/0
ip address 10.0.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.0.1.5 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.0.1 255.255.255.252
#
interface GigabitEthernet2/0/0
ip address 192.168.1.200 255.255.255.0
nat outbound 2000
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 10.0.0.0 0.0.0.3
area 0.0.0.1
network 10.0.1.0 0.0.0.3
network 10.0.1.4 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1O-R-2:
sysname O-R-2
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.64.0 0.0.7.255
rule 10 permit source 172.16.64.0 0.0.1.255
#
interface GigabitEthernet0/0/0
ip address 10.0.1.13 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 10.0.1.9 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet2/0/0
ip address 192.168.1.201 255.255.255.0
nat outbound 2000
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 10.0.0.4 0.0.0.3
area 0.0.0.1
network 10.0.1.8 0.0.0.3
network 10.0.1.12 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1S-RS-1:
sysname S-RS-1
#
undo info-center enable
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.0.0.2 255.255.255.252
#
interface Vlanif101
ip address 10.0.2.1 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.5 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
area 0.0.0.2
network 10.0.2.0 0.0.0.3
network 10.0.2.4 0.0.0.3S-RS-2:
sysname S-RS-2
#
undo info-center enable
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.0.0.6 255.255.255.252
#
interface Vlanif101
ip address 10.0.2.13 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.9 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
ospf 1
area 0.0.0.0
network 10.0.0.4 0.0.0.3
area 0.0.0.2
network 10.0.2.8 0.0.0.3
network 10.0.2.12 0.0.0.3S-RS-3:
sysname S-RS-3
#
undo info-center enable
#
vlan batch 11 101 to 102 200
#
interface Vlanif11
ip address 172.16.64.254 255.255.255.0
#
interface Vlanif101
ip address 10.0.2.2 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.10 255.255.255.252
#
interface Vlanif200
ip address 10.0.200.253 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.2
network 10.0.2.0 0.0.0.3
network 10.0.2.8 0.0.0.3
network 172.16.64.0 0.0.0.255
network 10.0.200.252 0.0.0.3S-RS-4:
sysname S-RS-4
#
undo info-center enable
#
vlan batch 12 101 to 102
#
interface Vlanif12
ip address 172.16.65.254 255.255.255.0
#
interface Vlanif101
ip address 10.0.2.14 255.255.255.252
#
interface Vlanif102
ip address 10.0.2.6 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 102
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 101
#
ospf 1
area 0.0.0.2
network 10.0.2.4 0.0.0.3
network 10.0.2.12 0.0.0.3
network 172.16.65.0 0.0.0.255AC-1:
sysname AC-1
#
vlan batch 200
#
dhcp enable
#
ip pool pool-A-vlan200
gateway-list 10.0.200.14
network 10.0.200.0 mask 255.255.255.240
option 43 sub-option 2 ip-address 10.0.200.254
#
ip pool pool-A-vlan201
gateway-list 192.168.66.254
network 192.168.66.0 mask 255.255.255.0
#
ip pool pool-A-vlan202
gateway-list 192.168.67.254
network 192.168.67.0 mask 255.255.255.0
#
ip pool pool-B-vlan200
gateway-list 10.0.200.30
network 10.0.200.16 mask 255.255.255.240
option 43 sub-option 2 ip-address 10.0.200.254
#
ip pool pool-B-vlan201
gateway-list 192.168.70.254
network 192.168.70.0 mask 255.255.255.0
#
ip pool pool-B-vlan202
gateway-list 192.168.71.254
network 192.168.71.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.0.200.254 255.255.255.252
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
#
undo info-center enable
#
ip route-static 10.0.200.0 255.255.255.224 10.0.200.253
ip route-static 192.168.66.0 255.255.254.0 10.0.200.253
ip route-static 192.168.70.0 255.255.254.0 10.0.200.253
#
capwap source interface vlanif200
#
wlan
security-profile name sec-cfg
security wpa-wpa2 psk pass-phrase %^%#25Ar5cH!wD<8w+N|Jwr>]'_jM+!fT&&@#5LCP.TU
%^%# aes
ssid-profile name ssid-cfg-1
ssid wifi-2.4G
ssid-profile name ssid-cfg-2
ssid wifi-5G
vap-profile name vap-cfg-1
service-vlan vlan-id 201
ssid-profile ssid-cfg-1
security-profile sec-cfg
vap-profile name vap-cfg-2
service-vlan vlan-id 202
ssid-profile ssid-cfg-2
security-profile sec-cfg
regulatory-domain-profile name domain-cfg
ap-group name ap-group-cfg
regulatory-domain-profile domain-cfg
radio 0
vap-profile vap-cfg-1 wlan 1
radio 1
vap-profile vap-cfg-2 wlan 1
ap-id 1 type-id 45 ap-mac 00e0-fc78-2050 ap-sn 2102354483106C3AB011
ap-name A-AP-1
ap-group ap-group-cfg
ap-id 2 type-id 45 ap-mac 00e0-fca5-4990 ap-sn 2102354483108E4D4E74
ap-name B-AP-1
ap-group ap-group-cfg
provision-ap总结:
如上配置后,能够实现园区网络内的互通(无线与有线接入)以及互联网的接入(Cloud模拟)
边栏推荐
- 2018年南海区小学生程序设计竞赛详细答案
- Day018 Inheritance
- Short-term reliability and economic evaluation of resilient microgrids under incentive-based demand response programs (Matlab code implementation)
- CAN光纤转换器CAN光端机解决消防火灾报警
- MMDetection 使用示例:从入门到出门
- 机器学习——线性回归
- 当前最快的实例分割模型:YOLACT 和 YOLACT++
- Hezhou Cat1 4G module Air724UG is configured with RNDIS network card or PPP dial-up, and the development board is connected to the Internet through the RNDIS network card (taking the RV1126/1109 devel
- 在表格数据集上训练变分自编码器 (VAE)示例
- 自己经常使用的三种调试:Pycharm、Vscode、pdb调试
猜你喜欢
随机推荐
mood swings
PHP代码审计10—命令执行漏洞
袋鼠云思枢:数驹DTengine,助力企业构建高效的流批一体数据湖计算平台
CAN光纤转换器CAN光端机解决消防火灾报警
Google AppSheet: 无需编程构建零代码应用
YOLOv7-Pose尝鲜,基于YOLOv7的关键点模型测评
flink-cdc支持并行读取一张mysql表的binlog不?
12. SAP ABAP OData 服务如何支持 $select 有选择性地仅读取部分模型字段值
链表的经典入门LeetCode题目
curl命令的那些事
ECCV 2022 | FPN错位对齐,实现高效半监督目标检测(PseCo)
火灾报警联网FC18中CAN光端机常见问题解答和使用指导
Usage of collect_list in Scala105-Spark.sql
路由技术
After EasyCVR is locally connected to the national standard device to map the public network, the local device cannot play and cascade the solution
使用.NET简单实现一个Redis的高性能克隆版(二)
天呐,七夕我收到9份告白~
Homework 8.3 Thread Synchronization Mutex Condition Variables
当前最快的实例分割模型:YOLACT 和 YOLACT++
基于激励的需求响应计划下弹性微电网的短期可靠性和经济性评估(Matlab代码实现)