-
网络运维管理从基础到实战-自用笔记(1)构建综合园区网、接入互联网
注
本篇博文内容来自于书籍《网络运维管理从基础到实战》,笔者仅参照书籍中的项目跟做实验及部分笔记,感兴趣的朋友们若觉得内容合适,敬请支持正版。
《网络运维管理从基础到实战》(许成刚 阮晓龙 杜宇飞 刘海滨 刘明哲 编著)【简介_书评_在线阅读】 - 当当图书
“本书共设计10个工程项目。从构建有线/无线混合园区网到接入互联网,从园区网设备的远程统一管理及基础网络服务管理到构建覆盖全网的运维监控系统,从网络安全管理的实现到基于防火墙的用户上网认证及上网行为分析。
项目一,构建综合园区网,基于eNSP仿真环境构建有线/无线混合园区网,将该项目作为本书后续各项目的基础。
项目二,接入互联网。重点掌握NAT技术的应用,并且将已经建成的园区网通过NAT方式接入互联网。
项目三,园区网设备的集中管理。通过Telnet和SSH方式,实现对园区网内部各网络设备的集中远程管理。
项目四~项目六,构建网络运维管理基础服务,包括域名管理(DNS)、时间服务管理(NTP)、IP地址管理(DHCP)
项目七,建设覆盖全网的运维监控系统。分别通过Cacti和Zabbix构建覆盖整个园区网的监控体系,实现对所有网络服务、网络设备的监控和运行分析。
项目八,网络安全。利用防火墙加强园区网访问及管理服务。
项目九,用户行为管理。基于防火墙实现用户上网认证以及用户上网行为分析。
项目十,通过VPN访问园区网内部资源。通过VPN方式,使位于互联网上的指定用户能够安全地访问园区网内部资源。”
另,笔者仅在自身薄弱知识处做笔记、配置以及额外查找资料补充,此外的问题敬请朋友们自行研究书本内容。
在eNSP中部署网络
设备选型:
交换机:S5700、S3700
路由器:AR2220(出口路由器需额外增添一块4GEW-T板卡以增添接口)
无线AC:AC6605
无线AP:AP3030
地址规划:
Server-1(用PC替代Server,仅为测试连通性):172.16.64.10 /24 Gateway:172.16.64.254
Server-2(同上):172.16.65.10 /24 Gateway:172.16.65.254
A-C-1:192.168.64.10 /24 Gateway:192.168.64.254
A-C-2:192.168.65.10 /24 Gateway:192.168.65.254
B-C-1:192.168.68.10 /24 Gateway:192.168.68.254
B-C-2:192.168.68.10 /24 Gateway:192.168.68.254
Cloud1、2:以太网(有线网卡)192.168.1.1.100
其他设置请查看各设备配置
各设备配置:
A-SW-1(接入交换机)
- sysname A-SW-1
- #
- undo info-center enable
- #
- vlan batch 21 to 22 200 to 202
- #
- interface Ethernet0/0/1
- port link-type access
- port default vlan 21
- #
- interface Ethernet0/0/2
- port link-type access
- port default vlan 22
- #
- interface GigabitEthernet0/0/1
- port link-type trunk
- port trunk allow-pass vlan 21 to 22 200 to 202
- #
- interface GigabitEthernet0/0/2
- port link-type trunk
- port trunk pvid vlan 200
- port trunk allow-pass vlan 200 to 202
B-SW-1(接入交换机)
- sysname B-SW-1
- #
- undo info-center enable
- #
- vlan batch 23 to 24 200 to 202
- #
- interface Ethernet0/0/1
- port link-type access
- port default vlan 23
- #
- interface Ethernet0/0/2
- port link-type access
- port default vlan 24
- #
- interface GigabitEthernet0/0/1
- port link-type trunk
- port trunk allow-pass vlan 23 to 24 200 to 202
- #
- interface GigabitEthernet0/0/2
- port link-type trunk
- port trunk pvid vlan 200
- port trunk allow-pass vlan 200 to 202
A-RS-1(汇聚交换机,终结二层)
- sysname A-RS-1
- #
- undo info-center enable
- #
- vlan batch 21 to 22 100 to 101 200 to 202
- #
- dhcp enable
- #
- interface Vlanif21
- ip address 192.168.64.254 255.255.255.0
- #
- interface Vlanif22
- ip address 192.168.65.254 255.255.255.0
- #
- interface Vlanif100
- ip address 10.0.1.2 255.255.255.252
- #
- interface Vlanif101
- ip address 10.0.1.10 255.255.255.252
- #
- interface Vlanif200
- ip address 10.0.200.14 255.255.255.240
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface Vlanif201
- ip address 192.168.66.254 255.255.255.0
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface Vlanif202
- ip address 192.168.67.254 255.255.255.0
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface GigabitEthernet0/0/1
- port link-type trunk
- port trunk allow-pass vlan 21 to 22 200 to 202
- #
- interface GigabitEthernet0/0/23
- port link-type access
- port default vlan 101
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 100
- #
- ospf 1
- area 0.0.0.1
- network 192.168.64.0 0.0.0.255
- network 192.168.65.0 0.0.0.255
- network 10.0.1.0 0.0.0.3
- network 10.0.1.8 0.0.0.3
- network 192.168.66.0 0.0.0.255
- network 192.168.67.0 0.0.0.255
- network 10.0.200.0 0.0.0.15
B-RS-1:
- sysname B-RS-1
- #
- undo info-center enable
- #
- vlan batch 23 to 24 100 to 101 200 to 202
- #
- dhcp enable
- #
- interface Vlanif23
- ip address 192.168.68.254 255.255.255.0
- #
- interface Vlanif24
- ip address 192.168.69.254 255.255.255.0
- #
- interface Vlanif100
- ip address 10.0.1.14 255.255.255.252
- #
- interface Vlanif101
- ip address 10.0.1.6 255.255.255.252
- #
- interface Vlanif200
- ip address 10.0.200.30 255.255.255.240
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface Vlanif201
- ip address 192.168.70.254 255.255.255.0
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface Vlanif202
- ip address 192.168.71.254 255.255.255.0
- dhcp select relay
- dhcp relay server-ip 10.0.200.254
- #
- interface GigabitEthernet0/0/1
- port link-type trunk
- port trunk allow-pass vlan 23 to 24 200 to 202
- #
- interface GigabitEthernet0/0/23
- port link-type access
- port default vlan 101
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 100
- #
- ospf 1
- area 0.0.0.1
- network 10.0.1.4 0.0.0.3
- network 10.0.1.12 0.0.0.3
- network 192.168.68.0 0.0.0.255
- network 192.168.69.0 0.0.0.255
- network 10.0.200.16 0.0.0.15
- network 192.168.70.0 0.0.0.255
- network 192.168.71.0 0.0.0.255
O-R-1:
- sysname O-R-1
- #
- undo info-center enable
- #
- acl number 2000
- rule 5 permit source 192.168.64.0 0.0.7.255
- rule 10 permit source 172.16.64.0 0.0.1.255
- #
- interface GigabitEthernet0/0/0
- ip address 10.0.1.1 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- ip address 10.0.1.5 255.255.255.252
- #
- interface GigabitEthernet0/0/2
- ip address 10.0.0.1 255.255.255.252
- #
- interface GigabitEthernet2/0/0
- ip address 192.168.1.200 255.255.255.0
- nat outbound 2000
- #
- ospf 1
- default-route-advertise always
- area 0.0.0.0
- network 10.0.0.0 0.0.0.3
- area 0.0.0.1
- network 10.0.1.0 0.0.0.3
- network 10.0.1.4 0.0.0.3
- #
- ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
O-R-2:
- sysname O-R-2
- #
- undo info-center enable
- #
- acl number 2000
- rule 5 permit source 192.168.64.0 0.0.7.255
- rule 10 permit source 172.16.64.0 0.0.1.255
- #
- interface GigabitEthernet0/0/0
- ip address 10.0.1.13 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- ip address 10.0.1.9 255.255.255.252
- #
- interface GigabitEthernet0/0/2
- ip address 10.0.0.5 255.255.255.252
- #
- interface GigabitEthernet2/0/0
- ip address 192.168.1.201 255.255.255.0
- nat outbound 2000
- #
- ospf 1
- default-route-advertise always
- area 0.0.0.0
- network 10.0.0.4 0.0.0.3
- area 0.0.0.1
- network 10.0.1.8 0.0.0.3
- network 10.0.1.12 0.0.0.3
- #
- ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
S-RS-1:
- sysname S-RS-1
- #
- undo info-center enable
- #
- vlan batch 100 to 102
- #
- interface Vlanif100
- ip address 10.0.0.2 255.255.255.252
- #
- interface Vlanif101
- ip address 10.0.2.1 255.255.255.252
- #
- interface Vlanif102
- ip address 10.0.2.5 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- port link-type access
- port default vlan 101
- #
- interface GigabitEthernet0/0/2
- port link-type access
- port default vlan 102
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 100
- #
- ospf 1
- area 0.0.0.0
- network 10.0.0.0 0.0.0.3
- area 0.0.0.2
- network 10.0.2.0 0.0.0.3
- network 10.0.2.4 0.0.0.3
S-RS-2:
- sysname S-RS-2
- #
- undo info-center enable
- #
- vlan batch 100 to 102
- #
- interface Vlanif100
- ip address 10.0.0.6 255.255.255.252
- #
- interface Vlanif101
- ip address 10.0.2.13 255.255.255.252
- #
- interface Vlanif102
- ip address 10.0.2.9 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- port link-type access
- port default vlan 101
- #
- interface GigabitEthernet0/0/2
- port link-type access
- port default vlan 102
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 100
- #
- ospf 1
- area 0.0.0.0
- network 10.0.0.4 0.0.0.3
- area 0.0.0.2
- network 10.0.2.8 0.0.0.3
- network 10.0.2.12 0.0.0.3
S-RS-3:
- sysname S-RS-3
- #
- undo info-center enable
- #
- vlan batch 11 101 to 102 200
- #
- interface Vlanif11
- ip address 172.16.64.254 255.255.255.0
- #
- interface Vlanif101
- ip address 10.0.2.2 255.255.255.252
- #
- interface Vlanif102
- ip address 10.0.2.10 255.255.255.252
- #
- interface Vlanif200
- ip address 10.0.200.253 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- port link-type access
- port default vlan 11
- #
- interface GigabitEthernet0/0/2
- port link-type access
- port default vlan 200
- #
- interface GigabitEthernet0/0/22
- port link-type access
- port default vlan 200
- #
- interface GigabitEthernet0/0/23
- port link-type access
- port default vlan 102
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 101
- #
- ospf 1
- area 0.0.0.2
- network 10.0.2.0 0.0.0.3
- network 10.0.2.8 0.0.0.3
- network 172.16.64.0 0.0.0.255
- network 10.0.200.252 0.0.0.3
S-RS-4:
- sysname S-RS-4
- #
- undo info-center enable
- #
- vlan batch 12 101 to 102
- #
- interface Vlanif12
- ip address 172.16.65.254 255.255.255.0
- #
- interface Vlanif101
- ip address 10.0.2.14 255.255.255.252
- #
- interface Vlanif102
- ip address 10.0.2.6 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- port link-type access
- port default vlan 12
- #
- interface GigabitEthernet0/0/23
- port link-type access
- port default vlan 102
- #
- interface GigabitEthernet0/0/24
- port link-type access
- port default vlan 101
- #
- ospf 1
- area 0.0.0.2
- network 10.0.2.4 0.0.0.3
- network 10.0.2.12 0.0.0.3
- network 172.16.65.0 0.0.0.255
AC-1:
- sysname AC-1
- #
- vlan batch 200
- #
- dhcp enable
- #
- ip pool pool-A-vlan200
- gateway-list 10.0.200.14
- network 10.0.200.0 mask 255.255.255.240
- option 43 sub-option 2 ip-address 10.0.200.254
- #
- ip pool pool-A-vlan201
- gateway-list 192.168.66.254
- network 192.168.66.0 mask 255.255.255.0
- #
- ip pool pool-A-vlan202
- gateway-list 192.168.67.254
- network 192.168.67.0 mask 255.255.255.0
- #
- ip pool pool-B-vlan200
- gateway-list 10.0.200.30
- network 10.0.200.16 mask 255.255.255.240
- option 43 sub-option 2 ip-address 10.0.200.254
- #
- ip pool pool-B-vlan201
- gateway-list 192.168.70.254
- network 192.168.70.0 mask 255.255.255.0
- #
- ip pool pool-B-vlan202
- gateway-list 192.168.71.254
- network 192.168.71.0 mask 255.255.255.0
- #
- interface Vlanif200
- ip address 10.0.200.254 255.255.255.252
- dhcp select global
- #
- interface GigabitEthernet0/0/1
- port link-type access
- port default vlan 200
- #
- undo info-center enable
- #
- ip route-static 10.0.200.0 255.255.255.224 10.0.200.253
- ip route-static 192.168.66.0 255.255.254.0 10.0.200.253
- ip route-static 192.168.70.0 255.255.254.0 10.0.200.253
- #
- capwap source interface vlanif200
- #
- wlan
- security-profile name sec-cfg
- security wpa-wpa2 psk pass-phrase %^%#25Ar5cH!wD<8w+N|Jwr>]'_jM+!fT&&@#5LCP.TU
- %^%# aes
- ssid-profile name ssid-cfg-1
- ssid wifi-2.4G
- ssid-profile name ssid-cfg-2
- ssid wifi-5G
- vap-profile name vap-cfg-1
- service-vlan vlan-id 201
- ssid-profile ssid-cfg-1
- security-profile sec-cfg
- vap-profile name vap-cfg-2
- service-vlan vlan-id 202
- ssid-profile ssid-cfg-2
- security-profile sec-cfg
- regulatory-domain-profile name domain-cfg
- ap-group name ap-group-cfg
- regulatory-domain-profile domain-cfg
- radio 0
- vap-profile vap-cfg-1 wlan 1
- radio 1
- vap-profile vap-cfg-2 wlan 1
- ap-id 1 type-id 45 ap-mac 00e0-fc78-2050 ap-sn 2102354483106C3AB011
- ap-name A-AP-1
- ap-group ap-group-cfg
- ap-id 2 type-id 45 ap-mac 00e0-fca5-4990 ap-sn 2102354483108E4D4E74
- ap-name B-AP-1
- ap-group ap-group-cfg
- provision-ap
总结:
如上配置后,能够实现园区网络内的互通(无线与有线接入)以及互联网的接入(Cloud模拟)
-
相关阅读:
Multimodal-intersection-analysis-MIA-/ github
Linux--进程替换
NDI Tools使用介绍
定义无向加权图,并使用Pytorch_geometric实现图卷积
数据结构--选择排序
Log4j日志框架多种日志级别
Visual Studio 2019设置默认文件头注释
【秋招基础知识】【1】特征降维方法 PCA+LDA
23王道考研操作系统目录一览
BootstrapBlazor企业级组件库:前端开发的革新之路
- 原文地址:https://blog.csdn.net/m0_51770049/article/details/126044167
