当前位置: 首页 > wzjs >正文

广州品牌策划公司排行seo 培训教程

wzjs 2025/8/9 19:11:54
广州品牌策划公司排行,seo 培训教程,凡科微传单app软件下载,酒店网站的建设一、实验要求 网络基础配置:IP地址、安全区域、OSPF配置、安全策略(包括本地local的策略) 二、实验目的 1、拓扑 2、需求分析 3、配置 4、验证 三、实验步骤 1、拓扑 2、需求分析 配置IP地址配置安全区域配置OSPF配置配置安全策略 3、配置 二层交换机配置 […

一、实验要求

网络基础配置:IP地址、安全区域、OSPF配置、安全策略(包括本地local的策略)

二、实验目的

1、拓扑
2、需求分析
3、配置
4、验证

三、实验步骤

1、拓扑

2、需求分析
  • 配置IP地址
  • 配置安全区域
  • 配置OSPF配置
  • 配置安全策略
3、配置

二层交换机配置

[SW3]vlan batch 2 3
[SW3]interface GigabitEthernet 0/0/3
[SW3-GigabitEthernet0/0/3] port link-type trunk
[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW3]interface GigabitEthernet 0/0/4
[SW3-GigabitEthernet0/0/4] port link-type trunk
[SW3-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3[SW3]stp enable 
[SW3]stp mode mstp
[SW3]stp region-configuration 
[SW3-mst-region]region-name aa
[SW3-mst-region]instance 1 vlan 2  
[SW3-mst-region]instance 2 vlan 3 
[SW3-mst-region]active region-configuration 
[SW3]stp instance 1 root primary 
[SW3]stp instance 2 root secondary  
[SW3]stp instance 0 root primary [SW3]interface Vlanif 2
[SW3-Vlanif2]ip address 192.168.2.1 24
[SW3-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254   
[SW3-Vlanif2]vrrp vrid 1 priority 120  
[SW3-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20   
[SW3-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 15 
[SW3-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/2 reduced 15[SW3]interface Vlanif 3
[SW3-Vlanif3]ip add 192.168.3.1 24
[SW3-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[SW4]vlan batch 2 3
[SW4]interface GigabitEthernet 0/0/3
[SW4-GigabitEthernet0/0/3] port link-type trunk
[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW4]interface GigabitEthernet 0/0/4
[SW4-GigabitEthernet0/0/4] port link-type trunk
[SW4-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3[SW4]stp enable 
[SW4]stp mode mstp
[SW4]stp region-configuration 
[SW4-mst-region]region-name aa
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 3
[SW4-mst-region]active region-configuration 
[SW4]stp instance 1 root secondary 
[SW4]stp instance 2 root primary
[SW4]stp instance 0 root secondary[SW4]interface Vlanif 2
[SW4-Vlanif2]ip add 192.168.2.2 24
[SW4-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254[SW4]interface Vlanif3
[SW4-Vlanif3]ip address 192.168.3.2 255.255.255.0
[SW4-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[SW4-Vlanif3]vrrp vrid 1 priority 120
[SW4-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
[SW4-Vlanif3]vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 15
[SW4-Vlanif3]vrrp vrid 1 track interface GigabitEthernet0/0/2 reduced 15
[SW5]vlan batch 2 3
[SW5]interface GigabitEthernet 0/0/3
[SW5-GigabitEthernet0/0/3]port link-type access 
[SW5-GigabitEthernet0/0/3]port default vlan 2
[SW5]interface GigabitEthernet 0/0/4
[SW5-GigabitEthernet0/0/4]port link-type access 	
[SW5-GigabitEthernet0/0/4]port default vlan 3
[SW5]interface GigabitEthernet 0/0/1
[SW5-GigabitEthernet0/0/1]port link-type trunk 
[SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[SW5]interface GigabitEthernet 0/0/2
[SW5-GigabitEthernet0/0/2]port link-type trunk
[SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3[SW5]stp enable 
[SW5]stp mode mstp
[SW5]stp region-configuration 
[SW5-mst-region]region-name aa
[SW5-mst-region]instance 1 vlan 2
[SW5-mst-region]instance 2 vlan 3
[SW5-mst-region]active region-configuration

汇聚到核心层配置

[SW3]vlan batch 103 203
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access 
[SW3-GigabitEthernet0/0/1]port default vlan 103
[SW3-GigabitEthernet0/0/1]undo stp enable
[SW3]interface GigabitEthernet 0/0/2	
[SW3-GigabitEthernet0/0/2]port link-type access 
[SW3-GigabitEthernet0/0/2]port default vlan 203
[SW3-GigabitEthernet0/0/2]undo stp enable[SW3]interface Vlanif 103
[SW3-Vlanif103]ip add 10.10.3.3 24
[SW3]interface Vlanif 203
[SW3-Vlanif203]ip add 10.20.3.3 24[SW3]ospf 1 router-id 3.3.3.3
[SW3-ospf-1]area 0
[SW3-ospf-1-area-0.0.0.0]network 10.10.3.3 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 10.20.3.3 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0	
[SW3-ospf-1-area-0.0.0.0]network 192.168.3.1 0.0.0.0
[SW3-ospf-1]silent-interface Vlanif 2
[SW3-ospf-1]silent-interface Vlanif 3
[SW4]vlan batch 104 204
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type access
[SW4-GigabitEthernet0/0/1]port default vlan 204
[SW4-GigabitEthernet0/0/1]undo stp enable
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type access 
[SW4-GigabitEthernet0/0/2]port default vlan 104
[SW4-GigabitEthernet0/0/2]undo stp enable [SW4]interface Vlanif 104
[SW4-Vlanif104]ip address 10.10.4.4 24
[SW4]interface Vlanif 204
[SW4-Vlanif204]ip add 10.20.4.4 24[SW4]ospf 1 router-id 4.4.4.4
[SW4-ospf-1]area 0
[SW4-ospf-1-area-0.0.0.0]network 10.10.4.4 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 10.20.4.4 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 192.168.2.2 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 192.168.3.2 0.0.0.0[SW4-ospf-1]silent-interface Vlanif 2
[SW4-ospf-1]silent-interface Vlanif 3

创建VRF空间并配置VRF信息

[SW1]ip vpn-instance VRF    
[SW1-vpn-instance-VRF]route-distinguisher 100:1 
[SW1-vpn-instance-VRF-af-ipv4]vpn-target 100:1 both  
[SW2]ip vpn-instance VRF
[SW2-vpn-instance-VRF]route-distinguisher 100:1	
[SW2-vpn-instance-VRF-af-ipv4]vpn-target 100:1 both

配置VLAN信息

[SW1]vlan batch 102 103 104
[SW1]interface GigabitEthernet 0/0/6
[SW1-GigabitEthernet0/0/6]port link-type access 
[SW1-GigabitEthernet0/0/6]port default vlan 103	
[SW1-GigabitEthernet0/0/6]undo stp enable[SW1]interface GigabitEthernet 0/0/5
[SW1-GigabitEthernet0/0/5]port link-type trunk 
[SW1-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 102
[SW1-GigabitEthernet0/0/5]undo stp enable[SW1]interface GigabitEthernet 0/0/7
[SW1-GigabitEthernet0/0/7]port link-type access 
[SW1-GigabitEthernet0/0/7]port default vlan 104
[SW1-GigabitEthernet0/0/7]undo stp enable
[SW2]vlan batch 102 203 204
[SW2]interface GigabitEthernet 0/0/6
[SW2-GigabitEthernet0/0/6]port link-type access 	
[SW2-GigabitEthernet0/0/6]port default vlan 204
[SW2-GigabitEthernet0/0/6]undo stp enable[SW2]interface GigabitEthernet 0/0/7
[SW2-GigabitEthernet0/0/7]port link-type access 
[SW2-GigabitEthernet0/0/7]port default vlan 203
[SW2-GigabitEthernet0/0/7]undo stp enable [SW2]interface GigabitEthernet 0/0/5
[SW2-GigabitEthernet0/0/5]port link-type trunk 
[SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 102
[SW2-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[SW2-GigabitEthernet0/0/5]undo stp enable

创建Vlanif接口,并将接口划入VRF空间

[SW1]interface Vlanif 102
[SW1-Vlanif102]ip binding vpn-instance VRF 
[SW1-Vlanif102]ip address 10.10.2.1 24[SW1]interface Vlanif 103
[SW1-Vlanif103]ip binding vpn-instance VRF
[SW1-Vlanif103]ip add 10.10.3.1 24[SW1]interface Vlanif 104
[SW1-Vlanif104]ip binding vpn-instance VRF
[SW1-Vlanif104]ip add 10.10.4.1 24
[SW2]interface Vlanif 102
[SW2-Vlanif102]ip binding vpn-instance VRF
[SW2-Vlanif102]ip address 10.10.2.2 24[SW2]interface Vlanif 203
[SW2-Vlanif203]ip binding vpn-instance VRF
[SW2-Vlanif203]ip address 10.20.3.2 24[SW2]interface Vlanif 204
[SW2-Vlanif204]ip binding vpn-instance VRF
[SW2-Vlanif204]ip add 10.20.4.2 24

配置VRF空间的OSPF

[SW1]ospf 1 router-id 1.1.1.1 vpn-instance VRF
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 10.10.2.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.10.3.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.10.4.1 0.0.0.0
[SW1-ospf-1]default-route-advertise[SW2]ospf 1 router-id 2.2.2.2 vpn-instance VRF	
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 10.10.2.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.20.3.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.20.4.2 0.0.0.0
[SW2-ospf-1]default-route-advertise

路由策略配置

[SW3]interface Vlanif 203
[SW3-Vlanif203]ospf cost 5[SW4]interface Vlanif 104
[SW4-Vlanif104]ospf cost 5
[SW3-ospf-1-area-0.0.0.0]undo network 192.168.2.1 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]undo network 192.168.3.1 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]undo network 192.168.2.2 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]undo network 192.168.3.2 0.0.0.0
[SW3]ip ip-prefix aa permit 192.168.2.0 24
[SW3]ip ip-prefix bb permit 192.168.3.0 24
[SW3]route-policy bb permit node 10
[SW3-route-policy]if-match ip-prefix bb
[SW3-route-policy]apply cost 5
[SW3]route-policy bb permit node 20
[SW3-route-policy]if-match ip-prefix aa
[SW3]ospf 1	
[SW3-ospf-1]import-route direct route-policy bb[SW4]ip ip-prefix aa permit 192.168.2.0 24
[SW4]ip ip-prefix bb permit 192.168.3.0 24
[SW4]route-policy aa permit node 10
[SW4-route-policy]if-match ip-prefix aa
[SW4-route-policy]apply cost 5
[SW4]route-policy aa permit node 20
[SW4-route-policy]if-match ip-prefix bb
[SW4]ospf 1
[SW4-ospf-1]import-route direct route-policy aa

VRF区域配置

[SW1]vlan batch 401 402
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk 	
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 401 402
[SW1]interface GigabitEthernet 0/0/5
[SW1-GigabitEthernet0/0/5]port link-type trunk 
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 401 402[SW1]interface Vlanif 401
[SW1-Vlanif401]ip binding vpn-instance VRF
[SW1-Vlanif401]ip address 10.40.1.1 24
[SW1-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[SW1-Vlanif401]vrrp vrid 1 priority 120
[SW1-Vlanif401]vrrp vrid 1 preempt-mode timer delay 60
[SW1-Vlanif401]vrrp vrid 1 track interface GigabitEthernet 0/0/2 reduced 30[SW1]interface Vlanif 402
[SW1-Vlanif402]ip binding vpn-instance VRF
[SW1-Vlanif402]ip address 10.40.2.1 24
[SW1-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100
[SW2]vlan batch 401 402
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk 
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 401 402
[SW2]interface GigabitEthernet 0/0/5
[SW2-GigabitEthernet0/0/5]port link-type trunk 
[SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 401 402[SW2]interface Vlanif 401
[SW2-Vlanif401]ip binding vpn-instance VRF
[SW2-Vlanif401]ip address 10.40.1.2 24
[SW2-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100[SW2]interface Vlanif 402
[SW2-Vlanif402]ip binding vpn-instance VRF
[SW2-Vlanif402]ip address 10.40.2.2 24
[SW2-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100
[SW2-Vlanif402]vrrp vrid 2 priority 120
[SW2-Vlanif402]vrrp vrid 2 preempt-mode timer delay 60
[SW2-Vlanif402]vrrp vrid 2 track interface GigabitEthernet 0/0/3 reduced 30
[FW1]vlan batch 401 402 403 404
[FW1]interface GigabitEthernet 1/0/0
[FW1-GigabitEthernet1/0/0]ip add 10.10.10.1 30[FW1]interface GigabitEthernet 1/0/1.401
[FW1-GigabitEthernet1/0/1.401]ip add 10.40.1.10 24
[FW1-GigabitEthernet1/0/1.401]vlan-type dot1q 401[FW1]interface GigabitEthernet 1/0/1.402
[FW1-GigabitEthernet1/0/1.402]ip address 10.40.2.10 24
[FW1-GigabitEthernet1/0/1.402]vlan-type dot1q 402[FW1]interface GigabitEthernet 1/0/2.403
[FW1-GigabitEthernet1/0/2.403]ip address 10.40.3.10 24
[FW1-GigabitEthernet1/0/2.403]vlan-type dot1q 403[FW1]interface GigabitEthernet 1/0/2.404
[FW1-GigabitEthernet1/0/2.404]ip add 10.40.4.10 24
[FW1-GigabitEthernet1/0/2.404]vlan-type dot1q 404
[FW2]vlan batch 401 402 403 404
[FW2]interface GigabitEthernet 1/0/0
[FW2-GigabitEthernet1/0/0]ip add 10.10.10.2 30[FW2]interface GigabitEthernet 1/0/2.401
[FW2-GigabitEthernet1/0/2.401]ip address 10.40.1.20 24
[FW2-GigabitEthernet1/0/2.401]vlan-type dot1q 401[FW2]interface GigabitEthernet 1/0/2.402
[FW2-GigabitEthernet1/0/2.402]ip add 10.40.2.20 24
[FW2-GigabitEthernet1/0/2.402]vlan-type dot1q 402[FW2]interface GigabitEthernet 1/0/1.403
[FW2-GigabitEthernet1/0/1.403]ip add 10.40.3.20 24
[FW2-GigabitEthernet1/0/1.403]vlan-type dot1q 403[FW2]interface GigabitEthernet 1/0/1.404
[FW2-GigabitEthernet1/0/1.404]ip add 10.40.4.20 24
[FW2-GigabitEthernet1/0/1.404]vlan-type dot1q 404

安全区域划分

[FW1]firewall zone trust 
[FW1-zone-trust]add interface GigabitEthernet 1/0/1.401
[FW1-zone-trust]add interface GigabitEthernet 1/0/1.402[FW1]firewall zone untrust 
[FW1-zone-untrust]add interface GigabitEthernet 1/0/2.403
[FW1-zone-untrust]add interface GigabitEthernet 1/0/2.404[FW1]firewall zone dmz 
[FW1-zone-dmz]add interface GigabitEthernet 1/0/0
[FW2]firewall zone trust 
[FW2-zone-trust]add interface GigabitEthernet 1/0/2.401
[FW2-zone-trust]add interface GigabitEthernet 1/0/2.402[FW2]firewall zone untrust 
[FW2-zone-untrust]add interface GigabitEthernet 1/0/1.403
[FW2-zone-untrust]add interface GigabitEthernet 1/0/1.404[FW2]firewall zone dmz 
[FW2-zone-dmz]add interface GigabitEthernet 1/0/0

SW1、SW2的Public区域配置

[SW1]vlan batch 403 404
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk 
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 403 404
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk 
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 403 404
[SW1]interface Vlanif 403
[SW1-Vlanif403]ip address 10.40.3.1 24
[SW1-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[SW1-Vlanif403]vrrp vrid 3 priority 120
[SW1-Vlanif403]vrrp vrid 3 preempt-mode timer delay 60
[SW1-Vlanif403]vrrp vrid 3 track interface GigabitEthernet 0/0/3 reduced 30
[SW1]interface Vlanif 404
[SW1-Vlanif404]ip add 10.40.4.1 24
[SW1-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100[SW2]vlan batch 403 404
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk 
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 403 404
[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port link-type trunk 
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 403 404
[SW2]interface  Vlanif 403
[SW2-Vlanif403]ip address 10.40.3.2 24
[SW2-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[SW2]interface Vlanif 404
[SW2-Vlanif404]ip address 10.40.4.2 24
[SW2-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100
[SW2-Vlanif404]vrrp vrid 4 priority 120
[SW2-Vlanif404]vrrp vrid 4 preempt-mode timer delay 60
[SW2-Vlanif404]vrrp vrid 4 track interface GigabitEthernet 0/0/2 reduced 30

路由补充

[SW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200
[SW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200 preference 70[SW1]ip route-static 192.168.0.0 16 10.40.3.200
[SW1]ip route-static 192.168.0.0 16 10.40.4.200 preference 70[SW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200
[SW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200 preference 70[SW2]ip route-static 192.168.0.0 16 10.40.4.200	
[SW2]ip route-static 192.168.0.0 16 10.40.3.200 preference 70

防火墙双机热备配置

[FW1]interface GigabitEthernet 1/0/1.401
[FW1-GigabitEthernet1/0/1.401]vrrp vrid 5 virtual-ip 10.40.1.200 active 
[FW1]interface GigabitEthernet 1/0/1.402
[FW1-GigabitEthernet1/0/1.402]vrrp vrid 6 virtual-ip 10.40.2.200 standby [FW1]interface GigabitEthernet 1/0/2.403
[FW1-GigabitEthernet1/0/2.403]vrrp vrid 7 virtual-ip 10.40.3.200 active 
[FW1]interface GigabitEthernet 1/0/2.404
[FW1-GigabitEthernet1/0/2.404]vrrp vrid 8 virtual-ip 10.40.4.200 standby [FW1]hrp mirror session enable 
[FW1]hrp interface GigabitEthernet 1/0/0 remote 10.10.10.2 
[FW1]hrp enableHRP_S[FW1]ip route-static 0.0.0.0 0 10.40.3.100	
HRP_S[FW1]ip route-static 0.0.0.0 0 10.40.4.100 preference 70HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.1.100
HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.2.100 preference 70
[FW2]interface GigabitEthernet 1/0/2.401
[FW2-GigabitEthernet1/0/2.401]vrrp vrid 5 virtual-ip 10.40.1.200 standby 
[FW2]interface GigabitEthernet 1/0/2.402
[FW2-GigabitEthernet1/0/2.402]vrrp vrid 6 virtual-ip 10.40.2.200 active [FW2]interface GigabitEthernet 1/0/1.403
[FW2-GigabitEthernet1/0/1.403]vrrp vrid 7 virtual-ip 10.40.3.200 standby 
[FW2]interface GigabitEthernet 1/0/1.404
[FW2-GigabitEthernet1/0/1.404]vrrp vrid 8 virtual-ip 10.40.4.200 active [FW2]hrp mirror session enable
[FW2]hrp interface GigabitEthernet 1/0/0 remote 10.10.10.1
[FW2]hrp enableHRP_S[FW2]ip route-static 0.0.0.0 0 10.40.4.100
HRP_S[FW2]ip route-static 0.0.0.0 0 10.40.3.100 preference 70HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.2.100
HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.1.100 preference 70

安全策略配置

HRP_M[FW1]security-policy  (+B)
HRP_M[FW1-policy-security]rule name trust_to_untrust (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]source-zone trust  (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]destination-zone untrust  (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]source-address 192.168.0.0 16 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]action permit  (+B)

核心到边界配置

[SW1]vlan batch 11 12
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 11
[SW1-GigabitEthernet0/0/1]undo stp enable [SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 12
[SW1-GigabitEthernet0/0/4]undo stp enable [SW1]interface Vlanif 11
[SW1-Vlanif11]ip address 10.11.1.1 24
[SW1]interface Vlanif 12
[SW1-Vlanif12]ip add 10.12.1.1 24[SW1]ospf 2 router-id 1.1.1.1
[SW1-ospf-2]area 0
[SW1-ospf-2-area-0.0.0.0]network 10.11.1.1 0.0.0.0
[SW1-ospf-2-area-0.0.0.0]network 10.12.1.1 0.0.0.0
    [SW2]vlan batch 12 22
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access 
[SW2-GigabitEthernet0/0/1]port default vlan 22
[SW2-GigabitEthernet0/0/1]undo stp enable[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 12
[SW2-GigabitEthernet0/0/4]undo stp enable [SW2]interface Vlanif 12
[SW2-Vlanif12]ip address 10.12.1.2 24
[SW2]interface Vlanif 22
[SW2-Vlanif22]ip address 10.22.2.1 24[SW2-ospf-2]dis th
ospf 2 router-id 2.2.2.2area 0.0.0.0network 10.12.1.2 0.0.0.0network 10.22.2.1 0.0.0.0
    [R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.11.1.2 24
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.12.2.1 24[R1-ospf-1]display this 
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.11.1.2 0.0.0.0 network 10.12.2.1 0.0.0.0 
    [R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.22.2.2 24
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip add 10.12.2.2 14[R2]ospf 1 router-id 4.4.4.4
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.22.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.12.2.2 0.0.0.0

    最外层网络

    [R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip add 12.0.0.1 24
[R1]ip route-static 0.0.0.0 0 12.0.0.100
[R1-ospf-1]default-route-advertise [R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]nat outbound 2000
    [R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]ip add 13.0.0.1 24
[R2]ip route-static 0.0.0.0 0 13.0.0.100
[R2-ospf-1]default-route-advertise[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]nat outbound 2000
    [ISP]interface GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.100 24
[ISP]interface GigabitEthernet 0/0/1
[ISP-GigabitEthernet0/0/1]ip add 13.0.0.100 24
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip add 100.1.1.1 24
    [SW1-ospf-2]import-route static 
[SW2-ospf-2]import-route static
    4、验证

    正常情况下,PC1和PC2分别pingISP的环回接口

    当SW1的某些接口发生故障时,对PC1到ISP环回接口的网络进行测试

    [SW1-GigabitEthernet0/0/2]shutdown 

    http://www.dtcms.com/wzjs/282622.html

    相关文章:

  1. 互联网产品推广方案范文网站搜索引擎优化诊断
  2. 成都 网站免费的短视频app大全下载
  3. 门户网站系统建设项目招标书广东seo推广费用
  4. 怎么把做的网站发布微软bing搜索引擎
  5. 嘉兴公司网站建设青岛seo关键词优化公司
  6. 张家口建设局网站seo实战培训费用
  7. 网站邮箱后台子域名seo网站推广seo
  8. 做搜索的网站自助建站申请
  9. 详谈电商网站建设四大流程爱情链接
  10. 模板的网站都有哪些内容搜搜
  11. 建设网站教程视频视频视频百度推广一个关键词多少钱
  12. 网站安全维护怎么做seo优化系统
  13. 自己做免费网站的流程网络营销服务公司有哪些
  14. 用流媒体做的电台网站国外独立网站如何建站
  15. python3 做网站网络网站推广选择乐云seo
  16. wordpress上面的模板整站优化cms
  17. 做门户网站用什么服务器做网络推广为什么会被抓
  18. 谷歌做新媒体运营的网站外贸b2b平台都有哪些网站
  19. 网站建设报价明细营销型网站建设套餐
  20. 鲜花店网站建设青岛seo推广专员
  21. 商务网站建设实训总结网址
  22. 防城港北京网站建设网络营销推广的优势
  23. 太原网站如何制作最近大事件新闻
  24. 吉林市建设厅网站国家免费技能培训有哪些
  25. 做美容有哪些网站百度权重查询
  26. 页眉做的好的网站外贸网站平台都有哪些 免费的
  27. 做游戏ppt下载网站有哪些内容百度网页搜索
  28. 专业建站商常见的搜索引擎有哪些?
  29. 天津做国外网站市场调研报告范文大全
  30. 目前最好的免费网站仁茂网络seo