当前位置: 首页 > wzjs >正文

厦门市建设质量安全协会网站网站开发的研究方法

wzjs 2025/9/12 17:49:34
厦门市建设质量安全协会网站,网站开发的研究方法,网络优化公司有哪些,中国著名设计师的推荐一、实验要求 网络基础配置:IP地址、安全区域、OSPF配置、安全策略(包括本地local的策略) 二、实验目的 1、拓扑 2、需求分析 3、配置 4、验证 三、实验步骤 1、拓扑 2、需求分析 配置IP地址配置安全区域配置OSPF配置配置安全策略 3、配置 二层交换机配置 […

一、实验要求

网络基础配置:IP地址、安全区域、OSPF配置、安全策略(包括本地local的策略)

二、实验目的

1、拓扑
2、需求分析
3、配置
4、验证

三、实验步骤

1、拓扑

2、需求分析
  • 配置IP地址
  • 配置安全区域
  • 配置OSPF配置
  • 配置安全策略
3、配置

二层交换机配置

[SW3]vlan batch 2 3
[SW3]interface GigabitEthernet 0/0/3
[SW3-GigabitEthernet0/0/3] port link-type trunk
[SW3-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW3]interface GigabitEthernet 0/0/4
[SW3-GigabitEthernet0/0/4] port link-type trunk
[SW3-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3[SW3]stp enable 
[SW3]stp mode mstp
[SW3]stp region-configuration 
[SW3-mst-region]region-name aa
[SW3-mst-region]instance 1 vlan 2  
[SW3-mst-region]instance 2 vlan 3 
[SW3-mst-region]active region-configuration 
[SW3]stp instance 1 root primary 
[SW3]stp instance 2 root secondary  
[SW3]stp instance 0 root primary [SW3]interface Vlanif 2
[SW3-Vlanif2]ip address 192.168.2.1 24
[SW3-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254   
[SW3-Vlanif2]vrrp vrid 1 priority 120  
[SW3-Vlanif2]vrrp vrid 1 preempt-mode timer delay 20   
[SW3-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 15 
[SW3-Vlanif2]vrrp vrid 1 track interface GigabitEthernet 0/0/2 reduced 15[SW3]interface Vlanif 3
[SW3-Vlanif3]ip add 192.168.3.1 24
[SW3-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[SW4]vlan batch 2 3
[SW4]interface GigabitEthernet 0/0/3
[SW4-GigabitEthernet0/0/3] port link-type trunk
[SW4-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
[SW4]interface GigabitEthernet 0/0/4
[SW4-GigabitEthernet0/0/4] port link-type trunk
[SW4-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 3[SW4]stp enable 
[SW4]stp mode mstp
[SW4]stp region-configuration 
[SW4-mst-region]region-name aa
[SW4-mst-region]instance 1 vlan 2
[SW4-mst-region]instance 2 vlan 3
[SW4-mst-region]active region-configuration 
[SW4]stp instance 1 root secondary 
[SW4]stp instance 2 root primary
[SW4]stp instance 0 root secondary[SW4]interface Vlanif 2
[SW4-Vlanif2]ip add 192.168.2.2 24
[SW4-Vlanif2]vrrp vrid 1 virtual-ip 192.168.2.254[SW4]interface Vlanif3
[SW4-Vlanif3]ip address 192.168.3.2 255.255.255.0
[SW4-Vlanif3]vrrp vrid 1 virtual-ip 192.168.3.254
[SW4-Vlanif3]vrrp vrid 1 priority 120
[SW4-Vlanif3]vrrp vrid 1 preempt-mode timer delay 20
[SW4-Vlanif3]vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 15
[SW4-Vlanif3]vrrp vrid 1 track interface GigabitEthernet0/0/2 reduced 15
[SW5]vlan batch 2 3
[SW5]interface GigabitEthernet 0/0/3
[SW5-GigabitEthernet0/0/3]port link-type access 
[SW5-GigabitEthernet0/0/3]port default vlan 2
[SW5]interface GigabitEthernet 0/0/4
[SW5-GigabitEthernet0/0/4]port link-type access 	
[SW5-GigabitEthernet0/0/4]port default vlan 3
[SW5]interface GigabitEthernet 0/0/1
[SW5-GigabitEthernet0/0/1]port link-type trunk 
[SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[SW5]interface GigabitEthernet 0/0/2
[SW5-GigabitEthernet0/0/2]port link-type trunk
[SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3[SW5]stp enable 
[SW5]stp mode mstp
[SW5]stp region-configuration 
[SW5-mst-region]region-name aa
[SW5-mst-region]instance 1 vlan 2
[SW5-mst-region]instance 2 vlan 3
[SW5-mst-region]active region-configuration

汇聚到核心层配置

[SW3]vlan batch 103 203
[SW3]interface GigabitEthernet 0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access 
[SW3-GigabitEthernet0/0/1]port default vlan 103
[SW3-GigabitEthernet0/0/1]undo stp enable
[SW3]interface GigabitEthernet 0/0/2	
[SW3-GigabitEthernet0/0/2]port link-type access 
[SW3-GigabitEthernet0/0/2]port default vlan 203
[SW3-GigabitEthernet0/0/2]undo stp enable[SW3]interface Vlanif 103
[SW3-Vlanif103]ip add 10.10.3.3 24
[SW3]interface Vlanif 203
[SW3-Vlanif203]ip add 10.20.3.3 24[SW3]ospf 1 router-id 3.3.3.3
[SW3-ospf-1]area 0
[SW3-ospf-1-area-0.0.0.0]network 10.10.3.3 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 10.20.3.3 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0	
[SW3-ospf-1-area-0.0.0.0]network 192.168.3.1 0.0.0.0
[SW3-ospf-1]silent-interface Vlanif 2
[SW3-ospf-1]silent-interface Vlanif 3
[SW4]vlan batch 104 204
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]port link-type access
[SW4-GigabitEthernet0/0/1]port default vlan 204
[SW4-GigabitEthernet0/0/1]undo stp enable
[SW4]interface GigabitEthernet 0/0/2
[SW4-GigabitEthernet0/0/2]port link-type access 
[SW4-GigabitEthernet0/0/2]port default vlan 104
[SW4-GigabitEthernet0/0/2]undo stp enable [SW4]interface Vlanif 104
[SW4-Vlanif104]ip address 10.10.4.4 24
[SW4]interface Vlanif 204
[SW4-Vlanif204]ip add 10.20.4.4 24[SW4]ospf 1 router-id 4.4.4.4
[SW4-ospf-1]area 0
[SW4-ospf-1-area-0.0.0.0]network 10.10.4.4 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 10.20.4.4 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 192.168.2.2 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]network 192.168.3.2 0.0.0.0[SW4-ospf-1]silent-interface Vlanif 2
[SW4-ospf-1]silent-interface Vlanif 3

创建VRF空间并配置VRF信息

[SW1]ip vpn-instance VRF    
[SW1-vpn-instance-VRF]route-distinguisher 100:1 
[SW1-vpn-instance-VRF-af-ipv4]vpn-target 100:1 both  
[SW2]ip vpn-instance VRF
[SW2-vpn-instance-VRF]route-distinguisher 100:1	
[SW2-vpn-instance-VRF-af-ipv4]vpn-target 100:1 both

配置VLAN信息

[SW1]vlan batch 102 103 104
[SW1]interface GigabitEthernet 0/0/6
[SW1-GigabitEthernet0/0/6]port link-type access 
[SW1-GigabitEthernet0/0/6]port default vlan 103	
[SW1-GigabitEthernet0/0/6]undo stp enable[SW1]interface GigabitEthernet 0/0/5
[SW1-GigabitEthernet0/0/5]port link-type trunk 
[SW1-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 102
[SW1-GigabitEthernet0/0/5]undo stp enable[SW1]interface GigabitEthernet 0/0/7
[SW1-GigabitEthernet0/0/7]port link-type access 
[SW1-GigabitEthernet0/0/7]port default vlan 104
[SW1-GigabitEthernet0/0/7]undo stp enable
[SW2]vlan batch 102 203 204
[SW2]interface GigabitEthernet 0/0/6
[SW2-GigabitEthernet0/0/6]port link-type access 	
[SW2-GigabitEthernet0/0/6]port default vlan 204
[SW2-GigabitEthernet0/0/6]undo stp enable[SW2]interface GigabitEthernet 0/0/7
[SW2-GigabitEthernet0/0/7]port link-type access 
[SW2-GigabitEthernet0/0/7]port default vlan 203
[SW2-GigabitEthernet0/0/7]undo stp enable [SW2]interface GigabitEthernet 0/0/5
[SW2-GigabitEthernet0/0/5]port link-type trunk 
[SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 102
[SW2-GigabitEthernet0/0/5]undo port trunk allow-pass vlan 1
[SW2-GigabitEthernet0/0/5]undo stp enable

创建Vlanif接口,并将接口划入VRF空间

[SW1]interface Vlanif 102
[SW1-Vlanif102]ip binding vpn-instance VRF 
[SW1-Vlanif102]ip address 10.10.2.1 24[SW1]interface Vlanif 103
[SW1-Vlanif103]ip binding vpn-instance VRF
[SW1-Vlanif103]ip add 10.10.3.1 24[SW1]interface Vlanif 104
[SW1-Vlanif104]ip binding vpn-instance VRF
[SW1-Vlanif104]ip add 10.10.4.1 24
[SW2]interface Vlanif 102
[SW2-Vlanif102]ip binding vpn-instance VRF
[SW2-Vlanif102]ip address 10.10.2.2 24[SW2]interface Vlanif 203
[SW2-Vlanif203]ip binding vpn-instance VRF
[SW2-Vlanif203]ip address 10.20.3.2 24[SW2]interface Vlanif 204
[SW2-Vlanif204]ip binding vpn-instance VRF
[SW2-Vlanif204]ip add 10.20.4.2 24

配置VRF空间的OSPF

[SW1]ospf 1 router-id 1.1.1.1 vpn-instance VRF
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 10.10.2.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.10.3.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.0]network 10.10.4.1 0.0.0.0
[SW1-ospf-1]default-route-advertise[SW2]ospf 1 router-id 2.2.2.2 vpn-instance VRF	
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 10.10.2.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.20.3.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.20.4.2 0.0.0.0
[SW2-ospf-1]default-route-advertise

路由策略配置

[SW3]interface Vlanif 203
[SW3-Vlanif203]ospf cost 5[SW4]interface Vlanif 104
[SW4-Vlanif104]ospf cost 5
[SW3-ospf-1-area-0.0.0.0]undo network 192.168.2.1 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]undo network 192.168.3.1 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]undo network 192.168.2.2 0.0.0.0
[SW4-ospf-1-area-0.0.0.0]undo network 192.168.3.2 0.0.0.0
[SW3]ip ip-prefix aa permit 192.168.2.0 24
[SW3]ip ip-prefix bb permit 192.168.3.0 24
[SW3]route-policy bb permit node 10
[SW3-route-policy]if-match ip-prefix bb
[SW3-route-policy]apply cost 5
[SW3]route-policy bb permit node 20
[SW3-route-policy]if-match ip-prefix aa
[SW3]ospf 1	
[SW3-ospf-1]import-route direct route-policy bb[SW4]ip ip-prefix aa permit 192.168.2.0 24
[SW4]ip ip-prefix bb permit 192.168.3.0 24
[SW4]route-policy aa permit node 10
[SW4-route-policy]if-match ip-prefix aa
[SW4-route-policy]apply cost 5
[SW4]route-policy aa permit node 20
[SW4-route-policy]if-match ip-prefix bb
[SW4]ospf 1
[SW4-ospf-1]import-route direct route-policy aa

VRF区域配置

[SW1]vlan batch 401 402
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk 	
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 401 402
[SW1]interface GigabitEthernet 0/0/5
[SW1-GigabitEthernet0/0/5]port link-type trunk 
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 401 402[SW1]interface Vlanif 401
[SW1-Vlanif401]ip binding vpn-instance VRF
[SW1-Vlanif401]ip address 10.40.1.1 24
[SW1-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100
[SW1-Vlanif401]vrrp vrid 1 priority 120
[SW1-Vlanif401]vrrp vrid 1 preempt-mode timer delay 60
[SW1-Vlanif401]vrrp vrid 1 track interface GigabitEthernet 0/0/2 reduced 30[SW1]interface Vlanif 402
[SW1-Vlanif402]ip binding vpn-instance VRF
[SW1-Vlanif402]ip address 10.40.2.1 24
[SW1-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100
[SW2]vlan batch 401 402
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk 
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 401 402
[SW2]interface GigabitEthernet 0/0/5
[SW2-GigabitEthernet0/0/5]port link-type trunk 
[SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 401 402[SW2]interface Vlanif 401
[SW2-Vlanif401]ip binding vpn-instance VRF
[SW2-Vlanif401]ip address 10.40.1.2 24
[SW2-Vlanif401]vrrp vrid 1 virtual-ip 10.40.1.100[SW2]interface Vlanif 402
[SW2-Vlanif402]ip binding vpn-instance VRF
[SW2-Vlanif402]ip address 10.40.2.2 24
[SW2-Vlanif402]vrrp vrid 2 virtual-ip 10.40.2.100
[SW2-Vlanif402]vrrp vrid 2 priority 120
[SW2-Vlanif402]vrrp vrid 2 preempt-mode timer delay 60
[SW2-Vlanif402]vrrp vrid 2 track interface GigabitEthernet 0/0/3 reduced 30
[FW1]vlan batch 401 402 403 404
[FW1]interface GigabitEthernet 1/0/0
[FW1-GigabitEthernet1/0/0]ip add 10.10.10.1 30[FW1]interface GigabitEthernet 1/0/1.401
[FW1-GigabitEthernet1/0/1.401]ip add 10.40.1.10 24
[FW1-GigabitEthernet1/0/1.401]vlan-type dot1q 401[FW1]interface GigabitEthernet 1/0/1.402
[FW1-GigabitEthernet1/0/1.402]ip address 10.40.2.10 24
[FW1-GigabitEthernet1/0/1.402]vlan-type dot1q 402[FW1]interface GigabitEthernet 1/0/2.403
[FW1-GigabitEthernet1/0/2.403]ip address 10.40.3.10 24
[FW1-GigabitEthernet1/0/2.403]vlan-type dot1q 403[FW1]interface GigabitEthernet 1/0/2.404
[FW1-GigabitEthernet1/0/2.404]ip add 10.40.4.10 24
[FW1-GigabitEthernet1/0/2.404]vlan-type dot1q 404
[FW2]vlan batch 401 402 403 404
[FW2]interface GigabitEthernet 1/0/0
[FW2-GigabitEthernet1/0/0]ip add 10.10.10.2 30[FW2]interface GigabitEthernet 1/0/2.401
[FW2-GigabitEthernet1/0/2.401]ip address 10.40.1.20 24
[FW2-GigabitEthernet1/0/2.401]vlan-type dot1q 401[FW2]interface GigabitEthernet 1/0/2.402
[FW2-GigabitEthernet1/0/2.402]ip add 10.40.2.20 24
[FW2-GigabitEthernet1/0/2.402]vlan-type dot1q 402[FW2]interface GigabitEthernet 1/0/1.403
[FW2-GigabitEthernet1/0/1.403]ip add 10.40.3.20 24
[FW2-GigabitEthernet1/0/1.403]vlan-type dot1q 403[FW2]interface GigabitEthernet 1/0/1.404
[FW2-GigabitEthernet1/0/1.404]ip add 10.40.4.20 24
[FW2-GigabitEthernet1/0/1.404]vlan-type dot1q 404

安全区域划分

[FW1]firewall zone trust 
[FW1-zone-trust]add interface GigabitEthernet 1/0/1.401
[FW1-zone-trust]add interface GigabitEthernet 1/0/1.402[FW1]firewall zone untrust 
[FW1-zone-untrust]add interface GigabitEthernet 1/0/2.403
[FW1-zone-untrust]add interface GigabitEthernet 1/0/2.404[FW1]firewall zone dmz 
[FW1-zone-dmz]add interface GigabitEthernet 1/0/0
[FW2]firewall zone trust 
[FW2-zone-trust]add interface GigabitEthernet 1/0/2.401
[FW2-zone-trust]add interface GigabitEthernet 1/0/2.402[FW2]firewall zone untrust 
[FW2-zone-untrust]add interface GigabitEthernet 1/0/1.403
[FW2-zone-untrust]add interface GigabitEthernet 1/0/1.404[FW2]firewall zone dmz 
[FW2-zone-dmz]add interface GigabitEthernet 1/0/0

SW1、SW2的Public区域配置

[SW1]vlan batch 403 404
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk 
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 403 404
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk 
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 403 404
[SW1]interface Vlanif 403
[SW1-Vlanif403]ip address 10.40.3.1 24
[SW1-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[SW1-Vlanif403]vrrp vrid 3 priority 120
[SW1-Vlanif403]vrrp vrid 3 preempt-mode timer delay 60
[SW1-Vlanif403]vrrp vrid 3 track interface GigabitEthernet 0/0/3 reduced 30
[SW1]interface Vlanif 404
[SW1-Vlanif404]ip add 10.40.4.1 24
[SW1-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100[SW2]vlan batch 403 404
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk 
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 403 404
[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port link-type trunk 
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 403 404
[SW2]interface  Vlanif 403
[SW2-Vlanif403]ip address 10.40.3.2 24
[SW2-Vlanif403]vrrp vrid 3 virtual-ip 10.40.3.100
[SW2]interface Vlanif 404
[SW2-Vlanif404]ip address 10.40.4.2 24
[SW2-Vlanif404]vrrp vrid 4 virtual-ip 10.40.4.100
[SW2-Vlanif404]vrrp vrid 4 priority 120
[SW2-Vlanif404]vrrp vrid 4 preempt-mode timer delay 60
[SW2-Vlanif404]vrrp vrid 4 track interface GigabitEthernet 0/0/2 reduced 30

路由补充

[SW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200
[SW1]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200 preference 70[SW1]ip route-static 192.168.0.0 16 10.40.3.200
[SW1]ip route-static 192.168.0.0 16 10.40.4.200 preference 70[SW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.2.200
[SW2]ip route-static vpn-instance VRF 0.0.0.0 0 10.40.1.200 preference 70[SW2]ip route-static 192.168.0.0 16 10.40.4.200	
[SW2]ip route-static 192.168.0.0 16 10.40.3.200 preference 70

防火墙双机热备配置

[FW1]interface GigabitEthernet 1/0/1.401
[FW1-GigabitEthernet1/0/1.401]vrrp vrid 5 virtual-ip 10.40.1.200 active 
[FW1]interface GigabitEthernet 1/0/1.402
[FW1-GigabitEthernet1/0/1.402]vrrp vrid 6 virtual-ip 10.40.2.200 standby [FW1]interface GigabitEthernet 1/0/2.403
[FW1-GigabitEthernet1/0/2.403]vrrp vrid 7 virtual-ip 10.40.3.200 active 
[FW1]interface GigabitEthernet 1/0/2.404
[FW1-GigabitEthernet1/0/2.404]vrrp vrid 8 virtual-ip 10.40.4.200 standby [FW1]hrp mirror session enable 
[FW1]hrp interface GigabitEthernet 1/0/0 remote 10.10.10.2 
[FW1]hrp enableHRP_S[FW1]ip route-static 0.0.0.0 0 10.40.3.100	
HRP_S[FW1]ip route-static 0.0.0.0 0 10.40.4.100 preference 70HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.1.100
HRP_M[FW1]ip route-static 192.168.0.0 16 10.40.2.100 preference 70
[FW2]interface GigabitEthernet 1/0/2.401
[FW2-GigabitEthernet1/0/2.401]vrrp vrid 5 virtual-ip 10.40.1.200 standby 
[FW2]interface GigabitEthernet 1/0/2.402
[FW2-GigabitEthernet1/0/2.402]vrrp vrid 6 virtual-ip 10.40.2.200 active [FW2]interface GigabitEthernet 1/0/1.403
[FW2-GigabitEthernet1/0/1.403]vrrp vrid 7 virtual-ip 10.40.3.200 standby 
[FW2]interface GigabitEthernet 1/0/1.404
[FW2-GigabitEthernet1/0/1.404]vrrp vrid 8 virtual-ip 10.40.4.200 active [FW2]hrp mirror session enable
[FW2]hrp interface GigabitEthernet 1/0/0 remote 10.10.10.1
[FW2]hrp enableHRP_S[FW2]ip route-static 0.0.0.0 0 10.40.4.100
HRP_S[FW2]ip route-static 0.0.0.0 0 10.40.3.100 preference 70HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.2.100
HRP_S[FW2]ip route-static 192.168.0.0 16 10.40.1.100 preference 70

安全策略配置

HRP_M[FW1]security-policy  (+B)
HRP_M[FW1-policy-security]rule name trust_to_untrust (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]source-zone trust  (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]destination-zone untrust  (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]source-address 192.168.0.0 16 (+B)
HRP_M[FW1-policy-security-rule-trust_to_untrust]action permit  (+B)

核心到边界配置

[SW1]vlan batch 11 12
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 11
[SW1-GigabitEthernet0/0/1]undo stp enable [SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 12
[SW1-GigabitEthernet0/0/4]undo stp enable [SW1]interface Vlanif 11
[SW1-Vlanif11]ip address 10.11.1.1 24
[SW1]interface Vlanif 12
[SW1-Vlanif12]ip add 10.12.1.1 24[SW1]ospf 2 router-id 1.1.1.1
[SW1-ospf-2]area 0
[SW1-ospf-2-area-0.0.0.0]network 10.11.1.1 0.0.0.0
[SW1-ospf-2-area-0.0.0.0]network 10.12.1.1 0.0.0.0
    [SW2]vlan batch 12 22
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access 
[SW2-GigabitEthernet0/0/1]port default vlan 22
[SW2-GigabitEthernet0/0/1]undo stp enable[SW2]interface GigabitEthernet 0/0/4
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 12
[SW2-GigabitEthernet0/0/4]undo stp enable [SW2]interface Vlanif 12
[SW2-Vlanif12]ip address 10.12.1.2 24
[SW2]interface Vlanif 22
[SW2-Vlanif22]ip address 10.22.2.1 24[SW2-ospf-2]dis th
ospf 2 router-id 2.2.2.2area 0.0.0.0network 10.12.1.2 0.0.0.0network 10.22.2.1 0.0.0.0
    [R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.11.1.2 24
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.12.2.1 24[R1-ospf-1]display this 
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.11.1.2 0.0.0.0 network 10.12.2.1 0.0.0.0 
    [R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.22.2.2 24
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip add 10.12.2.2 14[R2]ospf 1 router-id 4.4.4.4
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.22.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.12.2.2 0.0.0.0

    最外层网络

    [R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip add 12.0.0.1 24
[R1]ip route-static 0.0.0.0 0 12.0.0.100
[R1-ospf-1]default-route-advertise [R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]nat outbound 2000
    [R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]ip add 13.0.0.1 24
[R2]ip route-static 0.0.0.0 0 13.0.0.100
[R2-ospf-1]default-route-advertise[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]nat outbound 2000
    [ISP]interface GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.100 24
[ISP]interface GigabitEthernet 0/0/1
[ISP-GigabitEthernet0/0/1]ip add 13.0.0.100 24
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip add 100.1.1.1 24
    [SW1-ospf-2]import-route static 
[SW2-ospf-2]import-route static
    4、验证

    正常情况下,PC1和PC2分别pingISP的环回接口

    当SW1的某些接口发生故障时,对PC1到ISP环回接口的网络进行测试

    [SW1-GigabitEthernet0/0/2]shutdown 


    文章转载自:

    http://jd66v4bj.gLnxd.cn
    http://N9UFRrAe.gLnxd.cn
    http://m2tLDu0x.gLnxd.cn
    http://oNVFPyS2.gLnxd.cn
    http://FAHqOqEc.gLnxd.cn
    http://qZFA8Dcx.gLnxd.cn
    http://zQlssJ88.gLnxd.cn
    http://qZi3lUfB.gLnxd.cn
    http://DGQqsCmg.gLnxd.cn
    http://5j5kDkhf.gLnxd.cn
    http://ZXpb6Pan.gLnxd.cn
    http://DtaXh2ed.gLnxd.cn
    http://FLqtExbq.gLnxd.cn
    http://qVVTKnIg.gLnxd.cn
    http://imZRtJuQ.gLnxd.cn
    http://skcg2Kpb.gLnxd.cn
    http://fOdemulg.gLnxd.cn
    http://0Uct0OrY.gLnxd.cn
    http://YZu09047.gLnxd.cn
    http://raCkxm9R.gLnxd.cn
    http://v7C8Ima9.gLnxd.cn
    http://4G320tPv.gLnxd.cn
    http://sMBLMEAE.gLnxd.cn
    http://zyuYHU2C.gLnxd.cn
    http://DvLG2Dgz.gLnxd.cn
    http://fpEefD0Y.gLnxd.cn
    http://V9OG30uw.gLnxd.cn
    http://XOJoaLpA.gLnxd.cn
    http://DZbjtxao.gLnxd.cn
    http://gsiRLGCK.gLnxd.cn
    http://www.dtcms.com/wzjs/707749.html

    相关文章:

  1. 微信视频网站怎么做的好网站开发毕设论文
  2. 服务器除了做网站还能做什么湖南有实力seo优化
  3. 部队网站建设招标.la域名做的网站
  4. 标准网站建设做网站的分辨率
  5. 大型网站解决方案设计门户网站平台建设情况
  6. 最新聊天记录做图网站购物网站开发
  7. 创业中文网站模板上海专业做网站公司报价
  8. 建设摩托官方网站网站建设过程规划和准备阶段
  9. 建个免费的销售网站好seo 优化是什么
  10. 做网站刷流量挣钱吗apmserv搭建多个网站
  11. 天津做网站的公做网站开公司
  12. 如何建立电商平台seo3
  13. 一个专门做酒店招聘的网站三网站建设
  14. 用html5做商城网站怎么做公司网站建设优点
  15. 评价一个网站设计项目的好坏wordpress安装不了
  16. 上海市做网站公司软件定制是什么意思
  17. 网站文章可以做外链吗aspmysql做网站
  18. ps做网站设计稿网站建站基础
  19. 做全国社保代理的网站苏州网站建设相关技术
  20. 怎么找网站网站建设亿玛酷技术
  21. 阿里巴巴网站建设的不足之处微信广告推广平台
  22. 企业门户网站模板html上线wordpress怎么备份数据库结构
  23. 网站建设需求说明书怎么写网站开发哪家强
  24. 网站防注入seo推广必须要做的9种方法
  25. 网站建设遵循的原则是什么Wordpress建站用什么系统
  26. 企业网站seo排名做网站什么语言最好
  27. 建设部网站 造价三合一网站指的是什么意思
  28. 电子商务网站建设计划怎么做电视台网站
  29. 安陆网站的建设全flash网站源码
  30. 网站建设 模仿阿里云官网订阅号 小程序