摘要
(展示部分文档,想要细节文档看评论区)
电子信息学院数据中心经过几年的快速发展,已经跟不上信息化时代的步伐,硬件设备陈旧,网络冗余差,安全性差,耗能高,管理麻烦复杂,逐渐满足不了学院对数据的安全要求和管理要求,需要对数据中心重新进行规划与设计,通过更换更高性能的硬件设施,配置冗余,防火墙,远程控制,虚拟平台,技术,从设备、管理、安全等方面对数据中心存在的问题进行系统性的规划设计。根据实际配置网络和搭建设备解决了网络冗余问题,加入防火墙及一系列的策略配置解决了安全问题,集中放置解决了管理问题问题,在硬件的选取和网络搭建上解决了耗能高问题,最终在机房中通过设备的选取,设计和摆放,解决了电磁强度、屏蔽、防漏、电源质量、振动、防雷、接地和安全保卫等要求。
关键词:数据中心机房;机房环境;安全可靠;先进
一、数据中心的拓扑和早期概念图
存储网:
业务网:
管理网:
网络拓扑图结束,我们来看核心代码
二、核心代码展示
服务器配置:
外网服务器:
外网主机:
内网服务器ping:
Ping外网服务器:
连通性测试完毕。
管理网:
测试:
主机是否可以ping通服务器和外网:
测试内网:
测试外网:
测试成功
业务网:
测试:
测试成功
核心代码展示:
配置思路和布局:
Sw1:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys sw1(改名)
[sw1]un in EN(关闭信息提示)
Info: Information center is disabled.
[sw1]VLAN batch 10 20 30 40 50 60 100 101(创建vlan)
[sw1]int Vlanif 10(进入vlan10)
[sw1-Vlanif10]ip ad 192.168.10.254 24(配置IP,做后面配置的网关)
[sw1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252(配置VRRP协议的虚拟IP地址)
[sw1-Vlanif10]vrrp vrid 10 priority 120(配置优先级)
[sw1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/1(创建监视端口实现快速主备切换)
[sw1-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2(创建监视端口实现快速主备切换)
[sw1-Vlanif20]q
[sw1]int Vlanif 30
[sw1-Vlanif30]ip ad 192.168.30.254 24
[sw1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[sw1-Vlanif30]vrrp vrid 30 priority 120
[sw1-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/1
[sw1-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/2
[sw1-Vlanif30]q
[sw1]int Vlanif 40
[sw1-Vlanif40]ip ad 192.168.40.254 24
[sw1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[sw1-Vlanif40]vrrp vrid 40 priority 120[sw1-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/1
[sw1-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/2
[sw1-Vlanif40]q
[sw1]int Vlanif 50
[sw1-Vlanif50]ip ad 192.168.50.254 24
[sw1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[sw1-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/1
[sw1-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/2
[sw1-Vlanif50]q
[sw1]int Vlanif 60
[sw1-Vlanif60]
[sw1-Vlanif60]ip address 192.168.60.254 24
[sw1-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[sw1-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/1
[sw1-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/2
[sw1]vlan batch 5 7(创建vlan)
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw1]int Vlanif 5
[sw1-Vlanif5]ip ad 192.168.5.2 24
[sw1-Vlanif5]int vlan7
[sw1-Vlanif7]ip ad 192.168.7.2 24
[sw1-Vlanif7]q
[sw1]int g
[sw1]int GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access (配置接口类型为接入模式)
[sw1-GigabitEthernet0/0/1]port default vlan 5(允许通过vlan5)
[sw1-GigabitEthernet0/0/1]int g
[sw1-GigabitEthernet0/0/1]q
[sw1]int g
[sw1]int GigabitEthernet 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1-GigabitEthernet0/0/2]port default vlan 7
[sw1-GigabitEthernet0/0/2]q
[sw1] User interface con0 is available
[sw1]int e
[sw1]int Eth-Trunk 1(创建链路聚合端口)
[sw1-Eth-Trunk1]port link-type trunk (改为通道模式)
[sw1-Eth-Trunk1]port trunk allow-pass vlan all (允许所有vlan通过)
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/3(加入trunk口)
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[sw1]int g
[sw1]int GigabitEthernet 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type trunk
[sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/5]int GigabitEthernet 0/0/6
[sw1-GigabitEthernet0/0/6]port link-type trunk
[sw1-GigabitEthernet0/0/6]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/6]int GigabitEthernet 0/0/7
[sw1-GigabitEthernet0/0/7]port link-type trunk
[sw1-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/7]int GigabitEthernet 0/0/10
[sw1-GigabitEthernet0/0/10]port link-type trunk
[sw1-GigabitEthernet0/0/10]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/10]q
[sw1]int GigabitEthernet 0/0/11
[sw1-GigabitEthernet0/0/8]
[sw1]stp en
[sw1]stp enable (配置生成树)
[sw1]stp region-configuration进入生成树配置模式)
[sw1-mst-region]re
[sw1-mst-region]region-name huawei(改名)
[sw1-mst-region]re
[sw1-mst-region]region-name
[sw1-mst-region]revision-level 5(配置生成树的权限)
[sw1-mst-region]instance 1 vlan 10 20 30 100(把vlan划分到实例中)
[sw1-mst-region]instance 2 vlan 40 50 60
[sw1-mst-region]active region-configuration (激活实例)
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw1]stp instance 1 root primary (配置实例的优先级的主次)
[sw1]stp instance 2 root secondary (配置实例的优先级的主次)
[sw1]
Sw2:
[sw2]
[sw2]un in en
Info: Information center is disabled.
[sw2]vlan batch 10 20 30 40 50 60 100 101 6 8(创建vlan)
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw2]int vlan
[sw2]int Vlanif 10
[sw2-Vlanif10]ip address 192.168.10.253 24
[sw2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.252
[sw2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/1
[sw2-Vlanif10]vrrp vrid 10 track interface GigabitEthernet 0/0/2
[sw2-Vlanif10]q
[sw2]int vl
[sw2]int Vlanif 20
[sw2-Vlanif20]ip address 192.168.20.253 24
[sw2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.252
[sw2-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/1
[sw2-Vlanif20]vrrp vrid 20 track interface GigabitEthernet 0/0/2
[sw2-Vlanif20]q
[sw2]int Vlanif 30
[sw2-Vlanif30]ip ad 192.168.30.253 24
[sw2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.252
[sw2-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/1
[sw2-Vlanif30]vrrp vrid 30 track interface GigabitEthernet 0/0/2
[sw2-Vlanif30]q
[sw2]int Vlanif 40
[sw2-Vlanif40]ip ad 192.168.40.253 24
[sw2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.252
[sw2-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/1
[sw2-Vlanif40]vrrp vrid 40 track interface GigabitEthernet 0/0/2
[sw2-Vlanif40]q
[sw2]int Vlanif 50
[sw2-Vlanif50]q
[sw2]int Vlanif 40
[sw2-Vlanif40]display this
#
interface Vlanif40
ip address 192.168.40.253 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.252
vrrp vrid 40 track interface GigabitEthernet0/0/1
vrrp vrid 40 track interface GigabitEthernet0/0/2
#
return
[sw2-Vlanif40]vrrp vrid 40 priority 120
[sw2-Vlanif40]display this
#
interface Vlanif40
ip address 192.168.40.253 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.252
vrrp vrid 40 priority 120
vrrp vrid 40 track interface GigabitEthernet0/0/1
vrrp vrid 40 track interface GigabitEthernet0/0/2
#
return
[sw2-Vlanif40]q
[sw2]int v
[sw2]int Vlanif 50
[sw2-Vlanif50]ip ad 192.168.50.253 24
[sw2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.252
[sw2-Vlanif50]vrrp vrid 50 priority 120
[sw2-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/1
[sw2-Vlanif50]vrrp vrid 50 track interface GigabitEthernet 0/0/2
[sw2-Vlanif50]q
[sw2]int vlna
[sw2]int vl
[sw2]int Vlanif 60
[sw2-Vlanif60]ip ad 192.168.60.253 24
[sw2-Vlanif60]vrrp vrid 60 virtual-ip 192.168.60.252
[sw2-Vlanif60]vrrp vrid 60 priority 120
[sw2-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/1
[sw2-Vlanif60]vrrp vrid 60 track interface GigabitEthernet 0/0/2
[sw2-Vlanif60]
[sw2-Vlanif60]q
[sw2][sw2-Vlanif60]
[sw2-Vlanif60]q
[sw2]int Vlanif 6
[sw2-Vlanif6]ip ad 192.168.6.2 24
[sw2-Vlanif6]q
[sw2]int Vlanif 8
[sw2-Vlanif8]ip ad 192.168.8.2 24
[sw2-Vlanif8]q
[sw2]int g
[sw2]int GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 8
[sw2-GigabitEthernet0/0/1]int g0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/2]port default vlan 6
[sw2-GigabitEthernet0/0/2]q
[sw2]int e
[sw2]int Eth-Trunk
[sw2]int Eth-Trunk 1
[sw2-Eth-Trunk1]port link-type trunk
[sw2-Eth-Trunk1]port trunk allow-pass vlan all
[sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw2-Eth-Trunk1]trunkport GigabitEthernet 0/0/4
[sw2-Eth-Trunk1]q
[sw2]int g
[sw2]int GigabitEthernet 0/0/6
[sw2-GigabitEthernet0/0/6]port link-type trunk
[sw2-GigabitEthernet0/0/6]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/6]int GigabitEthernet 0/0/7
[sw2-GigabitEthernet0/0/7]port link-type trunk
[sw2-GigabitEthernet0/0/7]p
[sw2-GigabitEthernet0/0/7]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/7]int GigabitEthernet 0/0/5
[sw2-GigabitEthernet0/0/5]port link-type trunk
[sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/5]int GigabitEthernet 0/0/10
[sw2-GigabitEthernet0/0/10]port link-type trunk
[sw2-GigabitEthernet0/0/10]int GigabitEthernet 0/0/10
[sw2-GigabitEthernet0/0/10]int GigabitEthernet 0/0/9
[sw2-GigabitEthernet0/0/9]port link-type trunk
[sw2-GigabitEthernet0/0/9]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/9]int GigabitEthernet 0/0/11
[sw2-GigabitEthernet0/0/11]port link-type trunk
[sw2-GigabitEthernet0/0/11]port trunk allow-pass vlan all
Sw3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys sw3
[sw3]un in en
Info: Information center is disabled.
[sw3]vlan batch vlan 10 20 30 40 50 60 100 101
[sw3]stp enable
[sw3]st
[sw3]stp re
[sw3]stp region-configuration
[sw3-mst-region]re
[sw3-mst-region]region-name huawei
[sw3-mst-region]re
[sw3-mst-region]region-name
[sw3-mst-region]revision-level 5
[sw3-mst-region]in
[sw3-mst-region]instance 1 v
[sw3-mst-region]instance 1 vlan 10 20 30 100
[sw3-mst-region]in
[sw3-mst-region]instance 2 v
[sw3-mst-region]instance 2 vlan 40 50 60
[sw3-mst-region]active region-configuration
[sw3-mst-region]q
[sw3]int g
[sw3]int GigabitEthernet 0/0/1
[sw3-GigabitEthernet0/0/1]port link-type trunk
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan al
[sw3-GigabitEthernet0/0/1]int g0/0/2
[sw3-GigabitEthernet0/0/2]port link-type trunk
[sw3-GigabitEthernet0/0/2]po
[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw3-GigabitEthernet0/0/2]int e0/0/1
[sw3-Ethernet0/0/1]port link-type access
[sw3-Ethernet0/0/1]port default vlan 10
[sw3-Ethernet0/0/1]int e0/0/2
[sw3-Ethernet0/0/2]port link-type access
[sw3-Ethernet0/0/2]port default vlan 10
[sw3-Ethernet0/0/2]q
[sw3]
Sw4:
The device is running!
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys sw4
[sw4]vlan batch 10 20 30 40 50 60 100 101
Info: This operation may take a few seconds. Please wait for a moment...done.
#
stp region-configuration
region-name huawei
revision-level 5
instance 1 vlan 10 20 30 100
instance 2 vlan 40 50 60
active region-configuration
#
return
[sw4-mst-region]st
[sw4-mst-region]stp re
[sw4-mst-region]q
[sw4]st
[sw4]stp re
[sw4]stp region-configuration
[sw4-mst-region]q
[sw4]int g
[sw4]int GigabitEthernet 0/0/1
[sw4-GigabitEthernet0/0/1]port link-type trunk
[sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw4-GigabitEthernet0/0/1]int g0/0/2
[sw4-GigabitEthernet0/0/2]port link-type trunk
[sw4-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw4-GigabitEthernet0/0/2]q
[sw4]int e
[sw4]int Eth
[sw4]int Ethernet0/0/1
[sw4-Ethernet0/0/1]port link-type access
[sw4-Ethernet0/0/1]port default vlan 20
[sw4-Ethernet0/0/1]int e0/0/2
[sw4-Ethernet0/0/2]port link-type ac
[sw4-Ethernet0/0/2]port default vlan 20
[sw4-Ethernet0/0/2]q
[sw4]q
<sw4>save
Sw5:
The device is running!
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys sw5
[sw5]vlan batch 10 20 30 40 50 60 100 101
[sw5]vlan batch 10 20 30 40 50 60 100 101
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw5]stp enable
[sw5]stp region-configuration
[sw5-mst-region]region-name huawei
[sw5-mst-region]revision-level 5
[sw5-mst-region]instance 1 vlan 10 20 30 100
[sw5-mst-region]instance 2 vlan 40 50 60
[sw5-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw5]int GigabitEthernet 0/0/1
[sw5-GigabitEthernet0/0/1]port link-type trunk
[sw5-GigabitEthernet0/0/1]port trunk allow-pass vlan al
[sw5-GigabitEthernet0/0/1]int g0/0/2
[sw5-GigabitEthernet0/0/2]port link-type trunk
[sw5-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw5-GigabitEthernet0/0/2]int e
[sw5-GigabitEthernet0/0/2]int e0/0/1
[sw5-Ethernet0/0/1]port link-type access
[sw5-Ethernet0/0/1]port default vlan 30
[sw5-Ethernet0/0/1]int e0/0/2
[sw5-Ethernet0/0/2]port link-type access
[sw5-Ethernet0/0/2]port default vlan 30
[sw5-Ethernet0/0/2]
Sw6:
The device is running!
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys
^
Error:Incomplete command found at '^' position.
[Huawei]sys sw6
[sw6]vlan batch 10 20 30 40 50 60 100 101
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw6]stp enable
[sw6]stp enable
[sw6]stp region-configuration
[sw6-mst-region]region-name huawei
[sw6-mst-region]region-name huawei
[sw6-mst-region]revision-level 5
[sw6-mst-region]instance 1 vlan 10 20 30 100
[sw6-mst-region]instance 2 vlan 40 50 60
[sw6-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw6-mst-region]q
[sw6]int g
[sw6]int GigabitEthernet 0/0/1
[sw6-GigabitEthernet0/0/1]port link-type trunk
[sw6-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw6-GigabitEthernet0/0/1]int g
[sw6-GigabitEthernet0/0/1]int g0/0/2
[sw6-GigabitEthernet0/0/2]port link-type trunk
[sw6-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw6-GigabitEthernet0/0/2]int e0/0/1
[sw6-Ethernet0/0/1]port link-type access
v
[sw6-Ethernet0/0/1]port default vlan 40
[sw6-Ethernet0/0/1]int e0/0/2
[sw6-Ethernet0/0/2]port link-type access
[sw6-Ethernet0/0/2]port default vlan 40
[sw6-Ethernet0/0/2]
R1:
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys R1
[R1]int g
[R1]int GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip ad
[R1-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[R1-GigabitEthernet0/0/2]int g
[R1-GigabitEthernet0/0/2]int g0/0/1
[R1-GigabitEthernet0/0/1]ip ad
[R1-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad
[R1-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[R1-GigabitEthernet0/0/0]
<R1>
<R1>
<R1>
R2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys R2
[R2]int g
[R2]int GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]dis
[R2-GigabitEthernet0/0/0]discardth
[R2-GigabitEthernet0/0/0]disp
[R2-GigabitEthernet0/0/0]display th
[R2-GigabitEthernet0/0/0]display this
[V200R003C00]
#
interface GigabitEthernet0/0/0
#
return
[R2-GigabitEthernet0/0/0]
[R2-GigabitEthernet0/0/0]
[R2-GigabitEthernet0/0/0]q
[R2]int g
[R2]int GigabitEthernet 1/0/0
[R2-GigabitEthernet1/0/0]ip ad
[R2-GigabitEthernet1/0/0]ip address 192.168.7.1
^
Error:Incomplete command found at '^' position.
[R2-GigabitEthernet1/0/0]ip address 192.168.7.1 24
[R2-GigabitEthernet1/0/0]int g
[R2-GigabitEthernet1/0/0]int g0/0/0
[R2-GigabitEthernet0/0/0]ip ad
[R2-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip ad
[R2-GigabitEthernet0/0/1]ip address 192.168.3.2 24
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip address 192.168.8.1 24
[R2-GigabitEthernet0/0/2]
[R2-GigabitEthernet0/0/2]
防火墙的配置:
FW1:
<USG6000V1>
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sys
[USG6000V1]sysname FW1
[FW1]un in
May 15 2022 01:58:59 FW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3
.1 configurations have been changed. The current change number is 1, the change
loop count is 0, and the maximum number of records is 4095.
[FW1]un in en
Info: Saving log files...
Info: Information center is disabled.
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]ip ad
[FW1-GigabitEthernet1/0/0]ip address 192.168.2.1 24
[FW1-GigabitEthernet1/0/0]intg1/0/1
^
Error: Unrecognized command found at '^' position.
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip ad 192.168.3.1 24
[FW1-GigabitEthernet1/0/1]int g0/0/0
[FW1-GigabitEthernet0/0/0]ip ad 192.168.200.1 24
[FW1-GigabitEthernet0/0/0]int g1/0/2
[FW1-GigabitEthernet1/0/2]ip ad 200.10.10.1 30
[FW1-GigabitEthernet1/0/2]q
[FW1]f
[FW1]firewall z
[FW1]firewall zone
[FW1]firewall zone t
[FW1]firewall zone trust (配置策略:新任)
[FW1-zone-trust]add interface g1/0/0(加入接口)
[FW1-zone-trust]add interface g1/0/1
[FW1-zone-trust]f
[FW1-zone-trust]firewall z
[FW1-zone-trust]firewall z
[FW1-zone-trust]q
[FW1]f
[FW1]firewall z
[FW1]firewall zone u
[FW1]firewall zone untrust (创建不信任策略)
[FW1-zone-untrust]ad
[FW1-zone-untrust]add i
[FW1-zone-untrust]add interface g1/0/2(加入端口)
[FW1-zone-untrust]q
[FW1]f
[FW1]firewall d
[FW1]firewall dns
[FW1]firewall detect
[FW1]firewall defend
[FW1]firewall zone dmz (创建DMZ区域)
[FW1-zone-dmz]ad
[FW1-zone-dmz]add int g0/0/0(加入接口)
Error: The interface has been added to trust security zone.
[FW1]int g1/0/0
[FW1-GigabitEthernet1/0/0]service-manage all permit (开启服务管理权限)
[FW1-GigabitEthernet1/0/0]int g
[FW1-GigabitEthernet1/0/0]int g1/0/1
[FW1-GigabitEthernet1/0/1]service-manage all permit
[FW1]int g0/0/0
[FW1-GigabitEthernet0/0/0]service-manage all permit
[FW1-GigabitEthernet0/0/0]q
[FW1]
[FW1]
R1:
[R1]os
[R1]ospf 30(创建动态路由)
[R1-ospf-30]area 0(创建区域)
[R1-ospf-30-area-0.0.0.0]network 192.168.5.0 0.0.0.255(加入配置的IP网段)
[R1-ospf-30-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[R1-ospf-30-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[R1-ospf-30-area-0.0.0.0]network 192.168.2.0 0.0.0.255
Sw1:
<sw1>sys
Enter system view, return user view with Ctrl+Z.
[sw1]os
[sw1]ospf 10
[sw1-ospf-10]ar
[sw1-ospf-10]area 0
[sw1-ospf-10-area-0.0.0.0]netw
[sw1-ospf-10-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[sw1-ospf-10-area-0.0.0.0]
[sw1-ospf-10-area-0.0.0.0]
Sw2:
[sw2]os
[sw2]ospf 20
[sw2-ospf-20]ar
[sw2-ospf-20]area 0
[sw2-ospf-20-area-0.0.0.0]netw
[sw2-ospf-20-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.50.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.60.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.6.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]network 192.168.8.0 0.0.0.255
[sw2-ospf-20-area-0.0.0.0]
[sw2-ospf-20-area-0.0.0.0]
<sw2>
Fw:
<FW1>sys
Enter system view, return user view with Ctrl+Z.
[FW1]os
[FW1]ospf 50
[FW1-ospf-50]are
[FW1-ospf-50]area 0
[FW1-ospf-50-area-0.0.0.0]netw
[FW1-ospf-50-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[FW1-ospf-50-area-0.0.0.0]de
[FW1-ospf-50-area-0.0.0.0]default-cost
[FW1-ospf-50-area-0.0.0.0]description
[FW1-ospf-50-area-0.0.0.0]default-r
[FW1-ospf-50-area-0.0.0.0]q
[FW1-ospf-50]default-route-advertise always
[FW1-ospf-50]q
[FW1]ip route-static 0.0.0.0 0.0.0.0 200.10.10.2(配置静态IP)
[FW1]
R3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R2
[R2]
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip ad 200.10.10.2 30
May 15 2022 11:36:00-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R2-GigabitEthernet0/0/0]
[R2-GigabitEthernet0/0/0]q
[R2]un in en
Info: Information center is disabled.
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip ad 200.10.20.1 28
[R2-GigabitEthernet0/0/1]
R2dhcp:
R1:
[R1-GigabitEthernet0/0/2]q
[R1]dh
[R1]dhcp en
[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip poo
[R1]ip pool vlan10
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan10]netw
[R1-ip-pool-vlan10]network 192.168.10.0 ma
[R1-ip-pool-vlan10]network 192.168.10.0 mask 24
[R1-ip-pool-vlan10]g
[R1-ip-pool-vlan10]gateway-list 192.168.10.254
[R1-ip-pool-vlan10]dns
[R1-ip-pool-vlan10]dns-list 114.114.114.114
[R1-ip-pool-vlan10]q
[R1]ip poo
[R1]ip pool vlan
[R1]ip pool vlan20
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan20]netw
[R1-ip-pool-vlan20]network 192.168.20.0 ma
[R1-ip-pool-vlan20]network 192.168.20.0 mask 24
[R1-ip-pool-vlan20]g
[R1-ip-pool-vlan20]gateway-list 192.168.20.254
[R1-ip-pool-vlan20]dns
[R1-ip-pool-vlan20]dns-list 114.114.114.114
[R1-ip-pool-vlan20]ex
[R1-ip-pool-vlan20]excluded-ip-address 192.168.20.1 192.168.20.100
[R1-ip-pool-vlan20]q
[R1]ip pooo
[R1]ip poo
[R1]ip pool valn
[R1]ip pool va
[R1]ip pool vla
[R1]ip pool vlan30
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan30]netw
[R1-ip-pool-vlan30]network 192.168.30.0 ma
[R1-ip-pool-vlan30]network 192.168.30.0 mask 24
[R1-ip-pool-vlan30]g
[R1-ip-pool-vlan30]gateway-list 192.168.30.254
[R1-ip-pool-vlan30]dns
[R1-ip-pool-vlan30]dns-list 114.114.114.114
[R1-ip-pool-vlan30]ex
[R1-ip-pool-vlan30]excluded-ip-address 192.168.30.1
[R1-ip-pool-vlan30]q
[R1]ip poo
[R1]ip pool vlan
[R1]ip pool vlan40
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan40]netw
[R1-ip-pool-vlan40]network 192.168.40.0 ma
[R1-ip-pool-vlan40]network 192.168.40.0 mask 24
[R1-ip-pool-vlan40]g
[R1-ip-pool-vlan40]gateway-list 192.168.40.254
[R1-ip-pool-vlan40]dns
[R1-ip-pool-vlan40]dns-list 114.114.114.114
[R1-ip-pool-vlan40]ex
[R1-ip-pool-vlan40]excluded-ip-address 192.168.40.1
[R1-ip-pool-vlan40]q
[R1]ip poo
[R1]ip pool vlan50
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan50]netw
[R1-ip-pool-vlan50]network 192.168.50.0 ma
[R1-ip-pool-vlan50]network 192.168.50.0 mask 24
[R1-ip-pool-vlan50]g
[R1-ip-pool-vlan50]gateway-list 192.168.50.254
[R1-ip-pool-vlan50]dns
[R1-ip-pool-vlan50]dns-list 114.114.114.114
[R1-ip-pool-vlan50]ex
[R1-ip-pool-vlan50]excluded-ip-address 192.168.50.1
[R1-ip-pool-vlan50]q
[R1]ip pool vlan60
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan60]netw
[R1-ip-pool-vlan60]network 192.168.60.0 ma
[R1-ip-pool-vlan60]network 192.168.60.0 mask 24
[R1-ip-pool-vlan60]g
[R1-ip-pool-vlan60]gateway-list 192.168.60.254
[R1-ip-pool-vlan60]dns
[R1-ip-pool-vlan60]dns-list 114.114.114.114
[R1-ip-pool-vlan60]ex
[R1-ip-pool-vlan60]excluded-ip-address 192.168.60.1
[R1-ip-pool-vlan60]q
[R1]
Sw1配置dhcp:
<sw1>
<sw1>
<sw1>
<sw1>
<sw1>sys
Enter system view, return user view with Ctrl+Z.
[sw1]
[sw1]ip pool vlan10
Info:It's successful to create an IP address pool.
[sw1-ip-pool-vlan10]netw
[sw1-ip-pool-vlan10]network 192.168.10.0 ma
[sw1-ip-pool-vlan10]network 192.168.10.0 mask 24
[sw1-ip-pool-vlan10]g
[sw1-ip-pool-vlan10]gateway-list 192.168.10.252
[sw1-ip-pool-vlan10]dns
[sw1-ip-pool-vlan10]dns-list 114.114.114.114
[sw1-ip-pool-vlan10]ex
[sw1-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.150
[sw1-ip-pool-vlan10]dhc
[sw1-ip-pool-vlan10]q
[sw1]int vl
[sw1]int Vlanif 10
[sw1-Vlanif10]dhcp select global
[sw1-Vlanif10]q
[sw1]ip poo
[sw1]ip pool vlan
[sw1]ip pool vlan20
[sw1]int vlan
[sw1]int Vlanif 20
[sw1-Vlanif20]dhcp select global
[sw1-Vlanif20]q
[sw1]
[sw1]ip pool vlan30
Info:It's successful to create an IP address pool.
[sw1-ip-pool-vlan30]netw
[sw1-ip-pool-vlan30]network 192.168.30.0 mask 24
[sw1-ip-pool-vlan30]g
[sw1-ip-pool-vlan30]gateway-list 192.168.30.252
[sw1-ip-pool-vlan30]dns
[sw1-ip-pool-vlan30]dns-list 114.114.114.114
[sw1-ip-pool-vlan30]ex
[sw1-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.150
[sw1-ip-pool-vlan30]q
[sw1]int v
[sw1]int Vlanif 30
[sw1-Vlanif30]dhcp select global
[sw1-Vlanif30]q
[sw1]ip poo
[sw1]ip pool vlan
[sw1]ip pool vlan40
Info:It's successful to create an IP address pool.
[sw1-ip-pool-vlan40]network 192.168.40.0 mask 24
[sw1-ip-pool-vlan40]dns
[sw1-ip-pool-vlan40]dns-list 114.114.114.114
[sw1-ip-pool-vlan40]g
[sw1-ip-pool-vlan40]gateway-list 192.168.40.252
[sw1-ip-pool-vlan40]ex
[sw1-ip-pool-vlan40]excluded-ip-address 192.168.40.100 192.168.40.150
[sw1-ip-pool-vlan40]q
[sw1]int v
[sw1]int Vlanif 40
[sw1-Vlanif40]dhcp select global
[sw1-Vlanif40]q
[sw1]ip poo
[sw1]ip pool v
[sw1]ip pool vlan
[sw1]ip pool vlan50
Info:It's successful to create an IP address pool.
[sw1-ip-pool-vlan50]network 192.168.50.0 mask 24
[sw1-ip-pool-vlan50]g
[sw1-ip-pool-vlan50]gateway-list 192.168.50.252
[sw1-ip-pool-vlan50]dns
[sw1-ip-pool-vlan50]dns-list 114.114.114.114
[sw1-ip-pool-vlan50]ex
[sw1-ip-pool-vlan50]excluded-ip-address 192.168.50.100 192.168.50.150
[sw1-ip-pool-vlan50]q
[sw1]int v
[sw1]int Vlanif 50
[sw1-Vlanif50]dhcp select global
[sw1-Vlanif50]q
[sw1]int vlan
[sw1]ip poo
[sw1]ip pool v
[sw1]ip pool vlan60
Info:It's successful to create an IP address pool.
[sw1-ip-pool-vlan60]netw
[sw1-ip-pool-vlan60]network 192.168.60.0 ma
[sw1-ip-pool-vlan60]network 192.168.60.0 mask 24
[sw1-ip-pool-vlan60]g
[sw1-ip-pool-vlan60]gateway-list 192.168.60.252
[sw1-ip-pool-vlan60]dns
[sw1-ip-pool-vlan60]dns-list 114.114.114.114
[sw1-ip-pool-vlan60]ex
[sw1-ip-pool-vlan60]excluded-ip-address 192.168.60.100 192.168.60.150
[sw1-ip-pool-vlan60]q
[sw1]int v
[sw1]int Vlanif 60
[sw1-Vlanif60]dhcp select global
[sw1-Vlanif60]q
[sw1]
Sw2dhcp配置:
The device is running!
<sw2>sys
Enter system view, return user view with Ctrl+Z.
[sw2]ip poo
[sw2]ip pool vlan
[sw2]ip pool vlan10
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan10]network 192.168.10.0 mask 24
[sw2-ip-pool-vlan10]g
[sw2-ip-pool-vlan10]gateway-list 192.168.10.252
[sw2-ip-pool-vlan10]dns
[sw2-ip-pool-vlan10]dns-list 114.114.114.114
[sw2-ip-pool-vlan10]ex
[sw2-ip-pool-vlan10]excluded-ip-address 192.168.10.100 192.168.10.150
[sw2-ip-pool-vlan10]q
[sw2]int v
[sw2]int Vlanif 10
[sw2-Vlanif10]dhcp select global
Error: Please enable DHCP in the global view first.
[sw2-Vlanif10]q
[sw2]dh
[sw2]dhcp enn
[sw2]dhcp en
[sw2]int Vlanif 10
[sw2-Vlanif10]dhcp select global
[sw2-Vlanif10]q
[sw2]ip poo
[sw2]ip pool vlan
[sw2]ip pool vlan20
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan20]network 192.168.20.0 mask 24
[sw2-ip-pool-vlan20]dns
[sw2-ip-pool-vlan20]dns-list 114.114.114.114
[sw2-ip-pool-vlan20]dns
[sw2-ip-pool-vlan20]dns-list 114.114.114.114
Error:Part of the domain-name-server IP has already exist.
[sw2-ip-pool-vlan20]dis
[sw2-ip-pool-vlan20]display th
[sw2-ip-pool-vlan20]display this
#
ip pool vlan20
network 192.168.20.0 mask 255.255.255.0
dns-list 114.114.114.114
#
return
[sw2-ip-pool-vlan20]g
[sw2-ip-pool-vlan20]gateway-list 192.168.20.252
[sw2-ip-pool-vlan20]ex
[sw2-ip-pool-vlan20]excluded-ip-address 192.168.20.100 192.168.20.150
[sw2-ip-pool-vlan20]q
[sw2]int v
[sw2]int Vlanif 20
[sw2-Vlanif20]dh
[sw2-Vlanif20]dhcp se
[sw2-Vlanif20]dhcp select g
[sw2-Vlanif20]dhcp select global
[sw2-Vlanif20]q
[sw2]ip poo
[sw2]ip pool v
[sw2]ip pool vlan30
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan30]network 192.168.30.0 mask 24
[sw2-ip-pool-vlan30]dns
[sw2-ip-pool-vlan30]dns-list 114.114.114.114
[sw2-ip-pool-vlan30]g
[sw2-ip-pool-vlan30]gateway-list 192.168.30.252
[sw2-ip-pool-vlan30]ex
[sw2-ip-pool-vlan30]excluded-ip-address 192.168.30.100 192.168.30.150
[sw2-ip-pool-vlan30]q
[sw2]int v
[sw2]int Vlanif 30
[sw2-Vlanif30]dhcp select global
[sw2-Vlanif30]q
[sw2]ip pool vlan40
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan40]network 192.168.40.0 mask 24
[sw2-ip-pool-vlan40]g
[sw2-ip-pool-vlan40]gateway-list 192.168.40.252
[sw2-ip-pool-vlan40]dns
[sw2-ip-pool-vlan40]dns-list 114.114.114.114
[sw2-ip-pool-vlan40]ex
[sw2-ip-pool-vlan40]excluded-ip-address 192.168.40.100 192.168.40.150
[sw2-ip-pool-vlan40]q
[sw2]int v
[sw2]int Vlanif 40
[sw2-Vlanif40]dhcp select global
[sw2-Vlanif40]q
[sw2]ip poo
[sw2]ip pool v
[sw2]ip pool vlan50
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan50]netw
[sw2-ip-pool-vlan50]network 192.168.50.0ma
[sw2-ip-pool-vlan50]network 192.168.50.0 ma
[sw2-ip-pool-vlan50]network 192.168.50.0 mask 24
[sw2-ip-pool-vlan50]g
[sw2-ip-pool-vlan50]gateway-list 192.168.50.252
[sw2-ip-pool-vlan50]dns
[sw2-ip-pool-vlan50]dns-list 114.114.114.114.
[sw2]int v
[sw2]int Vlanif 50
[sw2-Vlanif50]dh
[sw2-Vlanif50]dhcp se
[sw2-Vlanif50]dhcp select g
[sw2-Vlanif50]dhcp select global
[sw2-Vlanif50]q
[sw2]ip pool vlan60
Info:It's successful to create an IP address pool.
[sw2-ip-pool-vlan60]netw
[sw2-ip-pool-vlan60]network 192.168.60.0 ma
[sw2-ip-pool-vlan60]network 192.168.60.0 mask 24
[sw2-ip-pool-vlan60]g
[sw2-ip-pool-vlan60]gateway-list 192.168.60.252
[sw2-ip-pool-vlan60]dns
[sw2-ip-pool-vlan60]dns-list 114.114.114.114
[sw2-ip-pool-vlan60]ex
[sw2-ip-pool-vlan60]excluded-ip-address 192.168.60.100 192.168.60.150
[sw2-ip-pool-vlan60]q
[sw2]int v
[sw2]int Vlanif 60
[sw2-Vlanif60]dh
[sw2-Vlanif60]dhcp se
[sw2-Vlanif60]dhcp select g
[sw2-Vlanif60]dhcp select global
[sw2-Vlanif60]q
[sw2]
总结
本人也是一个大学生,这个设计配置和文档都是可以直接做毕业设计的,有人想要的话可以加我可以做完整辅导