At present, the main technologies or agreements of my country's industrial parks are as follows:
1. NAT: Network Address Translation, network address translation.
Simply put, NAT is to use the internal address in the internal network of the local area network, and when the internal node wants to communicate with the external network, it replaces the internal address with the public address at the gateway, so as to be normal on the external public network (internet). Using, NAT can make multiple computers share the Internet connection, which is a good solution to the problem of shortage of public IP addresses. In this way, you can only apply for a legal IP address, and connect the computers in the entire local area network to the Internet. At this time, NAT shields the internal network, all internal network computers are invisible to the public network, and internal network computer users are usually unaware of the existence of NAT.
(1) Static NAT (one intranet address to one public address)
Ingress and egress interface nat static globle egress public network IP address (this address must not be an external network IP, it is another leased public network address) inside internal PC ip address netmask 255.255.255.255
(2) Dynamic NAT-PAT (multiple intranet addresses to multiple public addresses)
1. Configure the NAT address pool
Globally: nat address-group 1 202.15.0.10 202.15.0.20
2. Configure ACL to capture the intranet address segment
acl 2000
rule permit source 192.168.10.1 0.0.0.255
3. Call on the external network port
nat outbound 2000 address-gtoup 1 under the interface
public network access router
ip route-static 202.15.0.0 24 Next hop address //The ISP needs to point back to a route to the company's NAT external network address pool
(3) Easyip multiple intranet addresses to one interface
Enter the external network port
Enter nat outbound 2000 under the interface
View nat commands
display nat outbound
(4) Static PAT (one-to-one, is the IP and service of the external network IP and service mapping intranet server)
Configure the NAT address pool on the relay router
Configure nat address-group 1 15.0.0.10 15.0.0.11 globally
Enter the external network interface
Under the interface, enter nat server protocol tcp global 202.15.0.10 80 (port number) inside intranet server IP address port number
Verify correct
display nat sever //Check whether the mapping between the nat external network IP and the internal network server service is successful
Note: If the default data port of the FTP service is not enabled, it needs to be opened manually.
Configure nat alg ftp/dns/all enable globally
2. LLDP: Link Layer Discovery Protocol, link layer discovery protocol. The Link Layer Discovery Protocol is a Layer 2 discovery protocol defined in IEEE 802.1ab. By using LLDP technology, when the network scale is rapidly expanding, the network management system can quickly grasp the layer 2 network topology information and topology change information.
Configure LLDP
sysname AR1
1. LLDP start
lldp enable
2. LLDP local address
lldp management-address 10.10.10.1
3. Period and delay time of LLDP packets
lldp message-transmission interval 60
lldp message-transmission delay 9
3, NETCONF: Network Configuration Protocol, network configuration protocol. NETCONF is a protocol that provides configuration management of network devices. It uses data-encoded extensible markup language configuration data and protocol information to provide mechanisms for installing, operating and deleting network element configurations.
The netconf protocol can be conceptually divided into 4 layers:
1: The secure transport layer provides a communication path for the interaction between the client and the server
2: The message layer provides a simple mechanism for generating RPC request and response message frames without relying on the transport protocol layer. The client encapsulates the RPC request content in an element and sends it to the server; the server encapsulates the request processing result in an element and responds to the client
3: The operation layer defines a set of basic operations, which are used as RPC invocation methods, and these methods can be invoked with XML-encoded parameters.
4: The content layer has the data model definition of the management object, and the data model definition depends on the implementation of netconf
4. YANG: Yet Another Next Generation, a data modeling language for data sent through the NETCONF network configuration protocol, which can be used to model the configuration data and status data of network elements.
5, SNMP: Simple Network Management Protocol, Simple Network Management Protocol.
6. VRRP: Virtual Router Redundancy Protocol, Virtual Router Redundancy Protocol.
Simple configuration commands
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.1.10
vrrp vrid 20 priority 120
vrrp vrid 20 preempt-mode timer delay 10
vrrp vrid 20 track interface GigabitEthernet0/0/2 reduced 30
interface GigabitEthernet0/0/2
ip address 20.1.1.1 255.255.255.0
vrrp vrid 10 virtual-ip 20.1.1.10
vrrp vrid 10 priority 120
vrrp vrid 10 preempt-mode timer delay 10
vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 30
vrrp vrid 10 authentication-mode md5 % % &ehd6~!yKIMcEVYwm’H,4SmY%
7. MSTP: Multiple Spanning Tree Protocol, multiple spanning tree protocol.
Simple configuration command:
stp region-configuration //Configure multiple spanning tree instances
region-name MSTP //Modify the domain name of this SW to MSTP (the default is the SW backplane MAC, unified across the network)
instance 1 vlan 10 //Create spanning tree instance 1 to map vlan 10
instance 2 vlan 20 //Create spanning tree instance 2 to map vlan 20
active region-configuration //Activate the above configuration for MSTP
stp instance 1 root primary //This SW-1 is the primary root bridge of spanning tree instance 1
stp instance 2 root secondary //This SW-1 is the backup root bridge of spanning tree instance 2
WLAN networking architecture
1. Wireless access point (AP, Access Point). Generally, it supports three working modes: FATAP (fat AP), FITAP (thin AP) and cloud management AP. According to the needs of network planning, it can be flexibly switched between various modes.
FAT AP: suitable for family, independent work, needs to be configured separately, the function is relatively simple, and the cost is low. Complete functions such as user access, authentication, data security, service forwarding and QoS independently.
sys
dhcp enable //Enable DHCP service
vlan 10 //Create service vlan
interface vlan 10 //Enter vlan101 interface
ip address 172.16.1.1 24 //Configure service vlan gateway address
dhcp select interface //Enable interface DHCP service
wlan
country-code CN //Configure country code
security-profile name security //Create security profile
ssid-profile name H //Create SSID profile
ssid H //Define SSID number as H
vap- profile name VAP //Create VAP profile
ssid-profile H //Reference SSID profile
security-profile security //Reference security profile
service-vlan vlan-id 10 //Bind service vlan
interface wlan-radio 0/0/0 // Enter the radio interface
vap-profile VAP wlan 1 //Call the VAP profile
interface wlan-radio 0/0/1
vap-profile VAP wlan 1
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 //Specify the default route to the external network
Fit AP: It is suitable for large and medium-sized enterprises and needs to be used in conjunction with the AC. It is managed and configured by the AC in a unified manner. It has rich functions and requires high skills for network maintenance personnel. Functions such as user access, AP online, authentication, routing, AP management, security protocols, and QoS need to be completed with the AC.
Cloud management: It is suitable for small and medium-sized enterprises and needs to be used in conjunction with the cloud management platform, which is managed and configured uniformly by the cloud management platform. It has rich functions, plug and play, and requires low skills for network maintenance personnel.
2. Wireless access controller (AC, Access Controller). Generally located at the convergence layer of the entire network, it provides high-speed, safe and reliable WLAN services. . Provides wireless data control services with large capacity, high performance, high reliability, easy installation and maintenance, and has the advantages of flexible networking, green energy saving, etc.
sys HW
vlan b 10 70
wlan service-template 1
ssid 1
service-template enable
interface Vlan-interface10
ip address 10.1.1.1 255.255.255.0
interface Vlan-interface70
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 70
ip route-static 10.1.1.0 24 10.20.1.1
wlan ap 74ea-cbb4-7ac0 model WA4320i-ACN
serial-id 210235A1GPC177000751
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
wlan ap 74eac8114080 model WA4320i-ACN
serial-id 210235A1GPC179001703
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
wlan whitelist mac-address 3052-cb02-27ec
wlan whitelist mac-address d0fc-cc37-1604