Comprehensive training report on network planning and deployment based on HCL

News 2023-09-10 06:10:59 views: null

0. Preface

        This experiment is a comprehensive experiment on network planning and comprehensive deployment. It is suitable for beginners to learn. This experiment was conducted using the H3C simulator. I hope it can help everyone understand the relevant instructions.

1. Purpose and significance of training

        ① Master the basic process of network planning and design

        Starting from demand analysis, gradually consider network topology, equipment selection, address planning, routing protocol selection, security strategy, etc., and finally complete a complete network planning and design scheme. Through practical operations, you can have a deeper understanding of the process and methods of network planning and design, and better understand key issues and application skills in network topology, equipment selection, address planning, and security policies.

        ② Master the configuration methods of common network devices

        In actual network deployment, the configuration of network devices is a crucial part. Different network devices have different functions and characteristics. Choosing the right device and performing correct configuration can greatly improve network performance, security, and reliability. It is required to select appropriate network equipment and configure it for the designed network solution, then understand the functions and configuration methods of different network equipment, and improve operational capabilities.

        ③ Master the method of network troubleshooting

        After the network is deployed, it is inevitable to encounter various problems and failures, such as link interruption, equipment failure, network congestion, etc. These faults will affect the normal operation of the network and may even cause the network to become unavailable. Therefore, in order to improve the reliability and stability of the network, this practical training requires students to master network troubleshooting and solving skills.

        ④ Improve the ability to solve practical problems

        In actual network deployment, various practical problems need to be faced, such as insufficient bandwidth, complex network topology, and changes in business requirements. To improve one's ability to analyze and solve problems, by simulating actual problems in different situations, cultivate problem-solving thinking and methods, and improve resilience and practical operation ability.

2. Practical training requirements

  • Master the principles of network topology planning and design
  • Learn IP address planning and configuration methods
  • Master the division of VLANs and implement communication between different VLANs through single-arm routing
  • Understand the different ways different switch interface types handle VLANs
  • Master the types, calculation and configuration methods of STP
  • Master the principles and configuration methods of routing protocols such as static routing protocols and OSPF protocols
  • Master various NAT types, understand their principles and perform actual configurations
  • Master a series of server configuration methods such as DNS server and WEB server configuration
  • Master the method of ACL to control access to device communication

3. Practical training content

3.1  Project requirements

        3.1.1 Planning part

        Build the experimental environment according to the figure and configure the IP address:

        3.1.2 Exchange part

        ① There are two departments within branch 1, vlan10 is the technical department, and vlan20 is the R&D department. Configure the corresponding vlan.

        ② The gateways of both vlans are on router R0, implemented using single-arm routing technology.

        ③ Trunk needs to be configured between switches and between Core and R0, and only vlan10 and 20 are allowed to pass for security reasons.

        ④ S1 serves as the STP root bridge of vlan10, and S2 serves as the STP root bridge of VLAN20.

        3.1.3 Routing part

        ① The Internet zone uses the OSPF protocol. R1/2/3 serves as area0, R2/3/4 serves as Area1, and R3/5 serves as Area2. Area 2 needs to be configured as a completely stub area in order to simplify routing entries.

        ② R0 and R6 are enterprise border devices and need to be configured with default routes in order to access the Internet.

        3.1.4 Other parts

        ① The public network DNS server provides DNS resolution services for branch 1.

        ② The web server of branch 2 provides web access services to branch 1.

        ③ Branch 1 needs to configure port mapping (PNAT) to enable internal hosts to access the Internet. However, in order to avoid code leakage, the R&D department is not allowed to access the Internet.

        ④ Branch two needs to configure static mapping to provide external web services. The domain name www.ownname.com.

3.2  Project configuration

        3.2.1  Planning part

        ① Build the experimental topology as shown in the figure as follows:

        ② The IP address configuration is as follows:

        R0:

  1. #  
  2. interface GigabitEthernet0/0.10  
  3.  ip address 192.168.1.254 255.255.255.0  
  4.  vlan-type dot1q vid 10  
  5. #  
  6. interface GigabitEthernet0/0.20  
  7.  ip address 192.168.2.254 255.255.255.0  
  8.  vlan-type dot1q vid 20  
  9. #  
  10. interface GigabitEthernet0/1  
  11.  port link-mode route  
  12.  combo enable copper  
  13.  ip address 10.1.1.1 255.255.255.0  
  14. #  

        PC 0:

         PC1:

        R1:

  1. #  
  2. interface GigabitEthernet0/0  
  3.  port link-mode route  
  4.  combo enable copper  
  5.  ip address 10.1.1.2 255.255.255.0  
  6. #  
  7. interface GigabitEthernet0/1  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 12.1.1.1 255.255.255.0  
  11. #  
  12. interface GigabitEthernet0/2  
  13.  port link-mode route  
  14.  combo enable copper  
  15.  ip address 13.1.1.1 255.255.255.0  
  16. #  

        R2:

  1. #  
  2. interface GigabitEthernet0/0  
  3.  port link-mode route  
  4.  combo enable copper  
  5.  ip address 12.1.1.2 255.255.255.0  
  6. #  
  7. interface GigabitEthernet0/1  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 24.1.1.1 255.255.255.0  
  11. #  

        R3:

  1. #  
  2. interface GigabitEthernet0/0  
  3.  port link-mode route  
  4.  combo enable copper  
  5.  ip address 34.1.1.1 255.255.255.0  
  6. #  
  7. interface GigabitEthernet0/1  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 13.1.1.2 255.255.255.0  
  11. #  
  12. interface GigabitEthernet5/0  
  13.  port link-mode route  
  14.  combo enable copper  
  15.  ip address 35.1.1.1 255.255.255.0  
  16. #  

        R4:

  1. #  
  2. interface GigabitEthernet0/0  
  3.  port link-mode route  
  4.  combo enable copper  
  5.  ip address 24.1.1.2 255.255.255.0  
  6. #  
  7. interface GigabitEthernet0/1  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 34.1.1.2 255.255.255.0  
  11. #  
  12. interface GigabitEthernet0/2  
  13.  port link-mode route  
  14.  combo enable copper  
  15.  ip address 100.1.1.1 255.255.255.0  
  16. #  

        R5:

  1. #  
  2. interface GigabitEthernet0/0  
  3.  port link-mode route  
  4.  combo enable copper  
  5.  ip address 35.1.1.2 255.255.255.0  
  6. #  
  7. interface GigabitEthernet0/1  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 200.1.1.254 255.255.255.0  
  11. #  

        DNS server:

  1. vi /etc/network/interfaces  
  2. auto eth1  
  3. iface eth1 inet static  
  4.     address 200.1.1.1  
  5.     netmask 255.255.255.0  
  6.     gateway 200.1.1.254  

Also: Due to the Linux system used by the server in the         HCL simulator , even if the configuration file is modified, there is still a certain chance of losing the gateway or IP address. In this case, you can use the following command to modify the gateway and IP address.

  1. ifconfig eht1 x.x.x.x netmask 255.255.255.0   
  2. route add default gw x.x.x.x

        WEB server:

  1. vi /etc/network/interfaces  
  2. auto eth1  
  3. iface eth1 inet static  
  4.     address 172.16.1.1  
  5.     netmask 255.255.255.0  
  6.     gateway 172.16.1.254   

Also: Due to the Linux system used by the server in the         HCL simulator , even if the configuration file is modified, there is still a certain chance of losing the gateway or IP address. In this case, you can use the following command to modify the gateway and IP address.

  1. ifconfig eht1 x.x.x.x netmask 255.255.255.0   
  2. route add default gw x.x.x.x  

3.2.2  Exchange part

        ① Divide the technical department into VLAN10 and the R&D department into VLAN20

        S1:

  1. #  
  2. vlan 10  
  3. #  
  4. vlan 20  
  5. #  
  6. #  
  7. interface GigabitEthernet1/0/1  
  8.  port link-mode bridge  
  9.  port access vlan 10  
  10.  combo enable fiber  
  11.  stp edged-port  
  12. #  
  13. interface GigabitEthernet1/0/2  
  14.  port link-mode bridge  
  15.  port link-type trunk  
  16.  port trunk permit vlan 1 10 20  
  17.  combo enable fiber  
  18. #  
  19. interface GigabitEthernet1/0/3  
  20.  port link-mode bridge  
  21.  port link-type trunk  
  22.  port trunk permit vlan 1 10 20  
  23.  combo enable fiber  
  24. #  

        S2:

  1. #  
  2. vlan 10  
  3. #  
  4. vlan 20  
  5. #  
  6. #  
  7. interface GigabitEthernet1/0/1  
  8.  port link-mode bridge  
  9.  port access vlan 20  
  10.  combo enable fiber  
  11.  stp edged-port  
  12. #  
  13. interface GigabitEthernet1/0/2  
  14.  port link-mode bridge  
  15.  port link-type trunk  
  16.  port trunk permit vlan 1 10 20  
  17.  combo enable fiber  
  18. #  
  19. interface GigabitEthernet1/0/3  
  20.  port link-mode bridge  
  21.  port link-type trunk  
  22.  port trunk permit vlan 1 10 20  
  23.  combo enable fiber  
  24. #  

        ②Achieve communication between two VLANs by configuring single-arm routing

  1. #  
  2. interface GigabitEthernet0/0.10  
  3.  ip address 192.168.1.254 255.255.255.0  
  4.  vlan-type dot1q vid 10  
  5. #  
  6. interface GigabitEthernet0/0.20  
  7.  ip address 192.168.2.254 255.255.255.0  
  8.  vlan-type dot1q vid 20  
  9. #  

        ③Configure the interface mode of the switch Core and allow VLAN10 and VLAN20

  1. #  
  2. interface GigabitEthernet1/0/1  
  3.  port link-mode bridge  
  4.  port link-type trunk  
  5.  port trunk permit vlan 1 10 20  
  6.  combo enable fiber  
  7. #  
  8. interface GigabitEthernet1/0/2  
  9.  port link-mode bridge  
  10.  port link-type trunk  
  11.  port trunk permit vlan 1 10 20  
  12.  combo enable fiber  
  13. #  
  14. interface GigabitEthernet1/0/3  
  15.  port link-mode bridge  
  16.  port link-type trunk  
  17.  port trunk permit vlan 1 10 20  
  18.  combo enable fiber  
  19. #  

        ④ STP root bridge configuration

        S1:

        S1 serves as the STP root bridge of VLAN10 . At the same time, in order to reduce useless BPDUs , its interconnection interface with the PC is configured as an edge interface. The configuration is as follows:

  1. #    
  2. stp instance 10 root primary    
  3. stp instance 20 root secondary    
  4. stp bpdu-protection    
  5. stp global enable    
  6. #    
  7. interface GigabitEthernet1/0/1    
  8. port link-mode bridge    
  9. port access vlan 10    
  10. combo enable fiber    
  11. stp edged-port    
  12. #  
  13. stp region-configuration  
  14.  instance 10 vlan 10  
  15.  instance 20 vlan 20  
  16.  active region-configuration  
  17. #  

        S2:

        S2 serves as the STP root bridge of VLAN20 . At the same time, in order to reduce useless BPDUs , its interconnection interface with the PC is configured as an edge interface. The configuration is as follows:

  1. #    
  2. stp instance 10 root  secondary    
  3. stp instance 20 root  primary    
  4. stp bpdu-protection    
  5. stp global enable    
  6. #    
  7. interface GigabitEthernet1/0/1    
  8. port link-mode bridge    
  9. port access vlan 10    
  10. combo enable fiber    
  11. stp edged-port    
  12. #  
  13. stp region-configuration  
  14.  instance 10 vlan 10  
  15.  instance 20 vlan 20  
  16.  active region-configuration  
  17. #  

        3.2.3 Routing part

        ①Internet area OSPF protocol configuration

        R1:

        Create OSPF 1 and divide its interconnection interfaces with R2 and R3 into AREA 0. The configuration is as follows:

  1. #  
  2. ospf 1  
  3.  area 0.0.0.0  
  4. #  
  5. interface GigabitEthernet0/1  
  6.  port link-mode route  
  7.  combo enable copper  
  8.  ip address 12.1.1.1 255.255.255.0  
  9.  ospf 1 area 0.0.0.0  
  10. #  
  11. interface GigabitEthernet0/2  
  12.  port link-mode route  
  13.  combo enable copper  
  14.  ip address 13.1.1.1 255.255.255.0  
  15.  ospf 1 area 0.0.0.0  
  16. #
  17. interface GigabitEthernet0/1  
  18. port link-mode route  
  19.  combo enable copper  
  20.  ip address 10.1.1.2 255.255.255.0  
  21.  ospf 1 area 0.0.0.0  
  22. #

        R2:

        Create OSPF 1 , and divide its interconnection interface with R1 into AREA 0 , and its interconnection interfaces with R3 and R4 into AREA 1. The configuration is as follows:

  1. #  
  2. ospf 1  
  3.  area 0.0.0.0  
  4.  area 0.0.0.1  
  5. #  
  6. interface GigabitEthernet0/0  
  7.  port link-mode route  
  8.  combo enable copper  
  9.  ip address 12.1.1.2 255.255.255.0  
  10.  ospf 1 area 0.0.0.0  
  11. #  
  12. interface GigabitEthernet0/1  
  13.  port link-mode route  
  14.  combo enable copper  
  15.  ip address 24.1.1.1 255.255.255.0  
  16.  ospf 1 area 0.0.0.1  
  17. #  

        R3:

        Create OSPF 1 , and divide its interconnection interface with R1 into AREA 0 , its interconnection interface with R2 and R4 into AREA 1 , and its interconnection interface with R5 into AREA 2 , and divide AREA 2 into a complete The stub area is configured as follows:

  1. #  
  2. ospf 1  
  3.  area 0.0.0.0  
  4.  area 0.0.0.1  
  5.  area 0.0.0.2  
  6.   stub no-summary  
  7. #  
  8. interface GigabitEthernet0/0  
  9.  port link-mode route  
  10.  combo enable copper  
  11.  ip address 34.1.1.1 255.255.255.0  
  12.  ospf 1 area 0.0.0.1  
  13. #  
  14. interface GigabitEthernet0/1  
  15.  port link-mode route  
  16.  combo enable copper  
  17.  ip address 13.1.1.2 255.255.255.0  
  18.  ospf 1 area 0.0.0.0  
  19. #  
  20. interface GigabitEthernet0/2  
  21.  port link-mode route  
  22.  combo enable copper  
  23. #  
  24. interface GigabitEthernet5/0  
  25.  port link-mode route  
  26.  combo enable copper  
  27.  ip address 35.1.1.1 255.255.255.0  
  28.  ospf 1 area 0.0.0.2  
  29. #  

        R4:

        Create OSPF 1 and divide its interconnection interfaces with R2 and R3 into AREA 1. The configuration is as follows:

  1. #  
  2. ospf 1  
  3.  area 0.0.0.1  
  4. #  
  5. interface GigabitEthernet0/0  
  6.  port link-mode route  
  7.  combo enable copper  
  8.  ip address 24.1.1.2 255.255.255.0  
  9.  ospf 1 area 0.0.0.1  
  10. #  
  11. interface GigabitEthernet0/1  
  12.  port link-mode route  
  13.  combo enable copper  
  14.  ip address 34.1.1.2 255.255.255.0  
  15.  ospf 1 area 0.0.0.1  
  16. #  
  17. interface GigabitEthernet0/2
  18.  port link-mode route  
  19.  combo enable copper  
  20.  ip address 100.1.1.1 255.255.255.0  
  21.  ospf 1 area 0.0.0.1  
  22. #  

        R5:

        Create OSPF 1 , and divide its interconnection interface with R3 into AREA 2 , and divide AREA 2 into a completely stub area. At the same time, in order to reduce unnecessary LSA occupation of resources, configure its interface with the server as a silent interface. , the configuration is as follows:

  1. #  
  2. ospf 1  
  3.  silent-interface GigabitEthernet0/1  
  4.  area 0.0.0.2  
  5.   stub no-summary  
  6. #  
  7. interface GigabitEthernet0/0  
  8.  port link-mode route  
  9.  combo enable copper  
  10.  ip address 35.1.1.2 255.255.255.0  
  11.  ospf 1 area 0.0.0.2  
  12. #  
  13. interface GigabitEthernet0/1  
  14.  port link-mode route  
  15.  combo enable copper  
  16.  ip address 200.1.1.254 255.255.255.0  
  17.  ospf 1 area 0.0.0.2  
  18. #  

        ②Configure the default routes of R0 and R6

        R0:

  1. ip route-static 0.0.0.0 0 10.1.1.2  

        R6:

  1. ip route-static 0.0.0.0 0 100.1.1.1  

        3.2.4 Other parts

        ①Configure the DNS resolution service of the public network DNS server for branch 1

        DNS server:

        Since branch two needs to configure a domain name in the later stage, there needs to be a corresponding relationship between the domain name and the IP . Write the following in the DNS server:

         R0

        Configure a remote DNS proxy on the gateway router R0 of branch one so that the public network DNS server is its DNS server. The configuration is as follows:

  1. #  
  2.  dns server 200.1.1.1  
  3. #  

        Configure the WEB server of branch two to provide WEB access services to branch one

        WEB server:

        Enable the HTTP service of the WEB server of branch 2 and keep the provided WEB route in the default state. The configuration is as follows:

         ③Configure PNAT port mapping for branch 1 to enable Internet access, and prohibit the R&D department from accessing the Internet.

        R0

As the gateway of branch one,         R0 needs to provide NAT address translation services and prohibit R&D department traffic. This is implemented using PNAT . The configuration is as follows:

  1. #  
  2. nat address-group 1 name PNAT  
  3.  address 10.1.1.10 10.1.1.15  
  4. #  
  5. interface GigabitEthernet0/1  
  6.  port link-mode route  
  7.  combo enable copper  
  8.  ip address 10.1.1.1 255.255.255.0  
  9.  nat  outbound 2000 address-group 1  
  10. #  
  11. acl basic 2000  
  12.  rule 0 permit source 192.168.1.0 0.0.0.255  
  13.  rule 5 deny source 192.168.2.0 0.0.0.255  
  14. #  

        ④Branch 2 configures static mapping to enable the server to provide WEB services to the outside world.

        R6

As the gateway of the WEB server,         R6 implements one-to-one mapping by configuring static NAT so that the server can provide WEB services to the outside world. ( To facilitate subsequent verification, all protocols including HTTP and ICMP are allowed in the static NAT .) The configuration is as follows:

  1. #  
  2.  nat static outbound 172.16.1.1 100.1.1.10  
  3. #  
  4. interface GigabitEthernet0/0  
  5.  port link-mode route  
  6.  combo enable copper  
  7.  ip address 100.1.1.2 255.255.255.0  
  8.  nat server global 100.1.1.10 inside 172.16.1.100  
  9.  nat static enable  
  10. #  

        WEB server:

        Enable the HTTP service of the WEB server of branch 2 and keep the provided WEB route in the default state. The configuration is as follows:

3.3 Project verification

        3.3.1 Exchange part

        ①The technical department and R&D department belong to VLAN10 and VLAN20 respectively

        Technical department:

         R & D department:

 ②One- arm routing realizes communication between different VLANs

        Take PC0 (technical department) Ping PC1 (R&D department) as an example:

 S1 serves as the root bridge of VLAN10 , and S2 serves as the root bridge of VLAN20 .

        S1

         S2

        3.3.2 Routing part

        ①The Internet part uses the OSPF protocol to realize network interconnection

        Check the routing tables of the public network devices separately to confirm that the routes between them are obtained through OSPF . The effect is as follows:

        R1

         R2  

        R3

         R4

         R5  

        Another: Since the area where R5 is located is configured as a completely stub area, due to the LSA delivery rules, R5 will only generate a default route pointing to 35.1.1.1

        Static routing configuration of R0 and R6

        R0

         R6

 3.3.3 Other parts

        ①The WEB server of branch 2 provides WEB access services through static mapping , and the public network DNS server performs address resolution

Access the domain name of the WEB server ( www.xinjunye.com )         through the technical department of Branch No. 1. If the connection can be normal, it means that the DNS server configuration is normal, the WEB server configuration is normal, and the static mapping configuration is normal. The verification results are as follows:

Also: Due to the limitations of the HCL of the H3C simulator , the web service cannot specify the path, so the specific file cannot be displayed and will not be displayed again.

        ②The technical department of branch one is allowed to connect to the public network, but the R&D department is not allowed

        Use PC0 (Technology Department) and PC1 (R&D Department) to ping the public network to check their communication status. The effect verification is as follows:

        Technical Department:

         R&D Department:

Four. Training summary and experience 

        Comprehensive practical training on network planning and deployment is a very important course. It provides me with the opportunity to learn and practice network planning and deployment in depth. In this course, I not only learned the basic principles and implementation methods of various network technologies, but also mastered the processes and methods of network planning and deployment through practical operations.

        First, in this practical training, I learned how to plan and design a network. Starting from demand analysis, we gradually consider network topology, equipment selection, address planning, etc., and finally complete a complete network planning and design solution. Through this process, I have a better understanding of the processes and methods of network planning and design. I also have a deeper understanding of network topology selection, device configuration methods, address planning and security policies, and can make decisions based on the actual situation. Be flexible.

        Secondly, in practical operation, I mastered the configuration methods and techniques of network equipment. During the experiment, I personally configured multiple network devices and completed the entire network deployment process, which further deepened my understanding and mastery. I learned how to select appropriate equipment, how to initialize and configure equipment, and how to test the performance and reliability of network equipment, etc., which improved my operational capabilities in actual work.

        In short, the comprehensive practical training on network planning and deployment is a very practical course. It not only enabled me to master the basic principles and techniques of network planning and deployment, but also improved my practical operation ability and teamwork ability. In my future study and work, I will continue to carry forward what I have learned, continuously improve my abilities and standards, and contribute to the realization of personal and social values.

Guess you like

Origin blog.csdn.net/as12138/article/details/131869224
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com