目录
作者语录:
本人独自规划设计写的,希望读者支持一下哈。如有错误请评论区请指出来,自己写的难免会有小走神。
一、项目背景
某公司在某地租用了一个场地用于公司分部办公地点,该场地急需建设网络供企业员工办公上网。该场地需要容纳300人左右,有高可靠性的网络结构,在有限的资金下能够快速搭建。
二、业务需求
企业有4个部门,行政部,财务部,研发部和市场部,财务部门无外网需求,其它都能上网。另外还有无线网络供企业内部连接上网。(后面逐渐添加需求,根据需要改这个网络结构与添加设计)
三、项目所涉及到技术
VLAN、Eth-trunk、MSTP、VRRP、ACL、NAT、DHCP、WLAN、OSPF
四、网络设计
网络结构设计:
根据需要进行网络拓扑图规划:
(电脑有点老,所以规划图里的接入交换机搭少了,后续你们可以连多一点,配置都差不多)
IP地址规划:
使用10.1.0.0/16网段进行该企业网络规划
设备互联地址使用10.1.101.1-10.1.101.254
设备loopback 0使用10.1.0.1-10.1.0.254
ap管理地址使用10.1.100.0/24
| 对象 |
IP地址段 |
| 行政部 |
10.1.10.0/24 |
| 财务部 |
10.1.20.0/24 |
| 研发部 |
10.1.30.0/24 |
| 市场部 |
10.1.40.0/24 |
| 内部无线用户 |
10.1.50.0/24 |
终端接入规划表:
| 对象 |
接入方式 |
VLAN |
VLAN地址池 |
网关 |
地址分配的方式 |
| 行政部 |
有线 |
10 |
hr |
CORE1 |
DHCP |
| 财务部 |
20 |
finance |
|||
| 研发部 |
30 |
research |
|||
| 市场部 |
40 |
market |
|||
| 内部无线用户 |
无线 |
50 |
Employee |
网络设备互联规划表:
五、项目实施
无真机,就运用华为ensp模拟实施该企业网络项目。
网络设备配置:
1、Export1
acl number 2000
rule permit source 10.1.10.0 0.0.0.255
rule permit source 10.1.30.0 0.0.0.255
rule permit source 10.1.40.0 0.0.0.255
rule permit source 10.1.50.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 200.1.1.1 255.255.255.252
nat outbound 2000
#
ip route-static 0.0.0.0 0 200.1.1.2
#
interface GigabitEthernet0/0/1
ip address 10.1.101.1 255.255.255.252
#
interface LoopBack0
ip address 10.1.0.1 255.255.255.255
#
ospf 1 router-id 10.1.0.1
area 0.0.0.0
network 10.1.101.1 0.0.0.0
ospf 1
default-route-advertise always
#
bfd
q
bfd to_Core1-1 bind peer-ip 10.1.101.2 source-ip 10.1.101.1 auto
#
2、Export2
acl number 2000
rule permit source 10.1.10.0 0.0.0.255
rule permit source 10.1.30.0 0.0.0.255
rule permit source 10.1.40.0 0.0.0.255
rule permit source 10.1.50.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 200.1.1.5 255.255.255.252
nat outbound 2000
#
ip route-static 0.0.0.0 0 200.1.1.6
#
interface GigabitEthernet0/0/1
ip address 10.1.101.5 255.255.255.252
#
interface LoopBack0
ip address 10.1.0.2 255.255.255.255
#
ospf 1 router-id 10.1.0.2
area 0.0.0.0
network 10.1.101.5 0.0.0.0
ospf 1
default-route-advertise always
#
bfd
q
bfd to_Core1-1 bind peer-ip 10.1.101.6 source-ip 10.1.101.5 auto
#
3、Core1-1
vlan batch 10 20 30 40 50 100 101 103
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 100
mode lacp-static
trunkport g0/0/1
trunkport g0/0/2
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20 50
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 10.1.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.254
vrrp vrid 10 priority 150
interface Vlanif20
ip address 10.1.20.251 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.254
vrrp vrid 20 priority 150
interface Vlanif30
ip address 10.1.30.251 255.255.255.0
vrrp vrid 30 virtual-ip 10.1.30.254
interface Vlanif40
ip address 10.1.40.251 255.255.255.0
vrrp vrid 40 virtual-ip 10.1.40.254
#
ip pool hr
gateway-list 10.1.10.254
network 10.1.10.0 mask 255.255.255.0
ip pool finance
gateway-list 10.1.20.254
network 10.1.20.0 mask 255.255.255.0
ip pool research
gateway-list 10.1.30.254
network 10.1.30.0 mask 255.255.255.0
ip pool market
gateway-list 10.1.40.254
network 10.1.40.0 mask 255.255.255.0
ip pool Employee
gateway-list 10.1.50.254
network 10.1.50.0 mask 255.255.255.0
#
dhcp
interface Vlanif10
dhcp select global
interface Vlanif20
dhcp select global
interface Vlanif30
dhcp select global
interface Vlanif40
dhcp select global
interface Vlanif50
dhcp select global
#
interface GigabitEthernet0/0/24
ip address 10.1.101.2 255.255.255.252
#
interface GigabitEthernet0/0/23
ip address 10.1.101.9 255.255.255.252
#
interface LoopBack0
ip address 10.1.0.3 255.255.255.255
#
ospf 1 router-id 10.1.0.3
area 0.0.0.0
network 10.1.101.2 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.20.0 0.0.0.255
network 10.1.30.0 0.0.0.255
network 10.1.40.0 0.0.0.255
network 10.1.50.0 0.0.0.255
#
bfd
q
bfd to_Export1 bind peer-ip 10.1.101.1 source-ip 10.1.101.2 auto
#
in vl10
vrrp vrid 10 track bfd-session session-name to_Export1 reduced 100
in vl20
vrrp vrid 20 track bfd-session session-name to_Export1 reduced 100
#
interface Vlanif103
ip address 10.1.101.9 255.255.255.252
#
interface GigabitEthernet0/0/23
port link-type trunk
port trunk allow-pass vlan 50 100 103
#
interface Vlanif50
ip address 10.1.50.251 255.255.255.0
vrrp vrid 50 virtual-ip 10.1.50.254
vrrp vrid 50 priority 150
vrrp vrid 50 track bfd-session session-name to_export1 reduced 100
dhcp select global
#
4、Core1-2
vlan batch 10 20 30 40 50 100 102
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 100
mode lacp-static
trunkport g0/0/1
trunkport g0/0/2
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20 50
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif10
ip address 10.1.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.254
interface Vlanif20
ip address 10.1.20.252 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.254
interface Vlanif30
ip address 10.1.30.252 255.255.255.0
vrrp vrid 30 virtual-ip 10.1.30.254
vrrp vrid 30 priority 150
interface Vlanif40
ip address 10.1.40.252 255.255.255.0
vrrp vrid 40 virtual-ip 10.1.40.254
vrrp vrid 40 priority 150
#
ip pool hr
gateway-list 10.1.10.254
network 10.1.10.0 mask 255.255.255.0
ip pool finance
gateway-list 10.1.20.254
network 10.1.20.0 mask 255.255.255.0
ip pool research
gateway-list 10.1.30.254
network 10.1.30.0 mask 255.255.255.0
ip pool market
gateway-list 10.1.40.254
network 10.1.40.0 mask 255.255.255.0
ip pool Employee
gateway-list 10.1.50.254
network 10.1.50.0 mask 255.255.255.0
#
dhcp
interface Vlanif10
dhcp select global
interface Vlanif20
dhcp select global
interface Vlanif30
dhcp select global
interface Vlanif40
dhcp select global
interface Vlanif50
dhcp select global
#
interface GigabitEthernet0/0/24
ip address 10.1.101.6 255.255.255.252
#
interface LoopBack0
ip address 10.1.0.4 255.255.255.255
#
ospf 1 router-id 10.1.0.4
area 0.0.0.0
network 10.1.101.6 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.20.0 0.0.0.255
network 10.1.30.0 0.0.0.255
network 10.1.40.0 0.0.0.255
network 10.1.50.0 0.0.0.255
#
bfd
q
bfd to_Export2 bind peer-ip 10.1.101.5 source-ip 10.1.101.6 auto
#
in vl30
vrrp vrid 30 track bfd-session session-name to_Export2 reduced 100
in vl40
vrrp vrid 40 track bfd-session session-name to_Export2 reduced 100
#
interface Vlanif50
ip address 10.1.50.252 255.255.255.0
vrrp vrid 50 virtual-ip 10.1.50.254
dhcp select global
#
#
5、ACC1
vlan batch 10 20 30 40 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
6、ACC2
vlan batch 10 20 30 40 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
7、ACC3
vlan batch 10 20 30 40 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
8、ACC4
vlan batch 10 20 30 40 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 100
interface GigabitEthernet0/0/3
port link-type access
port default vlan 40
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
stp region-configuration
region-name Pidan
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
9、AC1
vlan batch 50 100 103
interface Vlanif100
ip address 10.1.101.254 24
interface Vlanif103
ip address 10.1.101.10 255.255.255.252
interface LoopBack0
ip address 10.1.0.5 255.255.255.255
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 100 103
#
capwap source interface vlanif100
#
dhcp en
ip pool vlan100
network 10.1.100.0 mask 24
gateway-list 10.1.100.254
option 43 sub-option 2 ip-address 10.1.100.254
int vl100
dh select global
#
wlan
regulatory-domain-profile name HCIE
country-code cn
#
ap-group name X
regulatory-domain-profile HCIE
radio 0
vap-profile Employee wlan 1
radio 1
vap-profile Employee wlan 1
radio 2
vap-profile Employee wlan 1
#
ssid-profile name Employee
ssid Employee
#
security-profile name Employee
security wpa-wpa2 psk pass-phrase Huawei@123 aes
#
vap-profile name Employee
forward-mode tunnel
service-vlan vlan-id 50
ssid-profile Employee
security-profile Employee
#
ap-id 1 ap-mac 00e0-fc2b-4b20
ap-group X
ap-name ap1
ap-id 2 ap-mac 00e0-fc15-5890
ap-group X
ap-name ap2
#
六、项目测试
1、VRRP主备:
Core1-1
Core1-2
2、出口路由器OSPF邻居:
Export1:
Export2:
3、ap成功纳管:
4、DHCP获取:
行政:
财务:
研发:
市场:
5、WiFi:
随机连接一个热点:密码Huawei@123
6、ping外网:
能上外网的:行政、市场、研发、Employee
财务不能上外网
7、可靠性验证:
长ping 外网地址(3.3.3.3这里是模拟器的模拟,现实可以百度地址)
随机把出口路由器的线路断掉,或者把路由器关机,看能否vrrp能否切换且可以上网
其它就不一样演示了,这里就简单的关掉路由器。读者可以自行搭实验验证。
多技术的运用,基本符合现在企业网络环境,后续会在该网络结构的基础上添加防火墙来增加网络的安全性跟添加其它需求来丰富此网络。