亚洲乱码中文字幕综合,中国熟女仑乱hd,亚洲精品乱拍国产一区二区三区,一本大道卡一卡二卡三乱码全集资源,又粗又黄又硬又爽的免费视频

華為HCIP認(rèn)證ENSP實(shí)現(xiàn)小型企業(yè)網(wǎng)三層架構(gòu)詳解

  發(fā)布時(shí)間:2020-05-11 15:25:36   作者:冰鎮(zhèn)闊落   我要評(píng)論
這篇文章主要介紹了華為HCIP認(rèn)證ENSP實(shí)現(xiàn)小型企業(yè)網(wǎng)三層架構(gòu),結(jié)合具體實(shí)驗(yàn)案例形式詳細(xì)分析了華為HCIP認(rèn)證ENSP實(shí)現(xiàn)小型企業(yè)網(wǎng)三層架構(gòu)具體原理、配置命令與操作注意事項(xiàng),需要的朋友可以參考下

本文講述了華為HCIP認(rèn)證ENSP實(shí)現(xiàn)小型企業(yè)網(wǎng)三層架構(gòu)。分享給大家供大家參考,具體如下:
 

三層架構(gòu)框架:

接入層:提供端口的密度,用于用戶(hù)終端的接入。一般使用二層交換機(jī)、AP等設(shè)備。
匯聚層(分布層):流量的集合處??梢杂玫降募夹g(shù)有:DHCP / VLAN / STP / HSRP / VRRP / channel / QOS / ACL…
核心層:使用NAT實(shí)現(xiàn)內(nèi)網(wǎng)與公網(wǎng)之間的訪問(wèn)。能夠進(jìn)行高速路由轉(zhuǎn)發(fā)。

三層架構(gòu)的核心:

冗余—備份。 線路備份、設(shè)備備份、網(wǎng)關(guān)備份、UPS(電源)備份。
:UPS(電源)備份不屬于技術(shù)。設(shè)備若存在雙電源口,將兩根電源查到不同的供電處即可實(shí)現(xiàn)電源備份。

三層架構(gòu)案例:

拓?fù)鋱D:

在這里插入圖片描述
 

要求:
 

1:ISP只能配置公有IP,不得再進(jìn)行其他任何配置。
2:所有PC通過(guò)DHCP獲取IP地址。
3:STP-MSTP合理分組,VLAN—混用中繼和混雜模式。
4:內(nèi)網(wǎng)IP地址基于172.16.0.0/16合理分配。
5:ISP Telnet 登錄R1的公有IP地址,實(shí)際登錄到SW1上。
6:正常所有PC均可以訪問(wèn)ISP環(huán)回。當(dāng)隨機(jī)在SW1和SW2中關(guān)閉一臺(tái)設(shè)備時(shí),PC依然可以正常訪問(wèn)ISP。

配置與思路:

1:劃分IP地址。
 

R1與R2之間公有地址使用12.1.1.0/24網(wǎng)段,ISP(R2)環(huán)回地址為2.2.2.0/24.

內(nèi)網(wǎng)IP地址:

    172.16.0.0/27----R1與SW1之間
    172.16.0.32/27----R1與SW2之間
    
    172.16.0.64/27----VLAN1
    172.16.0.66/27----VLAN1的網(wǎng)關(guān)
    
    172.16.0.96/27----VLAN2
    172.16.0.98/27----VLAN2的網(wǎng)關(guān)
    
    172.16.0.128/27----VLAN3
    172.16.0.130/27----VLAN3的網(wǎng)關(guān)

2:配置

1>:在SW1上配置DHCP,并且作為主網(wǎng)關(guān)使所有PC可以通過(guò)DHCP獲取IP地址

SW1:

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sy	
[Huawei]sysname sw1
[sw1]
[sw1]vlan 2
[sw1-vlan2]quit 
[sw1]vlan 3
[sw1-vlan3]quit 
[sw1]interface Vlanif 1
[sw1-Vlanif1]ip address 172.16.0.65 27
[sw1-Vlanif1]vrrp vrid 1 virtual-ip 172.16.0.66
[sw1-Vlanif1]vrrp vrid 1 priority 120
[sw1-Vlanif1]vrrp vrid 1 preempt-mode timer delay 20
[sw1-Vlanif1]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 30
[sw1-Vlanif1]
[sw1-Vlanif1]quit 
[sw1]dhcp enable 
[sw1]ip pool 1
[sw1-ip-pool-1]network 172.16.0.64 mask 27
[sw1-ip-pool-1]gateway-list  172.16.0.66
[sw1-ip-pool-1]dns-list 8.8.8.8
[sw1-ip-pool-1]quit 
[sw1]interface Vlanif 1	
[sw1-Vlanif1]dhcp select global 
[sw1-Vlanif1]quit 
[sw1]
[sw1]interface Vlanif 2
[sw1-Vlanif2]ip add	
[sw1-Vlanif2]ip address 172.16.0.97 27
[sw1-Vlanif2]vrrp vrid 2 virtual-ip 172.16.0.98
[sw1-Vlanif2]vrrp vrid 2 priority 120
[sw1-Vlanif2]vrrp vrid 2 preempt-mode timer delay 20
[sw1-Vlanif2]vrrp vrid 2 track interface GigabitEthernet 0/0/1 reduced 30
[sw1-Vlanif2]quit 
[sw1]ip pool 2
[sw1-ip-pool-2]network 172.16.0.96 mask 27
[sw1-ip-pool-2]gateway-list  172.16.0.98
[sw1-ip-pool-2]dns-list 8.8.8.8
[sw1-ip-pool-2]quit 
[sw1]
[sw1]interface Vlanif 2
[sw1-Vlanif2]dhcp select global 
[sw1-Vlanif2]quit 
[sw1]interface Vlanif 3
[sw1-Vlanif3]ip address 172.16.0.129 27
[sw1-Vlanif3]vrrp vrid 3 virtual-ip 172.16.0.130
[sw1-Vlanif3]vrrp vrid 3 priority 120
[sw1-Vlanif3]vrrp vrid 3 preempt-mode timer delay 20
[sw1-Vlanif3]vrrp vrid 3 track interface GigabitEthernet 0/0/1 reduced 30
[sw1-Vlanif3]quit 
[sw1]ip pool 3
[sw1-ip-pool-3]network 172.16.0.128 mask 27
[sw1-ip-pool-3]gateway-list 172.16.0.130
[sw1-ip-pool-3]dns-list 8.8.8.8
[sw1-ip-pool-3]quit 
[sw1]interface Vlanif 3
[sw1-Vlanif3]dhcp select global 
[sw1-Vlanif3]quit 
[sw1]interface GigabitEthernet 0/0/4	
[sw1-GigabitEthernet0/0/4]port hybrid tagged vlan 1 to 3
[sw1-GigabitEthernet0/0/4]quit 
[sw1]interface GigabitEthernet 0/0/5
[sw1-GigabitEthernet0/0/5]port hybrid tagged vlan 1 to 3
[sw1-GigabitEthernet0/0/5]quit 
[sw1]

SW3:

<Huawei>system-view 
[Huawei]sysname sw3
[sw3]interface Eth0/0/1
[sw3-Ethernet0/0/1]port link-type trunk 
[sw3-Ethernet0/0/1]port trunk allow-pass vlan 1 to 3
[sw3-Ethernet0/0/1]quit 
[sw3]vlan 2
[sw3-vlan2]quit 
[sw3]vlan 3
[sw3-vlan3]quit 
[sw3]port-group group-member Ethernet 0/0/3 to Ethernet 0/0/5
[sw3-port-group]port link-type access 
[sw3-port-group]quit 
[sw3]interface Eth0/0/4
[sw3-Ethernet0/0/4]port default vlan 2
[sw3-Ethernet0/0/4]quit 
[sw3]interface Eth0/0/5
[sw3-Ethernet0/0/5]port default vlan 3
[sw3-Ethernet0/0/5]quit 
[sw3]

SW4:

<Huawei>system-view 
[Huawei]sysname sw4
[sw4]interface Eth0/0/1
[sw4-Ethernet0/0/1]port link-type trunk 
[sw4-Ethernet0/0/1]port trunk allow-pass vlan 1 to 3
[sw4-Ethernet0/0/1]quit 
[sw4]vlan 2
[sw4-vlan2]quit 
[sw4]vlan 3
[sw4-vlan3]quit 
[sw4]port-group group-member Ethernet 0/0/3 to Ethernet 0/0/4
[sw4-port-group]port link-type access 
[sw4-port-group]quit 
[sw4]interface Eth0/0/3
[sw4-Ethernet0/0/3]port default vlan 2
[sw4-Ethernet0/0/3]quit 
[sw4]interface Eth0/0/4
[sw4-Ethernet0/0/4]port default vlan 3
[sw4-Ethernet0/0/4]quit 
[sw4]

測(cè)試:
 

PC1:
 

在這里插入圖片描述
 

PC2:
 

在這里插入圖片描述
 

PC3:
 

在這里插入圖片描述
 

PC4:
 

在這里插入圖片描述
 

PC5:
 

在這里插入圖片描述
 

測(cè)試得出所有PC將SW1作為網(wǎng)關(guān)通過(guò)DHCP可以正常獲取IP地址。

2>:在SW2上進(jìn)行配置,使SW2作為SW2的備份網(wǎng)關(guān)。并且SW1與SW2之間的鏈路進(jìn)行疊加。

SW2:

<Huawei>system-view 
[Huawei]sysname sw2
[sw2]vlan 2
[sw2-vlan2]quit 
[sw2]vlan 3
[sw2-vlan3]quit 
[sw2]interface Vlanif 1
[sw2-Vlanif1]ip address 172.16.0.67 27
[sw2-Vlanif1]vrrp vrid 1 virtual-ip 172.16.0.66 
[sw2-Vlanif1]quit 
[sw2]dhcp enable 
[sw2]ip pool 1
[sw2-ip-pool-1]network 172.16.0.64 mask 27
[sw2-ip-pool-1]gateway-list 172.16.0.66
[sw2-ip-pool-1]dns-list 8.8.8.8
[sw2-ip-pool-1]quit 
[sw2]interface Vlanif 1
[sw2-Vlanif1]dhcp select global 
[sw2-Vlanif1]quit 
[sw2]
[sw2]interface Vlanif 2
[sw2-Vlanif2]ip address 172.16.0.99 27
[sw2-Vlanif2]vrrp vrid 2 virtual-ip 172.16.0.98
[sw2-Vlanif2]quit 
[sw2]ip pool 2
[sw2-ip-pool-2]network 172.16.0.96 mask 27
[sw2-ip-pool-2]gateway-list 172.16.0.98
[sw2-ip-pool-2]dns-list 8.8.8.8
[sw2-ip-pool-2]quit 
[sw2]interface Vlanif 2
[sw2-Vlanif2]dhcp select global 
[sw2-Vlanif2]quit 
[sw2]
[sw2]interface Vlanif 3
[sw2-Vlanif3]ip address 172.16.0.131 27
[sw2-Vlanif3]vrrp vrid 3 virtual-ip 172.16.0.130
[sw2-Vlanif3]quit 
[sw2]ip pool 3
[sw2-ip-pool-3]network 172.16.0.128 mask 27
[sw2-ip-pool-3]gateway-list  172.16.0.130
[sw2-ip-pool-3]dns-list 8.8.8.8
[sw2-ip-pool-3]quit 
[sw2]interface Vlanif 3
[sw2-Vlanif3]dhcp select global 
[sw2-Vlanif3]quit 
[sw2]interface GigabitEthernet 0/0/5
[sw2-GigabitEthernet0/0/5]port hybrid tagged vlan 1 to 3
[sw2-GigabitEthernet0/0/5]quit 
[sw2]interface GigabitEthernet 0/0/4
[sw2-GigabitEthernet0/0/4]port hybrid tagged vlan 1 to 3
[sw2-GigabitEthernet0/0/4]quit

SW4:

[sw4]interface Eth0/0/2
[sw4-Ethernet0/0/2]port link-type trunk 
[sw4-Ethernet0/0/2]port trunk allow-pass vlan 1 to 3
[sw4-Ethernet0/0/2]quit

SW3:

[sw3]interface Eth0/0/2	
[sw3-Ethernet0/0/2]port link-type trunk 
[sw3-Ethernet0/0/2]port trunk allow-pass vlan 1 to 3
[sw3-Ethernet0/0/2]quit

鏈路疊加:
 

鏈路疊加的要求:
 

1、通道的對(duì)端必須為同一臺(tái)設(shè)備;
2、通道的所有物理接口應(yīng)該具有相同的速率、雙工模式;相同的類(lèi)型,相同的vlan允許列表;

SW1:

[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]quit 
[sw1]interface GigabitEthernet 0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0
[sw1-GigabitEthernet0/0/2]quit 
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]eth-trunk 0
[sw1-GigabitEthernet0/0/3]quit 
[sw1]interface Eth-Trunk 0
[sw1-Eth-Trunk0]port link-type hybrid 
[sw1-Eth-Trunk0]port hybrid tagged vlan 1 to 3
[sw1-Eth-Trunk0]quit

SW2:

[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]quit 
[sw2]interface GigabitEthernet 0/0/2	
[sw2-GigabitEthernet0/0/2]eth-trunk 0
[sw2-GigabitEthernet0/0/2]quit 
[sw2]interface GigabitEthernet 0/0/3
[sw2-GigabitEthernet0/0/3]eth-trunk 0
[sw2-GigabitEthernet0/0/3]quit 
[sw2]interface Eth-Trunk 0
[sw2-Eth-Trunk0]port link-type hybrid 
[sw2-Eth-Trunk0]port hybrid tagged vlan 1 to 3
[sw2-Eth-Trunk0]quit

3>:配置MSTP,VLAN1劃入組1,VLAN2、3劃入組2,且主根為SW1,備份根為SW2。

SW1:

[sw1]stp mode mstp 
[sw1]stp enable 	
[sw1]stp region-configuration 
[sw1-mst-region]region-name a
[sw1-mst-region]instance 1 vlan 1
[sw1-mst-region]instance 2 vlan 2 to 3
[sw1-mst-region]active region-configuration 
[sw1-mst-region]quit 
[sw1]stp instance 1 root primary 
[sw1]stp instance 2 root  primary

SW2:

[sw2]stp mode mstp 
[sw2]stp enable 
[sw2]stp region-configuration 
[sw2-mst-region]region-name a
[sw2-mst-region]instance 1 vlan 1
[sw2-mst-region]instance 2 vlan 2 to 3
[sw2-mst-region]active region-configuration 
[sw2-mst-region]quit 
[sw2]stp instance 1 root secondary 
[sw2]stp instance 2 root secondary

SW3:

[sw3]stp mode mstp 
[sw3]stp enable 
[sw3]stp region-configuration 
[sw3-mst-region]region-name a
[sw3-mst-region]instance 1 vlan 1
[sw3-mst-region]instance 2 vlan 2 to 3
[sw3-mst-region]active region-configuration 
[sw3-mst-region]quit

SW4:

[sw4]stp mode mstp 
[sw4]stp enable 
[sw4]stp region-configuration 
[sw4-mst-region]region-name a
[sw4-mst-region]instance 1 vlan 1
[sw4-mst-region]instance 2 vlan 2 to 3
[sw4-mst-region]active region-configuration 
[sw4-mst-region]quit

4>:在SW1和SW2上給物理接口配置IP地址來(lái)讓SW1和SW2能與R1進(jìn)行訪問(wèn)。

注:由于ENSP上的三層交換機(jī)在模擬器上不能直接給物理接口配置IP地址(真機(jī)可以),所以需要換思路:將需要配置IP地址的接口改為access模式并且劃分到一個(gè)VLAN中,然后給該VLAN配置IP地址即可達(dá)到相同的效果。

SW1:

[sw1]vlan 10
[sw1-vlan10]quit 
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access 
[sw1-GigabitEthernet0/0/1]port default vlan 10
[sw1-GigabitEthernet0/0/1]quit 
[sw1]interface Vlanif 10
[sw1-Vlanif10]ip address 172.16.0.2 27
[sw1-Vlanif10]quit

SW2:

[sw2]vlan 10
[sw2-vlan10]
[sw2-vlan10]quit 
[sw2]interface GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access 
[sw2-GigabitEthernet0/0/1]port default vlan 10
[sw2-GigabitEthernet0/0/1]quit 
[sw2]interface Vlanif 10
[sw2-Vlanif10]ip address 172.16.0.34 27
[sw2-Vlanif10]quit

R1:

[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 172.16.0.1 27
[r1-GigabitEthernet0/0/1]quit 
[r1]interface GigabitEthernet 0/0/2
[r1-GigabitEthernet0/0/2]ip address 172.16.0.33 27
[r1-GigabitEthernet0/0/2]quit

測(cè)試R1與SW1和SW2物理接口能否正常訪問(wèn):
 

在這里插入圖片描述
在這里插入圖片描述

5>:在R1上配置VLAN1、2、3的靜態(tài)路由,下一跳分別為SW1和SW2連接R1的物理接口,且下一跳為SW2連接R1的接口的路由為備份路由,優(yōu)先級(jí)數(shù)值較大。
 

R1:

[r1]ip route-static 172.16.0.64 27 172.16.0.2
[r1]ip route-static 172.16.0.96 27 172.16.0.2
[r1]ip route-static 172.16.0.128 27 172.16.0.2
[r1]ip route-static 172.16.0.64 27 172.16.0.34 preference 61
[r1]ip route-static 172.16.0.96 27 172.16.0.34 preference 61
[r1]ip route-static 172.16.0.128 27 172.16.0.34 preference 61

6>:在R1和R2上配置公網(wǎng)地址,并通過(guò)NAT實(shí)現(xiàn)所有PC可以訪問(wèn)ISP環(huán)回

R1:

[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[r1-GigabitEthernet0/0/0]quit 
[r1]acl 2000
[r1-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.0.255
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]nat outbound 2000
[r1-GigabitEthernet0/0/0]quit 
[r1]ip route-static 0.0.0.0 0 12.1.1.2

SW1:

[sw1]ip route-static 0.0.0.0 0 172.16.0.1

SW2:

[sw2]ip route-static 0.0.0.0 0 172.16.0.33

測(cè)試所有PC能否正常訪問(wèn)ISP環(huán)回:
 

PC1:
 

在這里插入圖片描述
 

PC2:
 

在這里插入圖片描述
 

PC3:
 

在這里插入圖片描述
 

PC4:
 

在這里插入圖片描述
 

PC5:
 

在這里插入圖片描述
 

7>:在SW1上開(kāi)啟telnet服務(wù),并在R1上配置端口映射。
 

SW1:

[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]authentication-mode password 
[sw1-ui-vty0-4]user privilege level 15 
[sw1-ui-vty0-4]set authentication password simple huawei123
[sw1-ui-vty0-4]quit

R1:

[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]nat server protocol tcp global current-interface telnet
 inside 172.16.0.2 telnet 
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r1-GigabitEthernet0/0/0]

在R2上進(jìn)行測(cè)試:

<r2>telnet 12.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 12.1.1.1 ...
  Connected to 12.1.1.1 ...


Login authentication


Password:
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2019-11-14 21:54:52.
<sw1>sy	
<sw1>system-view 
Enter system view, return user view with Ctrl+Z.
[sw1]
[sw1]

測(cè)試:將SW1設(shè)備關(guān)閉,再次測(cè)試PC能否正常訪問(wèn)ISP環(huán)回。
 

在這里插入圖片描述
 

PC1:
 

在這里插入圖片描述
 

PC2:
 

在這里插入圖片描述
 

PC3:
 

在這里插入圖片描述
 

PC4:
 

在這里插入圖片描述
 

PC5:
 

在這里插入圖片描述

3:MSTP測(cè)試
 

在這里插入圖片描述
 

對(duì)于生成樹(shù)而言,根網(wǎng)橋?yàn)镾W1,則為避免環(huán)路會(huì)阻塞SW4連接3號(hào)線的端口。PC4、5獲取DHCP是通過(guò)SW4連接2號(hào)線的端口進(jìn)行獲取的(主網(wǎng)關(guān)正常的情況下)。此時(shí)斷開(kāi)2號(hào)線,測(cè)試PC4、5能否正常訪問(wèn) ISP環(huán)回。

SW4:

[sw4]interface Eth0/0/1
[sw4-Ethernet0/0/1]shutdown

PC4:
 

在這里插入圖片描述
 

PC5:
 

在這里插入圖片描述

在這里插入圖片描述

對(duì)于生成樹(shù)組1而言,正常情況下會(huì)阻塞SW3連接2號(hào)線的端口(主網(wǎng)關(guān)正常),PC1通過(guò)SW3連接3號(hào)線的端口獲取IP地址。將SW3連接3號(hào)線的端口關(guān)閉,再次測(cè)試PC1能否正常訪問(wèn)ISP環(huán)回。

SW3:

[sw3]interface Eth0/0/1
[sw3-Ethernet0/0/1]shutdown

PC1:
在這里插入圖片描述

至此,ENSP實(shí)現(xiàn)企業(yè)網(wǎng)三層架構(gòu)全部完成。但缺點(diǎn)是接入層的PC沒(méi)有做線路冗余,沒(méi)有達(dá)到高可靠性。

相關(guān)文章

最新評(píng)論