网络

学校网络搭建

Posted by honeyshan on 2024年6月7日 0 Comments

Read Next →

背景:学校有1个办公室,10个教室。每个教室一个摄像头,一个AP,40台电脑。电信接入点为光猫、ip地址为自动获取。

要求:
1、办公室、教室、wifi、监控网络可以实现二层数据隔离。
2、办公室、wifi可以连接互联网,wifi不允许与其它部门互通。
3、教室、监控网络默认不允许连接互联网网。需要的时候可以单独控制连接互联网。
4、画出网络拓扑图,列出设备清单。
5、在模拟器中配置好设备,完成以上要求。
6、在真实设备上面完成配置。

[class_1]dis current-configuration
#
sysname class_1
#
vlan batch 11 40 to 41
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[class_10]dis current-configuration
#
sysname class_10
#
vlan batch 20 40 to 41
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
dis current-configuration
#
sysname office
#
vlan batch 40 to 41 50
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[centre]dis current-configuration 
#
sysname centre
#
vlan batch 11 20 40 to 41 50
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 40
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
port-group 1
 group-member GigabitEthernet0/0/1
 group-member GigabitEthernet0/0/2
 group-member GigabitEthernet0/0/3
 group-member GigabitEthernet0/0/4
 group-member GigabitEthernet0/0/5
#
return
[r1]dis cur
[V200R003C00]
#
 sysname r1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 2000  
 rule 5 permit source 192.168.0.0 0.0.255.255 
#
acl number 3000  
 rule 5 deny ip destination 192.168.0.0 0.0.255.255 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
 undo portswitch
#
interface Ethernet0/0/0.1
 dot1q termination vid 11
 ip address 192.168.11.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 192.168.2.1 
#
interface Ethernet0/0/0.10
 dot1q termination vid 20
 ip address 192.168.20.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 192.168.2.1 
#
interface Ethernet0/0/0.11
#
interface Ethernet0/0/0.40
 dot1q termination vid 40
 ip address 192.168.40.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server excluded-ip-address 192.168.40.254 
 dhcp server dns-list 192.168.2.1 
#
interface Ethernet0/0/0.41
 dot1q termination vid 41
 ip address 192.168.41.1 255.255.255.0 
 traffic-filter outbound acl 3000
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 192.168.2.1 
#
interface Ethernet0/0/0.50
 dot1q termination vid 50
 ip address 192.168.50.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 192.168.2.1 
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
 nat outbound 2000
 ip address dhcp-alloc
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

本实验注意事项:

1、中心交换机必须把所有的vlan都添加进去,否则各vlan无法通过中心交换机连接路由器。

2、R1路由器上使用dhcp服务器给各终端设备分配ip地址时,除了在相应端口上做配置外还要在全局打开dhcp enable。

3、如果DCHP Server需要排除某个IP地址,必须在该IP没有被使用的前提下进行。

4、如果在R1使用静态缺省路由,必须把下一跳指向运营商的IP(网关),不能只指向相应的接口。

5、子接口间的数据过滤必须在子接口的outboad方向应用ACL,否则终端设备无法ping通其网关。

honeyshan

Read Next →

Leave a Reply

分类

归档