octagon 发表于 2025-2-20 17:22:24

中小型企业华为路由器+防火墙+核心交换机网络部署

本帖最后由 goodluck 于 2025-2-20 19:04 编辑

网络组网图:
https://p26-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/13e7eca3dd28466d8683cfddc3c5ab1f~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=zklz3pTaegUVCE%2BlDZkRiet56P4%3D

网络规划:办公网VLAN:10,IP地址段:192.168.10.0/24,网关192.168.10.254生产网络VLAN:20,IP地址段:192.168.20.0/24,网关192.168.20.254生产服务器地址段:172.16.1.1/24 网关:172.16.1.254核心交换机接口IP:GE 0/0/24:192.168.200.1/24 loopback0 1.1.1.1/32防火墙:GE 1/0/0:192.168.200.2/24 Trust区域;GE 1/0/1:192.168.100.2/24 UNtrust区域GE 1/0/6 172.16.1.254/24 loopback0 2.2.2.2/32出口路由器:GE 0/0/0 192.168.100.1/24 GE 0/0/1 202.1.1.1/24对接运营商网络 loopback0 3.3.3.3/32AR2模拟运营商网络路由器,loopback 0:114.114.114.114Client模拟Internet网络中任一用户。交换机、防护墙、路由器设备适用OSPF动态路由协议。实验目标:1) 实现生产网络可以访问Internet网络。2) 实现办公网络中PC1可以访问Internet网络,PC2不可以访问Internet网络。3) 实现生产PC可以访问生产服务器80端口,办公PC不可以访问生产服务器。4) 生产服务器80端口映射到Internet 8080端口,公网用户可以通过202.1.1.1:8080访问到内网服务器80端口。数据配置如下:设备配置:交换机配置:sysname Huawei#vlan batch 10 20 200dhcp enableinterface Vlanif10ip address 192.168.10.254 255.255.255.0dhcp select interfacedhcp server lease day 0 hour 8 minute 0dhcp server dns-list 8.8.8.8#interface Vlanif20ip address 192.168.20.254 255.255.255.0#interface Vlanif200ip address 192.168.200.1 255.255.255.0#interface GigabitEthernet0/0/1port link-type accessport default vlan 10#interface GigabitEthernet0/0/2port link-type accessport default vlan 10#interface GigabitEthernet0/0/3port link-type accessport default vlan 20#interface GigabitEthernet0/0/4port link-type accessport default vlan 20#interface GigabitEthernet0/0/24port link-type accessport default vlan 200#interface LoopBack0ip address 1.1.1.1 255.255.255.255#ospf 1 router-id 1.1.1.1silent-interface Vlanif10silent-interface Vlanif20area 0.0.0.0network 1.1.1.1 0.0.0.0network 192.168.10.0 0.0.0.255network 192.168.20.0 0.0.0.255network 192.168.200.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.200.2防火墙配置:interface GigabitEthernet1/0/0undo shutdownip address 192.168.200.2 255.255.255.0#interface GigabitEthernet1/0/1undo shutdownip address 192.168.100.2 255.255.255.0#interface GigabitEthernet1/0/6undo shutdownip address 172.16.1.254 255.255.255.0#interface LoopBack0ip address 2.2.2.2 255.255.255.255#firewall zone localset priority 100#firewall zone trustset priority 85add interface GigabitEthernet0/0/0add interface GigabitEthernet1/0/0#firewall zone untrustset priority 5add interface GigabitEthernet1/0/1#firewall zone dmzset priority 50add interface GigabitEthernet1/0/6#ospf 1 router-id 2.2.2.2area 0.0.0.0network 172.16.1.0 0.0.0.255network 192.168.100.0 0.0.0.255network 192.168.200.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 192.168.100.1#security-policyrule name trust-untrustsource-zone trustdestination-zone untrustsource-address 192.168.10.1 mask 255.255.255.255source-address 192.168.20.0 mask 255.255.255.0action permitrule name trust-dmzsource-zone trustdestination-zone dmzsource-address 192.168.20.0 mask 255.255.255.0action permitrule name untrust-dmzsource-zone untrustdestination-zone dmzdestination-address 172.16.1.1 mask 255.255.255.255action permit#路由器配置:acl number 2000rule 10 permit source 192.168.10.0 0.0.0.255rule 15 permit source 192.168.20.0 0.0.0.255rule 20 permit source 172.16.1.1 0#firewall zone Localpriority 15#interface GigabitEthernet0/0/0ip address 192.168.100.1 255.255.255.0#interface GigabitEthernet0/0/1ip address 202.1.1.1 255.255.255.0nat server protocol tcp global current-interface 8080 inside 172.16.1.1 wwwnat outbound 2000#interface LoopBack0ip address 3.3.3.3 255.255.255.255#ospf 1 router-id 3.3.3.3area 0.0.0.0network 192.168.100.0 0.0.0.255#ip route-static 0.0.0.0 0.0.0.0 202.1.1.2验证配置:
https://p26-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/712c0860c4454cae92bd03a49439868c~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=2ZnqWO6J451XgIVBPiwY2aAq6zM%3D


https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/1b8d3ac93df343da97b87e4a8be95898~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=pOBG16TwnJo1BxMBovlJtPFonrw%3D


https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/48a3290b1fc44c299a0f8720e65a0c95~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=%2FjVP%2FPJ61ZWPvxAM3YpFjZBHu%2Fs%3D


https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/f4a0b8ade1b8487fbf995a3b7015cac6~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=HfDxmPQDP7i9t0VfIDSbMUx7ElY%3D


https://p3-sign.toutiaoimg.com/tos-cn-i-qvj2lq49k0/030d4a55492d42db8391d94cc8760115~tplv-tt-origin-web:gif.jpeg?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1740648044&x-signature=0DlXwEn%2FyTlxD98DZMMwbOn2aYE%3D

mawr1985 发表于 2025-2-21 07:56:44

{:6_267:}
页: [1]
查看完整版本: 中小型企业华为路由器+防火墙+核心交换机网络部署