ensp綜合組網實驗

一、實驗背景

本實驗以某大學校區信息平台2號樓實驗樓網絡工程項目的應用需求為背景，規划一個6層樓，約30個機房1600多台計算機的實驗教學網絡。

二、概述

利用網絡設計規划、地址分配、VLAN划分、路由協議、網絡管理、組播協議、地址轉換、訪問控制等技術，實現網絡設計。

三、實驗設計

• Vlan划分及配置
• DHCP協議配置
• STP協議配置
• 路由備份
• VRRP協議配置
• OSPF協議配置
• PPP認證
• 組播協議配置
• 遠程登錄控制
• SNMP協議配置

四、實驗拓撲

五、具體配置

1、首先配置一樓(三樓與其配置類似，不再贅述)；
LSW5的配置如下：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info enable
Info: Information center is disabled.
[Huawei]sysname S5
[S5]vlan 30
[S5-vlan30]vlan 10
[S5-vlan10]int e0/0/2
[S5-Ethernet0/0/2]port link-type access
[S5-Ethernet0/0/2]port default vlan 10
[S5-Ethernet0/0/2]q
[S5]int e0/0/1
[S5-Ethernet0/0/1]port link-type trunk
[S5-Ethernet0/0/1]port trunk allow-pass vlan all
[S5-Ethernet0/0/1]q
[S5]q

LSW1的配置如下:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info enable
Info: Information center is disabled.
[Huawei]sysname S1
[S1]vlan batch 2 10 20
[S1]int vlan 2
[S1-Vlanif2]ip add 192.168.1.1 24
[S1-Vlanif2]q
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/1]q
[S1]int vlan 10
[S1-Vlanif10]ip add 10.1.1.1 24
[S1-Vlanif10]q
[S1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/2]q
[S1]int vlan 20
[S1-Vlanif20]ip add 10.1.2.1 24
[S1-Vlanif20]q
[S1]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/3]q
[S1]q

2、配置二樓；
LSW7的配置如下：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info enable
Info: Information center is disabled.
[Huawei]sysname S7
[S7]vlan 30
[S7-vlan30]int vlan 30
[S7-Vlanif30]ip add 10.2.1.1 24
[S7-Vlanif30]q
[S7]int e0/0/2
[S7-Ethernet0/0/2]port link-type access
[S7-Ethernet0/0/2]q
[S7]int e0/0/1
[S7-Ethernet0/0/1]port link-type trunk
[S7-Ethernet0/0/1]port trunk allow-pass vlan all
[S7-Ethernet0/0/1]q
[S7]q
<S7>sys
Enter system view, return user view with Ctrl+Z.
[S7]int e0/0/2
[S7-Ethernet0/0/2]port default vlan 30
[S7-Ethernet0/0/2]q
[S7]q
<S7>save

LSW2的配置如下：

<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info enable
Info: Information center is disabled.
[Huawei]sysname S2
[S2]vlan batch 3 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2]int vlan 3
[S2-Vlanif3]ip add 192.168.2.1 24
[S2-Vlanif3]q
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/1]q
[S2]int vlan 30
[S2-Vlanif30]ip add 10.2.1.1 24
[S2-Vlanif30]q
[S2]int vlan 40
[S2-Vlanif40]ip add 10.2.2.1 24
[S2-Vlanif40]q
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/2]q
[S2]int g0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/3]q
[S2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[S2]int vlan 30
[S2-Vlanif30]dhcp select int
[S2-Vlanif30]dhcp server dns-list 10.2.1.1
[S2-Vlanif30]dhcp server lease day 4
[S2-Vlanif30]q
[S2]int vlan 40
[S2-Vlanif40]dhcp select int
[S2-Vlanif40]dhcp server dns-list 10.2.2.1
[S2-Vlanif40]dhcp server lease day 4
[S2-Vlanif40]q
[S2]q
<S2>save

其中包含了DHCP的配置。使用命令ipconfig查看PC3和PC4已被分配到IP地址。
3、先為路由器配置虛接口
以R2為例(其它類似，不再贅述)：

<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info enable
Info: Information center is disabled.
[Huawei]sysname R2
[R2]int loop1
[R2-LoopBack1]ip add 192.168.50.1 24
[R2-LoopBack1]q
[R2]int e0/0/1       
[R2-Ethernet0/0/1]ip add 192.168.20.15 24
[R2-Ethernet0/0/1]q
[R2]int e0/0/0       
[R2-Ethernet0/0/0]ip add 192.168.100.3 24
[R2-Ethernet0/0/0]q
[R2]q
<R2>save

4、配置靜態路由
靜態路由：

ip route-static 目的地址 子網掩碼 下一跳地址

5、鏈路聚合的配置方法
因為本實驗匯聚交換機與核心交換機之間只有一條鏈路，大家可增添兩條鏈路，配置鏈路聚合.
以LSW1為例，配置鏈路聚合：
LACP模式下，需手工創建Eth-Trunk，手工加入Eth-Trunk成員接口。

<S1>sys
Enter system view, return user view with Ctrl+Z.
[S1]int eth-trunk 1
[S1-Eth-Trunk1]mode lacp-static
[S1-Eth-Trunk1]int g0/0/2
[S1-GigabitEthernet0/0/2]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-GigabitEthernet0/0/3]int g0/0/4
[S1-GigabitEthernet0/0/4]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-GigabitEthernet0/0/4]q
[S1]int eth-trunk 1
[S1-Eth-Trunk1]max active-linknumber 2
[S1-Eth-Trunk1]int g0/0/2
[S1-GigabitEthernet0/0/2]lacp priority 100
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]lacp priority 100
[S1-GigabitEthernet0/0/3]q

6、配置OSPF協議
將R1、R2、R3和LSW4圍成的區域設為骨干區域並配置OSPF協議。
以R3為例：

<R3>sys
Enter system view, return user view with Ctrl+Z.
[R3]ospf 1
[R3-ospf-1]ospf router 3.3.3.3
Info: The configuration succeeded. You need to restart the OSPF process to validate the new router ID.
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]q
[R3-ospf-1]q
[R3]q
<R3>save

7、 配置NAT轉換；
NAT配置分為三個關鍵步驟：1.配置地址池：指出可使用的公網地址范圍；2.配置訪問控制列表：標識允許訪問外網的的內部網絡地址；3.在路由器的出接口上綁定訪問控制列表和地址池。
配置地址池的命令是：nat address-group n 公網起始地址 公網結束地址。
配置訪問控制列表ACL的命令是：1.acl number ACL編號（進入ACL視圖），基本編號是從2000到2999。2.rule 規則編號 deny/permit（禁止/允許) source（指出禁止或允許的數據包源地址） 子網掩碼（掩碼按位取反）。注意，在規則列表中排在前面的先起作用，所以最后一條規則一般都是deny any。
配置路由器出接口上的nat綁定的命令是：nat outbound ACL編號 address-group 地址池編號。
最后，要在出口路由器上配置一條到外網的默認路由。
在R5上配置：

<R5>sys
Enter system view, return user view with Ctrl+Z.
[R5]nat address-group 1 200.202.10.1 200.202.10.100
[R5]acl 2000
[R5-acl-basic-2000]rule 5 permit source 10.0.0.0 0.255.255.255
[R5-acl-basic-2000]q
[R5]
[R5]int e0/0/0
[R5-Ethernet0/0/0]nat outbound 2000 address-group 1 no-pat
[R5-Ethernet0/0/0]q
[R5]q
<R5>save

8、ACL訪問控制
此實驗中，我們設定禁止102機房訪問外網，其只能內部通信。
在LSW1上配置：

<S1>sys
Enter system view, return user view with Ctrl+Z.
[S1]acl 2000
[S1-acl-basic-2000]rule deny source 10.1.2.0 0.0.0.255
[S1-acl-basic-2000]q
[S1]int eth-trunk 1
[S1-Eth-Trunk1]traffic-filter outbound acl 2000
[S1-Eth-Trunk1]q
[S1]q
<S1>save

9、配置STP協議(鏈路備份)；

以LSW1配置為例(將核心交換機配置為根橋，匯聚交換機配置為備份根橋)：

<S1>sys
Enter system view, return user view with Ctrl+Z.
[S1]stp mode rstp
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]stp root secondary
[S1]stp enable
[S1]int eth-trunk 1
[S1-Eth-Trunk1]stp loop-protection   //開啟環路保護功能
[S1-Eth-Trunk1]q

配置LSW4(核心交換機為根橋)：

<S4>sys
Enter system view, return user view with Ctrl+Z.
[S4]stp mode rstp  //運行rstp
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]stp root primary  //指定LSW4為根橋
[S4]stp enable   //使能stp
[S4]int eth-trunk 1
[S4-Eth-Trunk1]stp root-protection  //開啟根保護功能
[S4-Eth-Trunk1]q
[S4]q

10、VRRP配置(設備備份)
R3的配置如下：

<R3>sys
Enter system view, return user view with Ctrl+Z.
[R3]int e0/0/1
[R3-Ethernet0/0/1]vrrp vrid 1 virtual-ip 192.168.100.254
[R3-Ethernet0/0/1]vrrp vrid 1 priority 150
[R3-Ethernet0/0/1]q
[R3]q
<R3>save

R2的配置如下：

<R2>sys
Enter system view, return user view with Ctrl+Z.
[R2]int e0/0/0
[R2-Ethernet0/0/0]vrrp vrid 2 virtual-ip 192.168.100.254
[R2-Ethernet0/0/0]vrrp vrid 2 priority 200
[R2-Ethernet0/0/0]q
[R2]q
<R2>save

路由器主備關系，R2為主路由器，R3為備份路由器。

11、配置PPP認證

配置R5和R6之間PPP的CHAP認證，R5為認證方，R6為被認證方，認證用戶名為chaiying，密碼為hhhxyy@222。
R5配置如下：

<R5>sys
Enter system view, return user view with Ctrl+Z.
[R5]aaa
[R5-aaa]local-use chaiying password cipher hhhxyy@222
Info: Add a new user.
[R5-aaa]local-user chaiying service-type ppp
[R5-aaa]int s0/0/1
[R5-Serial0/0/1]link-protocol ppp
[R5-Serial0/0/1]ppp authentication-mode chap
[R5-Serial0/0/1]q
[R5]q
<R5>save

R6配置如下：

<R6>sys
Enter system view, return user view with Ctrl+Z.
[R6]int s0/0/0
[R6-Serial0/0/0]link-protocol ppp
[R6-Serial0/0/0]ppp chap user chaiying
[R6-Serial0/0/0]ppp chap password cipher hhhxyy@222
[R6-Serial0/0/0]q
[R6]q
<R6>save

12、遠程設備登錄控制

R5的配置如下：

<R5>sys
Enter system view, return user view with Ctrl+Z.
[R5]user-interface console 0
[R5-ui-console0]authentication-mode aaa
[R5-ui-console0]user privileg level 15
[R5-ui-console0]q
[R5]aaa
[R5-aaa]local-user admin1234 password cipher hhhxyy@222
Info: Add a new user.
[R5-aaa]local-user admin1234 privilege level 3
[R5-aaa]local-user admin1234 service-type terminal
[R5-aaa]q
[R5]q
<R5>save

13、配置路由備份
在LSW4上配置默認路由並為其設置優先級：

<S4>sys
Enter system view, return user view with Ctrl+Z.
[S4]ip route-static 0.0.0.0 0.0.0.0 192.168.100.3 preference 30
Info: Succeeded in modifying route.
[S4]ip route-static 0.0.0.0 0.0.0.0 192.168.100.4 preference 40
Info: Succeeded in modifying route.
[S4]q
<S4>save

14、組播協議配置
以LSW4為例：

<S4>sys
Enter system view, return user view with Ctrl+Z.
[S4]multicast routing-enable
[S4]int vlan 2
[S4-Vlanif2]pim dm
[S4-Vlanif2]q
[S4]int vlan 3
[S4-Vlanif3]pim dm
[S4-Vlanif3]q
[S4]int vlan 4
[S4-Vlanif4]pim dm
[S4-Vlanif4]q

15、SNMP協議配置
以R3為例配置SNMP協議：

<R3>sys
[R3]snmp-agent
[R3]snmp-agent community read public
[R3]snmp-agent community write private
[R3]snmp-agent sys-info version v1 v3
[R3]snmp-agent target-host trap address udp-domain 192.168.50.1 udp-port 161 params securityname public
[R3]q

六、實驗總結

本次實驗中，我學會了如何去做一個工程項目，同時還將之前做過的所有實驗進行總結學習，這次實驗有效地培養了我的綜合素養，提升了我的綜合能力，在今后的實驗學習中，我會更加努力，不斷探索，不斷學習！