0
  • 聊天消息
  • 系统消息
  • 评论与回复
登录后你可以
  • 下载海量资料
  • 学习在线课程
  • 观看技术视频
  • 写文章/发帖/加入社区
会员中心
创作中心

完善资料让更多小伙伴认识你,还能领取20积分哦,立即完善>

3天内不再提示

如何使用华为ensp模拟器设计实现企业网络?

jf_HnAzBl9o 来源:网络工程师笔记 2023-03-29 09:32 次阅读

本次实验在华为ensp模拟器具体实现。

拓扑图

b25e6da4-cdc5-11ed-bfe3-dac502259ad0.png

网段划分

区域 VLAN 网段
技术部 VLAN 10 192.168.10.0/24
人事部 VLAN 20 192.168.20.0/24
财务部 VLAN 30 192.168.30.0/24
领导部门 VLAN 40 192.168.40.0/24
来访客户 VLAN 100 192.168.100.0/24
服务器DMZ VLAN 90 192.138.90.0/24

办公区

VLAN+端口配置(二层)

LSW1

vlanbatch10

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan10

inte0/0/10
portlink-typeaccess
portdefaultvlan10

LSW2

vlanbatch20

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan20

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

inte0/0/10
portlink-typeaccess
portdefaultvlan20

LSW3

vlanbatch30

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan30

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan30

inte0/0/10
portlink-typeaccess
portdefaultvlan30

LSW4

vlanbatch40

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan40

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan40

inte0/0/10
portlink-typeaccess
portdefaultvlan40

H_SW1

vlanbatch10203040

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

intg0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

intg0/0/3
portlink-typetrunk
porttrunkallow-passvlan30

intg0/0/4
portlink-typetrunk
porttrunkallow-passvlan40

H_SW2

vlanbatch10203040

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan10

intg0/0/2
portlink-typetrunk
porttrunkallow-passvlan20

intg0/0/3
portlink-typetrunk
porttrunkallow-passvlan30

intg0/0/4
portlink-typetrunk
porttrunkallow-passvlan40

无线网络配置

H_SW1

vlanbatch1001000

intg0/0/5
portlink-typetrunk
porttrunkallow-passvlanall

intg0/0/6
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable
intvlanif100
ipadd192.168.100.124
dhcpselectinterface
dhcpserverdns-list8.8.8.8

H_SW2

vlanbatch1001000

intg0/0/5
portlink-typetrunk
porttrunkallow-passvlanall

intg0/0/6
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable

LSW5

vlanbatch1001000

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlanall

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlanall

inte0/0/10
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable

LSW6

vlanbatch1001000

inte0/0/1
portlink-typetrunk
porttrunkallow-passvlan1001000

inte0/0/2
portlink-typetrunk
porttrunkallow-passvlan1001000

inte0/0/10
portlink-typetrunk
porttrunkallow-passvlan1001000
porttrunkpvidvlan1000

dhcpenable

AC

utm
sys
sysnameAC

vlanbatch1001000

intg0/0/1
portlink-typetrunk
porttrunkallow-passvlan1001000

dhcpenable
intvlanif1000
ipadd192.168.101.124
dhcpselectinterface

capwapsourceinterfaceVlanif1000

wlan
ap-groupnameap-group1
regulatory-domain-profiledefault
y
quit

apauth-modemac-auth

ap-id0ap-mac00e0-fc25-3910
ap-namearea_1
ap-groupap-group1
y
quit

security-profilenameWLAN
securitywpa-wpa2pskpass-phrasea1234567aes
quit

ssid-profilenameWLAN
ssidWLAN
quit

vap-profilenameWLAN
forward-modedirect-forward
service-vlanvlan-id100
security-profileWLAN
ssid-profileWLAN
quit

ap-groupnameap-group1
vap-profileWLANwlan1radio0
vap-profileWLANwlan1radio1

DHCP配置

H_SW1

dhcpenable
ippoolvlan10
gateway-list192.168.10.254
network192.168.10.0mask24
excluded-ip-address192.168.10.1192.168.10.10
excluded-ip-address192.168.10.150192.168.10.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan20
gateway-list192.168.20.254
network192.168.20.0mask255.255.255.0
excluded-ip-address192.168.20.1192.168.20.10
excluded-ip-address192.168.20.150192.168.20.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan30
gateway-list192.168.30.254
network192.168.30.0mask255.255.255.0
excluded-ip-address192.168.30.1192.168.30.10
excluded-ip-address192.168.30.150192.168.30.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan40
gateway-list192.168.40.254
network192.168.40.0mask255.255.255.0
excluded-ip-address192.168.40.1192.168.40.10
excluded-ip-address192.168.40.150192.168.40.253
dns-list8.8.8.8
domain-nameblue.com

intvlanif10
ipadd192.168.10.1255.255.255.0
dhcpselectglobal

intvlanif20
ipadd192.168.20.1255.255.255.0
dhcpselectglobal

intvlanif30
ipadd192.168.30.1255.255.255.0
dhcpselectglobal

intvlanif40
ipadd192.168.40.1255.255.255.0
dhcpselectglobal

H_SW2

dhcpenable
ippoolvlan10
gateway-list192.168.10.254
network192.168.10.0mask255.255.255.0
excluded-ip-address192.168.10.1192.168.10.149
excluded-ip-address192.168.10.250192.168.10.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan20
gateway-list192.168.20.254
network192.168.20.0mask255.255.255.0
excluded-ip-address192.168.20.1192.168.20.149
excluded-ip-address192.168.20.250192.168.20.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan30
gateway-list192.168.30.254
network192.168.30.0mask255.255.255.0
excluded-ip-address192.168.30.1192.168.30.149
excluded-ip-address192.168.30.250192.168.30.253
dns-list8.8.8.8
domain-nameblue.com

ippoolvlan40
gateway-list192.168.40.254
network192.168.40.0mask255.255.255.0
excluded-ip-address192.168.40.1192.168.40.149
excluded-ip-address192.168.40.250192.168.40.253
dns-list8.8.8.8
domain-nameblue.com

interfaceVlanif10
ipaddress192.168.10.2255.255.255.0
dhcpselectglobal

interfaceVlanif20
ipaddress192.168.20.2255.255.255.0
dhcpselectglobal

interfaceVlanif30
ipaddress192.168.30.2255.255.255.0
dhcpselectglobal

interfaceVlanif40
ipaddress192.168.40.2255.255.255.0
dhcpselectglobal

在IP地址池创建的过程中,使用了excluded-ip-address命令,使得在主备交换机切换时分配的地址池相互排除,防止主备交换机切换后出现IP地址分配冲突导致网络故障。

VRRP配置

H_SW1

intvlanif10
vrrpvrid10virtual-ip192.168.10.254
vrrpvrid10priority105

intvlanif20
vrrpvrid20virtual-ip192.168.20.254
vrrpvrid20priority105

intvlanif30
vrrpvrid30virtual-ip192.168.30.254

intvlanif40
vrrpvrid40virtual-ip192.168.40.254

H_SW2

intvlanif10
vrrpvrid10virtual-ip192.168.10.254

intvlanif20
vrrpvrid20virtual-ip192.168.20.254

intvlanif30
vrrpvrid30virtual-ip192.168.30.254
vrrpvrid30priority105

intvlanif40
vrrpvrid40virtual-ip192.168.40.254
vrrpvrid40priority105

STP配置

LSW1

stpregion-configuration
region-nameBlue_mstp
revision-level1
instance10vlan10
activeregion-configuration

inte0/0/10
stpedged-portenable

LSW2

stpregion-configuration
region-nameBlue_mstp
revision-level1
instance10vlan10
activeregion-configuration

inte0/0/10
stpedged-portenable

LSW3

stpregion-configuration
region-nameBlue_mstp
revision-level1
instance30vlan30
activeregion-configuration
quit

inte0/0/10
stpedged-portenable

LSW4

stpregion-configuration
region-nameBlue_mstp
revision-level1
instance40vlan40
activeregion-configuration

inte0/0/10
stpedged-portenable

H_SW1

stpinstance12rootprimary
stpinstance34rootsecondary
stpregion-configuration
region-nameBlue_mstp
revision-level1
instance12vlan1020
instance34vlan3040
activeregion-configuration

intg0/0/11
stpdisable
intg0/0/12
stpdisable

H_SW2

stpinstance12rootsecondary
stpinstance34rootprimary
stpregion-configuration
region-nameBlue_mstp
revision-level1
instance12vlan1020
instance34vlan3040
activeregion-configuration

intg0/0/11
stpdisable
intg0/0/12
stpdisable

ACL配置

H_SW1

aclnumber3002
rule5denyipsource192.168.100.00.0.0.255destination192.168.0.00.0.255.255

intg0/0/5
traffic-filterinboundacl3002

H_SW2

aclnumber3002
rule5denyipsource192.168.100.00.0.0.255destination192.168.0.00.0.255.255

intg0/0/5
traffic-filterinboundacl3002

LACP配置

LACP链路聚合,链路聚合的原理是将一组相同属性的物理接口捆绑在一起为一个逻辑接口来增加带宽和可靠性的一种方法。有以下优势:
增加带宽、提高冗余(提高可靠性)、负载分担、节省成本、配置量小
1.增加带宽:链路聚合接口的最大带宽可以达到各个成员接口带宽之和。
2提高冗余:当某条路线出现故障的时候,流量可以切到其他可用的成员链路上。流量会切到其他可用链路上,从而提高链路聚合接口的冗余性。并不会影响数据的传输,相对来说也具有稳定性。
3负载分担:在一个链路聚合组内,可以实现在各成员活动链路上的负载分担。
4节省成本:管理员不需要升级链路速度,对已有的接口进行捆绑。
5配置量小:大部分的配置在组Eth-Trunk下完成。
主要的优势是能增加带宽、提高可靠性和负载分担。

H_SW1

lacppriority100

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/13
eth-trunk1
lacppriority100
intg0/0/14
eth-trunk1

H_SW2

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/13
eth-trunk1
intg0/0/14
eth-trunk1

OSPF配置

LSW1

intloopback0
ipadd192.168.1.132

LSW2

interfaceLoopBack0
ipaddress192.168.2.2255.255.255.255

LSW3

interfaceLoopBack0
ipaddress192.168.3.3255.255.255.255

LSW4

interfaceLoopBack0
ipaddress192.168.4.4255.255.255.255

H_SW1

intloopback0
ipadd192.168.5.532

ospf10router-id192.168.5.5
silent-interfaceVlanif10
silent-interfaceVlanif20
silent-interfaceVlanif30
silent-interfaceVlanif40
area0
network192.168.5.50.0.0.0
network192.168.10.10.0.0.0
network192.168.20.10.0.0.0
network192.168.30.10.0.0.0
network192.168.40.10.0.0.0
network192.168.25.50.0.0.0
network192.168.35.50.0.0.0
network192.168.100.10.0.0.0

H_SW2

interfaceLoopBack0
ipaddress192.168.6.6255.255.255.255

ospf10router-id192.168.6.6
silent-interfaceVlanif10
silent-interfaceVlanif20
silent-interfaceVlanif30
silent-interfaceVlanif40
area0.0.0.0
network192.168.6.60.0.0.0
network192.168.10.20.0.0.0
network192.168.20.20.0.0.0
network192.168.30.20.0.0.0
network192.168.40.20.0.0.0
network192.168.24.60.0.0.0
network192.168.36.60.0.0.0
network192.168.100.20.0.0.0

核心层

VLAN划分+配置端口

核心交换机

C_SW1

vlanbatch22to25

intg0/0/1
portlink-typeaccess
portdefaultvlan25
stpdisable

intg0/0/2
portlink-typeaccess
portdefaultvlan24
stpdisable

intg0/0/11
portlink-typeaccess
portdefaultvlan22
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan23
stpdisable


interfaceVlanif22
ipaddress192.168.22.7255.255.255.0

interfaceVlanif23
ipaddress192.168.23.7255.255.255.0

interfaceVlanif24
ipaddress192.168.24.7255.255.255.0

interfaceVlanif25
ipaddress192.168.25.7255.255.255.0

C_SW2

vlanbatch33to364455

intg0/0/1
portlink-typeaccess
portdefaultvlan35
stpdisable

intg0/0/2
portlink-typeaccess
portdefaultvlan36
stpdisable

intg0/0/11
portlink-typeaccess
portdefaultvlan34
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan33
stpdisable


interfaceVlanif33
ipaddress192.168.33.8255.255.255.0

interfaceVlanif34
ipaddress192.168.34.8255.255.255.0

interfaceVlanif35
ipaddress192.168.35.8255.255.255.0

interfaceVlanif36
ipaddress192.168.36.8255.255.255.0

interfaceVlanif44
ipaddress192.168.44.8255.255.255.0

interfaceVlanif55
ipaddress192.168.55.8255.255.255.0

汇聚层连接核心交换机

H_SW1

vlanbatch2535

intg0/0/11
portlink-typeaccess
portdefaultvlan25
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan35
stpdisable


intvlanif25
ipadd192.168.25.524

intvlanif35
ipadd192.168.35.524

H_SW2

vlanbatch2436

intg0/0/11
portlink-typeaccess
portdefaultvlan24
stpdisable

intg0/0/12
portlink-typeaccess
portdefaultvlan36
stpdisable


intvlanif24
ipadd192.168.24.624

intvlanif36
ipadd192.168.36.624

STP配置

C_SW1

intg0/0/1
stpdisable

intg0/0/2
stpdisable

intg0/0/11
stpdisable

intg0/0/12
stpdisable

C_SW2

intg0/0/1
stpdisable

intg0/0/2
stpdisable

intg0/0/11
stpdisable

intg0/0/12
stpdisable

LACP链路聚合

C_SW1

lacppriority100

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/3
eth-trunk1
lacppriority100
intg0/0/4
eth-trunk1

C_SW2

inteth-trunk1
portlink-typetrunk
porttrunkallow-passvlan10203040
modelacp-static
load-balancesrc-dst-mac

intg0/0/3
eth-trunk1
intg0/0/4
eth-trunk1

OSPF配置

C_SW1

interfaceLoopBack0
ipaddress192.168.7.7255.255.255.255

ospf10router-id192.168.7.7
area0.0.0.0
network192.168.7.70.0.0.0
network192.168.22.70.0.0.0
network192.168.23.70.0.0.0
network192.168.44.70.0.0.0
network192.168.55.70.0.0.0
network192.168.24.70.0.0.0
network192.168.25.70.0.0.0

C_SW2

interfaceLoopBack0
ipaddress192.168.8.8255.255.255.255

ospf10router-id192.168.8.8
area0.0.0.0
network192.168.8.80.0.0.0
network192.168.33.80.0.0.0
network192.168.34.80.0.0.0
network192.168.35.80.0.0.0
network192.168.36.80.0.0.0
network192.168.44.80.0.0.0
network192.168.55.80.0.0.0

防火墙

基本配置

FW1

用户名:admin
原始密码:Admin@123
密码:P@ssw0rd
新密码:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW1

#配置连接防火墙web的接口,IP为虚拟网络对应网段的地址
intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.224
service-manageallpermit

FW2

用户名:admin
原始密码:Admin@123
密码:P@ssw0rd
新密码:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW2

intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.324
service-manageallpermit

规划网段

FW1

intg1/0/0
undoshutdown
ipadd192.168.90.1255.255.255.0

intg1/0/1
undoshutdown
ipadd192.168.22.1255.255.255.0
service-manageallpermit

intg1/0/2
undoshutdown
ipadd192.168.34.1255.255.255.0

intg1/0/3
undoshutdown

intg1/0/4
undoshutdown

intg1/0/5
undoshutdown
ipaddress100.100.100.1255.255.255.0
service-managepingpermit

intg1/0/6
undoshutdown
ipadd200.200.200.1255.255.255.0
service-managepingpermit

FW2

intg1/0/0
undoshutdown
ipadd192.168.90.2255.255.255.0

intg1/0/1
undoshutdown
ipadd192.168.23.1255.255.255.0
service-manageallpermit

intg1/0/2
undoshutdown
ipadd192.168.33.1255.255.255.0

intg1/0/3
undoshutdown

intg1/0/4
undoshutdown

intg1/0/5
undoshutdown
ipaddress100.100.100.2255.255.255.0
service-managepingpermit

intg1/0/6
undoshutdown
ipadd200.200.200.2255.255.255.0

LACP链路聚合

FW1

inteth-trunk2
ipadd192.168.2.1255.255.255.0
modelacp-static

intg1/0/3
eth-trunk2
intg1/0/4
eth-trunk2

FW2

inteth-trunk2
ipadd192.168.2.2255.255.255.0
modelacp-static

intg1/0/3
eth-trunk2
intg1/0/4
eth-trunk2

规划安全区域

根据拓扑,将接口划入对应的安全区域

注意:两个防火墙之间的心跳接口要必须放进信任区域

FW1

firewallzonetrust
addintg1/0/1
addintg1/0/2

firewallzonedmz
addintg1/0/0

firewallzonenameheartid4
setpriority75
addinteth-trunk2

firewallzonenameISP1id5
setpriority20
addintg1/0/5

firewallzonenameISP2id6
setpriority15
addintg1/0/6

FW2

firewallzonetrust
addintg1/0/1
addintg1/0/2

firewallzonedmz
addintg1/0/0

firewallzonenameheartid4
setpriority75
addinteth-trunk2

firewallzonenameISP1id5
setpriority15
addintg1/0/5

firewallzonenameISP2id6
setpriority20
addintg1/0/6

指定链路接口组名称

FW1

ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

FW2

ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

安全策略精要

BGP、BFD、DHCP、DHCPv6、LDP和OSPF是否受安全策略控制,由基础协议控制开关(firewall packet-filter basic-protocol enable)决定。

FW1

firewallpacket-filterbasic-protocolenable

firewalldefendport-scanenable
firewalldefendip-sweepenable
firewalldefendteardropenable
firewalldefendtime-stampenable
firewalldefendroute-recordenable
firewalldefendsource-routeenable
firewalldefendip-fragmentenable
firewalldefendtcp-flagenable
firewalldefendwinnukeenable
firewalldefendfraggleenable
firewalldefendtracertenable
firewalldefendicmp-unreachableenable
firewalldefendicmp-redirectenable
firewalldefendlarge-icmpenable
firewalldefendping-of-deathenable
firewalldefendsmurfenable
firewalldefendlandenable
firewalldefendip-spoofingenable

FW2

firewallpacket-filterbasic-protocolenable

firewalldefendport-scanenable
firewalldefendip-sweepenable
firewalldefendteardropenable
firewalldefendtime-stampenable
firewalldefendroute-recordenable
firewalldefendsource-routeenable
firewalldefendip-fragmentenable
firewalldefendtcp-flagenable
firewalldefendwinnukeenable
firewalldefendfraggleenable
firewalldefendtracertenable
firewalldefendicmp-unreachableenable
firewalldefendicmp-redirectenable
firewalldefendlarge-icmpenable
firewalldefendping-of-deathenable
firewalldefendsmurfenable
firewalldefendlandenable
firewalldefendip-spoofingenable

安全策略配置

FW1

security-policy

#管理区
rulenameTrust_Local
descriptionManagement
source-zonetrust
destination-zonelocal
actionpermit

FW2

security-policy

#管理区
rulenameTrust_Local
descriptionManagement
source-zonetrust
destination-zonelocal
actionpermit

配置IP-link

FW1

ip-linkcheckenable
ip-linknameisp1
destination100.100.100.100interfaceGigabitEthernet1/0/5modeicmp
ip-linknameisp2
destination200.200.200.200interfaceGigabitEthernet1/0/6modeicmp

#安全策略配置
security-policy
rulenameLocal_ISP
descriptionip-link
source-zonelocal
destination-zoneISP1
destination-zoneISP2
actionpermit

FW2

ip-linkcheckenable
ip-linknameisp1
destination100.100.100.100interfaceGigabitEthernet1/0/5modeicmp
ip-linknameisp2
destination200.200.200.200interfaceGigabitEthernet1/0/6modeicmp

#安全策略配置
security-policy
rulenameLocal_ISP
descriptionip-link
source-zonelocal
destination-zoneISP1
destination-zoneISP2
actionpermit

配置静态路由

FW1

iproute-static0.0.0.00.0.0.0100.100.100.100preference50trackip-linkisp1
iproute-static0.0.0.00.0.0.0200.200.200.200preference50
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/5100.100.100.100
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/6200.200.200.200
iproute-static10.20.100.0255.255.255.0NULL0

FW2

iproute-static0.0.0.00.0.0.0100.100.100.100
iproute-static0.0.0.00.0.0.0200.200.200.200preference50
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/5100.100.100.100
iproute-static10.20.100.0255.255.255.0GigabitEthernet1/0/6200.200.200.200
iproute-static10.20.100.0255.255.255.0NULL0

配置OSPF动态路由

步骤一:配置动态路由

FW1

interfaceLoopBack0
ipaddress192.168.11.11255.255.255.255

ospf10router-id192.168.11.11
default-route-advertise
area0.0.0.0
network192.168.11.110.0.0.0
network192.168.22.10.0.0.0
network192.168.34.10.0.0.0 
network192.168.90.10.0.0.0

FW2

interfaceLoopBack0
ipaddress192.168.22.22255.255.255.255

ospf10router-id192.168.22.22
default-route-advertise
area0.0.0.0
network192.168.22.220.0.0.0
network192.168.23.10.0.0.0
network192.168.33.10.0.0.0
network192.168.90.20.0.0.0

步骤二:配置安全策略

FW1

security-policy
rulenameLocal_Trust
descriptionOSPF
source-zonelocal
destination-zonetrust
actionpermit

FW2

security-policy
rulenameLocal_Trust
descriptionOSPF
source-zonelocal
destination-zonetrust
actionpermit

双机热备

步骤1:配置VRRP备份组

主设备:FW1

intg1/0/5
vrrpvrid1virtual-ip100.100.100.5active
vrrpvirtual-macenable

intg1/0/6
vrrpvrid2virtual-ip200.200.200.5standby
vrrpvirtual-macenable

备份设备:FW2

intg1/0/5
vrrpvrid1virtual-ip100.100.100.5standby
vrrpvirtual-macenable

intg1/0/6
vrrpvrid2virtual-ip200.200.200.5active
vrrpvirtual-macenable

步骤2:开启HRP协议,并配置心跳接口和会话备份功能

FW1

hrpenable
hrpinteth-trunk2remote192.168.2.2
hrpmirrorsessionenable
hrpstandbyconfigenable

FW2

hrpenable
hrpinteth-trunk2remote192.168.2.1
hrpmirrorsessionenable
hrpstandbyconfigenable

步骤3:配置安全策列

是内网用户可以访问服务器和外网用户;外网用户只能访问服务器。
注意:只需要配置Master即可,Backup设备不用配置,配置命令会自动从主设备备份到备份设备。

FW1

security-policy
rulenameheart
source-zoneheart
source-zonelocal
destination-zoneheart
destination-zonelocal
actionpermit

FW2

security-policy
defaultactionpermit
rulenameheart
source-zoneheart
source-zonelocal
destination-zoneheart
destination-zonelocal
actionpermit

NAT配置

定义转换的IP地址范围

FW1

ipaddress-setWeb_IPtypeobject
address0100.100.100.5mask32
address1200.200.200.5mask32
ipaddress-setPCtypeobject
address0192.168.10.0mask24
address1192.168.20.0mask24
address2192.168.30.0mask24
address 3 192.168.40.0 mask 24 来源:网络技术干货

FW2

ipaddress-setWeb_IPtypeobject
address0100.100.100.5mask32
address1200.200.200.5mask32
ipaddress-setPCtypeobject
address0192.168.10.0mask24
address1192.168.20.0mask24
address2192.168.30.0mask24
address3192.168.40.0mask24

配置安全策略

FW1

security-policy
rulenameTrust_ISP
descriptionNAT
source-zonetrust
destination-zoneISP1
destination-zoneISP2
source-addressaddress-setPC
actionpermit

FW2

security-policy
rulenameTrust_ISP
descriptionNAT
source-zonetrust
destination-zoneISP1
destination-zoneISP2
source-addressaddress-setPC
actionpermit

配置NAT策略

FW1

nataddress-groupisp10
modepat
section0100.100.100.1100.100.100.2

nataddress-groupisp21
modepat
section0200.200.200.1200.200.200.2

nat-policy
rulenameNO_NAT_ISP1
source-zonetrust
destination-zoneISP1
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNO_NAT_ISP2
source-zonetrust
destination-zoneISP2
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNAT_ISP1
source-zonetrust
destination-zoneISP1
actionsource-nataddress-groupisp1
rulenameNAT_ISP2
source-zonetrust
destination-zoneISP2
actionsource-nataddress-groupisp2

FW2

nataddress-groupisp10
modepat
section0100.100.100.1100.100.100.2

nataddress-groupisp21
modepat
section0200.200.200.1200.200.200.2

nat-policy
rulenameNO_NAT_ISP1
source-zonetrust
destination-zoneISP1
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNO_NAT_ISP2
source-zonetrust
destination-zoneISP2
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
destination-address10.20.0.0mask255.255.0.0
actionno-nat
rulenameNAT_ISP1
source-zonetrust
destination-zoneISP1
actionsource-nataddress-groupisp1
rulenameNAT_ISP2
source-zonetrust
destination-zoneISP2
actionsource-nataddress-groupisp2

SNMP配置

FW1

snmp-agentsession-ratetrapthreshold100

FW2

snmp-agentsession-ratetrapthreshold100

IPsec配置

步骤一:配置ACL

FW1

aclnumber3000
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255
aclnumber3001
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255

FW2

aclnumber3000
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255
aclnumber3001
rule5permitipsource192.168.0.00.0.255.255destination10.20.100.00.0.0.255

步骤二:配置IPsec proposal

这是IKE阶段二的策略,在阶段二的策略中安全协议采用ESP,加密算法使用aes-256,验证算法使用sha2-256

FW1

ipsecproposalprop23101638529
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101639469
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

FW2

ipsecproposalprop23101638529
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101639469
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

步骤三:配置IKE proposal

配置IKE Proposal,这是IKE阶段一的策略,在FW1/FW2上部署的相关策略均需与FW3相匹配。IKE阶段一的策略中,身份验证使用的是预共享的认证方式,验证算法使用的是sha2-256,加密算法使用aes-256

FW1

ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

FW2

ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

步骤四:配置IKE peer

定义预共享秘钥、关联IKE proposal并指定隧道对端节点IP

FW1

ikepeerike231016385293
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idC1
dpdtypeperiodic
ikenegotiatecompatible
ikepeerike231016394699
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idc2
dpdtypeperiodic
ikenegotiatecompatible

FW2

ikepeerike231016385293
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idC1
dpdtypeperiodic
ikenegotiatecompatible
ikepeerike231016394699
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idC2
dpdtypeperiodic
ikenegotiatecompatible

步骤五:配置IPsec Policy

创建ipsec policy,绑定ipsec proposal、Ike peer、ACL感兴趣流、配置本地站点地址。

FW1

ipsecpolicy-templatetpl2310163852931
securityacl3000
ike-peerike231016385293
proposalprop23101638529
tunnellocal100.100.100.5
aliasIPsec-1
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicy-templatetpl2310163946991
securityacl3001
ike-peerike231016394699
proposalprop23101639469
tunnellocal200.200.200.5
aliasIPsec-2
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec231016385210000isakmptemplatetpl231016385293
ipsecpolicyipsec231016394610000isakmptemplatetpl231016394699

FW2

ipsecpolicy-templatetpl2310163852931
securityacl3000
ike-peerike231016385293
proposalprop23101638529
tunnellocal100.100.100.5
aliasIPsec-1
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic
ipsecpolicy-templatetpl2310163946991
securityacl3001
ike-peerike231016394699
proposalprop23101639469
tunnellocal200.200.200.5
aliasIPsec-2
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec231016385210000isakmptemplatetpl231016385293
ipsecpolicyipsec231016394610000isakmptemplatetpl231016394699

步骤六:应用IPsec Policy到接口

FW1

intg1/0/5
ipsecpolicyipsec2310163852master

intg1/0/6
ipsecpolicyipsec2310163946slave

FW2

intg1/0/5
ipsecpolicyipsec2310163852slave

intg1/0/6
ipsecpolicyipsec2310163946master

步骤七:配置策略

FW1

#基于策略路由
policy-based-route
rulenameTrust_DMZ1
source-zonetrust
destination-addressaddress-setWeb_IP
actionpbrnext-hop192.168.90.3
rulenameISP12
source-zonetrust
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/5next-hop100.100.100.100
rulenameISP23
source-zonetrust
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/6next-hop200.200.200.200

#安全策略配置
security-policy
rulenameISP_Local
descriptionIPSec
source-zoneISP1
source-zoneISP2
destination-zonelocal
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit
rulenameISP_Trust
descriptionVPN
source-zoneISP1
source-zoneISP2
destination-zonetrust
destination-address192.168.0.0mask255.255.0.0
actionpermit

FW2

#基于策略路由
policy-based-route
rulenameTrust_DMZ1
source-zonetrust
destination-addressaddress-setWeb_IP
actionpbrnext-hop192.168.90.3
rulenameISP12
source-zonetrust
source-address192.168.10.0mask255.255.255.0
source-address192.168.20.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/5next-hop100.100.100.100
rulenameISP23
source-zonetrust
source-address192.168.30.0mask255.255.255.0
source-address192.168.40.0mask255.255.255.0
actionpbregress-interfaceGigabitEthernet1/0/6next-hop200.200.200.200

#安全策略配置
security-policy
rulenameISP_Local
descriptionIPSec
source-zoneISP1
source-zoneISP2
destination-zonelocal
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit
rulenameISP_Trust
descriptionVPN
source-zoneISP1
source-zoneISP2
destination-zonetrust
destination-address192.168.0.0mask255.255.0.0
actionpermit

L2TP配置

打开防火墙的web界面,依次选择 对象->用户->default,然后新建一个用于登录L2TP VPN的用户,再点击应用。

FW1

l2tpenable

aaa
service-schemewebServerScheme1649076535499
quit
domaindefault
service-schemewebServerScheme1649076535499
service-typel2tpike
internet-accessmodepassword
referenceusercurrent-domain
manager-userpassword-modifyenable
manager-useraudit-admin
passwordcipherBlue@123
service-typewebterminal
level15

l2tp-group1
tunnelpasswordcipherblue@123
tunnelnameLNS
allowl2tpvirtual-template1remoteL2TP-Clientdomaindefault

interfaceVirtual-Template0
pppauthentication-modechap
y
remoteaddress172.16.1.10
ipaddress172.16.1.1255.255.255.0
service-managepingpermit

路由配置

接口配置地址

ISP

intg0/0/1
ipadd10.10.100.324

intg0/0/2
ipadd10.10.200.324

intg0/0/3
ipadd150.150.150.124

inte0/0/0
ipadd8.8.8.124

inte0/0/1
ipadd192.168.94.5024

ISP_1

intg0/0/1
ipadd100.100.100.10024

intg0/0/2
ipadd10.10.100.124

ISP_2

intg0/0/1
ipadd200.200.200.20024

intg0/0/2
ipadd10.10.200.224

配置IS-IS

ISP

intloopback0
ipadd3.3.3.332

isis26
network-entity49.0010.0030.0300.3003.00
is-levellevel-2
cost-stylewide
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intg0/0/3
isisenable26

inte0/0/0
isisenable26

inte0/0/1
isisenable26

intloopback0
isisenable26

ISP_1

intloopback0
ipadd1.1.1.132

isis26
is-levellevel-2
cost-stylewide
network-entity49.0010.0010.0100.1001.00
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intloopback0
isisenable26

ISP_2

intloopback0
ipadd2.2.2.232

isis26
is-levellevel-2
cost-stylewide
network-entity49.0010.0020.0200.2002.00
log-peer-changetopology

intg0/0/1
isisenable26

intg0/0/2
isisenable26

intloopback0
isisenable26

公司配置

防火墙

初始化配置

用户名:admin
原始密码:Admin@123
密码:Blue@123
undoterminalmonitor
language-modeChinese
sys
sysnameFW3

intg0/0/0
undoipadd192.168.0.124
ipadd192.168.94.424
service-manageallpermit

规划网段

intg1/0/0
undoshutdown
ipadd150.150.150.150255.255.255.0
service-managepingpermit

intg1/0/1
undoshutdown
ipadd10.20.100.254255.255.255.0
service-managepingpermit

#创建Tunnel接口并绑定接口
intTunnel1
ipaddunnumberedintg1/0/0
aliasTunnel1
service-managepingpermit

intTunnel2
ipaddunnumberedintg1/0/0
aliasTunnel2
service-managepingpermit

规划安全区域

firewallzonetrust
addinterfaceGigabitEthernet1/0/1

firewallzoneuntrust
addinterfaceGigabitEthernet1/0/0
addinterfaceTunnel1
addinterfaceTunnel2

指定链路接口组名称

ispname"chinamobile"linkif-group63
ispname"chinaunicom"linkif-group62
ispname"chinatelecom"linkif-group61
ispname"chinaeducationnet"linkif-group60

安全策略配置

#基础协议控制开关
firewallpacket-filterbasic-protocolenable

#安全策略
security-policy
rulenameTrust_Untrust
source-zonetrust
destination-zoneuntrust
actionpermit

配置IP-Link

ip-linkcheckenable

ip-linknamelink_100
destination100.100.100.5interfaceGigabitEthernet1/0/1modeicmp

ip-linknamelink_200
destination200.200.200.5interfaceGigabitEthernet1/0/1modeicmp

配置静态路由

iproute-static0.0.0.00.0.0.0150.150.150.1
iproute-static192.168.0.0255.255.0.0NULL0
iproute-static192.168.10.0255.255.255.0Tunnel1preference10trackip-linklink_100
iproute-static192.168.10.0255.255.255.0Tunnel2preference20
iproute-static192.168.20.0255.255.255.0Tunnel1preference10trackip-linklink_100
iproute-static192.168.20.0255.255.255.0Tunnel2preference20
iproute-static192.168.30.0255.255.255.0Tunnel2preference10trackip-linklink_200
iproute-static192.168.30.0255.255.255.0Tunnel1preference20
iproute-static192.168.40.0255.255.255.0Tunnel2preference10trackip-linklink_200
iproute-static192.168.40.0255.255.255.0Tunnel1preference20

NAT配置

#配置NAT策略
nat-policy
rulenameNO_NAT
source-zonetrust
destination-zoneuntrust
source-address10.20.100.0mask255.255.255.0
destination-address192.168.0.0mask255.255.0.0
actionno-nat
rulenameNAT
source-zonetrust
destination-zoneuntrust
actionsource-nateasy-ip

配置IPSec VPN

步骤一:配置ACL

aclnumber3000
rule5permitipsource10.20.100.00.0.0.255destination192.168.0.00.0.255.255

aclnumber3001
rule5permitipsource10.20.100.00.0.0.255destination192.168.0.00.0.255.255

步骤二:配置IPSec proposal

ipsecproposalprop23101712198
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256
ipsecproposalprop23101713129
encapsulation-modeauto
espauthentication-algorithmsha2-256
espencryption-algorithmaes-256

步骤三:配置IKE proposal

ikeproposal1
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256
ikeproposal2
encryption-algorithmaes-256
dhgroup14
authentication-algorithmsha2-256
authentication-methodpre-share
integrity-algorithmhmac-sha2-256
prfhmac-sha2-256

步骤四:配置IKE peer

ikepeerike231017121983
exchange-modeauto
pre-shared-key123.abc
ike-proposal1
local-id-typefqdn
remote-id-typenone
local-idBr1
dpdtypeperiodic
remote-address100.100.100.5
ikepeerike231017131292
exchange-modeauto
pre-shared-key123.abc
ike-proposal2
local-id-typefqdn
remote-id-typenone
local-idBr2
dpdtypeperiodic
remote-address200.200.200.5

步骤五:配置IPSec Policy

ipsecpolicyipsec23101712191isakmp
securityacl3000
ike-peerike231017121983
proposalprop23101712198
tunnellocalapplied-interface
aliasIPSec-1
satrigger-modeauto
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

ipsecpolicyipsec23101713121isakmp
securityacl3001
ike-peerike231017131292
proposalprop23101713129
tunnellocalapplied-interface
aliasIPSec-2
satrigger-modeauto
sadurationtraffic-based10485760
sadurationtime-based3600
routeinjectdynamic

步骤六:应用IPSec Policy到接口

intTunnel1
tunnel-protocolipsec
ipsecpolicyipsec2310171219

intTunnel2
tunnel-protocolipsec
ipsecpolicyipsec2310171312

步骤七:配置策略

security-policy
rulenameLocal_Untrust
descriptionIPSECUPD500
source-zonelocal
destination-zoneuntrust
destination-address100.100.100.5mask255.255.255.255
destination-address200.200.200.5mask255.255.255.255
actionpermit

rulenameUntrust_Local
descriptionIPSec_esp
source-zoneuntrust
destination-zonelocal
source-address100.100.100.5mask255.255.255.255
source-address200.200.200.5mask255.255.255.255
actionpermit

rulenameUntrust_Trust
descriptionVPN
source-zoneuntrust
destination-zonetrust
source-address192.168.0.0mask255.255.0.0
destination-address10.20.100.0mask255.255.255.0
actionpermit

服务区域DMZ

VLAN+端口配置

LSW9

vlanbatch90
intvlanif90
ipaddress192.168.90.3255.255.255.0

intg0/0/11
portlink-typeaccess
portdefaultvlan90

intg0/0/12
portlink-typeaccess
portdefaultvlan90

intg0/0/13
portlink-typeaccess
portdefaultvlan90

intg0/0/1
portlink-typeaccess
portdefaultvlan90

intg0/0/2
portlink-typeaccess
portdefaultvlan90

ospf配置

LSW9

intloopback0
ipadd192.168.9.932

ospf10router-id192.168.9.9
default-route-advertise
area0.0.0.0
network192.168.9.90.0.0.0
network192.168.90.30.0.0.0

安全策略配置

FW1

#外网访问服务、防火墙到服务器、内网访问服务

security-policy
rulenameISP_DMZ
descriptionWWW
source-zoneISP1
source-zoneISP2
destination-zonedmz
destination-addressaddress-setWeb_IP
servicedns
serviceftp
servicehttp
serviceicmp
long-linkenable
long-linkaging-time10
actionpermit

rulenameLocal_DMZ
descriptionOSPF
source-zonelocal
destination-zonedmz
destination-address192.168.90.0mask255.255.255.0
serviceicmp
actionpermit

rulenameTrust_DMZ
source-zonetrust
destination-zonedmz
servicehttp
actionpermit

FW2

security-policy
rulenameISP_DMZ
descriptionWWW
source-zoneISP1
source-zoneISP2
destination-zonedmz
destination-addressaddress-setWeb_IP
servicedns
serviceftp
servicehttp
serviceicmp
long-linkenable
long-linkaging-time10
actionpermit

rulenameLocal_DMZ
descriptionOSPF
source-zonelocal
destination-zonedmz
destination-address192.168.90.0mask255.255.255.0
serviceicmp
actionpermit

rulenameTrust_DMZ
source-zonetrust
destination-zonedmz
servicehttp
actionpermit

服务器负载均衡SLB

FW1

slbenable

slb
group0server
metricroundrobin
health-checktypeicmp
rserver1rip192.168.90.10port80max-connection10descriptionserver1
rserver2rip192.168.90.20port80max-connection20descriptionserver2
rserver3rip192.168.90.30port80max-connection30descriptionserver3
actionoptimize
vserver0WEB
vip0100.100.100.5
vip1200.200.200.5
protocolhttp
vport80
groupserver

FW2

slbenable

slb
group0server
metricroundrobin
health-checktypeicmp
rserver1rip192.168.90.10port80max-connection10descriptionserver1
rserver2rip192.168.90.20port80max-connection20descriptionserver2
rserver3rip192.168.90.30port80max-connection30descriptionserver3
actionoptimize
vserver0WEB
vip0100.100.100.5
vip1200.200.200.5
protocolhttp
vport80
groupserver

审核编辑 :李倩


声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。 举报投诉
  • 华为
    +关注

    关注

    215

    文章

    34236

    浏览量

    250908
  • VLAN
    +关注

    关注

    1

    文章

    264

    浏览量

    35529
  • 模拟器
    +关注

    关注

    2

    文章

    862

    浏览量

    43114

原文标题:【项目案例】如何使用华为ensp模拟器设计实现企业网络?

文章出处:【微信号:网络工程师笔记,微信公众号:网络工程师笔记】欢迎添加关注!文章转载请注明出处。

收藏 人收藏

    评论

    相关推荐

    [下载]华为的路由模拟器3.0

    华为的路由模拟器3.0
    发表于 07-02 08:29

    玩转云企业网(上):为什么需要云企业网

    不需要额外配置,网络通过控制实现多节点,多级路由的自动转发与学习,实现全网的路由快速收敛。2) 低时延高速率云企业网提供低延迟,高速的
    发表于 06-05 18:12

    N2X企业网络最好的测试设备

    N2X 企业网络最好的测试设备
    发表于 09-10 08:18

    企业网络,什么是企业网络

    企业网络,什么是企业网络 企业网络(Enterprise Network)是允许通信和资源在一个公司内的所有商业功能和工人之间共享的网络。这些资
    发表于 03-22 11:08 4375次阅读

    eNSP模拟器的简要的操作详细资料说明

    本文档的主要内容详细介绍的是eNSP模拟器的简要的操作详细资料说明。
    发表于 12-12 08:00 6次下载
    <b class='flag-5'>eNSP</b><b class='flag-5'>模拟器</b>的简要的操作详细资料说明

    eNSP华为模拟器软件安装指南

    eNSP华为模拟器软件安装指南
    发表于 08-20 17:47 4次下载

    2分钟快速教你如何在华为模拟器ensp上进行抓包?

    2分钟快速教你如何在华为模拟器ensp上进行抓包?
    的头像 发表于 12-05 11:25 4333次阅读

    华为新版模拟器eNSP Lite安装攻略

    最近华为发布了新版模拟器eNSP Lite的产品手册,根据产品手册描述,新版模拟器eNSP Lite基于云端发布,所以安装和登录新版
    的头像 发表于 05-17 10:25 6965次阅读
    <b class='flag-5'>华为</b>新版<b class='flag-5'>模拟器</b><b class='flag-5'>eNSP</b> Lite安装攻略

    华为新版模拟器eNSP Lite

    同时eNSP Lite在保留旧版模拟器eNSP操作界面的基本功能的基础上,也增加了新的功能,比如tcpdump功能,这个功能可以替代wireshark,完成对报文的抓取和分析。根据手册整理,下面从登录、创建沙箱、设备基本操作三部
    的头像 发表于 05-19 14:58 5883次阅读
    <b class='flag-5'>华为</b>新版<b class='flag-5'>模拟器</b><b class='flag-5'>eNSP</b> Lite

    什么是eNSP华为网络仿真平台eNSP的使用方法

    Ensp(Enterprise Network Simulation Platform)是华为提供的一款网络仿真平台,主要用于学习、实践和测试企业网络场景。
    的头像 发表于 08-07 09:48 1.5w次阅读
    什么是<b class='flag-5'>eNSP</b>?<b class='flag-5'>华为</b><b class='flag-5'>网络</b>仿真平台<b class='flag-5'>eNSP</b>的使用方法

    华为eNSP模拟器安装教程

    华为eNSP模拟器安装教程
    的头像 发表于 08-11 10:57 2924次阅读
    <b class='flag-5'>华为</b><b class='flag-5'>eNSP</b><b class='flag-5'>模拟器</b>安装教程

    新版华为模拟器eNSP Pro的安装方法

    大家都期待了很久的eNSP Pro新玩法来了!
    的头像 发表于 08-22 09:53 3604次阅读
    新版<b class='flag-5'>华为</b><b class='flag-5'>模拟器</b><b class='flag-5'>eNSP</b> Pro的安装方法

    华为ensp模拟器vlan配置命令

    华为eNSP(Enterprise Network Simulation Platform)是华为公司开发的一款网络模拟器软件,可以
    的头像 发表于 12-08 14:04 3987次阅读

    如何配置华为eNSP模拟器设备路由的ssh登录

    本博文主要讲解了如何配置华为eNSP模拟器设备路由的ssh登录,以便自动化应用可以更好的控制管理相关网络设备。
    的头像 发表于 10-25 09:31 293次阅读
    如何配置<b class='flag-5'>华为</b><b class='flag-5'>eNSP</b><b class='flag-5'>模拟器</b>设备路由<b class='flag-5'>器</b>的ssh登录