作者：BSXY_19计科_陈永跃 BSXY_信息学院 注：未经允许禁止转发任何内容

基于eNSP的高校/企业无线WLAN网络规划设计_综合实验/大作业

前言及技术/资源下载说明（ **未经允许禁止转发任何内容** ）一、设计topo图与设计要求二、相应地址规划表三、基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)(可不看)四、该网络规划全过程（**顺着一步一步走**）1、eth-trunk2、vlan划分3、MSTP4、VRRP5、DHCP中继6、OSPF7、无线AC配置8、无线AC冗余9、防火墙双击热备10、安全策略&NAT策略11、ISIS配置12、ACL策略 五、公众/名片所在地

前言及技术/资源下载说明（ 未经允许禁止转发任何内容 ）

可根据以下所提供的设计与实现步骤过程一步一步自行实现（每一条命令都是关键的命令）；但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴**，如若拿到topo图可多display查看配置，查看相应的命令，配套资源获取如下，相应的内容如下图所示：

公众号(小猿网),回复“网络规划”即可资源为收费资源，如不符合您的消费观，还请您见谅(对应封面图及标题找到相应资源即可) 内容包含：基于eNSP的高校/企业无线WLAN网络规划设计-毕设或课设可参考一步步的所有配置命令(ensp)+所有的配置命令+详细的地址规划表+相应的测试文档和截图由于公众号可能目前没有太大的曝光度，搜索时可能不是置顶的公众号。这时可以多往下滑一下找到该公众号，或者直接到文章结尾处获取公众号二维码即可

模拟器中防火墙用户名：admin 密码：admin@123

topo图也就是这样子的，相应的地址规划和路由规划大部分都在图中明确的标注了

该topo网络中用到的技术有vlan划分、eth-trunk链路捆绑、MSPT、VRRP、OSPF、ISIS、DHCP中继、无线WLAN、无线AC冗余、漫游、防火墙安全策略、NAT、ACL、双机热备等。该实验非常适合于想做有关无线WLAN毕设的小伙伴或想要练习无线综合实验的小伙伴。如果是对于想写无线WLAN方面的论文也比较好写。且对于毕设课设的小伙伴可以进行参考，进行自己的规划与设计。场景适用于毕业设计、校园网络规划、企业网络规划等场合，有什么问题可以在平台私信博主，博主看到都会第一时间回复的，最后说明该topo规划最后的作者权归于：BSXY_信息学院_19计科_陈永跃

一、设计topo图与设计要求

拓扑图1：

设计要求：

完成服务器、防火墙、路由器相应的接口地址的配置核心交换机配置Eth-Trunk链路捆绑来提高链路的冗余根据不同的地域划分多个不同的vlan,减小广播域大小，提高网络的可靠性和安全性配置MSTP+VRRP,同时实现冗余，划分实例，让不同的vlan优先选择相应的交换机，并减少stp震荡内网内运行OSPF路由所有的AP和无线用户都能自动获取地址，且通过DHCP server分配配置相应的安全策略并使得内网能访问外网出口使用两台防火墙，且两台防火墙做双机热备防火墙双机热备使用两个心跳线并做链路捆绑提高网络的可靠性外网区域运行ISIS路由A B学院AP优先加入AC1,AC2作为备份；C D学院AP优先加入AC2，AC1作为备份，保证一个AP可由两个AC进行管理提高网络的可靠性无线用户可以实现一个区域到另一个区域间的无线漫游除vlan21用户外其余无线用户可以访问外网且可通过域名上网配置ACL实现处于vlan21的用户不可以访问外网路由从FW1出来的优先走YD_R1，DX_R2作为备份；路由从FW2出来的优先走DX_R2，YD_R1作为备份

二、相应地址规划表

地址规划表上传的时候有点模糊，这里没有做图片的一下优化处理，但是Excel里面的是可以编辑的或是可以更改的，像下图就比较清晰

三、基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)(可不看)

插曲部分：基于eNSP的IPv4加IPv6的企业/校园网络规划设计(综合实验/大作业)) 如下图所示（但是并不在该篇文章中做详细介绍和说明，如查看可点击连接自行查看阅读）：

设计要求：

完成服务器、防火墙、路由器相应的接口地址的配置慧源楼配置Eth-Trunk链路捆绑来提高链路的冗余根据不同的地域划分多个不同的vlan,减小广播域大小，提高网络的可靠性和安全性在明诚楼配置MSTP+VRRP,同时实现冗余，划分实例，让不同的vlan优先选择相应的交换机，并减少stp震荡明诚楼、慧源楼、德润楼的所有用户通过配置相应的DHCP中继能自动获取地址，且DHCP服务器为DHCPserver配置相应的ospf，多区域区域0中OSPF激活MD5认证,SW1/SW2采用接口方式配置区域0内的设备启用BFD快速检测链路故障分校区用户也需要要自动获取地址，相应服务器为AR4，AR4配置相应的子接口为相应终端分配地址配置端口安全,且接口能够自动学习MAC地址配置端口隔离实现PC6,PC7同VLAN内不能互访分校区/分部的无线用的地址和AP的地址都由SW8来分配FW2作为PPPoE客户端,AR5作为PPPoE服务端，进行相应的拨号上网R1,R2,R3部署ISIS Level-2,区域ID 49.0000部署MPLS VPN,其中R1,R3作为PE设备，R2作为路由放射器FW1,FW2作为CE端与PE端建立eBGP邻居关系运营商AS 100,总部/主校区在65430，分支都在AS65000FW1,FW2之间部署IPSec VPN 实现总部/主校区与分支之间通信其中总部和分支之间通信优先使用MPLS VPN若MPLS VPN故障使用IPSec VPN实现通信若FW1中NQA检测10.1.5.5不可达则停止下发缺省到内网NAT配置总部/主校区用户方位外网用地址池10.1.22.100~10.1.22.110分支用户访问外网采用EASY-IP实现外网用户访问内网WEB服务——用100.100.100.100来做相应的地址映射财务部服务器只能由内网的vlan 10用户访问配置DHCP Snooping防止DHCP欺骗与非法dhcp服务器的接入内部的所有交换机都可以被telnet进行远程管理主校区/总部用户可以通过域名(www.baidu.com)访问外网百度，无线用户也可以ipv6中对于AS100内互联地址采用link-local地址R1,R2,R3的lo0地址2001:10:1:X::X/128激活ISISv6,并保障v4与v6的拓扑分离SW1 SW2新增Lo0接口地址为2001:192:168:X::X/128FW1,SW1,SW2部署OSPFv3区域0,其中互联地址采用Link-local地址分支FW2与AR4部署OSPFv3,互联地址采用link-local地址FW1,FW2利用MPLS VPN网络建立6to4隧道对于6to4隧道基础上部署BGP4+，实现总部与分支的IPv6互通

四、该网络规划全过程（顺着一步一步走）

1、eth-trunk

HX_SW1:sysun in ensysname HX_SW1int eth-trunk 1mode lacp-statictrunkport g0/0/24trunkport g0/0/23qui---------------------------HX_SW2:sysun in ensysname HX_SW2int eth-trunk 1mode lacp-statictrunkport g0/0/24trunkport g0/0/23qui

2、vlan划分

HJ_SW3:sysun in ensysname HJ_SW3vlan batch 10 11 20 21int g0/0/1port link-type trunkport trunk allow-pass vlan 10 11 20 21int g0/0/2port link-type trunkport trunk allow-pass vlan 10 11 20 21int g0/0/3port link-type trunkport trunk pvid vlan 10port trunk allow-pass vlan 10 11int g0/0/4port link-type trunkport trunk pvid vlan 20port trunk allow-pass vlan 20 21qui---------------------------HJ_SW4:sysun in ensysname HJ_SW4vlan batch 30 31 40 41int g0/0/1port link-type trunkport trunk allow-pass vlan 30 31 40 41int g0/0/2port link-type trunkport trunk allow-pass vlan 30 31 40 41int g0/0/3port link-type trunkport trunk pvid vlan 30port trunk allow-pass vlan 30 31int g0/0/4port link-type trunkport trunk pvid vlan 40port trunk allow-pass vlan 40 41qui---------------------------HJ_SW5:sysun in ensysname HJ_SW5vlan batch 50 51 60 61int g0/0/1port link-type trunkport trunk allow-pass vlan 50 51 60 61int g0/0/2port link-type trunkport trunk allow-pass vlan 50 51 60 61int g0/0/3port link-type trunkport trunk pvid vlan 50port trunk allow-pass vlan 50 51int g0/0/4port link-type trunkport trunk pvid vlan 60port trunk allow-pass vlan 60 61qui---------------------------JR_SW6:sysun in ensysname JR_SW6vlan batch 200p g g0/0/1 g0/0/2port link-type trunkport trunk allow-pass vlan 200quip g g0/0/3 g0/0/4port link accport default vlan 200qui---------------------------HX_SW1:vlan batch 10 11 20 21 30 31 40 41 50 51vlan batch 60 61 200 6 8int g0/0/1port link accport default vlan 8quip g g0/0/2 to g0/0/6port link-type trunkport trunk all vlan allquiint eth 1port link trunkport trunk all vlan allqui---------------------------HX_SW2:vlan batch 10 11 20 21 30 31 40 41 50 51vlan batch 60 61 200 7 9int g0/0/1port link accport default vlan 9quip g g0/0/2 to g0/0/6port link trunkport trunk all vlan allquiint eth 1port link trunkport trunk all vlan allqui

3、MSTP

HX_SW1:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquistp instance 1 root primarystp instance 2 root secondaryp g g0/0/3 to g0/0/6 eth 1stp edged-port disablequistp edged-port default---------------------------HX_SW2:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquistp instance 2 root primarystp instance 1 root secondaryp g g0/0/3 to g0/0/6 eth 1stp edged-port disablequistp edged-port default---------------------------HJ_SW3:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquip g g0/0/1 g0/0/2stp edged-port disablestp loop-protectionquistp edged-port default---------------------------HJ_SW4:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquip g g0/0/1 g0/0/2stp edged-port disablestp loop-protectionquistp edged-port default---------------------------HJ_SW5:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquip g g0/0/1 g0/0/2stp edged-port disablestp loop-protectionquistp edged-port default---------------------------JR_SW6:stp region-configurationregion-name MSTrevision-level 1instance 1 vlan 10 11 20 21 30 31 200instance 2 vlan 40 41 50 51 60 61active region-configurationquip g g0/0/1 g0/0/2stp edged-port disablestp loop-protectionquistp edged-port default

4、VRRP

HX_SW1:int vlan 6ip add 192.168.6.6 24int vlan 8ip add 192.168.8.8 24int vlan 10ip add 192.168.10.254 24vrrp vrid 10 virtual-ip 192.168.10.1vrrp vrid 10 priority 101vrrp vrid 10 track int g0/0/1int vlan 11ip add 192.168.11.254 24vrrp vrid 11 virtual-ip 192.168.11.1vrrp vrid 11 priority 101vrrp vrid 11 track int g0/0/1int vlan 20ip add 192.168.20.254 24vrrp vrid 20 virtual-ip 192.168.20.1vrrp vrid 20 priority 101vrrp vrid 20 track int g0/0/1int vlan 21ip add 192.168.21.254 24vrrp vrid 21 virtual-ip 192.168.21.1vrrp vrid 21 priority 101vrrp vrid 21 track int g0/0/1int vlan 30ip add 192.168.30.254 24vrrp vrid 30 virtual-ip 192.168.30.1vrrp vrid 30 priority 101vrrp vrid 30 track int g0/0/1int vlan 31ip add 192.168.31.254 24vrrp vrid 31 virtual-ip 192.168.31.1vrrp vrid 31 priority 101vrrp vrid 31 track int g0/0/1int vlan 200ip add 192.168.200.254 24vrrp vrid 200 virtual-ip 192.168.200.1vrrp vrid 200 priority 101vrrp vrid 200 track int g0/0/1int vlan 40ip add 192.168.40.254 24vrrp vrid 40 virtual-ip 192.168.40.1int vlan 41ip add 192.168.41.254 24vrrp vrid 41 virtual-ip 192.168.41.1int vlan 50ip add 192.168.50.254 24vrrp vrid 50 virtual-ip 192.168.50.1int vlan 51ip add 192.168.51.254 24vrrp vrid 51 virtual-ip 192.168.51.1int vlan 60ip add 192.168.60.254 24vrrp vrid 60 virtual-ip 192.168.60.1int vlan 61ip add 192.168.61.254 24vrrp vrid 61 virtual-ip 192.168.61.1qui---------------------------HX_SW2:int vlan 7ip add 192.168.7.7 24int vlan 9ip add 192.168.9.9 24int vlan 10ip add 192.168.10.253 24vrrp vrid 10 virtual-ip 192.168.10.1int vlan 11ip add 192.168.11.253 24vrrp vrid 11 virtual-ip 192.168.11.1int vlan 20ip add 192.168.20.253 24vrrp vrid 20 virtual-ip 192.168.20.1int vlan 21ip add 192.168.21.253 24vrrp vrid 21 virtual-ip 192.168.21.1int vlan 30ip add 192.168.30.253 24vrrp vrid 30 virtual-ip 192.168.30.1int vlan 31ip add 192.168.31.253 24vrrp vrid 31 virtual-ip 192.168.31.1int vlan 200ip add 192.168.200.253 24vrrp vrid 200 virtual-ip 192.168.200.1int vlan 40ip add 192.168.40.253 24vrrp vrid 40 virtual-ip 192.168.40.1vrrp vrid 40 priority 101vrrp vrid 40 track int g0/0/1int vlan 41ip add 192.168.41.253 24vrrp vrid 41 virtual-ip 192.168.41.1vrrp vrid 41 priority 101vrrp vrid 41 track int g0/0/1int vlan 50ip add 192.168.50.253 24vrrp vrid 50 virtual-ip 192.168.50.1vrrp vrid 50 priority 101vrrp vrid 50 track int g0/0/1int vlan 51ip add 192.168.51.253 24vrrp vrid 51 virtual-ip 192.168.51.1vrrp vrid 51 priority 101vrrp vrid 51 track int g0/0/1int vlan 60ip add 192.168.60.253 24vrrp vrid 60 virtual-ip 192.168.60.1vrrp vrid 60 priority 101vrrp vrid 60 track int g0/0/1int vlan 61ip add 192.168.61.253 24vrrp vrid 61 virtual-ip 192.168.61.1vrrp vrid 61 priority 101vrrp vrid 61 track int g0/0/1qui

5、DHCP中继

HX_SW1:dhcp enableint vlan 10dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 11dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 20dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 21dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 30dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 31dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 40dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 41dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 50dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 51dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 60dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 61dhcp select relaydhcp relay server-ip 192.168.200.3---------------------------HX_SW2:dhcp enableint vlan 10dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 11dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 20dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 21dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 30dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 31dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 40dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 41dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 50dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 51dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 60dhcp select relaydhcp relay server-ip 192.168.200.3int vlan 61dhcp select relaydhcp relay server-ip 192.168.200.3---------------------------DHCP:sysun in ensysname DHCPdhcp enable int g0/0/0ip add 192.168.200.3 24dhcp select globalquiip pool vlan10gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 excluded-ip-address 192.168.10.129 192.168.10.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan11gateway-list 192.168.11.1network 192.168.11.0 mask 24excluded-ip-address 192.168.11.250 192.168.11.254dns-list 192.168.200.2lease unlimitedquiip pool vlan20gateway-list 192.168.20.1 network 192.168.20.0 mask 255.255.255.0 excluded-ip-address 192.168.20.129 192.168.20.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan21gateway-list 192.168.21.1network 192.168.21.0 mask 24excluded-ip-address 192.168.21.250 192.168.21.254dns-list 192.168.200.2lease unlimitedquiip pool vlan30gateway-list 192.168.30.1 network 192.168.30.0 mask 255.255.255.0 excluded-ip-address 192.168.30.129 192.168.30.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan31gateway-list 192.168.31.1network 192.168.31.0 mask 24excluded-ip-address 192.168.31.250 192.168.31.254dns-list 192.168.200.2lease unlimitedquiip pool vlan40gateway-list 192.168.40.1 network 192.168.40.0 mask 255.255.255.0 excluded-ip-address 192.168.40.129 192.168.40.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan41gateway-list 192.168.41.1network 192.168.41.0 mask 24excluded-ip-address 192.168.41.250 192.168.41.254dns-list 192.168.200.2lease unlimitedquiip pool vlan50gateway-list 192.168.50.1 network 192.168.50.0 mask 255.255.255.0 excluded-ip-address 192.168.50.129 192.168.50.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan51gateway-list 192.168.51.1network 192.168.51.0 mask 24excluded-ip-address 192.168.51.250 192.168.51.254dns-list 192.168.200.2lease unlimitedquiip pool vlan60gateway-list 192.168.60.1 network 192.168.60.0 mask 255.255.255.0 excluded-ip-address 192.168.60.129 192.168.60.254 lease unlimitedoption 43 sub-option 3 ascii 192.168.6.10,192.168.7.10quiip pool vlan61gateway-list 192.168.61.1network 192.168.61.0 mask 24excluded-ip-address 192.168.61.250 192.168.61.254dns-list 192.168.200.2lease unlimitedquiip route-static 0.0.0.0 0 192.168.200.1

6、OSPF

HX_SW1:ospfarea 0network 192.168.10.0 0.0.0.255network 192.168.11.0 0.0.0.255network 192.168.20.0 0.0.0.255network 192.168.21.0 0.0.0.255network 192.168.30.0 0.0.0.255network 192.168.31.0 0.0.0.255network 192.168.40.0 0.0.0.255network 192.168.41.0 0.0.0.255network 192.168.50.0 0.0.0.255network 192.168.51.0 0.0.0.255network 192.168.60.0 0.0.0.255network 192.168.61.0 0.0.0.255network 192.168.6.0 0.0.0.255network 192.168.8.0 0.0.0.255network 192.168.200.0 0.0.0.255quisilent-interface allundo silent-interface Vlanif200undo silent-interface Vlanif8qui---------------------------HX_SW2:ospfarea 0network 192.168.10.0 0.0.0.255network 192.168.11.0 0.0.0.255network 192.168.20.0 0.0.0.255network 192.168.21.0 0.0.0.255network 192.168.30.0 0.0.0.255network 192.168.31.0 0.0.0.255network 192.168.40.0 0.0.0.255network 192.168.41.0 0.0.0.255network 192.168.50.0 0.0.0.255network 192.168.51.0 0.0.0.255network 192.168.60.0 0.0.0.255network 192.168.61.0 0.0.0.255network 192.168.7.0 0.0.0.255network 192.168.9.0 0.0.0.255network 192.168.200.0 0.0.0.255quisilent-interface allundo silent-interface Vlanif200undo silent-interface Vlanif9qui

7、无线AC配置

AC1:sysun in ensysname AC1vlan 6int vlan 6ip add 192.168.6.10 24quiint g0/0/1port link-type trunkport trunk allow-pass vlan allquiip route-static 0.0.0.0 0.0.0.0 192.168.6.6capwap source interface vlanif6wlanssid-profile name SSID_PROssid huaweiquisecurity-profile name SEC_PROsecurity wpa2 psk pass-phrase huawei@123 aesquiap-system-profile name AP1_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP2_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP3_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP4_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quiap-system-profile name AP5_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quiap-system-profile name AP6_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quivap-profile name VAP1_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 11quivap-profile name VAP2_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 21quivap-profile name VAP3_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 31quivap-profile name VAP4_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 41quivap-profile name VAP5_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 51quivap-profile name VAP6_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 61quiap-id 1 ap-mac 00E0-FC28-4B20ap-id 2 ap-mac 00E0-FC52-0D10ap-id 3 ap-mac 00E0-FC44-0F80ap-id 4 ap-mac 00E0-FC38-47E0ap-id 5 ap-mac 00E0-FC4F-2870ap-id 6 ap-mac 00E0-FCAD-3F60quiap-id 1ap-name AREA_1ap-system-profile AP1_PROvap-profile VAP1_PRO wlan 1 radio 0vap-profile VAP1_PRO wlan 1 radio 1quiap-id 2ap-name AREA_2ap-system-profile AP2_PROvap-profile VAP2_PRO wlan 1 radio 0vap-profile VAP2_PRO wlan 1 radio 1quiap-id 3ap-name AREA_3ap-system-profile AP3_PROvap-profile VAP3_PRO wlan 1 radio 0vap-profile VAP3_PRO wlan 1 radio 1quiap-id 4ap-name AREA_4ap-system-profile AP4_PROvap-profile VAP4_PRO wlan 1 radio 0vap-profile VAP4_PRO wlan 1 radio 1quiap-id 5ap-name AREA_5ap-system-profile AP5_PROvap-profile VAP5_PRO wlan 1 radio 0vap-profile VAP5_PRO wlan 1 radio 1quiap-id 6ap-name AREA_6ap-system-profile AP6_PROvap-profile VAP6_PRO wlan 1 radio 0vap-profile VAP6_PRO wlan 1 radio 1----------------------------------AC2:sysun in ensysname AC2vlan 7int vlan 7ip add 192.168.7.10 24quiint g0/0/1port link-type trunkport trunk allow-pass vlan allquiip route-static 0.0.0.0 0.0.0.0 192.168.7.7capwap source interface vlanif7wlanssid-profile name SSID_PROssid huaweiquisecurity-profile name SEC_PROsecurity wpa2 psk pass-phrase huawei@123 aesquiap-system-profile name AP1_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP2_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP3_PROprimary-access ip-address 192.168.6.10backup-access ip-address 192.168.7.10quiap-system-profile name AP4_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quiap-system-profile name AP5_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quiap-system-profile name AP6_PROprimary-access ip-address 192.168.7.10backup-access ip-address 192.168.6.10quivap-profile name VAP1_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 11quivap-profile name VAP2_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 21quivap-profile name VAP3_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 31quivap-profile name VAP4_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 41quivap-profile name VAP5_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 51quivap-profile name VAP6_PROssid-profile SSID_PROsecurity-profile SEC_PROservice-vlan vlan-id 61quiap-id 1 ap-mac 00E0-FC28-4B20ap-id 2 ap-mac 00E0-FC52-0D10ap-id 3 ap-mac 00E0-FC44-0F80ap-id 4 ap-mac 00E0-FC38-47E0ap-id 5 ap-mac 00E0-FC4F-2870ap-id 6 ap-mac 00E0-FCAD-3F60quiap-id 1ap-name AREA_1ap-system-profile AP1_PROvap-profile VAP1_PRO wlan 1 radio 0vap-profile VAP1_PRO wlan 1 radio 1quiap-id 2ap-name AREA_2ap-system-profile AP2_PROvap-profile VAP2_PRO wlan 1 radio 0vap-profile VAP2_PRO wlan 1 radio 1quiap-id 3ap-name AREA_3ap-system-profile AP3_PROvap-profile VAP3_PRO wlan 1 radio 0vap-profile VAP3_PRO wlan 1 radio 1quiap-id 4ap-name AREA_4ap-system-profile AP4_PROvap-profile VAP4_PRO wlan 1 radio 0vap-profile VAP4_PRO wlan 1 radio 1quiap-id 5ap-name AREA_5ap-system-profile AP5_PROvap-profile VAP5_PRO wlan 1 radio 0vap-profile VAP5_PRO wlan 1 radio 1quiap-id 6ap-name AREA_6ap-system-profile AP6_PROvap-profile VAP6_PRO wlan 1 radio 0vap-profile VAP6_PRO wlan 1 radio 1----------------------------------重启一下AP

8、无线AC冗余

这一部分要不我就先不放在文章中，配置的设备只有AC1和AC2，配置AC1和AC2实现冗余即可

9、防火墙双击热备

这一部分要不我就先不放在文章中，配置的设备只有FW1和FW2，配置FW1和FW2的IP地址和运行相应的ospf和双机热备这一部分在文章中省了，但是如果是自己确实是小白没法自己配置出来那可能就没有办法了，下载资源的话需要收取一些费用，那里的order命令是没有省略的一条一条一步一步的命令都是有的，也都是全的。

10、安全策略&NAT策略

FW1:(只需在FW1上配置即可)security-policyrule name local_to_anysource-zone localaction permitrule name in_to_outsource-zone trustdestination-zone untrustsource-address 192.168.0.0 mask 255.255.0.0action permitquiquinat-policyrule name in_to_outsource-zone trustdestination-zone untrustsource-address 192.168.0.0 mask 255.255.0.0action source-nat easy-ipquiqui

11、ISIS配置

YD_R1:sysun in ensysname R1isisnet 49.0000.0000.0001.00is-level level-2cost-style widequiint g0/0/1ip add 100.1.1.1 24isis enint g0/0/2ip add 200.1.2.1 24isis enint g0/0/0ip add 100.1.13.1 24isis enint loo0ip add 1.1.1.1 32isis enquiDX_R2:sysun in ensysname R2isisnet 49.0000.0000.0002.00is-level level-2cost-style widequiint g0/0/1ip add 100.1.11.2 24isis enint g0/0/2ip add 200.1.22.2 24isis enint g0/0/0ip add 200.1.23.2 24isis enint loo0ip add 2.2.2.2 32isis enquiAR3:sysun in ensysname AR3isisnet 49.0000.0000.0003.00is-level level-2cost-style widequiint g0/0/1ip add 100.1.13.3 24isis enint g0/0/2ip add 200.1.23.3 24isis enint g0/0/0ip add 111.111.111.3 24isis enint loo0ip add 3.3.3.3 32isis enqui

12、ACL策略

HX_SW1:acl number 3001rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255rule 10 deny ip source 192.168.21.0 0.0.0.255quiint g0/0/1traffic-filter outbound acl 3001qui--------------------------------------HX_SW2:acl number 3001rule 5 permit ip source 192.168.21.0 0.0.0.255 destination 192.168.0.0 0.0.255.255rule 10 deny ip source 192.168.21.0 0.0.0.255quiint g0/0/1traffic-filter outbound acl 3001qui

五、公众/名片所在地

关注公众号（小猿网），回复“网络规划”即可。

资源为收费资源，如不符合您的消费观，还请您见谅。