股票k线模拟器(股票k线形态图解大全)

jijinwang


整体规划

采用三层网络结构,核心、汇聚三层互联,堆叠采用40G网络,汇聚10G,接入1G,网关下放到汇聚,交换机采用独立管理VLAN,模拟某工厂真实网络情况。

功能实现

1、核心、汇聚堆叠,动态端口聚合
2、配置DHCP服务器为多个VLAN服务
3、静态路由与OSPF配置
4、外网NAT访问实现
5、接入交换机telnet、管理IP实现
6、SNMP网管服务部署
7、监控摄像头隔离
8、DHCP仿冒防御
9、端口隔离


配置详情

1、设置固定IP,配置主机名
如图片所示

2、核心堆叠,采用40G口堆叠
核心1

<hexin1>sys\nSystem View: return to User View with Ctrl+Z.\n[hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54\n[hexin1-if-range]shu\n[hexin1-if-range]quit\n[hexin1]irf member 1 priority 32\n[hexin1]irf-port 1/1\n[hexin1-irf-port1/1]port group interface FortyGigE 1/0/53\n[hexin1-irf-port1/1]port group interface FortyGigE 1/0/54\n[hexin1-irf-port1/1]quit\n[hexin1]irf-port-configuration active\n[hexin1]int range FortyGigE 1/0/53 to FortyGigE 1/0/54\n[hexin1-if-range]un sh\n[hexin1-if-range]save

核心2

[hexin2]sys\n[hexin2]irf member 1 renumber 2\nRenumbering the member ID may result in configuration change or loss. Continue?[Y/N]:y\n[hexin2]quit\n<hexin2>reboot\n<hexin2>sys\nSystem View: return to User View with Ctrl+Z.\n[hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54\n[hexin2-if-range]shu\n[hexin2-if-range]quit\n[hexin2]irf member 2 priority 1\n[hexin2]irf-port 2/2\n[hexin2-irf-port2/2]port group interface FortyGigE 2/0/53\n[hexin2-irf-port2/2]port group interface FortyGigE 2/0/54\n[hexin2-irf-port2/2]qui\n[hexin2]irf-port-configuration active\n[hexin2]interface range FortyGigE 2/0/53 to FortyGigE 2/0/54\n[hexin2-if-range]un sh\n[hexin2-if-range]quit\n[hexin2]save

连接堆叠线后,机器自动重启,此时两台交换机终端都会显示为 hexin1

3、车间汇聚堆叠,采用40G口
步骤与核心相同,堆叠后两台终端都会显示为 chejianhuiju1

4、按图片为交换机配置IP和VLAN,三层采用路由模式,汇聚下联trunk,接入上联trunk,下联对应vlan
车间汇聚做端口聚合

[chejianhuiju1]vlan 1004\n[chejianhuiju1-vlan1004]int vlan 1004\n[chejianhuiju1-Vlan-interface1004]ip add 10.0.4.254 24\n[chejianhuiju1-Vlan-interface1004]quit\n[chejianhuiju1]int Bridge-Aggregation 1\n[chejianhuiju1-Bridge-Aggregation1]link-aggregation mode dynamic\n[chejianhuiju1-Bridge-Aggregation1]quit\n[chejianhuiju1]int g1/0/1\n[chejianhuiju1-GigabitEthernet1/0/1]port link-aggregation group 1\n[chejianhuiju1-GigabitEthernet1/0/1]int g2/0/1\n[chejianhuiju1-GigabitEthernet2/0/1]port link-aggregation group 1\n[chejianhuiju1-GigabitEthernet2/0/1]dis link-aggregation verbose\n GE1/0/1 0 32768 0 0x8000, 0000-0000-0000 {EF}\n GE2/0/1 0 32768 0 0x8000, 0000-0000-0000 {EF}\n[chejianhuiju1-GigabitEthernet2/0/1]vlan 1004\n[chejianhuiju1-vlan1004]port Bridge-Aggregation 1\n[chejianhuiju1]int Bridge-Aggregation 1\n[chejianhuiju1-Bridge-Aggregation1]port link-type trunk\n[chejianhuiju1-Bridge-Aggregation1]port trunk permit vlan all\n[chejianhuiju1-Bridge-Aggregation1]save

验证生产设备,ping 10.0.20.4 10.0.50.5 10.0.4.254 都通

5、配置OSPF,实现车间、办公、生产服务器、基础服务器互通

配置核心

<hexin1>sys\nSystem View: return to User View with Ctrl+Z.\n[hexin1]ospf\n[hexin1-ospf-1]area 0\n[hexin1-ospf-1-area-0.0.0.0]netwo\n[hexin1-ospf-1-area-0.0.0.0]network 10.0.70.0 0.0.0.255\n[hexin1-ospf-1-area-0.0.0.0]network 10.0.40.0 0.0.0.255\n[hexin1-ospf-1-area-0.0.0.0]network 10.0.60.0 0.0.0.255\n[hexin1-ospf-1-area-0.0.0.0]network 10.0.30.0 0.0.0.255\n[hexin1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255\n[hexin1-ospf-1-area-0.0.0.0]quit

配置车间汇聚

<chejianhuiju1>sys\nSystem View: return to User View with Ctrl+Z.\n[chejianhuiju1]ospf\n[chejianhuiju1-ospf-1]area 0\n[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.4.0 0.0.0.255\n[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255\n[chejianhuiju1-ospf-1-area-0.0.0.0]network 10.0.50.0 0.0.0.255\n[chejianhuiju1-ospf-1-area-0.0.0.0]quit

生产设备ping核心通,其他配置类似。

6、配置DHCP服务器
使用三层交换机搭建DHCP服务器,ping测试

[H3C]hostname dhcp\n[dhcp]int g1/0/1\n[dhcp-GigabitEthernet1/0/1]port link-mode route\n[dhcp-GigabitEthernet1/0/1]ip add 10.0.0.1 24\n[dhcp-GigabitEthernet1/0/1]save\n[dhcp-GigabitEthernet1/0/1]quit\n[dhcp]ip route-static 0.0.0.0 0 10.0.0.254\n[dhcp]ping 10.0.0.254\nPing 10.0.0.254 (10.0.0.254): 56 data bytes, press CTRL_C to break\n56 bytes from 10.0.0.254: icmp_seq=0 ttl=255 time=0.000 ms

创建DHCP池

[dhcp]dhcp enable\n\ndhcp server ip-pool bangong\n gateway-list 10.0.3.254\n network 10.0.3.0 mask 255.255.255.0\n address range 10.0.3.100 10.0.3.200\n dns-list 8.8.8.8\n expired day 3\n#\ndhcp server ip-pool wuxian\n gateway-list 10.0.2.254\n network 10.0.2.0 mask 255.255.255.0\n address range 10.0.2.150 10.0.2.200\n dns-list 114.114.114.114\n expired day 3\n#

沿途汇聚、核心都要开启DHCP中继,二层只要有对应VLAN并trunk即可。

[jichuhuiju]dhcp enable\n#\ninterface Vlan-interface1002\n dhcp select relay\n dhcp relay server-address 10.0.0.1\n#\ninterface Vlan-interface1003\n dhcp select relay\n dhcp relay server-address 10.0.0.1\n#\n

查看客户端IP,成功获取IP

[dhcp]display dhcp server ip-in-use\nIP address Client identifier/ Lease expiration Type\n Hardware address\n10.0.2.150 0038-6163-312e-3334- Jun 26 20:35:43 2021 Auto(C)\n 3266-2e31-3730-362d-\n 4745-302f-302f-31\n10.0.3.100 0038-6137-362e-3466- Jun 28 20:35:31 2021 Auto(C)\n 3864-2e31-3230-362d-\n 4745-302f-302f-31\n

7、配置专线,仅办公和无线可以访问
办公汇聚、无线汇聚、核心、专线静态路由

[wuxianhuiju] ip route-static 10.1.0.0 24 10.0.60.10\n[hexin1]ip route-static 10.1.0.0 24 10.0.90.18\n[zhuanxianwangguan]ip route-static 10.0.2.0 24 10.0.90.15

测试办公和无线都可以访问专线IP10.1.0.2

8、配置办公和无线能访问外网,但外网无法直接访问内网
办公汇聚、无线汇聚、核心默认路由,外网网关静态路由

[bangonghuiju]ip route-static 0.0.0.0 0 10.0.30.6\n[wuxianhuiju]ip route-static 0.0.0.0 0 10.0.60.10\n[hexin1]ip route-static 0.0.0.0 0 10.0.10.1\n\n[waibuwangguan]ip route-static 10.0.3.0 24 10.0.10.2\n[waibuwangguan]ip route-static 10.0.2.0 24 10.0.10.2

配置最简单NAT访问方式Easy IP

[waibuwangguan]acl basic 200\n[waibuwangguan-acl-ipv4-basic-2000]rule 0 permit source 10.0.2.0 0.0.0.255\n[waibuwangguan-acl-ipv4-basic-2000]acl basic 2001\n[waibuwangguan-acl-ipv4-basic-2001]rule 0 permit source 10.0.3.0 0.0.0.255\n[waibuwangguan-acl-ipv4-basic-2001]quit\n[waibuwangguan]int g0/0\n[waibuwangguan-GigabitEthernet0/0]nat outbound 2001\n[waibuwangguan-GigabitEthernet0/0]nat outbound 2000

办公和无线ping外网1.1.1.2通,外网ping内网不通

9、POE供电
受模拟器限制无法实现,实际在无线接入执行 poe enable 即可

10、办公人员通过telnet远程管理车间接入交换机
车间汇聚创建管理vlan2000

[chejianhuiju1]vlan 2000\n[chejianhuiju1-vlan2000]int vlan 2000\n[chejianhuiju1-Vlan-interface2000]ip add 192.168.1.254 24

车间接入创建管理vlan,开启telnet服务,设置默认路由

<chejianjieru>sys\nSystem View: return to User View with Ctrl+Z.\n[chejianjieru]vlan 2000\n[chejianjieru-vlan2000]int vlan 2000\n[chejianjieru-Vlan-interface2000]ip add 192.168.1.2 24\n[chejianjieru-Vlan-interface2000]quit\n[chejianjieru]user-interface vty 0 4\n[chejianjieru-line-vty0-4]authentication-mode scheme\n[chejianjieru-line-vty0-4]quit\n[chejianjieru]local-user admin\nNew local user added.\n[chejianjieru-luser-manage-admin]password simple 123456\n[chejianjieru-luser-manage-admin]authorization-attribute user-role level-15\n[chejianjieru-luser-manage-admin]service-type telnet\n[chejianjieru-luser-manage-admin]quit\n[chejianjieru]telnet server enable\n[chejianjieru]save\n[chejianjieru]ip route-static 0.0.0.0 0 192.168.1.254

核心添加静态路由

[hexin1]ip route-static 192.168.1.0 24 10.0.20.4

办公人员远程telnet

<bangonghuiju>telnet 192.168.1.2\nTrying 192.168.1.2 ...\nPress CTRL+K to abort\nConnected to 192.168.1.2 ...\n\n******************************************************************************\n* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*\n* Without the owner's prior written consent, *\n* no decompiling or reverse-engineering shall be allowed. *\n******************************************************************************\n\nlogin: admin\nPassword:\n<chejianjieru>

11、配置snmp网络管理协议
配置向10.0.0.1发送设备信息

snmp-agent\nsnmp-agent community write private\nsnmp-agent community read public\nsnmp-agent sys-info version all\nsnmp-agent target-host trap address udp-domain 10.0.0.1 params securityname public v2c

12、配置监控网络,办公和无线可以访问监控服务器,不可访问摄像头,摄像头仅与监控服务器互相访问
核心设置静态路由,监控汇聚设置默认路由

[hexin1]ip route-static 10.0.5.0 24 10.0.80.17\n[jiankonghuiju]ip route-static 0.0.0.0 0 10.0.80.16

在监控汇聚上联接口配置ACL规则,只允许访问10.0.5.1发出,其他禁止,从而达到只允许监控服务器被访问的目的

[jiankonghuiju]acl basic 2000\n[jiankonghuiju-acl-ipv4-basic-2000]rule 0 permit source 10.0.5.1 0\n[jiankonghuiju-acl-ipv4-basic-2000]rule 1 deny\n[jiankonghuiju-acl-ipv4-basic-2000]quit\n[jiankonghuiju]int Ten-GigabitEthernet1/0/49\n[jiankonghuiju-Ten-GigabitEthernet1/0/49]packet-filter 2000 outbound

测试办公可以ping通10.0.5.1,不能ping通10.0.5.2

13、配置DHCP snooping,防止仿冒攻击
全局开启dhcp snooping,上联端口启用dhcp信任

[bangongjieru]dhcp snooping enable\n[bangongjieru]interface GigabitEthernet1/0/2\n[bangongjieru]dhcp snooping trust

14、配置端口隔离,减少接入傻瓜交换机造成的网络风暴,防御ARP攻击

[H3C]port-isolate group 2\n[H3C]int g1/0/1\n[H3C-GigabitEthernet1/0/1]port-isolate enable group 2\n[H3C-GigabitEthernet1/0/1]int g1/0/2\n[H3C-GigabitEthernet1/0/2]port-isolate enable group 2\n[H3C-GigabitEthernet1/0/2]quit\n[H3C]dis port-isolate group 2\nPort isolation group information:\nGroup ID: 2\nGroup members:\nGigabitEthernet1/0/1 GigabitEthernet1/0/2

总结


相关阅读

  • 为什么只有博士才能申报基金(博士为什么要写基金)
  • 为什么基金收益那么高(为什么基金没有收益更新)
  • 独角兽基金怎么获得(6只独角兽基金最新净值)
  • 责令改正!又有券商因“代客炒股”处理不当,被罚了
  • 在美国炒外汇炒股(炒股炒外汇炒黄金哪个好)
  • 基金公司分红怎么办(基金中的股票分红了怎么办)
  • 基金底仓5000怎么加仓好(基金底仓怎么操作)
  • 怎么问基金借到钱(课题基金号怎么借)
  • 基金的月利息怎么算(大修基金利息怎么算?)
  • 初学者哪些炒股的书籍推荐(看风水初学者应该看哪些书籍)