1. 网络配置概述
Windows Server 2022提供了强大的网络管理功能,支持企业级网络环境部署。更多学习教程www.fgedu.net.cn
Name InterfaceDescription ifIndex Status MacAddress LinkSpeed
—- ——————– ——- —— ———- ———
Ethernet0 Intel(R) 82574L Gigabit Network Conn… 15 Up 00-11-22-33-44-55 1 Gbps
Ethernet1 Intel(R) 82574L Gigabit Network Conn… 16 Up 00-11-22-33-44-56 1 Gbps
PS C:\> Get-NetIPAddress -AddressFamily IPv4 | Format-Table
IPAddress InterfaceAlias AddressFamily Type PrefixLength
——— ————– ————- —- ————
192.168.1.10 Ethernet0 IPv4 Primary 24
127.0.0.1 Loopback Pseudo-Interface1 IPv4 Loopback 8
PS C:\> Get-NetRoute -AddressFamily IPv4 | Format-Table
DestinationPrefix NextHop RouteMetric ifIndex
—————– ——- ———– ——-
0.0.0.0/0 192.168.1.1 10 15
192.168.1.0/24 On-link 25 15
192.168.1.10/32 On-link 50 15
192.168.1.255/32 On-link 50 15
2. IP地址配置
IP地址配置是网络管理的基础,Windows Server支持静态和动态IP配置。学习交流加群风哥微信: itpux-com
IPAddress : 192.168.1.100
InterfaceAlias : Ethernet0
InterfaceIndex : 15
AddressFamily : IPv4
Type : Unicast
PrefixLength : 24
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Preferred
ValidLifetime : Infinite (Infinite)
PreferredLifetime : Infinite (Infinite)
SkipAsSource : False
PolicyStore : ActiveStore
PS C:\> Set-NetIPAddress -InterfaceAlias “Ethernet0” -IPAddress 192.168.1.100 -PrefixLength 24
PS C:\> Remove-NetIPAddress -InterfaceAlias “Ethernet0” -IPAddress 192.168.1.100 -Confirm:$false
PS C:\> Get-NetIPConfiguration
InterfaceAlias : Ethernet0
InterfaceIndex : 15
InterfaceDescription : Intel(R) 82574L Gigabit Network Connection
NetProfile.Name : fgedu.net.cn
IPv4Address : 192.168.1.10
IPv4DefaultGateway : 192.168.1.1
DNSServer : 192.168.1.2,192.168.1.3
PS C:\> Get-DnsClientServerAddress -InterfaceAlias “Ethernet0”
InterfaceAlias Interface Address ServerAddresses
Family
————– ——— ——- —————
Ethernet0 IPv4 {192.168.1.2, 192.168.1.3}
PS C:\> Set-DnsClient -InterfaceAlias “Ethernet0” -ConnectionSpecificSuffix “fgedu.net.cn”
PS C:\> Get-DnsClient | Format-Table
InterfaceAlias ConnectionSpecificSuffix
————– ————————
Ethernet0 fgedu.net.cn
Ethernet1 fgedu.net.cn
PS C:\> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . . : WIN-SERVER01
Primary Dns Suffix . . . . . . . . : fgedu.net.cn
Node Type . . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . . : No
WINS Proxy Enabled. . . . . . . . . : No
DNS Suffix Search List. . . . . . . : fgedu.net.cn
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : fgedu.net.cn
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . . : 00-11-22-33-44-55
DHCP Enabled. . . . . . . . . . . . : No
Autoconfiguration Enabled . . . . . : Yes
IPv4 Address. . . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . . : 192.168.1.2
192.168.1.3
NetBIOS over Tcpip. . . . . . . . . : Enabled
3. DNS服务器配置
DNS服务器是企业网络的核心服务,Windows Server提供完整的DNS解决方案。
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True No Success {DNS Server, DNS Server Tools}
PS C:\> Add-DnsServerPrimaryZone -Name “fgedu.net.cn” -ZoneFile “fgedu.net.cn.dns”
PS C:\> Get-DnsServerZone
ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned
——– ——– ————- ————– ——————- ——–
fgedu.net.cn Primary False False False False
1.168.192.in-addr.arpa Primary False False True False
PS C:\> Add-DnsServerResourceRecordA -Name “web01” -ZoneName “fgedu.net.cn” -IPv4Address “192.168.1.100”
PS C:\> Add-DnsServerResourceRecordA -Name “db01” -ZoneName “fgedu.net.cn” -IPv4Address “192.168.1.101”
PS C:\> Get-DnsServerResourceRecord -ZoneName “fgedu.net.cn”
HostName RecordType Timestamp TimeToLive RecordData
——– ———- ——— ———- ———-
@ NS 0 01:00:00 win-server01.fgedu.net.cn.
@ SOA 0 01:00:00 [ns1.fgedu.net.cn].[hostmaster.fgedu.net.cn]. [serial=1]…
db01 A 0 01:00:00 192.168.1.101
web01 A 0 01:00:00 192.168.1.100
PS C:\> Add-DnsServerResourceRecordMX -Name “.” -ZoneName “fgedu.net.cn” -MailExchange “mail.fgedu.net.cn” -Preference 10
PS C:\> Add-DnsServerResourceRecordPtr -Name “100” -ZoneName “1.168.192.in-addr.arpa” -PtrDomainName “web01.fgedu.net.cn”
PS C:\> Set-DnsServerForwarder -IPAddress “8.8.8.8”,”8.8.4.4″ -PassThru
IPAddress Timeout(s) Reordered UseRootHint
——— ———- ——— ———–
8.8.8.8 5 False True
8.8.4.4 5 False True
PS C:\> Test-DnsServer -IPAddress 192.168.1.2 -ZoneName “fgedu.net.cn”
TestResult InterfaceAddress
———- —————-
Passed 192.168.1.2
4. DHCP服务器配置
DHCP服务器自动分配IP地址,简化网络管理。学习交流加群风哥QQ113257174
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True No Success {DHCP Server, DHCP Server Tools}
PS C:\> Add-DhcpServerSecurityGroup
PS C:\> Add-DhcpServerInDC -DnsName “dhcp.fgedu.net.cn” -IPAddress “192.168.1.2”
PS C:\> Add-DhcpServerv4Scope -Name “FGedu Production” -StartRange 192.168.1.100 -EndRange 192.168.1.200 -SubnetMask 255.255.255.0 -State Active
PS C:\> Get-DhcpServerv4Scope
ScopeId SubnetMask Name State StartRange EndRange LeaseDuration
——- ———- —- —– ———- ——– ————-
192.168.1.0 255.255.255.0 FGedu Production Active 192.168.1.100 192.168.1.200 8.00:00:00
PS C:\> Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -Router 192.168.1.1
PS C:\> Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -DnsServer 192.168.1.2,192.168.1.3
PS C:\> Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -DnsDomain “fgedu.net.cn”
OptionId Name Type Value VendorClass UserClass
——– —- —- —– ———– ———
3 Router IPv4Add… {192.168.1.1}
6 DNS Servers IPv4Add… {192.168.1.2, 192.168.1.3}
15 DNS Domain Name String {fgedu.net.cn}
PS C:\> Add-DhcpServerv4Reservation -ScopeId 192.168.1.0 -IPAddress 192.168.1.150 -ClientId “00-11-22-33-44-55” -Description “Web Server 01”
PS C:\> Get-DhcpServerv4Reservation -ScopeId 192.168.1.0
IPAddress ScopeId ClientId Name Type Description
——— ——- ——– —- —- ———–
192.168.1.150 192.168.1.0 00-11-22-33-44-55 Web Server 01 Reservation
PS C:\> Get-DhcpServerv4Lease -ScopeId 192.168.1.0
IPAddress ScopeId ClientId HostName AddressState LeaseExpiryTime
——— ——- ——– ——— ———— —————
192.168.1.100 192.168.1.0 00-11-22-33-44-aa PC-001 Active 2026/4/4 10:00:00
192.168.1.101 192.168.1.0 00-11-22-33-44-bb PC-002 Active 2026/4/4 10:05:00
5. Windows防火墙配置
Windows防火墙是系统安全的重要组成部分,需要正确配置规则。更多学习教程公众号风哥教程itpux_com
Name : Domain
Enabled : True
DefaultInboundAction : Block
DefaultOutboundAction : Allow
AllowInboundRules : True
AllowLocalFirewallRules : True
AllowLocalIPsecRules : True
AllowUserApps : True
AllowUserPorts : True
AllowUnicastResponseToMulticast : True
NotifyOnListen : True
Name : Private
Enabled : True
DefaultInboundAction : Block
DefaultOutboundAction : Allow
Name : Public
Enabled : True
DefaultInboundAction : Block
DefaultOutboundAction : Allow
PS C:\> Get-NetFirewallRule | Where-Object {$_.Enabled -eq “True”} | Select-Object DisplayName, Direction, Action | Format-Table
DisplayName Direction Action
———– ——— ——
Network Discovery Inbound Allow
File and Printer Sharing (Echo Request – ICMPv4-In) Inbound Allow
Core Networking – Destination Unreachable (ICMPv4-In) Inbound Allow
Name : {abc123-def456-ghi789}
DisplayName : Allow HTTP
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store.
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
PS C:\> New-NetFirewallRule -DisplayName “Allow HTTPS” -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
PS C:\> New-NetFirewallRule -DisplayName “Allow RDP” -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Allow -RemoteAddress 192.168.1.0/24
PS C:\> Enable-NetFirewallRule -DisplayName “Allow HTTP”
PS C:\> Disable-NetFirewallRule -DisplayName “Allow HTTP”
PS C:\> Remove-NetFirewallRule -DisplayName “Allow HTTP”
Ok.
PS C:\> netsh advfirewall firewall show rule name=”Allow SQL Server”
Rule Name: Allow SQL Server
———————————————————————-
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 1433
RemotePort: Any
Edge traversal: No
Action: Allow
PS C:\> netsh advfirewall set allprofiles state on
Ok.
PS C:\> netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
Ok.
6. VPN配置管理
VPN提供安全的远程访问能力,是企业网络的重要组成部分。
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True No Success {Remote Access, Remote Access Tools}
PS C:\> Install-RemoteAccess -VpnType VPN
PS C:\> Get-RemoteAccess
Status : Installed
VpnStatus : Enabled
VpnS2SStatus : Disabled
VpnStatusRA : Enabled
RoutingStatus : Disabled
DialInStatus : Disabled
IPAddressRange : {192.168.10.1 – 192.168.10.100}
IPv6Prefix :
AuthenticationMethod : {Windows, Radius}
RadiusServerList :
PS C:\> Add-VpnIPAddressRange -IPAddressRange “192.168.10.101”,”192.168.10.200″
PS C:\> Set-VpnAuthProtocol -UserAuthProtocolAccepted Certificate, MSCHAPv2
PS C:\> Get-VpnAuthProtocol
UserAuthProtocolAccepted : {Certificate, MSCHAPv2}
TunnelAuthProtocol : {Certificates, PreSharedKey}
RootCertificateName :
CertificateAdvertised :
PS C:\> Get-VpnS2SInterface
Name Destination Protocol AuthenticationMethod AdminStatus
—- ———– ——– ——————– ———–
BranchOffice 203.0.113.10 IKEv2 PSKOnly True
PS C:\> Connect-VpnS2SInterface -Name “BranchOffice”
PS C:\> Get-VpnS2SInterfaceStatistics -Name “BranchOffice”
Name : BranchOffice
BytesTransmitted : 12345678
BytesReceived : 87654321
FramesTransmitted : 123456
FramesReceived : 98765
CrcErrors : 0
TimeoutErrors : 0
7. 网络负载均衡配置
网络负载均衡(NLB)提供高可用性和可扩展性。author:www.itpux.com
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True No Success {Network Load Balancing, Network Load Balancing Tools}
PS C:\> New-NlbCluster -InterfaceName “Ethernet0” -ClusterName “fgedu-web-cluster” -ClusterPrimaryIP 192.168.1.200 -SubnetMask 255.255.255.0 -OperationMode Multicast
ClusterName : fgedu-web-cluster
ClusterIPAddress : 192.168.1.200
ClusterMACAddress : 02-BF-C0-A8-01-C8
OperationMode : Multicast
ClusterStatus : Converged
PS C:\> Get-NlbCluster
ClusterName : fgedu-web-cluster
ClusterIPAddress : 192.168.1.200
ClusterMACAddress : 02-BF-C0-A8-01-C8
OperationMode : Multicast
ClusterStatus : Converged
PS C:\> Get-NlbClusterNode
Name State HostPriority
—- —– ————
WIN-SERVER01 Converged 1
WIN-SERVER02 Converged 2
VirtualIPAddress Scope Port Start Port End Protocol Mode LoadWeight Affinity Timeout
—————- —– ————- ——- ——– —- ———- ——– ——-
All All 0 65535 Both Multiple 50 None 0
PS C:\> Add-NlbClusterPortRule -Protocol TCP -StartPort 80 -EndPort 80 -Mode Multiple -Affinity None
PS C:\> Add-NlbClusterPortRule -Protocol TCP -StartPort 443 -EndPort 443 -Mode Multiple -Affinity None
PS C:\> Get-NlbClusterPortRule
VirtualIPAddress Scope Port Start Port End Protocol Mode LoadWeight Affinity Timeout
—————- —– ————- ——- ——– —- ———- ——– ——-
All All 0 79 Both Disabled 0 None 0
All All 80 80 TCP Multiple 50 None 0
All All 81 442 Both Disabled 0 None 0
All All 443 443 TCP Multiple 50 None 0
All All 444 65535 Both Disabled 0 None 0
PS C:\> Add-NlbClusterNode -InterfaceName “Ethernet0” -NewNodeName “WIN-SERVER03” -NewNodeIPAddress 192.168.1.13
8. 网络监控与诊断
网络监控和诊断工具帮助发现和解决网络问题。
ComputerName : 192.168.1.1
RemoteAddress : 192.168.1.1
RemotePort : 80
InterfaceAlias : Ethernet0
SourceAddress : 192.168.1.10
TcpTestSucceeded : True
PS C:\> Test-NetConnection -ComputerName www.fgedu.net.cn -TraceRoute
ComputerName : www.fgedu.net.cn
RemoteAddress : 192.168.1.100
InterfaceAlias : Ethernet0
SourceAddress : 192.168.1.10
PingSucceeded : True
PingReplyDetails (RTT) : 1 ms
TraceRoute : 192.168.1.1
192.168.1.100
PS C:\> Get-NetTCPConnection | Where-Object {$_.State -eq “Established”} | Select-Object LocalAddress,LocalPort,RemoteAddress,RemotePort,OwningProcess | Format-Table
LocalAddress LocalPort RemoteAddress RemotePort OwningProcess
———— ——— ————- ———- ————-
0.0.0.0 80 192.168.1.50 52341 1234
0.0.0.0 443 192.168.1.51 52342 1234
Name ReceivedBytes ReceivedUnicastPackets ReceivedNonUnicastPackets ReceivedDiscarded ReceivedErrors
—- ————- ———————- ————————- —————– ————–
Ethernet0 1234567890 123456 12345 0 0
Ethernet1 987654321 98765 9876 0 0
PS C:\> Get-NetAdapterAdvancedProperty
Name DisplayName DisplayValue
—- ———– ————
Ethernet0 Flow Control Rx & Tx Enabled
Ethernet0 Interrupt Moderation Enabled
Ethernet0 Jumbo Packet Standard 1500
Ethernet0 Large Send Offload V2 (IPv4) Enabled
Ethernet0 Large Send Offload V2 (IPv6) Enabled
PS C:\> netstat -ano | findstr :80
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1234
TCP 192.168.1.10:80 192.168.1.50:52341 ESTABLISHED 1234
PS C:\> pathping www.fgedu.net.cn
Tracing route to www.fgedu.net.cn [192.168.1.100]
over a maximum of 30 hops:
0 WIN-SERVER01.fgedu.net.cn [192.168.1.10]
1 192.168.1.1
2 www.fgedu.net.cn [192.168.1.100]
Computing statistics for 50 seconds…
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 WIN-SERVER01.fgedu.net.cn [192.168.1.10]
0/ 100 = 0% |
1 1ms 0/ 100 = 0% 0/ 100 = 0% 192.168.1.1
0/ 100 = 0% |
2 1ms 0/ 100 = 0% 0/ 100 = 0% www.fgedu.net.cn [192.168.1.100]
Trace complete.
9. 网络安全管理
网络安全管理包括端口安全、访问控制、流量监控等。
DisplayName Profile
———– ——-
Network Discovery Domain, Private
File and Printer Sharing (Echo Request – ICMPv4-In) Domain, Private, Public
Core Networking – Destination Unreachable (ICMPv4-In) Domain, Private, Public
PS C:\> Get-NetFirewallPortFilter | Where-Object {$_.Protocol -eq “TCP”} | Get-NetFirewallRule | Select-Object DisplayName, Enabled, Direction
DisplayName Enabled Direction
———– ——- ———
Allow HTTP True Inbound
Allow HTTPS True Inbound
Allow RDP True Inbound
Allow SQL Server True Inbound
PS C:\> New-NetFirewallRule -DisplayName “Block Telnet” -Direction Inbound -Protocol TCP -LocalPort 23 -Action Block
PS C:\> Set-NetFirewallProfile -Profile Domain,Private,Public -DefaultInboundAction Block
PS C:\> Get-NetFirewallProfile | Select-Object Name, DefaultInboundAction, DefaultOutboundAction
Name DefaultInboundAction DefaultOutboundAction
—- ——————– ———————
Domain Block Allow
Private Block Allow
Public Block Allow
10. 网络故障排查
网络故障排查是运维人员必备技能,需要掌握各种诊断工具。
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
PS C:\> nslookup www.fgedu.net.cn
Server: dns.fgedu.net.cn
Address: 192.168.1.2
Name: www.fgedu.net.cn
Address: 192.168.1.100
PS C:\> tracert 192.168.1.100
Tracing route to 192.168.1.100 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.1.1
2 1 ms 1 ms 1 ms 192.168.1.100
Trace complete.
Windows IP Configuration
www.fgedu.net.cn
—————————————-
Record Name . . . . . : www.fgedu.net.cn
Record Type . . . . . : 1
Time To Live . . . . : 3600
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 192.168.1.100
PS C:\> ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
PS C:\> ipconfig /registerdns
Windows IP Configuration
Registration of the DNS resource records for all adapters has been initiated.
Any errors will be reported in the Event Viewer in 15 minutes.
PS C:\> netsh int ip reset
Resetting Global, OK!
Resetting Interface, OK!
Restart the computer to complete this action.
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
