编写实验报告:
1、拓扑信息
2、要求及分析
3、IP规划
4、配置截图
5、测试
1、拓扑信息
2、要求及分析
1、ISP路由器仅配置IP地址
- 全网配置IP
2、内部网络基于192.168.1.0/24网段进行IP规划
- 先进行内网操作配置
3、R1/R2之间使用OSPF做到内网全通,单区域
- area 0 缺省下发
4、PC1-PC4使用DHCP获取地址
- 开启DHCP服务
5、PC2-PC4可以访问PC5;PC1不行
- PC1 icmp PC5
6、R2出口只拥有一个公网IP
- 静态NAT
7、test-1设备可以登录到内网teInet服务器;test-2不行
- test-2 TCP/telnet teInet
3、IP规划
4、配置截图
1.配置LW1的VLAN
2.查看LW1的VLAN
3.配置LW2的VLAN(图忘截图了)
LW2
sys
sys LW2
vlan 20
q
vlan 30
q
int g0/0/2
port link-type access
port de v 20
int g0/0/3
port link-type access
port de v 30
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30
4.查看LW2的VLAN
5.配置IP地址
6.开启OSPF
7.查看发现G0/0/0.3未配置
8.LW3只需改名即可
9.开启DHCP与R2配置NAT
acl 2000
rule permit source 192.168.1.0 0.0.0.255
int g0/0/2
nat outbound 2000
q
ip route-static 0.0.0.0 0 202.1.1.2
ospf 1
default-route-advertise
10.测试PC1 ping PC2/PC3
PC3 ping PC4
11.将公网完善
12.PC1-PC4可以访问PC5
13.R1配置后PC1不可访问PC5
acl 3000
rule deny ip source 192.168.1.29 0.0.0.0 destination 203.1.1.100 0.0.0.0
q
int g0/0/0.1
traffic-filter inbound acl 3000
14.R2开启端口映射
15.Telner Server 开启telnet服务
16.测试可以登录
17.创建ACL,使test-1设备可以登录到内网teInet服务器;test-2不行
18.测试test-2不可登录
因有部分配置未截图,我将配置重写了一遍
R1
sys
sys R1
int g0/0/1
ip add 192.168.1.161 30
q
int g0/0/0.1
ip add 192.168.1.30 27
dotlq termination vid 2
arp broadcast enable
int g0/0/0.2
ip add 192.168.1.62 27
dotlq termination vid 3
arp broadcast enable
int g0/0/0.3
ip add 192.168.1.158 27
dotlq termination vid 4
arp broadcast enable
ospf 1 rou 1.1.1.1
area 0
network 192.168.1.0 0.0.0.255
dis this
q
dis ip int b
dis ip rou p o
dhcp enble
ip pool 1
network 192.168.1.0 mask 27
gateway-list 192.168.1.30
q
ip pool 2
network 192.168.1.32 mask 27
gateway-list 192.168.1.62
q
int g0/0/0.1
dhcp select globle
int g0/0/0.2
dhcp select globle
q
dis cu
acl 3000
rule deny ip source 192.168.1.29 0.0.0.0 destination 203.1.1.100 0.0.0.0
q
int g0/0/0.1
traffic-filter inbound acl 3000
R2
sys
sys R2
int g0/0/1
ip add 192.168.1.162 30
int g0/0/0.1
ip add 192.168.1.94 27
dotlq termination vid 20
arp broadcast enable
int g0/0/0.2
ip add 192.168.1.126 27
dotlq termination vid 30
arp broadcast enable
int g0/0/2
ip add 202.1.1.1 30
q
ospf 1 rou 2.2.2.2
area 0
network 192.168.1.0 0.0.0.255
q
dis ip rou p o
dhcp enble
ip pool 1
network 192.168.1.64 mask 27
gateway-list 192.168.1.94
q
ip pool 2
network 192.168.1.96 mask 27
gateway-list 192.168.1.126
q
int g0/0/0.1
dhcp select globle
int g0/0/0.2
dhcp select globle
q
acl 2000
rule permit source 192.168.1.0 0.0.0.255
int g0/0/2
nat outbound 2000
q
ip route-static 0.0.0.0 0 202.1.1.2
ospf 1
default-route-advertise
int g0/0/2
nat server protocol tcp global current-interface telent inside 192.168.1.129 telnet
y
acl 3000
rule deny tcp source 203.1.1.2 0 destination-port eq 23
q
int g0/0/2
traffic-filter inbound acl 3000
ISP
sys
sys ISP
int g0/0/0
ip add 202.1.1.2 30
int g0/0/1
ip add 203.1.1.254 24
Telnet Server
sys
sys Telnet Server
int g0/0/0
ip add 192.168.1.129 27
user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user huawei password cipher 123456
local-user huawei privilege level 15
local-user huawei service-type telnet
q
用R1 验证
ip rou 0.0.0.0 0 192.168.1.158
test-1
sys
sys test-1
int g0/0/0
ip add 203.1.1.1 24
ip rou 202.1.1.1 32 203.1.1.254
test-2
sys
sys test-2
int g0/0/0
ip add 203.1.1.2 24
ip rou 202.1.1.1 32 203.1.1.254
LW1
sys
sys LW1
vlan 2
q
vian 3
q
vlan 4
q
int g0/0/2
port link-type access
port default vlan 2
int g0/0/3
port link-type access
port default vlan 3
int g0/0/4
port link-type access
port default vlan 4
q
int g0/0/1
port link-type t
port t all vlan 2 3 4
q
dis vlan 查看
LW2
sys
sys LW2
vlan 20
q
vlan 30
q
int g0/0/2
port link-type access
port de v 20
int g0/0/3
port link-type access
port de v 30
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30
LW3
sys
sys LW3