一、搭建要求
1R1,R3,R4跑ospf,且进行ospf认证
2R2跑静态路由
3PC1,PC2不允许访问PC6,尽可能在源头上禁止
4R2的ip地址分配基于接口的DHCP分配,R3基于全局的DHCP分配
二、拓扑网络如下
三、配置命令如下
1、R1配置
[Huawei]system view //进入系统视图
[Huawei]sysname r1 //给r1路由命名
[r1]int g0/0/0 //进入接口
[r1-GigabitEthernet0/0/0]ip add 10.1.123.1 24 //配置相应的ip地址
[r1]int LoopBack 0 //创建环回口
[r1-LoopBack0]ip add 1.1.1.1 24 //给环回口创建ip地址
<r1>disp ip int brief //查看ip地址配置
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.123.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[r1]ospf router-id 1.1.1.1 //启动ospf,配置相应的router ID
[r1-ospf-1]area 0 //进入到区域0
[r1-ospf-1-area-0.0.0.0]network 10.1.123.1 0.0.0.0 //宣布所拥有的网络地址,注意:后面接的是反掩码,如果该网络是接口地址,反掩码为全0
[r1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.255
[r1-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 10.1.123.1 0.0.0.0
#
return
<r1>save //保存配置
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
2、R2配置
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip add 10.1.123.2 24
[r2-GigabitEthernet0/0/2]q
[r2]int loopback 0
[r2-LoopBack0]q
[r2]dhcp enable //DHCP使能
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]int g0/0/1 //进入链接DHCP客户端的端口
[r2-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[r2-GigabitEthernet0/0/1]dhcp select interface //用来关联接口和接口地址池
[r2-GigabitEthernet0/0/1]dhcp server dns-list 8.8.8.8 //指定接口地址池下的DNS服务器地址
[r2-GigabitEthernet0/0/1]disp this //查看DHCP配置接口
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 192.168.2.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
return
<r2>disp ip interface brief //查看接口的IP地址
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 192.168.2.254/24 up up
GigabitEthernet0/0/2 10.1.123.2/24 up up
LoopBack0 unassigned up up(s)
NULL0 unassigned up up(s)
[r2]ip route-static 0.0.0.0 0 10.1.123.3 给R2配置默认静态路由,去往所有网络都通过10.1.123.3来寻找
[r2]ping 10.1.123.1 //验证配置是否成功,能ping通即联网了
PING 10.1.123.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.123.1: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.123.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.1.123.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 10.1.123.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.1.123.1: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 10.1.123.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/46/90 ms
[r2]ping 10.1.34.4 //验证ping通
PING 10.1.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.34.4: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.1.34.4: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.1.34.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/40 ms
<r2>save //保存配置
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
3、R3配置
<Huawei>
Please check whether system data has been changed, and save data in time
Configuration console time out, please press any key to log on
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sy
[Huawei]sysname r3
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 10.1.123.3 24
[r3-GigabitEthernet0/0/1]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 10.1.34.3 24
[r3-GigabitEthernet0/0/0]q
[r3]dhcp enable //DHCP使能
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]ip add 192.168.3.254 24
[r3-GigabitEthernet0/0/2]q
[r3]ip pool test //给地址池命名为test
Info: It's successful to create an IP address pool.
[r3-ip-pool-test]network 192.168.3.0 mask 255.255.255.0 //给地址池分配网段和掩码
[r3-ip-pool-test]dns-list 8.8.8.8 //配置域名解析
[r3-ip-pool-test]gateway-list 192.168.3.254 //配置出口网关地址
[r3-ip-pool-test]lease day 3 //配置IP地址的租期为3天
[r3-ip-pool-test]q
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global //使接口有DHCP服务器功能,DHCP关联全局地址池
[r3-GigabitEthernet0/0/2]disp this //查看配置结果
[V200R003C00]
#
interface GigabitEthernet0/0/2
ip address 192.168.3.254 255.255.255.0
dhcp select global
#
return
[r3-GigabitEthernet0/0/2]q
[r3]int LoopBack 0
[r3-LoopBack0]ip add 3.3.3.3 24
[r3-LoopBack0]q
[r3]disp ip interface brief //查看接口IP地址
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.34.3/24 up up
GigabitEthernet0/0/1 10.1.123.3/24 up up
GigabitEthernet0/0/2 192.168.3.254/24 up up
LoopBack0 3.3.3.3/24 up up(s)
NULL0 unassigned up up(s)
[r3]ospf router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 10.1.34.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 10.1.123.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 192.168.3.254 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.255
[r3-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 10.1.34.3 0.0.0.0
network 10.1.123.3 0.0.0.0
network 192.168.3.0 0.0.0.255
#
return
[r3]int g0/0/1 //在r3上配置ospf认证
[r3-GigabitEthernet0/0/1]ospf authentication-mode ?
hmac-md5 Use HMAC-MD5 algorithm
keychain Keychain authentication mode
md5 Use MD5 algorithm
null Use null authentication
simple Simple authentication mode
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 ?
INTEGER<1-255> Key ID
<cr> Please press ENTER to execute command
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 ?
STRING<1-255>/<20-392> The password (key)
cipher Encryption type (Cryptogram)
plain Encryption type (Plain text)
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 cipher ?
STRING<1-255>/<20-392> The password (key)
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 cipher huawei
[r3-GigabitEthernet0/0/1]q
<r3>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
4、R4配置
The device is running!
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 10.1.34.4 24
[r4]int loopback 0
[r4-LoopBack0]ip add 4.4.4.4 24
[r4-LoopBack0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.4.254 24
<r4>disp ip int brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.34.4/24 up up
GigabitEthernet0/0/1 192.168.4.254/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 4.4.4.4/24 up up(s)
NULL0 unassigned up up(s)
[r4]ospf router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 192.168.4.254 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 10.1.34.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 10.1.34.4 0.0.0.0
network 192.168.4.0 0.0.0.255
#
return
[r4]acl 2000 match-order config //设置ACL为手动设置
[r4-acl-basic-2000]rule deny source ?
IP_ADDR<X.X.X.X> Address of source
any Any source
[r4-acl-basic-2000]rule deny source 192.168.2.253 0.0.0.0 //配置规则,这里禁止IP地址为192.168.2.254的主机访问
[r4-acl-basic-2000]rule deny source 192.168.2.252 0.0.0.0
[r4-acl-basic-2000]disp this //查看配置结果
[V200R003C00]
#
acl number 2000
rule 5 deny source 192.168.2.253 0
rule 10 deny source 192.168.2.252 0
#
return
[r4-acl-basic-2000]q
[r4]q
<r4>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated