需求分析
1.ISP路由器仅配置IP地址
2.内网基于192.168.1.8/24网段进行IP划分
3.R1/R2之间使用OSPF做到内网全通,单区域
4.PC1-PC4使用DHCP获取地址
5.PC2-PC4可以访问pc5,PC1不行
6.R2出口只拥有一个公网IP
7.test-1设备可以登录内网telnet服务器,test-2不行
配置
ip地址
192.168.1.0 /26-----骨干
192.168.1.64 /26---R1以下网络
192.168.1.64/28---VLAN 2
192.168.1.80/28---VLAN 3
192.168.1.96/28---VLAN 4
192.168.1.128/26---R2以下网络
192.168.1.128/27---VLAN 2
192.168.1.169/27---VLAN 3
192.168.1.192/26---保留
202.1.1.0/30---R2-ISP
203.1.1.0/24---ISP以下网络
1.ISP路由器仅配置IP地址
[ISP]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 202.1.1.2 30
May 18 2023 07:37:59-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[ISP-GigabitEthernet0/0/0]q
[ISP]int g 0/0/1
[ISP-GigabitEthernet0/0/1]ip add 203.1.1.1 24
May 18 2023 07:38:39-08:00 ISP %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[ISP-GigabitEthernet0/0/1]
3.R1/R2之间使用OSPF做到内网全通,单区域
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]a
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net
[R1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.65 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.81 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.97 0.0.0.0
[R1-ospf-1-area-0.0.0.0]q
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.129 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.161 0.0.0.0
[R2-ospf-1-area-0.0.0.0]q
检测
PC>ping 192.168.1.94
Ping 192.168.1.94: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.1.94: bytes=32 seq=2 ttl=127 time=94 ms
From 192.168.1.94: bytes=32 seq=3 ttl=127 time=78 ms
From 192.168.1.94: bytes=32 seq=4 ttl=127 time=78 ms
From 192.168.1.94: bytes=32 seq=5 ttl=127 time=94 ms
--- 192.168.1.94 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/86/94 ms
4.PC1-PC4使用DHCP获取地址
[sw1]vlan 2
[sw1-vlan2]q
[sw1]vlan 3
[sw1-vlan3]q
[sw1]vlan 4
[sw1-vlan4]q
[sw1]int g 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1]int g 0/0/3
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1]int g 0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access
[sw1]int g 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 4
[sw2]vlan 2
[sw2-vlan2]q
[sw2]vlan 3
[sw2-vlan3]q
[sw2]int g 0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2]int g 0/0/3
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2]int g 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip pool 1
Info: It's successful to create an IP address pool.
[R1-ip-pool-1]net
[R1-ip-pool-1]netbios-type
[R1-ip-pool-1]network 192.168.1.64 mask 28
[R1-ip-pool-1]ga
[R1-ip-pool-1]gateway-list 192.168.1.65
[R1-ip-pool-1]q
[R1]ip pool 2
Info: It's successful to create an IP address pool.
[R1-ip-pool-2]net
[R1-ip-pool-2]netbios-type
[R1-ip-pool-2]network 192.168.1.80 mask 28
[R1-ip-pool-2]gat
[R1-ip-pool-2]gateway-list 192.168.1.81
[R1-ip-pool-2]q
[R1]int g 0/0/0.1
[R1-GigabitEthernet0/0/0.1]dhcp s
[R1-GigabitEthernet0/0/0.1]dhcp select g
[R1-GigabitEthernet0/0/0.1]dhcp select global
[R1-GigabitEthernet0/0/0.1]q
[R1]int g 0/0/0.2
[R1-GigabitEthernet0/0/0.2]dhcp s
[R1-GigabitEthernet0/0/0.2]dhcp select g
[R1-GigabitEthernet0/0/0.2]dhcp select global
[R2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R2]ip p
[R2]ip policy-based-route
[R2]ip pool 1
Info: It's successful to create an IP address pool.
[R2-ip-pool-1]net
[R2-ip-pool-1]netbios-type
[R2-ip-pool-1]network 192.168.1.128 mask 27
[R2-ip-pool-1]ha
[R2-ip-pool-1]ga
[R2-ip-pool-1]gateway-list 192.168.1.129
[R2-ip-pool-1]q
[R2]ip pool 2
Info: It's successful to create an IP address pool.
[R2-ip-pool-2]net
[R2-ip-pool-2]netbios-type
[R2-ip-pool-2]network 192.168.1.160 mask 27
[R2-ip-pool-2]ga
[R2-ip-pool-2]gateway-list 192.168.1.161
[R2-ip-pool-2]q
[R2]int g 0/0/0.1
[R2-GigabitEthernet0/0/0.1]dhcp g
[R2-GigabitEthernet0/0/0.1]dhcp s
[R2-GigabitEthernet0/0/0.1]dhcp select g
[R2-GigabitEthernet0/0/0.1]dhcp select global
[R2-GigabitEthernet0/0/0.1]q
[R2]int g 0/0/0.2
[R2-GigabitEthernet0/0/0.2]dhcp s
[R2-GigabitEthernet0/0/0.2]dhcp select g
[R2-GigabitEthernet0/0/0.2]dhcp select global
检测
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fee8:4f8f
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.78
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.1.65
Physical address..................: 54-89-98-E8-4F-8F
DNS server........................:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe10:637f
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.94
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.1.81
Physical address..................: 54-89-98-10-63-7F
DNS server........................:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe13:be8
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.158
Subnet mask.......................: 255.255.255.224
Gateway...........................: 192.168.1.129
Physical address..................: 54-89-98-13-0B-E8
DNS server........................:
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe53:7b03
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.190
Subnet mask.......................: 255.255.255.224
Gateway...........................: 192.168.1.161
Physical address..................: 54-89-98-53-7B-03
DNS server........................:
5.PC2-PC4可以访问pc5,PC1不行
[R1]acl 3000
[R1-acl-adv-3000]ru
[R1-acl-adv-3000]rule d
[R1-acl-adv-3000]rule deny ip s
[R1-acl-adv-3000]rule deny ip source 192.168.1.64 0.0.0.15 d
[R1-acl-adv-3000]rule deny ip source 192.168.1.64 0.0.0.15 destination 203.1.1.1
00 0.0.0.0
[R1-acl-adv-3000]q
[R1]int g 0/0/0.1
[R1-GigabitEthernet0/0/0.1]tr
[R1-GigabitEthernet0/0/0.1]traffic-filter in
[R1-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000
检测
PC1:
PC>ping 203.1.1.100
Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 203.1.1.100 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC2-4:
Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
From 203.1.1.100: bytes=32 seq=1 ttl=125 time=78 ms
From 203.1.1.100: bytes=32 seq=2 ttl=125 time=63 ms
From 203.1.1.100: bytes=32 seq=3 ttl=125 time=94 ms
From 203.1.1.100: bytes=32 seq=4 ttl=125 time=78 ms
From 203.1.1.100: bytes=32 seq=5 ttl=125 time=78 ms
--- 203.1.1.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 63/78/94 ms
PC>ping 203.1.1.100
Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
From 203.1.1.100: bytes=32 seq=1 ttl=126 time=93 ms
From 203.1.1.100: bytes=32 seq=2 ttl=126 time=79 ms
From 203.1.1.100: bytes=32 seq=3 ttl=126 time=78 ms
From 203.1.1.100: bytes=32 seq=4 ttl=126 time=93 ms
From 203.1.1.100: bytes=32 seq=5 ttl=126 time=79 ms
--- 203.1.1.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/84/93 ms
PC>ping 203.1.1.100
Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 203.1.1.100: bytes=32 seq=2 ttl=126 time=78 ms
From 203.1.1.100: bytes=32 seq=3 ttl=126 time=78 ms
From 203.1.1.100: bytes=32 seq=4 ttl=126 time=78 ms
From 203.1.1.100: bytes=32 seq=5 ttl=126 time=94 ms
--- 203.1.1.100 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/82/94 ms
7.test-1设备可以登录内网telnet服务器,test-2不行
[telnet server]user-interface vty 0 4
[telnet server-ui-vty0-4]au
[telnet server-ui-vty0-4]authentication-mode aaa
[telnet server-ui-vty0-4]q
[telnet server]aaa
[telnet server-aaa]loc
[telnet server-aaa]local-user huawei pa
[telnet server-aaa]local-user huawei password ci
[telnet server-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[telnet server-aaa]loc
[telnet server-aaa]local-user huawei pr
[telnet server-aaa]local-user huawei privilege le
[telnet server-aaa]local-user huawei privilege level 15
[telnet server-aaa]loc
[telnet server-aaa]local-user huawei ser
[telnet server-aaa]local-user huawei service-type telnet
[telnet server-aaa]q
[telnet server]ip rou
[telnet server]ip route
[telnet server]ip route-static 0.0.0.0 0 192.168.1.97
[R2]acl 2000
[R2-acl-basic-2000]rule per
[R2-acl-basic-2000]rule permit so
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]na
[R2-GigabitEthernet0/0/2]nat ou
[R2-GigabitEthernet0/0/2]nat outbound 2000
[R2-GigabitEthernet0/0/2]q
[R2]ip rou
[R2]ip route
[R2]ip route-static 0.0.0.0 0 202.1.1.2
[R2]ospf 1
[R2-ospf-1]de
[R2-ospf-1]default-
[R2-ospf-1]default-route-advertise
[R2-ospf-1]
Please check whether system data has been changed, and save data in time
Configuration console time out, please press any key to log on
<R2>sys
Enter system view, return user view with Ctrl+Z.
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]net ser
[R2-GigabitEthernet0/0/2]nat s
[R2-GigabitEthernet0/0/2]nat server pr
[R2-GigabitEthernet0/0/2]nat server protocol tcp g
[R2-GigabitEthernet0/0/2]nat server protocol tcp global cu
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface tal
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface talk
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface talk
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface tel
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telne
t in
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telne
t inside 192.168.1.98 tel
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telne
t inside 192.168.1.98 telnet
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[R2-GigabitEthernet0/0/2]q
[R2]
Please check whether system data has been changed, and save data in time
Configuration console time out, please press any key to log on
<R2>sys
Enter system view, return user view with Ctrl+Z.
[R2]acl 3000
[R2-acl-adv-3000]rule deny t
[R2-acl-adv-3000]rule deny tcp s
[R2-acl-adv-3000]rule deny tcp source 203.1.1.3 0 d
[R2-acl-adv-3000]rule deny tcp source 203.1.1.3 0 destination-port eq 23
[R2-acl-adv-3000]q
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]tr
[R2-GigabitEthernet0/0/2]traffic-policy
[R2-GigabitEthernet0/0/2]trap-threshold
[R2-GigabitEthernet0/0/2]traffic-f
[R2-GigabitEthernet0/0/2]traffic-filter in
[R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000
检测
<test-1>telnet 202.1.1.1
Press CTRL_] to quit telnet mode
Trying 202.1.1.1 ...
Connected to 202.1.1.1 ...
Login authentication
Username:huawei
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 192.168.1.97
Time : 2023-05-18 08:32:30-08:00
-----------------------------------------------------------------------------
<test-2>telnet 202.1.1.1
Press CTRL_] to quit telnet mode
Trying 202.1.1.1 ...
Error: Can't connect to the remote host
990
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
