拓扑:
要求:
1、公网设备只配置IP地址
2、全网可达
3、外网设备不允许存在私网路由
4、内网设备不允许存在公网路由
5、test-1可以登录telnet server;而test-2不可以
6、pc1可以访问test-1;pc2不可以
7、pc使用DHCP获取IP地址
分析:
1、IP地址的配置
2、telnet的配置
3、ACL配置
4、DHCP配置
5、NAT配置
IP地址的配置:
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip ad 192.168.12.1 24
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip ad 192.168.1.1 24
telnet的配置:
[telnet]user-interface vty 0 4
[telnet-ui-vty0-4]authentication-mode aaa
[telnet-ui-vty0-4]q
[telnet]aaa
[telnet-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[telnet-aaa]local-user huawei privilege level 15[telnet-aaa]local-user huawei service-type telnet
[telnet-aaa]display this
[V200R003C00]
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user huawei password cipher %$%$Kla#T<f8p&SO*\,Riw1F;s:J%$%$
local-user huawei privilege level 15
local-user huawei service-type telnet
#
return
ACL配置:
[r2]acl 2000
[r2-acl-basic-2000]rule pe
[r2-acl-basic-2000]rule permit so
[r2-acl-basic-2000]rule permit source 192.168.1.254 0
DHCP配置:
[r1]dhcp enable
[r1]ip pool aa
[r1-ip-pool-aa]network 192.168.1.0 mask 24
[r1-ip-pool-aa]gateway-list 192.168.1.1
[r1-ip-pool-aa]dns-list 8.8.8.8
[r1-ip-pool-aa]q
[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]dhcp select global
NAT配置:
[r2]nat address-group 1 23.0.0.10 23.0.0.10
[r2]int g 0/0/1
[r2-GigabitEthernet0/0/1]nat outbound 2000 address-group 1