一、实验分析
1、注意官网不做OSPF宣告
2、首先内网采用OSPF 使内网达到全网可通。然后公网采用缺省路由和缺省路由下发达到可通。
最后用NAT来使内网都可以痛外网。
3、协议可行与不可行 运用ACL技术。注意:入接口与出接口。对应相应接口进行调用。
4、pc端在限制协议时候不要在外网接口做,外网未能识别内网IP。需要在内网接口做。
二、实践拓扑图
根据拓扑图
三、配IP
(一)r1端
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.12.1 24
(二)r2端
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.12.2 24
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.2.1 24
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]ip address 23.0.0.1 24
(三)r3端
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 23.0.0.2 24
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.0.0.1 24
(四)test-1端
[test-1]interface GigabitEthernet 0/0/0
[test-1-GigabitEthernet0/0/0]ip address 34.0.0.2 24
(五)test-2端
[test-2]interface GigabitEthernet 0/0/0
[test-2-GigabitEthernet0/0/0]ip address 34.0.0.3 24
(六)telnet端
[telnet]interface GigabitEthernet 0/0/0
[telnet-GigabitEthernet0/0/0]ip address 192.168.1.2 24
四、DHCP协议
(一)r1端
[r1]dhcp enable -----启动DHCP协议
[r1]ip pool aa -----创建地址池
[r1-ip-pool-aa]network 192.168.1.0 mask 24 -----配置可分配IP范围
[r1-ip-pool-aa]gateway-list 192.168.1.1 -----配置网关
[r1-ip-pool-aa]dns-list 8.8.8.8 ----配置dns
[r1]interface GigabitEthernet 0/0/0 -----接口调用地址池
[r1-GigabitEthernet0/0/0]dhcp select global ----容易忘记
(二)r2端
[r2]dhcp enable
[r2]ip pool aa
[r2-ip-pool-aa]network 192.168.2.0 mask 24
[r2-ip-pool-aa]gateway-list 192.168.2.1
[r2-ip-pool-aa]dns-list 8.8.8.8
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]dhcp select global
五、NAT全网可达
(一)r1端
[r1]ospf 1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 192.168.12.1 0.0.0.0
(二)r2端
OSPF仅向内网宣告
[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.12.2 0.0.0.0[r2-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0
[r2]ip route-static 0.0.0.0 0 23.0.0.2
[r2]ospf 1[r2-ospf-1]default-route-advertise
华为私有技术--->Easy IP
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
(三)r3端
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]network 23.0.0.2 0.0.0.0[r3-ospf-1-area-0.0.0.1]network 34.0.0.1 0.0.0.0
(四)test-1端
[test-1]ip route-static 0.0.0.0 0 34.0.0.1
(五)test-2端
[test-2]ip route-static 0.0.0.0 0 34.0.0.1
(六)telnet端
[telnet]ip route-static 0.0.0.0 0 192.168.1.1
六、telnet协议
telnet端
[telnet]telnet server enable
[telnet]user-interface vty 0 4
[telnet-ui-vty0-4]authentication-mode aaa
[telnet-ui-vty0-4]q
[telnet]aaa
[telnet-aaa]local-user huawei password cipher 123456
[telnet-aaa]local-user huawei privilege level 15
[telnet-aaa]local-user huawei service-type telnet
七、镜像操作
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telnet
inside 192.168.1.2 telnetAre you sure to continue?[Y/N]:y
与后文结果进行对比
八、ACL技术
(一)r3端
[r3]acl 3000
[r3-acl-adv-3000]rule permit tcp source 34.0.0.2 0 destination 23.0.0.1 0
[r3-acl-adv-3000]rule deny tcp source 34.0.0.3 0 destination 23.0.0.1 0 destinat
ion-port eq 23
[r3]interface GigabitEthernet 0/0/1[r3-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
(二)r2端
[r2]acl 3100
[r2-acl-adv-3100]rule deny ip source 192.168.1.254 0 destination 34.0.0.3 0
[r2-acl-adv-3100]q
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3100