华为Cloud云+OSPF+Wlan+DHCP+ACL策略实验

华为Cloud云+OSPF+Wlan+DHCP+ACL策略实验
需求如下：
1、配置全网互通；
2、使用OSPF路由；
3、使用Cloud云作为Internet；
4、配置DHCP服务，VLAN等；
5、配置服务端（如：DNS、FTP、HTTP服务），客户端，可以互相ping通，
实现上传、下载，可以DNS域名解析；
6、配置ACL策略：
1）允许192.168.1.253访问172.200.10.0网段，拒绝192.168.1.0的其他用户访问此网段；
2）实现拒绝192.168.3.253的用户访问172.200.10.0网段，允许192.168.3.0
的其他用户访问此网段。
7、配置AC控制器直连AP ，SSID为test，密码：12345678，使AP下终端可以正常上网。

AR1(路由器1)：

sysname AR1

router id 2.2.2.2

interface GigabitEthernet0/0/0
ip address 172.100.10.100 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.10.10.1 255.255.255.0

ospf 10 router-id 2.2.2.2
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 172.100.10.0 0.0.0.255

AR2(路由器2)：

dhcp enable

interface GigabitEthernet0/0/0
ip address 172.100.10.101 255.255.255.0

interface GigabitEthernet0/0/1
ip address 172.200.10.1 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/2
ip address 172.200.20.1 255.255.255.0
dhcp select interface

ospf 10 router-id 4.4.4.4
area 0.0.0.0
network 172.100.10.0 0.0.0.255
network 172.200.10.0 0.0.0.255
network 172.200.20.0 0.0.0.255

LSW1（三层交换机）：

sysname LSW1

router id 1.1.1.1

vlan batch 10 20 30 40

dhcp enable

acl number 3001
rule 0 permit ip source 192.168.1.253 0 destination 172.200.10.0 0.0.0.255
rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 172.200.10.0 0.0.0.255
acl number 3002
rule 0 deny ip source 192.168.3.253 0 destination 172.200.10.0 0.0.0.255

traffic classifier a operator and
if-match acl 3001
traffic classifier a1 operator and
if-match acl 3002

traffic behavior b
permit
traffic behavior b1
deny

traffic policy c
classifier a behavior b
traffic policy c1
classifier a1 behavior b1

ip pool 1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8

interface Vlanif10
description to AR1
ip address 10.10.10.2 255.255.255.0

interface Vlanif20
description to youxian
ip address 192.168.1.1 255.255.255.0
dhcp select global

interface Vlanif30
ip address 192.168.2.1 255.255.255.0

interface Vlanif40
ip address 1.1.1.1 255.255.255.0
dhcp select global

interface GigabitEthernet0/0/1
port link-type access
port default vlan 10

interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
traffic-policy c inbound

interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
traffic-policy c1 inbound

interface GigabitEthernet0/0/4
port link-type access
port default vlan 40

ospf 10 router-id 1.1.1.1
area 0.0.0.0
network 192.168.0.0 0.0.255.255
network 10.10.10.0 0.0.0.255
network 1.1.1.0 0.0.0.255

AC控制器：

vlan batch 30 40

wlan ac-global carrier id other ac id 1

dhcp enable

interface Vlanif30
ip address 192.168.2.2 255.255.255.0

interface Vlanif40
description to wuxian
ip address 192.168.3.1 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/1
port link-type access
port default vlan 30

interface GigabitEthernet0/0/2
port link-type access
port default vlan 40

interface GigabitEthernet0/0/3
port link-type access
port default vlan 40

interface Wlan-Ess0
port hybrid pvid vlan 40
port hybrid untagged vlan 40

ospf 10 router-id 3.3.3.3
area 0.0.0.0
network 192.168.0.0 0.0.255.255

wlan
wlan ac source interface vlanif40
ap-region id 10
ap id 0 type-id 19 mac 00e0-fc89-5950 sn 210235448310F914EF1F
region-id 10
wmm-profile name wmm id 0
traffic-profile name tra id 0
security-profile name tra id 0
security-policy wpa2
wpa2 authentication-method psk pass-phrase simple 12345678 encryption-method c
cmp
service-set name ser id 0
wlan-ess 0
ssid test
traffic-profile id 0
security-profile id 0
radio-profile name rad-1 id 0
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1

Internet（Cloud）配置如下图：

服务端配置如下图：
1、DNS服务：

2、FTP服务：

3、HTTP服务：

客户端1配置如下图：
1、基础配置：

2、客户端信息：
（1）FTP客户端：

（2）HTTP客户端：

客户端2的配置与客户端1的配置一样