eNSP小练习一枚

小刀拉屁股让你开开眼

已于 2024-05-24 19:43:40 修改

阅读量249

点赞数 6

分类专栏：网络华为文章标签：网络华为

于 2024-05-24 19:42:10 首次发布

本文链接：https://blog.csdn.net/qq_38292936/article/details/139172370

版权

网络同时被 2 个专栏收录

13 篇文章 2 订阅

订阅专栏

华为

13 篇文章 2 订阅

订阅专栏

问答看到的，随便敲了敲，希望各路大佬不吝赐教~
话说现在的问答全是ai，乌烟瘴气的
在这里插入图片描述

首先配置全互通，ip vlan 端口隔离 ospf啥的

SWA

#
vlan batch 10 20 30 99
#
interface Vlanif1
 ip address 10.1.1.2 255.255.255.0
#
interface Vlanif10
 ip address 172.16.1.1 255.255.255.0
#
interface Vlanif20
 ip address 172.16.2.1 255.255.255.0
#
interface Vlanif30
 ip address 172.16.3.1 255.255.255.0
#
interface Vlanif99
 ip address 172.16.99.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
ospf 1
 default-route-advertise always
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#

SWB

#
vlan batch 10 20 99
#
interface Vlanif99
 ip address 172.16.99.2 255.255.255.0
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
ospf 1
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#

SWC

#
vlan batch 30 99
#
interface Vlanif99
 ip address 172.16.99.3 255.255.255.0
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 30
 port-security enable
 port-security protect-action shutdown
 port-security mac-address sticky
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
ospf 1
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#

AR1

#
interface GigabitEthernet0/0/0
 ip address 10.1.1.1 255.255.255.0 
 ospf enable 1 area 0.0.0.0
#

配置telnet只允许pc1登录。pc没法用telnet，测试的时候终端可以先随便搞个sw的地址，没问题了再换成pc1的地址

SWA~C，AR1

#
acl number 2000
 rule 5 permit source 172.16.1.1 0
#

[SW A]telnet server enable 

[SW A]user-interface vty 0 4
[SW A-ui-vty0-4]au aaa
[SW A-ui-vty0-4]protocol inbound telnet
[SW A-ui-vty0-4]acl 2000 inbound

[SW A]aaa
[SW A-aaa]local-user admin password cipher admin@123
[SW A-aaa]local-user admin service-type telnet 
[SW A-aaa]local-user admin privilege level 15

配置traffic-filter不允许vlan10和vlan20互通

SWB

#
acl number 2002
 rule 5 deny source 172.16.2.0 0.0.0.255
#
acl number 2003
 rule 5 deny source 172.16.1.0 0.0.0.255
#

[SW B-Ethernet0/0/1]traffic-filter outbound acl 2002
[SW B-Ethernet0/0/2]traffic-filter outbound acl 2003

配置traffic-filter只允许PC1访问

SWC

#
acl number 2002
 rule 5 permit source 172.16.1.10 0
 rule 10 deny
#

[SW C-Ethernet0/0/1]traffic-filter outbound acl 2002

小刀拉屁股让你开开眼

关注

6
点赞
踩
5

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

专栏目录