HLCA综合实验
一、实验要求
二、实验内容
1、进行IP地址规划及拓扑搭建
2、进行划分vlan
[Huawei]interface GigabitEthernet0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]ip address 192.168.1.65 27
[Huawei-GigabitEthernet0/0/1.1]Q
[Huawei]interface GigabitEthernet 0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]ip address 192.168.1.97 27
创建VLAN2、VLAN3,将HTTP服务器划分到VLAN3,将两台pc划分到VLAN2中;
示例LSW1:
[Huawei]vlan 2
[Huawei-vlan2]vlan 3
[Huawei-vlan3]q
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 2
[Huawei]interface Ethernet 0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 3
3、在子接口上进行DHCP配置
示例R1:
[Huawei]dhcp enable
[Huawei]ip pool a
Info:It’s successful to create an IP address pool.
[Huawei-ip-pool-a]network 192.168.1.64 mask 27
[Huawei-ip-pool-a]gateway-list 192.168.1.65
[Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[Huawei]ip pool b
Info:It’s successful to create an IP address pool.
[Huawei-ip-pool-a]network 192.168.1.96 mask 27
[Huawei-ip-pool-a]gateway-list 192.168.1.97
[Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
然后开启DHCP服务:
[Huawei]interface GigabitEthernet0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]dhcp select global
[Huawei]interface GigabitEthernet0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]dhcp select global
R2也与R1同理。
4、对R1、R2上启动OSPF协议
1、在R1上进行配置
[Huawei]ospf 1 router-id 192.168.1.1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
2、在R2上进行配置
[R2]ospf 1 router-id 192.168.1.129
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
5、进行trunk干道配置
[LSW1]interface Ethernet 0/0/1
[LSW1-Ethernet0/0/1]port link-type trunk
[LSW1-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW2]interface GigabitEthernet 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
配置到现在让pc1能够Ping通pc3、pc4.
6、在路由器上设置telent登录
示例R1:
[r1]aaa
[r1-aaa]local-user chen privilege level 15 password cipher 123456
[r1-aaa]local-user chen service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
示例R2:
[r2]aaa
[r2-aaa]local-user yu privilege level 15 password cipher 123456
[r2-aaa]local-user yu service-type telnet
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
然后在R1上设置策略
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.1 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.65 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.97 0 destination-port eq 23
在接口上调用这个命令
[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
7、由公有IP12.1.1.1令pc1–4可以访问pc5
[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
然后在R2上写一条缺省路由
[r2]ip route-static 0.0.0.0 0.0.0.0 1.1.1.0
三、通过client去访问HTTP和server
HTTP配置如下:
DNS配置如下:
在内网中的服务器进行端口映射;
在示例r2上配置如下:
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.98 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
284
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
