华为HCIA第六节－－－－－ａｃｌ和nat

最新推荐文章于 2024-08-15 00:01:41 发布

mjywl2003

最新推荐文章于 2024-08-15 00:01:41 发布

阅读量324

点赞数

分类专栏： HCIA 文章标签：华为网络网络协议

本文链接：https://blog.csdn.net/qq_62466609/article/details/129860895

版权

HCIA 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

实验中，配置了一台华为设备（GW）作为网关，设置了多个接口的IP地址，并创建了ACL规则阻止特定流量。同时，配置了静态路由。另一台华为设备（ISP）也进行了IP地址配置和静态路由设置，用于连接外部网络。

摘要由CSDN通过智能技术生成

1.实验拓扑:

2.实验要求:

3.实验代码:

1.GW:

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys GW
[GW]int g0/0/1
[GW-GigabitEthernet0/0/1]ip ad	
[GW-GigabitEthernet0/0/1]ip address 192.168.1.254 24
Mar 30 2023 16:21:59-08:00 GW %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[GW-GigabitEthernet0/0/1]int g0/0/2
[GW-GigabitEthernet0/0/2]ip ad	
[GW-GigabitEthernet0/0/2]ip address 192.168.2.254 24
Mar 30 2023 16:22:13-08:00 GW %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/2 has entered the UP state. 
[GW-GigabitEthernet0/0/2]int g0/0/0
[GW-GigabitEthernet0/0/0]ip ad	
[GW-GigabitEthernet0/0/0]ip address 12.1.1.1 30
Mar 30 2023 16:22:31-08:00 GW %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[GW-GigabitEthernet0/0/0]acl	
[GW-GigabitEthernet0/0/0]aclq
                         ^
Error: Unrecognized command found at '^' position.
[GW-GigabitEthernet0/0/0]q
[GW]ac	
[GW]access-user
[GW]acl 3000
[GW-acl-adv-3000]rou	
[GW-acl-adv-3000]r	
[GW-acl-adv-3000]u	
[GW-acl-adv-3000]ru	
[GW-acl-adv-3000]rule 5 de	
[GW-acl-adv-3000]rule 5 deny ip	
[GW-acl-adv-3000]rule 5 deny ip sou	
[GW-acl-adv-3000]rule 5 deny ip source 192.168.1.1 0 de	
[GW-acl-adv-3000]rule 5 deny ip source 192.168.1.1 0 destination 192.168.2.1 0
[GW-acl-adv-3000]int g0/0/1
[GW-GigabitEthernet0/0/1]tr	
[GW-GigabitEthernet0/0/1]tracert
[GW-GigabitEthernet0/0/1]traffic-filter in	
[GW-GigabitEthernet0/0/1]traffic-filter inbound aacl	
[GW-GigabitEthernet0/0/1]traffic-filter inbound acl	
[GW-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[GW-GigabitEthernet0/0/1]q
[GW]acl	
[GW]acl 2000
[GW-acl-basic-2000]ru	
[GW-acl-basic-2000]rule 5 pe	
[GW-acl-basic-2000]rule 5 permit sou	
[GW-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[GW-acl-basic-2000]int g0/0/0
[GW-GigabitEthernet0/0/0]ip	
[GW-GigabitEthernet0/0/0]ip ad	
[GW-GigabitEthernet0/0/0]ip address 12.1.1.1 30
Error: The address already exists.
[GW-GigabitEthernet0/0/0]ip address 12.1.1.1 30
Error: The address already exists.
[GW-GigabitEthernet0/0/0]

  Please check whether system data has been changed, and save data in time

  Configuration console time out, please press any key to log on

<GW>
<GW>sys
Enter system view, return user view with Ctrl+Z.
[GW]cal	
[GW]acl	
[GW]acl 2000
[GW-acl-basic-2000]q
[GW]int g0/0/0
[GW-GigabitEthernet0/0/0]ip ad	
[GW-GigabitEthernet0/0/0]ip address 12.1.1.1 30
Error: The address already exists.
[GW-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[GW-GigabitEthernet0/0/0]na	
[GW-GigabitEthernet0/0/0]nat ou	
[GW-GigabitEthernet0/0/0]nat outbound 2000
[GW-GigabitEthernet0/0/0]na	
[GW-GigabitEthernet0/0/0]nat st	
[GW-GigabitEthernet0/0/0]nat static gl	
[GW-GigabitEthernet0/0/0]nat static global 100.1.1.1 in	
[GW-GigabitEthernet0/0/0]nat static global 100.1.1.1 inside 192.168.2.1
[GW-GigabitEthernet0/0/0]ip rou	
[GW-GigabitEthernet0/0/0]ip route	
[GW-GigabitEthernet0/0/0]q
[GW]ip	
[GW]ip rou	
[GW]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[GW]
<GW>

ISP:

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad	
[ISP-GigabitEthernet0/0/0]ip address 12.1.1.2 30
Mar 30 2023 16:22:44-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[ISP-GigabitEthernet0/0/0]int l	
[ISP-GigabitEthernet0/0/0]int l
[ISP-GigabitEthernet0/0/0]q
[ISP]int l	
[ISP]int LoopBack 0
[ISP-LoopBack0]ip ad	
[ISP-LoopBack0]ip address 2.2.2.2 32
[ISP-LoopBack0]

  Please check whether system data has been changed, and save data in time

  Configuration console time out, please press any key to log on

<ISP>
<ISP>sys
Enter system view, return user view with Ctrl+Z.
[ISP]ip rou	
[ISP]ip route
[ISP]ip route-static 100.1.1.2 24
                                  ^
Error:Incomplete command found at '^' position.
[ISP]ip route-static 100.1.1.1 255.255.255.255 12.1.1.1
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad	
[ISP-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[ISP-GigabitEthernet0/0/0]
[ISP-GigabitEthernet0/0/0]
[ISP-GigabitEthernet0/0/0]

4.实验结果: