经典综合实验(一)
- 实验拓扑
- 配置步骤
- 第一步:配置二层VLAN
- 第二步:配置IP地址
- 第三步:配置DHCP服务
- 第四步:配置路由协议OSPF
- 第五步:配置ACL+NAT+Telnet
- 配置验证
- 测试PC1能不能telnet登录到R1
- 测试所有PC是否都可以ping通公网
- 华为模拟器如何配置通过域名访问服务器
- 测试ISP是否可以成功telnet登录到R1
实验拓扑
配置步骤
第一步:配置二层VLAN
SW5
sysname SW5
#
undo info-center enable
#
vlan batch 40 50
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 40
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 50
#
interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 40 50
SW6
sysname SW6
#
undo info-center enable
#
vlan batch 10 20 30
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 10
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 30
#
interface GigabitEthernet0/0/3port link-type accessport default vlan 20
#
interface GigabitEthernet0/0/24port link-type trunkport trunk allow-pass vlan 10 20 30
第二步:配置IP地址
R1
sysname R1
#
interface GigabitEthernet0/0/0ip address 192.168.12.1 255.255.255.0
# //配置单臂路由
interface GigabitEthernet0/0/1.10dot1q termination vid 10ip address 192.168.10.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/1.20dot1q termination vid 20ip address 192.168.20.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/1.30dot1q termination vid 30ip address 192.168.30.254 255.255.255.0 arp broadcast enable
R2
sysname R2
#
interface GigabitEthernet0/0/0ip address 192.168.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2.40dot1q termination vid 40ip address 192.168.40.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/2.50dot1q termination vid 50ip address 192.168.50.254 255.255.255.0 arp broadcast enable
ISP
sysname ISP
#
interface GigabitEthernet0/0/0ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1ip address 202.1.1.254 255.255.255.0
PC1
sysname PC1
#
dhcp enable
#
interface GigabitEthernet0/0/0ip address dhcp-alloc
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.254
PC2
sysname PC2
#
dhcp enable
#
interface GigabitEthernet0/0/0ip address dhcp-alloc
#
ip route-static 0.0.0.0 0.0.0.0 192.168.20.254
第三步:配置DHCP服务
R1
dhcp enable
#
ip pool VLAN10gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 excluded-ip-address 192.168.10.230 192.168.10.253 lease day 2 hour 0 minute 0
#
ip pool VLAN20gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 excluded-ip-address 192.168.20.230 192.168.20.253 lease day 2 hour 0 minute 0 #interface GigabitEthernet0/0/1.10dhcp select global
#
interface GigabitEthernet0/0/1.20dhcp select global
R2
dhcp enable
#
ip pool VLAN40gateway-list 192.168.40.254 network 192.168.40.0 mask 255.255.255.0 excluded-ip-address 192.168.40.230 192.168.40.253 lease day 2 hour 0 minute 0
#
ip pool VLAN50gateway-list 192.168.50.254 network 192.168.50.0 mask 255.255.255.0 excluded-ip-address 192.168.50.230 192.168.50.253 lease day 2 hour 0 minute 0
#
interface GigabitEthernet0/0/2.40dhcp select global
#
interface GigabitEthernet0/0/2.50dhcp select global
第四步:配置路由协议OSPF
R1
ospf 1 router-id 1.1.1.1 area 0.0.0.0 authentication-mode md5 1 cipher wmlnetwork 192.168.10.0 0.0.0.255 network 192.168.12.1 0.0.0.0 network 192.168.20.0 0.0.0.255 network 192.168.30.0 0.0.0.255
R2
ospf 1 router-id 2.2.2.2 default-route-advertise //通过OSPF给R1下发默认路由area 0.0.0.0 authentication-mode md5 1 cipher wmlnetwork 192.168.12.2 0.0.0.0 network 192.168.40.0 0.0.0.255 network 192.168.50.0 0.0.0.255
第五步:配置ACL+NAT+Telnet
R1
acl number 3000
//配置高级ACL来拒绝PC1访问R1的telnet功能rule 5 deny tcp source 192.168.10.229 0 destination 192.168.10.254 0 destination-port eq telnet rule 10 deny tcp source 192.168.10.229 0 destination 192.168.20.254 0 destination-port eq telne rule 15 deny tcp source 192.168.10.229 0 destination 192.168.30.254 0 destination-port eq telne rule 20 deny tcp source 192.168.10.229 0 destination 192.168.12.1 0 destination-port eq telnet
#
interface GigabitEthernet0/0/1traffic-filter inbound acl 3000 //再R1的0/0/1接口的入方向调用此ACL#
aaa //通过AAA的方式配置R1的telnetlocal-user wml password cipher wml idle-timeout 100 0local-user wml privilege level 15local-user wml service-type telnet
#
user-interface vty 0 4authentication-mode aaa
R2
acl number 2000 rule 5 permit source 192.168.10.0 0.0.0.255 rule 10 permit source 192.168.20.0 0.0.0.255 rule 15 permit source 192.168.30.0 0.0.0.255 rule 20 permit source 192.168.40.0 0.0.0.255 rule 25 permit source 192.168.50.0 0.0.0.255
#
interface GigabitEthernet0/0/1
//配置nat,让公网接口映射内网的web服务器nat server protocol tcp global current-interface www inside 192.168.30.100 wwwnat server protocol tcp global current-interface telnet inside 192.168.12.1 telnetnat outbound 2000
# //配置默认路由,通过easy-IP的方式让内网的用户可以访问公网
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
配置验证
测试PC1能不能telnet登录到R1
PC1不允许telnet到R1
PC2允许telnet到R1
测试所有PC是否都可以ping通公网
其他PC1,PC3,PC4自行测试,是都可以正常访问的
华为模拟器如何配置通过域名访问服务器
启动本地WEB服务器
配置client的DNS域名服务器地址
启动DNS域名服务器,并且配置相关的域名和IP地址
弹出下面这个对话框则表示成功访问到WEB服务器
测试ISP是否可以成功telnet登录到R1
可以成功访问到R1
