前言简介
由于华为近几年在国内的市场越来越大,网络工程师中的组网技术的题目都由思科变为了华为,所以华为的设备还是有必要学习一下的了;本文用华为提供的eNSP模拟器模拟出了可以用于校园/企业网络的规划与设计实现。同时也可以作为大学生的学期课程设计,由于本文章只提供在设计过程中的关键技术与设计笔记(可根据以下所提供的设计与实现步骤一步一步自行实现(每一条命令都是关键的命令) ;但是如果有需要的也可以根据以下地址进行下载完整的topo图和完整的配置进行参考与借鉴,在配置完整的情况这下可以多display查看相关的配置进行参考,具体的下载连接如下: 基于ensp的千人冗余型校园/企业网络规划与设计
一、设计要求与设计topo图
拓扑图共有两个,图2与图1的区别在与设计了一个无线网络设计,原因是在本人的电脑有点次,不能同时运行有线和无线网络;启动了无线网络设计,有线网络的PC机DHCP获取不到地址;启动了有线网络,这是无线网络又一直卡着。 但是经过测试,无线网路是可以访问外网百度5.5.5.5的网络,也可以访问到内网。 拓扑图1: 拓扑图2:加一个无线网路规划,让无线上网用户用户也可以访问外网 以上的冗余型网络topo图是由以下这个非冗余型的网络topo图进行改进而得来的,如果各位朋友 还 想了解以下这个非冗余型的网络topo请参考以下文章链接进行参考配置,文章链接如下:基于eNSP的千人中型校园/企业网络设计与规划(可以自己按步骤实现)_该篇文章中就不再对以下这个非冗余型的网络规划图做相应的介绍和配置等 设计需求:
1 配置vlan trunk 两台核心之间配置链路捆绑 2 配置MSTP+VRRP 实现流量负载分担同时实现冗余,并配置相关stp优化技术加快stp收敛,并减少stp震荡 3 配置OSPF和静态实现三层路由,确保分支可以访问总部 4 所有用户采用动态获取ip地址,并配置相关dhcp安全技术 5 联通作为主出口 电信PPPOE作为备份出口 6 禁止vlan5 用户访问外网 7 将server 200.2 80端口映射成联通公网地址 8 所有交换机都可以被远程telnet(huawei 5555) 9 在规划中加入无线网络的设计,并用连通作为主要的路径,电信作为备份路劲
二、需求分析
我们用到的设计思想就是根据交换机的三层架构来设计,核心层进行高速转发、冗余、均衡;汇聚层进行策略控制ACL、VLAN、Qos、分组过滤、路由选择、组播管理;最后的接入层给用户接入,多端口、用户访问控制;利用VRRP_MSTP对网络链路和设备进行冗余备份和负载均衡;设置了两个出口,电信用PPPoE拨号上网(比较廉价且不用就浪费了)
三、设计要求与前提
1)提前好由华为提供的eNSP模拟器软件(安装eNSP的前提需要先安装:VirtualBox、WinPcap、Wireshark这个三个软件作为底层的软件) 2)电脑的配置内存尽量都在8GB及以上的内存 3)提前掌握一些网络设计与规划的这些单个技术的使用 4)该综合实验使用到的关键技术有:DHCP、OSPF、RIP、NAT、Telnet、ACL、静态路由、vlan划分、VRRP+MSTP、BFD路由联动、NAT server地址映射、PPPoE、DHCP中继、Eth-Trunk、无线WLAN等关键技术及其相关配置 5)实验用到的网络设备有:S3700交换机、S5700交换机、Router路由器、Router3260路由器、Server服务器、Client客户端、AC6605控制器、AP9131无线访问接入点、STA笔记本 6)设备的名称规则,如HX_SW1代表核心层交换机SW1;HJ_SW2表示汇聚交换机SW3;JR_SW5表示接入交换机SW5; DX_R2、LT_R3、FZ-R4就分别表示电信、联通、分支路由器 (如果是拿到了该topo图的,虽然设备也改了和注释一样了但是设备名称一律还是以蓝色和红色填充的标注的为准)
四、网络topo分析及其规划
网络拓扑(Network Topology)结构是指用传输介质互连各种设备的物理布局。指构成网络的成员间特定的物理的即真实的、或者逻辑的即虚拟的排列方式。如果两个网络的连接结构相同我们就说它们的网络拓扑相同,尽管它们各自内部的物理接线、节点间距离可能会有不同。网络设计中冗余备份和负载均衡的核心技术就需要用到VRRP+MSTP关键技术;用户自动获取IP地址当然需要开启DHCP(集合负载均衡这要求使用的时候DHCP中继为用户分配IP地址)。。。。。。
五、设计与实现
基础配置比如vlan划分和Eth-Trunk等的底层配置比较繁琐如下
1、VLAN Trunk配置
HJ_SW3:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HJ_SW3
[HJ_SW3]int Eth-Trunk 1
[HJ_SW3-Eth-Trunk1]mode lacp-static
[HJ_SW3-Eth-Trunk1]trunkport e0/0/4
[HJ_SW3-Eth-Trunk1]trunkport e0/0/5
------------------------------------
JR_SW6:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW6
[JR_SW6]int Eth-Trunk 1
[JR_SW6-Eth-Trunk1]mode lacp-static
[JR_SW6-Eth-Trunk1]trunkport e0/0/1
[JR_SW6-Eth-Trunk1]trunkport e0/0/3
------------------------------------
HX_SW1:
<Huawei>syS
[Huawei]un in en
[Huawei]sysname HX_SW1
[HX_SW1]int Eth-Trunk 2
[HX_SW1-Eth-Trunk2]mode lacp-static
[HX_SW1-Eth-Trunk2]trunkport g0/0/2
[HX_SW1-Eth-Trunk2]trunkport g0/0/3
------------------------------------
HX_SW2:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname HX_SW2
[HX_SW2]int Eth-Trunk 2
[HX_SW2-Eth-Trunk2]mode lacp-static
[HX_SW2-Eth-Trunk2]trunkport g0/0/1
[HX_SW2-Eth-Trunk2]trunkport g0/0/2
[HX_SW2-Eth-Trunk2]q
[HX_SW2]dis eth-trunk
2、vlan的底层配置
JR_SW5:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW5
[JR_SW5]vlan batch 2 to 5 900
[JR_SW5]int e0/0/2
[JR_SW5-Ethernet0/0/2]port link-type access
[JR_SW5-Ethernet0/0/2]port default vlan 2
[JR_SW5-Ethernet0/0/2]q
[JR_SW5]int e0/0/1
[JR_SW5-Ethernet0/0/1]port link-type trunk
[JR_SW5-Ethernet0/0/1]port trunk allow-pass vlan 2 900
------------------------------------
JR_SW6:
[JR_SW6]vlan ba
[JR_SW6]vlan batch 2 to 5 900
[JR_SW6]int e0/0/2
[JR_SW6-Ethernet0/0/2]port link-type access
[JR_SW6-Ethernet0/0/2]port default vlan 3
[JR_SW6-Ethernet0/0/2]q
[JR_SW6]int Eth-Trunk 1
[JR_SW6-Eth-Trunk1]port link-type trunk
[JR_SW6-Eth-Trunk1]port trunk allow-pass vlan 3 900
[JR_SW6-Eth-Trunk1]q
[JR_SW6]
------------------------------------
HJ_SW3:
[HJ_SW3]vlan batch 2 to 5 200 900
[HJ_SW3]int e0/0/3
[HJ_SW3-Ethernet0/0/3]port link-type trunk
[HJ_SW3-Ethernet0/0/3]port trunk allow-pass vlan 2 900
[HJ_SW3-Ethernet0/0/3]q
[HJ_SW3]int Eth-Trunk 1
[HJ_SW3-Eth-Trunk1]port link-type trunk
[HJ_SW3-Eth-Trunk1]port trunk allow-pass vlan 3 900
[HJ_SW3-Eth-Trunk1]qui
[HJ_SW3]int e0/0/1
[HJ_SW3-Ethernet0/0/1]port link-type trunk
[HJ_SW3-Ethernet0/0/1]port trunk allow-pass vlan 2 to 3 900
[HJ_SW3-Ethernet0/0/1]q
[HJ_SW3]int e0/0/2
[HJ_SW3-Ethernet0/0/2]port link-type trunk
[HJ_SW3-Ethernet0/0/2]port trunk allow-pass vlan 2 to 3 900
[HJ_SW3-Ethernet0/0/2]q
------------------------------------
JR_SW7:
<Huawei>sys
[Huawei]un in en
[Huawei]sysname JR_SW7
[JR_SW7]vlan batch 2 to 5 900
[JR_SW7]int e0/0/2
[JR_SW7-Ethernet0/0/2]port link-type access
[JR_SW7-Ethernet0/0/2]port default vlan 4
[JR_SW7-Ethernet0/0/2]int e0/0/3
[JR_SW7-Ethernet0/0/3]port link-type access
[JR_SW7-Ethernet0/0/3]port default vlan 5
[JR_SW7-Ethernet0/0/3]int e0/0/1
[JR_SW7-Ethernet0/0/1]port link-type trunk
[JR_SW7-Ethernet0/0/1]port trunk allow-pass vlan 4 5 900
------------------------------------
HJ_SW4:
<Huawei>sys
[Huawei]sysname HJ_SW4
[HJ_SW4]vlan batch 2 to 5 900
[HJ_SW4]int e0/0/3
[HJ_SW4-Ethernet0/0/3]port link-type trunk
[HJ_SW4-Ethernet0/0/3]port trunk allow-pass vlan 4 5 900
[HJ_SW4-Ethernet0/0/3]int e0/0/1
[HJ_SW4-Ethernet0/0/1]port link-type trunk
[HJ_SW4-Ethernet0/0/1]port trunk allow-pass vlan 4 to 5 900
[HJ_SW4-Ethernet0/0/1]int e0/0/2
[HJ_SW4-Ethernet0/0/2]port link-type trunk
[HJ_SW4-Ethernet0/0/2]port trunk allow-pass vlan 4 to 5 900
[HJ_SW4-Ethernet0/0/2]q
------------------------------------
JR_SW8:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname JR_SW8
[JR_SW8]vlan batch 2 to 5 200 900
[JR_SW8]int e0/0/3
[JR_SW8-Ethernet0/0/3]port link-type access
[JR_SW8-Ethernet0/0/3]port default vlan 200
[JR_SW8-Ethernet0/0/3]int e0/0/4
[JR_SW8-Ethernet0/0/4]port link-type access
[JR_SW8-Ethernet0/0/4]port default vlan 200
[JR_SW8-Ethernet0/0/4]q
[JR_SW8]port-group g e 0/0/1 e 0/0/2
[JR_SW8-port-group]port link-type trunk
[JR_SW8-port-group]port trunk allow-pass vlan 200 900
------------------------------------
XH_SW1:
<HX_SW1>sy
[HX_SW1]vlan batch 2 to 5 200 800 900
[HX_SW1]int g0/0/5
[HX_SW1-GigabitEthernet0/0/5]port link-type trunk
[HX_SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 200 900
[HX_SW1-GigabitEthernet0/0/5]dis this
[HX_SW1-GigabitEthernet0/0/5]int g0/0/1
[HX_SW1-GigabitEthernet0/0/1]port link-type trunk
[HX_SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 900
[HX_SW1-GigabitEthernet0/0/1]dis this
[HX_SW1-GigabitEthernet0/0/1]int g0/0/4
[HX_SW1-GigabitEthernet0/0/4]port link-type trunk
[HX_SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 5 900
[HX_SW1-GigabitEthernet0/0/4]dis this
[HX_SW1-GigabitEthernet0/0/4]q
[HX_SW1]int Eth-Trunk 2
[HX_SW1-Eth-Trunk2]dis this
[HX_SW1-Eth-Trunk2]port link-type trunk
[HX_SW1-Eth-Trunk2]port trunk allow-pass vlan 2 3 4 5 200 900
[HX_SW1-Eth-Trunk2]dis this
[HX_SW1-Eth-Trunk2]int g0/0/6
[HX_SW1-GigabitEthernet0/0/6]port link-type access
[HX_SW1-GigabitEthernet0/0/6]port default vlan 800
[HX_SW1-GigabitEthernet0/0/6]dis this
------------------------------------
3、MSTP多生成树配置
HX_SW1:
[HX_SW1]stp region-configuration
[HX_SW1-mst-region]instance 1 vlan 2 3 200
[HX_SW1-mst-region]region-name aa
[HX_SW1-mst-region]revision-level 1
[HX_SW1-mst-region]instance 2 vlan 4 5
[HX_SW1-mst-region]active region-configuration
[HX_SW1-mst-region]dis this
[HX_SW1]stp instance 1 root primary
[HX_SW1]stp instance 2 root secondary
[HX_SW1]dis this
------------------------------------
HX_SW2:
[HX_SW2]stp region-configuration
[HX_SW2-mst-region] region-name aa
[HX_SW2-mst-region] revision-level 1
[HX_SW2-mst-region] instance 1 vlan 2 to 3 200
[HX_SW2-mst-region] instance 2 vlan 4 to 5
[HX_SW2-mst-region] active region-configuration
[HX_SW2-mst-region]qui
[HX_SW2]stp instance 2 root primary
[HX_SW2]stp instance 1 root secondary
[HX_SW2]dis this
------------------------------------
JR_SW8:
<JR_SW8>sy
[JR_SW8]stp region-configuration
[JR_SW8-mst-region] region-name aa
[JR_SW8-mst-region] revision-level 1
[JR_SW8-mst-region] instance 1 vlan 2 to 3 200
[JR_SW8-mst-region] instance 2 vlan 4 to 5
[JR_SW8-mst-region] active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[JR_SW8-mst-region]q
[JR_SW8]
------------------------------------
HJ_SW3:
[HJ_SW3]stp region-configuration
[HJ_SW3-mst-region] region-name aa
[HJ_SW3-mst-region] revision-level 1
[HJ_SW3-mst-region] instance 1 vlan 2 to 3 200
[HJ_SW3-mst-region] instance 2 vlan 4 to 5
[HJ_SW3-mst-region] active region-configuratio
[HJ_SW3-mst-region]qui
[HJ_SW3]dis stp br
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 ALTE DISCARDING NONE
1 Ethernet0/0/3 DESI FORWARDING NONE
1 Eth-Trunk1 DESI FORWARDING NONE
------------------------------------
HJ_SW4:
[HJ_SW4]stp region-configuration
[HJ_SW4-mst-region] region-name aa
[HJ_SW4-mst-region] revision-level 1
[HJ_SW4-mst-region] instance 1 vlan 2 to 3 200
[HJ_SW4-mst-region] instance 2 vlan 4 to 5
[HJ_SW4-mst-region] active region-configuration
[HJ_SW4-mst-region]q
[HJ_SW4]dis stp br
MSTID Port Role STP State Protection
2 Ethernet0/0/1 ROOT FORWARDING NONE
2 Ethernet0/0/2 ALTE DISCARDING NONE
2 Ethernet0/0/3 MAST FORWARDING NONE
4、VRRP网关冗余配置
HX_SW1:
[HX_SW1]int Vlanif 2
[HX_SW1-Vlanif2]ip add 192.168.2.254 24
[HX_SW1-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1
[HX_SW1-Vlanif2]vrrp vrid 2 priority 105
[HX_SW1-Vlanif2]dis this
[HX_SW1-Vlanif2]q
[HX_SW1]int Vlanif 3
[HX_SW1-Vlanif3]ip add 192.168.3.254 24
[HX_SW1-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1
[HX_SW1-Vlanif3]vrrp vrid 3 priority 105
[HX_SW1-Vlanif3]dis this
[HX_SW1-Vlanif3]qui
[HX_SW1]int Vlanif 200
[HX_SW1-Vlanif200]ip add 192.168.200.254 24
[HX_SW1-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW1-Vlanif200]vrrp vrid 200 priority 105
[HX_SW1-Vlanif200]qui
[HX_SW1]int Vlanif 4
[HX_SW1-Vlanif4]ip add 192.168.4.254 24
[HX_SW1-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_SW1-Vlanif4]q
[HX_SW1]int Vlanif 5
[HX_SW1-Vlanif5]ip add 192.168.5.254 24
[HX_SW1-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_SW1-Vlanif5]q
[HX_SW1]int Vlanif 800
[HX_SW1-Vlanif800]ip add 192.168.12.2 24
[HX_SW1-Vlanif800]q
------------------------------------
HX_SW2:
[HX_SW2]int Vlanif 4
[HX_SW2-Vlanif4]ip add 192.168.4.253 24
[HX_SW2-Vlanif4]vrrp vrid 4 virtual-ip 192.168.4.1
[HX_SW2-Vlanif4]vrrp vrid 4 priority 105
[HX_SW2-Vlanif4]q
[HX_SW2]int vlanif 5
[HX_SW2-Vlanif5]ip add 192.168.5.253 24
[HX_SW2-Vlanif5]vrrp vrid 5 virtual-ip 192.168.5.1
[HX_SW2-Vlanif5]vrrp vrid 5 priority 105
[HX_SW2-Vlanif5]q
[HX_SW2]int vlanif 2
[HX_SW2-Vlanif2]ip add 192.168.2.253 24
[HX_SW2-Vlanif2]vrrp vrid 2 virtual-ip 192.168.2.1
[HX_SW2-Vlanif2]q
[HX_SW2]int vlanif 3
[HX_SW2-Vlanif3]ip add 192.168.3.253 24
[HX_SW2-Vlanif3]vrrp vrid 3 virtual-ip 192.168.3.1
[HX_SW2-Vlanif3]dis this
[HX_SW2-Vlanif3]q
[HX_SW2]int vlanif 200
[HX_SW2-Vlanif200]ip add 192.168.200.253 24
[HX_SW2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.1
[HX_SW2-Vlanif200]q
[HX_SW2]int Vlanif 801
[HX_SW2-Vlanif801]ip add 192.168.23.2 24
[HX_SW2-Vlanif801]q
------------------------------------
5、验证VRRP网关冗余的配置
HX_SW1:
<HX_SW1>dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
2 Master Vlanif2 Normal 192.168.2.1
3 Master Vlanif3 Normal 192.168.3.1
4 Backup Vlanif4 Normal 192.168.4.1
5 Backup Vlanif5 Normal 192.168.5.1
200 Master Vlanif200 Normal 192.168.200.1
----------------------------------------------------------------
Total:5 Master:3 Backup:2 Non-active:0
<HX_SW1>
------------------------------------
HX_SW2:
<HX_SW2>dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
2 Backup Vlanif2 Normal 192.168.2.1
3 Backup Vlanif3 Normal 192.168.3.1
4 Master Vlanif4 Normal 192.168.4.1
5 Master Vlanif5 Normal 192.168.5.1
200 Backup Vlanif200 Normal 192.168.200.1
----------------------------------------------------------------
Total:5 Master:2 Backup:3 Non-active:0
<HX_SW2>
手动给PC配置IP地址访问网关,如给vlan3下的PC配置 IP:192.168.3.3 GW:192.168.3.1 测试访问网关,ping 192.168.3.1通了即可
6、BFD路由联动
HX_SW1:
[HX_SW1]bfd
[HX_SW1-bfd]qui
[HX_SW1]bfd test1 bind peer-ip 192.168.12.1 source-ip 192.168.12.2 auto
[HX_SW1-bfd-session-test1]commit
[HX_SW1-bfd-session-test1]qui
[HX_SW1]dis bfd session all
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 192.168.12.1 Up S_AUTO_PEER -
[HX_SW1]int Vlanif 2
[HX_SW1-Vlanif2]vrrp vrid 2 track bfd-session session-name test1
[HX_SW1-Vlanif2]vrrp vrid 2 track int g0/0/1
[HX_SW1-Vlanif2]dis this
#
interface Vlanif2
ip address 192.168.2.254 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.1
vrrp vrid 2 priority 105
vrrp vrid 2 track interface GigabitEthernet0/0/1
vrrp vrid 2 track bfd-session session-name test1
#
return
[HX_SW1-Vlanif2]q
[HX_SW1]int vlanif 3
[HX_SW1-Vlanif3]vrrp vrid 3 track bfd-session session-name test1
[HX_SW1-Vlanif3]vrrp vrid 3 track int g0/0/1
[HX_SW1-Vlanif3]q
[HX_SW1]int vlan 200
[HX_SW1-Vlanif200]vrrp vrid 200 track bfd-session session-name test1
[HX_SW1-Vlanif200]vrrp vrid 200 track int g0/0/1
[HX_SW1-Vlanif200]
------------------------------------
R1:
<Huawei>sys
[Huawei]sysname R1
[R1]un in en
[R1]bfd
[R1-bfd]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.12.1 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.23.1 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip add 12.1.1.1 24
[R1-GigabitEthernet0/0/2]int g1/0/0
[R1-GigabitEthernet1/0/0]ip add 13.1.1.1 24
[R1-GigabitEthernet1/0/0]int g2/0/0
[R1-GigabitEthernet2/0/0]ip add 14.1.1.1 24
[R1-GigabitEthernet2/0/0]qui
[R1]bfd test1 bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
[R1-bfd-session-test1]commit
[R1-bfd-session-test1]qui
[R1]bfd test1
[R1-bfd-session-test1]dis this
[V200R003C00]
#
bfd test1 bind peer-ip 192.168.12.2 source-ip 192.168.12.1 auto
commit
#
return
[R1-bfd-session-test1]qui
[R1]bfd test2 bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
[R1-bfd-session-test2]commit
[R1-bfd-session-test2]dis this
[V200R003C00]
#
bfd test2 bind peer-ip 192.168.23.2 source-ip 192.168.23.1 auto
commit
#
return
[R1-bfd-session-test2]return
<R1>dis bfd session all
Local Remote PeerIpAddr State Type InterfaceName
8193 8192 192.168.23.2 Up S_AUTO_PEER -
8194 8192 192.168.12.2 Up S_AUTO_PEER -
<R1>
------------------------------------
HX_SW2:
[HX_SW2]bfd
[HX_SW2-bfd]q
[HX_SW2]bfd test2 bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto
[HX_SW2-bfd-session-test2]commit
[HX_SW2-bfd-session-test2]dis this
#
bfd test2 bind peer-ip 192.168.23.1 source-ip 192.168.23.2 auto
commit
#
return
[HX_SW2-bfd-session-test2]q
[HX_SW2]
[HX_SW2]dis bfd session all
[HX_SW2]int vlanif 4
[HX_SW2-Vlanif4]vrrp vrid 4 track bfd-session session-name test2
[HX_SW2-Vlanif4]vrrp vrid 4 track int g0/0/4
[HX_SW2-Vlanif4]q
[HX_SW2]int vlan 5
[HX_SW2-Vlanif5]vrrp vrid 5 track int g0/0/4
[HX_SW2-Vlanif5]vrrp vrid 5 track bfd-session session-name test2
[HX_SW2-Vlanif5]qui
[HX_SW2]
7、OSPF配置
HX_SW1:
[HX_SW1]ospf 1
[HX_SW1-ospf-1]area 0
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
------------------------------------
HX_SW2:
[HX_SW2]ospf 1
[HX_SW2-ospf-1]area 0
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.2.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.3.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.4.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.5.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.200.0 0.0.0.255
[HX_SW2-ospf-1-area-0.0.0.0]net 192.168.23.0 0.0.0.255
------------------------------------
LT_R3:
<Huawei>sy
[Huawei]sysname LT_R3
[LT_R3]un in en
[LT_R3]int g0/0/0
[LT_R3-GigabitEthernet0/0/0]q
[LT_R3]int e0/0/0
[LT_R3-Ethernet0/0/0]ip add 13.1.1.2 24
------------------------------------
FZ_R4:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname FZ_R4
[FZ_R4]int e0/0/0
[FZ_R4-Ethernet0/0/0]ip add 14.1.1.2 24
[FZ_R4-Ethernet0/0/0]q
[FZ_R4]int e0/0/1
[FZ_R4-Ethernet0/0/1]ip add 192.168.100.1 24
[FZ_R4-Ethernet0/0/1]q
[FZ_R4]ospf 1
[FZ_R4-ospf-1]area 0
[FZ_R4-ospf-1-area-0.0.0.0]net 14.1.1.0 0.0.0.255
[FZ_R4-ospf-1-area-0.0.0.0]net 192.168.100.0 0.0.0.255
[FZ_R4-ospf-1-area-0.0.0.0]qui
[FZ_R4-ospf-1]qui
------------------------------------
R1:
<R1>sy
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/2
ip address 12.1.1.1 255.255.255.0
#
return
[R1-GigabitEthernet0/0/2]undo ip address 12.1.1.1 255.255.255.0
[R1-GigabitEthernet0/0/2]qui
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 192.168.12.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 192.168.23.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 14.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]dis this
------------------------------------
DHCP:
<Huawei>sy
[Huawei]sysname DHCP
[DHCP]un in en
[DHCP]int e0/0/0
[DHCP-Ethernet0/0/0]ip add 192.168.200.3 24
[DHCP-Ethernet0/0/0]qui
[DHCP]ip route-static 0.0.0.0 0 192.168.200.1
------------------------------------
检测:
FZ_R4:
[FZ_R4]dis ip routing-table
Destination/Mask Proto Pre Cost Flags NextHop Interface
14.1.1.0/24 Direct 0 0 D 14.1.1.2 Ethernet0/0/0
14.1.1.2/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.2.1/32 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.3.0/24 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.3.1/32 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.4.0/24 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.4.1/32 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.5.0/24 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.5.1/32 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.12.0/24 OSPF 10 2 D 14.1.1.1 Ethernet0/0/0
192.168.23.0/24 OSPF 10 2 D 14.1.1.1 Ethernet0/0/0
192.168.100.0/24 Direct 0 0 D 192.168.100.1 Ethernet0/0/1
192.168.100.1/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/1
192.168.200.0/24 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
192.168.200.1/32 OSPF 10 3 D 14.1.1.1 Ethernet0/0/0
------------------------------------
这时PC通过ping 192.168.100.2就可以通
这时PC通过ping 192.168.200.2也可以通
这时PC通过ping 192.168.200.3也可以通
分支去访问总部服务器也可以通
8、RIP协议配置
DX_R2:
<DX_R2>syS
[DX_R2]int g0/0/1
[DX_R2-GigabitEthernet0/0/1]ip add 25.1.1.2 24
[DX_R2-GigabitEthernet0/0/1]q
[DX_R2]rip
[DX_R2-rip-1]version 2
[DX_R2-rip-1]net 12.0.0.0
[DX_R2-rip-1]net 25.0.0.0
------------------------------------
LT_R3:
<LT_R3>sy
[LT_R3]int e0/0/1
[LT_R3-Ethernet0/0/1]ip add 35.1.1.1 24
[LT_R3-Ethernet0/0/1]ip add 35.1.1.3 24
[LT_R3-Ethernet0/0/1]qui
[LT_R3]dis ip int br
[LT_R3]rip
[LT_R3-rip-1]version 2
[LT_R3-rip-1]net 13.0.0.0
[LT_R3-rip-1]net 35.0.0.0
[LT_R3-rip-1]qui
------------------------------------
R5:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname R5
[R5]int e0/0/0
[R5-Ethernet0/0/0]ip add 25.1.1.5 24
[R5-Ethernet0/0/0]int e0/0/1
[R5-Ethernet0/0/1]ip add 35.1.1.5 24
[R5-Ethernet0/0/1]q
[R5]int LoopBack 0
[R5-LoopBack0]ip add 5.5.5.5 24
[R5-LoopBack0]dis ip int br
[R5-LoopBack0]qui
[R5]rip
[R5-rip-1]version 2
[R5-rip-1]net 25.0.0.0
[R5-rip-1]net 35.0.0.0
[R5-rip-1]net 5.0.0.0
测试:R2这个时候就已经可以访问 5.5.5.5了
9、NAT转换配置(走联通的,电信做PPPoE)
HX_SW1:
[HX_SW1]ip route-static 0.0.0.0 0 192.168.12.1
[HX_SW1]ip route-static 0.0.0.0 0 192.168.23.1 preference 65
------------------------------------
HX_SW2:
[HX_SW2]ip route-static 0.0.0.0 0 192.168.23.1
[HX_SW2]ip route-static 0.0.0.0 0 192.168.12.1 preference 65
------------------------------------
R1:
[R1]ip route-static 0.0.0.0 0 13.1.1.2 description liantong
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2000]int g1/0/0
[R1-GigabitEthernet1/0/0]nat outbound 2000
[R1-GigabitEthernet1/0/0]dis this
ospf开销调整:
SW1:
[HX_SW1]int vlanif 4
[HX_SW1-Vlanif4]ospf cost 4
[HX_SW1-Vlanif4]int vlanif 5
[HX_SW1-Vlanif5]ospf cost 4
[HX_SW1-Vlanif5]qui
SW2:
[HX_SW2]int vlanif 2
[HX_SW2-Vlanif2]ospf cost 4
[HX_SW2-Vlanif2]int vlanif 3
[HX_SW2-Vlanif3]ospf cost 4
[HX_SW2-Vlanif3]int vlanif 200
[HX_SW2-Vlanif200]ospf cost 4
[HX_SW2-Vlanif200]qui
10、DHCP中继
DHCP:
<DHCP>sy
[DHCP]dhcp enable
[DHCP]ip pool vlan2
[DHCP-ip-pool-vlan2]network 192.168.2.0 mask 24
[DHCP-ip-pool-vlan2]gateway-list 192.168.2.1
[DHCP-ip-pool-vlan2]dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan2]excluded-ip-address 192.168.2.250 192.168.2.254
[DHCP-ip-pool-vlan2]dis this
#
ip pool vlan2
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
excluded-ip-address 192.168.2.250 192.168.2.254
dns-list 114.114.114.114 8.8.8.8
#
return
[DHCP-ip-pool-vlan2]q
[DHCP]ip pool vlan3
[DHCP-ip-pool-vlan3] gateway-list 192.168.3.1
[DHCP-ip-pool-vlan3] network 192.168.3.0 mask 255.255.255.0
[DHCP-ip-pool-vlan3] dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan3]excluded-ip-address 192.168.3.250 192.168.3.254
[DHCP-ip-pool-vlan3]q
[DHCP]ip pool vlan4
[DHCP-ip-pool-vlan4] gateway-list 192.168.4.1
[DHCP-ip-pool-vlan4] network 192.168.4.0 mask 255.255.255.0
[DHCP-ip-pool-vlan4] dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan4]excluded-ip-address 192.168.4.250 192.168.4.254
[DHCP-ip-pool-vlan4]q
[DHCP]ip pool vlan5
[DHCP-ip-pool-vlan5] gateway-list 192.168.5.1
[DHCP-ip-pool-vlan5] network 192.168.5.0 mask 255.255.255.0
[DHCP-ip-pool-vlan5] dns-list 114.114.114.114 8.8.8.8
[DHCP-ip-pool-vlan5]excluded-ip-address 192.168.5.250 192.168.5.254
[DHCP-ip-pool-vlan5]dis this
#
ip pool vlan5
gateway-list 192.168.5.1
network 192.168.5.0 mask 255.255.255.0
excluded-ip-address 192.168.5.250 192.168.5.254
dns-list 114.114.114.114 8.8.8.8
#
return
[DHCP-ip-pool-vlan5]q
[DHCP]int e0/0/0
[DHCP-Ethernet0/0/0]dhcp select global
[DHCP-Ethernet0/0/0]dis this
[DHCP-Ethernet0/0/0]qui
------------------------------------
HX_SW1:
[HX_SW1]dhcp enable
[HX_SW1]int vlanif2
[HX_SW1-Vlanif2]dhcp select relay
[HX_SW1-Vlanif2]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif2]dis this
[HX_SW1-Vlanif2]int vlanif3
[HX_SW1-Vlanif3]dhcp select relay
[HX_SW1-Vlanif3]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif3]int vlanif4
[HX_SW1-Vlanif4]dhcp select relay
[HX_SW1-Vlanif4]dhcp relay server-ip 192.168.200.3
[HX_SW1-Vlanif4]int vlanif5
[HX_SW1-Vlanif5]dhcp select relay
[HX_SW1-Vlanif5]dhcp relay server-ip 192.168.200.3
------------------------------------
HX_SW2:
[HX_SW2]dhcp enable
[HX_SW2]int vlanif2
[HX_SW2-Vlanif2] dhcp select relay
[HX_SW2-Vlanif2] dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif2]int vlan3
[HX_SW2-Vlanif3] dhcp select relay
[HX_SW2-Vlanif3] dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif3]int vlan4
[HX_SW2-Vlanif4] dhcp select relay
[HX_SW2-Vlanif4] dhcp relay server-ip 192.168.200.3
[HX_SW2-Vlanif4]int vlanif 5
[HX_SW2-Vlanif5] dhcp select relay
[HX_SW2-Vlanif5] dhcp relay server-ip 192.168.200.3
11、PPPoE点对点配置
JR_SW5:
[JR_SW5]dhcp enable
[JR_SW5]dhcp snooping enable
[JR_SW5]vlan 2
[JR_SW5-vlan2]dhcp snooping enable
[JR_SW5-vlan2]q
[JR_SW5]int e0/0/1
[JR_SW5-Ethernet0/0/1]dhcp snooping trusted
------------------------------------
JR_SW6:
[JR_SW6]dhcp enable
[JR_SW6]dhcp snooping enable
[JR_SW6]vlan 3
[JR_SW6-vlan3]dhcp snooping enable
[JR_SW6-vlan3]q
[JR_SW6]int Eth-Trunk 1
[JR_SW6-Eth-Trunk1]dhcp snooping trusted
[JR_SW6-Eth-Trunk1]dis this
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 3 900
mode lacp-static
dhcp snooping trusted
#
return
[JR_SW6-Eth-Trunk1]q
------------------------------------
JR_SW7:
[JR_SW7]dhcp enable
[JR_SW7]dhcp snooping enable
[JR_SW7]vlan 4
[JR_SW7-vlan4]dhcp snooping enable
[JR_SW7-vlan4]vlan 5
[JR_SW7-vlan5]dhcp snooping enable
[JR_SW7-vlan5]int e0/0/1
[JR_SW7-Ethernet0/0/1]dhcp snooping trusted
[JR_SW7-Ethernet0/0/1]dis this
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 4 to 5 900
dhcp snooping trusted
#
return
[JR_SW7-Ethernet0/0/1]q
------------------------------------
R1:
[R1]acl 2001
[R1-acl-basic-2001]rule permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2001]qui
[R1]interface Dialer 1
[R1-Dialer1]link-protocol ppp
[R1-Dialer1]ip address ppp-negotiate
[R1-Dialer1]ppp pap local-user 5555 password simple 123456
[R1-Dialer1]dialer user 5555
[R1-Dialer1]dialer bundle 2
[R1-Dialer1]nat outbound 2001
[R1-Dialer1]qui
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 2
[R1-GigabitEthernet0/0/2]quit
[R1]ip route-static 0.0.0.0 0 Dialer 1 preference 85 description dianxin
[R1]dis this
[R1]int Dialer 1
[R1-Dialer1]dis this
[V200R003C00]
#
interface Dialer1
link-protocol ppp
ppp pap local-user 5555 password simple 123456
ip address ppp-negotiate
dialer user 5555
dialer bundle 2
nat outbound 2001
#
return
[R1-Dialer1]mtu 1492
[R1-Dialer1]qui
------------------------------------
DX_R2:
[DX_R2]ip pool pool1
[DX_R2-ip-pool-pool1]network 12.1.1.0 mask 24
[DX_R2-ip-pool-pool1]gateway-list 12.1.1.2
[DX_R2-ip-pool-pool1]qui
[DX_R2]aaa
[DX_R2-aaa]local-user 5555 password cipher 123456
[DX_R2-aaa]local-user 5555 service-type ppp
[DX_R2-aaa]qui
[DX_R2]interface Virtual-Template 1
[DX_R2-Virtual-Template1]ppp authentication-mode pap
[DX_R2-Virtual-Template1]remote address pool pool1
[DX_R2-Virtual-Template1]ip address 12.1.1.2 255.255.255.0
[DX_R2-Virtual-Template1]dis this
[DX_R2-Virtual-Template1]qui
[DX_R2]int g0/0/0
[DX_R2-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
[DX_R2-GigabitEthernet0/0/0]
12、出口配置
让电信的pppoe作为联通的备份出口(已经配置了)(优先级)R1:
ip route-static 0.0.0.0 0.0.0.0 13.1.1.2 description liantong
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 85 description dianxin
13、NAT server地址映射
R1:
[R1]int g1/0/0
[R1-GigabitEthernet1/0/0]nat server protocol tcp global current-interface 80 inside 192.168.200.2 80
Are you sure to continue?[Y/N]:y
[R1-GigabitEthernet1/0/0]dis this
[V200R003C00]
#
interface GigabitEthernet1/0/0
ip address 13.1.1.1 255.255.255.0
nat server protocol tcp global current-interface www inside 192.168.200.2 www
nat outbound 2000
#
return
[R1-GigabitEthernet1/0/0]
------------------------------------
R5:
[R5]int LoopBack 0
[R5-LoopBack0]dis this
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
#
return
[R5-LoopBack0]undo ip add
[R5-LoopBack0]qui
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 5.5.5.1 24
[R5-GigabitEthernet0/0/0]q
[R5]
14、ACL策略路由配置
R1:
[R1]acl 3005
[R1-acl-adv-3005]rule permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
[R1-acl-adv-3005]rule deny ip source 192.168.5.0 0.0.0.255
[R1-acl-adv-3005]dis this
[V200R003C00]
#
acl number 3005
rule 5 permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.0 0.0.255.2
55
rule 10 deny ip source 192.168.5.0 0.0.0.255
#
return
[R1-acl-adv-3005]qui
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3005
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3005
[R1-GigabitEthernet0/0/0]qui
[R1]
15、Telnet远程配置
红色的地址是管理地址用的,所有的设备都相似(三层设备不用配置IP地址)
HX_SW1:
[HX_SW1]aaa
[HX_SW1-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW1-aaa]local-user huawei service-type telnet
[HX_SW1-aaa]qui
[HX_SW1]user-interface vty 0 4
[HX_SW1-ui-vty0-4]authentication-mode aaa
[HX_SW1-ui-vty0-4]protocol inbound telnet
[HX_SW1-ui-vty0-4]qui
[HX_SW1]int vlanif 900
[HX_SW1-Vlanif900]ip add 192.168.255.254 24
[HX_SW1-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW1-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.254 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW1-Vlanif900]q
------------------------------------
HX_SW2:
[HX_SW2]aaa
[HX_SW2-aaa]local-user huawei privilege level 3 password cipher 5555
[HX_SW2-aaa]local-user huawei service-type telnet
[HX_SW2-aaa]qui
[HX_SW2]user-interface vty 0 4
[HX_SW2-ui-vty0-4]authentication-mode aaa
[HX_SW2-ui-vty0-4]protocol inbound telnet
[HX_SW2-ui-vty0-4]qui
[HX_SW2]int vlanif 900
[HX_SW2-Vlanif900]ip add 192.168.255.253 24
[HX_SW2-Vlanif900]vrrp vrid 255 virtual-ip 192.168.255.1
[HX_SW2-Vlanif900]dis this
#
interface Vlanif900
ip address 192.168.255.253 255.255.255.0
vrrp vrid 255 virtual-ip 192.168.255.1
#
return
[HX_SW2-Vlanif900]q
------------------------------------
HJ_SW3:
[HJ_SW3]aaa
[HJ_SW3-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW3-aaa]local-user huawei service-type telnet
[HJ_SW3-aaa]qui
[HJ_SW3]user-interface vty 0 4
[HJ_SW3-ui-vty0-4]authentication-mode aaa
[HJ_SW3-ui-vty0-4]protocol inbound telnet
[HJ_SW3-ui-vty0-4]qui
[HJ_SW3]int vlanif 900
[HJ_SW3-Vlanif900]ip add 192.168.255.3 24
[HJ_SW3-Vlanif900]qui
[HJ_SW3]ip route-s 0.0.0.0 0 192.168.255.1
------------------------------------
HJ_SW4:
[HJ_SW4]aaa
[HJ_SW4-aaa]local-user huawei privilege level 3 password cipher 5555
[HJ_SW4-aaa]local-user huawei service-type telnet
[HJ_SW4-aaa]qui
[HJ_SW4]user-interface vty 0 4
[HJ_SW4-ui-vty0-4]authentication-mode aaa
[HJ_SW4-ui-vty0-4]protocol inbound telnet
[HJ_SW4-ui-vty0-4]qui
[HJ_SW4]int vlanif 900
[HJ_SW4-Vlanif900]ip add 192.168.255.4 24
[HJ_SW4-Vlanif900]qui
[HJ_SW4]ip route-static 0.0.0.0 0 192.168.255.1
------------------------------------
JR_SW5:
[JR_SW5]aaa
[JR_SW5-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW5-aaa]local-user huawei service-type telnet
[JR_SW5-aaa]qui
[JR_SW5]user-interface vty 0 4
[JR_SW5-ui-vty0-4]authentication-mode aaa
[JR_SW5-ui-vty0-4]protocol inbound telnet
[JR_SW5-ui-vty0-4]qui
[JR_SW5]int vlanif 900
[JR_SW5-Vlanif900]ip add 192.168.255.5 24
[JR_SW5-Vlanif900]qui
[JR_SW5]ip route-static 0.0.0.0 0 192.168.255.1
------------------------------------
JR_SW6:
[JR_SW6]aaa
[JR_SW6-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW6-aaa]local-user huawei service-type telnet
[JR_SW6-aaa]qui
[JR_SW6]user-interface vty 0 4
[JR_SW6-ui-vty0-4]authentication-mode aaa
[JR_SW6-ui-vty0-4]protocol inbound telnet
[JR_SW6-ui-vty0-4]qui
[JR_SW6]int vlanif 900
[JR_SW6-Vlanif900]ip add 192.168.255.6 24
[JR_SW6-Vlanif900]qui
[JR_SW6]ip route-static 0.0.0.0 0 192.168.255.1
------------------------------------
JR_SW7:
[JR_SW7]aaa
[JR_SW7-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW7-aaa]local-user huawei service-type telnet
[JR_SW7-aaa]qui
[JR_SW7]user-interface vty 0 4
[JR_SW7-ui-vty0-4]authentication-mode aaa
[JR_SW7-ui-vty0-4]protocol inbound telnet
[JR_SW7-ui-vty0-4]qui
[JR_SW7]int vlanif 900
[JR_SW7-Vlanif900]ip add 192.168.255.7 24
[JR_SW7-Vlanif900]qui
[JR_SW7]ip route-static 0.0.0.0 0 192.168.255.1
------------------------------------
JR_SW8:
[JR_SW8]aaa
[JR_SW8-aaa]local-user huawei privilege level 3 password cipher 5555
[JR_SW8-aaa]local-user huawei service-type telnet
[JR_SW8-aaa]qui
[JR_SW8]user-interface vty 0 4
[JR_SW8-ui-vty0-4]authentication-mode aaa
[JR_SW8-ui-vty0-4]protocol inbound telnet
[JR_SW8-ui-vty0-4]qui
[JR_SW8]int vlanif 900
[JR_SW8-Vlanif900]ip add 192.168.255.8 24
[JR_SW8-Vlanif900]qui
[JR_SW8]ip route-static 0.0.0.0 0 192.168.255.1
------------------------------------
R1:
[R1]aaa
[R1-aaa]local-user huawei privilege level 3 password cipher 5555
[R1-aaa]local-user huawei service-type telnet
[R1-aaa]qui
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]protocol inbound telnet
[R1-ui-vty0-4]qui
------------------------------------
FZ_R4:
[FZ_R4]aaa
[FZ_R4-aaa]local-user huawei privilege level 3 password cipher 5555
[FZ_R4-aaa]local-user huawei service-type telnet
[FZ_R4-aaa]qui
[FZ_R4]user-interface vty 0 4
[FZ_R4-ui-vty0-4]authentication-mode aaa
[FZ_R4-ui-vty0-4]protocol inbound telnet
[FZ_R4-ui-vty0-4]qui
------------------------------------
pc路由器:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname PC
[PC]dhcp enable
[PC]int e0/0/0
[PC-Ethernet0/0/0]ip add dhcp-alloc
[PC-Ethernet0/0/0]qui
16、配置无线网络
可能ap输入dis ip int br收到的地址硬是169.254开头的,这个时候就多等一会
AC:
<AC6605>sy
[AC6605]un in en
[AC6605]sysname AC
[AC]vlan batch 100 to 102
[AC]int g0/0/2
[AC-GigabitEthernet0/0/2]port link-type trunk
[AC-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[AC-GigabitEthernet0/0/2]qui
[AC]int Vlanif 100
[AC-Vlanif100]ip add 192.168.100.100 24
[AC-Vlanif100]qui
[AC]capwap source int vlanif100
[AC]wlan
[AC-wlan-view]ap-group name CYY
[AC-wlan-ap-group-CYY]q
[AC-wlan-view]regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1]country-code cn
[AC-wlan-regulate-domain-domain1]q
[AC-wlan-view]ap-group name CYY
[AC-wlan-ap-group-CYY]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-CYY]qui
[AC-wlan-view]qui
[AC]wlan
[AC-wlan-view]ap-group name YYC
[AC-wlan-ap-group-YYC]q
[AC-wlan-view]regulatory-domain-profile name domain2
[AC-wlan-regulate-domain-domain2]country-code cn
[AC-wlan-regulate-domain-domain2]q
[AC-wlan-view]ap-group name YYC
[AC-wlan-ap-group-YYC]regulatory-domain-profile domain2
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-YYC]qui
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc81-31c0
[AC-wlan-ap-0]ap-name area_0
[AC-wlan-ap-0]ap-group CYY
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0]qui
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 1 ap-mac 00e0-fc6a-4ad0
[AC-wlan-ap-1]ap-name area_1
[AC-wlan-ap-1]ap-group YYC
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-1]qui
[AC-wlan-view]qui
[AC]wlan
[AC-wlan-view]security-profile name A
[AC-wlan-sec-prof-A]security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-A]q
[AC-wlan-view]security-profile name X
[AC-wlan-sec-prof-X]security wpa2 psk pass-phrase huawei@123 aes
[AC-wlan-sec-prof-X]qui
[AC-wlan-view]ssid-profile name B
[AC-wlan-ssid-prof-B]ssid CYY-CYY
[AC-wlan-ssid-prof-B]q
[AC-wlan-view]ssid-profile name Y
[AC-wlan-ssid-prof-Y]ssid YYC-YYC
[AC-wlan-ssid-prof-Y]q
[AC-wlan-view]vap-profile name C
[AC-wlan-vap-prof-C]forward-mode tunnel
[AC-wlan-vap-prof-C]service-vlan vlan-id 101
[AC-wlan-vap-prof-C]security-profile A
[AC-wlan-vap-prof-C]ssid-profile B
[AC-wlan-vap-prof-C]qui
[AC-wlan-view]vap-profile name Z
[AC-wlan-vap-prof-Z]forward-mode tunnel
[AC-wlan-vap-prof-Z]service-vlan vlan-id 102
[AC-wlan-vap-prof-Z]security-profile X
[AC-wlan-vap-prof-Z]ssid-profile Y
[AC-wlan-vap-prof-Z]qui
[AC-wlan-view]ap-group name CYY
[AC-wlan-ap-group-CYY]vap-profile C wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-CYY] vap-profile C wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-CYY]qui
[AC-wlan-view]ap-group name YYC
[AC-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-YYC]vap-profile Z wlan 1 radio 1
------------------------------------
sw1:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname LSW1
[LSW1]vlan batch 100 to 102
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk pvid vlan 100
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 102
[LSW1-GigabitEthernet0/0/1]q
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 to 102
[LSW1-GigabitEthernet0/0/2]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/3]
------------------------------------
SW2:
<Huawei>sy
[Huawei]un in en
[Huawei]sysname LSW2
[LSW2]vlan batch 100 to 102 111
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[LSW2-GigabitEthernet0/0/3]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[LSW2-GigabitEthernet0/0/2]qui
[LSW2]int g0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 111
[LSW2-GigabitEthernet0/0/1]qui
[LSW2]int vlan 100
[LSW2-Vlanif100]ip add 192.168.100.1 24
[LSW2-Vlanif100]qui
[LSW2]int vlan 101
[LSW2-Vlanif101]ip add 192.168.101.1 24
[LSW2-Vlanif101]qui
[LSW2]int vlan102
[LSW2-Vlanif102]ip add 192.168.102.1 24
[LSW2-Vlanif102]qui
[LSW2]int vlan 111
[LSW2-Vlanif111]ip add 192.168.111.1 24
[LSW2-Vlanif111]qui
[LSW2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[LSW2]ip pool ap_pool
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-ap_pool]gateway-list 192.168.100.1
[LSW2-ip-pool-ap_pool]network 192.168.100.0 mask 24
[LSW2-ip-pool-ap_pool]excluded-ip-address 192.168.100.100
[LSW2-ip-pool-ap_pool]dns-list 114.114.114.114
[LSW2-ip-pool-ap_pool]qui
[LSW2]ip pool HUA_1
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-hua_1]gateway-list 192.168.101.1
[LSW2-ip-pool-hua_1]network 192.168.101.0 mask 24
[LSW2-ip-pool-hua_1]dns-list 114.114.114.114
[LSW2-ip-pool-hua_1]qui
[LSW2]ip pool HUA_2
Info:It's successful to create an IP address pool.
[LSW2-ip-pool-hua_2]gateway-list 192.168.102.1
[LSW2-ip-pool-hua_2]network 192.168.102.0 mask 24
[LSW2-ip-pool-hua_2]dns-list 114.114.114.114
[LSW2-ip-pool-hua_2]qui
[LSW2]int vlan 100
[LSW2-Vlanif100]dhcp select global
[LSW2-Vlanif100]qui
[LSW2]int vlan 101
[LSW2-Vlanif101]dhcp select global
[LSW2-Vlanif101]int vlan102
[LSW2-Vlanif102]dhcp select global
[LSW2-Vlanif102]qui
[LSW2]ip route-static 0.0.0.0 0 192.168.111.2
------------------------------------
R1:
<R1>sy
Enter system view, return user view with Ctrl+Z.
[R1]int g3/0/0
[R1-GigabitEthernet3/0/0]ip add 192.168.111.2 24
[R1-GigabitEthernet3/0/0]qui
[R1]ip route-static 192.168.101.0 255.255.255.0 192.168.111.1
[R1]ip route-static 192.168.102.0 255.255.255.0 192.168.111.1
[R1]qui
<R1>save
六、单个关键技术的设计与实现案例
1、路由器静态路由实验
R1、R2、R3都同理配置 路由器R1:
<Huawei>system-view
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname R1
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.1.1.1 24
[R1-GigabitEthernet0/0/1]quit
[R1]interface g0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.1.4.1 30
[R1-GigabitEthernet0/0/2]quit
[R1]ip route-static 10.1.2.0 24 10.1.4.2
[R1]ip route-static 10.1.3.0 24 10.1.4.2
<R1>save
同理路由器R2:
[R2]ip route-static 10.1.1.0 24 10.1.4.1
[R2]ip route-static 10.1.3.0 24 10.1.5.2
PC1(其他PC机同理):
IP地址:10.1.1.2
子网掩码:255.255.255.0
网关:10.1.1.1
2、交换机VLAN配置实验
基于GVRP的VLAN配置实验: 第一步:交换机LSW1和LSW2的基本配置:
LSW1:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname SwitchA
[SwitchA]gvrp
[SwitchA]vlan 2
[SwitchA-vlan2]quit
[SwitchA]int vlan2
[SwitchA-Vlanif2]ip address 192.168.1.254 24
LSW2:
<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname SwitchB
[SwitchB]gvrp
[SwitchA]vlan 2
第二步:交换机LSW1和LSW2的端口配置:
LSW1:
[SwitchA]int g0/0/1
[SwitchA-GigabitEthernet0/0/1]port link-type access
[SwitchA-GigabitEthernet0/0/1]port default vlan 2
[SwitchA-GigabitEthernet0/0/1]int g0/0/2
[SwitchA-GigabitEthernet0/0/2]port link-type trunk
[SwitchA-GigabitEthernet0/0/2]port trunk allow-pass vlan all
LSW2:
[SwitchB]int g0/0/1
[SwitchB-GigabitEthernet0/0/1]port link-type access
[SwitchB-GigabitEthernet0/0/1]port default vlan 2
[SwitchB-GigabitEthernet0/0/1]int g0/0/2
[SwitchB-GigabitEthernet0/0/2]port link-type trunk
[SwitchB-GigabitEthernet0/0/2]port trunk allow-pass vlan all
第三步:交换机LSW1和LSW2配置GVRP:
LSW1:
[SwitchA]int g0/0/2
[SwitchA-GigabitEthernet0/0/2]gvrp
LSW2:
[SwitchB]int g0/0/2
[SwitchB-GigabitEthernet0/0/2]gvrp
第四步:配置PC1和PC2的IP
PC1的IP地址:192.168.1.1
网关:192.168.1.254
子网掩码:255.255.255.0
PC1的IP地址:192.168.1.2
网关:192.168.1.254
子网掩码:255.255.255.0
PC1上:ping 192.168.1.2
PC2上:ping 192.168.1.1
3、动态路由RIP实验
1、配置各接口:R1/R2/R3(都如此)
R1:
<Huawei>system-view
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.1.1 24
R2:
<Huawei>system-view
[Huawei]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 10.10.0.1 24
2、配置RIP协议
R1:
[Huawei]rip
[Huawei-rip-1]network 192.168.1.0
[Huawei-rip-1]return
<Huawei>save
R2:
[Huawei]rip
[Huawei-rip-1]network 192.168.1.0
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]return
<Huawei>save
R3:
[Huawei]rip
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]return
<Huawei>save
3、检验结果:display ip routing、ping
R1:
Destination/Mask Proto Pre Cost NextHop
10.0.0.0/8 RIP 100 1 192.168.1.2
4、动态路由OSPF实验
第一步:配置IP地址 第二步:开通OSPF
[R1]ospf
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.200.10.4 0.0.0.3
[R1-ospf-1-area-0.0.0.0]area 1
[R1-ospf-1-area-0.0.0.1]network 192.1.0.128 0.0.0.63
第三步:验证ping、dis ip routing、dis cu
5、无线网络WLA
基本的配置和vlan划分:
#
sysname AC
#
vlan batch 10 20
#
dhcp enable
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
lease unlimited
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
lease unlimited
dns-list 114.114.114.114 8.8.8.8
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
capwap source interface vlanif10
一、新建AP组,域管理模板,组里调用域管理模板 1、创建AP组,方便后面其他AP加入此组,统一配置
[AC] wlan
[AC-wlan-view] ap-group name CYY
[AC-wlan-ap-group-ap-group1] quit
2、创建域管理模板,国家代码CN
[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
3、进入新创建的AP组,调用刚才创建的模板。
[AC-wlan-view] ap-group name CYY
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
二、设置AP上线,方式是MAC地址上线 1、AP上线,将此AP加入新建的AP组(CYY)
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc07-6580
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group CYY
三,配置AC的源接口
[AC] capwap source interface vlanif 10
四、配置WLAN业务参数 1、创建安全模板(包含认证方式和密码)
[AC-wlan-view] security-profile name A
[AC-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-security] quit
2、创建SSID模板,并配置SSID的名称为“CYY-CYY”
[AC-wlan-view] ssid-profile name B
[AC-wlan-ssid-prof-wlan-ssid] ssid HYDQ-CYY
[AC-wlan-ssid-prof-wlan-ssid] quit
3、创建VAP模板,配置业务数据转发模式,业务vlan,并且引用安全模板和SSID模板
[AC-wlan-view] vap-profile name C
[AC-wlan-vap-prof-wlan-vap] forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap] service-vlan vlan-id 20
[AC-wlan-vap-prof-wlan-vap] security-profile A
[AC-wlan-vap-prof-wlan-vap] ssid-profile B
[AC-wlan-vap-prof-wlan-vap] quit
4、让AP组引用VAP模板
[AC-wlan-view] ap-group name CYY
[AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
截至此时,AP已经配置完毕可以正常连接,工作站和手机搜到的名称为:CYY-CYY,密码是a1234567
6、路由DHCP实验
基于global全局配置
第一步:配置IP地址:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/0]quit
[R1]ip pool PC
Info:It's successful to create an IP address pool.
[R1-ip-pool-PC]gateway-list 192.168.1.254
[R1-ip-pool-PC]network 192.168.1.0 mask 24
[R1-ip-pool-PC]quit
第二步:开启DHCP配置:
[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global
[R1-GigabitEthernet0/0/0]quit
<R1>save
基于interface接口配置
第一步:配置ip
[R3-GigabitEthernet0/0/0]ip address 192.168.2.254 24
第二步:开启DHCP
[R3]dhcp enable
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]dhcp select interface
7、访问控制列表ACL实验
第一步:配置ip地址 第二步:配置静态路由或RIP全网连通(此处以静态路由为例)
静态路由:
[R1]ip route-static 192.168.20.0 24 192.168.12.2
[R2]ip route-static 192.168.10.0 24 192.168.12.1
第三步:配置ACL、ACL规则,并应用
配置ACL禁止PC3与PC1之间的访问:
<R2>system-view
[R2]acl 3000
[R2-acl-adv-3000]rule 5 deny ip source 192.168.20.3 0.0.0.255 destination 192.168.10.1 0.0.0.255
[R2-acl-adv-3000]quit
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
[R2-GigabitEthernet0/0/0]quit
第四步:验证ACL。display acl 3000、dis cu、 dis acl all、ping命令 ACL其他命令:
[SW]time-range satime 8:00 to 18:00 working-day
[SW]traffic classifier c_m
[SW-classifier-c_m]if-match acl 3002
[SW]traffic behavior d_m
[SW-behavior-d_m]deny
[SW]traffic policy e_m
[SW-trafficcpolicy-e_m]classifier c_m behavior d_m
[SW]int g0/0/1
[SW-g0/0/1]traffic-policy e_m outbound
8、单臂路由技术
第一步:配置PC机IP地址 第二步:配置Switch交换机
SW1:
[SW1]int e0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 10
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]port link-type access
[SW1-Ethernet0/0/3]port default vlan 20
[SW1-Ethernet0/0/3]int e0/0/1
[SW1-Ethernet0/0/1]port link-type trunk
[SW1-Ethernet0/0/1]port trunk allow-pass vlan 10 20
[SW1-Ethernet0/0/1]int e0/0/4
[SW1-Ethernet0/0/4]port link-type trunk
[SW1-Ethernet0/0/4]port trunk allow-pass vlan 10 20
[SW1-Ethernet0/0/4]quit
SW2:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname SW2
[SW2]vlan batch 10 20
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/1]port trunk allow-pass vlan 10 20
[SW2-Ethernet0/0/1]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 10
[SW2-Ethernet0/0/2]int e0/0/3
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 20
[SW2-Ethernet0/0/3]quit
第三步:配置Router路由器
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname R1
[R1]interface g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10
[R1-GigabitEthernet0/0/0.1]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
[R1-GigabitEthernet0/0/0.1]quit
[R1]interface g0/0/0.2
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 20
[R1-GigabitEthernet0/0/0.2]ip address 192.168.2.254 24
[R1-GigabitEthernet0/0/0.2]arp broadcast enable
第四步:测试vlan
SW1:dis vlan
10 common UT:Eth0/0/2(U)
TG:Eth0/0/1(U) Eth0/0/4(U)
20 common UT:Eth0/0/3(U)
TG:Eth0/0/1(U) Eth0/0/4(U)
SW2:dis vlan
10 common UT:Eth0/0/2(U)
TG:Eth0/0/1(U)
20 common UT:Eth0/0/3(U)
TG:Eth0/0/1(U)
9、地址转换NAT技术实验
静态nat
步骤一:配合PC机地址
PC1:192.168.1.1 255.255.255.0 192.168.1.254
PC2:192.168.1.2 255.255.255.0 192.168.1.254
PC3:192.168.2.1 255.255.255.0 192.168.2.254
步骤二:配置路由器R1、R2地址
R1:
[Huawei]sysname R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.10.1.1 24
R2:
[Huawei]sysname R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.10.1.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 192.168.2.254 24
步骤三:配置静态nat
<R1>system-view
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat static glo
[R1-GigabitEthernet0/0/1]nat static global 172.16.1.1 inside 192.168.1.1
动态nat
R1:
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo nat static global 172.16.1.1 inside 192.168.1.1
[R1]nat address-group 1 172.16.1.1 172.16.1.5
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat
这个时候ping1.0网段不通:可以配置R2的静态路由,在ping的同时可以抓取R2中g0/0/0端口数据包查看
PC>ping 10.10.1.2
Ping 10.10.1.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
给R2配置静态路由:
<R2>system-view
[R2]ip route-static 172.16.1.0 24 10.10.1.1
PC>ping 10.10.1.2
Ping 10.10.1.2: 32 data bytes, Press Ctrl_C to break
From 10.10.1.2: bytes=32 seq=1 ttl=254 time=47 ms
From 10.10.1.2: bytes=32 seq=2 ttl=254 time=93 ms
NAPT配置
也是需要ACL规则和地址池的,接上面的R2静态路由
R1:
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo nat outbound 2000 address-group 1 no-pat
[R1]nat address-group 1 172.16.1.1 172.16.1.5
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
easy IP
也需要ACL规则但是不需要地址池
<R1>system-view
[R1]un in en
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
|