ENSP模拟实验-HCIA综合大实验

  • 开发
  • 17

实验拓扑图:

实验要求:

  1. ISP路由器仅配置IP地址
  2. 内网基于192.168.1.0/24网段进行IP划分
  3. R1.R2之间使用OSPF做到内网全通,单区域
  4. PC1-PC4使用DHCP获取地址
  5. PC2-PC4可以访问PC5,PC1不行
  6. R2出口只拥有一个公网IP
  7. test-1设备可以登录内网telnet服务器,test-2不行

实验过程:

1.IP地址规划

内网基于所给网段192.168.1.0/24划分,外网的骨干给12.1.1.0/24,用户给5.5.5.0/24

注意在内网划分时有vlan划分广播域,需要给所划分出的广播域分配网段,地址的划分已经在前面说过,在此不再赘述,划分结果见详下图:

2.基础配置(+vlan+子接口)

Lsw1:

[Huawei]vlan batch 2 to 4

[Huawei]interface e0/0/2

[Huawei-Ethernet0/0/2]port link-type access

[Huawei-Ethernet0/0/2]port default vlan 2

[Huawei-Ethernet0/0/2]q

[Huawei]interface e0/0/3

[Huawei-Ethernet0/0/3]port link-type access

[Huawei-Ethernet0/0/3]port default vlan 3

[Huawei-Ethernet0/0/3]q

[Huawei]interface e0/0/4

[Huawei-Ethernet0/0/4]port link-type access

[Huawei-Ethernet0/0/4]port default vlan 4

[Huawei-Ethernet0/0/4]q

[Huawei]interface e0/0/1

[Huawei-Ethernet0/0/1]port link-type trunk

[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all

[Huawei-Ethernet0/0/1]q

Lsw2:

Huawei]vlan batch 2 to 3

[Huawei]interface e0/0/2

[Huawei-Ethernet0/0/2]port link-type access

[Huawei-Ethernet0/0/2]port default vlan 2

[Huawei-Ethernet0/0/2]q

[Huawei]interface e0/0/3

[Huawei-Ethernet0/0/3]port link-type access

[Huawei-Ethernet0/0/3]port default vlan 3

[Huawei-Ethernet0/0/3]q

[Huawei]interface e0/0/1

[Huawei-Ethernet0/0/1]port link-type trunk

[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all

[Huawei-Ethernet0/0/1]q

R1:

[Huawei]interface g0/0/1

[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.129 30

[Huawei-GigabitEthernet0/0/1]q

[Huawei]interface g0/0/0.1

[Huawei-GigabitEthernet0/0/0.1]dot1q termination vid 2

[Huawei-GigabitEthernet0/0/0.1]ip address 192.168.1.1 28

[Huawei-GigabitEthernet0/0/0.1]arp broadcast enable

[Huawei-GigabitEthernet0/0/0.1]q

[Huawei]interface g0/0/0.2

[Huawei-GigabitEthernet0/0/0.2]dot1q termination vid 3

[Huawei-GigabitEthernet0/0/0.2]ip address 192.168.1.17 28

[Huawei-GigabitEthernet0/0/0.2]arp broadcast enable

[Huawei-GigabitEthernet0/0/0.2]q

[Huawei]interface g0/0/0.3

[Huawei-GigabitEthernet0/0/0.3]dot1q termination vid 4

[Huawei-GigabitEthernet0/0/0.3]ip address 192.168.1.33 28

[Huawei-GigabitEthernet0/0/0.3]arp broadcast enable

[Huawei-GigabitEthernet0/0/0.3]q

R2:

[Huawei]interface g0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.130 30

[Huawei-GigabitEthernet0/0/0]q

[Huawei]interface g0/0/2

[Huawei-GigabitEthernet0/0/2]ip address 12.1.1.1 24

[Huawei-GigabitEthernet0/0/2]q

[Huawei]interface g0/0/1.1

[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 2

[Huawei-GigabitEthernet0/0/1.1]ip address 192.168.1.65 27

[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable

[Huawei-GigabitEthernet0/0/1.1]q

[Huawei]interface g0/0/1.2

[Huawei-GigabitEthernet0/0/1.2]dot1q termination vid 3

[Huawei-GigabitEthernet0/0/1.2]ip address 192.168.1.99 27

[Huawei-GigabitEthernet0/0/1.2]arp broadcast enable

[Huawei-GigabitEthernet0/0/1.2]q

ISP:

[Huawei]interface g0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 12.1.1.2 24

[Huawei-GigabitEthernet0/0/0]q

[Huawei]interface g0/0/1

[Huawei-GigabitEthernet0/0/1]ip address 5.5.5.1 24

[Huawei-GigabitEthernet0/0/1]q

telnet-server:

[Huawei]interface g0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 192.168.1.34 28

[Huawei-GigabitEthernet0/0/0]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.1.33

Test-1:

[Huawei]interface g0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 5.5.5.2 24

[Huawei-GigabitEthernet0/0/0]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 5.5.5.1

Test-2:

[Huawei]interface g0/0/0

[Huawei-GigabitEthernet0/0/0]ip address 5.5.5.4 24

[Huawei-GigabitEthernet0/0/0]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 5.5.5.1

3.DHCP(让PC1-PC4通过dhcp服务拿到地址)

R1:

Huawei]dhcp enable

[Huawei]ip pool v2

[Huawei-ip-pool-v2]network 192.168.1.0 mask 28

[Huawei-ip-pool-v2]gateway-list 192.168.1.1

[Huawei-ip-pool-v2]dns-list 8.8.8.8

[Huawei-ip-pool-v2]q

[Huawei]interface g0/0/0.1

[Huawei-GigabitEthernet0/0/0.1]dhcp select global

[Huawei-GigabitEthernet0/0/0.1]q

[Huawei]ip pool v3

[Huawei-ip-pool-v3]network 192.168.1.16 mask 28

[Huawei-ip-pool-v3]gateway-list 192.168.1.17

[Huawei-ip-pool-v3]dns-list 8.8.8.8

[Huawei-ip-pool-v3]q

[Huawei]interface g0/0/0.2

[Huawei-GigabitEthernet0/0/0.2]dhcp select global

[Huawei-GigabitEthernet0/0/0.2]q

R2:

[Huawei]dhcp enable

[Huawei]ip pool v2

[Huawei-ip-pool-v2]network 192.168.1.64 mask 27

[Huawei-ip-pool-v2]gateway-list 192.168.1.65

[Huawei-ip-pool-v2]dns-list 8.8.8.8

[Huawei-ip-pool-v2]q

[Huawei]interface g0/0/1.1

[Huawei-GigabitEthernet0/0/1.1]dhcp select global

[Huawei-GigabitEthernet0/0/1.1]q

[Huawei]ip pool v3

[Huawei-ip-pool-v3]network 192.168.1.98 mask 27

[Huawei-ip-pool-v3]gateway-list 192.168.1.99

[Huawei-ip-pool-v3]dns-list 8.8.8.8

[Huawei-ip-pool-v3]q

[Huawei]interface g0/0/1.2

[Huawei-GigabitEthernet0/0/1.2]dhcp select global

[Huawei-GigabitEthernet0/0/1.2]q

[Huawei]

4.OSPF配置(实现内网通)

R1:

[Huawei]ospf 1 router-id 1.1.1.1

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Huawei-ospf-1-area-0.0.0.0]q

R2:

[Huawei]ospf 1 router-id 2.2.2.2

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[Huawei-ospf-1-area-0.0.0.0]q

此时,内网全通,如下图:

5.写缺省,做NAT,实现内网访问外网(仅在边界路由器R2上做配置)

[Huawei]ospf 1

[Huawei-ospf-1]default-route-advertise always

[Huawei-ospf-1]q

[Huawei]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2

[Huawei]acl 2000

[Huawei-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[Huawei-acl-basic-2000]q

[Huawei]interface g0/0/2

[Huawei-GigabitEthernet0/0/2]nat outbound 2000

[Huawei-GigabitEthernet0/0/2]q

此时内网可正常访问外网,如下图:

6.限0制PC1对PC5的访问(在R1上做配置)

Huawei]acl 3000

[Huawei-acl-adv-3000]rule deny icmp source 192.168.1.14 0.0.0.0 destination 5.5.5.3 0.0.0.0

[Huawei-acl-adv-3000]q

[Huawei]interface g0/0/0.1

[Huawei-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000

此时PC1无法访问PC5,如图:

7.实现test-1设备可以登录内网telnet服务器,test-2不行

在telnet上开启telnet服务:

[Huawei]aaa

[Huawei-aaa]local-user liong privilege level 15 password cipher 123456

[Huawei-aaa]local-user liong service-type telnet

[Huawei-aaa]q

[Huawei]user-interface vty 0 4

[Huawei-ui-vty0-4]authentication-mode aaa

在边界路由器上做端口映射实现外网对内网服务的访问

Huawei]interface g0/0/2

[Huawei-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 inside 192.168.1.34 23

在ISP上做限制:

[Huawei]acl 3000

[Huawei-acl-adv-3000]rule deny tcp source 5.5.5.4 0.0.0.0 destination 12.1.1.1 0.0.0.0 destination-port eq 23

[Huawei-acl-adv-3000]q

[Huawei]interface g0/0/1

[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

此时要求实现,如图:

阅读全部

相关推荐

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-07-12 19:26:02       67 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2024-07-12 19:26:02       72 阅读

  9. 在Django里面运行非项目文件

    2024-07-12 19:26:02       58 阅读

  19. Python语言-面向对象

    2024-07-12 19:26:02       69 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2024-07-12 19:26:02       64 阅读

热门阅读

  2. Flowable工作流引擎核心事件详细解释说明

    2024-07-12 19:26:02       26 阅读

  3. SQL 视图

    2024-07-12 19:26:02       20 阅读

  12. 开发需要的热门常用API

    2024-07-12 19:26:02       21 阅读

  16. sql server记录数据库表行数变化记录

    2024-07-12 19:26:02       23 阅读

  17. 小抄 20240711

    2024-07-12 19:26:02       20 阅读

  18. vscode 远程开发

    2024-07-12 19:26:02       18 阅读

  20. clean code-代码整洁之道 阅读笔记(第十六章)

    2024-07-12 19:26:02       17 阅读

  26. MySQL慢查询日志(Slow Query Log)

    2024-07-12 19:26:02       18 阅读

  27. ZCC5429 异步升压芯片

    2024-07-12 19:26:02       21 阅读

  28. 介绍一下docker的打包命令

    2024-07-12 19:26:02       22 阅读

  30. 华为OJ平台

    2024-07-12 19:26:02       19 阅读