一.实验拓扑
二.实验要求
1.ISP路由器仅配置IP地址
2.内网基于192.168.1.0/24 网段进行IP划分
3.R1/R2之间使用OSPF做到全网全通,单区域
4.PC1-PC4可以使用DHCP获取地址
5.PC2-PC4可以访问PC5,PC1不行
6.R2出口只拥有一个公网IP
7.test-1设备可以登录telnet服务器,test-2不行
三.网段划分
内网:
192.168.1.0/24
192.168.1.64/28
192.168.1.80/28
192.168.1.96/28
192.168.1.128/27
192.168.1.160/27
外网:
172.16.1.0/30
172.16.1.0/24
四.实验配置
r1:
r1:
# 配置IP地址
[Huawei]sys r1
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[r1]interface GigabitEthernet 0/0/0.1
[r1-GigabitEthernet0/0/0.1]ip address 192.168.1.65 28
[r1]interface GigabitEthernet 0/0/0.2
[r1-GigabitEthernet0/0/0.2]ip address 192.168.1.81 28
[r1]interface GigabitEthernet 0/0/0.3
[r1-GigabitEthernet0/0/0.3]ip address 192.168.1.97 28
# 开启ospf服务进程保证内网的全网通(采用精准宣告)
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.65 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.81 0.0.0.0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.97 0.0.0.0
#开启DHCP下发网关以及IP地址服务
[r1]ip pool aaa
[r1-ip-pool-aaa]network 192.168.1.64 mask 28
[r1-ip-pool-aaa]gateway-list 192.168.1.65
[r1]ip pool bbb
[r1-ip-pool-bbb]network 192.168.1.80 mask 28
[r1-ip-pool-bbb]gateway-list 192.168.1.81
[r1]ip pool ccc
[r1-ip-pool-ccc]network 192.168.1.96 mask 28
[r1-ip-pool-ccc]gateway-list 192.168.1.97
# 子接口开启ARP广播
[r1-GigabitEthernet0/0/0.1]dhcp select global
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/0.1]arp broadcast enable
[r1-GigabitEthernet0/0/0.2]dhcp select global
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/0.2]arp broadcast enable
[r1-GigabitEthernet0/0/0.3]dot1q termination vid 4
[r1-GigabitEthernet0/0/0.3]arp broadcast enable
[r1-GigabitEthernet0/0/0.3]dhcp select global
# R1上配置ACL,使得PC1不能访问PC5
[r1]acl 3000
[r1-acl-adv-3000]rule deny ip source 192.168.1.64 0.0.0.15 destination 172.16.1.1 0.0.0.0
[r1]interface GigabitEthernet 0/0/0.1
[r1-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000r2:
r2:
# 配置IP地址
[HUAWEI]sys r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 24
[r2]interface GigabitEthernet 0/0/2.1
[r2-GigabitEthernet0/0/2.1]ip address 192.168.1.129 27
[r2]interface GigabitEthernet 0/0/2.2
[r2-GigabitEthernet0/0/2.2]ip address 192.168.1.161 27
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 172.16.1.1 30
# 开启ospf服务进程保证内网的全网通
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.129 0.0.0.0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.161 0.0.0.0
#开启DHCP下发网关以及IP地址服务
[r2]ip pool aaa
[r2-ip-pool-aaa]network 192.168.1.128 mask 27
[r2-ip-pool-aaa]gateway-list 192.168.1.129
[r2]ip pool bbb
[r2-ip-pool-bbb]network 192.168.1.160 mask 27
[r2-ip-pool-bbb]gateway-list 192.168.1.161
# 子接口开启ARP广播
[r2]interface GigabitEthernet 0/0/2.1
[r2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/2.1]arp broadcast enable
[r2-GigabitEthernet0/0/2.1]dhcp select global
[r2]interface GigabitEthernet 0/0/2.2
[r2-GigabitEthernet0/0/2.2]dhcp select global
[r2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/2.2]arp broadcast enable
# 进行路由策略的配置
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]nat outbound 2000 # 建立映射关系
[r2]ip route-static 0.0.0.0 0 172.16.1.2 # 写静态路由指向运营商
[r2-ospf-1]default-route-advertise # 进入ospf下发路由
SW1:
SW1:
# 划分vlan
[Huawei]sys SW1
[SW1]vlan batch 2 3 4
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 2
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 3
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 4
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all SW2:
SW2:
# 划分vlan
[Huawei]sys SW2
[SW2]vlan batch 2 3
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 2
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 3
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all 此时内网已经达到了全网通;进行测试可得
PC1 ping PC2
PC1ping PC3
PC1pingPC4
外网进行配置:
[Huawei]sys ISP
[ISP]interface GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 172.16.1.2 30
[ISP]interface GigabitEthernet 0/0/1
[ISP-GigabitEthernet0/0/1]ip address 172.16.1.1 24PC1pingPC5
telent登陆测试:
telent-service:
[telent-service]user-interface vty 0 4
[telent-service-ui-vty0-4]authentication-mode aaa
[telent-service]aaa
[telent-service-aaa]local-user huawei password cipher admin
[telent-service-aaa]local-user huawei privilege level 15
[telent-service-aaa]local-user huawei service-type telnet内网r1进行验证:
实验要求:test-1设备可以登录telnet服务器,test-2不行
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface telnet inside 192.168.1.110 telnet test认识202网段的方法:
[test-2]ip route-static 192.168.1.0 28 172.16.1.0[test-1]ip route-static 192.168.1.0 28 172.16.1.0
实验完成
![蓝桥杯(5):python动态规划DP[2:背包问题]](https://img-blog.csdnimg.cn/direct/0caab64c3f4d4ba69bd2c208e455ab64.png)
