先交换后路由:
1:在交换机上创建vlan,进入接口划分vlan,接着在交换机连接路由器的接口上建立trunk干道
2:在路由器上,先配置物理接口IP,接着在路由器上创建两个子接口,将建立的vlan封装到子接口中,
3:创建DHCP池塘,宣告池塘所用的IP地址段,并在接口上开启DHCP功能
4:接口汇总
5:加快收敛
6:缺省路由,以及边界路由器的缺省路由
7:空接口防环
8:nat一对多进行地址转换 端口映射 一对一 多对多
acl2000:定义感兴趣流量
sw1:
The device is running!
<Huawei>sys
[Huawei]sysname sw1
[sw1]vlan batch 2 to 3 --创建vlan
[sw1]interface e0/0/4 --接口划入vlan
[sw1-Ethernet0/0/4]p l a
[sw1-Ethernet0/0/4]p d vlan 2
[sw1-Ethernet0/0/4]q
[sw1]interface e0/0/5
[sw1-Ethernet0/0/5]port link-type access
[sw1-Ethernet0/0/5]port default vlan 3
[sw1-Ethernet0/0/5]q
[sw1]interface e0/0/1 --trunk干道
[sw1-Ethernet0/0/1]port link-type trunk
[sw1-Ethernet0/0/1]port trunk allow-pass vlan 2 3
SW2:
<Huawei>system-view
[Huawei]sysname sw2
[sw2]vlan batch 2 to 3
[sw2]interface e0/0/2
[sw2-Ethernet0/0/2]p l a
[sw2-Ethernet0/0/2]p d vlan 2
[sw2]interface e0/0/3
[sw2-Ethernet0/0/3]p l a
[sw2-Ethernet0/0/3]p d vlan 3
[sw2-Ethernet0/0/3]q
[sw2]interface e0/0/1
[sw2-Ethernet0/0/1]port link-type trunk
[sw2-Ethernet0/0/1]port trunk allow-pass vlan 2 3
R1:
[Huawei]sysname r1
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.0.1 30
[r1]interface g0/0/1 ---创建物理接口
[r1-GigabitEthernet0/0/1]ip address 192.168.1.1 26
[r1-GigabitEthernet0/0/1]q
[r1]interface g0/0/1.1 ---创建vlan2的子接口
[r1-GigabitEthernet0/0/1.1]dot1q termination vid 2 --用dot1q标准在管理vlan2
[r1-GigabitEthernet0/0/1.1]ip address 192.168.1.65 26
[r1-GigabitEthernet0/0/1.1]arp broadcast enable 打开广播功能
[r1-GigabitEthernet0/0/1.1]q
[r1]interface g0/0/1.2 ---创建vlan3的子接口
[r1-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/1.2]ip address 192.168.1.129 26
[r1-GigabitEthernet0/0/1.2]arp broadcast enable
[r1-GigabitEthernet0/0/1.2]q
[r1]dhcp enable
[r1]ip pool v2 ---创建名叫v2的池塘
Info: It's successful to create an IP address pool.
[r1-ip-pool-v2]network 192.168.1.64 mask 26 --为192.168.1.64/26网段分配地址
[r1-ip-pool-v2]gateway-list 192.168.1.65 --网关为192.168.1.65
[r1-ip-pool-v2]dns-list 192.168.2.2 --DNS为192.168.2.2
[r1-ip-pool-v2]q
[r1]ip pool v3
Info: It's successful to create an IP address pool.
[r1-ip-pool-v3]network 192.168.1.128 mask 26
[r1-ip-pool-v3]gateway-list 192.168.1.129
[r1-ip-pool-v3]dns-list 192.168.2.2
[r1-ip-pool-v3]q
[r1]interface g0/0/1.1 ---在子接口上开启DHCP功能
[r1-GigabitEthernet0/0/1.1]dhcp select global
[r1-GigabitEthernet0/0/1.1]q
[r1]interface g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dhcp select global
[r1-GigabitEthernet0/0/1.2]
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]rip
[r1-GigabitEthernet0/0/0]rip summary-address 192.168.1.0 255.255.255.0 --接口汇总
[r1-GigabitEthernet0/0/0]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/30 Direct 0 0 D 192.168.0.1 GigabitEthernet
0/0/0
192.168.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.0/26 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/1
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.63/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.64/26 Direct 0 0 D 192.168.1.65 GigabitEthernet
0/0/1.1
192.168.1.65/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.1
192.168.1.127/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.1
192.168.1.128/26 Direct 0 0 D 192.168.1.129 GigabitEthernet
0/0/1.2
192.168.1.129/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.2
192.168.1.191/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.2
192.168.2.0/24 RIP 100 1 D 192.168.0.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[r1-GigabitEthernet0/0/0]q
[r1]rip
[r1-rip-1]timers rip 15 90 150 ---加快收敛
[r1]rip
[r1-rip-1]silent-interface g0/0/1 ---沉默接口
[r1-rip-1]silent-interface g0/0/1.1 ---沉默接口
[r1-rip-1]silent-interface g0/0/1.2 ---沉默接口
[r1-rip-1]
[r1]ip route-static 192.168.1.0 24 NULL 0 ---空接口防环
[r1]HTTP服务器:
R2:
[Huawei]sysname r2
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.0.2 30
[r2-GigabitEthernet0/0/0]q
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[r2-GigabitEthernet0/0/1]q
[r2]interface g0/0/2
[r2-GigabitEthernet0/0/2]ip address 192.168.2.1 26
[r2-GigabitEthernet0/0/2]q
[r2]interface g0/0/2.1
[r2-GigabitEthernet0/0/2.1]ip address 192.168.2.65 26
[r2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/2.1]arp broadcast enable
[r2-GigabitEthernet0/0/2.1]q
[r2]interface g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/2.2]ip address 192.168.2.129 26
[r2-GigabitEthernet0/0/2.2]arp broadcast enable
[r2-GigabitEthernet0/0/2.2]q
[r2]dhcp enable
[r2]ip pool v2
[r2-ip-pool-v2]network 192.168.2.64 mask 26
[r2-ip-pool-v2]gateway-list 192.168.2.65
[r2-ip-pool-v2]dns-list 192.168.2.2
[r2-ip-pool-v2]q
[r2]ip pool v3
[r2-ip-pool-v3]network 192.168.2.128 mask 26
[r2-ip-pool-v3]gateway-list 192.168.2.129
[r2-ip-pool-v3]dns-list 192.168.2.2
[r2-ip-pool-v3]q
[r2]interface g0/0/2.1
[r2-GigabitEthernet0/0/2.1]dhcp select ?
global Local server
interface Interface server pool
relay DHCP relay
[r2-GigabitEthernet0/0/2.1]dhcp select global
[r2-GigabitEthernet0/0/2.1]q
[r2]interface g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dhcp select global
[r2-GigabitEthernet0/0/2.2]
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]rip summary-address 192.168.2.0 255.255.255.0
[r2-GigabitEthernet0/0/0]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 20 Routes : 20
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet
0/0/1
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.0.0/30 Direct 0 0 D 192.168.0.2 GigabitEthernet
0/0/0
192.168.0.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.0/24 RIP 100 1 D 192.168.0.1 GigabitEthernet
0/0/0
192.168.2.0/26 Direct 0 0 D 192.168.2.1 GigabitEthernet
0/0/2
192.168.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.63/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.64/26 Direct 0 0 D 192.168.2.65 GigabitEthernet
0/0/2.1
192.168.2.65/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2.1
192.168.2.127/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2.1
192.168.2.128/26 Direct 0 0 D 192.168.2.129 GigabitEthernet
0/0/2.2
192.168.2.129/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2.2
192.168.2.191/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2.2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[r2-GigabitEthernet0/0/0]q
[r2]rip
[r2-rip-1]timers rip 15 90 150
[r2-rip-1]
[r2-rip-1]silent-interface g0/0/2
[r2-rip-1]silent-interface g0/0/2.1
[r2-rip-1]silent-interface g0/0/2.2
[r2]rip
[r2-rip-1]default-route originate ---在边界路由器上通过RIP写一条缺省路由,
[r2-rip-1]q
[r2]ip route-static 0.0.0.0 0 12.1.1.2 边界路由器的缺省路由只能手写
[r2]
[r2]ip route-static 192.168.2.0 24 null 0 ---空接口防环
[r2]
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]nat outbound 2000
[r2-GigabitEthernet0/0/1]
[r2]acl 2000 先使用acl定义可被转换的私有ip地址范围
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]interface g0/0/2 再在边界路由器连接外部的接口上配置一多对
[r2-GigabitEthernet0/0/2]nat outbound 2000 acl表格2000中关联ip流量,在通过该接口转出时修改其源ip地址为该物理接口(g0/0/2)的ip地址,并产生临时的映射列表,用于数据包的回复;
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]nat static global 12.1.1.3 inside 192.168.1.2
[r2-GigabitEthernet0/0/1]
一对一 标准的一种静态nat,固定将一个ip地址转换为另一个ip地址
在边界路由器上连接外部的接口进行配置,华为要求一多一的公有ip地址,不能为外部接口上实际配置的ip地址;
[r2-GigabitEthernet0/0/2]nat static global 12.1.1.3 inside 192.168.1.2
公有ip地址12.1.1.3与私有ip地址192.168.1.2 进行静态转换
---端口映射:
[r2-GigabitEthernet0/0/1]
[r2-GigabitEthernet0/0/1]nat static protocol tcp global current-interface 80 ins
ide 192.168.1.2 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/1]
端口映射 --- 属于静态nat;仅用于一个ip地址的一个固定端口与另一个ip地址的一个固定端口进行地址转换
当外部访问本地G0/0/2的ip地址,且目标端口号为80时,将目标ip地址转换为192.168.1.2的80端口;
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.2 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 8888 inside 192.168.1.3 80
当外部设备访问g0/0/2的接口ip地址时,且目标端口号8888,那么将被转换为192.168.1.3的80端口;
PC1
ISP:
[Huawei]sysname isp
[isp]interface g0/0/0
[isp-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[isp-GigabitEthernet0/0/0]q
[isp]interface g0/0/1
[isp-GigabitEthernet0/0/1]ip address 1.1.1.1 24
[isp-GigabitEthernet0/0/1]PC1pingPC3:
PC1PINGPC5:
