一.拓扑图
二.需求
1.学校内部的HTTP客户端可以正常通过域名www.baidu.com访问到百度网络中HTTP服务器
2.学校网络内部网段基于192.168.1.0/24划分,PC1可以正常访问3.3.3.0/24网段,但是PC2不允许
3.学校内部路由使用静态路由,R1和R2之间两条链路进行浮动静态
4.运营商网络内部使用动态路由协议
5.AR1可以被telnet远程控制
三.需求分析
1. 学校内部的HTTP客户端可以正常通过域名www.baidu.com访问到百度网络中HTTP服务器
这个需要DNS域名解析,由学校网络到运营商,再到百度网络
2.学校网络内部网段基于192.168.1.0/24划分,PC1可以正常访问3.3.3.0/24网段,但是PC2不允许
第一点涉及子网划分,PC1可以正常访问3.3.3.0/24网段到但是不允许PC2访问3.3.3.0/24:涉及VLAN划分并且ACL控制PC2
3.学校内部路由使用静态路由,R1和R2之间两条链路进行浮动静态
AR1和AR2浮动静态路由,分成主链路和备份链路,这里需要调整优先级
4.运营商网络内部使用动态路由协议
这里使用OSPF协议
5.AR1可以被telnet远程控制
AR1允许telnet
四.步骤
分析完成需求之后,开始实验,首先 第一步应该进行基础的网络搭建
IP地址规划和基础接口配置
1.LSW1中VLAN划分
<Huawei>system-view
[Huawei]vlan batch 2 3
[Huawei]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 3
[Huawei-GigabitEthernet0/0/1]q
[Huawei]interface g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 2
[Huawei-GigabitEthernet0/0/2]q
[Huawei]interface g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 3
[Huawei-GigabitEthernet0/0/4]q
[Huawei]interface g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan 2 3
配置AR2
1.内网配置
[AR2-GigabitEthernet0/0/2]ip address 192.168.1.1 30
[AR2-GigabitEthernet0/0/1]ip address 192.168.1.5 30
[AR2]interface g0/0/0.2
[AR2-GigabitEthernet0/0/0.2]dot1q termination vid 2
[AR2-GigabitEthernet0/0/0.2]ip address 192.168.1.129 26
[AR2-GigabitEthernet0/0/0.2]interface g0/0/0.3
[AR2-GigabitEthernet0/0/0.3]dot1q termination vid 3
[AR2-GigabitEthernet0/0/0.3]ip address 192.168.1.193 26
2.DHCP地址池
[AR2]dhcp enable
[AR2]ip pool vlan3
[AR2-ip-pool-vlan3]network 192.168.1.128 mask 26 //设置网关及掩码
[AR2-ip-pool-vlan3]dns-list 100.1.1.1 // 设置DNS
[AR2]interface g0/0/0.3
[AR2-GigabitEthernet0/0/0.3]dhcp select global //激活全局配置
[AR2-GigabitEthernet0/0/0.3]arp broadcast enable //打开广播应答功能
[AR2]interface g0/0/0.2
[AR2-GigabitEthernet0/0/0.2]arp broadcast enable
3.编辑缺省路由
[AR2]ip route-static 0.0.0.0 0 192.168.1.2
[AR2]ip route-static 0.0.0.0 0 192.168.1.6 preference 61
4.pc2不允许访问3.3.3.3
[AR2]acl 3000
[AR2-acl-adv-3000]rule deny ip source 192.16.1.253 0.0.0.0 destination 3.3.3.3 0
[AR2-GigabitEthernet0/0/0.3]traffic-filter inbound acl 3000
AR1配置
1.内网配置
[AR1-GigabitEthernet0/0/2]ip address 13.0.0.1 24
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.2 30
2.缺省路由
[AR1]ip route-static 192.168.1.128 25 192.168.1.1
[AR1]ip route-static 192.168.1.128 25 192.168.1.5 preference 61
[AR1]ip route-static 0.0.0.0 0 13.0.0.3
3.配置ACL
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.2554.配置NAT
//设置一个nat地址池包含公有IP地址
[R1]nat address-group 1 13.0.0.10 13.0.0.10
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 15.AR1可以被telnet远程控制
[AR1]aaa
[AR1-aaa]local-user huawei password cipher 123456
[AR1-aaa]local-user huawei privilege level 15
[AR1-aaa]local-user huawei service-type telnetAR3配置
1.内网配置
[AR3-GigabitEthernet0/0/0]ip address 13.0.0.3 24
[AR3-GigabitEthernet0/0/1]ip address 34.0.0.3 24
[AR3-GigabitEthernet0/0/2]ip address 35.0.0.3 24
2.设置环回
[AR3]INT L 0
[AR3-LoopBack0]ip address 3.3.3.3 24
3.设置ARP
[AR3]rip 1
[AR3-rip-1]verify-source
[AR3-rip-1]version 2
[AR3-rip-1]network 13.0.0.0
[AR3-rip-1]network 34.0.0.0
[AR3-rip-1]network 35.0.0.0AR4配置
1.内网配置
[r4-GigabitEthernet0/0/0]ip address 34.0.0.4 24
[r4-GigabitEthernet0/0/1]ip address 100.1.1.254 242.设置RIP
[AR4]rip 1
[AR4-rip-1]verify-source
[AR4-rip-1]version 2
[AR4-rip-1]network 34.0.0.0
[AR4-rip-1]network 100.0.0.0AR5配置
1.内网设置
[R5-GigabitEthernet0/0/0]ip address 35.0.0.5 24
[R5-GigabitEthernet0/0/1]ip address 56.0.0.5 242.设置RIP
[AR5]RIP 1
[AR5-rip-1]version 2
[AR5-rip-1]network 35.0.0.0
[AR5-rip-1]network 56.0.0.0AR6配置
1.内网设置
[AR6-GigabitEthernet0/0/1]ip address 172.16.1.254 24
[AR6-GigabitEthernet0/0/0]ip address 56.0.0.6 242.缺省路由
[AR6]ip route-static 0.0.0.0 0 56.0.0.53.设置端口映射
[AR6-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80 ins
ide 172.16.1.1 80
[AR6]acl 2000
[AR6-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[AR6-GigabitEthernet0/0/0]nat outbound 2000DNS设置
HTTP服务器
HTTP客户端
