要求： （设备名称按照拓扑标识修改，注意区分大小写） 1、ISP路由器仅配置IP地址 2、test-1和test-2仅作为代替终端设备进行测试使用，路由采用静态路由 3、R1/R2之间使用OSPF做到内网全通，单区域，OSPF使用一条命令进行宣告（直接宣告192.168.1.0网段）；router-ID分别为1.1.1.1和2.2.2.2；OSPF进程为1 4、PC1-PC4使用DHCP获取地址，地址池名称使用1，2 5、PC1不能访问PC5，acl编号为3000 6、R2出口只拥有一个公网IP 7、test-1设备可以登录内网telnet服务器，test-2不行；acl编号为3000 8、telnet服务器的账号密码为huawei/123456 9、内网用户可以正常访问ISP（边界做默认路由） 10、公网设备的路由表不能有私网的路由，使用nat（acl编号为2000） 11、内网设备的路由表不能有公网的路由，边界下发默认路由 12、VLAN及IP规划查看附件材料（所有trunk链路按照最少VLAN透传原则放通）

设备名称和IP地址设置如下：

• ISP路由器: isp-router，IP地址: 192.168.0.1
• R1: r1，IP地址: 192.168.1.1
• R2: r2，IP地址: 192.168.1.2
• PC1: pc1，使用DHCP获取地址
• PC2: pc2，使用DHCP获取地址
• PC3: pc3，使用DHCP获取地址
• PC4: pc4，使用DHCP获取地址
• PC5: pc5，静态配置IP地址为192.168.2.1

接下来按照要求对各个设备进行配置。

ISP路由器（仅配置IP地址）：

isp-router(config)# interface <接口名称>
isp-router(config-if)# ip address 192.168.0.1 255.255.255.0

test-1和test-2（静态路由）：

 test-1(config)# ip route 0.0.0.0 0.0.0.0 <ISP路由器的IP地址>
test-2(config)# ip route 0.0.0.0 0.0.0.0 <ISP路由器的IP地址>

R1和R2之间使用OSPF进行内网全通（单区域）：

R1配置：

r1(config)# router ospf 1
r1(config-router)# router-id 1.1.1.1
r1(config-router)# network 192.168.1.0 0.0.0.255 area 0

R2配置：

r2(config)# router ospf 1
r2(config-router)# router-id 2.2.2.2
r2(config-router)# network 192.168.1.0 0.0.0.255 area 0

PC1-PC4使用DHCP获取地址：

在PC1-PC4上启用DHCP客户端以获取地址即可。

PC1无法访问PC5（使用ACL）：

r1(config)# access-list 3000 deny ip any host 192.168.2.1
r1(config)# access-list 3000 permit ip any any
r1(config)# interface <与PC1相连的接口>
r1(config-if)# ip access-group 3000 in

R2出口只有一个公网IP（使用NAT）： 

r2(config)# interface <连接到公网的接口>
r2(config-if)# ip nat outside
r2(config)# interface <连接到内网的接口>
r2(config-if)# ip nat inside
r2(config)# access-list 2000 deny ip 192.168.0.0 0.0.0.255 any
r2(config)# access-list 2000 deny ip 192.168.1.0 0.0.0.255 any
r2(config)# access-list 2000 permit ip any any
r2(config)# ip nat inside source list 2000 interface <连接到公网的接口>

test-1可以登录内网telnet服务器，test-2不行（使用ACL）：

r1(config)# access-list 3000 permit tcp host <test-1的IP地址> host <telnet服务器的IP地址> eq 23
r1(config)# interface <连接到内网的接口>
r1(config-if)# ip access-group 3000 in

 内网telnet服务器的账号密码为huawei/123456，内网用户可以正常访问ISP（边界做默认路由）：

r1(config)# ip route 0.0.0.0 0.0.0.0 192.168.0.1

公网设备的路由表不能有私网的路由（使用NAT）：

同步步骤6中的NAT配置。

内网设备的路由表不能有公网的路由（边界下发默认路由）：

同步步骤9中的边界默认路由配置。

VLAN及IP规划根据参考附件材料进行配置，确保所有trunk链路按照最少VLAN透传原则放通。

具体实验实现命令：

sw1

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys LW1
[LW1]
May 10 2023 16:29:26-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.u	
[LW1]undo	
[LW1]user-group	
[LW1]udp-helper	
[LW1]upgrade	
[LW1]unknown-unicast	
[LW1]user-bind	
[LW1]user-interface con	
[LW1]user-interface console 0
[LW1-ui-console0]i	
[LW1-ui-console0]idle-timeout 0 0
[LW1-ui-console0]quit
[LW1]int g0/0/
May 10 2023 16:29:46-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.2
[LW1-GigabitEthernet0/0/2]quit
[LW1]vlan b	
[LW1]vlan batch 2 3 4
Info: This operation may take a few seconds. Please wait for a moment...done.
[LW1]
May 10 2023 16:29:56-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.int g0/0/2
[LW1-GigabitEthernet0/0/2]p	
[LW1-GigabitEthernet0/0/2]port l	
[LW1-GigabitEthernet0/0/2]port link-t	
[LW1-GigabitEthernet0/0/2]port link-type a	
[LW1-GigabitEthernet0/0/2]port link-type access 
[LW1-GigabitEthernet0/0/2]p
May 10 2023 16:32:16-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 7, the c
hange loop count is 0, and the maximum number of records is 4095.	
[LW1-GigabitEthernet0/0/2]port de	
[LW1-GigabitEthernet0/0/2]port default vlan 2
[LW1-GigabitEthernet0/0/2]int g0/0/3
[LW1-GigabitEthernet0/0/3]
May 10 2023 16:32:26-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 8, the c
hange loop count is 0, and the maximum number of records is 4095.p	
[LW1-GigabitEthernet0/0/3]port l	
[LW1-GigabitEthernet0/0/3]port link-t	
[LW1-GigabitEthernet0/0/3]port link-type a	
[LW1-GigabitEthernet0/0/3]port link-type access 
[LW1-GigabitEthernet0/0/3]p	
[LW1-GigabitEthernet0/0/3]port de	
[LW1-GigabitEthernet0/0/3]port default vlan 3
[LW1-GigabitEthernet0/0/3]int g0/0/
May 10 2023 16:32:36-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 10, the 
change loop count is 0, and the maximum number of records is 4095.4
[LW1-GigabitEthernet0/0/4]p	
[LW1-GigabitEthernet0/0/4]port l	
[LW1-GigabitEthernet0/0/4]port link-t	
[LW1-GigabitEthernet0/0/4]port link-type a	
[LW1-GigabitEthernet0/0/4]port link-type access 
[LW1-GigabitEthernet0/0/4]p	
[LW1-GigabitEthernet0/0/4]port de	
[LW1-GigabitEthernet0/0/4]port default vlan 4
[LW1-GigabitEthernet0/0/4]int g
May 10 2023 16:32:46-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 12, the 
change loop count is 0, and the maximum number of records is 4095.0/0/1
[LW1-GigabitEthernet0/0/1]p	
[LW1-GigabitEthernet0/0/1]port l	
[LW1-GigabitEthernet0/0/1]port link-t	
[LW1-GigabitEthernet0/0/1]port link-type t	
[LW1-GigabitEthernet0/0/1]port link-type trunk 
[LW1-GigabitEthernet0/0/1]p	
[LW1-GigabitEthernet0/0/1]port 
May 10 2023 16:32:56-08:00 LW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 13, the 
change loop count is 0, and the maximum number of records is 4095.t	
[LW1-GigabitEthernet0/0/1]port trunk a	
[LW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 4
[LW1-GigabitEthernet0/0/1]quit

sw2：

The device is running!

<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys LW2
[LW2]u	
[LW2]undo	
[LW2]user-group	
[LW2]udp-helper	
[LW2]upgrade	
[LW2]unknown-unicast	
[LW2]user-bind	
[LW2]user-interface	
[LW2]undo
May 10 2023 16:33:49-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.	
[LW2]user-in	
[LW2]user-interface con	
[LW2]user-interface console 0
[LW2-ui-console0]i	
[LW2-ui-console0]idle-timeout 0 0
[LW2-ui-console0]quit
[LW2]vlan b	
[LW2]vlan batch 20 30
May 10 2023 16:34:09-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.
Info: This operation may take a few seconds. Please wait for a moment...done.
[LW2]int g0/0/2
[LW2-GigabitEthernet0/0/2]p	
[LW2-GigabitEthernet0/0/2]port l	
[LW2-GigabitEthernet0/0/2]port link-
May 10 2023 16:34:19-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.t	
[LW2-GigabitEthernet0/0/2]port link-type a	
[LW2-GigabitEthernet0/0/2]port link-type access 
[LW2-GigabitEthernet0/0/2]p 	
[LW2-GigabitEthernet0/0/2]portde	
[LW2-GigabitEthernet0/0/2]port de	
[LW2-GigabitEthernet0/0/2]port default vlan 20
[LW2-GigabitEthernet0/0/2]int g0/0/3
[LW2-GigabitEthernet0/0/3]
May 10 2023 16:34:29-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 8, the c
hange loop count is 0, and the maximum number of records is 4095.p 	
[LW2-GigabitEthernet0/0/3]portl	
[LW2-GigabitEthernet0/0/3]portlt	
[LW2-GigabitEthernet0/0/3]port l	
[LW2-GigabitEthernet0/0/3]port link-t	
[LW2-GigabitEthernet0/0/3]port link-type a	
[LW2-GigabitEthernet0/0/3]port link-type access 
[LW2-GigabitEthernet0/0/3]p	
[LW2-GigabitEthernet0/0/3]port de	
[LW2-GigabitEthernet0/0/3]port default vlan 3
May 10 2023 16:34:39-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 9, the c
hange loop count is 0, and the maximum number of records is 4095.0
[LW2-GigabitEthernet0/0/3]int g0/0/1
[LW2-GigabitEthernet0/0/1]p 	
[LW2-GigabitEthernet0/0/1]port l	
[LW2-GigabitEthernet0/0/1]port link-t	
[LW2-GigabitEthernet0/0/1]port link-type t	
[LW2-GigabitEthernet0/0/1]port link-type trunk 
May 10 2023 16:34:49-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 10, the 
change loop count is 0, and the maximum number of records is 4095.
[LW2-GigabitEthernet0/0/1]p 	
[LW2-GigabitEthernet0/0/1]port de	
[LW2-GigabitEthernet0/0/1]port t	
[LW2-GigabitEthernet0/0/1]port trunk a	
[LW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 
May 10 2023 16:34:59-08:00 LW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 11, the 
change loop count is 0, and the maximum number of records is 4095.20 30
[LW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 30
[LW2-GigabitEthernet0/0/1]quit

R1：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys 	
[Huawei]sysname r1
[r1]u	
[r1]udp-helper
[r1]undo
[r1]user-bind
[r1]user-group
[r1]user-interface con	
[r1]user-interface console 0
[r1-ui-console0]i	
[r1-ui-console0]idle-timeout 0 0
[r1-ui-console0]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]do	
[r1-GigabitEthernet0/0/0.1]dot1q  t	
[r1-GigabitEthernet0/0/0.1]dot1q  termination v	
[r1-GigabitEthernet0/0/0.1]dot1q  termination vid 2
[r1-GigabitEthernet0/0/0.1]ip ad	
[r1-GigabitEthernet0/0/0.1]ip address 192.168.1.30 27
[r1-GigabitEthernet0/0/0.1]
May 10 2023 16:38:53-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0.1 has entered the UP state. 
[r1-GigabitEthernet0/0/0.1]int g0/0/0.2
[r1-GigabitEthernet0/0/0.2]do	
[r1-GigabitEthernet0/0/0.2]dot1q t	
[r1-GigabitEthernet0/0/0.2]dot1q termination v	
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/0.2]ip ad	
[r1-GigabitEthernet0/0/0.2]ip address 192.168.1.62 27
May 10 2023 16:39:20-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0.2 has entered the UP state. 
[r1-GigabitEthernet0/0/0.2]int g0/0/0.3
[r1-GigabitEthernet0/0/0.3]do	
[r1-GigabitEthernet0/0/0.3]dot1q t	
[r1-GigabitEthernet0/0/0.3]dot1q termination v	
[r1-GigabitEthernet0/0/0.3]dot1q termination vid 4
[r1-GigabitEthernet0/0/0.3]ip ad	
[r1-GigabitEthernet0/0/0.3]ip address 192.168.1.158 27
May 10 2023 16:39:43-08:00 r1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP 
on the interface GigabitEthernet0/0/0.3 has entered the UP state. 
[r1-GigabitEthernet0/0/0.3]quit
[r1]dh	
[r1]dhcp en	
[r1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r1]ip p	
[r1]ip policy-based-route
[r1]ip pool 1
Info: It's successful to create an IP address pool.
[r1-ip-pool-1]n	
[r1-ip-pool-1]nbns-list
[r1-ip-pool-1]netbios-type
[r1-ip-pool-1]network 192.168.1.0 m	
[r1-ip-pool-1]network 192.168.1.0 mask 27
[r1-ip-pool-1]g	
[r1-ip-pool-1]gateway-list 192.168.1.30
[r1-ip-pool-1]dn	
[r1-ip-pool-1]dns-list 8.8.8.8
[r1-ip-pool-1]quit
[r1]ip p	
[r1]ip policy-based-route
[r1]ip pool 2
Info: It's successful to create an IP address pool.
[r1-ip-pool-2]n	
[r1-ip-pool-2]nbns-list
[r1-ip-pool-2]netbios-type
[r1-ip-pool-2]network
[r1-ip-pool-2]next-server
[r1-ip-pool-2]nbns-list
[r1-ip-pool-2]netbios-type
[r1-ip-pool-2]network 192.168.1.32 m	
[r1-ip-pool-2]network 192.168.1.32 mask 27
[r1-ip-pool-2]g	
[r1-ip-pool-2]gateway-list 192.168.1.62
[r1-ip-pool-2]dn	
[r1-ip-pool-2]dns-list 8.8.8.8
[r1-ip-pool-2]quit
[r1]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]dh	
[r1-GigabitEthernet0/0/0.1]dhcp s	
[r1-GigabitEthernet0/0/0.1]dhcp select g	
[r1-GigabitEthernet0/0/0.1]dhcp select global 
[r1-GigabitEthernet0/0/0.1]arp b	
[r1-GigabitEthernet0/0/0.1]arp broadcast en	
[r1-GigabitEthernet0/0/0.1]arp broadcast enable 
[r1-GigabitEthernet0/0/0.1]int g0/0/0.2
[r1-GigabitEthernet0/0/0.2]dh	
[r1-GigabitEthernet0/0/0.2]dhcp s	
[r1-GigabitEthernet0/0/0.2]dhcp select g	
[r1-GigabitEthernet0/0/0.2]dhcp select global 
[r1-GigabitEthernet0/0/0.2]arp b	
[r1-GigabitEthernet0/0/0.2]arp broadcast en	
[r1-GigabitEthernet0/0/0.2]arp broadcast enable 
[r1-GigabitEthernet0/0/0.2]int g0/0/0.3
[r1-GigabitEthernet0/0/0.3]arp b	
[r1-GigabitEthernet0/0/0.3]arp broadcast en	
[r1-GigabitEthernet0/0/0.3]arp broadcast enable 
[r1-GigabitEthernet0/0/0.3]quit
[r1]

R2：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R2
[R2]u	
[R2]udp-helper
[R2]undo
[R2]user-bind
[R2]user-group
[R2]user-interface con	
[R2]user-interface console 0
[R2-ui-console0]i	
[R2-ui-console0]idle-timeout 0 0
[R2-ui-console0]int g0/0/0.1
[R2-GigabitEthernet0/0/0.1]di	
[R2-GigabitEthernet0/0/0.1]do	
[R2-GigabitEthernet0/0/0.1]dot1q t	
[R2-GigabitEthernet0/0/0.1]dot1q termination v	
[R2-GigabitEthernet0/0/0.1]dot1q termination vid 20
[R2-GigabitEthernet0/0/0.1]ip ad	
[R2-GigabitEthernet0/0/0.1]ip address 192.168.1.94 27
[R2-GigabitEthernet0/0/0.1]
May 10 2023 16:42:52-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0.1 has entered the UP state. 
[R2-GigabitEthernet0/0/0.1]int g0/0/0.2
[R2-GigabitEthernet0/0/0.2]do	
[R2-GigabitEthernet0/0/0.2]dot1q t	
[R2-GigabitEthernet0/0/0.2]dot1q termination v	
[R2-GigabitEthernet0/0/0.2]dot1q termination vid 30
[R2-GigabitEthernet0/0/0.2]ip ad	
[R2-GigabitEthernet0/0/0.2]ip address 192.168.1.126
                                                    ^
Error:Incomplete command found at '^' position.
[R2-GigabitEthernet0/0/0.2]ip address 192.168.1.126 27
May 10 2023 16:43:13-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0.2 has entered the UP state. 
[R2-GigabitEthernet0/0/0.2]quit
[R2]dh	
[R2]dhcp en	
[R2]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R2]ip p	
[R2]ip policy-based-route
[R2]ip pool 1
Info: It's successful to create an IP address pool.
[R2-ip-pool-1]n	
[R2-ip-pool-1]nbns-list
[R2-ip-pool-1]netbios-type
[R2-ip-pool-1]network 192.168.1.64 m	
[R2-ip-pool-1]network 192.168.1.64 mask 27
[R2-ip-pool-1]g	
[R2-ip-pool-1]gateway-list 192.168.1.94
[R2-ip-pool-1]dn	
[R2-ip-pool-1]dns-list 8.8.8.8
[R2-ip-pool-1]quit
[R2]ip p	
[R2]ip policy-based-route
[R2]ip pool 2
Info: It's successful to create an IP address pool.
[R2-ip-pool-2]n	
[R2-ip-pool-2]nbns-list
[R2-ip-pool-2]netbios-type
[R2-ip-pool-2]network 192.168.1.96 m	
[R2-ip-pool-2]network 192.168.1.96 mask 27
[R2-ip-pool-2]g	
[R2-ip-pool-2]gateway-list 192.168.1126
                           ^
Error: Wrong parameter found at '^' position.
[R2-ip-pool-2]gateway-list 192.168.126
                           ^
Error: Wrong parameter found at '^' position.
[R2-ip-pool-2]gateway-list 192.168.1.126
[R2-ip-pool-2]dn	
[R2-ip-pool-2]dns-list 8.8.8.8
[R2-ip-pool-2]quit
[R2]int g0/0/0.1
[R2-GigabitEthernet0/0/0.1]dh	
[R2-GigabitEthernet0/0/0.1]dhcp b	
[R2-GigabitEthernet0/0/0.1]dhcp s	
[R2-GigabitEthernet0/0/0.1]dhcp select g	
[R2-GigabitEthernet0/0/0.1]dhcp select global 
[R2-GigabitEthernet0/0/0.1]arp b	
[R2-GigabitEthernet0/0/0.1]arp broadcast en	
[R2-GigabitEthernet0/0/0.1]arp broadcast enable 
[R2-GigabitEthernet0/0/0.1]int g0/0/0.2
[R2-GigabitEthernet0/0/0.2]dh	
[R2-GigabitEthernet0/0/0.2]dhcp s	
[R2-GigabitEthernet0/0/0.2]dhcp select g	
[R2-GigabitEthernet0/0/0.2]dhcp select global 
[R2-GigabitEthernet0/0/0.2]arp b	
[R2-GigabitEthernet0/0/0.2]arp broadcast en	
[R2-GigabitEthernet0/0/0.2]arp broadcast enable 
[R2-GigabitEthernet0/0/0.2]quit
[R2]

R1：

[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip ad	
[r1-GigabitEthernet0/0/1]ip address 192.168.1.161 30
[r1-GigabitEthernet0/0/1]
May 10 2023 16:48:08-08:00 r1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r1-GigabitEthernet0/0/1]quit
[r1]

R2：

---

[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip ad	
[R2-GigabitEthernet0/0/1]ip address 192.168.1.162 30
[R2-GigabitEthernet0/0/1]
May 10 2023 16:48:37-08:00 R2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[R2-GigabitEthernet0/0/1]int g0/0/2
[R2-GigabitEthernet0/0/2]ip ad	
[R2-GigabitEthernet0/0/2]ip address 202.1.1.1 30
[R2-GigabitEthernet0/0/2]
May 10 2023 16:48:58-08:00 R2 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP 
on the interface GigabitEthernet0/0/2 has entered the UP state. 
[R2-GigabitEthernet0/0/2]quit
[R2]

test1：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys test-1
[test-1]u	
[test-1]udp-helper
[test-1]undo
[test-1]user-bind
[test-1]user-group
[test-1]user-interface con	
[test-1]user-interface console 0
[test-1-ui-console0]i	
[test-1-ui-console0]idle-timeout 0 0
[test-1-ui-console0]quit
[test-1]int g0/0/0
[test-1-GigabitEthernet0/0/0]ip ad	
[test-1-GigabitEthernet0/0/0]ip address 203.1.1.1 24
May 10 2023 16:50:17-08:00 test-1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[test-1-GigabitEthernet0/0/0]quit
[test-1]

test2：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys	
[Huawei]sysname test-2
[test-2]u	
[test-2]udp-helper
[test-2]undo
[test-2]user-bind
[test-2]user-group
[test-2]user-interface con	
[test-2]user-interface console 0
[test-2-ui-console0]i	
[test-2-ui-console0]idle-timeout 0 0
[test-2-ui-console0]quit
[test-2]int g0/0/0
[test-2-GigabitEthernet0/0/0]ip ad	
[test-2-GigabitEthernet0/0/0]ip address 203.1.1.2 24
May 10 2023 16:51:06-08:00 test-2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[test-2-GigabitEthernet0/0/0]quit
[test-2]

Telnet Server：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys Telnet Server
[Telnet Server]u	
[Telnet Server]udp-helper
[Telnet Server]undo
[Telnet Server]user-bind
[Telnet Server]user-group
[Telnet Server]user-interface con	
[Telnet Server]user-interface console 0
[Telnet Server-ui-console0]i	
[Telnet Server-ui-console0]idle-timeout 0 0
[Telnet Server-ui-console0]quit
[Telnet Server]int g0/0/0
[Telnet Server-GigabitEthernet0/0/0]ip ad	
[Telnet Server-GigabitEthernet0/0/0]ip address 192.168.1.129 27
[Telnet Server-GigabitEthernet0/0/0]
May 10 2023 16:51:52-08:00 Telnet Server %%01IFNET/4/LINK_STATE(l)[0]:The line p
rotocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Telnet Server-GigabitEthernet0/0/0]quit
[Telnet Server]

ISP：

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys ISP
[ISP]u	
[ISP]udp-helper
[ISP]undo
[ISP]user-bind
[ISP]user-group
[ISP]user-interface con	
[ISP]user-interface console 0
[ISP-ui-console0]i	
[ISP-ui-console0]idle-timeout 0 0
[ISP-ui-console0]quit
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad	
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 30
May 10 2023 16:52:47-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[ISP-GigabitEthernet0/0/0]int g0/0/1
[ISP-GigabitEthernet0/0/1]ip ad	
[ISP-GigabitEthernet0/0/1]ip address 203.1.1.254 24
May 10 2023 16:53:02-08:00 ISP %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
 on the interface GigabitEthernet0/0/1 has entered the UP state. 
[ISP-GigabitEthernet0/0/1]quit
[ISP]

R1：

[r1]o	
[r1]oam-mgr
[r1]observe-port
[r1]observe-server
[r1]ospf 1 ro	
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]ar	
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]n	
[r1-ospf-1-area-0.0.0.0]nssa
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]quit
[r1-ospf-1]quit
[r1]
May 10 2023 16:55:19-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init) 

[r1]
May 10 2023 16:55:28-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=2Way) 
[r1]
May 10 2023 16:55:31-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=AdjOk?, NeighborPreviousState=2Way, NeighborCurrentState=ExStart) 
[r1]
May 10 2023 16:55:57-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=E
xchange) 
[r1]
May 10 2023 16:55:57-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[8]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loa
ding) 
[r1]
May 10 2023 16:55:57-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[9]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=162.1.168.192, Neig
hborEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
 
[r1]

R2：

[R2]o	
[R2]oam-mgr
[R2]observe-port
[R2]observe-server
[R2]ospf 1 ro	
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]ar	
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]n	
[R2-ospf-1-area-0.0.0.0]nssa
[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]q
May 10 2023 16:55:21-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init) 

[R2-ospf-1]q
May 10 2023 16:55:21-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=2Way) 
[R2-ospf-1]quit
[R2]
May 10 2023 16:55:57-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=AdjOk?, NeighborPreviousState=2Way, NeighborCurrentState=ExStart) 
[R2]
May 10 2023 16:55:57-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=E
xchange) 
[R2]
May 10 2023 16:55:57-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[8]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loa
ding) 
[R2]
May 10 2023 16:55:57-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[9]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=161.1.168.192, Neig
hborEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
 
[R2]

Telnet Server：

[Telnet Server]ip ro	
[Telnet Server]ip route
[Telnet Server]ip route-static 0.0.0.0 0 192.168.1.158
[Telnet Server]

PC5：

R2：

[R2]ip ro	
[R2]ip route-static 0.0.0.0 0 202.1.1.2
[R2]o	
[R2]oam-mgr
[R2]observe-port
[R2]observe-server
[R2]ospf 1 ro	
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]de	
[R2-ospf-1]default
[R2-ospf-1]default-route-advertise
[R2-ospf-1]quit
[R2]
[R2]acl 2000
[R2-acl-basic-2000]n	
[R2-acl-basic-2000]ru	
[R2-acl-basic-2000]rule p	
[R2-acl-basic-2000]rule permit s	
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-basic-2000]quit
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]nat o	
[R2-GigabitEthernet0/0/2]nat outbound 2000
[R2-GigabitEthernet0/0/2]quit
[R2]

 test-1：

[test-1]ip ro	
[test-1]ip route
[test-1]ip route-static 202.1.1.0 30 203.1.1.254
[test-1]

test-2：

[test-2]ip ro	
[test-2]ip route
[test-2]ip route-static 202.1.1.0 30 203.1.1.254
[test-2]

R2：

[r1]acl 3000
[r1-acl-adv-3000]ru	
[r1-acl-adv-3000]rule de	
[r1-acl-adv-3000]rule deny i	
[r1-acl-adv-3000]rule deny icmp s	
[r1-acl-adv-3000]rule deny icmp source 192.168.1.29 0 d	
[r1-acl-adv-3000]rule deny icmp source 192.168.1.29 0 destination 203.1.1.100 0
[r1-acl-adv-3000]quit
[r1]int g0/0/2
[r1-GigabitEthernet0/0/2]quit
[r1]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]t	
[r1-GigabitEthernet0/0/0.1]test-aaa
[r1-GigabitEthernet0/0/0.1]tracert
[r1-GigabitEthernet0/0/0.1]traffic-filter in	
[r1-GigabitEthernet0/0/0.1]traffic-filter inbound ?
  acl   Specify ACL to match
  ipv6  Specify IPv6 
[r1-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000
[r1-GigabitEthernet0/0/0.1]quit
[r1]

Telnet Server：

[Telnet Server]aaa
[Telnet Server-aaa]l	
[Telnet Server-aaa]local-user huawei p	
[Telnet Server-aaa]local-user huawei password c	
[Telnet Server-aaa]local-user huawei password cipher 123456 p	
[Telnet Server-aaa]local-user huawei password cipher 123456 privilege l	
[Telnet Server-aaa]local-user huawei password cipher 123456 privilege level 15
Info: Add a new user.
[Telnet Server-aaa]l	
[Telnet Server-aaa]local-user huawei s	
[Telnet Server-aaa]local-user huawei service-type t	
[Telnet Server-aaa]local-user huawei service-type terminal
[Telnet Server-aaa]local-user huawei service-type telnet
[Telnet Server-aaa]quit
[Telnet Server]in	
[Telnet Server]u	
[Telnet Server]udp-helper
[Telnet Server]undo
[Telnet Server]user-bind
[Telnet Server]user-group
[Telnet Server]user-interface vty 0 4
[Telnet Server-ui-vty0-4]
[Telnet Server-ui-vty0-4]a	
[Telnet Server-ui-vty0-4]acl
[Telnet Server-ui-vty0-4]arp-ping
[Telnet Server-ui-vty0-4]authentication-mode aaa
[Telnet Server-ui-vty0-4]quit
[Telnet Server]

R2：

[R2-GigabitEthernet0/0/2]n	
[R2-GigabitEthernet0/0/2]nat s	
[R2-GigabitEthernet0/0/2]nat static
[R2-GigabitEthernet0/0/2]nat server p	
[R2-GigabitEthernet0/0/2]nat server protocol t	
[R2-GigabitEthernet0/0/2]nat server protocol tcp g	
[R2-GigabitEthernet0/0/2]nat server protocol tcp global c	
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 in	

[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.129 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[R2-GigabitEthernet0/0/2]quit
[R2]

test-1测试远程：

<test-1>telnet 202.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 202.1.1.1 ...
  Connected to 202.1.1.1 ...

Login authentication


Username:huawei
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 192.168.1.162     
  Time       : 2023-05-10 22:26:04-08:00     
  -----------------------------------------------------------------------------
<Telnet Server>quit

  Configuration console exit, please retry to log on

  The connection was closed by the remote host
<test-1>

isp：

[ISP-acl-adv-3000]
[ISP-acl-adv-3000]ru	
[ISP-acl-adv-3000]rule de	
[ISP-acl-adv-3000]rule deny t	
[ISP-acl-adv-3000]rule deny tcp s	
[ISP-acl-adv-3000]rule deny tcp source 203.1.1.2 0 de	
[ISP-acl-adv-3000]rule deny tcp source 203.1.1.2 0 destination-port
[ISP-acl-adv-3000]rule deny tcp source 203.1.1.2 0 destination 202.1.1.1 0 d	
[ISP-acl-adv-3000]rule deny tcp source 203.1.1.2 0 destination 202.1.1.1 0 dscp
[ISP-acl-adv-3000]rule deny tcp source 203.1.1.2 0 destination 202.1.1.1 0 desti
nation-port eq 23
[ISP-acl-adv-3000]quit
[ISP]int g0/0/1
[ISP-GigabitEthernet0/0/1]t	
[ISP-GigabitEthernet0/0/1]test-aaa
[ISP-GigabitEthernet0/0/1]tracert
[ISP-GigabitEthernet0/0/1]traffic-filter in	
[ISP-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[ISP-GigabitEthernet0/0/1]quit
[ISP]

test-2测试：

Username:huawei
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 203.1.1.2     
  Time       : 2023-05-10 23:33:39-08:00     
  -----------------------------------------------------------------------------
<Telnet Server>quit

  Configuration console exit, please retry to log on

  The connection was closed by the remote host
<test-2>t	
<test-2>terminal
<test-2>test-aaa
<test-2>tftp
<test-2>tracert
<test-2>telnet 202.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 202.1.1.1 ...
  Error: Can't connect to the remote host
<test-2>