一.实验拓扑
二.实验要求
1.学校内部的HTTP客户端可以正常通过域名www.baidu.com访问到百度网络中的HTTP服务器
2.学校网络内部网段基于192.168.1.0/24划分,PC1可以正常访问3.3.3.0/24网段,但是PC2不允许
3.学校内部路由使用静态路由,R1和R2之间两条链路进行浮动静态
4.运营商网络内部使用动态路由协议
5.AR1可以被telnet远程控制
三.实验步骤
1.划分子网,配置路由表
首先学校内网有四个广播域,所以可以将192.168.1.0/24划分为
192.168.1.0/26
192.168.1.64/26
192.168.1.128/26
192.168.1.192/26
其次是运营商网络3.3.3.0/24属于r3的环回地址,所以运营商网络根据公网自己合理划分
r1-r3:13.0.0.0/24
r3-r4:34.0.0.0/24
r3-r5:35.0.0.0/24
r4:100.0.0.0/24
r5-r6:56.0.0.0/24
最后百度内网也属于私网ip所以根据私网ip进行划分
r6:172.16.1.0/24
对学校网络以192.168.1.0/24划分,对运营商网络以3.3.3.0/24网段划分,百度网络也是私网,在私网中找到一个网段进行划分,这里以10.0.0.0/24网段。
划分子网后视图如下:
配置路由表时客户端采用动态路由协议,学校网络采用静态路由协议
1.LSW1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys sw1
[sw1]vlan batch
Dec 22 2024 15:06:23-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw1]int g 0/0/4
[sw1-GigabitEthernet0/0/4]
Dec 22 2024 15:06:33-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.port link-type
access
[sw1-GigabitEthernet0/0/4]
Dec 22 2024 15:06:43-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.port default vl
an 2
[sw1-GigabitEthernet0/0/4]int
Dec 22 2024 15:06:53-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 7, the c
hange loop count is 0, and the maximum number of records is 4095.g 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1-GigabitEthernet0/0/2]
Dec 22 2024 15:07:03-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 8, the c
hange loop count is 0, and the maximum number of records is 4095.port default vl
an 3
[sw1-GigabitEthernet0/0/2]int g
Dec 22 2024 15:07:13-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 9, the c
hange loop count is 0, and the maximum number of records is 4095.0/0/3
[sw1-GigabitEthernet0/0/3]port link-type access
[sw1-GigabitEthernet0/0/3]
Dec 22 2024 15:07:23-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 10, the
change loop count is 0, and the maximum number of records is 4095.port default v
lan 3
[sw1-GigabitEthernet0/0/3]int g 0/0/1
Dec 22 2024 15:07:33-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 11, the
change loop count is 0, and the maximum number of records is 4095.
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]
Dec 22 2024 15:07:43-08:00 sw1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 12, the
change loop count is 0, and the maximum number of records is 4095.port trunk all
ow-pass vlan 2 3
r2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r2
[r2]int g0/0/0.1
[r2-GigabitEthernet0/0/0.1]ip add 192.168.1.1 26
[r2-GigabitEthernet0/0/0.1]dot1q termination vid 3
Dec 22 2024 15:24:35-08:00 r2 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP
on the interface GigabitEthernet0/0/0.1 has entered the UP state.
[r2-GigabitEthernet0/0/0.1]arp broadcast enable
[r2-GigabitEthernet0/0/0.1]int g0/0/0.2
[r2-GigabitEthernet0/0/0.2]ip add 192.168.1.65 26
[r2-GigabitEthernet0/0/0.2]dot1q termination vid 2
Dec 22 2024 15:25:02-08:00 r2 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol IP
on the interface GigabitEthernet0/0/0.2 has entered the UP state.
[r2-GigabitEthernet0/0/0.2]arp broadcast enable
[r2-GigabitEthernet0/0/0.2]q
[r2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]ip pool 1
Info: It's successful to create an IP address pool.
[r2-ip-pool-1]network 192.168.1.0 mask 26
[r2-ip-pool-1]gateway-list 192.168.1.1
[r2-ip-pool-1]dns-list 100.0.0.1
[r2-ip-pool-1]q
[r2]int g0/0/0.1
[r2-GigabitEthernet0/0/0.1]dhcp select global
[r2-GigabitEthernet0/0/0.1]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 192.168.1.129 26
Dec 22 2024 15:26:22-08:00 r2 %%01IFNET/4/LINK_STATE(l)[5]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r2-GigabitEthernet0/0/1]int g0/0/2
[r2-GigabitEthernet0/0/2]ip add 192.168.1.193 26
[r2-GigabitEthernet0/0/2]
Dec 22 2024 15:26:38-08:00 r2 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[r2-GigabitEthernet0/0/2]q
[r2]ip route-static 0.0.0.0 0 192.168.1.130
[r2]ip route-static 0.0.0.0 0 192.168.1.194 preference 61
r1
[Huawei]sys r1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add
[r1-GigabitEthernet0/0/0]ip address 192.168.1.130 26
Dec 22 2024 15:11:15-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip a
[r1-GigabitEthernet0/0/1]ip add
[r1-GigabitEthernet0/0/1]ip address 192.168.1.194 26
Dec 22 2024 15:11:37-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r1-GigabitEthernet0/0/1]int g 0/0/2
[r1-GigabitEthernet0/0/2]ip address 13.0.0.1 24
[r1-GigabitEthernet0/0/2]
Dec 22 2024 15:12:07-08:00 r1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[r1-GigabitEthernet0/0/2]q
[r1]ip route-static 192.168.1.0 26 192.168.1.129
[r1]ip route-static 192.168.1.0 26 192.168.1.193 preference 70
[r1]ip route-static 192.168.1.64 26 192.168.1.129
[r1]ip route-static 192.168.1.64 26 192.168.1.193 preference 70
r3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r3
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip address 13.0.0.3 24
Dec 22 2024 15:13:11-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r3-GigabitEthernet0/0/0]int g 0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.0.0.3 24
Dec 22 2024 15:13:27-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r3-GigabitEthernet0/0/1]int g 0/0/2
[r3-GigabitEthernet0/0/2]ip address 35.0.0.3 24
[r3-GigabitEthernet0/0/2]
Dec 22 2024 15:13:37-08:00 r3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP
on the interface GigabitEthernet0/0/2 has entered the UP state.
[r3-GigabitEthernet0/0/2]q
[r3]int LoopBack 1
[r3-LoopBack1]ip add 3.3.3.3 24
[r3-LoopBack1]q
[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 13.0.0.0
[r3-rip-1]network 34.0.0.0
[r3-rip-1]network 3.0.0.0
[r3-rip-1]network 35.0.0.0
r4
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r4
[r4]int g 0/0/0
[r4-GigabitEthernet0/0/0]ip address 34.0.0.4 24
Dec 22 2024 15:14:46-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r4-GigabitEthernet0/0/0]int g 0/0/1
[r4-GigabitEthernet0/0/1]ip address 100.0.0.254 24
Dec 22 2024 15:14:58-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r4-GigabitEthernet0/0/1]q
[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 34.0.0.0
[r4-rip-1]network 100.0.0.0
r5
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r5
[r5]int g 0/0/0
[r5-GigabitEthernet0/0/0]ip add 35.0.0.5 24
Dec 22 2024 15:15:43-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r5-GigabitEthernet0/0/0]int g 0/0/1
[r5-GigabitEthernet0/0/1]ip address 56.0.0.5 24
Dec 22 2024 15:15:58-08:00 r5 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r5-GigabitEthernet0/0/1]q
[r5]rip 2
[r5-rip-2]version 2
[r5-rip-2]network 35.0.0.0
[r5-rip-2]network 56.0.0.0
r6
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r6
[r6]int g 0/0/0
[r6-GigabitEthernet0/0/0]ip address 56.0.0.6 24
Dec 22 2024 15:16:40-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r6-GigabitEthernet0/0/0]int g 0/0/1
[r6-GigabitEthernet0/0/1]ip address 172.16.1.254 24
Dec 22 2024 15:17:02-08:00 r6 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[r6-GigabitEthernet0/0/1]q
8.学校内网HTTP客户端
9.DNS服务器
10.百度HTTP服务器
此时检查校内网络连通情况
2.配置nat技术
在边界路由r1上配置使内网能够访问外网
[r1]ip route-static 0.0.0.0 0 13.0.0.3
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r1-acl-basic-2000]int g0/0/2
[r1-GigabitEthernet0/0/2]nat outbound 2000检查内外网连通性
3.配置端口映射
校内http想要访问到百度的http服务器就需要使用到端口映射技术,将172.16.1.1的80端口映射到公网ip的出接口中所以在r6上使用此技术
[r6]ip route-static 0.0.0.0 0 56.0.0.5
[r6-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80 ins
ide 172.16.1.1 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[r6-acl-basic-2000]q
[r6]int g 0/0/0
[r6-GigabitEthernet0/0/0]nat outbound 2000
4.配置高级acl使pc2不能访问3.3.3.0网段
[r2]acl 3000
[r2-acl-adv-3000]rule deny ip source 192.168.1.61 0.0.0.0 destination 3.3.3.0 0.
0.0.255
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
5.启用telnet
在ar1上启用telnet服务
[r1]aaa
[r1-aaa]local-user huawei password cipher 123456 privilege level 15
Info: Add a new user.
[r1-aaa]local-user huawei service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
扫一扫
1515
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
