示例图
1.按图所示,配置设备的接口地址,和名称
2.PC1和PC2的网关在LSW3上,PC3的网关在LSW4上
3.PC1和PC2由DHCP全局地址池获取地址,PC3由DHCP接口地址池获取地址
4.SW3和SW4做(Eth-Trunk)链路聚合,并配置,IP地址
5.内部用OSPF协议实现全网互通,并配置区域认证
6.AR1和AR2配置远程登录,AR2配置FTP服务
7.AR2配置NAT地址转换,200.0.1.1-200.0.1.为转化的地址
8.要求PC3无法访问,ISP-AR3
9.AR2上面配置NAT-Server,映射的地址为200.0.1.6
1.ISP-AR3到内部的静态路由的目的地址为转换后的地址
2.利用ACL过滤数据报文,只能在入方向上关联,才能起作用
sysname ISP-AR3
#
interface GigabitEthernet0/0/0
ip address 100.0.35.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.0.23.3 255.255.255.0
#
ip route-static 200.0.1.0 255.255.255.0 100.0.23.2
#
return
sysname AR1
#
interface GigabitEthernet0/0/0
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.0.14.1 255.255.255.0
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
authentication-mode md5 1 plain huawei123
//配置OSFP区域认证
network 1.1.1.1 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.13.0 0.0.0.255
network 10.0.14.0 0.0.0.255
#
user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei
//telnet登录密码
#
return
sysname AR2
#
ftp server enable
//开启FTP服务,默认关闭
#
acl number 2000
//配置允许NAT地址转换的ACL列表
rule 5 permit
//允许所有,默认也是允许所用
#
acl number 3000
//配置报文过滤ACL列表
rule 5 deny ip source 10.0.2.0 0.0.0.255
//拒绝,源地址为10.0.2.0 网段的所有,IP地址,访问ISP-AR3
#
nat address-group 1 200.0.1.1 200.0.1.5
//配置NAT转换的地址池
#
aaa
//配置FTP登录的用户信息
local-user yuxin password cipher yuxin
local-user yuxin privilege level 3
//配置这个FTP用户的级别,默认为0,不可登录
local-user yuxin ftp-directory flash:
//配置这个FTP用户的根目录
local-user yuxin service-type telnet ftp
//配置为这个用户开启的服务,默认为telnet
#
nat address-group 1 200.0.1.1 200.0.1.5
#
interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
traffic-filter inbound acl 3000
//在接收方向,关联ACL 3000
#
interface GigabitEthernet0/0/1
ip address 100.0.23.2 255.255.255.0
nat server global 200.0.1.6 inside 10.0.4.1
//配置NAT-Server的映射,公网地址→私网地址
nat outbound 2000 address-group 1
//在出方向上,关联,ACL 2000和NAT转换的地址池,
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
default-route-advertise
//配置在OSPF内引入缺省路由,默认通告到其他区域
area 0.0.0.0
authentication-mode md5 1 plain huawei123
//区域认证的密码
network 2.2.2.2 0.0.0.0
network 10.0.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 100.0.23.3
//通向ISP-AR3的默认路由
#
user-interface vty 0 4
authentication-mode password
set authentication password cipher huawei //telnet登录密码
user-interface vty 16 20
authentication-mode aaa //配置FTP登录信息
#
return
sysname LSW3
#
vlan batch 2 to 3 10 20
#
dhcp enable
//开启DHCP功能
#
ip pool pool-finance
//配置基于DHCP全局地址池内容
gateway-list 10.0.2.254
//网关
network 10.0.2.0 mask 255.255.255.0
//用于DHCP分配的网段,掩码
static-bind ip-address 10.0.2.1 mac-address 5489-981c-1972
//绑定MAC地址
lease day 10 hour 0 minute 0
//租期时间为10天
#
ip pool pool-market
gateway-list 10.0.1.254
network 10.0.1.0 mask 255.255.255.0
static-bind ip-address 10.0.1.1 mac-address 5489-9872-26ba
excluded-ip-address 10.0.1.250 10.0.1.253
//配置除的地址
#
interface Vlanif2
ip address 10.0.13.3 255.255.255.0
#
interface Vlanif3
ip address 10.0.34.3 255.255.255.0
#
interface Vlanif10
ip address 10.0.1.254 255.255.255.0
dhcp select global
//引用DHCP
#
interface Vlanif20
ip address 10.0.2.254 255.255.255.0
dhcp select global
//引用DHCP
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 3
port trunk allow-pass vlan 3 10 20 30 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 2
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 3 10 20 30 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
authentication-mode md5 1 plain huawei123
//配置区域认证的密码
network 10.0.1.0 0.0.0.255
network 10.0.2.0 0.0.0.255
network 10.0.34.0 0.0.0.255
network 10.0.13.0 0.0.0.255
#
return
sysname LSW4
#
vlan batch 2 to 3 30 40
#
dhcp enable
#
interface Vlanif2
ip address 10.0.14.4 255.255.255.0
#
interface Vlanif3
ip address 10.0.34.4 255.255.255.0
#
interface Vlanif30
ip address 10.0.3.254 255.255.255.0
dhcp select interface
//基于DHCP接口地址池,分配地址
#
interface Vlanif40
ip address 10.0.4.254 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk pvid vlan 3
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 2
port trunk allow-pass vlan 2
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 1
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 2 to 3 10 20 30 40
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
authentication-mode md5 1 plain huawei123
//配置区域认证的密码
network 10.0.3.0 0.0.0.255
network 10.0.4.0 0.0.0.255
network 10.0.34.0 0.0.0.255
network 10.0.14.0 0.0.0.255
#
return
sysname LSW1
#
vlan batch 10 20
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 3 10 20 30 40
#
return
sysname LSW2
#
vlan batch 30 40
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40
#
return