18 周实训作业

注：分支要求详细配置，简化配置，期末见 <h.dayi.ink> cmd因版本过于乱，临时不再维护

版本0.9

排版比较乱，建议直接下下来，直接看running-config

文件

https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-27-15-48-28_Marten_Infatuated_Delirious.rar

周四要求和作业

要求：内网

某公司企业内网，内网当中存在四个vlan ，分别为vlan10 vlan20 vlan30 vlan100

1. 财务部是vlan10，并命名为caiwu
   技术部是vlan20,并命名为jishu
   管理部门为vlan30，并命名为guanli
   内网服务器内网HTTP-SERVER单独位于vlan100，vlan名称为fuwuqi。
2. 配置基本网络：
   1）财务部的网段是192.168.1.0/24，网关为192.168.1.254
   2）技术部的网段为192.168.2.0/24，网关为192.168.2.254
   3）管理部的网段为192.168.3.0/24，网关为192.168.3.254
   4）服务器的网段为172.16.1.0/24，网关为172.16.1.254
   5）R1和SW1之间互联的地址为192.168.10.0/30的地址
3. 现在要求所有的网关都在内网核心交换机SW1上，使用svi接口充当网关
4. 实现内网所有PC和服务器之间的互联
5. 由于内网员工对于计算机的使用能力较差，因此，针对财务部，技术部和管理部的终端而言，需要通过DHCP的方式自动获取IP地址（需要排除每个网段1-100的地址作为保留使用，从101开始获取），而服务器的地址由于需要固定访问，所以通过手动静态配置IP地址。（dhcp的server位于出口路由器R1上，使用dhcp的中继完成最终地址的获取）
6. 允许内网管理部门的员工通过telnet管理内网的路由器和核心交换机，其他部门不允许通过telnet管理路由器和交换机。（要配置telnet管理内网设备）

要求：公网

公网部分

1. R1和R2之间采用100.1.1.0/24网段，R2和R3之间采用124.126.100.0/24网段地址，R3和R4之间采用202.96.137.0/24网段地址，R3和外网HTTP-SERVER以及公网PC之间，采用124.126.200.0/24网段地址。（外网HTTP-SERVER和公网PC的网关为124.126.200.254）
2. 为了保证公网之间能够通信，R1、R2、R3之间采用ospf动态路由协议进行通信
3. 公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务
4. 现在有一台公网服务器HTTP-SERVER，地址为124.126.200.10/24，现在需要内网用户能够访问到该公网服务器。（R1和R2之间使用124.126.100.0/24网段）
5. 有一台公网的DNS-SERVER，地址为113.100.2.56/24，网关为113.100.2.1/24，我们最终想要通过访问www.shixun.com这个域名访问到公网http-server，并且查看首页的a small page，内容显示为：welcome to study our course!

要求：分支

1. 内网PC7和PC8分别位于vlan70和vlan80这两个vlan当中
2. PC7和PC8的网关分别为192.168.70.254 192.168.80.254，且网关位于R4路由器上
3. PC7和PC8也要能够访问外网（测试访问公网HTTP-SERVER）

拓扑图

最后的拓扑图如下：

VLAN添加和配置

要求如下：VLAN配置要求

某公司企业内网中存在四个VLAN,具体配置如下:

核心交换机：建立VLAN

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname 
Switch(config)#hostname core
core(config)#vlan 10
core(config-vlan)#name caiwu
core(config-vlan)#vlan 20
core(config-vlan)#name jishu
core(config-vlan)#vlan 30
core(config-vlan)#name guanli
core(config-vlan)#vlan 100
core(config-vlan)#name fuwuqi

核心交换机：配置完的VLAN信息：

core#show vlan brief 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active 

核心交换机：配置VLAN分发，VTP服务器

在核心交换机上：

core(config)#vtp mode server
  Device mode already VTP SERVER.
core(config)#vtp domain crazy-friday
  Changing VTP domain name from NULL to crazy-friday
core(config)#vtp password crazy
  Setting device VLAN database password to crazy

核心交换机：配置VLAN地址

要求

2、配置基本网络：
1）财务部的网段是192.168.1.0/24，网关为192.168.1.254
2）技术部的网段为192.168.2.0/24，网关为192.168.2.254
3）管理部的网段为192.168.3.0/24，网关为192.168.3.254
4）服务器的网段为172.16.1.0/24，网关为172.16.1.254
5）R1和SW1之间互联的地址为192.168.10.0/30的地址

配置

添加4个vlan，并且配置IP地址。

core(config)#int vlan 10
core(config-if)#ip addr 192.168.1.254 255.255.255.0
core(config-if)#no shut

core(config-if)#int vlan 20
core(config-if)#ip addr 192.168.2.254 255.255.255.0
core(config-if)#no shut

core(config-if)#int vlan 30
core(config-if)#ip addr 192.168.3.254 255.255.255.0
core(config-if)#no shut

core(config-if)#int vlan 100
core(config-if)#ip addr 172.16.1.254 255.255.255.0
core(config-if)#no shut       

当前接口状态和IP配置概要

物理接口状态：

• FastEthernet0/1 到 FastEthernet0/4: 启用且运行中（up/up）
• FastEthernet0/5: 物理连接断开（down/down）
• GigabitEthernet0/1 和 GigabitEthernet0/2: 物理连接断开（down/down）

公司内网：3、现在要求所有的网关都在内网核心交换机SW1上，使用svi接口充当网关

SW1上开启三层路由功能

core#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
core(config)#ip routing

公司内网：配置子交换机的VLAN同步：

财务部交换机

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#vtp domain crazy-friday
Changing VTP domain name from NULL to crazy-friday
Switch(config)#vtp password crazy
Setting device VLAN database password to crazy

Switch(config)#hostname finance-sw
finance-sw(config)#int fa0/4
finance-sw(config-if)#switchport mode trunk

可以看到VLAN数据库已经成功同步

划分VLAN接口：

将全部接口划分到VLAN:

finance-sw(config-if)#int range fa0/1,fa0/2,fa0/3,fa0/5-24
finance-sw(config-if-range)#sw mode access 
finance-sw(config-if-range)#sw ac vlan 10
finance-sw(config-if-range)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig0/1, Gig0/2
10   caiwu                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
finance-sw(config-if-range)#

公司内网：管理部交换机

Switch>en
Switch#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname manage-sw
manage-sw(config)#int fa 0/1
manage-sw(config-if)#sw mode trunk 
  %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
manage-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gig0/1
                                                Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
manage-sw(config-if)#
manage-sw(config-if)#vtp mode client
Setting device to VTP CLIENT mode.
manage-sw(config)#vtp domain crazy-friday
Domain name already set to crazy-friday.
manage-sw(config)#vtp password crazy
Setting device VLAN database password to crazy

manage-sw(config)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gig0/1
                                                Gig0/2
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
manage-sw(config)#

划分VLAN接口

manage-sw(config)#int range fa0/2-fa0/24
manage-sw(config-if-range)#sw mode access
manage-sw(config-if-range)#sw ac vlan 30
manage-sw(config-if-range)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig0/1, Gig0/2
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
manage-sw(config-if-range)#

公司内网：技术部交换机

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname tech-sw
tech-sw(config)#vtp mode client
Setting device to VTP CLIENT mode.
tech-sw(config)#vtp domain crazy-friday
Changing VTP domain name from NULL to crazy-friday
tech-sw(config)#vtp password crazy
Setting device VLAN database password to crazy
tech-sw(config)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
tech-sw(config)#int 
  %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
  %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
  % Incomplete command.
tech-sw(config)#int g0/1
tech-sw(config-if)#sw mode tr
tech-sw(config-if)#sw mode trunk 
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
tech-sw(config-if)#dis vlan br    
tech-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
tech-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
tech-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/2
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
tech-sw(config-if)#int range fa0/1-24
tech-sw(config-if-range)#sw mode access
tech-sw(config-if-range)#sw ac vlan 30
tech-sw(config-if-range)#sw ac vlan 20
tech-sw(config-if-range)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig0/2
10   caiwu                            active    
20   jishu                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
tech-sw(config-if-range)#

公司内网：服务器交换机

Switch#en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname server-sw
server-sw(config)#int g0/1
server-sw(config-if)#sw mode tr
server-sw(config-if)#sw mode trunk 
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
server-sw(config-if)#dis vlan br
server-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
server-sw(config-if)#vtp mode client
Setting device to VTP CLIENT mode.
server-sw(config)#vtp domain crazy-friday
Domain name already set to crazy-friday.
server-sw(config)#vtp password crazy
Setting device VLAN database password to crazy
server-sw(config)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/2
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
server-sw(config)#int g0/2
server-sw(config-if)#sw mode ac
server-sw(config-if)#sw ac vlan 100
server-sw(config-if)#do show vlan b
server-sw(config-if)#do show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
10   caiwu                            active    
20   jishu                            active    
30   guanli                           active    
100  fuwuqi                           active    Gig0/2
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
server-sw(config-if)#

公司内网：服务器IP配置

• IP：172.16.1.10/24
• 网关：172.16.1.254
• DNS：临时：113.100.2.56

公司内网： 2.5： 5）R1和SW1之间互联的地址为192.168.10.0/30的地址

核心交换机：

core#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
core(config)#vlan 1000
core(config-vlan)#name R1-SW1-Interconnect
core(config-vlan)#interface vlan 1000
core(config-if)#
  %LINK-5-CHANGED: Interface Vlan1000, changed state to up
core(config-if)#ip address 192.168.10.2 255.255.255.252
core(config-if)#no shutdown
core(config-if)#interface GigabitEthernet0/0
core(config-if)#switchport mode access
core(config-if)#switchport access vlan 1000
core(config-if)#
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1000, changed state to up
no shut
core(config-if)#no shut
#配置静态路由
core(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.10.1

路由器

Router>en    
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.252
Router(config-if)#no shutdown
#子网静态路由
Router(config-if)#ip route 192.168.0.0 255.255.0.0 192.168.10.2

公司内网：4、实现内网所有PC和服务器之间的互联

允许trunk VLANIP互通

server-sw>en
server-sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
server-sw(config)#int g0/1
server-sw(config-if)#switchport trunk allowed vlan 10,20,30,100

finance-sw>en
finance-sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
finance-sw(config)#int f0/4
finance-sw(config-if)#switchport trunk allowed vlan 10,20,30,100

manage-sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
manage-sw(config)#int fa0/1
manage-sw(config-if)#switchport trunk allowed vlan 10,20,30,100

tech-sw>en
tech-sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
tech-sw(config)#int g0/1
tech-sw(config-if)#switchport trunk allowed vlan 10,20,30,100

核心交换机：

core#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
core(config)#int range g0/1,fa0/1-3
core(config-if-range)#switchport trunk allowed vlan 10,20,30,100

使用服务器进行测试

ping：172.16.1.254

ping 192.168.1.254

C:\>
C:\>ping 192.168.1.254

Pinging 192.168.1.254 with 32 bytes of data:

Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.254:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Control-C

ping 192.168.2.254

C:\>ping 192.168.2.254

Pinging 192.168.2.254 with 32 bytes of data:

Reply from 192.168.2.254: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.2.254:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Control-C

ping 192.168.3.254

C:\>ping 192.168.3.254

Pinging 192.168.3.254 with 32 bytes of data:

Reply from 192.168.3.254: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.3.254:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Control-C

ping 192.168.1.10

公司内网：5、由于内网员工对于计算机的使用能力较差，DHCP服务器

出口路由器

Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.100
Router(config)#ip dhcp excluded-address 192.168.2.1 192.168.2.100
Router(config)#ip dhcp excluded-address 192.168.3.1 192.168.3.100

Router(config)#ip dhcp pool VLAN10-POOL
Router(dhcp-config)#network 192.168.1.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.1.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exit

Router(config)#ip dhcp pool VLAN20-POOL
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.2.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exit

Router(config)#ip dhcp pool VLAN30-POOL
Router(dhcp-config)#network 192.168.3.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.3.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exit

DHCP中继

core(config)#int vlan 10
core(config-if)#ip helper-address 192.168.10.1
core(config-if)#int vlan 20
core(config-if)#ip helper-address 192.168.10.1
core(config-if)#int vlan 30
core(config-if)#ip helper-address 192.168.10.1

测试：

公司内网：6、允许内网管理部门的员工通过telnet管理内网的路由器和核心交换机，其他部门不允许通过telnet管理路由器和交换机。（要配置telnet管理内网设备）

可能有问题目前。内网管理部门咱这里理解为内网管理部门是技术部了 ，也许是管理部

新建VLAN500用于管理，并配置ACL表

• 核心交换机： 192.168.20.10
• 路由器：192.168.10.1

核心交换机：

core#configure terminal
core(config)#vlan 500
core(config-vlan)#name tech-admin
core(config-vlan)#exit
core(config)#interface vlan 500
core(config-if)#ip address 192.168.2.1 255.255.255.0
core(config-if)#no shutdown
core(config-if)#exit
core(config)#ip access-list standard TELNET-ACL
core(config-std-nacl)#permit 192.168.2.0 0.0.0.255
core(config-std-nacl)#deny any
core(config-std-nacl)#exit
core(config)#line vty 0 4
core(config-line)#access-class TELNET-ACL in
core(config-line)#exit
core(config)#interface range g0/1-2,fa0/1-3
core(config-if-range)#switchport mode trunk
core(config-if-range)#switchport trunk allowed vlan add 500
core(config-if-range)#exit
core(config)#ip route 192.168.2.0 255.255.255.0 vlan 500
core(config)#end
core#copy running-config startup-config

路由器:

Router#configure terminal
Router(config)#ip access-list standard TELNET-ACL
Router(config-std-nacl)#permit 192.168.2.0 0.0.0.255
Router(config-std-nacl)#deny any
Router(config-std-nacl)#exit
Router(config)#line vty 0 4
Router(config-line)#access-class TELNET-ACL in
Router(config-line)#exit

技术部SW:

tech-sw#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
tech-sw(config)#interface vlan 500 
tech-sw(config-if)#
  %LINK-5-CHANGED: Interface Vlan500, changed state to up
tech-sw(config-if)#ip address 192.168.20.120 255.255.255.0
tech-sw(config-if)#no shut
tech-sw(config-if)#interface g0/1
tech-sw(config-if)#switchport trunk allowed vlan add 500

tech-sw(config-if)#username KFC4 password KFC4
tech-sw(config)#line vty 0 4
tech-sw(config-line)#login local
tech-sw(config-line)#transport input telnet

只有技术部可以访问：

路由：

其他部门被拒绝了。

公网部分：要求

1. R1和R2之间采用100.1.1.0/24网段，R2和R3之间采用124.126.100.0/24网段地址，R3和R4之间采用202.96.137.0/24网段地址，R3和外网HTTP-SERVER以及公网PC之间，采用124.126.200.0/24网段地址。（外网HTTP-SERVER和公网PC的网关为124.126.200.254）
2. 为了保证公网之间能够通信，R1、R2、R3之间采用ospf动态路由协议进行通信
3. 公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务
4. 现在有一台公网服务器HTTP-SERVER，地址为124.126.200.10/24，现在需要内网用户能够访问到该公网服务器。（R1和R2之间使用124.126.100.0/24网段）
5. 有一台公网的DNS-SERVER，地址为113.100.2.56/24，网关为113.100.2.1/24，我们最终想要通过访问www.shixun.com这个域名访问到公网http-server，并且查看首页的a small page，内容显示为：welcome to study our course!

公网部分：1、IP配置

R1-IP：

IP地址：

Router>en                                  
Router#conf t                              
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int g0/1                    
Router(config-if)#ip address 100.1.1.1 255.255.255.0 
Router(config-if)#no shut                                   
  %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
Router(config-if)#router ospf 1       
Router(config-router)#network 100.1.1.0 0.0.0.255 area 0 
Router(config-router)#hostname r1          
r1(config)#                                

R2-IP：

IP地址:

Router>en                                 
Router#conf t                              
Enter configuration commands, one per line.  End with CNTL/Z.    
Router(config)#hostname r2                 
r2(config)#int g0/0                        
r2(config-if)#ip address 100.1.1.2 255.255.255.0  
r2(config-if)#no shut                                               
  %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up                          
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
r2(config-if)#int g0/1                    
r2(config-if)#ip address 124.126.100.1 255.255.255.0  
r2(config-if)#no shut                                               
  %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
#配置OSPF
r2(config-if)#router ospf 1                
r2(config-router)#network 100.1.1.0 0.0.0.255 area 0  
r2(config-router)#network 124.126.100.0 0.0.0.255 area 0  

R3:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname r3
r3(config)#int g0/0
r3(config-if)#ip address 124.126.100.2 255.255.255.0
r3(config-if)#no shut
  %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
r3(config-if)#int g0/1
r3(config-if)#ip address 202.96.137.1 255.255.255.0
r3(config-if)#no shut
  %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
r3(config-if)#int g0/2
r3(config-if)#ip address 124.126.200.254 255.255.255.0
r3(config-if)#no shut
  %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
#配置OSPF
r3(config-if)#router ospf 1
r3(config-router)#network 124.126.100.0 0.0.0.255 area 0
r3(config-router)#network 202.96.137.0 0.0.0.255 area 0
r3(config-router)#network 124.126.200.0 0.0.0.255 area 0

R4:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname r4
r4(config)#int g0/0
r4(config-if)#ip addr 202.96.137.2 255.255.255.0
r4(config-if)#no shut

当前路由表：

r1#show ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       100.1.1.0/24 is directly connected, GigabitEthernet0/1
L       100.1.1.1/32 is directly connected, GigabitEthernet0/1
     124.0.0.0/24 is subnetted, 2 subnets
O       124.126.100.0/24 [110/2] via 100.1.1.2, 00:13:02, GigabitEthernet0/1
O       124.126.200.0/24 [110/3] via 100.1.1.2, 00:11:52, GigabitEthernet0/1
S    192.168.0.0/16 [1/0] via 192.168.10.2
     192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.10.0/30 is directly connected, GigabitEthernet0/0
L       192.168.10.1/32 is directly connected, GigabitEthernet0/0
O    202.96.137.0/24 [110/3] via 100.1.1.2, 00:00:33, GigabitEthernet0/1

r1#

公网部分：3、公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务

内网访问服务器(172.16.1.10/24)，可以正常访问

R1配置路由

r1(config)#ip route 172.16.1.0 255.255.255.0 192.168.10.2

路由可以ping通内网服务器：

配置NAT：

r1(config)#int g0/0
r1(config-if)#ip nat inside
r1(config-if)#int g0/1
r1(config-if)#ip nat outside
r1(config)#ip nat inside source static tcp 172.16.1.10 80 100.1.1.1 8080

测试访问：

公网PC:
IP地址:124.126.200.11
子网掩码:255.255.255.0
默认网关:124.126.200.254
DNS服务器：113.100.2.56

可以正常访问：

公网部分：4、现在有一台公网服务器HTTP-SERVER，地址为124.126.200.10/24，现在需要内网用户能够访问到该公网服务器。（R1和R2之间使用124.126.100.0/24网段）

（R1和R2之间使用124.126.100.0/24网段） 此句话忽略。

IP配置：
IP地址:124.126.200.10
子网掩码:255.255.255.0
默认网关:124.126.200.254
DNS服务器：113.100.2.56

r1(config)#access-list 10 permit 192.168.0.0 0.0.255.255
r1(config)#ip nat inside source list 10 interface g0/1 overload

可以正常访问啦！

公网部分：5、有一台公网的DNS-SERVER，地址为113.100.2.56/24，网关为113.100.2.1/24，我们最终想要通过访问www.shixun.com这个域名访问到公网http-server，并且查看首页的a small page，内容显示为：welcome to study our course!

R2:

r2>en
r2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r2(config)#int g0/2
r2(config-if)#
r2(config-if)#ip address 113.100.2.1 255.255.255.0
r2(config-if)#no shut
  %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
  %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
#配置OSPF
r2(config-if)# router ospf 1
r2(config-router)#network 113.100.2.0 0.0.0.255 area 1

配置DNS服务器：

DNS服务器IP：113.100.2.56/24 via 113.100.2.1

配置域名：

www.shixun.com

测试访问：

访问成功，修改HTML

HTML内容

index.html

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>首页 - 欢迎来到实训课程</title>
</head>
<body>
    <div class="container">
        <h1>欢迎来到实训课程首页</h1>
        <p>点击下面的链接查看详细信息：</p>
        <a href="a_small_page.html">进入课程页面（a_small_page)</a>

        <a>疯狂星期5组奉献</a>
    </div>
</body>
</html>

a_small_page.html

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>课程详情 - 欢迎学习我们的课程</title>
   
</head>
<body>
    <div class="container">
        <h1>欢迎学习我们的课程！</h1>
        <p>Welcome to study our course!</p>
        <a href="index.html">返回首页</a>
        <a>疯狂星期5组奉献</a>
    </div>
</body>
</html>

效果

分支：

分支：1、内网PC7和PC8分别位于vlan70和vlan80这两个vlan当中

分支：2、PC7和PC8的网关分别为192.168.70.254 192.168.80.254，且网关位于R4路由器上

Switch>
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#
Switch(config)#hostname branch
branch(config)#vlan 70
branch(config-vlan)#int vlan 70
branch(config-if)#
  %LINK-5-CHANGED: Interface Vlan70, changed state to up

branch(config-if)#ip addr 192.168.70.254 255.255.255.0
branch(config-if)#vlan 80
branch(config-vlan)#int vlan 80
branch(config-if)#
  %LINK-5-CHANGED: Interface Vlan80, changed state to up

branch(config-if)#ip addr 192.168.80.254 255.255.255.0
branch(config-if)#
branch(config-if)#vlan 600
branch(config-vlan)#int vlan 600
branch(config-if)#
  %LINK-5-CHANGED: Interface Vlan600, changed state to up

branch(config-if)#ip addr 10.10.10.2 255.255.255.252
branch(config-if)#i
branch(config-if)#int fa0/2
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 70
branch(config-if)#
  %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan70, changed state to up

branch(config-if)#no shut
branch(config-if)#
branch(config-if)#int fa0/3
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 80
branch(config-if)#
  LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan80, changed state to up

branch(config-if)#no shut
branch(config-if)#
branch(config-if)#int f0/1
branch(config-if)#
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 600
branch(config-if)#no shut
branch(config-if)#
branch(config-if)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
branch(config)#ip routing

分支：3、PC7和PC8也要能够访问外网（测试访问公网HTTP-SERVER）

PC7:
IP地址:192.168.70.10
子网掩码:255.255.255.0
默认网关:192.168.70.254
DNS服务器：113.100.2.56

PC8：
IP地址:192.168.80.10
子网掩码:255.255.255.0
默认网关:192.168.80.254
DNS服务器：113.100.2.56

R4:

r4(config)#int g0/1
r4(config-if)#ip addr 10.10.10.1 255.255.255.252
r4(config-if)#no shut

PC8<->PC7相互访问

配置访问：

branch(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
r4(config)#int g0/1
r4(config-if)#ip addr 10.10.10.1 255.255.255.252
r4(config-if)#no shut
r4(config)#access-list 100 permit ip 192.168.70.0 0.0.0.255 any 
r4(config)#access-list 100 permit ip 192.168.80.0 0.0.0.255 any
r4(config)#int g0/1
r4(config-if)#ip nat inside
r4(config-if)#int g0/0
r4(config-if)#ip nat outside
r4(config-if)#ip nat inside source list 100 interface g0/0 overload
r4(config)#ip route 192.168.70.0 255.255.255.0 10.10.10.2
r4(config)#ip route 192.168.80.0 255.255.255.0 10.10.10.2

r4(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 202.96.137.2 YES manual up up
GigabitEthernet0/1 10.10.10.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
r4(config)#
r4(config)#router ospf 1
r4(config-router)#do show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
202.96.137.1 1 FULL/DR 00:00:30 202.96.137.1 GigabitEthernet0/0
r4(config-router)#

r4(config-router)#network 202.96.137.0 0.0.0.255 area 0

测试

PC7成功访问

PC8成功访问

文件

https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-27-15-48-28_Marten_Infatuated_Delirious.rar

网络系统集成基础（实验学时）——实验七

公司、校园网设计1

实验内容：

1、交换机、路由器链路聚合实验
2、Ipv6基础实验。
3、根据前期实验公司网络提出的客户需求分析，对所提需求完成网络规划和技术设计，完成公司网络系统集成设计（2000台电脑），总公司、分公司地跨两个不同城市。

实验报告：

要求独立完成，报告需包含模拟器配置文件
使用华为模拟器或思科模拟器完成

实验1、链路聚合

拓扑图

配置前STP信息

[Huawei]dis stp  brief 
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/1        ROOT  FORWARDING      NONE
   0    GigabitEthernet0/0/2        ALTE  DISCARDING      NONE
   0    GigabitEthernet0/0/3        ALTE  DISCARDING      NONE
   0    GigabitEthernet0/0/4        DESI  LEARNING        NONE
[Huawei]

配置

[Huawei]undo info-center enable 
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]eth-trunk 1
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-GigabitEthernet0/0/3]

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]int Eth-Trunk 1
[Huawei-Eth-Trunk1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]eth-trunk 1
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei-GigabitEthernet0/0/3]

查看状态：

[Huawei-GigabitEthernet0/0/3]dis stp b
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/4        DESI  FORWARDING      NONE
   0    Eth-Trunk1                  ROOT  FORWARDING      NONE
[Huawei-GigabitEthernet0/0/3]

ping通

PC1

PC2

intg0/0/1没有包。

对三个接口抓包，只有最后一个走流量。

配置

[Huawei-GigabitEthernet0/0/3]dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Eth-Trunk1
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/3
 eth-trunk 1
#
interface GigabitEthernet0/0/4
#
...
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei-GigabitEthernet0/0/3]

实验2、ipv6基础实验

基础知识

IPv6地址表示方法可以分为三种:

1. 冒分十六进制表示法

格式为 X:X:X:X:X:X:X:X，其中每个X表示地址中的16位，以十六进制表示。例如:

ABCD:EF01:2345:6789:ABCD:EF01:2345:6789

在这种表示法中，每个X的前导零是可以省略的，例如:

2001:0DB8:0000:0023:0008:0800:200C:417A → 2001:DB8:0:23:8:800:200C:417A

2. 0位压缩表示法

如果一个IPv6地址中间包含很长的一段连续零，可以把这一段连续的零压缩为::。但是为了保证地址解析的唯一性，地址中::只能出现一次。例如:

FF01:0:0:0:0:0:0:1101 → FF01::1101
0:0:0:0:0:0:0:1 → ::1
0:0:0:0:0:0:0:0 → ::

3. 内嵌IPv4地址表示法

为了实现IPv4-IPv6互通，IPv4地址可以嵌入IPv6地址中，此时地址常表示为 X:X:X:X:X:X:d.d.d.d，前96位采用冒分十六进制表示，而最后32位地址则使用IPv4的点分十进制表示。例如:

::192.168.0.1
::FFFF:192.168.0.1

注意，在前96位中，压缩0位的方法依旧适用。

一些特殊地址的说明:

注① ::1 表示本地环回地址，类似于IPv4的127.x.x.x
注②  :: 相当于IPv4的0.0.0.0
注③ 以FF开头的地址表示组播IPv6地址，例如FF::5类似于IPv4的224.0.0.5

拓扑图

IPv6分配

你说得对,根据图中的拓扑,R1只有两个接口。我修改一下配置:

配置如下:

• PC1 和 R1 连接在 2001:db8:acad:1::/64 子网
• R1 和 R2 通过 2001:db8:acad:2::/64 子网相连
• PC2 连接到 R2 上,位于 2001:db8:acad:3::/64 子网

路由配置为:

R1:

[Huawei]ipv6 route-static 2001:db8:acad:3:: 64 2001:db8:acad:2::2

R2:

[Huawei]ipv6 route-static 2001:db8:acad:1:: 64 2001:db8:acad:2::1

配置

PC1:

PC2:

R1

<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]ipv6
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ipv6 enable
[Huawei-GigabitEthernet0/0/0]ipv6 add 2001:db8:acad:1::1 64
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ipv6 enable
[Huawei-GigabitEthernet0/0/1]ipv6 address 2001:db8:acad:2::1 64

R2

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]ipv6
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ipv6 enable
[Huawei-GigabitEthernet0/0/0]ipv6 addr 2001:db8:acad:2::2 64
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ipv6 enable
[Huawei-GigabitEthernet0/0/1]ipv6 addr 2001:db8:acad:3::1 64
[Huawei-GigabitEthernet0/0/1]

路由配置为:

R1:

[Huawei]ipv6 route-static 2001:db8:acad:3:: 64 2001:db8:acad:2::2

缺省

ipv6 route-s :: 0 2001:db8:acad:2::2

R2:

[Huawei]ipv6 route-static 2001:db8:acad:1:: 64 2001:db8:acad:2::1

缺省

ipv6 route-s :: 0 2001:db8:acad:2::1

测试

成功ping通。

抓包

配置

R1

[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
ipv6 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address 2001:DB8:ACAD:1::1/64 
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address 2001:DB8:ACAD:2::1/64 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ipv6 route-static :: 0 2001:DB8:ACAD:2::2 
ipv6 route-static 2001:DB8:ACAD:3:: 64 2001:DB8:ACAD:2::2 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]
[Huawei]

R1

[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
ipv6 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ipv6 enable 
 ipv6 address 2001:DB8:ACAD:2::2/64 
#
interface GigabitEthernet0/0/1
 ipv6 enable 
 ipv6 address 2001:DB8:ACAD:3::1/64 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ipv6 route-static :: 0 2001:DB8:ACAD:2::1 
ipv6 route-static 2001:DB8:ACAD:1:: 64 2001:DB8:ACAD:2::1 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]

3、根据前期实验公司网络提出的客户需求分析，对所提需求完成网络规划和技术设计，完成公司网络系统集成设计（2000台电脑），总公司、分公司地跨两个不同城市。

需求分析-山东科技大学

一、客户需求分析

山东科技大学有青岛校区(主校区)、泰安校区和济南校区，需要构建一个覆盖约2000台电脑的校园网络。主要需求如下:

1. 三个校区之间需要建立高速、安全、稳定的网络互联。可选用IPsec VPN或租用运营商专线连接。
2. 网络须划分不同网段，如服务器网段、教学区网段、办公区网段、学生宿舍网段等，做到网段之间安全隔离又互通。
3. 各校区内部需further细分子网，如教学楼、实验室、机房等，做到网段职责明确、边界清晰、便于管理。
4. 网络应具备良好的可扩展性，要便于日后网络升级改造和新建筑接入等。
5. 应提供完善的网络安全防护措施，如防火墙、入侵检测、病毒防范等，保障校园网络安全。
6. 网络要易于管理维护，需要部署一系列网管软硬件，实现对全网的集中管控、运维、故障排除等。

二、网络拓扑结构设计

根据客户需求，本方案设计了一个三层树状网络拓扑结构。

1. 核心层:在青岛主校区机房部署两台高性能三层核心交换机，采用VRRP实现冗余备份，负责连接三个校区和出口。
2. 汇聚层:在各校区机房部署两台以太网交换机作为区域汇聚交换机，通过多链路捆绑冗余上联到核心交换机。负责校区各楼宇的汇聚。
3. 接入层:每个楼宇部署两台以太网交换机作为接入交换机，双上联到汇聚层，通过MSTP实现链路备份。负责接入各楼层终端。
4. 服务器通过双网卡以级联方式接入核心交换机，实现负载均衡和高可用。
5. 网管平台、安全设备部署在核心机房，直接接入核心层。
6. 校区之间通过IPsec VPN或租用专线连接，通过核心交换机互联。

三、IP地址规划

本设计参考提供的信息，对山东科技大学校园网络进行了统一的IP地址规划。

1. 172.16.0.0/22划分给青岛主校区使用。

• 172.16.0.0/24网段用于服务器。
• 172.16.1.0/24网段用于网络管理。
• 172.16.2.0/24和172.16.3.0/24网段用于办公和教学。

2. 172.30.0.0/16划分给泰安校区使用。

• 172.30.0.0/24网段用于网络设备互联。
• 172.30.132.0/24网段分配给1C401~1C403机房。
• 172.30.128.0/24网段分配给1B区机房。
• 其他172.30.0.0/16内的子网可供教学楼、办公楼、实验室等使用。

3. 172.29.0.0/16划分给济南校区使用，子网划分方式类似泰安校区。
4. 10.0.0.0/24、192.168.0.0/24作为设备管理网段，不对外。

四、设备选型配置

1. 核心交换机:选用华为 CE12800系列高端路由交换机，配置大容量电源、主控引擎、线卡、电口等，配双机热备。
2. 汇聚交换机:选用华为S5720-56C-HI-48S系列交换机，配置48个万兆SFP+，4个40G QSFP+上行口。
3. 接入交换机:选用华为S5720-28X-SI-24S-AC系列，配24个千兆SFP，4个万兆SFP+上行口。
4. 服务器、存储:采用华为FusionServer、OceanStor系列，具体配置略。
5. VPN网关:使用华为USG6680 firewall作为IPsec VPN网关。
6. 上网行为管理设备:使用上海恒扬的iNBox ACG-5000E集中管理型上网行为管理设备。
7. 网管工作站:选用曙光天阔I620-G30工作站，Windows Server系统，部署网管软件。

五、网络安全设计

本方案提供了较为完善的网络安全防护措施:

1. 部署USG6680下一代防火墙，提供IPS、IDS、AV、URL filtering等安全功能。
2. iNBox ACG-5000E可对全网HTTP、HTTPS、SSH等流量进行识别过滤和行为管控。
3. 网络设备统一修改缺省设置，配置强密码AAA认证，只允许特定管理IP登录管理。
4. 开启DHCP snooping、DAI、IP source guard等三层设备安全特性。
5. 部署LanScope Net端点准入系统，对接入终端进行安全检查与准入控制。
6. 制定安全管理制度，落实责任人制度，定期开展网络安全评估。

六、网络管理设计

为便于对全网进行统一管控，本方案提供了全面的网管系统:

1. 使用华为eSight网管平台，对网络设备、服务器存储等进行集中配置、监控、维护。
2. 使用卓讯统一运维管理系统，结合工单、CMDB、监控等各功能模块，实现网络自动化运维。
3. 使用Splunk进行集中日志管理，对核心网络设备、安全设备的日志进行统一采集、分析。
4. 使用华为iMaster NCE智能分析平台，利用大数据、AI等技术，实现网络智能分析、故障诊断。
5. 使用NETCONF、YANG等网管协议和数据建模语言，实现网络的可编程自动化。
6. 建设集中的网管中心，配备专业网管人员7*24值守，负责日常巡检、变更管理、故障处理等。

接下来还需进一步讨论细化方案，包括方案的可行性论证、投资预算、建设进度等。在后续的实施过程中，还需要与学校各部门密切配合，做好勘察、施工、培训、验收等各环节的工作。期待与贵校携手将这一方案落地实施，助力学校的数字化转型和高质量发展。

VLAN划分信息

进一步细化和完善山东科技大学校园网络的设计方案，特别是在VLAN划分、IP地址规划、网络拓扑等方面提供更详尽的设计。以下是修订后的详细方案:

一、VLAN规划与IP地址分配

为实现网络安全隔离和管理灵活，本方案采用VLAN对校园网络进行广泛划分，每个VLAN对应一个IP子网。

1. 青岛校区VLAN规划

青岛校区共划分了13个用户VLAN，1个核心VLAN，可满足各业务系统分离的需求。各VLAN采用的IP网段均为172.16.0.0/16的子网，掩码为255.255.255.0。其中VLAN 1000不配IP地址，专用于三层设备间互联。

服务器区包括教务系统、OA系统、图书馆、VOD点播、IPTV系统、DNS、DHCP、电子邮件等各类核心业务服务器，统一划入VLAN 10，分配在172.16.0.0/24网段内。

网络管理平台包括网管服务器、日志服务器、计费服务器划入VLAN 20，分配在172.16.1.0/24网段内。

不同教学楼办公区根据地理位置就近划入VLAN 30或40，分别分配172.16.2.0/24和172.16.3.0/24网段。后续可灵活调整办公VLAN数量。

不同教学楼实验室区根据教学要求划入VLAN 50或60，分别分配172.16.4.0/24和172.16.5.0/24网段。教学区与办公区做到VLAN隔离。

不同学生宿舍楼划入VLAN 70或80，分别分配172.16.6.0/24和172.16.7.0/24网段。可灵活调整宿舍VLAN数量。

其他配套网络如访客、打印、语音、视频监控、无线网络管理等，均划分单独的VLAN，互不干扰。

每个VLAN配置3层SVI，在核心交换机上终结VLAN并提供三层网关，负责本VLAN与其他VLAN通信。

2. 泰安校区VLAN规划

泰安校区根据建筑物和业务类型划分VLAN，核心交换机通过三层SVI为各VLAN提供网关。共划分13个VLAN，分配有172.30.0.0/16网段的13个子网。

1B机房接入VLAN 20，1C401-403机房分别接入VLAN 30-50，IP地址连续分配。

办公区划分为三个VLAN，分属信息中心、主楼、图书馆，互不影响。

学生宿舍划分两个VLAN，每个VLAN掩码为255.255.240.0，可用地址4094个，1-15栋和16-30栋宿舍分属两个VLAN。

教学区根据教学楼栋号划分为三个VLAN，1-3栋、4-6栋、实验室各一个VLAN，互不影响。每个VLAN掩码为255.255.240.0，保证充足的IP地址。

VLAN 10专用于网络设备管理，不分配IP地址。

3. 济南校区VLAN规划
   济南校区VLAN规划与泰安校区类似，主要有教学区、办公区、实验区、学生宿舍区，共划分约15个VLAN。考虑到IP地址使用需求，建议济南校区采用172.29.0.0/16网段，各VLAN掩码均为255.255.240.0，可充分满足4000余个地址的使用需求。下面是关键的VLAN规划:

二、网络拓扑设计

根据VLAN规划，本方案对山东科技大学校园网提出以下网络拓扑设计:

核心层设计:
在青岛主校区数据中心，部署两台华为 CloudEngine 12800高端核心交换机，型号为CE12816。每台核心交换机配置2个主控引擎， 4个48口万兆线卡，4个48口千兆线卡，4个双口100G QSFP28线卡。

两台核心交换机采用VRRP协议实现网关冗余，避免单点故障。上联分别通过2个100G端口以LACP方式汇聚互联，下联分别以LACP方式汇聚连接汇聚层交换机，实现链路冗余和增加带宽。

核心层配置OSPF动态路由协议，与三个校区的汇聚层交换机建立邻居，相互学习路由。

核心交换机采用SVF双机堆叠虚拟化技术，两台物理设备形成一台逻辑设备，统一管理和配置。

汇聚层设计:
在青岛校区数据中心，部署华为S6720-54C汇聚交换机，每台配置48个万兆SFP+光口和6个40G QSFP+光口。

每个汇聚交换机采用2个40G QSFP+光口以LACP方式上联到核心交换机，4个40G QSFP+光口以级联方式互联。

每个汇聚交换机用于连接青岛校区10-20个接入交换机，根据需要横向扩展。

在泰安、济南校区的中心机房，也各部署2台华为S6720-54C作为汇聚交换机，通过IPSec VPN或租用专线以10G或更高带宽双上联到青岛校区核心交换机，实现三地互通。

每个异地汇聚交换机再以万兆LACP方式下联到本校区的各接入交换机。

汇聚层交换机采用堆叠或者VRRP实现冗余备份，避免单点故障。开启OSPF协议，作为区域汇聚节点。

接入层设计:
在青岛校区，根据各建筑物的面积和网点数量，每栋楼宇部署2-4台S5720-28X-SI-24S-AC接入交换机。

每个接入交换机上联口采用2-4个万兆SFP+光口以LACP捆绑上联到汇聚层，下联通过24个千兆RJ45电口接入办公电脑、AP、IP电话、监控等各类终端，可满足千兆接入需求。

在泰安、济南校区，每个教学楼、办公楼、宿舍楼也部署2台S5720-28X-SI-24S-AC作为楼宇接入交换机，根据网点数量配置。

每幢楼的接入交换机采用MSTP生成树协议防止环路，通过双上联方式提供冗余备份。

接入交换机开启IGMP Snooping和MLD Snooping，结合组播和VLAN，实现组播复制和隔离，提升组播效率。

无线网络设计:
结合有线网络规划，在青岛校区和泰安校区教学楼、办公楼、图书馆等重点区域，规划部署华为AP6050DN无线AP，平均每8-12个房间一个AP。

在学生宿舍和公共活动场所，部署吸顶式AP2050DN-S，平均每3-4个房间一个AP。

无线AP统一采用POE供电，接入二层接入交换机的POE口。无线AP管理VLAN划分为VLAN130。

具体分析

山东科技大学的网络如下：
分青岛校区（主校区）、泰安校区、济南校区。

192.168.0.0/24 作为服务器网段

172.16-31 作为客户端网段。

10.0.0. 作为交换机网段

在泰安有这样的划分：172.30.132.0/24 分配个1C401 1C402 1C403的机房。 172.30.128.0/24分配给 1B区的机房。

从泰安ping到192.168.111.7 (http反代服务器的traceroute如下

路由追踪：

root@ovovoov:~# traceroute 192.168.111.7
traceroute to 192.168.111.7 (192.168.111.7), 30 hops max, 60 byte packets
 1  10.31.0.1 (10.31.0.1)  0.305 ms  0.278 ms  0.263 ms （本地路由器）
 2  172.29.110.254 (172.29.110.254)  11.057 ms  11.105 ms  10.980 ms
 3  172.29.231.2 (172.29.231.2)  6.611 ms  6.573 ms  6.556 ms
 4  172.16.0.6 (172.16.0.6)  0.622 ms  0.769 ms  0.541 ms
 5  * * *
 6  * * *
 7  172.16.0.113 (172.16.0.113)  12.178 ms  12.318 ms  12.547 ms
 8  192.168.111.7 (192.168.111.7)  10.567 ms  10.584 ms  10.620 ms

实际延迟：

root@ovovoov:~# ping 192.168.111.7
PING 192.168.111.7 (192.168.111.7) 56(84) bytes of data.
64 bytes from 192.168.111.7: icmp_seq=1 ttl=57 time=10.7 ms
64 bytes from 192.168.111.7: icmp_seq=2 ttl=57 time=10.5 ms
64 bytes from 192.168.111.7: icmp_seq=3 ttl=57 time=10.5 ms

青岛和泰安之间可能通过以下两个方法进行链接：

1. IPsec隧道
2. 光纤直连。

实际测试路由：（访问山科镜像站，通过内网DNS192.168.100.8解析地址），该服务器为反代服务器。

教育网出口路由追踪：

对于2000台主机，划分VLAN即可，分配172.16-31网段即可进行划分与分配。

对于172.16/12可以分配的空间为：

• 网络地址: 172.16.0.0/12
• IP 范围: 172.16.0.0 - 172.31.255.255
• 可用 IP 范围: 172.16.0.1 - 172.31.255.254
• 总地址数: $2^{20} = 1,048,576$

地址空间完全够用，并且可以用/24进行多次划分，区分房间。

一个可行的案例，实际上的划分需要根据客户实际需求来进行划分

备注:

• 教学区、办公区主机数量较多,每个VLAN分配了/21的子网,可用IP 2046个,预留足够的增长空间。
• 学生宿舍区主机数略少于办公教学区,分配/22子网,可用IP 1022个,满足需求。
• 机房、服务器、网管等区域设备相对固定,分配/24子网,可用IP 254个,满足使用。
• 整个校园网可用IP地址数量合计约14336个,相比之前方案大幅缩减,但依然能满足2000台主机的规模需求,并预留30%的增长空间。

简单拓扑图如下：

该拓扑忽略了，一些公网出口核心交换机，GIWIFI路由等，同时教育网出口在图中没有表达出来。

进行配置：

路由器配置

AR5

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.1.1.1 24
[Huawei-GigabitEthernet0/0/1]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.30.30.1 24
[Huawei-GigabitEthernet0/0/1]ip addr 10.1.1.1 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.30.30.1 24
[Huawei-GigabitEthernet0/0/0]rip
[Huawei-rip-1]version 2
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]

AR2：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.2.2.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip addr 10.20.20.1 24
[Huawei-GigabitEthernet0/0/2]rip 1
[Huawei-rip-1]vers    
[Huawei-rip-1]version 2
[Huawei-rip-1]netwo    
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]

AR3

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.2.2.3 24
[Huawei-GigabitEthernet0/0/0]
Jun 18 2024 18:27:37-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0]undo in    
[Huawei-GigabitEthernet0/0/0]undo inf    
[Huawei-GigabitEthernet0/0/0]q
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.10.10.1 24
[Huawei-GigabitEthernet0/0/1]rip 1
[Huawei-rip-1]vers    
[Huawei-rip-1]version 2
[Huawei-rip-1]netw    
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]

泰安：核心交换机VLAN相互连通

核心交换机

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]vlan b 130 128 132 300 160 2110
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif 130
[Huawei-Vlanif130]ip addr 172.30.130.1
                                       ^
Error:Incomplete command found at '^' position.
[Huawei-Vlanif130]ip addr 172.30.130.1 24
[Huawei-Vlanif130]int vlanif 128
[Huawei-Vlanif128]ip addr 172.30.128.1
                                       ^
Error:Incomplete command found at '^' position.
[Huawei-Vlanif128]ip addr 172.30.128.1 24
[Huawei-Vlanif128]int vlanif 132
[Huawei-Vlanif132]ip addr 172.30.132.1 24
[Huawei-Vlanif132]int vlanif 300
[Huawei-Vlanif300]ip addr 172.20.20.1 24
[Huawei-Vlanif300]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p l a v a
                             ^
Error:Ambiguous command found at '^' position.
[Huawei-GigabitEthernet0/0/1]p t a v a
[Huawei-GigabitEthernet0/0/1]

LSW4

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]vlan b 130 128 132 300 160 2110
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 132
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]p l a
[Huawei-Ethernet0/0/4]p d v 128
[Huawei-Ethernet0/0/4]int e0/0/5
[Huawei-Ethernet0/0/5]p l a 
[Huawei-Ethernet0/0/5]p d v 128
[Huawei-Ethernet0/0/5]int e 0/0/2
[Huawei-Ethernet0/0/2]p l t
[Huawei-Ethernet0/0/2]p t a v a
[Huawei-Ethernet0/0/2]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a

LSW5

[Huawei]undo in e
Info: Information center is disabled.
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
[Huawei-Ethernet0/0/1]vlan b 130 128 132 300 160 2110
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 130
[Huawei-Ethernet0/0/2]

测试VLAN可以正常通信

济南：核心交换机配置

核心交换机配置：

[Huawei]undo in en
Info: Information center is disabled.
[Huawei]vlan b 130 128 132 300 160 2110
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 130 128 132 300 160 2110 2111
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif 2110
[Huawei-Vlanif2110]ip addr 172.21.10.1 24
[Huawei-Vlanif2110]int vlanif 2111
[Huawei-Vlanif2111]ip addr 172.21.11.1 24
[Huawei-Vlanif2111]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 2111
[Huawei-GigabitEthernet0/0/3]int g0/0/2
[Huawei-GigabitEthernet0/0/2]p l a 
[Huawei-GigabitEthernet0/0/2]p d v 2110

可以ping通

青岛：核心交换机

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo in en
Info: Information center is disabled.
[Huawei]vlan b 130 128 132 300 160 2110 2111
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 130 128 132 300 160 2110 2111 170
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]p l a 
[Huawei-GigabitEthernet0/0/2]p d v 160
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 170
[Huawei-GigabitEthernet0/0/3]int vlanif 160
[Huawei-Vlanif160]ip addr 172.16.0.1 24
[Huawei-Vlanif160]int vlanif 170
[Huawei-Vlanif170]ip addr 172.17.0.1 24
[Huawei-Vlanif170]

可以ping通

配置IP

泰安：

核心交换机静态路由

[Huawei-GigabitEthernet0/0/2]int vlanif 300
[Huawei-Vlanif300]ip addr 10.200.200.2 24
[Huawei-Vlanif300]int g0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 300

[Huawei]ip route-static 0.0.0.0 0 10.200.200.1

路由器：

[Huawei]sysname art
[art]int g0/0/0
[art-GigabitEthernet0/0/0]int g0/0/1
[art-GigabitEthernet0/0/0]ip addr 10.200.200.1 24

[art-GigabitEthernet0/0/0]int g0/0/1
[art-GigabitEthernet0/0/1]ip addr 10.20.20.2 24

[arq]ip route-static 0.0.0.0 0.0.0.0 10.20.20.1

青岛

核心交换机静态路由

[Huawei]vlan b 301
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif 301
[Huawei-Vlanif301]ip addr 10.100.100.2 24
[Huawei-Vlanif301]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 301
[Huawei-GigabitEthernet0/0/1]q
[Huawei]ip route-static 0.0.0.0 0 10.100.100.1

Enter system view, return user view with Ctrl+Z.
[Huawei]sysname ar1
[ar1]sysname arq
[arq]undo info en
Info: Information center is disabled.
[arq]int g0/0/0
[arq-GigabitEthernet0/0/0]ip addr 10.10.10.2 24
[arq-GigabitEthernet0/0/0]int g0/0/1
[arq-GigabitEthernet0/0/1]ip addr 10.100.100.1 24

[arq]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1

济南：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname arj
[arj]int g0/0/1
[arj-GigabitEthernet0/0/1]ip addr 10.30.30.2 24
[arj-GigabitEthernet0/0/1]q
[arj]undo info en
Info: Information center is disabled.
[arj]ip route-s    
[arj]ip route-static 0.0.0.0 0.0.0.0 10.30.30.1

公网可以与青岛、济南相互ping通：

配置IPSEC

泰安

[art]acl 3000
[art-acl-adv-3000]rule permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255.255
[art-acl-adv-3000]rule 100 deny ip
[art-acl-adv-3000]ipsec proposal test
[art-ipsec-proposal-test]encapsulation-mode tunnel
[art-ipsec-proposal-test]transform esp
[art-ipsec-proposal-test]esp authentication-algorithm sha1
[art-ipsec-proposal-test]esp encryption-algorithm 3des
[art-ipsec-proposal-test]ike proposal 1
[art-ike-proposal-1]authentication-method pre-share
[art-ike-proposal-1]authentication-algorithm md5
[art-ike-proposal-1]dh group2
[art-ike-proposal-1]ike peer test v2 
[art-ike-peer-test]pre-shared-key cipher gdeie
[art-ike-peer-test]remote-address 10.10.10.2
[art-ike-peer-test]ipsec policy RT-RQ-IPSecVPN 1 isakmp
[art-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]ike-peer test
[art-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]proposal test
[art-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]security acl 3000
[art-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]int g0/0/1
[art-GigabitEthernet0/0/1]ipsec policy RT-RQ-IPSecVPN


[art]ip route-static 172.30.0.0 255.255.0.0 10.200.200.2

青岛

<arq>sys
Enter system view, return user view with Ctrl+Z.
[arq]acl 3000
[arq-acl-adv-3000]rule permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255.255
[arq-acl-adv-3000]rule 100 deny ip
[arq-acl-adv-3000]ipsec proposal test
[arq-ipsec-proposal-test]encapsulation-mode tunnel
[arq-ipsec-proposal-test]transform esp
[arq-ipsec-proposal-test]esp authentication-algorithm sha1
[arq-ipsec-proposal-test]esp encryption-algorithm 3des
[arq-ipsec-proposal-test]ike proposal 1
[arq-ike-proposal-1]authentication-method pre-share
[arq-ike-proposal-1]authentication-algorithm md5
[arq-ike-proposal-1]dh group2
[arq-ike-proposal-1]ike peer test v2 
[arq-ike-peer-test]pre-shared-key cipher gdeie
[arq-ike-peer-test]remote-address 10.20.20.2
[arq-ike-peer-test]ipsec policy RT-RQ-IPSecVPN 1 isakmp
[arq-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]ike-peer test
[arq-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]proposal test
[arq-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]security acl 3000
[arq-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]int g0/0/0
[arq-GigabitEthernet0/0/0]ipsec policy RT-RQ-IPSecVPN

[arq]ip route-static 172.16.0.0 255.255.0.0 10.100.100.2
[arq]ip route-static 172.17.0.0 255.255.0.0 10.100.100.2

济南

济南和青岛再次建立IPSEC隧道：

核心交换机

[Huawei]vlan b 302 
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif 302
[Huawei-Vlanif302]ip addr 10.50.50.2 24
[Huawei-Vlanif302]p d a
Error: Domain does not exist.Please make sure whether the input is correct.
[Huawei-Vlanif302]int g0/0/1
[Huawei-GigabitEthernet0/0/1] p l a
[Huawei-GigabitEthernet0/0/1]p d v 302
[Huawei-GigabitEthernet0/0/1]q

[Huawei]ip route-static 0.0.0.0 0 10.50.50.1 

[Huawei]ping 10.50.50.1
  PING 10.50.50.1: 56  data bytes, press CTRL_C to break
    Reply from 10.50.50.1: bytes=56 Sequence=1 ttl=255 time=30 ms
    Reply from 10.50.50.1: bytes=56 Sequence=2 ttl=255 time=40 ms
    Reply from 10.50.50.1: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 10.50.50.1: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 10.50.50.1: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 10.50.50.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/36/50 ms

[Huawei]

济南路由器

单IP多隧道容易出现问题，此处可能存在问题，可以直接忽略本步骤

[arj]int g0/0/0
[arj-GigabitEthernet0/0/0]ip addr 10.50.50.1 24


[arj-GigabitEthernet0/0/0]acl 3000
[arj-acl-adv-3000]rule permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255.255
[arj-acl-adv-3000]rule 100 deny ip
[arj-acl-adv-3000]ipsec proposal test
[arj-ipsec-proposal-test]encapsulation-mode tunnel
[arj-ipsec-proposal-test]transform esp
[arj-ipsec-proposal-test]esp authentication-algorithm sha1
[arj-ipsec-proposal-test]esp encryption-algorithm 3des
[arj-ipsec-proposal-test]ike proposal 1
[arj-ike-proposal-1]authentication-method pre-share
[arj-ike-proposal-1]authentication-algorithm md5
[arj-ike-proposal-1]dh group2
[arj-ike-proposal-1]ike peer test v2 
[arj-ike-peer-test]pre-shared-key cipher gdeie
[arj-ike-peer-test]remote-address 10.10.20.2
[arj-ike-peer-test]ipsec policy RT-RQ-IPSecVPN 1 isakmp
[arj-ipsec-policy-isakmp-RT-RQ-IPSecVPN-1]ipsec policy RJ-RQ-IPSecVPN 1 isakmp
[arj-ipsec-policy-isakmp-RJ-RQ-IPSecVPN-1]ike-peer test
[arj-ipsec-policy-isakmp-RJ-RQ-IPSecVPN-1]proposal test
[arj-ipsec-policy-isakmp-RJ-RQ-IPSecVPN-1]security acl 3000
[arj-ipsec-policy-isakmp-RJ-RQ-IPSecVPN-1]int g0/0/1
[arj-GigabitEthernet0/0/1]ipsec policy RJ-RQ-IPSecVPN
[arj-GigabitEthernet0/0/1]ip route-static 172.121.0.0 255.255.0.0 10.50.50.2
[arj]ip route-static 172.21.0.0 255.255.0.0 10.50.50.2
[arj]undo ip route-static 172.121.0.0 255.255.0.0 10.50.50.2

路由可以ping通核心交换机下面的地址：

青岛，第二个IPSEC，与济南进行连通

需要第二个IP，单IP多隧道容易出现问题。此处可能存在问题，可以直接忽略本步骤

[arq]acl 3001 
[arq-acl-adv-3001]rule permit ip source 172.16.0.0 0.15.255.255 destination 172.21.0.0 0.0.255.255
[arq-acl-adv-3001]rule deny ip
[arq-acl-adv-3001]ipsec proposal rq-rj
[arq-ipsec-proposal-rq-rj]encapsulation-mode tunnel
[arq-ipsec-proposal-rq-rj]transform esp
[arq-ipsec-proposal-rq-rj]esp authentication-algorithm sha1
[arq-ipsec-proposal-rq-rj]esp encryption-algorithm 3des
[arq-ipsec-proposal-rq-rj]ike proposal 2
[arq-ike-proposal-2]authentication-method pre-share  
[arq-ike-proposal-2]authentication-algorithm md5
[arq-ike-proposal-2]dh group2
[arq-ike-proposal-2]ike peer rq-rj v2 
[arq-ike-peer-rq-rj]remote-address 10.30.30.2
[arq-ike-peer-rq-rj]ipsec policy RQ-RJ-IPsecVPN 1 isakmp
[arq-ipsec-policy-isakmp-RQ-RJ-IPsecVPN-1]ike-peer rq-rj
[arq-ipsec-policy-isakmp-RQ-RJ-IPsecVPN-1]proposal rq-rj
[arq-ipsec-policy-isakmp-RQ-RJ-IPsecVPN-1]security acl 3001
[arq-ipsec-policy-isakmp-RQ-RJ-IPsecVPN-1]int g0/0/2
[arq-GigabitEthernet0/0/2]ipsec policy RQ-RJ-IPsecVPN

查看状态：

路由器可以ping通子网172

ARQ:

ART：

IPSEC测试：泰安云中心成功通过IPSEC，ping通青岛172.16.0.0/16网段！成功PING通

泰安云中心成功ping通青岛172.16.0.0/16网段！成功PING通

具体公网抓包：

IPSEC测试2：泰安校区云中心成功通过IPSEC，ping通青岛172.17.0.0/16网段。

抓包。

大拓扑：配置文件

AR5

[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.30.30.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
 version 2
 network 10.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]
[Huawei]

AR2

[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.2.2.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 10.20.20.1 255.255.255.0 
#
interface NULL0
#
rip 1
 version 2
 network 10.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]

AR3

[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.2.2.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.10.10.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
rip 1
 version 2
 network 10.0.0.0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]

ARJ

<arj>dis current-configuration 
[V200R003C00]
#
 sysname arj
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
acl number 3000  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255
.255 
 rule 100 deny ip 
#
ipsec proposal test
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
#
ike proposal 1
 dh group2
 authentication-algorithm md5
#
ike peer test v2
 pre-shared-key cipher %$%$u#%,6(dQAZ/e99XOocC@,.2n%$%$
 remote-address 10.10.10.2
#
ipsec policy RJ-RQ-IPSecVPN 1 isakmp
 security acl 3000
 ike-peer test
 proposal test
ipsec policy RT-RQ-IPSecVPN 1 isakmp
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.50.50.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.30.30.2 255.255.255.0 
 ipsec policy RJ-RQ-IPSecVPN
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.30.30.1
ip route-static 172.21.0.0 255.255.0.0 10.50.50.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<arj>

ART

<art>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait........
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<art>
<art>

  Please check whether system data has been changed, and save data in time

  Configuration console time out, please press any key to log on

<art>dis cu    
<art>dis current-configuration 
[V200R003C00]
#
 sysname art
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
acl number 3000  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255
.255 
 rule 100 deny ip 
#
ipsec proposal test
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
#
ike proposal 1
 dh group2
 authentication-algorithm md5
#
ike peer test v2
 pre-shared-key cipher %$%$u#%,6(dQAZ/e99XOocC@,.2n%$%$
 remote-address 10.10.10.2
#
ipsec policy RT-RQ-IPSecVPN 1 isakmp
 security acl 3000
 ike-peer test
 proposal test
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.200.200.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.20.20.2 255.255.255.0 
 ipsec policy RT-RQ-IPSecVPN
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.20.20.1
ip route-static 172.30.0.0 255.255.0.0 10.200.200.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<art>

ARQ

<arq>dis current-configuration 
[V200R003C00]
#
 sysname arq
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
acl number 3000  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255
.255 
 rule 100 deny ip 
acl number 3001  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.21.0.0 0.0.255.
255 
 rule 10 deny ip 
#
ipsec proposal test
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
ipsec proposal rq-rj
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
#
ike proposal 1
 dh group2
 authentication-algorithm md5
#
ike proposal 2
 dh group2
 authentication-algorithm md5
#
ike peer rq-rj v2
 remote-address 10.30.30.2
ike peer test v2
 pre-shared-key cipher %$%$u#%,6(dQAZ/e99XOocC@,.2n%$%$
 remote-address 10.20.20.2
#
ipsec policy RQ-RJ-IPsecVPN 1 isakmp
 security acl 3001
 ike-peer rq-rj

<arq>
<arq>
<arq>dis cu    
<arq>dis current-configuration 
[V200R003C00]
#
 sysname arq
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
acl number 3000  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.16.0.0 0.15.255
.255 
 rule 100 deny ip 
acl number 3001  
 rule 5 permit ip source 172.16.0.0 0.15.255.255 destination 172.21.0.0 0.0.255.
255 
 rule 10 deny ip 
#
ipsec proposal test
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
ipsec proposal rq-rj
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
#
ike proposal 1
 dh group2
 authentication-algorithm md5
#
ike proposal 2
 dh group2
 authentication-algorithm md5
#
ike peer rq-rj v2
 remote-address 10.30.30.2
ike peer test v2
 pre-shared-key cipher %$%$u#%,6(dQAZ/e99XOocC@,.2n%$%$
 remote-address 10.20.20.2
#
ipsec policy RQ-RJ-IPsecVPN 1 isakmp
 security acl 3001
 ike-peer rq-rj
 proposal rq-rj
ipsec policy RT-RQ-IPSecVPN 1 isakmp
 security acl 3000
 ike-peer test
 proposal test
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.2 255.255.255.0 
 ipsec policy RT-RQ-IPSecVPN
#
interface GigabitEthernet0/0/1
 ip address 10.100.100.1 255.255.255.0 
 ipsec policy RQ-RJ-IPsecVPN
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
ip route-static 172.16.0.0 255.255.0.0 10.100.100.2
ip route-static 172.17.0.0 255.255.0.0 10.100.100.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<arq>

LSW3

<Huawei>dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 128 130 132 160 300 302 2110 to 2111
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif302
 ip address 10.50.50.2 255.255.255.0
#
interface Vlanif2110
 ip address 172.21.10.1 255.255.255.0
#
interface Vlanif2111
 ip address 172.21.11.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 302
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2110
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2111
#
...
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.50.50.1
#
user-interface con 0
user-interface vty 0 4
#
return

<Huawei>

LSW1

<Huawei>dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 128 130 132 160 300 2110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif128
 ip address 172.30.128.1 255.255.255.0
#
interface Vlanif130
 ip address 172.30.130.1 255.255.255.0
#
interface Vlanif132
 ip address 172.30.132.1 255.255.255.0
#
interface Vlanif300
 ip address 10.200.200.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 300
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
...
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.200.200.1
#
user-interface con 0
user-interface vty 0 4
#
return

<Huawei>
<Huawei>

LSW4

<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 0.
Save the configuration successfully.
<Huawei>
<Huawei>dis cur    
<Huawei>dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 128 130 132 160 300 2110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 132
#
interface Ethernet0/0/4
 port link-type access
 port default vlan 128
#
interface Ethernet0/0/5
 port link-type access
 port default vlan 128
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
...
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

<Huawei>
<Huawei>

LSW5

<Huawei> DIS CUR
#
sysname Huawei
#
undo info-center enable
#
vlan batch 128 130 132 160 300 2110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 130
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
...
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

<Huawei>

LSW2

<Huawei>dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 128 130 132 160 170 300 to 301 2110 to 2111
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif160
 ip address 172.16.0.1 255.255.255.0
#
interface Vlanif170
 ip address 172.17.0.1 255.255.255.0
#
interface Vlanif301
 ip address 10.100.100.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 301
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 160
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 170
#
interface GigabitEthernet0/0/4
#
...

interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.100.100.1
#
user-interface con 0
user-interface vty 0 4
#
return

<Huawei>
<Huawei>

0xff：文件下载

https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-18-21-00-45_Bluebreastedkookaburra_Unwilling_Opaque.7z

https://cmd.dayi.ink/9Ib-VW57RrqJMHvdj8-vaw

网络系统集成基础（实验学时）——实验五

题目要求：

实验内容：

1、动态路由协议RIP、OSPF协议的内容和特点
2、动态路由RIP、OSPF实验，建立拓扑pc1>>R1>>R2>>R3>>pc2，使pc1与pc2能相互通信，并配置PC端静默接口。
3、熟悉配置vlan间路由技术：多层交换机虚拟接口SVI和单臂路由
4、多层交换机SVI配置实验，建立VLAN10>>交换机SW>>VLAN20，使两个VLAN之间可以相互通信，
5、对上期实验公司网络设置各部门vlan间路由，使各个部门之间可以通信

实验意义：

vlan间路由技术：通过三层设备路由，使得不同vlan间可以互相通信。但是仅仅允许单播通信。不同vlan 之间广播帧依然被隔离既没有失去vlan原来的意义。

实验报告：

要求独立完成，报告需包含模拟器配置文件
分别使用华为模拟器和思科模拟器完成

1、动态路由协议RIP、OSPF协议的内容和特点

RIP和OSPF是两种广泛使用的动态路由协议，它们能够自动发现网络拓扑变化，动态维护路由表，大大简化了网络管理。下面我从协议原理、报文格式、算法实现、配置命令、适用场景、优缺点比较等方面，对这两种路由协议的内容和特点进行详细分析。

一、RIP协议

RIP(Routing Information Protocol)是一种基于距离向量的内部网关协议。其基本思想是:每个路由器维护一张路由表，记录到达各目的网络的最佳路由及其距离(跳数);路由器之间通过RIP报文交换并更新路由信息;最终所有路由器都会知道到达每一个网络的最短路径。

RIP协议的主要内容包括:

1. RIP报文格式:RIP使用UDP数据报传送路由信息，默认端口号为520。RIP-1是有类路由协议，RIP-2支持无类路由，可以携带子网掩码。每个RIP报文可以包含25个路由条目。
2. 路由更新:RIP路由器周期性(默认30秒)广播自己的路由表，接收到路由更新报文后，对路由表进行增删修改。同时还会触发更新，即路由表发生变化时立即发送更新报文。
3. 路由选择:RIP使用Bellman-Ford算法计算最短路径，度量值为跳数，取值范围为1~15(16表示不可达)。当收到相同目的网络的多条路由时，选择跳数最小的路由;如果跳数相等，则形成等价路由，可以实现负载均衡。
4. 路由维护:RIP使用一些计时器处理路由表，如更新定时器(周期性发送更新)、失效定时器(标记失效路由)、垃圾收集定时器(删除失效路由)等，以适应网络拓扑变化。

RIP协议的配置比较简单:

Router(config)#router rip
Router(config-router)#version 2    //使用RIP-2
Router(config-router)#no auto-summary   //关闭自动汇总
Router(config-router)#network 192.168.1.0    //宣告直连网络
Router(config-router)#passive-interface g0/0   //设置静默接口，抑制更新

RIP协议的主要特点是:

• 实现简单，开销小，适合小型网络
• 收敛速度慢，易产生环路，跳数限制网络直径
• 频繁发送更新，消耗带宽
• 不支持验证，安全性差

二、OSPF协议

OSPF(Open Shortest Path First)是一种基于链路状态的内部网关协议。其基本思想是:每个路由器发现并维护自己的链路状态(与哪些路由器相连，链路cost等);通过泛洪方式与其他路由器同步链路状态数据库(LSDB);各路由器基于相同的LSDB，运行SPF算法，计算出到达各目的网络的最短路径，形成路由表。

OSPF协议的主要内容包括:

1. OSPF报文类型:OSPF直接承载在IP数据报中，协议号为89。常用的OSPF报文有Hello、DD(Database Description)、LSR(Link State Request)、LSU(Link State Update)、LSAck(Link State Acknowledgment)等。
2. 邻居发现与邻接建立:OSPF路由器周期性发送Hello报文，发现邻居，协商参数(如Hello间隔、Dead间隔、Router ID等)。相连的两台OSPF路由器通过交换DD报文，同步LSDB，最终形成完全邻接。
3. 链路状态通告:OSPF路由器将自己的链路状态信息(如Router-LSA、Network-LSA等)封装在LSU报文中，向所有邻居发送，邻居验证并回复LSAck报文，再将接收到的LSA转发出去，最终所有路由器都拥有完整的LSDB。
4. 最短路径计算:OSPF路由器基于LSDB，运行Dijkstra最短路径算法，计算出到达各目的网络的最短路径，并生成路由表。OSPF使用cost值作为度量，cost值越小，优先级越高。
5. 区域划分:OSPF支持将自治系统划分为不同的区域(Area)，每个区域内部的拓扑隐藏在区域外。区域边界路由器(ABR)负责区域间路由，主干区域(Area 0)连接所有其他区域。这种层次化结构有利于提高可扩展性和安全性。

OSPF协议的配置相对复杂:

Router(config)#router ospf 1   //启用OSPF进程，进程号为1
Router(config-router)#router-id 1.1.1.1   //设置Router ID
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0   //宣告接口所在网段属于Area 0
Router(config-router)#area 1 stub   //定义Area 1为Stub区域
Router(config-router)#area 1 authentication message-digest   //在Area 1内启用MD5认证

OSPF协议的主要特点是:

• 收敛速度快，无环路，没有跳数限制
• 支持区域划分，利于管理和扩展
• 对带宽敏感，消耗内存资源
• 支持认证，安全性高
• 实现复杂，配置较难

三、RIP与OSPF的比较

RIP协议简单易行，适合小型、结构简单的网络;而OSPF协议功能强大，适合大型、结构复杂的网络。在实际应用中，需要根据网络规模、拓扑结构、设备性能、管理需求等因素，权衡利弊，选择合适的路由协议。

在某些场景下，还可以考虑将RIP和OSPF结合使用，发挥协议互补的优势。如在企业网络中，可以在局域网内运行RIP，在骨干网内运行OSPF，通过重分发实现两种协议的互通。这样既降低了配置难度，又兼顾了可扩展性。

RIP和OSPF都是成熟、可靠的动态路由协议，深入理解其工作原理和配置方法，对于优化网络性能，简化网络管理具有重要意义。作为网络工程师，我们要学会举一反三，灵活运用，为构建高速、稳定、安全的网络架构贡献自己的力量!

2、动态路由RIP、OSPF实验，建立拓扑pc1>>R1>>R2>>R3>>pc2，使pc1与pc2能相互通信，并配置PC端静默接口

IP配置

拓扑：

R1

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 192.168.1.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.1.1.1 24
[Huawei-GigabitEthernet0/0/1]

R2

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.2.2.2 24
[Huawei-GigabitEthernet0/0/1]

R3

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.2.2.3 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 192.168.2.1 24

RIP

R1

[Huawei]rip 1
[Huawei-rip-1]version 2
[Huawei-rip-1]network 192.168.1.0
[Huawei-rip-1]network 10.0.0.0

R2：

<Huawei>sys
  Enter system view, return user view with Ctrl+Z.
[Huawei]rip 1
[Huawei-rip-1]ver
[Huawei-rip-1]version 2
[Huawei-rip-1]netwo    
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]

R3:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]rip 1
[Huawei-rip-1]versi    
[Huawei-rip-1]version 2
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]netw    
[Huawei-rip-1]network 192.168.2.0
[Huawei-rip-1]

可以看到已经有啦

路由表：

[Huawei-rip-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface
        10.1.1.0/24  Direct  0    0           D   10.1.1.1        GigabitEthernet0/0/1
        10.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      10.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
        10.2.2.0/24  RIP     100  1           D   10.1.1.2        GigabitEthernet0/0/1
       127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
       127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
 127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
     192.168.1.0/24  Direct  0    0           D   192.168.1.1     GigabitEthernet0/0/0
     192.168.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
   192.168.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
     192.168.2.0/24  RIP     100  2           D   10.1.1.2        GigabitEthernet0/0/1
 255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
[Huawei-rip-1]

测试

可以正常通信

OSPF

不同协议，直接重新配置了。

划分两个区域

重新配置IP

IP重新分一下

配置协议

R1:

[Huawei-GigabitEthernet0/0/1]router id 1.1.1.1
Info: Router ID has been modified, please reset the relative protocols manually 
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]

R2:

[Huawei-GigabitEthernet0/0/1]router id 2.2.2.2
Info: Router ID has been modified, please reset the relative protocols manually 
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]area 1
[Huawei-ospf-1-area-0.0.0.1]network 10.2.2.0 0.0.0.255

R3:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]router id 3.3.3.3
Info: Router ID has been modified, please reset the relative protocols manually 
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 1
[Huawei-ospf-1-area-0.0.0.1]network 10.2.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.2.0 0.0.0.255

查看信息

[Huawei-ospf-1-area-0.0.0.1]dis ospf retrans-queue

     OSPF Process 1 with Router ID 2.2.2.2
         OSPF Retransmit List 

  The Router's Neighbor is Router ID 1.1.1.1         Address 10.1.1.1        
  Interface 10.1.1.2         Area 0.0.0.0         
  Retransmit list:
       Type       LinkState ID      AdvRouter         Sequence   Age

  The Router's Neighbor is Router ID 3.3.3.3         Address 10.2.2.3        
  Interface 10.2.2.2         Area 0.0.0.1         
  Retransmit list:
       Type       LinkState ID      AdvRouter         Sequence   Age
[Huawei-ospf-1-area-0.0.0.1]

ovo:

[Huawei-ospf-1-area-0.0.0.1]dis ospf routing

     OSPF Process 1 with Router ID 2.2.2.2
          Routing Tables 

 Routing for Network 
 Destination        Cost  Type       NextHop         AdvRouter       Area
 10.1.1.0/24        1     Transit    10.1.1.2        2.2.2.2         0.0.0.0
 10.2.2.0/24        1     Transit    10.2.2.2        2.2.2.2         0.0.0.1
 192.168.1.0/24     2     Stub       10.1.1.1        1.1.1.1         0.0.0.0
 192.168.2.0/24     2     Stub       10.2.2.3        3.3.3.3         0.0.0.1

 Total Nets: 4  
 Intra Area: 4  Inter Area: 0  ASE: 0  NSSA: 0 

[Huawei-ospf-1-area-0.0.0.1]

ping通：

静默接口

R1

[Huawei-GigabitEthernet0/0/0]ospf 1
[Huawei-ospf-1]silent-interface g0/0/0

R2：

[Huawei]ospf 1
[Huawei-ospf-1]silent-interface g0/0/1

配置

R1

[Huawei-ospf-1]dis current-configuration
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
router id 1.1.1.1 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1 
 silent-interface GigabitEthernet0/0/0
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 
  network 192.168.1.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei-ospf-1]

R2

[Huawei-ospf-1-area-0.0.0.1]display current-configuration
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
router id 2.2.2.2 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.1.1.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.2.2.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1 
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 
 area 0.0.0.1 
  network 10.2.2.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei-ospf-1-area-0.0.0.1]

R3

[Huawei]display current-configuration
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
router id 3.3.3.3 
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.2.2.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 192.168.2.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1 
 silent-interface GigabitEthernet0/0/1
 area 0.0.0.1 
  network 10.2.2.0 0.0.0.255 
  network 192.168.2.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]

3、熟悉配置vlan间路由技术：多层交换机虚拟接口SVI和单臂路由

VLAN间路由是指不同VLAN之间的通信需要通过三层设备(如路由器、三层交换机等)来实现。常见的VLAN间路由技术有:SVI(Switch Virtual Interface)、单臂路由、路由器子接口等。本文重点介绍多层交换机SVI和单臂路由这两种技术的原理、配置和应用。

一、SVI技术

SVI是指在三层交换机上创建与VLAN对应的虚拟接口，为该VLAN内的主机提供三层网关服务。数据在VLAN内部流动时，还是二层转发;当数据需要跨VLAN时，就通过SVI进行三层路由。

SVI的工作原理如下:

1. 在三层交换机上创建VLAN，并将物理接口划分到相应VLAN。
2. 创建与VLAN对应的SVI，配置IP地址和子网掩码。SVI的IP地址通常作为该VLAN的网关地址。
3. 主机将SVI的IP地址配置为默认网关。
4. 当主机向其他VLAN内的主机发送数据时，先发送到SVI，由SVI根据目的IP地址查找路由表，决定从哪个接口转发数据。
5. 数据经过三层交换，到达目的VLAN内的主机。

SVI技术的优点是:

• 配置简单，不需要额外的物理接口
• switching速度快，硬件转发
• 支持大量VLAN，扩展性强

SVI技术的缺点是:

• 每个VLAN都需要一个SVI，消耗IP地址资源
• 所有VLAN的流量都经过三层交换引擎，易成为瓶颈
• 不支持子接口，不能实现复杂的QoS、ACL等策略

以华为交换机为例，SVI的配置步骤如下:

[SW1]vlan 10    //创建VLAN 10
[SW1-vlan10]quit
[SW1]vlan 20    //创建VLAN 20
[SW1-vlan20]quit
[SW1]interface g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access    //接口链路类型为access
[SW1-GigabitEthernet0/0/1]port default vlan 10    //将接口加入VLAN 10
[SW1]interface g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20    //将接口加入VLAN 20
[SW1]interface vlanif 10    //创建VLAN 10的SVI
[SW1-Vlanif10]ip address 192.168.10.1 24    //配置SVI的IP地址
[SW1]interface vlanif 20    //创建VLAN 20的SVI
[SW1-Vlanif20]ip address 192.168.20.1 24    //配置SVI的IP地址

二、单臂路由

单臂路由是指利用路由器的一个物理接口，通过子接口技术，同时连接多个VLAN，实现VLAN间路由。子接口是指在物理接口上创建的逻辑接口，每个子接口对应一个VLAN，可以配置不同的IP地址。

单臂路由的工作原理如下:

1. 在交换机上创建多个VLAN，并将终端主机划分到相应VLAN。
2. 在交换机上配置一个Trunk口，允许多个VLAN的数据通过。
3. 用Trunk线缆将交换机与路由器相连。
4. 在路由器的物理接口上创建多个子接口，每个子接口encapsulation对应一个VLAN。
5. 在各子接口上配置IP地址，作为该VLAN的网关。
6. 主机将与其VLAN对应的路由器子接口IP配置为默认网关。
7. 当主机向其他VLAN内的主机发送数据时，先发送到网关，再由路由器根据routing table决定如何转发。
8. 数据从对应的子接口发送出去，到达目的VLAN内的主机。

单臂路由的优点是:

• 利用子接口复用物理接口，节省接口资源
• 子接口可以配置灵活的ACL、QoS等策略
• 支持路由协议，利于扩展

单臂路由的缺点是:

• 配置复杂，需要同时配置交换机和路由器
• 路由性能有限，吞吐量小于硬件switching
• 单臂链路是潜在的单点故障

单臂路由的配置步骤如下:

Switch(config)#vlan 10    //创建VLAN 10
Switch(config-vlan)#exit
Switch(config)#vlan 20    //创建VLAN 20
Switch(config-vlan)#exit  
Switch(config)#interface g0/0
Switch(config-if)#switchport mode trunk    //配置Trunk口
Switch(config-if)#switchport trunk allowed vlan 10，20    //允许VLAN 10和20通过

Router(config)#interface g0/0.1    //创建子接口g0/0.1
Router(config-subif)#encapsulation dot1Q 10    //封装VLAN 10的标记
Router(config-subif)#ip address 192.168.10.1 255.255.255.0    //配置IP地址
Router(config-subif)#exit
Router(config)#interface g0/0.2    //创建子接口g0/0.2
Router(config-subif)#encapsulation dot1Q 20    //封装VLAN 20的标记
Router(config-subif)#ip address 192.168.20.1 255.255.255.0    //配置IP地址

三、两种技术的比较

SVI技术适合中小型、结构扁平的局域网，配置简单，成本低，对路由功能要求不高。而单臂路由适合大型、层次化的园区网，分工明确，有利于细粒度的流量控制和安全策略，但配置相对复杂。

在实际组网中，需要根据用户需求、网络规模、设备能力、管理预算等因素，权衡利弊，选择合适的VLAN间路由技术。例如在接入层可采用SVI，在汇聚层和核心层采用单臂路由，扬长避短，优势互补。

随着硬件的升级换代和软件的功能增强，一些高端的多层交换机(如Cisco Catalyst 9000系列)集成了线速路由、Policy-Based Routing、Overlay等功能，可以同时提供SVI和三层接口，大大简化了网络部署。可以预见，未来数据中心和园区的边界会变得越来越模糊，最佳实践也将不断演进。

作为网络架构师和工程师，我们要与时俱进，既要扎实掌握传统的VLAN间通信技术，又要敏锐洞察新兴的解决方案和趋势，为客户构建高速、可靠、灵活的业务网络，持续创造价值!

4、多层交换机SVI配置实验，建立VLAN10>>交换机SW>>VLAN20，使两个VLAN之间可以相互通信，

好像跟上节课一模一样诶。

画一个拓扑图：

然后

CORE配置

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a

[Huawei-GigabitEthernet0/0/1]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]p t a v a

LSW1 配置

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 10
[Huawei-Ethernet0/0/2]int e 0/0/3
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 20
[Huawei-Ethernet0/0/3]int e 0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a

LSW2配置

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
Error: The VLAN does not exist.
[Huawei-Ethernet0/0/2]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30

测试

VLAN30 -> VLAN10

VLAN30 -> VLAN20

输出

PC>

PC Simulator has not been started!

Welcome to use PC Simulator!

PC>ping 192.168.10.10

Ping 192.168.10.10: 32 data bytes, Press Ctrl_C to break
From 192.168.10.10: bytes=32 seq=1 ttl=127 time=125 ms
From 192.168.10.10: bytes=32 seq=2 ttl=127 time=78 ms

--- 192.168.10.10 ping statistics ---
  2 packet(s) transmitted
  2 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 78/101/125 ms

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:feac:2a54
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.30.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.30.1
Physical address..................: 54-89-98-AC-2A-54
DNS server........................:

PC>ping 192.168.20.10

Ping 192.168.20.10: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: bytes=32 seq=1 ttl=127 time=109 ms
From 192.168.20.10: bytes=32 seq=2 ttl=127 time=62 ms
From 192.168.20.10: bytes=32 seq=3 ttl=127 time=78 ms
From 192.168.20.10: bytes=32 seq=4 ttl=127 time=94 ms

--- 192.168.20.10 ping statistics ---
  5 packet(s) transmitted
  4 packet(s) received
  20.00% packet loss
  round-trip min/avg/max = 62/85/109 ms

PC>

配置

core

#display current-configuration
[Huawei-GigabitEthernet0/0/3]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
 ip address 192.168.30.1 255.255.255.0
#
interface Vlanif100
 ip address 10.22.22.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
#
...
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei-GigabitEthernet0/0/3]

LSW

LSW1

#display current-configuration
[Huawei-Ethernet0/0/1]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/4
#
...
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei-Ethernet0/0/1]

LSW2

[Huawei-Ethernet0/0/2]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/3
#
...
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]

5、对上期实验公司网络设置各部门vlan间路由，使各个部门之间可以通信

上期已经配好啦，他们可以正常通信。

其实这样也一样滴。

☆新的拓扑图

简单模拟一下

路由器:

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.22.22.1 24

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24 #公网IP


[Huawei]ip route-static 192.168.10.0 24 10.22.22.2
[Huawei]ip route-static 192.168.20.0 24 10.22.22.2
[Huawei]ip route-static 192.168.30.0 24 10.22.22.2

三层交换机

[Huawei-GigabitEthernet0/0/1]quit
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]vlan b 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 100
[Huawei-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[Huawei-GigabitEthernet0/0/3]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.2
Error: The next-hop address is invalid.
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
[Huawei]

[Huawei]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a

二层交换机

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]p l t #port link-type trunk 
[Huawei-Ethernet0/0/3]p t a v a #port trunk allow-pass vlan all 
[Huawei-Ethernet0/0/3]un sh

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 30
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
[Huawei-Ethernet0/0/2]un sh

拓扑图：

内网互通

内网互通2

这里也跟第四步一模一样啦。

VLAN30 -> VLAN10

VLAN30 -> VLAN20

0XFF: 文件下载

https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-10-18-31-49_Anole_Showy_Uncomfortable.7z

网络系统集成基础（实验学时）——实验四

题目要求：

实验内容：

1、熟悉路由器的配置管理（附文档路由器的介绍PPT）
2、静态路由实验，建立拓扑pc1>>R1>>R2>>R3>>pc2，使pc1与pc2能相互通信。
3、为实验二公司网络配置路由器，使内部网络可以访问Internet。
4、将内网服务器80端口映射出去，允许外网用户访问

实验报告：

要求独立完成，报告需包含模拟器配置文件
分别使用华为模拟器和思科模拟器完成

思科

1、熟悉路由器的配置管理（附文档路由器的介绍PPT）

1. 路由器是连接网络的重要设备，它能将多个网络连接起来，实现不同网络之间的通信。路由器主要由硬件和软件两部分组成，硬件包括CPU、RAM、Flash等，软件如思科的IOS、华为的VRP等。
2. 路由器的核心功能是根据数据包的目标IP地址，通过查找路由表，确定数据包的下一跳，并将其从相应的接口转发出去。路由表可以通过直连路由、静态路由和动态路由等方式生成。
3. 配置路由器时，需要熟悉各种工作模式，如用户模式(查看信息)、特权模式(调试排错)、全局配置模式(进行全局配置)和接口配置模式(配置各接口)等。
4. 常用的路由器配置命令包括:查看路由器信息(show)、配置路由器名称(hostname)、设置接口IP地址(ip address)、配置静态路由(ip route)、配置时钟频率(clock rate)等。
5. 路由器支持多种线缆类型，如同轴电缆、双绞线、光纤等。选择线缆时需要考虑带宽、距离和成本等因素。
6. 路由器的接口类型多样，如以太网接口、异步/同步串行接口、Console/AUX接口等。不同接口的配置和线缆要求不同。
7. 路由器的存储设备包括RAM(运行时存储)、NVRAM(启动配置)、Flash(IOS镜像)和ROM(硬件自检和引导)等。
8. 可通过Console口(参数为9600、8、N、1)、AUX口、Telnet(23端口)、SSH(22端口)等方式管理路由器。远程管理需要合理的安全策略。
9. 了解路由器常见的问题和故障排除方法，如接口down、线缆问题、配置错误、软硬件冲突等，可通过ping、traceroute、show等命令定位问题。
10. 路由器是网络的核心设备，掌握路由器的原理、组成、配置和管理，是网络工程师必备的技能。

思科是全球领先的网络设备供应商,其路由器产品以性能稳定、功能强大而闻名。下面我们重点介绍思科路由器的相关知识。思科路由器采用Cisco IOS(互联网络操作系统)软件,提供了丰富的功能和灵活的配置选项。Cisco IOS支持CLI(命令行界面)和图形化管理,适合不同的用户需求。思科路由器的型号命名遵循一定的规则,如19xx、29xx、39xx等系列,代表了不同的性能和应用场景。选择路由器型号时,需要考虑吞吐量、接口数量、可扩展性等因素。

在硬件组成方面,思科路由器typically包括CPU、RAM、Flash、NVRAM等部件,分别承担处理、存储、引导等功能。合理的硬件配置对于路由器的性能至关重要。思科路由器支持多种接口类型,如FastEthernet、Ethernet、Serial等。这些接口使用RJ45、DB60等不同的连接器和线缆。配置接口时,需要了解接口的工作模式(如DTE/DCE)和物理特性。管理思科路由器的常见方式包括Console口(通过RJ45转DB9串口线)、AUX口、Telnet和SSH等。Console口一般用于本地配置调试,AUX用于拨号,Telnet和SSH则用于远程管理。

配置思科路由器时,需要熟悉Cisco IOS的命令行界面。常用的配置命令包括enable(进入特权模式)、configure terminal(进入全局配置)、interface(进入接口配置)等。在路由配置方面,思科路由器支持静态路由和动态路由协议(如RIP、OSPF、EIGRP等)。通过ip route命令可以配置静态路由,network和router等命令用于启用动态路由。安全性是配置思科路由器需要关注的重点。可以通过设置密码(如enable secret)、配置SSH(ip ssh version 2)、启用AAA认证(aaa new-model)等措施,加强路由器的安全防护。

管理思科路由器还需要进行系统维护,如备份配置(copy running-config startup-config)、升级IOS(copy tftp flash)、查看日志(show logging)等。当思科路由器出现故障时,可以使用ping、traceroute、show等命令进行排查。通过分析接口状态、路由表、CPU利用率等指标,可以定位和解决大部分问题。思科路由器凭借其优异的性能和丰富的功能,在网络领域占据着重要的地位。深入学习和实践思科路由器的配置与管理,对于提升网络技能大有裨益。

2、静态路由实验，建立拓扑pc1>>R1>>R2>>R3>>pc2，使pc1与pc2能相互通信。

根据您提供的拓扑图,我使用10开头的IP地址重新规划:

设备IP配置:

• PC-PT (PC0): 10.1.1.2/30,网关10.1.1.1

• Router0:

  • Fa0/0: 10.1.1.1/30
  • Se2/0: 10.1.2.1/30

• Router-PT:

  • Se2/0: 10.1.2.2/30
  • Se3/0: 10.1.3.1/30

• Router2:

  • Fa0/0: 10.1.3.3/30
  • Se3/0: 10.1.3.2/30
• PC-PT (PC1): 10.1.3.4/30,网关10.1.3.3

路由器IP

R0

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname r0
r0(config)#int f0/0
r0(config-if)#ip addr 10.1.1.1 255.255.255.0
r0(config-if)#no shut


r0(config-if)#int s2/0
r0(config-if)#ip addr 10.1.2.1 255.255.255.0
r0(config-if)#no shut

R1

Router>en
Router#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname r1
r1(config)#int s2/0
r1(config-if)#ip addr 10.1.2.2 255.255.255.0
r1(config-if)#no shut


r1(config-if)#int s3/0
r1(config-if)#ip addr 10.1.3.1 255.255.255.0
r1(config-if)#no shut

R2:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname r2
r2(config)#int s2/0
r2(config-if)#ip addr 10.1.3.2 255.255.255.0
r2(config-if)#no shut

r2(config-if)#int f0/0
r2(config-if)#ip addr 10.1.4.1 255.255.255.0
r2(config-if)#no shut

pc1

PC2

配置静态路由

r0(config)#ip route 10.1.3.0 255.255.255.0 10.1.2.2
r0(config)#ip route 10.1.4.0 255.255.255.0 10.1.2.2

r1(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1
r1(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.2

r2(config)#ip route 10.1.1.0 255.255.255.0 10.1.3.1
r2(config)#ip route 10.1.2.0 255.255.255.0 10.1.3.1

r0(config)#do show ip route static
     10.0.0.0/24 is subnetted, 4 subnets
S       10.1.3.0 [1/0] via 10.1.2.2
S       10.1.4.0 [1/0] via 10.1.2.2


r1(config)#do show ip route static
     10.0.0.0/24 is subnetted, 4 subnets
S       10.1.1.0 [1/0] via 10.1.2.1
S       10.1.4.0 [1/0] via 10.1.3.2


r2#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 4 subnets
S       10.1.1.0 [1/0] via 10.1.3.1
S       10.1.2.0 [1/0] via 10.1.3.1
C       10.1.3.0 is directly connected, Serial2/0
C       10.1.4.0 is directly connected, FastEthernet0/0
r2#

测试

PC>tracert 10.1.4.10

Tracing route to 10.1.4.10 over a maximum of 30 hops: 

  1   0 ms      0 ms      0 ms      10.1.1.1
  2   0 ms      4 ms      0 ms      10.1.2.2
  3   1 ms      0 ms      1 ms      10.1.3.2
  4   *         2 ms      4 ms      10.1.4.10

Trace complete.

PC>ping 10.1.4.10

Pinging 10.1.4.10 with 32 bytes of data:

Reply from 10.1.4.10: bytes=32 time=7ms TTL=125

Ping statistics for 10.1.4.10:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 7ms, Average = 7ms

3、为实验二公司网络配置路由器，使内部网络可以访问Internet。

一个新的拓扑，当做公网

• 202.194.222.4/32
• 202.194.222.1/32
  

R0

r0>en
r0#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r0(config)#ip route 0.0.0.0 0.0.0.0 Serial2/0
r0(config)#
r0(config)#do show ip route

R1:

r1(config)#int fa0/0
r1(config-if)#ip addr 10.1.5.1 255.255.255.0
r1(config-if)#no shut
r1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

右上角路由

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname intelnet
intelnet(config)#int fa1/0
intelnet(config-if)#ip addr 10.1.5.2 255.255.255.0
intelnet(config-if)#no shut

intelnet(config-if)#int f0/0
intelnet(config-if)#ip addr 202.194.222.1 255.255.255.0
intelnet(config-if)#no shut

intelnet(config-if)#ip route 10.1.1.0 255.255.255.0 10.1.5.1
intelnet(config)#ip route 10.1.4.0 255.255.255.0 10.1.5.1

R2

r2(config)#ip route 0.0.0.0 0.0.0.0 se2/0

测试

PC>ping 202.194.222.4

Pinging 202.194.222.4 with 32 bytes of data:

Reply from 202.194.222.4: bytes=32 time=6ms TTL=125
Reply from 202.194.222.4: bytes=32 time=4ms TTL=125
Reply from 202.194.222.4: bytes=32 time=2ms TTL=125
Reply from 202.194.222.4: bytes=32 time=4ms TTL=125

Ping statistics for 202.194.222.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 4ms

PC>

4、将内网服务器80端口映射出去，

内网服务器

拓扑这样子：

intelnet(config)#access-list 1 permit 10.1.1.0 0.0.0.255
intelnet(config)#access-list 1 permit 10.1.4.0 0.0.0.255
intelnet(config)#int fa1/0
intelnet(config-if)#ip nat inside
intelnet(config-if)#exit

intelnet(config)#int fa0/0
intelnet(config-if)#ip nat outside
intelnet(config-if)#exit
intelnet(config)#ip nat inside source list 1 interface FastEthernet0/0 overload
intelnet(config)#ip nat inside source static tcp 10.1.4.250 80 202.194.222.1 8080

测试一下，打开浏览器：

http://202.194.222.1:8080
可以正常访问。

5、模拟器配置文件

r0

r0#copy running-config startup-config 
Destination filename [startup-config]? 
Building configuration...
[OK]
r0#show run
r0#show running-config 
Building configuration...

Current configuration : 758 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial2/0
 ip address 10.1.2.1 255.255.255.0
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
ip route 10.1.3.0 255.255.255.0 10.1.2.2 
ip route 10.1.4.0 255.255.255.0 10.1.2.2 
ip route 0.0.0.0 0.0.0.0 Serial2/0 
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

r1

r1#copy running-config startup-config 
Destination filename [startup-config]? 
Building configuration...
[OK]
r1#show ru
r1#show running-config 
Building configuration...

Current configuration : 868 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.1.5.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial2/0
 ip address 10.1.2.2 255.255.255.0
!
interface Serial3/0
 ip address 10.1.3.1 255.255.255.0
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.2.1 
ip route 10.1.4.0 255.255.255.0 10.1.3.2 
ip route 10.1.1.0 255.255.255.0 202.194.222.2 
ip route 10.4.1.0 255.255.255.0 202.194.222.2 
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end


r1#

r2

r2#copy running-config startup-config 
Destination filename [startup-config]? 
Building configuration...
[OK]
r2#show ru
r2#show running-config 
Building configuration...

Current configuration : 758 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.1.4.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial2/0
 ip address 10.1.3.2 255.255.255.0
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.3.1 
ip route 10.1.2.0 255.255.255.0 10.1.3.1 
ip route 0.0.0.0 0.0.0.0 Serial2/0 
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end


r2#

r3

intelnet#copy running-config startup-config 
Destination filename [startup-config]? 
Building configuration...
[OK]
intelnet#show ru
intelnet#show running-config 
Building configuration...

Current configuration : 1015 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname intelnet
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 202.194.222.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.1.5.2 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial2/0
 no ip address
 shutdown
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 10.1.4.250 80 202.194.222.1 8080 
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.5.1 
ip route 10.4.1.0 255.255.255.0 10.1.5.1 
ip route 10.1.4.0 255.255.255.0 10.1.5.1 
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.1.4.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end


intelnet#
intelnet#

华为

1、熟悉路由器的配置管理（附文档路由器的介绍PPT）

华为是中国乃至全球的网络设备巨头之一,其路由器产品以性价比高、功能全面而备受青睐。下面我们就来详细了解一下华为路由器的相关知识。

华为路由器采用VRP(Versatile Routing Platform)操作系统,该系统基于Linux内核开发,提供了强大的网络功能和友好的配置管理界面。VRP支持命令行和Web界面配置,满足不同用户的需求。

华为路由器的命名方式通常以AR(Access Router)、NE(Network Engine)等字母开头,后面跟数字表示系列和型号,如AR系列、NE系列等。不同系列的路由器在性能、接口、功耗等方面有所差异,可根据实际需求选择。

从硬件结构看,华为路由器一般包括主控板(MPU)、业务板(LPU)、交换网板(SFU)、电源板(PWR)等部件。其中,MPU负责路由计算和管理,LPU提供业务接口,SFU实现数据交换,PWR供给系统电源。

华为路由器支持丰富的接口类型,如以太网接口(Ethernet)、广域网接口(WAN)、串行接口(Serial)等。不同接口使用RJ45、SFP、RS232等连接器,传输介质包括双绞线、光纤、同轴电缆等。

管理华为路由器的方式有多种,如Console口(通过Console线缆)、Telnet(23端口)、SSH(22端口)、Web(80端口)等。日常配置一般使用Console口,远程管理则用Telnet/SSH/Web,注意网络和安全设置。

配置华为路由器时,需要熟悉VRP的命令行界面。常见命令包括system-view(进入系统视图)、interface(进入接口视图)、display(查看信息)、save(保存配置)等。

华为路由器支持多种路由协议,如静态路由、RIP、OSPF、ISIS、BGP等。配置静态路由使用ip route-static命令,动态路由则在相应的路由视图下进行。

安全性是华为路由器配置的重中之重。基本措施包括设置用户名密码(aaa)、启用SSH(ssh server enable)、配置ACL(acl number)等。对于关键路由器,还需要部署防火墙、VPN等安全业务。

维护华为路由器需要掌握一些常用操作,如软件升级(upgrade)、配置备份(backup configuration)、日志查看(display current-configuration)、调试开关(debugging)等。

华为路由器出现故障时，参考以下思路排查:

1. 检查物理连接,如接口线缆、模块、电源等是否正常。
2. 确认接口配置,如IP地址、子网掩码、接口状态等。
3. 查看路由表,分析路由协议、路由条目是否合理。
4. 观察CPU、内存等资源利用率,判断是否过载。
5. 使用ping、tracert等工具,测试网络连通性。
6. 对比配置文件,查找配置差异或错误。
7. 翻阅系统日志,获取告警、错误等重要信息。

华为路由器以其优异的性能、灵活的扩展性和极高的性价比,在企业网和运营商网广泛应用。系统学习华为路由器的原理、配置和维护,对于提高网络管理水平大有裨益。作为网络人,掌握华为路由器的"武功秘籍",定能在职场立于不败之地。

2、静态路由实验，建立拓扑pc1>>R1>>R2>>R3>>pc2，使pc1与pc2能相互通信。

它有bug，用就用最高级的那个路由器。

用这个路由器：

拓扑图：

配置命令

R1:

[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 192.168.1.1 24

[Huawei]int e0/0/1  
[Huawei-Ethernet0/0/1]ip addr 10.1.1.1 24
[Huawei]ip route-static 192.168.2.0 24 10.1.1.2

[Huawei]dis ip routing-table

R2:

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24

[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.2.2.2 24


[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ip route-static 192.168.1.0 24 10.1.1.1
[Huawei]ip route-static 192.168.2.0 24 10.2.2.3  
[Huawei]dis ip int brief


[Huawei]ping 192.168.2.1 (成功)
[Huawei]ping 192.168.1.1 (成功)

R3:

<Huawei>sys
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.2.2.3 24
[Huawei-Ethernet0/0/0]int e0/0/1
[Huawei-Ethernet0/0/1]ip addr 192.168.2.1 24
[Huawei-Ethernet0/0/1]quit
[Huawei]ip route-static 192.168.1.0 24 10.2.2.2
[Huawei]dis ip int brief
Interface                         IP Address/Mask      Physical   Protocol  
Ethernet0/0/0                     10.2.2.3/24          up         up        
Ethernet0/0/1                     192.168.2.1/24       up         up        
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
GigabitEthernet0/0/3              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial0/0/0                       unassigned           down       down      
Serial0/0/1                       unassigned           down       down      
Serial0/0/2                       unassigned           down       down      
Serial0/0/3                       unassigned           down       down      

可以ping通

这个也是：

3、为实验二公司网络配置路由器，使内部网络可以访问Internet。

请直接跳转到[☆新的拓扑图]章节，蓝屏了。拓扑图重新画的。

R2

[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.11.11.6
[Huawei-GigabitEthernet0/0/2]ip addr 10.11.11.2 24

R6

<Huawei>sys
  Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.11.11.6 24

[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24

目前AR2可以访问202.194.222.4（intelnet）

划分VLAN

拓扑结构：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int vlan    
[Huawei]int Vlanif 
[Huawei]int Vlanif 10
Error: The VLAN does not exist.
[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]vlan 30
[Huawei-vlan30]int vl    
[Huawei-vlan30]int vlanif 10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vl    
[Huawei-Vlanif10]int vlanif 20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif 30
[Huawei-Vlanif30]ip addr 192.168.30.1 24

Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]
Jun  5 2024 10:22:42-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 5, th
e change loop count is 0, and the maximum number of records is 4095.

服务器配置IP

划分VLAN到端口

[Huawei-vlan30]int e0/0/2
[Huawei-Ethernet0/0/2]pro    
[Huawei-Ethernet0/0/2]port    
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-Ethernet0/0/2]
Jun  5 2024 10:25:42-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 7, th
e change loop count is 0, and the maximum number of records is 4095.port default
 vlan 10
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]
Jun  5 2024 10:25:52-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 8, th
e change loop count is 0, and the maximum number of records is 4095.port default
 vlan 10
[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]int e0/0/3
Jun  5 2024 10:26:02-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 9, th
e change loop count is 0, and the maximum number of recordport default vlan 20
[Huawei-Ethernet0/0/3]
[Huawei-Ethernet0/0/3]
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]
Jun  5 2024 10:26:12-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 10, t
he change loop count is 0, and the maximum number of records is 4095.

vlan划分

[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]vlan 30
[Huawei-vlan30]
Jun  5 2024 10:23:13-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 6, th
e change loop count is 0, and the maximum number of records is 4095.
[Huawei-vlan30]
[Huawei-vlan30]
[Huawei-vlan30]int e0/0/1
[Huawei-Ethernet0/0/1]port link    
[Huawei-Ethernet0/0/1]port link-t    
[Huawei-Ethernet0/0/1]port link-type tr    
[Huawei-Ethernet0/0/1]port link-type trunk 
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]por
Jun  5 2024 10:28:03-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 7, th
e change loop count is 0, and the maximum number of records is 4095.t
                           ^
Error:Incomplete command found at '^' position.
[Huawei-Ethernet0/0/2]port link    
[Huawei-Ethernet0/0/2]port link-t    
[Huawei-Ethernet0/0/2]port link-type tr    
[Huawei-Ethernet0/0/2]port link-type acc    
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-Ethernet0/0/2]
Jun  5 2024 10:28:13-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 8, th
e change loop count is 0, and the maximum number of records is 4095.
[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]port default vlan 30
[Huawei-Ethernet0/0/2]
Jun  5 2024 10:28:43-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 9, th
e change loop count is 0, and the maximum number of records is 4095.

核心交换机

[Huawei-vlan30]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]

[Huawei-GigabitEthernet0/0/1.10]int g0/0/1.20
[Huawei-GigabitEthernet0/0/1.20]ip addr 192.168.20.1 24
[Huawei-GigabitEthernet0/0/1.20]dot1q termination vid 20
Jun  5 2024 10:55:51-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[2]:The line protocol
 IP on the interface GigabitEthernet0/0/1.20 has entered the UP state. 
[Huawei-GigabitEthernet0/0/1.20]int g0/0/1.30
[Huawei-GigabitEthernet0/0/1.30]ip addr 192.168.30.1 24
[Huawei-GigabitEthernet0/0/1.30]dot1q termination vid 30

后面电脑突然蓝屏重启了，没有保存文件
后面电脑突然蓝屏重启了，没有保存文件
后面电脑突然蓝屏重启了，没有保存文件

☆新的拓扑图

简单模拟一下

路由器:

<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.22.22.1 24

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24 #公网IP


[Huawei]ip route-static 192.168.10.0 24 10.22.22.2
[Huawei]ip route-static 192.168.20.0 24 10.22.22.2
[Huawei]ip route-static 192.168.30.0 24 10.22.22.2

三层交换机

[Huawei-GigabitEthernet0/0/1]quit
[Huawei]undo inf    
[Huawei]undo info-center en    
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]vlan b 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 100
[Huawei-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[Huawei-GigabitEthernet0/0/3]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.2
Error: The next-hop address is invalid.
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
[Huawei]

[Huawei]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a

二层交换机

[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]p l t #port link-type trunk 
[Huawei-Ethernet0/0/3]p t a v a #port trunk allow-pass vlan all 
[Huawei-Ethernet0/0/3]un sh

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 30
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
[Huawei-Ethernet0/0/2]un sh

拓扑图：

内网互通

内网互通2

互通WAN IP：

外网访问：

4、将内网服务器80端口映射出去，

int e0/0/1
[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.30.250 80

启动http服务器

测试：

网页可以打开。

5、模拟器配置文件

LSW2

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]display current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei]
[Huawei]

LSW3

<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu    
[Huawei]dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei]

LSW1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu    
[Huawei]dis current-configuration 
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
 ip address 192.168.30.1 255.255.255.0
#
interface Vlanif100
 ip address 10.22.22.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 100
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
#
user-interface con 0
user-interface vty 0 4
#
return

[Huawei]
[Huawei]
[Huawei]
[Huawei]
[Huawei]
[Huawei]

AR1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu    
[Huawei]dis current-configuration 
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 undo info-center enable
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
 rule 5 permit source 192.168.30.250 0 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.22.22.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 202.194.222.1 255.255.255.0 
 nat server protocol tcp global current-interface www inside 192.168.30.250 www
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 192.168.10.0 255.255.255.0 10.22.22.2
ip route-static 192.168.20.0 255.255.255.0 10.22.22.2
ip route-static 192.168.30.0 255.255.255.0 10.22.22.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]
[Huawei]
[Huawei]

失效：一些失效的过程

拓扑图：

PC1: 192.168.1.10/24
PC5: 192.168.2.10/24
PC2: 192.168.10.22/24
PC3: 192.168.20.22/24 
PC4: 192.168.30.22/24
LSW1: 192.168.30.10/24
LSW2: 192.168.30.11/24  
Server1: 192.168.30.250/24
Server2: 202.194.222.4/24

路由器

配置IP

PC1

PC5

SERVER2

PC2:

PC3:

路由器配置IP（

R1:

<Huawei>sys
[Huawei]sysname r1
[r1]int e0/0/0
[r1-Ethernet0/0/0]ip addr 192.168.1.1 24
[r1]int e0/0/1
[r1-Ethernet0/0/1]ip addr 10.1.1.1 24

R2:

<Huawei>sys
  Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]int e0/0/0
[r2-Ethernet0/0/0]ip addr 10.1.1.2 24

[r2-Ethernet0/0/0]int e0/0/1
[r2-Ethernet0/0/1]ip addr 10.1.2.2 24

R3:

[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.1.2.3 24

[Huawei-Ethernet0/0/0]int e0/0/1
[Huawei-Ethernet0/0/1]ip addr 10.1.5.3 24

[Huawei-Ethernet0/0/1]sysname r3

[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip addr 192.168.2.1 24

[r3-GigabitEthernet0/0/1]int g0/0/0
[r3-GigabitEthernet0/0/0]ip addr 192.168.100.1 24


[r3-GigabitEthernet0/0/0]dis ip int brief
Interface                         IP Address/Mask      Physical   Protocol  
Ethernet0/0/0                     10.1.2.3/24          up         up        
Ethernet0/0/1                     10.1.5.3/24          up         up        
GigabitEthernet0/0/0              192.168.100.1/24     up         up        
GigabitEthernet0/0/1              192.168.2.1/24       up         up        
GigabitEthernet0/0/2              unassigned           down       down  

R4:

<Huawei>sys
  Enter system view, return user view with Ctrl+Z.
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.1.5.4 24
[Huawei-Ethernet0/0/0]sysname r4

[r4]int e0/0/1
[r4-Ethernet0/0/1]ip addr 202.194.222.1 24

配置静态路由

[r1]ip route-static 192.168.2.0 24 10.1.1.2


[r2]ip route-static 192.168.1.0 24 10.1.1.1
[r2]ip route-static 192.168.2.0 24 10.1.2.3


[r3]ip route-static 192.168.1.0 24 10.1.3.2

<PC1>ping 192.168.2.10
<PC5>ping 192.168.1.10

0xff:文件下载

1. 思科
   https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-04-18-35-43_Tragopan_Giant_Bowed.rar

2. 华为

https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-05-17-31-09_Robin_Slateblue_Fair.7z