4.根据前三个文章做一个综合小实验
实验要求:
1、网络中有3个不同部门,均可自动获取地址
2、各部门互相访问,也可访问内网服务器172.16.100.1
3、pc1不允许访问互联网,pc2和pc3可以访问互联网
4、内网服务器对外发布的地址为:64.1.1.3,互联网用户可以访问这台服务器
5、内网服务器的域名是,www.ceshinet.net各pc可以通过域名访问
1、先给pc机器设置成dhcp获取ip
2、给交换机2和交换机3划分vlan,设置链路
####lsw2######
[Huawei]vlan 10
[Huawei-vlan10]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
####lsw3######
<Huawei>sy
[Huawei]vlan batch 20 30
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 20
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 30
[Huawei-Ethernet0/0/3]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
3、配置核心交换机(三层交换机)
####lsw1######(作为网关使用)
[Huawei]vlan batch 10 20 30 40
[Huawei]interface Vlanif 10
[Huawei-Vlanif10]ip add 192.16.10.254 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.16.20.254 24
[Huawei-Vlanif20]int vlan 30
[Huawei-Vlanif30]ip add 192.168.30.254 24
[Huawei-Vlanif30]int vlan 40
[Huawei-Vlanif40]ip add 172.16.100.254 24
[Huawei]dhcp enable //开启dchp功能
[Huawei]int Vlanif 10
[Huawei-Vlanif10]dhcp select interface
[Huawei-Vlanif10]dhcp server dns-list 172.16.100.1
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]dhcp select interface
[Huawei-Vlanif20]dhcp server dns-list 172.16.100.1
[Huawei-Vlanif20]int vlan 30
[Huawei-Vlanif30]dhcp select interface
[Huawei-Vlanif30]dhcp server dns-list 172.16.100.1
[Huawei-Vlanif30]dis ip int b//检查以下配置是否正确
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.16.10.254/24 down down
Vlanif20 192.16.20.254/24 down down
Vlanif30 192.168.30.254/24 down down
Vlanif40 172.16.100.254/24 down down
//配置链路
[Huawei-Vlanif30]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 40
##配置一个能连通路由器R1的vlan
[Huawei]vlan 100
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 100
[Huawei]int Vlanif 100
[Huawei-Vlanif100]ip add 10.10.10.2 24
//配置一条去外网的路由
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
4、配置路由器R1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 10.10.10.1 24
//配置一个连同外网
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 64.1.1.1 24
//编写规则
[Huawei]ip route-static 0.0.0.0 0.0.0.0 64.1.1.10
[Huawei]ip route-static 192.168.0.0 255.255.0.0 10.10.10.2
[Huawei]ip route-static 172.16.100.0 255.255.255.0 10.10.10.2
//配置出去上网的nat
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[Huawei-acl-basic-2000]q
[Huawei]nat address-group 1 64.1.1.5 64.1.1.5
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
添加一条拒绝10段上网
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule deny source 192.168.10.0 0.0.0.255
[Huawei-acl-basic-2001]int g0/0/0
[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 2001
//内网服务器通过64.1.1.3映射出去
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat server global 64.1.1.3 inside 172.16.100.1
本文作者:今天大晴天
本文链接:https://www.cnblogs.com/j-qingtian/p/18108700
版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步