ENSP Demo 006 Experiment

要求：
配置Telnet，要求所有网络设备均支持远程管理，密码为admin
配置Trunk，交换机之间的链路均为Trunk模式
配置VLAN，在SW2和SW3上创建相关VLAN，关联4台PC到对应的VLAN接口
配置MLS，通过SW1实现VLAN间路由
配置DHCP，使SW1可以为各个VLAN内主机分配地址信息
配置STP，使SW1成为所有VLAN的根桥，要求手动修改优先级为4096
配置OSPF，企业内网运行OSPF 1
配置缺省和NAT，在R1上配置静态缺省路由，SW1通过OSPF学习缺省路由
配置NAT，在R1上配置PAT（只需要转换四个VLAN网段）
配置PPP，R1和R2之间封装协议为PPP，使用CHAP双向认证，密码均为huawei
配置OSPF，R2、R3、R4之间运行OSPF 2
配置DNS，可以通过www.aaa.com访问HTTP服务器，通过www.bbb.com访问FTP服务器
配置ACL，在R1上配置ACL，拒绝VLAN20的主机通过浏览器访问HTTP服务器，其他流量不受影响

---

sys 
sysn R1

int g0/0/0
ip add 192.168.12.1 24
int g0/0/1
ip add 1.0.0.2 30
int s2/0/0
ip add 12.0.0.1 24

ip route-static 0.0.0.0 0 12.0.0.2
ospf 1 router-id 1.1.1.1
default-route-advertise
a 0
network 192.168.12.1 0.0.0.0
network 1.0.0.2 0.0.0.0

acl 2000
rule 10 permit
int s2/0/0
nat outbound 2000

int s2/0/0
ppp chap user huawei
ppp chap password cipher admin

link-protocol ppp
aaa
local-user huawei password cipher admin
local-user huawei service-type ppp
int s2/0/0
ppp authentication-mode chap

user-interface vty 0 4 
authentication-mode aaa
aaa
local-user zx password cipher admin
local-user zx privilege level 15
local-user zx service-type telnet terminal

---

sys
sysn SW1

vlan batch 10 20 30 40
int vlanif 10
ip add 192.168.10.254 24
int vlanif 20
ip add 192.168.20.254 24
int vlanif 30
ip add 192.168.30.254 24
int vlanif 40
ip add 192.168.40.254 24

int g0/0/1
port lin a
p d vlan 1
int g0/0/2
p l t
p t a vlan 10 20
int g0/0/3
p l t
p t a vlan 30 40
q

dhcp enable
int vlanif 10 
dhcp select interface 
dhcp server dns-list 3.0.0.1
int vlanif 20 
dhcp select interface 
dhcp server dns-list 3.0.0.1
int vlanif 30 
dhcp select interface 
dhcp server dns-list 3.0.0.1
int vlanif 40 
dhcp select interface 
dhcp server dns-list 3.0.0.1

ospf 1 router-id 2.2.2.2
a 0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.12.2 0.0.0.0

stp mode stp 
stp priority 4096

user-interface vty 0 4 
authentication-mode aaa
aaa
local-user zx password cipher admin
local-user zx privilege level 15
local-user zx service-type telnet terminal

---

sys
sysn SW2

vlan batch 10 20 30 40
int g0/0/1
p l t
p t a vlan 10 20 30 40
int g0/0/2
p l t 
p t a vlan 10 20 30 40
int g0/0/3
p l a
p d vlan 10
int g0/0/4
p l a
p d vlan 20

user-interface vty 0 4 
authentication-mode aaa
aaa
local-user zx password cipher admin
local-user zx privilege level 15
local-user zx service-type telnet terminal

---

sys
sysn SW3

vlan batch 10 20 30 40
int g0/0/1
p l t
p t a vlan 10 20 30 40
int g0/0/2
p l t
p t a vlan 10 20 30 40
int g0/0/3
p l a
p d vlan 30
int g0/0/4
p l a 
p d vlan 40

user-interface vty 0 4 
authentication-mode aaa
aaa
local-user zx password cipher admin
local-user zx privilege level 15
local-user zx service-type telnet terminal

---

sys
sysna R2

int s2/0/0
ip add 12.0.0.2 24
int g0/0/0
ip add 23.0.0.1 24
int g0/0/1
ip add 24.0.0.1 24
int s2/0/0
link-protocol ppp
ppp chap user huawei
ppp chap password cipher admin

aaa
local-user huawei password cipher admin
local-user huawei service-type ppp
int s2/0/0
ppp authentication-mode chap


ospf 2
a 0
net 12.0.0.0 0.0.0.3
net 23.0.0.1 0.0.0.0
net 24.0.0.1 0.0.0.0

---

sys
sysn R3

vlan 100
int vlanif 100
ip add 3.0.0.254 24
int g0/0/1
ip add 23.0.0.2 24
int g0/0/0
ip add 34.0.0.1 24
int e0/0/0
p l a
p d vlan 100

ospf 2 router-id 3.3.3.3
a 0
net 3.0.0.0 0.0.0.255
net 34.0.0.0 0.0.0.255
net 23.0.0.0 0.0.0.255

---

sys
sysn R4

vlan 200
int vlanif 200
ip add 4.0.0.254 24
int g0/0/1
ip add 24.0.0.2 24
int g0/0/0
ip add 34.0.0.2 24
int e0/0/0
p l a 
p d vlan 200

ospf 2 router-id 4.4.4.4
a 0
net 4.0.0.0 0.0.0.255
net 24.0.0.0 0.0.0.255
net 34.0.0.0 0.0.0.255