當(dāng)前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

H3CNE综合小实验

發(fā)布時(shí)間：2023/12/18 编程问答 31 豆豆

生活随笔收集整理的這篇文章主要介紹了 H3CNE综合小实验小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.

實(shí)驗(yàn)拓?fù)?/p>

實(shí)驗(yàn)需求

實(shí)驗(yàn)解法

實(shí)驗(yàn)拓?fù)?/h3>

拓?fù)湎螺d地址

H3CNE綜合小實(shí)驗(yàn)

?

?

?

?

?

圖 1-1

注：如無特別說明，描述中的 R1 或 SW1 對應(yīng)拓?fù)渲性O(shè)備名稱末尾數(shù)字為 1 的設(shè)備，R2 或 SW2 對應(yīng)拓?fù)渲性O(shè)備名稱末尾數(shù)字為 2 的設(shè)備，以此類推；另外，同一網(wǎng)段中，IP 地址的主機(jī)位為其設(shè)備編號，如 R3 的 g0/0 接口若在192.168.1.0/24網(wǎng)段，則其 IP 地址為192.168.1.3/24，以此類推

實(shí)驗(yàn)需求

按照圖示配置 IP 地址

sw2和sw10使用鏈路聚合

四個(gè)部門：地址為dhcp獲取

sw2,r13,sw10,運(yùn)行ospf，使其內(nèi)網(wǎng)互通，ospf使用命令下發(fā)缺省網(wǎng)關(guān)

R13與R14采用雙向認(rèn)證。

僅允許技術(shù)部和產(chǎn)品研發(fā)部方位外網(wǎng)，財(cái)務(wù)部門訪問財(cái)務(wù)服務(wù)器

R11作為ftp服務(wù)器，要求外網(wǎng)用戶可以訪問

實(shí)驗(yàn)解法

8，配置 IP 地址部分

R14

sys System View: return to User View with Ctrl+Z. [H3C]sysn r14 [r14]int mp-gr 1 [r14-MP-group1]int s1/0 [r14-Serial1/0]ppp mp mp-gr 1 [r14-Serial1/0] [r14-Serial1/0]int s2/0 [r14-Serial2/0]ppp mp mp-gr 1 [r14]int mp-gr 1 [r14-MP-group1]ip add 100.1.1.2 24

R13

SYS [H3C]SYSN r13 [r13]int mp-gr 1 [r13-MP-group1]int s1/0 [r13-Serial1/0]ppp mp mp-gr 1 [r13-Serial1/0]int s2/0 [r13-Serial2/0]ppp mp mp-gr1 [r13-Serial2/0]int mp-gr 1 [r13-MP-group1]ip add 100.1.1.1 24 [r13]int g0/0 [r13-GigabitEthernet0/0]ip add 192.168.60.2 24 [r13-GigabitEthernet0/0]int g0/1 [r13-GigabitEthernet0/1]ip add 192.168.70.2 24

SW2

sys System View: return to User View with Ctrl+Z. [H3C]sys sw2 [sw2]vlan 10 [sw2-vlan10]vlan 20 [sw2-vlan20]vlan 30 [sw2-vlan30]vlan 40 [sw2-vlan40]vlan 50 [sw2-vlan50]vlan 60 [sw2-vlan60]int vlan 10 [sw2-Vlan-interface10]ip add 192.168.1.254 24 [sw2-Vlan-interface10]int vlan 20 [sw2-Vlan-interface20]ip add 192.168.2.254 24 [sw2-Vlan-interface20]int vlan 30 [sw2-Vlan-interface30]ip add 192.168.3.254 24 [sw2-Vlan-interface30]int vlan 40 [sw2-Vlan-interface40]ip add 192.168.4.254 24 [sw2-Vlan-interface40]int vlan 50 [sw2-Vlan-interface50]ip add 192.168.50.1 24 [sw2-Vlan-interface50]int vlan 60 [sw2-Vlan-interface60]ip add 192.168.60.1 24 [sw2-Vlan-interface60]int g1/0/5 [sw2-GigabitEthernet1/0/5]port link-ty ac [sw2-GigabitEthernet1/0/5]port ac vlan 60 [sw2]int range g1/0/1 to g1/0/2 [sw2-if-range]port tr pe ?vlan all

SW10

SYS System View: return to User View with Ctrl+Z. [H3C]SYSN sw10 [sw10]vlan 10 [sw10-vlan10]vlan 20 [sw10-vlan20]vlan 50 [sw10-vlan50]vlan 70 [sw10-vlan70]int vlan 10 [sw10-Vlan-interface10]ip add 192.168.80.2 24 [sw10-Vlan-interface10]int vlan 20 [sw10-Vlan-interface20]ip add 192.168.90.2 24 [sw10-Vlan-interface20]int vlan 50 [sw10-Vlan-interface50]ip add 192.168.50.2 24 [sw10-Vlan-interface50]int vlan 70 [sw10-Vlan-interface70]ip add 192.168.70.1 24 [sw10-Vlan-interface70]int ran g1/0/1 to g1/0/2 [sw10-if-range]port link-ty ac [sw10-if-range]int g1/0/1 [sw10-GigabitEthernet1/0/1]port ac vlan 10 [sw10-GigabitEthernet1/0/1]int g1/0/2 [sw10-GigabitEthernet1/0/2]port ac vlan 20

SW1

SYS System View: return to User View with Ctrl+Z. [H3C]SYSN SW1 [SW1]vlan 10 [SW1-vlan10]vlan 20 [SW1]INT G1/0/4 [SW1-GigabitEthernet1/0/4]port link-ty tr [SW1-GigabitEthernet1/0/4]port tr pe vlan all [SW1-vlan20]int ran g1/0/1 to g1/0/2 [SW1-if-range]port link-ty access [SW1-if-range]port ac vlan 10 [SW1-if-range]int g1/0/3 [SW1-GigabitEthernet1/0/3]port link-ty acc [SW1-GigabitEthernet1/0/3]port ac vlan 20

SW3

SYS System View: return to User View with Ctrl+Z. [H3C]SYSN SW3 [SW3-vlan20]int g1/0/4 [SW3-GigabitEthernet1/0/4]port link-ty tr [SW3-GigabitEthernet1/0/4]port tr pe vlan all [SW3-GigabitEthernet1/0/1]port link-ty ac [SW3-GigabitEthernet1/0/1]port ac vlan 30 [SW3-GigabitEthernet1/0/1]int ran g1/0/2 to g1/0/3 [SW3-if-range]port link-ty ac [SW3-if-range]port ac vlan 40

R11(路由作為電腦設(shè)備使用需要增加缺省路由，服務(wù)器系統(tǒng)自動(dòng)添加，這個(gè)只是模擬器，你自己的電腦也會(huì)添加缺省路由來上網(wǎng)，模擬器需要自己手動(dòng)配置下)

SYS System View: return to User View with Ctrl+Z. [H3C]SYSN R11 [R11]int g0/0 [R11-GigabitEthernet0/0]ip add 192.168.80.1 24 [R11]ip route-static 0.0.0.0 0.0.0.0 192.168.80.2

R12

SYS System View: return to User View with Ctrl+Z. [H3C]SYSN R12 [R12]int g0/0 [R12-GigabitEthernet0/0]ip add 192.168.90.1 24 [R12]ip route-static 0.0.0.0 0.0.0.0 192.168.90.2

PC4-PC9(DHCP分配地址)

9，sw2和sw10使用鏈路聚合

步驟 1：在 SW2上創(chuàng)建聚合組，并添加端口,雙方都建立后不會(huì)警告（默認(rèn)vlan）PVID不匹配

SW2

sys System View: return to User View with Ctrl+Z. [sw2]int Bridge-Aggregation 1 [sw2-Bridge-Aggregation1]int ran g1/0/3 to g1/0/4 [sw2-if-range]port link-agg gr 1 [sw2-if-range]int Bridge-Aggregation 1 [sw2-Bridge-Aggregation1]port link-type ?ac Configuring GigabitEthernet1/0/3 done. Configuring GigabitEthernet1/0/4 done. [sw2-Bridge-Aggregation1]port ac vlan 50 Configuring GigabitEthernet1/0/3 done. Configuring GigabitEthernet1/0/4 done.

步驟2：在 SW10上創(chuàng)建聚合組，并添加端口

SW10

SYS System View: return to User View with Ctrl+Z. [sw10]int Bridge-Aggregation 1. [sw10-Bridge-Aggregation1]int ran g1/0/3 to g1/0/4 [sw10-if-range]port link-agg gr 1 [sw10-if-range]int Bridge-Aggregation 1 [sw10-Bridge-Aggregation1]port link-ty ac Configuring GigabitEthernet1/0/3 done. Configuring GigabitEthernet1/0/4 done. [sw10-Bridge-Aggregation1]port ac vlan 50 Configuring GigabitEthernet1/0/3 done. Configuring GigabitEthernet1/0/4 done.

10，四個(gè)部門：地址為dhcp獲取

步驟 1：在 SW2上創(chuàng)建 DHCP地址池，網(wǎng)關(guān)為vlan地址，開啟DHCP全局模式，不同vlan配置不同的地址池，dns設(shè)置為114.114.114.114

[sw2]dhcp enable [sw2]dhcp server ip vlan10 [sw2-dhcp-pool-vlan10]netw 192.168.1.0 ma 255.255.255.0 [sw2-dhcp-pool-vlan10]gat 192.168.1.254 [sw2-dhcp-pool-vlan10]dns 114.114.114.114 [sw2-dhcp-pool-vlan10]dhcp ser ip vlan20 [sw2-dhcp-pool-vlan20]netw 192.168.2.0 ma 255.255.255.0 [sw2-dhcp-pool-vlan20]gat 192.168.2.254 [sw2-dhcp-pool-vlan20]dns 114.114.114.114 [sw2-dhcp-pool-vlan20]dhcp ser ip ?vlan30 [sw2-dhcp-pool-vlan30]netw 192.168.3.0 ma 255.255.255.0 [sw2-dhcp-pool-vlan30]gat 192.168.3.254 [sw2-dhcp-pool-vlan30]dns 114.114.114.114 [sw2]dhcp ser ip vlan40 [sw2-dhcp-pool-vlan40]netw 192.168.4.0 ma 255.255.255.0 [sw2-dhcp-pool-vlan40]gat 192.168.4.254 [sw2-dhcp-pool-vlan40]dns 114.114.114.114

步驟 2：查看各個(gè)部門的電腦ip已經(jīng)自動(dòng)分配或者使用dis arp all 命令也可以查詢

11，sw2,r13,sw10,運(yùn)行ospf，使其內(nèi)網(wǎng)互通，ospf使用命令下發(fā)缺省網(wǎng)關(guān)

R13（ospf下發(fā)缺省路由指向互聯(lián)網(wǎng)）

[r13]ospf [r13-ospf-1]a 0 [r13-ospf-1-area-0.0.0.0]netw 192.168.60.2 0.0.0.0 [r13-ospf-1-area-0.0.0.0]netw 192.168.70.2 0.0.0.0 [r13-ospf-1-area-0.0.0.0]netw 100.1.1.1 0.0.0.0 [r13-ospf-1-area-0.0.0.0]q [r13-ospf-1]q [r13]ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 [r13]ospf [r13-ospf-1]default-route-advertise

SW2

[sw2]ospf [sw2-ospf-1]a 0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.1.254 0.0.0.0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.2.254 0.0.0.0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.3.254 0.0.0.0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.4.254 0.0.0.0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.50.1 0.0.0.0 [sw2-ospf-1-area-0.0.0.0]netw 192.168.60.1 0.0.0.0

SW10

[sw10]ospf [sw10-ospf-1]a 0 [sw10-ospf-1-area-0.0.0.0]netw 192.168.80.2 0.0.0.0 [sw10-ospf-1-area-0.0.0.0]netw 192.168.90.2 0.0.0.0 [sw10-ospf-1-area-0.0.0.0]netw 192.168.50.2 0.0.0.0 [sw10-ospf-1-area-0.0.0.0]netw 192.168.70.1 0.0.0.0

12，R13與R14采用雙向認(rèn)證。

步驟一：創(chuàng)建用戶han，密碼為123，設(shè)置為用戶名單，直接修改端口模式為chap，直接調(diào)用用戶名單進(jìn)行雙向驗(yàn)證，端口切記關(guān)閉在開啟才能生效

R13

[r13]local-user han cla netw New local user added. [r13-luser-network-han]pas si 123 [r13-luser-network-han]ser ppp [r13]int s1/0 [r13-Serial1/0]ppp auth chap [r13-Serial1/0]ppp chap user han [r13-Serial1/0]int s2/0 [r13-Serial2/0]ppp auth chap [r13-Serial2/0]ppp chap user han

R14

[r14]local-user han cla netw New local user added. [r14-luser-network-han]pas si 123 [r14-luser-network-han]ser ppp [r14]int s1/0 [r14-Serial1/0]ppp auth chap [r14-Serial1/0]ppp chap user han [r14-Serial1/0]int s2/0 [r14-Serial2/0]ppp auth chap [r14-Serial2/0]ppp chap user han

僅允許技術(shù)部和產(chǎn)品研發(fā)部方位外網(wǎng)，只允許財(cái)務(wù)部門訪問財(cái)務(wù)服務(wù)器

步驟一，使用acl策略匹配技術(shù)部與產(chǎn)品研發(fā)部的流量，在驗(yàn)證mp-group使用簡單nat進(jìn)行外網(wǎng)訪問控制

R13

[r13]acl basic 2000 [r13-acl-ipv4-basic-2000]rule per source 192.168.2.0 0.0.0.255 [r13-acl-ipv4-basic-2000]rule permit source 192.168.4.0 0.0.0.255 [r13]int MP-group 1 [r13-MP-group1]nat outbound 2000

sw10

步驟二利用acl策略匹配流量，第一條如果沒有匹配上會(huì)進(jìn)行第二條，只會(huì)生效一條，注意順序，vlan調(diào)用acl為出口方向（答案不唯一多種方式都可以）

[sw10]acl basic 2000 [sw10-acl-ipv4-basic-2000]rule deny source 192.168.1.0 0.0.0.255 [sw10-acl-ipv4-basic-2000]rule deny source 192.168.2.0 0.0.0.255 [sw10-acl-ipv4-basic-2000]rule deny source 192.168.4.0 0.0.0.255 [sw10]int vlan 20 [sw10-Vlan-interface20]packet-filter 2000 out

13，R11作為ftp服務(wù)器，要求外網(wǎng)用戶可以訪問

步驟一，創(chuàng)建ftp服務(wù)器，密碼為1234，用戶名為hany

R11

[R11]ftp ser en [R11]local-user hany class manage New local user added. [R11-luser-manage-han]pas sim 1234 [R11-luser-manage-han]authorization-attribute user-role level-15 [R11-luser-manage-han]service-type ftp

步驟二：在 R3 的公網(wǎng)接口上配置 NAT SERVER，映射端口 20 和 21，這里映射ftp服務(wù)器的地址為192.168.80.1,映射后地址為R3外網(wǎng)出口地址

[r13]int mp-gr 1 [r13-MP-group1]nat ser pro tcp global current-interface 20 21 inside 192.168.80.1 20 21

最后在R14上測試ftp登錄正常

vlan10 vlan20 vlan 40無法訪問財(cái)務(wù)服務(wù)器

總結(jié)

以上是生活随笔為你收集整理的H3CNE综合小实验的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。

H3CNE