华为设备HCNA综合实验配置
【配置说明】
配置所需的IP地址,都已在拓扑中标注;
【配置要求】
配置telnet ,要求所有网络设备均支持远程管理,密码为admin
配置trunk ,交换机之间的链路均为trunk模式
配置Vlan,在SW2和SW3上创建相关Vlan,关联4台PC到对应的VLAN接口
配置MLS,通过SW1实现vlan间路由
配置DHCP,使SW1可以为各个vlan内主机分配地址信息
配置STP,使SW1成为所有vlan的根桥,要求手动修改优先级为4096
配置OSPF,企业内网运行ospf
配置缺省和NAT,在R1上配置静态缺省路由,SW1通过ospf学习缺省路由
配置NAT,在R1上配置PAT(只需要转换四个vlan网段)
配置PPP,R1和R2之间封装协议为ppp使用CHAP双向认证,密码为admin123
配置OSPF,R2和R3和R4之间运行ospf 2
配置DNS,可以通过www.wakin.com访问http服务器,通过www.moive.com访问FTP服务器
配置ACL,在R1上配置ACL,拒绝vlan20的主机通过流量器访问http服务器,其他流量不受影响。
SW1配置:
sysname SW1
vlan batch 10 12 20 30 40
stp instance 0 priority 4096
dhcp enable
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.100
interface Vlanif12
ip address 192.168.12.2 255.255.255.0
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.100
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.100
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface GigabitEthernet0/0/3
port link-type access
port default vlan 12
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.12.0 0.0.0.255
SW2配置:
sysname SW2
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
SW3配置:
sysname SW3
vlan batch 10 20 30 40
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port link-type access
port default vlan 40
AR1配置:
sysname R1
acl number 2000
rule 5 permit //用于NAT
acl number 3000
rule 5 deny tcp source 192.168.20.0 0.0.0.255 destination 4.0.0.100 0 destinati
on-port eq www //用于过滤流量
interface Serial4/0/0 //出接口配置
link-protocol ppp
ppp chap user huawei
ppp chap password cipher admin123 //chap认证
ip address 12.0.0.1 255.255.255.0
nat outbound 2000
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
traffic-filter inbound acl 3000 //流量过滤调用
ospf 1 router-id 1.1.1.1
default-route-advertise //路由发布
area 0.0.0.0
network 192.168.12.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 12.0.0.2 //出接口默认路由
AR2配置:
sysname R2
aaa //ppp认证类型
local-user huawei password cipher admin123
local-user huawei service-type ppp
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 12.0.0.2 255.255.255.0
interface GigabitEthernet0/0/0
ip address 23.0.0.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 24.0.0.2 255.255.255.0
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 12.0.0.0 0.0.0.255
network 23.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255
AR3配置:
sysname R3
interface GigabitEthernet0/0/0
ip address 23.0.0.3 255.255.255.0
interface GigabitEthernet0/0/1
ip address 34.0.0.3 255.255.255.0
interface GigabitEthernet0/0/2
ip address 3.0.0.1 255.255.255.0
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.0.0.0 0.0.0.255
network 23.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255
AR4配置:
sysname R4
interface GigabitEthernet0/0/0
ip address 24.0.0.4 255.255.255.0
interface GigabitEthernet0/0/1
ip address 34.0.0.4 255.255.255.0
interface GigabitEthernet0/0/2
ip address 4.0.0.1 255.255.255.0
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255