实验要求

实验拓扑图

1.确定、划分广播域

私网一共5个广播域，向主机位借3位

192.168.1.0000 0000 24

192.168.1.0000 0000 27---192.168.1.0/27

192.168.1.0010 0000 27---192.168.1.32/27

192.168.1.0100 0000 27---192.168.1.64/27

192.168.1.0110 0000 27---192.168.1.96/27

192.168.1.1000 0000 27---192.168.1.128/27

2.配置交换机

1.创建vlan

2.接口划入vlan

[Huawei]int g 0/0/2

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 2

其他同理

3.配置trunk

[Huawei]int g 0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type trunk

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

3.配置路由器

1.配置网关

[r1]int g0/0/0.1

[r1-GigabitEthernet0/0/0.1]ip address 192.168.1.33 27

[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2 --- 定义子接口管理的VLAN

[r1-GigabitEthernet0/0/0.1]arp broadcast enable --- 开启ARP广播

2.配置DHCP

[r1]dhcp enable

[r1]ip pool 1-2

[r1-ip-pool-1-2]network 192.168.1.32 mask 27---配置IP取值

[r1-ip-pool-1-2]gateway-list 192.168.1.33---配置网关

[r1-ip-pool-1-2]dns-list 8.8.8.8---配置DNS服务

[r1-GigabitEthernet0/0/0.1]dhcp select global

3.配置OSPF（缺省路由）

[r1]ospf 1 router-id 1.1.1.1

[r1-ospf-1]

[r1-ospf-1]area 0

[r1-ospf-1-area-0.0.0.0]

[r1-ospf -1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[r2-ospf-1]default-route-advertise---下发缺省路由

OSPF配置成功

4..配置NAT

[r2]acl 2000

[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[r2-GigabitEthernet0/0/2]nat outbound 2000

5.配置telnet

1.开启telnet

[r1]aaa

[r1-aaa]local-user zxc privilege level 3 password cipher******

[r1-aaa]local-user zxc service-type telnet---声明

[r1]user-interface vty 0 4---开启登陆端口

[r1-ui-vty0-4]authentication-mode aaa---认证模式

2.配置规则

[r1]acl 3000

[r1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1.1 0.0.0.0 destination-port eq 23

[r1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1.33 0.0.0.0 destination-port eq 23

[r1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1.65 0.0.0.0 destination-port eq 23

[r1-GigabitEthernet0/0/0]traffic-filer inbound acl 3000---调用

6.配置端口映射

1.映射私网服务器

[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 ins

ide 192.168.1.66 80

2.映射r1使ISP登陆telnet

[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 ins

ide 192.168.1.1 23