配置:
1、内网三个用户,分别是PC1、PC2所在的vlan10和server所在的vlan20
2、内网两个vlan的网段分别是192.168.10.1/24和192.168.20.1/24
3、vlan用户的网关均在核心交换机SW2上,SW1为二层交换机,SW2为三层交换机
4、核心交换机使用vlan30与出口路由器对接
5、路人甲是公网上的一个用户
要求:
1、PC1、PC2能够ping通server,并且PC1及Server均能够访问路人甲
2、路人甲能够访问到Server的WEB服务
按上面给的要求画出拓扑图如下:
客户端PC1、PC2 、server1、http(路人甲)配置按上图所标,注意server记录启用http服务,如下图
好了,现在开始配置交换机和路由器:
LSW1二层交换机配置如下:
[SwitchA]dis cu # sysname SwitchA # vlan batch 10 20 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port link-type access port default vlan 20 # interface Ethernet0/0/2 port link-type access port default vlan 10 # interface Ethernet0/0/3 port link-type access port default vlan 10 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface Ethernet0/0/8 # interface Ethernet0/0/9 # interface Ethernet0/0/10 # interface Ethernet0/0/11 # interface Ethernet0/0/12 # interface Ethernet0/0/13 # interface Ethernet0/0/14 # interface Ethernet0/0/15 # interface Ethernet0/0/16 # interface Ethernet0/0/17 # interface Ethernet0/0/18 # interface Ethernet0/0/19 # interface Ethernet0/0/20 # interface Ethernet0/0/21 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return [SwitchA]
LSW2三层交换机配置如下:
[SwitchB]dis cu # sysname SwitchB # vlan batch 10 20 30 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.254 255.255.255.0 # interface Vlanif20 ip address 192.168.20.254 255.255.255.0 # interface Vlanif30 ip address 192.168.30.1 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/2 port link-type access port default vlan 30 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 192.168.30.2 # user-interface con 0 user-interface vty 0 4 # return [SwitchB]
AR1路由器配置如下:
[Huawei]dis cu [V200R003C00] # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # acl number 2000 rule 5 permit source 192.168.10.0 0.0.0.255 rule 10 permit source 192.168.20.0 0.0.0.255 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface Ethernet0/0/0 # interface Ethernet0/0/1 # interface Ethernet0/0/2 # interface Ethernet0/0/3 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface GigabitEthernet0/0/0 ip address 192.168.30.2 255.255.255.252 # interface GigabitEthernet0/0/1 ip address 200.1.1.1 255.255.255.0 nat server protocol tcp global 200.1.1.100 www inside 192.168.20.1 www nat outbound 2000 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 200.1.1.2 ip route-static 192.168.10.0 255.255.255.0 192.168.30.1 ip route-static 192.168.20.0 255.255.255.0 192.168.30.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return [Huawei]
AR2(Internet)路由器配置如下:
[OR2]dis cu [V200R003C00] # sysname OR2 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface Ethernet0/0/0 # interface Ethernet0/0/1 # interface Ethernet0/0/2 # interface Ethernet0/0/3 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface GigabitEthernet0/0/0 ip address 200.1.1.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 200.2.2.1 255.255.255.0 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return [OR2]
说明:
192.168.30.1、192.168.30.2这网段是用来交换机和路由器通信,200.1.1.100是假如电信给的一个公网IP。
涉及的知识点有:vlan创建、静态路由、EasyIP映射、NAT Server映射等。
上一篇:AR配置PPPoE拨号上网示例
下一篇:华为交换机常用查询命令
讨论数量:0
