当前位置: 首页 > news >正文

ENSP实验

news 2024/12/21 1:59:15

一.实验拓扑 

二.实验需求

1.学校内部的HTTP客户端可以正常通过域名www.baidu.com访问到百度网络中的HTTP服务器

2.学校网络内部网段基于192.168.1.0/24划分,PC1可以正常访问3.3.3.0/24网段,但是PC2不允许

3.学校内部路由使用静态路由,R1和R2之间两条链路进行浮动静态

4.运营商网络内部使用动态路由协议

5.AR1可以被telnet远程控制

三.实验步骤

1.划分子网,配置路由表

首先学校内网有四个广播域,所以可以将192.168.1.0/24划分为

192.168.1.0/26

192.168.1.64/26

192.168.1.128/26

192.168.1.192/26

其次是运营商网络3.3.3.0/24属于r3的环回地址,所以运营商网络根据公网自己合理划分

r1-r3:13.0.0.0/24

r3-r4:34.0.0.0/24

r3-r5:35.0.0.0/24

r4:100.0.0.0/24

r5-r6:56.0.0.0/24

最后百度内网也属于私网ip所以根据私网ip进行划分

r6:172.16.1.0/24

对学校网络以192.168.1.0/24划分,对运营商网络以3.3.3.0/24网段划分,百度网络也是私网,在私网中找到一个网段进行划分,这里以10.0.0.0/24网段。

划分子网后视图如下:

配置路由表时客户端采用动态路由协议,学校网络采用静态路由协议

1.LSW1

[Huawei]vlan batch 2 3
[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access 
[Huawei-GigabitEthernet0/0/4]port default vlan 2
[Huawei-GigabitEthernet0/0/4]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 3
[Huawei]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access 
[Huawei-GigabitEthernet0/0/3]port default vlan 3
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3

2.AR2

[Huawei]int g0/0/0.1
[Huawei-GigabitEthernet0/0/0.1]ip add 192.168.1.1 26
[Huawei-GigabitEthernet0/0/0.1]dot1q termination vid 3
Dec 19 2024 11:20:11-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocolIP on the interface GigabitEthernet0/0/0.1 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0.1]arp broadcast enable 
[Huawei-GigabitEthernet0/0/0.1]q
[Huawei]int g0/0/0.2
[Huawei-GigabitEthernet0/0/0.2]ip add 192.168.1.65 26
[Huawei-GigabitEthernet0/0/0.2]dot1q termination vid 2
Dec 19 2024 11:20:58-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[1]:The line protocolIP on the interface GigabitEthernet0/0/0.2 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0.2]arp broadcast enable 
[Huawei]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]ip pool 1
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-1]network 192.168.1.0 mask 26
[Huawei-ip-pool-1]gateway-list 192.168.1.1
[Huawei-ip-pool-1]dns-list 100.0.0.1
[Huawei]int g0/0/0.1
[Huawei-GigabitEthernet0/0/0.1]dhcp select global 
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.1.129 26
Dec 19 2024 11:24:09-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[2]:The line protocolIP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[Huawei-GigabitEthernet0/0/1]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 192.168.1.193 26
[r2]ip route-static 0.0.0.0 0 192.168.1.130 
[r2]ip route-static 0.0.0.0 0 192.168.1.194 preference 61

3.AR1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.130 26
Dec 19 2024 11:24:53-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocolIP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.1.194 26
[Huawei-GigabitEthernet0/0/1]q
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 13.0.0.1
[Huawei-GigabitEthernet0/0/2]q
[Huawei]ip route-static 192.168.1.0 26 192.168.1.129
[Huawei]ip route-static 192.168.1.0 26 192.168.1.193 preference 70 
[Huawei]ip route-static 192.168.1.64 26 192.168.1.129
[Huawei]ip route-static 192.168.1.64 26 192.168.1.193 preference 70

4.AR3

[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 13.0.0.3 24
Dec 20 2024 19:29:33-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r3-GigabitEthernet0/0/0]q
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 34.0.0.3 24
Dec 20 2024 19:29:53-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r3-GigabitEthernet0/0/1]int g0/0/2
[r3-GigabitEthernet0/0/2]ip add 35.0.0.3 24
[r3]int LoopBack 1
[r3-LoopBack1]ip add 3.3.3.3 24
[r3-LoopBack1]q
[r3]rip 1
[r3-rip-1]version 2
[r3-rip-1]network 13.0.0.0
[r3-rip-1]network 34.0.0.0
[r3-rip-1]network 3.0.0.0
[r3-rip-1]network 35.0.0.0

5.AR4

[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 34.0.0.4 24
Dec 20 2024 19:31:42-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 100.0.0.254 24
Dec 20 2024 19:32:06-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r4]rip 1
[r4-rip-1]version 2
[r4-rip-1]network 34.0.0.0
[r4-rip-1]network 100.0.0.0

6.AR5

[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip add 35.0.0.5 24
Dec 20 2024 19:32:31-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r5-GigabitEthernet0/0/0]int g0/0/1
[r5-GigabitEthernet0/0/1]ip add 56.0.0.5 24
Dec 20 2024 19:32:47-08:00 r5 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r5]rip 1
[r5-rip-1]version 2
[r5-rip-1]network 35.0.0.0
[r5-rip-1]network 56.0.0.0

7.AR6

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 56.0.0.6 24
Dec 19 2024 11:34:04-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocolIP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 172.16.1.254 24
Dec 19 2024 11:35:08-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[1]:The line protocolIP on the interface GigabitEthernet0/0/1 has entered the UP state.

8.学校内网HTTP客户端

9.DNS服务器

 

 10.百度HTTP服务器

此时检查校内网络连通情况

 

 

校内网络畅通 

2.配置nat技术

在边界路由r1上配置使内网能够访问外网

[r1]ip route-static 0.0.0.0 0 13.0.0.3
[r1]acl 2000
[r1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 
[r1-acl-basic-2000]int g0/0/2
[r1-GigabitEthernet0/0/2]nat outbound 2000

检查内网与外网连通性

畅通

3.配置端口映射

校内http想要访问到百度的http服务器就需要使用到端口映射技术,将172.16.1.1的80端口映射到公网ip的出接口中所以在r6上使用此技术

[r6]ip route-static 0.0.0.0 0 56.0.0.5
[r6-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80 ins
ide 172.16.1.1 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

此时就学校http服务器就可以通过域名访问百度http服务器

 4.配置高级acl使pc2不能访问3.3.3.0网段

[r2]acl 3000
[r2-acl-adv-3000]rule deny ip source 192.168.1.61 0.0.0.0 destination 3.3.3.0 0.
0.0.255 
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

验证

pc1可以ping通 

pc2不能ping通 

5.启用telnet

在ar1上启用telnet服务

[r1]aaa
[r1-aaa]local-user huawei password cipher 123456 privilege level 15 
Info: Add a new user.
[r1-aaa]local-user huawei service-type telnet 
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa

验证

r2可以登录r1 


http://www.mrgr.cn/news/80865.html

相关文章:

  • 省略内容在句子中间
  • [CKS] CIS基准测试,修复kubelet和etcd不安全项
  • JavaScript的一些注意事项!
  • 使用ZLMediaKit 开源项目搭建RTSP 服务器
  • 数据版本管理和迁移工具Flyway用法最简说明
  • Optimal Algorithms:滑动窗口+二分查找
  • 红队规范:减少工具上传,善用系统自带程序
  • Linux基础及命令复习
  • Makefile文件编写的学习记录(以IMX6ULL开发板的Makefile文件和Makefile.build文件来进行学习)
  • Express (nodejs) 相关
  • [LeetCode-Python版] 定长滑动窗口1(1456 / 643 / 1343 / 2090 / 2379)
  • 【NLP 16、实践 ③ 找出特定字符在字符串中的位置】
  • jmeter中的prev对象
  • Qt学习笔记第71到80讲
  • 字符串类算法
  • Linux-Profile工具
  • QT实战经验总结 连载中
  • EE308FZ_Sixth Assignment_Beta Sprint_Sprint Essay 3
  • clickhouse-副本和分片
  • 【Java】4、虚拟机 JVM
  • 华为数通最新题库 H12-821 HCIP稳定过人中
  • Cocos Creator 试玩广告开发
  • Ubuntu24版 最新安装Nvidia显卡驱动方式
  • GIT命令使用手册(详细实用版)
  • Hive其一,简介、体系结构和内嵌模式、本地模式的安装
  • Android OpenGLES2.0开发(九):图片滤镜