151-5197-5087
扬州华为授权服务中心
当前位置:网站首页 > 网络设备调试 正文 网络设备调试

华为模拟器综合实验

2024-12-05 23:11:28 网络设备调试 25 ℃ 0 评论

Ensp综合实验

这周五开始做了一个华为模拟器的混合实验,我想分享一下。
以下是拓扑图:

要求如下:

1.绘制网络拓扑结构图

在 eNSP 模拟器中,按照样图绘制网络拓扑结构图,不需要添加注释(绿色背景部分)。其中路由器使用 Router 设备,交换机使用 S5700 设备,终端使用PC 设备。

2. 网络设备调试:

(1)根据下表要求在交换机中完成设备名称、vlan及相应VLAN接口IP地址配置。
设备名称 VLAN编号 端口 IP地址
LSW1 10、20
LSW2 10 Ge 0/0/10 172.16.10.6/30
100 Ge 0/0/1~Ge 0/0/5 172.16.100.1/24
200 Ge 0/0/6~Ge 0/0/9 172.16.200.1/24
LSW3 10 Ge 0/0/2~Ge 0/0/5
20 Ge 0/0/6~Ge 0/0/9
LSW4 10 Ge 0/0/2~Ge 0/0/5
20 Ge 0/0/6~Ge 0/0/9

2.根据拓扑图中的设备名称及IP地址,配置路由器R1、R2、R3的设备名称及接口IP地址。

3.在交换机LSW3、LSW4上配置聚合链路。

4.在交换机LSW1、LSW3、LSW4上配置STP避免产生环路,要求设置LSW1为首选根交换机。

5.在路由器R1上配置单臂路由,实现PC1、PC2之间互联互通。

6.在路由器R1上配置DHCP,为VLAN10、VLAN20动态分配IP地址,租约期限为48小时。

7.使用动态路由ospf(RIP或静态路由)实现内网互通。

8.在路由器R1上使用acl配置禁止源地址为192.168.0.0/16网段访问VLAN 100。

9.开启交换机LSW2的g0/0/1端口安全功能,只允许PC3能接入该网络,若有异常机器通过该接口访问网络丢弃数据包。

10.设置路由器R2、交换机LSW2能够通过telnet远程访问,使用密码huawei进行验证。

user-int vty 0 4 //进入vty用户界面视图
Protocol inbound telnet //配置vty用户支持telnet协议 pro in t
authentication-mode password //设置验证方式为密码验证 auth pa
set authentication password cipher huawei //设置登录密码为huawei
Set auth pa ci huawei
user privilege level 15 //设置登录用户默认级别15

11.在出口设备R2上设置默认路由与互联网通信。

12.在出口设备R2上配置动态NAT实现内网访问互联网:

公网地址池:202.10.10.1~202.10.10.10

下面开始分析

1.分析要求

题目中提到了ospf、stp、动态路由、静态路由、端口安全、telnet、nat

2.实验实施

我们可以从下向上进行实施,通常是这样进行配置的。

1.绘制拓扑

对于一些特殊部分,我们可以通过标注文字来备注

2.分析

可以将他们分成几块,分别按步骤来配置。

3.为单臂路由部分创建vlan

[sw1]vlan batch 10 20
[sw2]vlan batch 10 20
[sw3]vlan batch 10 20
[r1]vlan batch 10 20

4.配置链路聚合

[sw3]interface Eth-Trunk 1
[sw3-Eth-Trunk1]trunkport GigabitEthernet 0/0/23 to 0/0/24
[sw3-Eth-Trunk1]port link-type trunk
[sw3-Eth-Trunk1]port trunk allow-pass vlan all
[sw4]interface Eth-Trunk 1
[sw4-Eth-Trunk1]trunkport GigabitEthernet 0/0/23 to 0/0/24
[sw4-Eth-Trunk1]port link-type trunk
[sw4-Eth-Trunk1]port trunk allow-pass vlan all

5.配置STP 协议

[sw3]stp root primary
[sw2]stp root secondary

6.配置trunk和access

[sw3-GigabitEthernet0/0/1]port link-type trunk
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw1]port-group 1
[sw1-port-group-1]group-member g0/0/1 g0/0/2 g0/0/10
[sw1-port-group-1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/10]port link-type trunk
[sw3]port-group 1
[sw3-port-group-1]group-member g0/0/2 to g0/0/5
[sw3-port-group-1]port link-type access
[sw3-GigabitEthernet0/0/2]port link-type access
[sw3-GigabitEthernet0/0/3]port link-type access
[sw3-GigabitEthernet0/0/4]port link-type access
[sw3-GigabitEthernet0/0/5]port link-type access
[sw3-port-group-1]port default vlan 10
[sw3-GigabitEthernet0/0/2]port default vlan 10
[sw3-GigabitEthernet0/0/3]port default vlan 10
[sw3-GigabitEthernet0/0/4]port default vlan 10
[sw3-GigabitEthernet0/0/5]port default vlan 10
[sw3]port-group 2
[sw3-port-group-2]group-member g0/0/6 to g0/0/9
[sw3-port-group-2]port link-type access
[sw3-GigabitEthernet0/0/6]port link-type access
[sw3-GigabitEthernet0/0/7]port link-type access
[sw3-GigabitEthernet0/0/8]port link-type access
[sw3-GigabitEthernet0/0/9]port link-type access
[sw3-port-group-2]port default vlan 20
[sw3-GigabitEthernet0/0/6]port default vlan 20
[sw3-GigabitEthernet0/0/7]port default vlan 20
[sw3-GigabitEthernet0/0/8]port default vlan 20
[sw3-GigabitEthernet0/0/9]port default vlan 20
[sw2]port-group 3
[sw2-port-group-3]group-member g0/0/2 to g0/0/5
[sw2-port-group-3]port link-type access
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/3]port link-type access
[sw2-GigabitEthernet0/0/4]port link-type access
[sw2-GigabitEthernet0/0/5]port link-type access
[sw2-port-group-3]port default vlan 10
[sw2-GigabitEthernet0/0/2]port default vlan 10
[sw2-GigabitEthernet0/0/3]port default vlan 10
[sw2-GigabitEthernet0/0/4]port default vlan 10
[sw2-GigabitEthernet0/0/5]port default vlan 10
[sw2]port-group 2
[sw2-port-group-2]group-member g0/0/6 to g0/0/9
[sw2-port-group-2]port link-type access
[sw2-GigabitEthernet0/0/6]port link-type access
[sw2-GigabitEthernet0/0/7]port link-type access
[sw2-GigabitEthernet0/0/8]port link-type access
[sw2-GigabitEthernet0/0/9]port link-type access
[sw2-port-group-2]port default vlan 20
[sw2-GigabitEthernet0/0/6]port default vlan 20
[sw2-GigabitEthernet0/0/7]port default vlan 20
[sw2-GigabitEthernet0/0/8]port default vlan 20
[sw2-GigabitEthernet0/0/9]port default vlan 20

7.配置单臂路由

[r1]dhcp enable
[r1]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]ip add 192.168.10.254 24
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 10
[r1-GigabitEthernet0/0/0.1]arp broadcast enable
[r1-GigabitEthernet0/0/0.1]dhcp select interface
[r1-GigabitEthernet0/0/0.1]dhcp select interface
[r1]int g0/0/0.2
[r1-GigabitEthernet0/0/0.2]ip add 192.168.20.254 24
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 20
[r1-GigabitEthernet0/0/0.2]arp broadcast enable
[r1-GigabitEthernet0/0/0.2]dhcp select interface
[r1-GigabitEthernet0/0/0.2]dhcp select interface

8.为各接口配置IP

[r1-GigabitEthernet0/0/1]ip add 10.10.10.1 24
[r3-GigabitEthernet0/0/0]ip add 10.10.10.2 24

[r3-GigabitEthernet0/0/1]ip add 10.10.10.5 30
[r2-GigabitEthernet0/0/1]ip add 10.10.10.6 30
[r4-GigabitEthernet0/0/0]ip add 202.10.10.254 24
要注意:因为子网掩码为30,所以10.10.10.4网段的可用IP地址仅有10.10.10.5和10.10.10.6
[r2-GigabitEthernet0/0/0]ip add 172.16.10.5 30
[r2-GigabitEthernet0/0/2]ip add 202.10.10.1 24

9、为第二部分的交换机做配置

1、创建vlan

[sw2]vlan ba 100 200 10

2、设置接口模式

[sw2]port-group 1
[sw2-port-group-1]group-member g0/0/1 to g0/0/5
[sw2-port-group-1]port link-type access
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/3]port link-type access
[sw2-GigabitEthernet0/0/4]port link-type access
[sw2-GigabitEthernet0/0/5]port link-type access
[sw2-port-group-1]port default vlan 100
[sw2-GigabitEthernet0/0/1]port default vlan 100
[sw2-GigabitEthernet0/0/2]port default vlan 100
[sw2-GigabitEthernet0/0/3]port default vlan 100
[sw2-GigabitEthernet0/0/4]port default vlan 100
[sw2-GigabitEthernet0/0/5]port default vlan 100
[sw2]port-group 2
[sw2-port-group-2]group-member g0/0/6 to g0/0/9
[sw2-port-group-2]port link-type access
[sw2-GigabitEthernet0/0/6]port link-type access
[sw2-GigabitEthernet0/0/7]port link-type access
[sw2-GigabitEthernet0/0/8]port link-type access
[sw2-GigabitEthernet0/0/9]port link-type access
[sw2-port-group-2]port default vlan 200
[sw2-GigabitEthernet0/0/6]port default vlan 200
[sw2-GigabitEthernet0/0/7]port default vlan 200
[sw2-GigabitEthernet0/0/8]port default vlan 200
[sw2-GigabitEthernet0/0/9]port default vlan 200
[sw2]int g0/0/10
[sw2-GigabitEthernet0/0/10]port link-type access
[sw2-GigabitEthernet0/0/10]port default vlan 10

3、配置IP地址

[sw2]int vlan 100
[sw2-Vlanif100]ip address 172.16.100.1 24
[sw2]int vlan 200
[sw2-Vlanif200]ip add 172.16.200.1 24
[sw2]int vlan 10
[sw2-Vlanif10]ip add 172.16.10.6 30

10、配置ospf实现全网互通

ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.10.4 0.0.0.3
network 172.16.10.4 0.0.0.3
network 172.16.100.0 0.0.0.255
network 172.16.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255

11、在路由器R1上使用acl配置禁止源地址为192.168.0.0/16网段访问VLAN 100

[r1]acl 3000
[r1-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.255.255 destination 172.16.100.0 0.0.0.255
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000

12、配置端口安全

[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1]port-security enable
[sw2-GigabitEthernet0/0/1]port-security mac-address sticky
[sw2-GigabitEthernet0/0/1]port-security max-mac-num 1
[sw2]mac-address static 5489-9805-182E g0/0/1 vlan 100

13、设置路由器R2、交换机LSW2能够通过telnet远程访问,使用密码huawei进行验证

[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2]aaa
[r2-aaa]local-user zonghe password cipher huawei
[r2-aaa]local-user zonghe privilege level 15

14、在出口设备R2上设置默认路由与互联网通信

[r2]ip route-static 0.0.0.0 0 202.10.10.254

15、在出口设备R2上配置动态NAT实现内网访问互联网

1、配置默认路由

在这里我们要了解----设置默认路由:因为内网不认识外网,ospf只限于内网,所以想让内网访问外网要借助默认路由,一直到边界路由器,不用配置回来的默认路由,也可以说是只出不进

[r1]ip route-static 0.0.0.0 0 10.10.10.2
[r3]ip route-static 0.0.0.0 0 10.10.10.6
[r2]ip route-static 0.0.0.0 0.0.0.0 202.10.10.254
[sw2]ip route-static 0.0.0.0 0 172.16.10.5

2、配置动态NAT

[r2]acl number 2000
[r2-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
rule 6 permit source 92.168.20.0 0.0.0.255
rule 7 permit source 10.10.10.0 0.0.0.255
rule 8 permit source 10.10.10.4 0.0.0.3
rule 9 permit source 172.16.10.4 0.0.0.3
rule 10 permit source 172.16.100.0 0.0.0.255
rule 11 permit source 172.16.200.0 0.0.0.255

3、应用NAT

[r2]nat address-group 1 202.10.10.2 202.10.10.5
[r2-GigabitEthernet0/0/2]nat outbound 2000 address-group 1 no-pat

以上便是配置的全部步骤 实现的效果便是内网ping外网可通 内网则不通

因此我们可以实现以下这种结果,让我们填一下答题卡吧

按照要求将结果粘贴至指定的表格框中,粘贴位错误不得分。
1.绘制网络拓扑结构图
将eNSP模拟器中的网络拓扑截图,粘贴图片至下面。

2.网络设备调试
(1)在路由器R1中,执行display ip routing-table命令,并将输出结果以文本形式粘贴至下面。
由于不能将效果复制到这里,所以只能截屏了

(2)在路由器R1中,执行dis current-configuration命令,并将输出结果以文本形式粘贴至下面。
[r1]dis cu
[V200R003C00]

sysname r1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

undo info-center enable

vlan batch 10 20

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

dhcp enable

acl number 3000
rule 5 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.100.0 0.0.0.25
5

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0

interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 192.168.10.254 255.255.255.0
arp broadcast enable
dhcp select interface
dhcp server lease day 2 hour 0 minute 0

interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 192.168.20.254 255.255.255.0
arp broadcast enable
dhcp select interface
dhcp server lease day 2 hour 0 minute 0

interface GigabitEthernet0/0/1
ip address 10.10.10.1 255.255.255.0
traffic-filter outbound acl 3000

interface GigabitEthernet0/0/2

interface NULL0

ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.10.4 0.0.0.3
network 172.16.10.4 0.0.0.3
network 172.16.100.0 0.0.0.255
network 172.16.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 10.10.10.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

(3)在路由器R2中,执行display current-configuration命令,并将输出结果以文本形式粘贴至下面。
[V200R003C00]

sysname r2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

undo info-center enable

set cpu-usage threshold 80 restore 75

acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 6 permit source 92.168.20.0 0.0.0.255
rule 7 permit source 10.10.10.0 0.0.0.255
rule 8 permit source 10.10.10.4 0.0.0.3
rule 9 permit source 172.16.10.4 0.0.0.3
rule 10 permit source 172.16.100.0 0.0.0.255
rule 11 permit source 172.16.200.0 0.0.0.255

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %
local-user admin service-type http
local-user zonghe password cipher % % }GLD8!(}PMKaTeX parse error: Expected 'EOF', got '&' at position 1: &̲{CMUGu\EG3aI%%$
local-user zonghe privilege level 15

firewall zone Local
priority 15

nat address-group 1 202.10.10.2 202.10.10.5

interface GigabitEthernet0/0/0
ip address 172.16.10.5 255.255.255.252

interface GigabitEthernet0/0/1
ip address 10.10.10.6 255.255.255.252

interface GigabitEthernet0/0/2
ip address 202.10.10.1 255.255.255.0
nat outbound 2000 address-group 1 no-pat

interface NULL0

ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.10.4 0.0.0.3
network 172.16.10.4 0.0.0.3
network 172.16.100.0 0.0.0.255
network 172.16.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 202.10.10.254

user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20

wlan ac

return

(4)在交换机LSW1中,执行display stp brief命令,并将输出结果以文本形式粘贴至下面。

(5)在交换机LSW2中,执行display vlan命令,并将输出结果以文本形式粘贴至下面。

(6)在交换机LSW2中,执行display current configuration命令,并将输出结果以文本形式粘贴至下面。

sysname sw2

undo info-center enable

vlan batch 10 100 200

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface Vlanif10
ip address 172.16.10.6 255.255.255.252

interface Vlanif100
ip address 172.16.100.1 255.255.255.0

interface Vlanif200
ip address 172.16.200.1 255.255.255.0

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
port-security enable
port-security mac-address sticky

interface GigabitEthernet0/0/2
port link-type access
port default vlan 100

interface GigabitEthernet0/0/3
port link-type access
port default vlan 100

interface GigabitEthernet0/0/4
port link-type access
port default vlan 100

interface GigabitEthernet0/0/5
port link-type access
port default vlan 100

interface GigabitEthernet0/0/6
port link-type access
port default vlan 200

interface GigabitEthernet0/0/7
port link-type access
port default vlan 200

interface GigabitEthernet0/0/8
port link-type access
port default vlan 200

interface GigabitEthernet0/0/9
port link-type access
port default vlan 200

interface GigabitEthernet0/0/10
port link-type access
port default vlan 10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23

interface GigabitEthernet0/0/24

interface NULL0

ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.10.4 0.0.0.3
network 172.16.10.4 0.0.0.3
network 172.16.100.0 0.0.0.255
network 172.16.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 172.16.10.5

mac-address static 5489-9805-182e GigabitEthernet0/0/1 vlan 100

user-interface con 0
user-interface vty 0 4

port-group 1
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5

port-group 2
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
group-member GigabitEthernet0/0/9

return

(7)在交换机LSW3中,执行display current configuration命令,并将输出结果以文本形式粘贴至下面。

sysname sw3

undo info-center enable

vlan batch 10 20

stp instance 0 root primary

cluster enable
ntdp enable
ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2
port link-type access
port default vlan 10

interface GigabitEthernet0/0/3
port link-type access
port default vlan 10

interface GigabitEthernet0/0/4
port link-type access
port default vlan 10

interface GigabitEthernet0/0/5
port link-type access
port default vlan 10

interface GigabitEthernet0/0/6
port link-type access
port default vlan 20

interface GigabitEthernet0/0/7
port link-type access
port default vlan 20

interface GigabitEthernet0/0/8
port link-type access
port default vlan 20

interface GigabitEthernet0/0/9
port link-type access
port default vlan 20

interface GigabitEthernet0/0/10

interface GigabitEthernet0/0/11

interface GigabitEthernet0/0/12

interface GigabitEthernet0/0/13

interface GigabitEthernet0/0/14

interface GigabitEthernet0/0/15

interface GigabitEthernet0/0/16

interface GigabitEthernet0/0/17

interface GigabitEthernet0/0/18

interface GigabitEthernet0/0/19

interface GigabitEthernet0/0/20

interface GigabitEthernet0/0/21

interface GigabitEthernet0/0/22

interface GigabitEthernet0/0/23
eth-trunk 1

interface GigabitEthernet0/0/24
eth-trunk 1

interface NULL0

user-interface con 0
user-interface vty 0 4

port-group 1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5

port-group 2
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
group-member GigabitEthernet0/0/9

return

(8)分别在PC1、PC2上,设置DHCP动态获取IP地址,执行ipconfig命令,将输出结果分别截图粘贴至下面。
PC1:

PC2:

(9)通过PC1测试与ISP路由器IP地址101.10.10.10的连通性,将输出结果截图粘贴至下面。

版权说明:如非注明,本站文章均为 扬州驻场服务-网络设备调试-监控维修-南京泽同信息科技有限公司 原创,转载请注明出处和附带本文链接

请在这里放置你的在线分享代码
«    2024年12月    »
1
2345678
9101112131415
16171819202122
23242526272829
3031
控制面板
您好,欢迎到访网站!
  查看权限
网站分类
搜索
最新留言
    文章归档
    网站收藏
    友情链接