专业能力考试

专业能力考试

拓扑

1.划分vlan10和vlan20，使用单臂路由实现vlan间互通

S1：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys S1
[S1]un in en
Info: Information center is disabled.
[S1]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]int g0/0/02
[S1-GigabitEthernet0/0/2]port link-type access 	
[S1-GigabitEthernet0/0/2]port default vlan 10
[S1-GigabitEthernet0/0/2]int g0/0/03
[S1-GigabitEthernet0/0/3]port link-type access
[S1-GigabitEthernet0/0/3]port default vlan 20
[S1-GigabitEthernet0/0/3]int g0/0/4
[S1-GigabitEthernet0/0/4]p l a
[S1-GigabitEthernet0/0/4]p d v 20
[S1-GigabitEthernet0/0/4]int g0/0/01
[S1-GigabitEthernet0/0/1]p l t
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/1]q

R1:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R1
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]ip address 192.168.10.1 24
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10 
[R1-GigabitEthernet0/0/0.1]arp broadcast enable 
[R1-GigabitEthernet0/0/0.1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]ip add 192.168.20.1 24
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 20
[R1-GigabitEthernet0/0/0.2]arp broadcast enable 

测试设备间连通性，可以看见PC1、PC2和Server1都可以互相通信。

2.实现4台路由器之间互通

PPP配置：华为设备串口的链路类型缺省为PPP（Cisco设备缺省为HDLC）

R1：

[R1]interface Serial 4/0/0
[R1-Serial4/0/0]ip add 200.1.1.1 24
[R1-Serial4/0/0]q
[R1]ip route-static 0.0.0.0 0.0.0.0 200.1.1.2

R2:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R2
[R2]int S4/0/0
[R2-Serial4/0/0]ip add 200.1.1.2 24
[R2-Serial4/0/0]q
[R2]ip route-static 192.168.10.0 24 200.1.1.1
[R2]ip route-static 192.168.20.0 24 200.1.1.1

FR配置:

R2的S4/0/1接口需要修改为FR帧中继类型

R2：

#
interface Serial4/0/1
 link-protocol fr
 fr interface-type dce
 fr inarp
 fr dlci 20
 ip address 201.1.1.2 255.255.255.0 
#

R3:

#
interface Serial4/0/1
 link-protocol fr
 fr interface-type dte
 fr inarp
 ip address 201.1.1.3 255.255.255.0 
#

RIP配置：在R2、R3上配置RIP

R2：

[R2]rip
[R2-rip-1]version 2
[R2-rip-1]net 201.1.1.0

R3：

[R3]rip 
[R3-rip-1]version 2
[R3-rip-1]net 201.1.1.0

HDLC配置：

R3：

[R3]int S4/0/0
[R3-Serial4/0/0]link-protocol HDLC
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[R3-Serial4/0/0]ip add 202.1.1.3 24

R4:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R4
[R4]un in en
Info: Information center is disabled.
[R4]int S4/0/0
[R4-Serial4/0/0]link-protocol HDLC
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[R4-Serial4/0/0]ip add 202.1.1.4 24
[R4-Serial4/0/0]int G0/0/0
[R4-GigabitEthernet0/0/0]ip add 203.1.1.1 24

OSPF配置：

R3：

[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 202.1.1.0 0.0.0.255

R4:

[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]net 202.1.1.0 0.0.0.255

3.路由引入

R2:

[R2-rip-1]import-route direct 	
[R2-rip-1]import-route static 

R3:

[R3-ospf-1]import-route rip 1

[R3-rip-1]import-route ospf 1 cost 2

R4:

[R4-ospf-1]import-route direct 

到这一步外网所有设备均互通。

4.配置NAT

R1：

[R1]acl 2000	
[R1-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]rule 10 permit source 192.168.20.10 0.0.0.0 
[R1-acl-basic-2000]q
[R1]int S4/0/0	
[R1-Serial4/0/0]nat outbound 2000

Server1:

Server2:

PC1访问Server2，成功

PC3访问Server1，成功

PC2访问公网

配置高级ACL，阻止其访问Server2

S1:

[S1]acl 3000
[S1-acl-adv-3000]rule 5 deny ip source 192.168.20.20 0.0.0.0 destination 203.1.1
.0 0.0.0.255
[S1-acl-adv-3000]q
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000