实验要求和实验成果如图所示。
LSW2不需要其他配置,其下就一台设备,不需要区分。
LSW3配置如下:
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en//关闭系统提示信息
Info: Information center is disabled.
[Huawei]vlan 20//创建vlan20
[Huawei-vlan20]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]q
[Huawei]vlan 30//创建vlan30
[Huawei-vlan30]q
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port default vlan 20//将vlan 20划分进2号端口
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]port default vlan 30
[Huawei-Ethernet0/0/3]dis this //展示当前配置了什么
#
interface Ethernet0/0/3
port link-type access
port default vlan 30
#
return
[Huawei-Ethernet0/0/3]q
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk//配置trunk模式
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
LSW1配置如下:
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]vlan batch 10 20 30 40 //批量创建 vlan
/*10 20 30 为pc1-3 vlan40为服务器*/
Info: This operation may take a few seconds. Please wait for a moment…done.
[Huawei]int vlan 10
[Huawei-Vlanif10]ip add 192.168.10.254 24 //充当网关
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.168.20.254 24
[Huawei-Vlanif20]int vlan 30
[Huawei-Vlanif30]ip add 192.168.30.254 24
[Huawei-Vlanif30]int vlan 40
[Huawei-Vlanif40]ip add 172.16.100.254 24
[Huawei-Vlanif40]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 40
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]q
[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]int vlan 10 //为01端口配置dhcp服务器地址
[Huawei-Vlanif10]dhcp select interface
[Huawei-Vlanif10]dhcp server dns-list 172.16.100.1
[Huawei-Vlanif10]dis this
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
dhcp server dns-list 172.16.100.1
#
return
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20] dhcp select interface
[Huawei-Vlanif20] dhcp server dns-list 172.16.100.1
[Huawei-Vlanif20]int vlan 30
[Huawei-Vlanif30] dhcp select interface
[Huawei-Vlanif30] dhcp server dns-list 172.16.100.1
[Huawei-Vlanif30]q
[Huawei]dis ip int brief
[Huawei]vlan 100//创建vlan100与路由器连接
[Huawei-vlan100]q
[Huawei]int g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 100
[Huawei-GigabitEthernet0/0/4]q
[Huawei]int vlan 100
[Huawei-Vlanif100]ip add 10.10.10.2 24
[Huawei-Vlanif100]q
[Huawei]ping 10.10.10.1
PING 10.10.10.1: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.1: bytes=56 Sequence=1 ttl=255 time=70 ms
Reply from 10.10.10.1: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 10.10.10.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.10.10.1: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 10.10.10.1: bytes=56 Sequence=5 ttl=255 time=50 ms
— 10.10.10.1 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/40/70 ms
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1//告诉交换机出去的数据的下一跳
AR1的配置如下:
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 10.10.10.1 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 64.1.1.1 24
[Huawei-GigabitEthernet0/0/1]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 64.1.1.10 //配置静态路由告诉设备出去的下一跳
[Huawei]ip route-static 192.168.0.0 255.255.0.0 10.10.10.2 //告诉设备进来的下一跳
[Huawei]ip route-static 172.16.100.0 255.255.0.0 10.10.10.2 //同上
Info: The destination address and mask of the configured static route mismatched
, and the static route 172.16.0.0/16 was generated.
[Huawei]acl 2000 //配置输入输出规则 名称
[Huawei-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[Huawei-acl-basic-2000]q
[Huawei]nat address-group 1 64.1.1.5 64.1.1.5 //nat地址组名称为1
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 //将规则作用于2000出去的数据使用地址组里的IP
[Huawei-GigabitEthernet0/0/1]q
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule deny source 192.168.10.0 0.0.0.255
[Huawei-acl-basic-2001]rule permit source any
[Huawei-acl-basic-2001]int g0/0/0
[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 2001 //将2001作用于内部所有数据
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat server global 64.1.1.3 inside 172.16.100.1 将内部IP转换为外部IP
其余设备为基础配置,只需要看图配置就可以完成本次实验。