网工入门-中小型网络系统综合实验

一、实验要求

1.网络中有3个不同部门，均可自动获取地址

2.各部门可互相访问，也可访问内网服务器172.16.100.1

3.PC1不允许访问互联网，PC2和PC3可以访问互联网

4.内网服务器对外发布的地址为64.1.1.3，互联网用户可以访问这台服务器

5.内网服务器的域名是www.aaa.com,各PC可以通过域名访问

二、实验拓扑图

三、配置步骤

LSW3交换机操作命令：

<Huawei>system-view

Huawei\]vlan batch 20 30 \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]port link-type trunk \[Huawei-GigabitEthernet0/0/1\]port trunk allow-pass vlan all \[Huawei\]interface GigabitEthernet 0/0/2 \[Huawei-GigabitEthernet0/0/2\]port link-type access \[Huawei-GigabitEthernet0/0/2\]port default vlan 20 \[Huawei\]interface GigabitEthernet 0/0/3 \[Huawei-GigabitEthernet0/0/3\]port link-type access \[Huawei-GigabitEthernet0/0/3\]port default vlan 30 LSW1交换机操作命令： \system-view \[Huawei\]vlan batch 10 20 30 40　　//创建vlan \[Huawei\]interface Vlanif 10 \[Huawei-Vlanif10\]ip address 192.168.10.254 255.255.255.0　　//分配IP \[Huawei\]interface Vlanif 20 \[Huawei-Vlanif20\]ip address 192.168.20.254 255.255.255.0 \[Huawei\]interface Vlanif 30 \[Huawei-Vlanif30\]ip address 192.168.30.254 255.255.255.0 \[Huawei\]interface Vlanif 40 \[Huawei-Vlanif40\]ip address 172.16.100.254 255.255.255.0 \[Huawei\]dhcp enable　　//开启dhcp \[Huawei\]interface Vlanif 10 \[Huawei-Vlanif10\]dhcp select interface \[Huawei-Vlanif10\]dhcp server dns-list 172.16.100.1 \[Huawei\]interface Vlanif 20 \[Huawei-Vlanif10\]dhcp select interface \[Huawei-Vlanif10\]dhcp server dns-list 172.16.100.1 \[Huawei\]interface Vlanif 30 \[Huawei-Vlanif10\]dhcp select interface \[Huawei-Vlanif10\]dhcp server dns-list 172.16.100.1 \[Huawei\]display ip interface brief // 检查vlan网络配置 \[Huawei\]interface GigabitEthernet 0/0/2 \[Huawei-GigabitEthernet0/0/2\]port link-type access \[Huawei-GigabitEthernet0/0/2\]port default vlan 10 \[Huawei\]interface GigabitEthernet 0/0/3 \[Huawei-GigabitEthernet0/0/3\]port link-type trunk \[Huawei-GigabitEthernet0/0/3\]port trunk allow-pass vlan all \[Huawei\]interface GigabitEthernet 0/0/4 \[Huawei-GigabitEthernet0/0/4\]port link-type access \[Huawei-GigabitEthernet0/0/4\]port default vlan 40 \[Huawei\]vlan 100 \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]port link-type access \[Huawei-GigabitEthernet0/0/1\]port default vlan 100 \[Huawei\]interface Vlanif 100 \[Huawei-Vlanif100\]ip address 10.10.10.2 24 AR1路由器操作命令： \system-view \[Huawei\]interface GigabitEthernet 0/0/0 \[Huawei-GigabitEthernet0/0/0\]ip address 10.10.10.1 24 \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]ip address 64.1.1.1 24 LSW1交换机操作命令： \[Huawei\]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1 // 出公网路由 AR1路由器操作命令： \[Huawei\]ip route-static 0.0.0.0 0.0.0.0 64.1.1.10 // 出公网路由 \[Huawei\]ip route-static 192.168.0.0 255.255.0.0 10.10.10.2 // 回内网路由 \[Huawei\]ip route-static 172.16.100.0 255.255.255.0 10.10.10.2 // 回内网服务器路由 AR1路由器NAT上网: \[Huawei\]acl 2000 \[Huawei-acl-basic-2000\]rule permit source 192.168.0.0 0.0.255.255 \[Huawei\]nat address-group 1 64.1.1.5 64.1.1.5 \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]nat outbound 2000 address-group 1 限制192.168.10.0网段出公网： \[Huawei\]acl 2001 \[Huawei-acl-basic-2001\]rule deny source 192.168.10.0 0.0.0.255 \[Huawei-acl-basic-2001\]rule permit source any \[Huawei\]interface GigabitEthernet 0/0/0 \[Huawei-GigabitEthernet0/0/0\]traffic-filter inbound acl 2001 内网服务器映射： \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]nat server global 64.1.1.3 inside 172.16.100.1 AR2路由器配置： \[Huawei\]interface GigabitEthernet 0/0/0 \[Huawei-GigabitEthernet0/0/0\]ip address 64.1.1.10 24 \[Huawei\]interface GigabitEthernet 0/0/1 \[Huawei-GigabitEthernet0/0/1\]ip address 8.8.8.254 24 \[Huawei\]interface GigabitEthernet 0/0/2 \[Huawei-GigabitEthernet0/0/2\]ip address 9.9.9.254 24