一、实验要求
1.网络中有3个不同部门,均可自动获取地址
2.各部门可互相访问,也可访问内网服务器172.16.100.1
3.PC1不允许访问互联网,PC2和PC3可以访问互联网
4.内网服务器对外发布的地址为64.1.1.3,互联网用户可以访问这台服务器
5.内网服务器的域名是www.aaa.com,各PC可以通过域名访问
二、实验拓扑图
三、配置步骤
LSW3交换机操作命令:
<Huawei>system-view
[Huawei]vlan batch 20 30
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 30
LSW1交换机操作命令:
<Huawei>system-view
[Huawei]vlan batch 10 20 30 40 //创建vlan
[Huawei]interface Vlanif 10
[Huawei-Vlanif10]ip address 192.168.10.254 255.255.255.0 //分配IP
[Huawei]interface Vlanif 20
[Huawei-Vlanif20]ip address 192.168.20.254 255.255.255.0
[Huawei]interface Vlanif 30
[Huawei-Vlanif30]ip address 192.168.30.254 255.255.255.0
[Huawei]interface Vlanif 40
[Huawei-Vlanif40]ip address 172.16.100.254 255.255.255.0
[Huawei]dhcp enable //开启dhcp
[Huawei]interface Vlanif 10
[Huawei-Vlanif10]dhcp select interface
[Huawei-Vlanif10]dhcp server dns-list 172.16.100.1
[Huawei]interface Vlanif 20
[Huawei-Vlanif10]dhcp select interface
[Huawei-Vlanif10]dhcp server dns-list 172.16.100.1
[Huawei]interface Vlanif 30
[Huawei-Vlanif10]dhcp select interface
[Huawei-Vlanif10]dhcp server dns-list 172.16.100.1
[Huawei]display ip interface brief // 检查vlan网络配置
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei]interface GigabitEthernet 0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-GigabitEthernet0/0/4]port default vlan 40
[Huawei]vlan 100
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 100
[Huawei]interface Vlanif 100
[Huawei-Vlanif100]ip address 10.10.10.2 24
AR1路由器操作命令:
<Huawei>system-view
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.10.10.1 24
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 64.1.1.1 24
LSW1交换机操作命令:
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.10.10.1 // 出公网路由
AR1路由器操作命令:
[Huawei]ip route-static 0.0.0.0 0.0.0.0 64.1.1.10 // 出公网路由
[Huawei]ip route-static 192.168.0.0 255.255.0.0 10.10.10.2 // 回内网路由
[Huawei]ip route-static 172.16.100.0 255.255.255.0 10.10.10.2 // 回内网服务器路由
AR1路由器NAT上网:
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[Huawei]nat address-group 1 64.1.1.5 64.1.1.5
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1
限制192.168.10.0网段出公网:
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule deny source 192.168.10.0 0.0.0.255
[Huawei-acl-basic-2001]rule permit source any
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]traffic-filter inbound acl 2001
内网服务器映射:
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]nat server global 64.1.1.3 inside 172.16.100.1
AR2路由器配置:
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 64.1.1.10 24
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 8.8.8.254 24
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 9.9.9.254 24