NE综合实验2:RIP 与 OSPF 动态路由精细配置及ACL访问控制列表 电脑

帅帅梓2025-07-18 14:17

NE综合实验2:RIP 与 OSPF 动态路由精细配置及ACL访问控制列表

实验拓扑图

实验需求

1.按照图示配置IP地址

2.按照图示区域划分配置对应的动态路由协议

3.在R7上配置dhcp服务器,能够让pc可以获取IP地址

4.将所有环回⼝宣告进ospf中,将环回⼝7宣告进rip中,将rip路由引⼊ospf

中,ospf路由引⼊rip中

5.要求实现全⽹互通

6.在r3和r6上开启rip的端⼝验证,密码为hyzy

7.在R7上开启rip静默接⼝,要求业务⽹段不允许接收协议报⽂

8.在R5和R4上开启ospf端⼝验证,密码为hyzy

9.要求在R4上配置ftp服务,测试时可以允许所有设备均可登录访问

10.要求在R1上配置telnet服务,测试时可以允许所有设备均可登录访问管理

11.要求拒绝R5访问R1的telnet服务,其他设备均不影响

12.要求拒绝R2访问R4的ftp服务,其他设备均不影响

13.要求拒绝10.1.1.0/24⽹段ping通R1地址

14.要求拒绝10.1.1.1/24地址访问R4地址

15.要求拒绝10.1.1.2/24地址访问R3地址

实验步骤

1 配置IP地址略

2.略

3.在R7上配置dhcp服务器,能够让pc可以获取IP地址

复制代码 
[R7]dhcp enable 
[R7]dhcp server ip-pool 1
[R7-dhcp-pool-1]netbios-type
[R7-dhcp-pool-1]network 10.1.1.0 24
[R7-dhcp-pool-1]gateway-list 10.1.1.7
[R7-dhcp-pool-1]dns-list 114.114.114.114
[R7-dhcp-pool-1]expired day 1

4.将所有环回⼝宣告进ospf中,将环回⼝7宣告进rip中,将rip路由引⼊ospf

中,ospf路由引⼊rip中

复制代码 
在R1
R1 ospf1 在area0中宣告
R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]ar 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.3.3.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]%Jul 14 09:27:32:809 2025 R1 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.1.2(GigabitEthernet0/0) changed from LOADING to FULL.
%Jul 14 09:29:28:811 2025 R1 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.2.3(GigabitEthernet0/1) changed from LOADING to FULL.
在R2
R2 ospf1 在area0中宣告
[R2]ospf 1 router-id 2.2.2.2 
[R2-ospf-1]ar 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.168%Jul 14 09:26:28:606 2025 R2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.1.1(GigabitEthernet0/0) changed from LOADING to FULL.
[R2-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]%Jul 14 09:28:41:649 2025 R2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.3.3(GigabitEthernet0/1) changed from LOADING to FULL.
在R3
R3 ospf1 在area0中宣告 还有R3也在rip 也需要在rip 宣告
[R3]ospf 1 r
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]ar 0
[R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]n%Jul 14 09:31:00:857 2025 R3 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.2.1(GigabitEthernet0/0) changed from LOADING to FULL.
[R3-ospf-1-area-0.0.0.0]net
[R3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]%Jul 14 09:31:26:127 2025 R3 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.3.2(GigabitEthernet0/1) changed from LOADING to FULL.

[R3-ospf-1-area-0.0.0.0]
[R3-ospf-1-area-0.0.0.0]
[R3-ospf-1-area-0.0.0.0]qu
[R3-ospf-1]dis th
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 192.168.2.0 0.0.0.255
  network 192.168.3.0 0.0.0.255
#
return
[R3-ospf-1]qu
[R3]rip 1
[R3-rip-1]undo summary
[R3-rip-1]version 2
[R3-rip-1]network 200.1.1.0
[R3-rip-1]network 200.2.2.0
在R4
R4 ospf2 在area0中宣告
[R4]ospf 2 router-id 4.4.4.4
[R4-ospf-2]area 0
[R4-ospf-2-area-0.0.0.0]net
[R4-ospf-2-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[R4-ospf-2-area-0.0.0.0]net
[R4-ospf-2-area-0.0.0.0]network 100.3.3.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]net
[R4-ospf-2-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]%Jul 14 09:35:40:774 2025 R4 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.1.5(GigabitEthernet0/1) changed from LOADING to FULL.
%Jul 14 09:39:36:773 2025 R4 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.3.6(GigabitEthernet0/0) changed from LOADING to FULL.
在R5
R5 ospf2 在area0中宣告
[R5]ospf 2 r
[R5]ospf 2 router-id 5.5.5.5
[R5-ospf-2]area 0
[R5-ospf-2-area-0.0.0.0]net
[R5-ospf-2-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[R5-ospf-2-area-0.0.0.0]net
[R5-ospf-2-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R5-ospf-2-area-0.0.0.0]net
[R5-ospf-2-area-0.0.0.0]network 172.16.2.0 0.0%Jul 14 09:35:49:190 2025 R5 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.1.4(GigabitEthernet0/0) changed from LOADING to FULL.
network 172.16.1.0 0.0.0.255
[R5-ospf-2-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[R5-ospf-2-area-0.0.0.0]network 100.2.2.0 0.0.0.255
在R6
R6 ospf2 在area0中宣告 还有R6也在rip 也需要在rip 宣告
[R6]ospf 2 router-id 6.6.6.6
[R6-ospf-2]ar  0
[R6-ospf-2-area-0.0.0.0]net
[R6-ospf-2-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[R6-ospf-2-area-0.0.0.0]net
[R6-ospf-2-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[R6-ospf-2-area-0.0.0.0]net
[R6-ospf-2-area-0.0.0.0]network 172.16.%Jul 14 09:39:39:157 2025 R6 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.3.4(GigabitEthernet0/2) changed from LOADING to FULL.
network 172.16.3.0 0.0.0.255
[R6-ospf-2-area-0.0.0.0]ne
[R6-ospf-2-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[R6-ospf-2-area-0.0.0.0]%Jul 14 09:40:04:693 2025 R6 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.2.5(GigabitEthernet5/0) changed from LOADING to FULL.

[R6-ospf-2-area-0.0.0.0]
[R6-ospf-2-area-0.0.0.0]di th
#
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
#
return
[R6-ospf-2-area-0.0.0.0]qu
[R6-ospf-2]qu
[R6]rip 1
[R6-rip-1]undo summary
[R6-rip-1]version 2
[R6-rip-1]network 200.1.1.0 
[R6-rip-1]network 200.3.3.0
[R6-rip-1]
在R7
R7 ospf1 ospf2 在area0中宣告 还有R7也在rip 也需要在rip 宣告
[R7]ospf 1
[R7-ospf-1]ar 0
[R7-ospf-1-area-0.0.0.0]net
[R7-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[R7-ospf-1-area-0.0.0.0]qu
[R7-ospf-1]qu
[R7]ospf 2
[R7-ospf-2]%Jul 14 11:04:23:832 2025 R7 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 100.1.1.2(GigabitEthernet0/2) changed from LOADING to FULL.

[R7-ospf-2]ar 0
[R7-ospf-2-area-0.0.0.0]net
[R7-ospf-2-area-0.0.0.0]network 100.2.2.0 0.0.0.255
[R7-ospf-2-area-0.0.0.0]qu
[R7-ospf-2]qu
[R7]%Jul 14 11:04:54:628 2025 R7 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 100.2.2.5(GigabitEthernet5/0) changed from LOADING to FULL.
[R7]rip 1
[R7-rip-1]undo summary
[R7-rip-1]version 
[R7-rip-1]network 7.7.7.7
[R7-rip-1]network 200.2.2.0
[R7-rip-1]network 200.3.3.0

5.要求实现全⽹互通

分析 要实现全网互通 需要R3 6 7相互引路

复制代码 
在R3
[R3-rip-1]import-route ospf 1
[R3-ospf-1]import-route rip 1
在R6
[R6-ospf-2]import-route rip 1
[R6-rip-1]import-route ospf 2
在R7
[R7-rip-1]import-route ospf 1
[R7-rip-1]import-route ospf 2
[R7-rip-1]qu
[R7]ospf 1
[R7-ospf-1]import-route rip 1
[R7-ospf-1]qu
[R7]ospf 2
[R7-ospf-2]import-route rip 1
[R7-ospf-2]qu

6.在r3和r6上开启rip的端⼝验证,密码为hyzy

复制代码 
在R3
[R3]int g5/0
[R3-GigabitEthernet5/0]rip authentication-mode simple plain hyzy
在R6
[R6]int g0/1
[R6-GigabitEthernet0/1]rip authentication-mode simple plain hyzy

7.在R7上开启rip静默接⼝,要求业务⽹段不允许接收协议报⽂

复制代码 
[R7]rip 1
[R7-rip-1]silent-interface g5/1

8.在R5和R4上开启ospf端⼝验证,密码为hyzy

复制代码 
在R5
[R5]int g0/0
[R5-GigabitEthernet0/0]ospf authentication-mode simple plain hyzy
[R5-GigabitEthernet0/0]%Jul 14 11:28:16:526 2025 R5 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.1.4(GigabitEthernet0/0) changed from FULL to DOWN.
%Jul 14 11:29:46:220 2025 R5 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.1.4(GigabitEthernet0/0) changed from LOADING to FULL.
在R4
[R4]int g0/1

[R4-GigabitEthernet0/1]ospf authentication-mode simple plain hyzy
[R4-GigabitEthernet0/1]%Jul 14 11:29:10:770 2025 R4 OSPF/5/OSPF_NBR_CHG: OSPF 2 Neighbor 172.16.1.5(GigabitEthernet0/1) changed from LOADING to FULL

9.要求在R4上配置ftp服务,测试时可以允许所有设备均可登录访问

复制代码 
[R4]ftp server enable 
[R4]local-user ssz class manage 
New local user added.
[R4-luser-manage-ssz]password simple 123456.com
[R4-luser-manage-ssz]service-type ftp
[R4-luser-manage-ssz]authorization-attribute user-role level-15

10.要求在R1上配置telnet服务,测试时可以允许所有设备均可登录访问管理

复制代码 
[R1]telnet server enable 
[R1]local-user ssz class manage 
[R1-luser-manage-ssz]password simple 123456.com
[R1-luser-manage-ssz]service-type telnet
[R1-luser-manage-ssz]authorization-attribute user-role level-15
[R1]user-interface vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]user-role level-15

11.要求拒绝R5访问R1的telnet服务,其他设备均不影响

分析:R5拒绝R1的telnet服务的访问

复制代码 
在R1
[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule deny tcp source 172.16.1.5 0 destination-port eq teln
et
[R1-acl-ipv4-adv-3000]rule deny tcp source 172.16.2.5 0 destination-port eq teln
et
[R1-acl-ipv4-adv-3000]rule deny tcp source 100.2.2.5 0 destination-port eq teln
et
[R1-acl-ipv4-adv-3000]rule deny tcp source 5.5.5.5 0 destination-port eq telnet
[R1]interface range g0/0 to g0/2
[R1-if-range]packet-filter 3000 inbound
<R5>telnet 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Failed to connect to the remote host!

12.要求拒绝R2访问R4的ftp服务,其他设备均不影响

复制代码 
在R4
[R4]acl advanced 3000
[R4-acl-ipv4-adv-3000]rule deny tcp source 100.1.1.2 0 destination-port eq ftp
[R4-acl-ipv4-adv-3000]rule deny tcp source 192.168.3.2 0 destination-port eq ftp

[R4-acl-ipv4-adv-3000]rule deny tcp source 192.168.1.2 0 destination-port eq ftp

[R4-acl-ipv4-adv-3000]rule deny tcp source 2.2.2.2 0 destination-port eq ftp
[R4]interface range g0/0 to g0/2
[R4-if-range]packet-filter 3000 inbound 
<R2>ftp 4.4.4.4
Press CTRL+C to abort.

13.要求拒绝10.1.1.0/24⽹段ping通R1地址

复制代码 
在R7
[R7]acl advanced 3000
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.0 0.0.0.255 destination 1.1.1
.1 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.0 0.0.0.255 destination 100.3
.3.1 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.0 0.0.0.255 destination 172.1
68.3.1 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.0 0.0.0.255 d
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.0 0.0.0.255 destination 172.1
68.1.1 0
[R7]int g5/1
[R7-GigabitEthernet5/1]packet-filter 3000 inbound 
在PC9上
<H3C>ping 1.1.1.1
Ping 1.1.1.1 (1.1.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 1.1.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 14:46:25:861 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 1.1.1.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

<H3C>ping 100.3.3.1
Ping 100.3.3.1 (100.3.3.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 100.3.3.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 14:46:43:980 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 100.3.3.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

<H3C>ping 192.168.1.1
Ping 192.168.1.1 (192.168.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 192.168.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 14:47:00:810 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.1.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

<H3C>ping 192.168.2.1
Ping 192.168.2.1 (192.168.2.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 192.168.2.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 14:47:15:232 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.2.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

但R1能ping通PC9
<H3C>ping 10.1.1.2
Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.1.1.2: icmp_seq=0 ttl=252 time=3.080 ms
56 bytes from 10.1.1.2: icmp_seq=1 ttl=252 time=2.399 ms
56 bytes from 10.1.1.2: icmp_seq=2 ttl=252 time=2.930 ms
56 bytes from 10.1.1.2: icmp_seq=3 ttl=252 time=2.656 ms
56 bytes from 10.1.1.2: icmp_seq=4 ttl=252 time=2.184 ms

--- Ping statistics for 10.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.184/2.650/3.080/0.330 ms
<R1>%Jul 14 15:23:37:341 2025 R1 PING/6/PING_STATISTICS: Ping statistics for 10.1.1.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 2.184/2.650/3.080/0.330 ms.

14.要求拒绝10.1.1.1/24地址访问R4地址

复制代码 
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.1 0 destination 4.4.4.4 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.1 0 destination 172.16.1.4 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.1 0 destination 172.16.3.4 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.1 0 destination 100.3.3.4 0
<H3C>ping 4.4.4.4
Ping 4.4.4.4 (4.4.4.4): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 4.4.4.4 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 15:48:57:588 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 4.4.4.4: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

15.要求拒绝10.1.1.2/24地址访问R3地址

复制代码 
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.2 0 destination 3.3.3.3 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.2 0 destination 192.168.2.3 0

[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.2 0 destination 192.168.3.3 0

[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.2 0 destination 200.1.1.3 0
[R7-acl-ipv4-adv-3000]rule deny icmp source 10.1.1.2 0 destination 200.2.2.3 0
Ping 3.3.3.3 (3.3.3.3): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 3.3.3.3 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
<H3C>%Jul 14 18:03:04:959 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 3.3.3.3: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.
相关推荐
笑鸿的学习笔记24 分钟前
PySide笔记之信号连接信号
笔记
ROOKIE Shawn2 小时前
mysql学习笔记
笔记·学习
DoraBigHead4 小时前
应用层:万维网的魔法门,协议的隐秘契约
网络协议
云资源服务商5 小时前
探索阿里云ESA:开启边缘安全加速新时代
网络安全·阿里云·云计算·边缘计算
小红卒6 小时前
sqli-labs靶场通关笔记:第24关 二次注入
网络安全·sql注入漏洞
致***锌7 小时前
上证50etf期权交易限制的是什么?
笔记
kp000007 小时前
PHP strip_tags() 函数详解
网络安全·php
饕餮争锋8 小时前
设计模式笔记_结构型_桥接模式
笔记·设计模式·桥接模式
Volunteer Technology8 小时前
计算机网络概述
计算机网络
热门推荐
01Cursor Claude 模型无法使用的解决方法02全球最强模型Grok4,国内已可免费使用!(附教程)03KGG转MP3工具|非KGM文件|解密音频04【2025.7.18】更新vscode后所有.vue文件template标签后报红的临时解决办法,Vue - Official 插件3.0.2导致05【无标题】06集群聊天服务器---MySQL数据库的建立07Cursor如何配置代理08绿色建筑新态势:楼宇自控助力能效提升,推动成本优化新路径09Coze扣子平台完整体验和实践(附国内和国际版对比)10突破限制:使用 Claude Code Proxy 让 Claude Code 自由连接任意模型