hclp第二次作业

题目

要求：

PC1和PC3所在接口为access；属于vlan2；

PC2/4/5/6处于同一网段；其中PC2可以访问PC4/5/6；但PC4可以访问PC5，不能访问PC6
PC5不能访问PC6
PC1/3与PC2/4/5/6不在同一个网段
所有PC通过DHCP获取IP地址，且PC1/3可以正常访问PC2/4/5/6

对要求进行分析

1.VLAN2 与 VLAN3/VLAN4/VLAN5/VLAN6 分属不同网段，需通过三层设备实现不同 VLAN 间的互联互通，且 VLAN2（PC1/PC3）可正常访问其他所有 VLAN 的终端

2.所有终端 PC 均不手动配置静态 IP，需通过网络中的 DHCP 服务器自动获取 IP

3.采用路由器单臂路由来解决VLAN 间互通

配置：

vlan 配置

bash 复制代码

//LSW1
	
[Huawei]vlan batch 2 3 4 5  6
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]interface GigabitEthernet 0/0/1	
[Huawei-GigabitEthernet0/0/1]port link-type access 	
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei]sysname LSW1
[LSW1]interface GigabitEthernet 0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access 	
[LSW1-GigabitEthernet0/0/2]port default vlan 3
[LSW1-GigabitEthernet0/0/2]inter g 0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type  trunk 

[LSW1-GigabitEthernet0/0/3]port trunk all
 
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass  vlan all
[LSW1-GigabitEthernet0/0/3]inter g 0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type  trunk 
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all

//LSW2

[Huawei]sysname LSW2
	
[LSW2]vlan batch 2 3 4 5 6
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW2]interface GigabitEthernet 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type access 
[LSW2-GigabitEthernet0/0/1]port default vlan 2
[LSW2-GigabitEthernet0/0/1]inter g 0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type access 
[LSW2-GigabitEthernet0/0/2]port default vlan 4
[LSW2-GigabitEthernet0/0/2]inter g 0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type trunk 
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all 
[LSW2-GigabitEthernet0/0/3]inter g 0/0/4
[LSW2-GigabitEthernet0/0/4]port link-type trunk
[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all

//LSW3
[Huawei]sysname LSW3
[LSW3]vlan batch 2 3 4 5 6
Info: This operation may take a few seconds. Please wait for a moment...done.
	
[LSW3]interface GigabitEthernet 0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access 
[LSW3-GigabitEthernet0/0/1]port default vlan 5
[LSW3-GigabitEthernet0/0/1]inter g 0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access 
[LSW3-GigabitEthernet0/0/2]port default vlan 6
[LSW3-GigabitEthernet0/0/2]inter g 0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type trunk 
[LSW3-GigabitEthernet0/0/3]port trunk allow-pass vlan all

路由器ar1上配置

规划网段：掩码24

pc1/3 :192.168.1.1~192.168.1.253

pc2 :192.168.2.1~192.168.2.253

pc4: 192.168.3.1~192.168.3.253

pc5 :192.168.4.1~192.168.4.253

pc6 :192.168.5.1~192.168.5.253

bash 复制代码

//AR1
[AR1interface GigabitEthernet0/0/0

[AR1-GigabitEthernet0/0/0]interface GigabitEthernet0/0/0.1

[AR1-GigabitEthernet0/0/0.1] dot1q termination vid 2
[AR1-GigabitEthernet0/0/0.1] ip address 192.168.1.254 24

[AR1-GigabitEthernet0/0/0.1] arp broadcast enable

[AR1-GigabitEthernet0/0/0.1]interface GigabitEthernet0/0/0.2

[AR1-GigabitEthernet0/0/0.2] dot1q termination vid 3

[AR1-GigabitEthernet0/0/0.2] ip address 192.168.2.254 24

[AR1-GigabitEthernet0/0/0.2] arp broadcast enable
Info: This interface has already been configured with ARP broadcast.
 
[AR1-GigabitEthernet0/0/0.2]interface GigabitEthernet0/0/0.3

[AR1-GigabitEthernet0/0/0.3] dot1q termination vid 4

[AR1-GigabitEthernet0/0/0.3] ip address 192.168.3.254 24

[AR1-GigabitEthernet0/0/0.3] arp broadcast enable
Info: This interface has already been configured with ARP broadcast.

[AR1-GigabitEthernet0/0/0.3]interface GigabitEthernet0/0/0.4

[AR1-GigabitEthernet0/0/0.4] dot1q termination vid 
 
[AR1-GigabitEthernet0/0/0.4] dot1q termination vid 5

[AR1-GigabitEthernet0/0/0.4] ip address 192.168.4.254 24


[AR1-GigabitEthernet0/0/0.4] arp broadcast enable
Info: This interface has already been configured with ARP broadcast.

[AR1-GigabitEthernet0/0/0.4]interface GigabitEthernet0/0/0.5

[AR1-GigabitEthernet0/0/0.5] dot1q termination vid 6

[AR1-GigabitEthernet0/0/0.5] ip address 192.168.5.254 24

[AR1-GigabitEthernet0/0/0.5] arp broadcast enable

[AR1-GigabitEthernet0/0/0.5] dhcp select global
[AR1-GigabitEthernet0/0/0.5]ip pool vlan2

[AR1-ip-pool-vlan2] network 192.168.1.0 mask 24
[AR1-ip-pool-vlan2] gateway-list 192.168.1.254
[AR1-ip-pool-vlan2] dns-list 8.8.8.8 114.114.114.114
[AR1-ip-pool-vlan2]
[AR1-ip-pool-vlan2]ip pool vlan3

[AR1-ip-pool-vlan3] network 192.168.2.0 mask 24
[AR1-ip-pool-vlan3] gateway-list 192.168.2.254
[AR1-ip-pool-vlan3] dns-list 8.8.8.8 114.114.114.114
[AR1-ip-pool-vlan3]
[AR1-ip-pool-vlan3]ip pool vlan4

[AR1-ip-pool-vlan4] network 192.168.3.0 mask 24
[AR1-ip-pool-vlan4] gateway-list 192.168.3.254
[AR1-ip-pool-vlan4] dns-list 8.8.8.8 114.114.114.114
[AR1-ip-pool-vlan4]
[AR1-ip-pool-vlan4]ip pool vlan5

[AR1-ip-pool-vlan5] network 192.168.4.0 mask 24
[AR1-ip-pool-vlan5] gateway-list 192.168.4.254
[AR1-ip-pool-vlan5] dns-list 8.8.8.8 114.114.114.114
[AR1-ip-pool-vlan5]
[AR1-ip-pool-vlan5]ip pool vlan6

[AR1-ip-pool-vlan6] network 192.168.5.0 mask 24
[AR1-ip-pool-vlan6] gateway-list 192.168.5.254
[AR1-ip-pool-vlan6] dns-list 8.8.8.8 114.114.114.114


[AR1-ip-pool-vlan6]acl number 3000
[AR1-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.1
68.0.0 0.0.255.255
[AR1-acl-adv-3000] rule permit ip source 192.168.3.0 0.0.0.255 destination 192.1
68.4.0 0.0.0.255
[AR1-acl-adv-3000] rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168
.5.0 0.0.0.255
[AR1-acl-adv-3000] rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168
.5.0 0.0.0.255
[AR1-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination 192.1
68.0.0 0.0.255.255
[AR1-acl-adv-3000] rule permit ip
[AR1-acl-adv-3000]
[AR1-acl-adv-3000]interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0] packet-filter acl 3000 inbound

实验结果：

pc ip 地址以及pc1 ping pc2