ensp实验-普通办事处网络
一、网络拓扑图
二、说明
路由器10.136.8.2是公司出口设备
路由器10.136.9.1可以假设为公网设备
核心交换机10.136.8.1是全公司网关所在,包括出口设备的网关
DHCP服务也在核心交换机
三、实验
3.1、实验一
要求:按上述说明把网络配置通
3.1.1、公网路由设备:10.136.9.1
bash
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.136.9.1 24
3.1.2、公司出口设备:10.136.8.2
bash
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.136.9.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.136.8.2 24
[Huawei-GigabitEthernet0/0/0]
此时公网路由器AR2去ping出口路由器是通的
3.1.3、核心交换机:10.136.8.1
bash
[Huawei]vlan 20
[Huawei-Vlanif20]int vlanif 20
[Huawei-Vlanif20]ip address 10.136.8.1 24
[Huawei-Vlanif20]q
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 20
[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]port default vlan 20
[Huawei]dhcp enable
[Huawei]ip pool vlan20-pool
[Huawei-ip-pool-vlan20-pool]gateway-list 10.136.8.1
[Huawei-ip-pool-vlan20-pool]network 10.136.8.0 mask 255.255.255.0
[Huawei-ip-pool-vlan20-pool]excluded-ip-address 10.136.8.2 10.136.8.20
[Huawei-ip-pool-vlan20-pool]excluded-ip-address 10.136.8.201 10.136.8.254
[Huawei-ip-pool-vlan20-pool]dns-list 114.114.114.114 223.5.5.5
[Huawei-ip-pool-vlan20-pool]lease day 1
[Huawei-ip-pool-vlan20-pool]q
[Huawei]interface Vlanif20
[Huawei-Vlanif20]dhcp select global
[Huawei-Vlanif20]q
3.1.4、接入交换机:10.136.8.2
bash
[Huawei]vlan 20
[Huawei-Vlanif20]int vlanif 20
[Huawei-Vlanif20]ip address 10.136.8.2 24
[Huawei-Vlanif20]q
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 20
[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]port default vlan 20
3.1.5、电脑
直连核心的电脑,修改为dhcp就能够获取ip了
直连接入交换机的电脑,修改为dhcp就能够获取ip了
3.1.6、访问外网
核心交换机配置
bash
ip route-static 0.0.0.0 0.0.0.0 10.136.8.2
出口路由器配置
bash
# 10.136.9.1出口网关,根据实际填
ip route-static 0.0.0.0 0.0.0.0 10.136.9.1
# 假设内网都是 10.136.x.x,根据正式调整
ip route-static 10.136.0.0 255.255.0.0 10.136.8.1
# NAT 配置(让内网上网)
acl number 2000
rule 5 permit source 10.136.0.0 0.0.255.255
quit
interface GigabitEthernet0/0/1
nat outbound 2000
quit
公网路由器配置
bash
# 回程指向出口路由器
ip route-static 10.136.8.0 255.255.255.0 10.136.9.2