ensp实验-普通办事处网络

ensp实验-普通办事处网络

一、网络拓扑图

二、说明

路由器10.136.8.2是公司出口设备

路由器10.136.9.1可以假设为公网设备

核心交换机10.136.8.1是全公司网关所在,包括出口设备的网关

DHCP服务也在核心交换机

三、实验

3.1、实验一

要求:按上述说明把网络配置通

3.1.1、公网路由设备:10.136.9.1

bash 复制代码
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.136.9.1 24

3.1.2、公司出口设备:10.136.8.2

bash 复制代码
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 10.136.9.2 24
[Huawei-GigabitEthernet0/0/1]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.136.8.2 24
[Huawei-GigabitEthernet0/0/0]

此时公网路由器AR2去ping出口路由器是通的

3.1.3、核心交换机:10.136.8.1

bash 复制代码
[Huawei]vlan 20
[Huawei-Vlanif20]int vlanif 20
[Huawei-Vlanif20]ip address 10.136.8.1 24
[Huawei-Vlanif20]q

[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 20
[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]port default vlan 20

[Huawei]dhcp enable
[Huawei]ip pool vlan20-pool
[Huawei-ip-pool-vlan20-pool]gateway-list 10.136.8.1
[Huawei-ip-pool-vlan20-pool]network 10.136.8.0 mask 255.255.255.0
[Huawei-ip-pool-vlan20-pool]excluded-ip-address 10.136.8.2 10.136.8.20
[Huawei-ip-pool-vlan20-pool]excluded-ip-address 10.136.8.201 10.136.8.254
[Huawei-ip-pool-vlan20-pool]dns-list 114.114.114.114 223.5.5.5
[Huawei-ip-pool-vlan20-pool]lease day 1
[Huawei-ip-pool-vlan20-pool]q

[Huawei]interface Vlanif20
[Huawei-Vlanif20]dhcp select global
[Huawei-Vlanif20]q

3.1.4、接入交换机:10.136.8.2

bash 复制代码
[Huawei]vlan 20
[Huawei-Vlanif20]int vlanif 20
[Huawei-Vlanif20]ip address 10.136.8.2 24
[Huawei-Vlanif20]q

[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 20
[Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]port default vlan 20

3.1.5、电脑

直连核心的电脑,修改为dhcp就能够获取ip了

直连接入交换机的电脑,修改为dhcp就能够获取ip了

3.1.6、访问外网

核心交换机配置

bash 复制代码
ip route-static 0.0.0.0 0.0.0.0 10.136.8.2

出口路由器配置

bash 复制代码
# 10.136.9.1出口网关,根据实际填
ip route-static 0.0.0.0 0.0.0.0 10.136.9.1
# 假设内网都是 10.136.x.x,根据正式调整
ip route-static 10.136.0.0 255.255.0.0 10.136.8.1
# NAT 配置(让内网上网)
acl number 2000
 rule 5 permit source 10.136.0.0 0.0.255.255
 quit
interface GigabitEthernet0/0/1
 nat outbound 2000
 quit

公网路由器配置

bash 复制代码
# 回程指向出口路由器
ip route-static 10.136.8.0 255.255.255.0 10.136.9.2