1搭建實驗拓撲

2實驗目的

學習掌握eNSP中的命令

3實驗步驟

3.1配置連接PC和客戶端的交換機(僅以右側為例)

[Huawei]vlan batch 10 20 #創建vlan
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]un in en
[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]quit
[Huawei]
[Huawei]interface e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
[Huawei]interface e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20

注意：在配置trunk模式時，允許使用vlan通過：?port trunk allow-pass vlan all

3.2配置核心三層交換機

核心三層交換機:

(1)打開中繼服務配置DHCP的中繼*

(2)各接口連接的設備不同，對應接口模式改變*

(3)在三層交換機上配置默認路由向公網方向*

(4)創建vlan*

(5)配置vlan的網關*

#創建vlan
[Huawei]vlan batch 10 20 8 100 200
#設置端口的模式
[Huawei]port-group group-member g0/0/1 g0/0/2 g0/0/3
[Huawei-port-group]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-port-group]quit
[Huawei]interface g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit[Huawei]interface vlan 10
[Huawei-Vlanif10]ip address 192.168.10.1 255.255.255.0
[Huawei-Vlanif10]quit
[Huawei]interface vlan 20
[Huawei-Vlanif20]ip address 192.168.20.1 255.255.255.0
[Huawei-Vlanif20]quit 
[Huawei]interface vlan 8
[Huawei-Vlanif8]ip address 192.168.8.1 255.255.255.0
[Huawei-Vlanif8]quit
[Huawei]interface vlan 100
[Huawei-Vlanif100]ip address 192.168.100.1 255.255.255.0
[Huawei-Vlanif100]quit
[Huawei]interface vlan 200
[Huawei-Vlanif200]ip address 192.168.200.1 255.255.255.0
[Huawei-Vlanif200]quit[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]interface vlan10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 192.168.100.2
[Huawei-Vlanif10]quit[Huawei]ip route-static 0.0.0.0 0 192.168.200.2

3.3配置DHCP服務器

(1)給接口配置ip地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.100.2 24
[Huawei-GigabitEthernet0/0/0]dhcp select global

配置dhcp服務時：一定要在接口處配置該命令dhcp select global?

(2)配置vlan10的地址池

[Huawei]dhcp enable
[Huawei]ip pool vlan10
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-vlan10]network 192.168.10.0
[Huawei-ip-pool-vlan10]gateway-list 192.168.10.1
[Huawei-ip-pool-vlan10]dns-list 192.168.100.3

?(3)配置默認路由

[Huawei]ip route-static 0.0.0.0 0 192.168.100.1

3.4配置與DHCP服務器連接的交換機

(1)設置與vlan100設備連接的端口為access

[Huawei]vlan 100
[Huawei-vlan100]quit
[Huawei]port-group group-member e0/0/1 e0/0/3 e0/0/4
[Huawei-port-group]port link-type access
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-port-group]port default vlan 100
[Huawei-Ethernet0/0/1]port default vlan 100
[Huawei-Ethernet0/0/3]port default vlan 100
[Huawei-Ethernet0/0/4]port default vlan 100

(2)設置與三層交換機連接的端口為trunk

[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all

3.5域名服務器的配置

(1)配置域名服務器ip地址等相關參數

(2)打開域名服務并配置域名和網頁服務器地址

3.6 配置網頁服務器

(1)配置網頁服務器IP地址等相關參數

(2)配置網頁服務

找到一個有網頁的目錄（要求里面需要有文件） 點擊啟動

(3)成功界面

3.6配置vlan8路由器（Telnet客戶端）

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.8.1 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.8.254

3.7配置交換機的Telnet服務

(1)查看用戶界面

[Huawei]display user-interface #查看用戶界面信息

?(2)在與vlan8路由器連接的交換價上配置telnet服務

# 進入VTY（虛擬終端）用戶界面視圖，配置編號范圍為0到4（共5個并發會話）
[Huawei]user-interface vty 0 4# 設置VTY接口的認證模式為AAA（認證、授權、計費）
[Huawei-ui-vty0-4]authentication-mode aaa# 退出VTY用戶界面視圖
[Huawei-ui-vty0-4]quit# 進入AAA配置視圖
[Huawei]aaa# 創建本地用戶"huawei"，密碼為加密后的"123456"
[Huawei-aaa]local-user huawei password cipher 123456
# Info: Add a new user.  # 系統提示：已添加新用戶# 配置用戶"huawei"的服務類型為Telnet
[Huawei-aaa]local-user huawei service-type telnet# 查看設置用戶"huawei"權限等級的幫助信息
# INTEGER<0-15>  Level value  # 權限等級范圍為0（最低）到15（最高）
[Huawei-aaa]local-user huawei privilege level ?
[Huawei-aaa]local-user huawei privilege level 15[Huawei]interface vlan 8
[Huawei-Vlanif8]ip address 192.168.8.3 255.255.255.0

3.8配置邊界路由器?

(1)配置邊界路由器接口IP地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.200.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface g0/0/01
[Huawei-GigabitEthernet0/0/1]ip address 55.0.0.1 24

?(2)配置靜態路由

[Huawei]ip route-static 0.0.0.0 0 55.0.0.2
[Huawei]ip route-static 192.168.10.0 24 192.168.200.1
[Huawei]ip route-static 192.168.20.0 24 192.168.200.1
[Huawei]ip route-static 192.168.100.0 24 192.168.200.1

?(2)配置訪問控制列表實現10和20網段上公網

[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255 
[Huawei-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[Huawei-acl-basic-2000]quit

(3) 配置NAT

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 

查看NAT會話?

(4)配置帶地址池的NAT

[Huawei]nat address-group 1 55.0.0.5 55.0.0.8 
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]undo nat outbound 2000
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 

(5)配置靜態NAT

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat static global 55.0.0.9 inside 192.168.100.4

抓包顯示?

(6)配置靜態NAT?

[Huawei-GigabitEthernet0/0/1]un nat static global 55.0.0.9 inside 192.168.100.4
[Huawei-GigabitEthernet0/0/1]nat static protocol tcp global 55.0.0.9 80 inside 1
92.168.4.0 80

3.9配置外網路由器

(1)配置外網路由器接口IP地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 55.0.0.2 24
[Huawei-GigabitEthernet0/0/0]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 56.0.0.1 24

3.10外網使用域名訪問內網的HTTP

?(1)配置域名服務器的IP地址等參數

(2)設置域名并啟動域名服務

?(4)配置外網客戶端

(4)訪問測試