路由技术ACL实验

路由技术ACL实验技术,拓扑配置如下图。

第一步:配置各设备IP:R1、R2及各PC。

第二步:配置静态路由或RIP全网联通。

第三步:配置ACL、ACL规则,并应用。

[R2]acl 3000
[R2-acl-adv-3000]rule 5 deny ip source 192.168.20.1 0 destination 192.168.10.1 0

[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

第四步:验证ACL。display acl 3000、dis cu、dis acl all、ping命令。

附加题:配置ACL,使PC5可以访问PC1-PC4,其他都不可以访问

rule permit ip source 192.168.20.5 0
rule 100 deny ip
interface g0/0/0
traffic-filter inbound acl XXX

华为实验命令专题

1、华为交换机基本配置
2、华为路由器基本配置
3、交换机VLAN配置
4、路由器RIP协议配置
5、路由器OSPF配置
6、路由器DHCP配置
7、路由器ACL命令配置
8、路由器NAT命令配置
9、三层交换VLAN路由
10、单臂路由VLAN通信

配置交换机的名称和密文密码:

//用户视图
system-view//进入系统视图配置
[Huawei]
//系统视图
[Huawei]
quitreturn//退出系统视图模式
[Huawei]
sysname ECHO//设置主机名
[Huawei]
user-interface console 0//进入控制台
[Huawei-ui-console0]
authentication-mode password
[Huawei-ui-console0]
set authentication password cipher huawei//配置密文密码

配置交换机的远程管理IP地址:

[Huawei]interface Vlanif 1//进入VLAN1
[Huawei-Vlanif1]
ip add 192.168.1.254 24//配置IP
[Huawei-Vlanif1]
undo shutdown//开启接口
[Huawei]
dns dormain echo.iufun.cn//设置域名
[Huawei]
dns server 192.168.254.254//设置域名IP

dis vlan显示vlan       save保存配置
dis curr显示当前配置     reboot重启设备
undo terminal monitor//取消提示信息

配置交换机端口速率、双工、ARP:

[Huawei]int g0/0/1//进入接口
[Huawei-GigabitEthernet0/0/1]
description echo//端口描述
[Huawei-GigabitEthernet0/0/1]
undo negotiation auto//取消协商
[Huawei-GigabitEthernet0/0/1]
duplex full//全双工
[Huawei-GigabitEthernet0/0/1]
auto duplex full//自动
[Huawei-GigabitEthernet0/0/1]
speed 10//速率10M
[Huawei-GigabitEthernet0/0/1]
auto speed 100//自动
[Huawei-GigabitEthernet0/0/1]
arp static 192.168.1.8 5289-98cf-2603//绑定
[Huawei]
dis arp   [Huawei]dis arp all  //查看ARP

配置路由器接口IP和静态路由:

[Huawei]int g0/0/1//进入接口
[Huawei-GigabitEthernet0/0/1]
ip add 192.168.1.6 24//配IP地址
[Huawei-GigabitEthernet0/0/1]
undo shutdown//开启
dis cur或 [Huawei]dis cur//查看ARP //配置静态路由

[Huawei]
ip route-static 192.168.20.0 24 10.0.12.2
[Huawei]
ip route-static 192.168.10.0 24 serial 0/0/1
[Huawei]
ip route-static 0.0.0.0 0 192.168.1.5//默认
[Huawei]
display ip routing-table//查看路由表

配置交换机VLAN相关命令:

[Huawei]vlan 10或 [Huawei]vlan 20     //创建vlan
[Huawei-vlan10]
description echo      //vlan描述
[Huawei]
vlan batch 30 40          //创建多个vlan
[Huawei]
int g0/0/1             //进入接口
[Huawei-GigabitEthernet0/0/1]
port link-type access//访问口
[Huawei-GigabitEthernet0/0/1]
port default vlan 10  //加入vlan
[Huawei-GigabitEthernet0/0/1]
port link-type trunk  //干道口
[Huawei-GigabitEthernet0/0/1]
port trunk allow-pass vlan 10 20//允许
[Huawei-GigabitEthernet0/0/1]
port trunk allow-pass vlan all//所有

[Huawei]int e0/0/2               //进入接口
[Huawei-Ethernet0/0/2]
port link-type hybrid  //混合口模式
[Huawei-Ethernet0/0/2]
undo port default vlan //删除默认vlan
[Huawei-Ethernet0/0/2]
port hybrid untagged vlan 20 //去标签
[Huawei-Ethernet0/0/2]
port hybrid pvid vlan 2//设置默认vlan
[Huawei-Ethernet0/0/2]
port trunk allow-pass vlan 10 to 100//允许(前面加undo不允许)
[Huawei]
dis port vlan//查看VLAN
[Huawei]
display vlan//查看VLAN

配置交换VLAN一致性GVRP:通用VLAN注册协议,国际标准,双向注册。

Normal模式:       (类似cisco交换机服务器模式)
[Huawei]gvrp           //开启GVRP 也是默认模式

Fixed模式:         (类似cisco交换机客户机模式)
[Huawei-g0/0/2]
gvrp registration fixed

Forbidden模式:       (类似cisco交换机透明模式)
[Huawei-g0/0/3]
gvrp registration forbidden

dis vlan summary        //查看vlan汇总
dis gvrp status        
 //查看gvrp状态

配置路由器RIP协议:RIPv1 RIPv2

[Huawei]rip             //启动RIP默认v1
[Huawei-rip-1]
network 192.168.1.0   //发布直连网段
[Huawei-rip-1]
version 2         //配置v2版本

[Huawei]
dis rip               //查看rip
[Huawei]
dis rip database       //查看rip数据库
[Huawei]
dis ip routing-table      //查看路由表

优先级:直连 0、静态 60、rip 100、ospf 10/150

配置路由器OSPF协议:

[Huawei]ospf 1       //启用OSPF默认是进程1
[Huawei-ospf-1]
area 0          //进入区域0
[Huawei-ospf-1-area-0.0.0.0]
network 192.168.3.0 0.0.0.255//发布直连网段
[Huawei-ospf-1-area-0.0.0.0]
silent-interface g0/0/2    //被动接口


[Huawei]
dis ospf interface        //查看ospf通告
[Huawei]
dis ospf peer           //查看ospf邻居
[Huawei]
dis ip routing-table      //查看路由表
[Huawei]
dis ospf routing        //查看ospf路由表

配置基于全局的DHCP协议:

[Huawei]dhcp enable                //开启DHCP
[Huawei]
ip pool echo               //地址池名
[Huawei-ip-pool-echo]
network 192.168.1.0     //地址池
[Huawei-ip-pool-echo]
lease day 2         //租约默认1
[Huawei-ip-pool-echo]
gateway-list 192.168.1.254  //网关
[Huawei-ip-pool-echo]
excluded-ip-address 192.168.1.250 192.168.1.253//排除IP范围
[Huawei-ip-pool-echo]
dns-list 8.8.8.8        //DNS服务器
[Huawei-GigabitEthernet0/0/0]
dhcp select global   //基于全局

配置基于接口的DHCP协议:

[Huawei]dhcp enable              //开启DHCP
[Huawei]
int g0/0/1               //进入接口
[Huawei-GigabitEthernet0/0/1]
dhcp select interface   //基于接口
[Huawei-GigabitEthernet0/0/1]
dhcp server lease day 2 //租约默认1
[Huawei-GigabitEthernet0/0/1]
dhcp server excluded-ip-address 192.168.1.1 192.168.1.10              //排除IP范围
[Huawei-GigabitEthernet0/0/1]
dhcp server dns-list 8.8.8.8   //DNS
[Huawei]
dis ip pool              //查看dhcp
客户机:自动获取           查看ipconfig、ifconfig

配置路由器基本ACL:2000-2999

[Huawei]acl 2000                //配置基本acl
[Huawei-acl-basic-2000]
rule 5 permit source 1.1.1.1 0    //允许源IP(注意反掩码0,默认步长5)
[Huawei-acl-basic-2000]
rule 10 deny any     //拒绝任意
[Huawei]
user-interface vty 0 4          //进入接口
[Huawei-ui-vty0-4]
acl 2000 inbound       //应用acl

[Huawei]
dis acl all                //查看所有acl
[Huawei]
dis acl 2000              //查看acl 2000

配置路由器高级ACL:3000-3999

[Huawei]acl 3000                //配置高级ACL
[Huawei-acl-adv-3000]
rule permit ip source 1.1.1.1 0 destination 4.4.4.4 0 //允许访问
[Huawei]
user-interface vty 0 4          //进入虚拟接口
[Huawei-ui-vty0-4]
acl 3000 outbound      //应用acl
[Huawei]
int g0/0/1              //进入接口
[Huawei-GigabitEthernet0/0/1]
traffic-filter inbound acl 3000//应用

[Huawei]
dis acl all               //查看所有acl

配置路由器动态NAT:(多对少)

[Huawei]nat address-group 1 202.169.10.50 202.169.10.60 //外部IP
[Huawei]acl 2001               //配置acl
[Huawei-acl-basic-2001]rule 5 permit source 172.17.1.0 0.0.0.255 //内部IP
[Huawei-acl-basic-2001]interface g0/0/1     //进入接口
[Huawei-GigabitEthernet0/0/1]nat outbound 2001 address-group 1 no-pat //应用NAT
[Huawei]dis nat outbound           //查看NAT

配置路由器静态NAT:(一对一)

[Huawei]int g0/0/1               //进入接口
[Huawei-GigabitEthernet0/0/1]nat static global 202.169.10.5 inside 172.16.1.1          //一对一转换

配置路由器动态NAPT:(多对一)

[Huawei]int g0/0/0               //进入接口
[Huawei-GigabitEthernet0/0/0]nat outbound 2001 //多对一转换

[Huawei]dis nat static              //查看静态NAT

配置三层交换机VLAN间路由:

首先基本配置,IP、VLAN等。
[Huawei]int vlanif 10                //进入接口
[Huawei-Vlanif10]ip add 192.168.1.254 24     //配IP
[Huawei]int vlanif 20                //进入接口
[Huawei-Vlanif20]ip add 192.168.2.254 24     //配IP

[Huawei]dis ip interface brief            //接口简略信息
[Huawri]dis port vlan                //接口VLAN信息
[Huawei]dis vlan                  //查看VLAN信息

配置单臂路由VLAN间通信:

首先基本配置,IP、VLAN等。
[Huawei-GigabitEthernet0/0/1.1]ip add 192.168.1.254 24//配置IP
[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 10 //封装
[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable//开启arp

[Huawei]dis ip interface brief            //查看接口
[Huawei]dis ip routing-table            //查看路由表
[Huawei]display current-configuration       //查看配置

资源下载

VMware Workstation 建议通过官网进行下载 激活码百度即可
Workstation Pro for Windows

eNSP V100R003C00SPC200T
Windows Server 2008    
Reb Hat Enterprise 7.0

链接:
提取码:[hidden type="blur"]ECHO[/hidden]