1搭建实验拓扑

2实验目的

学习掌握eNSP中的命令

3实验步骤

3.1配置连接PC和客户端的交换机(仅以右侧为例)

[Huawei]vlan batch 10 20 #创建vlan
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]un in en
[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]quit
[Huawei]
[Huawei]interface e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
[Huawei]interface e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 20

注意：在配置trunk模式时，允许使用vlan通过： port trunk allow-pass vlan all

3.2配置核心三层交换机

核心三层交换机:

(1)打开中继服务配置DHCP的中继*

(2)各接口连接的设备不同，对应接口模式改变*

(3)在三层交换机上配置默认路由向公网方向*

(4)创建vlan*

(5)配置vlan的网关*

#创建vlan
[Huawei]vlan batch 10 20 8 100 200
#设置端口的模式
[Huawei]port-group group-member g0/0/1 g0/0/2 g0/0/3
[Huawei-port-group]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-port-group]quit
[Huawei]interface g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit[Huawei]interface vlan 10
[Huawei-Vlanif10]ip address 192.168.10.1 255.255.255.0
[Huawei-Vlanif10]quit
[Huawei]interface vlan 20
[Huawei-Vlanif20]ip address 192.168.20.1 255.255.255.0
[Huawei-Vlanif20]quit 
[Huawei]interface vlan 8
[Huawei-Vlanif8]ip address 192.168.8.1 255.255.255.0
[Huawei-Vlanif8]quit
[Huawei]interface vlan 100
[Huawei-Vlanif100]ip address 192.168.100.1 255.255.255.0
[Huawei-Vlanif100]quit
[Huawei]interface vlan 200
[Huawei-Vlanif200]ip address 192.168.200.1 255.255.255.0
[Huawei-Vlanif200]quit[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]interface vlan10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 192.168.100.2
[Huawei-Vlanif10]quit[Huawei]ip route-static 0.0.0.0 0 192.168.200.2

3.3配置DHCP服务器

(1)给接口配置ip地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.100.2 24
[Huawei-GigabitEthernet0/0/0]dhcp select global

配置dhcp服务时：一定要在接口处配置该命令dhcp select global 

(2)配置vlan10的地址池

[Huawei]dhcp enable
[Huawei]ip pool vlan10
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-vlan10]network 192.168.10.0
[Huawei-ip-pool-vlan10]gateway-list 192.168.10.1
[Huawei-ip-pool-vlan10]dns-list 192.168.100.3

 (3)配置默认路由

[Huawei]ip route-static 0.0.0.0 0 192.168.100.1

3.4配置与DHCP服务器连接的交换机

(1)设置与vlan100设备连接的端口为access

[Huawei]vlan 100
[Huawei-vlan100]quit
[Huawei]port-group group-member e0/0/1 e0/0/3 e0/0/4
[Huawei-port-group]port link-type access
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-port-group]port default vlan 100
[Huawei-Ethernet0/0/1]port default vlan 100
[Huawei-Ethernet0/0/3]port default vlan 100
[Huawei-Ethernet0/0/4]port default vlan 100

(2)设置与三层交换机连接的端口为trunk

[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all

3.5域名服务器的配置

(1)配置域名服务器ip地址等相关参数

(2)打开域名服务并配置域名和网页服务器地址

3.6 配置网页服务器

(1)配置网页服务器IP地址等相关参数

(2)配置网页服务

找到一个有网页的目录（要求里面需要有文件） 点击启动

(3)成功界面

3.6配置vlan8路由器（Telnet客户端）

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.8.1 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.8.254

3.7配置交换机的Telnet服务

(1)查看用户界面

[Huawei]display user-interface #查看用户界面信息

 (2)在与vlan8路由器连接的交换价上配置telnet服务

# 进入VTY（虚拟终端）用户界面视图，配置编号范围为0到4（共5个并发会话）
[Huawei]user-interface vty 0 4# 设置VTY接口的认证模式为AAA（认证、授权、计费）
[Huawei-ui-vty0-4]authentication-mode aaa# 退出VTY用户界面视图
[Huawei-ui-vty0-4]quit# 进入AAA配置视图
[Huawei]aaa# 创建本地用户"huawei"，密码为加密后的"123456"
[Huawei-aaa]local-user huawei password cipher 123456
# Info: Add a new user.  # 系统提示：已添加新用户# 配置用户"huawei"的服务类型为Telnet
[Huawei-aaa]local-user huawei service-type telnet# 查看设置用户"huawei"权限等级的帮助信息
# INTEGER<0-15>  Level value  # 权限等级范围为0（最低）到15（最高）
[Huawei-aaa]local-user huawei privilege level ?
[Huawei-aaa]local-user huawei privilege level 15[Huawei]interface vlan 8
[Huawei-Vlanif8]ip address 192.168.8.3 255.255.255.0

3.8配置边界路由器 

(1)配置边界路由器接口IP地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.200.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface g0/0/01
[Huawei-GigabitEthernet0/0/1]ip address 55.0.0.1 24

 (2)配置静态路由

[Huawei]ip route-static 0.0.0.0 0 55.0.0.2
[Huawei]ip route-static 192.168.10.0 24 192.168.200.1
[Huawei]ip route-static 192.168.20.0 24 192.168.200.1
[Huawei]ip route-static 192.168.100.0 24 192.168.200.1

 (2)配置访问控制列表实现10和20网段上公网

[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255 
[Huawei-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[Huawei-acl-basic-2000]quit

(3) 配置NAT

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 

查看NAT会话 

(4)配置带地址池的NAT

[Huawei]nat address-group 1 55.0.0.5 55.0.0.8 
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]undo nat outbound 2000
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 

(5)配置静态NAT

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat static global 55.0.0.9 inside 192.168.100.4

抓包显示 

(6)配置静态NAT 

[Huawei-GigabitEthernet0/0/1]un nat static global 55.0.0.9 inside 192.168.100.4
[Huawei-GigabitEthernet0/0/1]nat static protocol tcp global 55.0.0.9 80 inside 1
92.168.4.0 80

3.9配置外网路由器

(1)配置外网路由器接口IP地址

[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 55.0.0.2 24
[Huawei-GigabitEthernet0/0/0]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 56.0.0.1 24

3.10外网使用域名访问内网的HTTP

 (1)配置域名服务器的IP地址等参数

(2)设置域名并启动域名服务

 (4)配置外网客户端

(4)访问测试