一、搭建要求
1R1,R3,R4跑ospf,且進行ospf認證
2R2跑靜態路由
3PC1,PC2不允許訪問PC6,儘可能在源頭上禁止
4R2的ip地址分配基於接口的DHCP分配,R3基於全局的DHCP分配
二、拓撲網絡如下
三、配置命令如下
1、R1配置
[Huawei]system view //進入系統視圖
[Huawei]sysname r1 //給r1路由命名
[r1]int g0/0/0 //進入接口
[r1-GigabitEthernet0/0/0]ip add 10.1.123.1 24 //配置相應的ip地址
[r1]int LoopBack 0 //創建環回口
[r1-LoopBack0]ip add 1.1.1.1 24 //給環回口創建ip地址
<r1>disp ip int brief //查看ip地址配置
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.123.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
[r1]ospf router-id 1.1.1.1 //啓動ospf,配置相應的router ID
[r1-ospf-1]area 0 //進入到區域0
[r1-ospf-1-area-0.0.0.0]network 10.1.123.1 0.0.0.0 //宣佈所擁有的網絡地址,注意:後面接的是反掩碼,如果該網絡是接口地址,反掩碼爲全0
[r1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.255
[r1-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 10.1.123.1 0.0.0.0
#
return
<r1>save //保存配置
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
2、R2配置
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip add 10.1.123.2 24
[r2-GigabitEthernet0/0/2]q
[r2]int loopback 0
[r2-LoopBack0]q
[r2]dhcp enable //DHCP使能
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]int g0/0/1 //進入鏈接DHCP客戶端的端口
[r2-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[r2-GigabitEthernet0/0/1]dhcp select interface //用來關聯接口和接口地址池
[r2-GigabitEthernet0/0/1]dhcp server dns-list 8.8.8.8 //指定接口地址池下的DNS服務器地址
[r2-GigabitEthernet0/0/1]disp this //查看DHCP配置接口
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 192.168.2.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
return
<r2>disp ip interface brief //查看接口的IP地址
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 192.168.2.254/24 up up
GigabitEthernet0/0/2 10.1.123.2/24 up up
LoopBack0 unassigned up up(s)
NULL0 unassigned up up(s)
[r2]ip route-static 0.0.0.0 0 10.1.123.3 給R2配置默認靜態路由,去往所有網絡都通過10.1.123.3來尋找
[r2]ping 10.1.123.1 //驗證配置是否成功,能ping通即聯網了
PING 10.1.123.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.123.1: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.123.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.1.123.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 10.1.123.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.1.123.1: bytes=56 Sequence=5 ttl=255 time=40 ms
--- 10.1.123.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/46/90 ms
[r2]ping 10.1.34.4 //驗證ping通
PING 10.1.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.34.4: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.1.34.4: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.1.34.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/40 ms
<r2>save //保存配置
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
3、R3配置
<Huawei>
Please check whether system data has been changed, and save data in time
Configuration console time out, please press any key to log on
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sy
[Huawei]sysname r3
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 10.1.123.3 24
[r3-GigabitEthernet0/0/1]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 10.1.34.3 24
[r3-GigabitEthernet0/0/0]q
[r3]dhcp enable //DHCP使能
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]ip add 192.168.3.254 24
[r3-GigabitEthernet0/0/2]q
[r3]ip pool test //給地址池命名爲test
Info: It's successful to create an IP address pool.
[r3-ip-pool-test]network 192.168.3.0 mask 255.255.255.0 //給地址池分配網段和掩碼
[r3-ip-pool-test]dns-list 8.8.8.8 //配置域名解析
[r3-ip-pool-test]gateway-list 192.168.3.254 //配置出口網關地址
[r3-ip-pool-test]lease day 3 //配置IP地址的租期爲3天
[r3-ip-pool-test]q
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global //使接口有DHCP服務器功能,DHCP關聯全局地址池
[r3-GigabitEthernet0/0/2]disp this //查看配置結果
[V200R003C00]
#
interface GigabitEthernet0/0/2
ip address 192.168.3.254 255.255.255.0
dhcp select global
#
return
[r3-GigabitEthernet0/0/2]q
[r3]int LoopBack 0
[r3-LoopBack0]ip add 3.3.3.3 24
[r3-LoopBack0]q
[r3]disp ip interface brief //查看接口IP地址
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.34.3/24 up up
GigabitEthernet0/0/1 10.1.123.3/24 up up
GigabitEthernet0/0/2 192.168.3.254/24 up up
LoopBack0 3.3.3.3/24 up up(s)
NULL0 unassigned up up(s)
[r3]ospf router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 10.1.34.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 10.1.123.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 192.168.3.254 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.255
[r3-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 10.1.34.3 0.0.0.0
network 10.1.123.3 0.0.0.0
network 192.168.3.0 0.0.0.255
#
return
[r3]int g0/0/1 //在r3上配置ospf認證
[r3-GigabitEthernet0/0/1]ospf authentication-mode ?
hmac-md5 Use HMAC-MD5 algorithm
keychain Keychain authentication mode
md5 Use MD5 algorithm
null Use null authentication
simple Simple authentication mode
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 ?
INTEGER<1-255> Key ID
<cr> Please press ENTER to execute command
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 ?
STRING<1-255>/<20-392> The password (key)
cipher Encryption type (Cryptogram)
plain Encryption type (Plain text)
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 cipher ?
STRING<1-255>/<20-392> The password (key)
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 123 cipher huawei
[r3-GigabitEthernet0/0/1]q
<r3>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
4、R4配置
The device is running!
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 10.1.34.4 24
[r4]int loopback 0
[r4-LoopBack0]ip add 4.4.4.4 24
[r4-LoopBack0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.4.254 24
<r4>disp ip int brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.34.4/24 up up
GigabitEthernet0/0/1 192.168.4.254/24 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 4.4.4.4/24 up up(s)
NULL0 unassigned up up(s)
[r4]ospf router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 192.168.4.254 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 10.1.34.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]disp this
[V200R003C00]
#
area 0.0.0.0
network 10.1.34.4 0.0.0.0
network 192.168.4.0 0.0.0.255
#
return
[r4]acl 2000 match-order config //設置ACL爲手動設置
[r4-acl-basic-2000]rule deny source ?
IP_ADDR<X.X.X.X> Address of source
any Any source
[r4-acl-basic-2000]rule deny source 192.168.2.253 0.0.0.0 //配置規則,這裏禁止IP地址爲192.168.2.254的主機訪問
[r4-acl-basic-2000]rule deny source 192.168.2.252 0.0.0.0
[r4-acl-basic-2000]disp this //查看配置結果
[V200R003C00]
#
acl number 2000
rule 5 deny source 192.168.2.253 0
rule 10 deny source 192.168.2.252 0
#
return
[r4-acl-basic-2000]q
[r4]q
<r4>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated