【华为

！！每个部分下的内容比较多，避免浪费时间翻阅，可以根据目录导向查看指定内容！！

实验拓扑及要求： 配置过程： system-view [AR1]int GigabitEthernet 0/0/0 [AR1-GigabitEthernet0/0/0]ip address 172.16.1.1 24 sys [AR2]int GigabitEthernet 0/0/0 [AR2-GigabitEthernet0/0/0]ip address 172.16.1.2 24

实验拓扑及要求： 配置过程： system-view [AR1]int GigabitEthernet 0/0/0 [AR1-GigabitEthernet0/0/0]ip address 192.168.1.1 24 [AR1-GigabitEthernet0/0/0]q [AR1]dhcp enable [AR1]int GigabitEthernet 0/0/0 [AR1-GigabitEthernet0/0/0]dhcp select interface

实验拓扑及要求： 配置过程： system-view [AR1]dhcp enable [AR1-GigabitEthernet0/0/0]dhcp server dns-list 192.168.1.100 （开启PC1的DHCP选项、开启DNS SERVER功能，其中DNS SERVER默认地址是PC2的静态IP地址：192.168.1.200）

实验拓扑及要求：

配置过程： （需要提前将PC和SERVER的IP地址、网关地址都设置好） 先配置IP地址： R1： system-view [Huawei]int Ethernet 0/0/0 [Huawei-Ethernet0/0/0]ip address 192.168.1.2 24 [Huawei]int GigabitEthernet0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.2.1 24 R2： system-view [Huawei]int GigabitEthernet0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.2.2 24 [Huawei]int GigabitEthernet0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.3.1 24 R3： system-view [Huawei]int GigabitEthernet0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.2.2 24 [Huawei]int GigabitEthernet0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.3.1 24 R4： system-view [Huawei]int GigabitEthernet0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.3.2 24 [Huawei]int GigabitEthernet0/0/0 [Huawei-GigabitEthernet0/0/0]ip address 192.168.4.2 24 再配置静态路由： R1： [Huawei]ip route-static 192.168.3.0 24 192.168.2.2 [Huawei]ip route-static 192.168.4.0 24 192.168.2.2 R2： [Huawei]ip route-static 192.168.1.0 24 192.168.2.1 [Huawei]ip route-static 192.168.4.0 24 192.168.3.2 R3： [Huawei]ip route-static 192.168.1.0 24 192.168.3.1 [Huawei]ip route-static 192.168.2.0 24 192.168.3.1

实验拓扑及要求： 配置过程： SW1上： system-view [Huawei]sysname SW1 [SW1]vlan batch 10 20 [SW1]int GigabitEthernet 0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 10 [SW1-GigabitEthernet0/0/1]q [SW1]interface GigabitEthernet 0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 10 [SW1-GigabitEthernet0/0/2]q [SW1]int GigabitEthernet 0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 20 [SW1-GigabitEthernet0/0/3]q [SW1]interface GigabitEthernet 0/0/4 [SW1-GigabitEthernet0/0/4]port link-type trunk [SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all SW2上： system-view [Huawei]sysname SW2 [SW2]vlan batch 10 20 [SW2]interface GigabitEthernet 0/0/2 [SW2-GigabitEthernet0/0/2]port link-type access [SW2-GigabitEthernet0/0/2]port default vlan 10 [SW2-GigabitEthernet0/0/2]q [SW2]interface GigabitEthernet 0/0/1 [SW2-GigabitEthernet0/0/1]port link-type access [SW2-GigabitEthernet0/0/1]port default vlan 20 [SW2-GigabitEthernet0/0/1]q [SW2]interface GigabitEthernet 0/0/3 [SW2-GigabitEthernet0/0/3]port link-type trunk [SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all

实验拓扑及要求： 配置过程： (由于两台PC的IP地址和网关都已经配好，所以可直接在SW1、SW2上进行vlan互连的过程配置) SW1上： system-view [Huawei]sysname SW1 [SW1]vlan batch 10 20 [SW1]int Ethernet0/0/1 [SW1-Ethernet0/0/1]port link-type access [SW1-Ethernet0/0/1]port default vlan 10 [SW1-Ethernet0/0/1]q [SW1]int Ethernet0/0/2 [SW1-Ethernet0/0/2]port link-type access [SW1-Ethernet0/0/2]port default vlan 20 [SW1-Ethernet0/0/2]q [SW1]int Ethernet0/0/3 [SW1-Ethernet0/0/3]port link-type trunk [SW1-Ethernet0/0/3]port trunk allow-pass vlan 10 20 SW2上： system-view [Huawei]sysname SW2 [SW2]vlan batch 10 20 [SW2]int GigabitEthernet 0/0/1 [SW2-GigabitEthernet0/0/1]port link-type trunk [SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 [SW2-GigabitEthernet0/0/1]q [SW2]interface Vlanif 10 [SW2-Vlanif10]ip address 192.168.10.254 24 [SW2-Vlanif10]q [SW2]interface Vlanif 20 [SW2-Vlanif20]ip address 192.168.20.254 24

实验拓扑及要求： （要求配置ACL后，PC1不可以访问PC2，而其他终端的访问不受限制） 配置过程： system-view [Huawei]sysname ROUTER [ROUTER]acl 3000 [ROUTER-acl-adv-3000]rule 1 deny ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255 [ROUTER-acl-adv-3000]rule 2 permit ip source any destination any [ROUTER]int GigabitEthernet 0/0/1 [ROUTER-GigabitEthernet0/0/1]traffic-filter outbound acl 3000 [ROUTER-GigabitEthernet0/0/1]q

实验拓扑及要求： 配置过程： （PC的IP已配置完毕） ROUTRE1上： system-view [Huawei]sysname 1 [1]int GigabitEthernet 0/0/0 [1-GigabitEthernet0/0/0]ip address 172.16.1.254 24 [1-GigabitEthernet0/0/0]q [1]int GigabitEthernet 0/0/1 [1-GigabitEthernet0/0/1]ip address 100.100.100.1 24 [1-GigabitEthernet0/0/1]q [1]nat address-group 1 100.100.100.50 100.100.100.50 [1]acl 2000 [1-acl-basic-2000]rule 5 permit source 172.16.1.0 0.0.0.255 [1-acl-basic-2000]q [1]int GigabitEthernet 0/0/1 [1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 [1-GigabitEthernet0/0/1]q ROUTER2上： system-view [Huawei]sysname 2 [2]int GigabitEthernet 0/0/0 [2-GigabitEthernet0/0/0]ip address 100.100.100.100 24

实验拓扑及要求： （整体的配置过程分为两阶段，分别是内网阶段配置和内外网连接配置） 配置过程： 阶段一：内部环境配置搭建及DHCP设置** （先将PC1 PC2 PC3IP获取方式调整成DHCP，注意，需要提前将内网SERVER的IP172.16.100.1、DNS服务器域名www.123.com等设置好） ACSW1上： system-view [Huawei]sysname ACSW1 [ACSW1]vlan 10 [ACSW1-vlan10]q （创建vlan10的步骤，由于CORE和ACSW1是直连的，所以也可以在CORE上进行、节省操作和时间） [ACSW1]int GigabitEthernet 0/0/1 [ACSW1-GigabitEthernet0/0/1]port link-type access [ACSW1-GigabitEthernet0/0/1]port default vlan 10 [ACSW1]int GigabitEthernet 0/0/2 [ACSW1-GigabitEthernet0/0/2]port link-type trunk [ACSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 ACSW2上： system-view [Huawei]sysname ACSW2 [ACSW2]vlan batch 20 30 [ACSW2]int GigabitEthernet 0/0/1 [ACSW2-GigabitEthernet0/0/1]port link-type access [ACSW2-GigabitEthernet0/0/1]port default vlan 20 [ACSW2-GigabitEthernet0/0/1]q [ACSW2]int GigabitEthernet 0/0/2 [ACSW2-GigabitEthernet0/0/2]port link-type access [ACSW2-GigabitEthernet0/0/2]port default vlan 30 [ACSW2-GigabitEthernet0/0/2]q [ACSW2]int GigabitEthernet 0/0/3 [ACSW2-GigabitEthernet0/0/3]port link-type trunk [ACSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 30 [ACSW2-GigabitEthernet0/0/3]q CORESW上： system-view [Huawei]sysname CORESW [CORESW]vlan batch 10 20 30 40 [CORESW]int GigabitEthernet 0/0/1 [CORESW-GigabitEthernet0/0/1]port link-type trunk [CORESW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 [CORESW-GigabitEthernet0/0/1]q [CORESW]int Vlanif 10 [CORESW-Vlanif10]ip address 192.168.10.254 24 [CORESW-Vlanif10]q [CORESW]int GigabitEthernet 0/0/2 [CORESW-GigabitEthernet0/0/2]port link-type trunk [CORESW-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 30 [CORESW-GigabitEthernet0/0/2]q [CORESW]int Vlanif 20 [CORESW-Vlanif20]ip address 192.168.20.254 24 [CORESW-Vlanif20]q [CORESW]int Vlanif 30 [CORESW-Vlanif30]ip address 192.168.30.254 24 [CORESW-Vlanif30]q [CORESW]int GigabitEthernet 0/0/3 [CORESW-GigabitEthernet0/0/3]port link-type access [CORESW-GigabitEthernet0/0/3]port default vlan 40 [CORESW-GigabitEthernet0/0/3]q [CORESW]int Vlanif 40 [CORESW-Vlanif40]ip address 172.16.100.254 24 [CORESW-Vlanif40]q [CORESW]dhcp enable [CORESW]ip pool 1 [CORESW-ip-pool-1]network 192.168.10.0 mask 24 [CORESW-ip-pool-1]gateway-list 192.168.10.254 [CORESW-ip-pool-1]excluded-ip-address 192.168.10.2 192.168.10.253 [CORESW-ip-pool-1]dns-list 172.16.100.1 [CORESW-ip-pool-1]q [CORESW]ip pool 2 [CORESW-ip-pool-2]network 192.168.20.0 mask 24 [CORESW-ip-pool-2]gateway-list 192.168.20.254 [CORESW-ip-pool-2]dns-list 172.16.100.1 [CORESW-ip-pool-2]excluded-ip-address 192.168.20.2 192.168.20.253 [CORESW-ip-pool-2]q [CORESW]ip pool 3 [CORESW-ip-pool-3]network 192.168.30.0 mask 24 [CORESW-ip-pool-3]gateway-list 192.168.30.254 [CORESW-ip-pool-3]dns-list 172.16.100.1 [CORESW-ip-pool-3]excluded-ip-address 192.168.30.2 192.168.30.253 [CORESW-ip-pool-3]q [CORESW]int Vlanif 10 [CORESW-Vlanif10]dhcp select global [CORESW-Vlanif10]q [CORESW]int Vlanif 20 [CORESW-Vlanif20]dhcp select global [CORESW-Vlanif20]q [CORESW]int Vlanif 30 [CORESW-Vlanif30]dhcp select global [CORESW-Vlanif30]q （阶段一已配置完成，可以尝试使用三个PC去ping通内网SERVER的地址和域名）

阶段二：外网和内网通信，并添加ACL和NAT （先配置外网SERVER IP地址8.8.8.8、网关8.8.8.254） CORE上： [CORESW]vlan 100 [CORESW-vlan100]q [CORESW]int GigabitEthernet 0/0/4 [CORESW-GigabitEthernet0/0/4]port link-type access [CORESW-GigabitEthernet0/0/4]port default vlan 100 [CORESW-GigabitEthernet0/0/4]q [CORESW]int Vlanif 100 [CORESW-Vlanif100]ip address 10.10.10.1 24 [CORESW]ip route-static 0.0.0.0 0.0.0.0 10.10.10.2 ROUTER1上： system-view [Huawei]sysname ROUTER1 [ROUTER1]int GigabitEthernet 0/0/0 [ROUTER1-GigabitEthernet0/0/0]ip address 10.10.10.2 24 [ROUTER1-GigabitEthernet0/0/0]q [ROUTER1]int GigabitEthernet 0/0/1 [ROUTER1-GigabitEthernet0/0/1]ip address 64.1.1.1 24 [ROUTER1-GigabitEthernet0/0/1]q [ROUTER1]ip route-static 0.0.0.0 0.0.0.0 64.1.1.2 [ROUTER1]ip route-static 192.168.0.0 255.255.0.0 10.10.10.1 [ROUTER1]ip route-static 172.16.100.0 255.255.255.0 10.10.10.1 [ROUTER1]acl 2000 [ROUTER1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 [ROUTER1-acl-basic-2000]q [ROUTER1]int GigabitEthernet 0/0/1 [ROUTER1-GigabitEthernet0/0/1]nat outbound 2000 [ROUTER1-GigabitEthernet0/0/1]q [ROUTER1]acl 2001 [ROUTER1-acl-basic-2001]rule deny source 192.168.10.0 0.0.0.255 [ROUTER1-acl-basic-2001]rule permit source any [ROUTER1-acl-basic-2001]q [ROUTER1]int GigabitEthernet 0/0/0 [ROUTER1-GigabitEthernet0/0/0]traffic-filter inbound acl 2001 [ROUTER1-GigabitEthernet0/0/0]q ROUTER2上： system-view [Huawei]sysname ROUTER2 [ROUTER2]int GigabitEthernet 0/0/0 [ROUTER2-GigabitEthernet0/0/0]ip address 64.1.1.2 24 [ROUTER2-GigabitEthernet0/0/0]q [ROUTER2]int GigabitEthernet 0/0/1 [ROUTER2-GigabitEthernet0/0/1]ip address 8.8.8.254 24 [ROUTER2-GigabitEthernet0/0/1]q （至此，阶段二的内外网连通配置已完成，可以在添加ACL的前后，分别使用PC1对外网DNS地址8.8.8.8进行通信测试）

RIP：rip、network+直连网段（192.168.1.0、10.0.0.0）

OSPF：ospf、area 0、network+直连网段+子网掩码反码（0.0.0.255）

三层LSW：vlan batch 10 20(30)、port link-type access、port default vlan 10(20、30)、interface vlanif 10、ip address 192.168.1.254(192.168.2.1)、···、ospf、area 0、network 0.0.0.0 0.0.0.0

单臂路由：vlan batch 10 20、port link-type access、port default vlan 10(20)、···、port link-type trunk、port trunk allow-pass vlan 10 20、···、dot1q termination vid 10(20)、ip address 192.168.1(2).254 24、arp broadcast enable