【华为实验】一文带你轻松掌握综合实验！

网络工程师必备：静态路由实验指南

PPPoE实验新手必备：从0到1的网络配置指南！

动态路由实验新手入门：快速掌握核心知识点

........

大家好，今天带大家学习一下华为初级课程里面的综合实验。

01

实验拓扑

02

实验需求

需求:

1.总部核心与接入层交换机通过L2 Eth-trunk互联

2.总部通过L3交换机实现内网互通

3.总部PC通过DHCP获取地址

4.分部通过单臂路由实现内网互通

5.总部三层运行OSPF，并且下发默认路由

6.总部分部均通过NAT实现外网访问

7.R1通过telnetR2的外网地址从而登陆DHCP服务器

8.总部三层运行OSPF，并且下发默认路由

9.通过ACL控制PC1和DHCP-Server的互访

03

实验步骤

a. 总部交换机二层配置需求

Core-SW1：

[Core-SW1]vlan batch 10 20 50

[Core-SW1]int Eth-Trunk 1

[Core-SW1-Eth-Trunk1]trunkport g0/0/2

[Core-SW1-Eth-Trunk1]trunkport g0/0/3

[Core-SW1-Eth-Trunk1]port link-type trunk

[Core-SW1-Eth-Trunk1]port trunk allow-pass vlan all

[Core-SW1]int Eth-Trunk 2

[Core-SW1-Eth-Trunk2]trunkport g0/0/4

[Core-SW1-Eth-Trunk2]trunkport g0/0/5

[Core-SW1-Eth-Trunk2]port link-type trunk

[Core-SW1-Eth-Trunk2]port trunk allow-pass vlan all

[Core-SW1]int g0/0/6

[Core-SW1-GigabitEthernet0/0/6]port link-type access

[Core-SW1-GigabitEthernet0/0/6]port default vlan 50

Access-SW2：

[Access-SW2]vlan batch 10 20 50

[Access-SW2]int Eth-Trunk 1

[Access-SW2-Eth-Trunk1]trunkport g0/0/1

[Access-SW2-Eth-Trunk1]trunkport g0/0/2

[Access-SW2-Eth-Trunk1]port link-type trunk

[Access-SW2-Eth-Trunk1]port trunk allow-pass vlan all

[Access-SW2]int g0/0/3

[Access-SW2-GigabitEthernet0/0/3]port link-type access

[Access-SW2-GigabitEthernet0/0/3]port default vlan 10

Access-SW3：

[Access-SW3]vlan batch 10 20 50

[Access-SW3]int Eth-Trunk 2

[Access-SW3-Eth-Trunk2]trunkport g0/0/1

[Access-SW3-Eth-Trunk2]trunkport g0/0/2

[Access-SW3-Eth-Trunk2]port link-type trunk

[Access-SW3-Eth-Trunk2]port trunk allow-pass vlan all

[Access-SW3]int g0/0/3

[Access-SW3-GigabitEthernet0/0/3]port link-type access

[Access-SW3-GigabitEthernet0/0/3]port default vlan 20

b. 总部交换机三层配置需求

Core-SW：

[Core-SW1]int vlan 10

[Core-SW1-Vlanif10]ip add 192.168.10.254 24

[Core-SW1]int vlan 20

[Core-SW1-Vlanif20]ip add 192.168.20.254 24

[Core-SW1]int vlan 50

[Core-SW1-Vlanif50]ip add 192.168.50.254 24

[Core-SW1]vlan 100

[Core-SW1]int vlan 100

[Core-SW1-Vlanif100]ip add 100.1.1.1 24

[Core-SW1]int g0/0/1

[Core-SW1-GigabitEthernet0/0/1]port link-type access

[Core-SW1-GigabitEthernet0/0/1]port default vlan 100

R2：

[R2]int g0/0/1

[R2-GigabitEthernet0/0/1]ip add 100.1.1.254 24

DHCP-Server：

[DHCP-Server]int g0/0/0

[DHCP-Server-GigabitEthernet0/0/0]ip add 192.168.50.1 24

此时，在Core-SW上测试连通性正常：

c. 总部DHCP配置

DHCP-Server：

[DHCP-Server]dhcp enable

[DHCP-Server]ip pool Vlan10

[DHCP-Server-ip-pool-Vlan10]network 192.168.10.0 mask 24

[DHCP-Server-ip-pool-Vlan10]gateway-list 192.168.10.254

[DHCP-Server]ip pool Vlan20

[DHCP-Server-ip-pool-Vlan20]network 192.168.20.0 mask 24

[DHCP-Server-ip-pool-Vlan10]gateway-list 192.168.20.254

[DHCP-Server]ip route-static 0.0.0.0 0.0.0.0 192.168.50.254

[DHCP-Server]int g0/0/0

[DHCP-Server-GigabitEthernet0/0/0]dhcp select global

Core-SW1：

[Core-SW1]dhcp enable

[Core-SW1]int vlan 10

[Core-SW1-Vlanif10]dhcp select relay

[Core-SW1-Vlanif10]dhcp relay server-ip 192.168.50.1

[Core-SW1]int vlan 20

[Core-SW1-Vlanif20]dhcp select relay

[Core-SW1-Vlanif20]dhcp relay server-ip 192.168.50.1

测试PC能否获取地址：

PC1正常获取地址：

PC2正常获取地址：

并且此时PC2和PC1之间通信正常：

d. 分部单臂路由及二层配置

R1：

[R1]int g0/0/1.30

[R1-GigabitEthernet0/0/1.30]dot1q termination vid 30

[R1-GigabitEthernet0/0/1.30]ip add 192.168.30.254 24

[R1-GigabitEthernet0/0/1.30]arp broadcast enable

[R1]int g0/0/1.40

[R1-GigabitEthernet0/0/1.40]dot1q termination vid 40

[R1-GigabitEthernet0/0/1.40]ip add 192.168.40.254 24

[R1-GigabitEthernet0/0/1.40]arp broadcast enable

Access-SW4：

[Access-SW4]vlan batch 30 40

[Access-SW4]int g0/0/1

[Access-SW4-GigabitEthernet0/0/1]port link-type trunk

[Access-SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Access-SW4]int g0/0/2

[Access-SW4-GigabitEthernet0/0/2]port link-type access

[Access-SW4-GigabitEthernet0/0/2]port default vlan 30

[Access-SW4]int g0/0/3

[Access-SW4-GigabitEthernet0/0/3]port link-type access

[Access-SW4-GigabitEthernet0/0/3]port default vlan 40

测试给PC3和PC4手动配置地址后网络连通性：

PC3手动配置地址：

PC4手动配置地址：

并且此时PC3和PC4之间通信正常：

e. 总部的OSPF以及下发默认路由

R2：

[R2]int g0/0/0

[R2-GigabitEthernet0/0/0]ip add 61.128.1.100 24

[R2]ip route-static 0.0.0.0 0.0.0.0 61.128.1.200

[R2]ospf 1

[R2-ospf-1]default-route-advertise

[R2-ospf-1]ar 0

[R2-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

Core-SW1：

[Core-SW1]ospf 1

[Core-SW1-ospf-1]ar 0

[Core-SW1-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0

此时R1和Core-SW1之间OSPF邻居状态为full，且Core-SW1上有一条去往R1的默认路由：

f. 总部和分部的SNAT

R12：

[R12]int lo0

[R12-LoopBack0]ip add 8.8.8.8 24

[R12-LoopBack0]int g0/0/0

[R12-GigabitEthernet0/0/0]ip add 28.9.4.200 24

[R12-GigabitEthernet0/0/0]int g0/0/1

[R12-GigabitEthernet0/0/1]ip add 61.128.1.200 24

R2：

[R2]acl 2000

[R2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255

[R2]int g0/0/0

[R2-GigabitEthernet0/0/0]nat outbound 2000

此时PC1，PC2和DHCP-Server都能ping通8.8.8.8，且在R1上能看到地址转换：

R1：

[R1]acl 2000

[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255

[R1]int g0/0/0

[R1-GigabitEthernet0/0/0]ip add 28.9.4.100 24

[R1-GigabitEthernet0/0/0]nat outbound 2000

[R1]ip route-static 0.0.0.0 0.0.0.0 28.9.4.200

此时PC3，PC4都能ping通8.8.8.8，且在R2上能看到地址转换：

g. DNAT

DHCP-Server：

[DHCP-Server]user-interface vty 0 4

[DHCP-Server-ui-vty0-4]authentication-mode password

Please configure the login password (maximum length 16):huawei

R2:

[R2]int g0/0/0

[R2-GigabitEthernet0/0/0]nat static protocol tcp global 61.128.1.101 23 inside 192.168.50.1 23

此时R2 telnet61.128.1.101其实是跳转到DHCP-Server上：

h. ACL

DHCP-Server:

[DHCP-Server]acl 3000

[DHCP-Server-acl-adv-3000]rule deny icmp source 192.168.10.253 0 destination 192.168.50.1 0

[DHCP-Server]int g0/0/0

[DHCP-Server-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

此时PC1无法ping通 DHCP-Server