H3C综合配置
二、实验场景:
H公司的网络拓扑图如上,网络环境描述如下:
- RTB是H 公司汇聚层路由,并且是连接外部网络的出口路由器
- SWA 连接公司局域网用户PCA,PCA通过在RTB 上配置的NAT转换访问公网
- 公司用户PCB要求可以远程登录内网路由器RTA
- SWB和RTA之间通过以太网连接,使用RIPV2实现互联
- RTA和RTB之间通过PPP以及RIPV2实现互联,RTA和RTB之间配置CHAP 双向认证
- SWA和SWB ,RTB和SWC 之间使用以太网,配置静态路由实现互联
三、实验要求:
请搭建并配置H公司网络,要求:
- 根据图示完成拓扑链接,并按图示完成标识。
- 正确配置IP 地址,注意接口地址依据所选择设备进行适当调整,例如:G0/1调整为G1/0/1,请在不修改图示IP地址的前提下将其配置在正确的接口上。
- 正确配置SWA和SWB互联接口“G0/23”和“G0/24”间的链路聚合,在保证设备间无环路情况下,成倍提高互联宽带。
- 正确配置RTA和RTB之间的PPP及其CHAP协议双向认证(即RTA和RTB互为认证),两个路由器上的用户名都为CHAP,密码都为test,使得RTA和RTB广域网实现互通。
- 正确配置SWB,RTA,RTB之间的 RIPV2 协议,要求:
- SWA和SWB、RTB和 SWC的互联网段不能使用RIP协议发布路由
- 在配置RIPV2时不允许使用import命令
- PCA可以ping通RTB的 GE0/1接口IP
6.在RTB上配置NAT以及各路由器的静态路由实现H公司局域网用户通过NAT 转换访问SWC及PCB:
- 正确配置访问控制列表,实现只允许PCA所在的网段通过Nat转换访问SWC
- 在RTB上使用NAPT的方式实现NAT转换,NAT地址池为100.1.1.100-100.1.1.110
- 正确配置NAT sever服务,让PCB可以远程Telnet到RTA上配置设备
- 配置合理的静态路由,使得PCA可以ping通PCB
7.在网络中合理的设备上配置ACL,要求:
- PCA和RTA无法相互ping通,但是PCA依然可以ping通网络中其他设备的任一正常工作的接口地址
- PCA无法Telnet到RTA,但PCB可以Telnet到RTA,且以用户名及密码(用户名为user密码:3011)方式登录,登录后具有管理员权限。
搭建如图所示拓扑结果,配置SWA和SWB互联接口“G0/23”和“G0/24”间的链路聚合
SWA命令:
[H3C]hostname SWA
[SWA]interface Bridge-Aggregation 1
[SWA]interface GigabitEthernet 1/0/23
[SWA-GigabitEthernet1/0/23]port link-aggregation group 1
[SWA]interface GigabitEthernet 1/0/24
[SWA-GigabitEthernet1/0/24]port link-aggregation group 1
[SWA]vlan 3
[SWA]interface Bridge-Aggregation 1
[SWA-Bridge-Aggregation1]port link-type access
[SWA-Bridge-Aggregation1]port access vlan 3
[SWA]interface Vlan-interface 3
[SWA-Vlan-interface3]ip address 10.1.2.1 30
SWB命令:
[H3C]hostname SWB
[SWB]interface Bridge-Aggregation 1
[SWB]interface GigabitEthernet 1/0/23
[SWB-GigabitEthernet1/0/23]port link-aggregation group 1
[SWB]interface GigabitEthernet 1/0/24
[SWB-GigabitEthernet1/0/24]port link-aggregation group 1
[SWB]vlan 3
[SWB]interface Bridge-Aggregation 1
[SWB-Bridge-Aggregation1]port link-type access
[SWB-Bridge-Aggregation1]port access vlan 3
[SWB]interface Vlan-interface 3
[SWB-Vlan-interface3]ip address 10.1.2.2 30
测试链路聚合:
连接RTA和RTB ,并且启动路由器。配置RTA和RTB之间的PPP及其CHAP协议双向认证。
RTA命令:
[H3C]hostname RTA
[RTA]local-user CHAP class network
[RTA-luser-network-CHAP]password simple test
[RTA-luser-network-CHAP]service-type ppp
[RTA]interface Serial 1/0
[RTA-Serial1/0]ppp authentication-mode chap
[RTA-Serial1/0]ppp chap user CHAP
[RTA-Serial1/0]ppp chap password simple test
[RTA-Serial1/0]ip address 10.1.4.1 30
[RTA-Serial1/0]shutdown
[RTA-Serial1/0]undo shutdown
RTB命令:
[H3C]hostname RTB
[RTB]local-user CHAP class network
[RTB-luser-network-CHAP]password simple test
[RTB-luser-network-CHAP]service-type ppp
[RTB]interface Serial 1/0
[RTB-Serial1/0]ppp authentication-mode chap
[RTB-Serial1/0]ppp chap user CHAP
[RTB-Serial1/0]ppp chap password simple test
[RTB-Serial1/0]ip address 10.1.4.2 30
chap 双向认证测试:
继续连接拓扑结构,配置SWB,RTA,RTB之间的 RIPV2 协议。
SWB命令:
[SWB]vlan 2
[SWB]interface vlan 2
[SWB-Vlan-interface2]ip address 10.1.3.1 30
[SWB]interface GigabitEthernet 1/0/1
[SWB-GigabitEthernet1/0/1]port link-type access
[SWB-GigabitEthernet1/0/1]port access vlan 2
[SWB]rip
[SWB-rip-1]version 2
[SWB-rip-1]network 10.1.3.0 0.0.0.3
[SWB-rip-1]network 10.1.2.0 0.0.0.3
[SWB]interface Vlan-interface 3
[SWB-Vlan-interface3]undo rip output
[SWB]ip route-static 0.0.0.0 0.0.0.0 10.1.3.2
[SWB]ip route-static 10.1.1.0 255.255.255.0 10.1.2.1
RTA命令:
[RTA]interface GigabitEthernet 0/1
[RTA-GigabitEthernet0/1]ip add 10.1.3.2 30
[RTA-GigabitEthernet0/1]undo shutdown
[RTA]rip
[RTA-rip-1]version 2
[RTA-rip-1]network 10.1.3.0 0.0.0.3
[RTA-rip-1]network 10.1.4.0 0.0.0.3
[RTA]ip route-static 0.0.0.0 0.0.0.0 10.1.4.2
[RTA]ip route-static 10.1.1.0 255.255.255.0 10.1.3.1
RTB命令:
[RTB]interface GigabitEthernet 0/1
[RTB-GigabitEthernet0/1]ip address 100.1.1.1 24
[RTB-GigabitEthernet0/1]undo shutdown
[RTB]rip
[RTB-rip-1]version 2
[RTB-rip-1]network 10.1.4.0 0.0.0.3
[RTB]interface GigabitEthernet 0/1
[RTB-GigabitEthernet0/1]ip add 100.1.1.1 24
[RTB-GigabitEthernet0/1]undo rip output
[RTB]ip route-static 10.1.1.0 255.255.255.0 10.1.4.1
SWA命令:
[SWA]ip route-static 0.0.0.0 0.0.0.0 10.1.2.2
[SWA]vlan 2
[SWA]interface GigabitEthernet 1/0/1
[SWA-GigabitEthernet1/0/1]port link-type access
[SWA-GigabitEthernet1/0/1]port access vlan 2
[SWA]interface Vlan-interface 2
[SWA-Vlan-interface2]ip address 10.1.1.254 24
PC1配置:
配置NAT以及各路由器的静态路由实现H公司局域网用户通过NAT 转换访问SWC及PCB
[RTB]acl basic 2000
[RTB-acl-ipv4-basic-2000]rule permit source 10.1.1.10 0.0.0.255
[RTB-acl-ipv4-basic-2000]rule permit source 10.1.4.1 0.0.0.0
[RTB]nat address-group 1
[RTB-address-group-1]address 100.1.1.100 100.1.1.110
[RTB]interface GigabitEthernet 0/1
[RTB-GigabitEthernet0/1]nat outbound 2000 address-group 1
[RTB-GigabitEthernet0/1]nat server protocol tcp global 100.1.1.111 inside10.1.4.1 telnet
[RTB]ip route-static 0.0.0.0 0.0.0.0 100.1.1.2
SWC命令:
[H3C]hostname SWC
[SWC]vlan 3
[SWC]vlan 2
[SWC]interface GigabitEthernet 1/0/1
[SWC-GigabitEthernet1/0/1]port link-type access
[SWC-GigabitEthernet1/0/1]port access vlan 2
[SWC]interface GigabitEthernet 1/0/2
[SWC-GigabitEthernet1/0/2]port link-type access
[SWC-GigabitEthernet1/0/2]port access vlan 3
[SWC]interface Vlan-interface 3
[SWC-Vlan-interface3]ip address 100.1.1.2 24
[SWC]interface vlan 2
[SWC-Vlan-interface2]ip address 101.1.1.254
RTA命令:
[RTA]telnet server enable
[RTA]user-interface vty 0
[RTA-line-vty0]authentication-mode scheme
[RTA-line-vty0]protocol inbound telnet
[RTA-line-vty0]screen-length 30
[RTA-line-vty0]history-command max-size 20
[RTA-line-vty0]idle-timeout 10
[RTA]local-user user
[RTA-luser-manage-user]password simple 3011
[RTA-luser-manage-user]service-type telnet
[RTA-luser-manage-user]authorization-attribute user-role network-admin