大纲
1、静态路由:目标网络在什么位置,什么方向,确定一下跳:本路由对端直连接口的IP地址。
2、动态路由:ospf ,链路状态,发布本地的链路状态信息给自己的所有的直连邻居。network 本地网段 反掩码 在哪个接口上运行ospf协议就宣告那个网络。
3、路由备份协议:虚拟网关设置、vrrp协议优先级、接口路由追踪
4、DHCP协议,局域网,全局地址池,接口地址池,网关、dns、排除地址、租期
5、安全:区域的查看、区域的端口的添加,策略的设置
6、无线:AC的设置 SSID模板、认证模板、安全模板
ospf
#1
配置R1和R2路由器(路由器使用R2220),R1路由器配置端口g0/0/1地址为192.168.1.1/30,端口g0/0/1连接R2路由器。配置端口g0/0/2地址为192.168.2.1/24,作为内部PC1机网关地址。R2路由器配置端口g0/0/1地址为192.168.1.2/30,端口g0/0/1连接R1路由器,配置端口g0/0/2地址为192.168.3.1/24,作为内部PC2机网关地址。R1和R2路由器启用OSPF动态路由协议自动学习路由。使PC1和PC2可以相互访问。(所有配置命令使用完整命令)将上述所有操作命令及返回结果以文本形式提交到答题框。
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.2.1 24
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.2 30
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.3.1 24
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
vlan access trunk
#2
在eNSP中使用S5700交换机进行配置,通过一条命令划分vlan 2、vlan 3、vlan 1004,通过端口组的方式配置端口1-5为access模式,并添加至vlan2中。配置端口10为trunk模式,并放行vlan3。创建三层vlan 2,配置IP地址为:172.16.2.1/24,创建三层vlan1004,配置IP地址为:192.168.4.2/30。通过命令添加默认路由,下一跳为192.168.4.1。(使用完整命令)将上述操作命令及返回结果以文本形式提交到答题框。
[Huawei]vlan batch 2 3 1004
[Huawei]port-group 1
[Huawei-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/5
[Huawei-port-group-1]port link-type access
[Huawei-port-group-1]port default vlan 2
[Huawei]interface GigabitEthernet 0/0/10
[Huawei-GigabitEthernet0/0/10]port link-type trunk
[Huawei-GigabitEthernet0/0/10]port trunk allow-pass vlan 3
[Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 172.16.2.1 24
[Huawei]interface Vlanif 1004
[Huawei-Vlanif1004]ip address 192.168.4.2 30
[Huawei]ip route-static 0.0.0.0 0 192.168.4.1
#3
通过一条命令在S1交换机上创建vlan100、vlan101,配置vlan100网关为:172.16.100.254/24。配置vlan101网关为:172.16.101.254/24。配置g0/0/1端口为trunk模式,放行vlan100。配置g0/0/2端口为access模式,所属vlan101。将上述操作命令及返回结果以文本形式提交到答题框。
[SW1]vlan batch 101 100
[SW1]interface Vlanif 100
[SW1-Vlanif100]ip address 172.16.100.254 24
[SW1]interface Vlanif 101
[SW1-Vlanif101]ip address 172.16.101.254 24
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 101
[SW1-GigabitEthernet0/0/2]quit
vlan access trunk PAT
#4
交换机配置:交换机g0/0/1端口连接R1路由器,所属vlan1001,配置地址192.168.1.2/30,与路由器通信。配置g0/0/2连接PC1机,所属vlan101,配置PC1机网关地址为172.16.101.254/24。配置默认路由下一跳为路由器地址。路由器配置:R1路由器g0/0/1端口配置地址12.12.12.1/30,配置端口多路复用PAT配置。R1路由器g0/0/2端口配置地址192.168.1.1/30,连接交换机。路由器配置默认路由访问外部网络,配置静态路由访问PC机网络。(所有配置命令使用完整命令)将上述操作命令及返回结果以文本形式提交到答题框。
[Huawei]vlan batch 101 1001
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 1001
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface vlan 1001
[Huawei-Vlanif1001]ip address 192.168.1.2 30
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 101
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]interface vlan 101
[Huawei-Vlanif101]ip address 172.16.101.254 24
[Huawei-Vlanif101]quit
[Huawei]ip route-static 0.0.0.0 0 192.168.1.1
[Huawei]acl number 2000
[Huawei-acl-basic-2000]rule 1 permit
[Huawei-acl-basic-2000]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 12.12.12.1 30
[Huawei-GigabitEthernet0/0/1]nat outbound 2000
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.1.1 30
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]ip route-static 0.0.0.0 0 GigabitEthernet 0/0/1
[Huawei]ip route-static 172.16.101.0 255.255.255.0 192.168.1.2
无线AC
#5
配置无线AC控制器(型号使用AC6005),开启dhcp功能,设置vlan20网关地址为172.16.20.1/24,并配置vlan20接口服务器池,设置dhcp分发dns为114.114.114.114、223.5.5.5。将上述所有操作命令及返回结果以文本形式提交到答题框。
[SW1]vlan batch 20
[SW1]dhcp enable
[SW1]interface vlanif 20
[SW1-Vlanif20]ip address 172.16.20.1 24
[SW1-Vlanif20]dhcp select interface #给接口配置
[SW1-Vlanif20]dhcp server dns-list 114.114.114.114 223.5.5.5
无线AC security-profile ssid-profile vap-profile ap-group
#6
配置无线AC控制器,设置安全策略Internet,配置安全认证方式为wpa-wpa2,密码为a1234567,设置无线ssid为Internet,创建VAP模板名称为Internet,绑定业务vlan为101,绑定安全策略,绑定SSID模板,创建AP组,名称为ap-group1,绑定vap模板到射频卡0、1上。将上述所有操作命令及返回结果以文本形式提交到答题框。
[AC1-wlan-view]security-profile name Internet
[AC1-wlan-sec-prof-Internet]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-Internet]quit
[AC1-wlan-view]ssid-profile name Internet
[AC1-wlan-ssid-prof-Internet]ssid Internet
[AC1-wlan-ssid-prof-Internet]quit
[AC1-wlan-view]vap-profile name Internet
[AC1-wlan-vap-prof-Internet]forward-mode direct-forward
[AC1-wlan-vap-prof-Internet]service-vlan vlan-id 101
[AC1-wlan-vap-prof-Internet]security-profile Internet
[AC1-wlan-vap-prof-Internet]ssid-profile Internet
[AC1-wlan-vap-prof-Internet]quit
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile Internet wlan 1 radio 0
[AC1-wlan-ap-group-ap-group1]vap-profile Internet wlan 1 radio 1
[AC1-wlan-ap-group-ap-group1]quit
firewall policy nat-policy trust untrust
#7
配置防火墙g0/0/2端口添加至trust域,g0/0/1端口添加至untrust域。配置trust域到untrust域规则,放行内部地址172.16.105.0/24网段。配置NAT规则,匹配内部地址172.16.105.0/24网段,使用g0/0/1端口的地址进行转换。(所有配置命令使用完整命令)将上述所有操作命令及返回结果以文本形式提交到答题框。
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/2
[SRG-zone-trust]quit
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG-zone-untrust]quit
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.105.0 0.255.255.255
[SRG-policy-interzone-trust-untrust-outbound-0]quit
[SRG-policy-interzone-trust-untrust-outbound]quit
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.105.0 0.255.255.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
#8
配置防火墙g0/0/2为trust域,配置g0/0/1为untrust域,配置g0/0/2地址为10.10.5.1/24,配置g0/0/1端口地址为192.168.10.254/24,配置默认路由下一跳为192.168.10.1,配置从trust域到untrust域策略,匹配放行内部地址为172.16.0.0/16网段,配置从trust域到untrust域nat策略,匹配内部地址为172.16.0.0/16网段,使用g0/0/1端口地址。将上述操作命令及返回结果以文本形式提交到答题框。
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/2
[SRG-zone-trust]quit
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG-zone-untrust]quit
[SRG]interface GigabitEthernet 0/0/2
[SRG-GigabitEthernet0/0/2]ip address 10.10.5.1 24
[SRG-GigabitEthernet0/0/2]quit
[SRG]interface GigabitEthernet 0/0/1
[SRG-GigabitEthernet0/0/1]ip address 192.168.10.254 24
[SRG-GigabitEthernet0/0/1]quit
[SRG]ip route-static 0.0.0.0 0 192.168.10.1
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.0.0 0.0.255.255
[SRG-policy-interzone-trust-untrust-outbound-0]quit
[SRG-policy-interzone-trust-untrust-outbound]quit
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.0.0 0.0.255.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]quit
[SRG-nat-policy-interzone-trust-untrust-outbound]quit
虚拟网关
#9
配置SW1交换机vlan20地址为172.17.20.253/24,配置vrrp虚拟网关为172.17.20.254, vrid为1,配置优先级为120。配置vlan17地址为172.17.17.253/24,配置vrrp虚拟网关为172.17.17.254,vrid为2。配置mstp协议,vlan20为实例1,vlan17为实例2,vlan20在SW1上为主,vlan17在SW1上为备。将上述操作命令以文本形式提交到答题框。
[SW1]interface Vlanif 20
[SW1-Vlanif20]ip address 172.17.20.253 24
[SW1-Vlanif20]vrrp vrid 1 virtual-ip 172.17.20.254
[SW1-Vlanif20]vrrp vrid 1 priority 120
[SW1-Vlanif20]vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15
[SW1-Vlanif20]quit
[SW1]interface Vlanif 17
[SW1-Vlanif17]ip address 172.17.17.253 24
[SW1-Vlanif17]vrrp vrid 2 virtual-ip 172.17.17.254
[SW1-Vlanif17]quit
[SW1]stp region-configuration
[SW1-mst-region]region-name RG1
[SW1-mst-region]instance 1 vlan 20
[SW1-mst-region]instance 2 vlan 17
[SW1-mst-region]active region-configuration
[SW1-mst-region]quit
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW1]stp pathcost-standard legacy
[SW1]stp enable
版权声明:本文为weixin_45869322原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。