HomeStudyensp

# 参考配置 配置

1修改设备名称 

SW1 vlan batch 2 to 4
SW2 vlan batch 2
SW3 vlan batch 2 to 3

2关闭配置提示 un in en

5.  进入连接电脑的口配置以下命令
  Port link-type access
  Port default vlan 2
  
  int g0/0/15
  Port link-type access
  Port default vlan 2

6.链路聚合 三天交换机都要做
	Int Eth-Trunk 1
	Mode manual load-balance
	Trunkport g 0/0/1 
	Trunkport g 0/0/2 

Int Eth-Trunk 2
	Mode manual load-balance
	Trunkport g 0/0/1 
	Trunkport g 0/0/2 

Int g0/0/24
Port lint-type acc
	Port de vlan 40

Int Eth-trunk 1(2)
	Port lint-type trunk
	Port trunk all vlan 2 3

7快速生成树
SW1   Stp mode rs
SW1   Stp root primary
SW2   Stp mode rs
SW2   stp root secondary

8.配置地址
	Int vlan 2
	Ip add 192.168.2.254 24
	Int vlan 4
	IP add 192.168.4.254 24
	Int vlan 3
	Ip add 192.168.3.254 24

然后配置给出的端口地址ip

9. OSPF
	AR1:ip route-static 0.0.0.0 0 110.1.1.1
		Ospf 10
		Default-route-advertise  告诉别人我有路由
		Area 0 
		Net 192.168.5.0  0.0.0.255
		Net 192.168.4.0  0.0.0.255
		Net 110.1.1.0    0.0.0.7 工程现实生活可以省略 但是要得分

AR2: ip route-static 200.1.1.0 255.255.255.0 100.1.1.1
		ospf 10 
 default-route-advertise
 area 0.0.0.0 
         network 100.1.1.0 0.0.0.255 
         network 200.1.1.0 0.0.0.255

	SW1:ospf 10
		A 0
		Net 192.168.2.0  0.0.0.255
		Net 192.168.3.0  0.0.0.255
		Net 192.168.4.0  0.0.0.255

10. NAT
AR1
		Acl 2000
	Rule 5 permit source 192.168.2.0  0.0.0.255
	Rule 10 deny
#自动加的rule 5表示执行序号,越小越优先执行,默认第一条规则顺序编号是5,第二条是10。
		Q
	Int s4/0/01
	Nat outbound 2000







配置acl3000 禁止所有源地址 ping (icmp协议)内网的web
Server 192.168.5.100 允许其他ip通过

Acl 3000
   Rule deny icmp source 192.168.10.X  0.0.0.255 destination 192.168.50.100
配置ACL拒绝192.168.10.X网段的路由访问192.168.50.100,允许其HTTP访问Server1

进入接口将acl 3000绑在端口上
Int g0/0/xxx 
	Traffic-filter inbound acl 3000




Ppp协议 chap协议
进两台AR连接的口配
	    AR1 :link-protocol ppp
 ip address 100.1.1.1 255.255.255.248
ppp authentication-mode chap
AR2 :link-protocol ppp
ip address 100.1.1.2 255.255.255.248
ppp authentication-mode chap
	



参考·1

认证方
[Huawei-aaa]local-user actorw password cipher huawei
[Huawei-aaa]local-user actorw service-type ppp
// 先创建用户并把用户类型设置为ppp
 [Huawei]int s4/0/0 
 [Huawei-Serial4/0/0]link-protocol ppp 更改链路类型为ppp
 [Huawei-Serial4/0/0]ppp authentication-mode chap  加密方式改为chap认证
 [Huawei-Serial4/0/0]ppp chap user actorw 设置认证名-为刚刚创建用户的用户名
 [Huawei-Serial4/0/0]ip address ppp-negotiate 开启ip协商功能



被认证方
[Huawei]int s4/0/0
[Huawei-Serial4/0/0]link-protocol ppp
[Huawei-Serial4/0/0]remote address 12.1.1.1 给对端分配IP地址为12.1.1.1
[Huawei-Serial4/0/0]ppp chap user actorw  认证名确认-为认证方创建的账号名
[Huawei-Serial4/0/0]ppp chap password cipher huawei 认证密码确认密文密码(cipher)-为认证方创建账号的密码
[Huawei-Serial4/0/0]ip address 12.1.1.2 24 给S4/0/0口分配ip地址
Edited on

Give me a cup of [coffee]~( ̄▽ ̄)~*

Vullfin WeChat Pay

WeChat Pay

Vullfin Alipay

Alipay