| 1修改设备名称 |
| |
| SW1 vlan batch 2 to 4 |
| SW2 vlan batch 2 |
| SW3 vlan batch 2 to 3 |
| |
| 2关闭配置提示 un in en |
| |
| 5. 进入连接电脑的口配置以下命令 |
| Port link-type access |
| Port default vlan 2 |
| |
| int g0/0/15 |
| Port link-type access |
| Port default vlan 2 |
| |
| 6.链路聚合 三天交换机都要做 |
| Int Eth-Trunk 1 |
| Mode manual load-balance |
| Trunkport g 0/0/1 |
| Trunkport g 0/0/2 |
| |
| Int Eth-Trunk 2 |
| Mode manual load-balance |
| Trunkport g 0/0/1 |
| Trunkport g 0/0/2 |
| |
| Int g0/0/24 |
| Port lint-type acc |
| Port de vlan 40 |
| |
| Int Eth-trunk 1(2) |
| Port lint-type trunk |
| Port trunk all vlan 2 3 |
| |
| 7快速生成树 |
| SW1 Stp mode rs |
| SW1 Stp root primary |
| SW2 Stp mode rs |
| SW2 stp root secondary |
| |
| 8.配置地址 |
| Int vlan 2 |
| Ip add 192.168.2.254 24 |
| Int vlan 4 |
| IP add 192.168.4.254 24 |
| Int vlan 3 |
| Ip add 192.168.3.254 24 |
| |
| 然后配置给出的端口地址ip |
| |
| 9. OSPF |
| AR1:ip route-static 0.0.0.0 0 110.1.1.1 |
| Ospf 10 |
| Default-route-advertise 告诉别人我有路由 |
| Area 0 |
| Net 192.168.5.0 0.0.0.255 |
| Net 192.168.4.0 0.0.0.255 |
| Net 110.1.1.0 0.0.0.7 工程现实生活可以省略 但是要得分 |
| |
| AR2: ip route-static 200.1.1.0 255.255.255.0 100.1.1.1 |
| ospf 10 |
| default-route-advertise |
| area 0.0.0.0 |
| network 100.1.1.0 0.0.0.255 |
| network 200.1.1.0 0.0.0.255 |
| |
| SW1:ospf 10 |
| A 0 |
| Net 192.168.2.0 0.0.0.255 |
| Net 192.168.3.0 0.0.0.255 |
| Net 192.168.4.0 0.0.0.255 |
| |
| 10. NAT |
| AR1 |
| Acl 2000 |
| Rule 5 permit source 192.168.2.0 0.0.0.255 |
| Rule 10 deny |
| #自动加的rule 5表示执行序号,越小越优先执行,默认第一条规则顺序编号是5,第二条是10。 |
| Q |
| Int s4/0/01 |
| Nat outbound 2000 |
| |
| |
| |
| |
| |
| |
| |
| 配置acl3000 禁止所有源地址 ping (icmp协议)内网的web |
| Server 192.168.5.100 允许其他ip通过 |
| |
| Acl 3000 |
| Rule deny icmp source 192.168.10.X 0.0.0.255 destination 192.168.50.100 |
| 配置ACL拒绝192.168.10.X网段的路由访问192.168.50.100,允许其HTTP访问Server1 |
| |
| 进入接口将acl 3000绑在端口上 |
| Int g0/0/xxx |
| Traffic-filter inbound acl 3000 |
| |
| |
| |
| |
| Ppp协议 chap协议 |
| 进两台AR连接的口配 |
| AR1 :link-protocol ppp |
| ip address 100.1.1.1 255.255.255.248 |
| ppp authentication-mode chap |
| AR2 :link-protocol ppp |
| ip address 100.1.1.2 255.255.255.248 |
| ppp authentication-mode chap |
| |
| |
| |
| |
| 参考·1 |
| |
| 认证方 |
| [Huawei-aaa]local-user actorw password cipher huawei |
| [Huawei-aaa]local-user actorw service-type ppp |
| // 先创建用户并把用户类型设置为ppp |
| [Huawei]int s4/0/0 |
| [Huawei-Serial4/0/0]link-protocol ppp 更改链路类型为ppp |
| [Huawei-Serial4/0/0]ppp authentication-mode chap 加密方式改为chap认证 |
| [Huawei-Serial4/0/0]ppp chap user actorw 设置认证名-为刚刚创建用户的用户名 |
| [Huawei-Serial4/0/0]ip address ppp-negotiate 开启ip协商功能 |
| |
| |
| |
| 被认证方 |
| [Huawei]int s4/0/0 |
| [Huawei-Serial4/0/0]link-protocol ppp |
| [Huawei-Serial4/0/0]remote address 12.1.1.1 给对端分配IP地址为12.1.1.1 |
| [Huawei-Serial4/0/0]ppp chap user actorw 认证名确认-为认证方创建的账号名 |
| [Huawei-Serial4/0/0]ppp chap password cipher huawei 认证密码确认密文密码(cipher)-为认证方创建账号的密码 |
| [Huawei-Serial4/0/0]ip address 12.1.1.2 24 给S4/0/0口分配ip地址 |
