本實驗使用華爲eNSP模擬器,採用了VLAN技術、鏈路聚合、DHCP、靜態路由、NAT、SSH遠程管理等技術,搭建了一個簡單的公司內網環境。
bash
實驗環境:服務器
實驗目的:ssh
1. 實現全網互通tcp
2. 實現PC上網ide
3. 實現服務器被公網用戶訪問測試
4. 實現SSH遠程管理ui
實驗步驟:spa
1. 配置兩臺二層交換機命令行
sw1orm
<Huawei>system-view [Huawei]sysname sw1 [sw1]vlan batch 10 20 [sw1]interface Eth-Trunk 1 #鏈路捆綁 [sw1-Eth-Trunk1]trunkport Ethernet 0/0/3 0/0/4 [sw1-Eth-Trunk1]port link-type trunk [sw1-Eth-Trunk1]port trunk allow-pass vlan 10 20 [sw1-Eth-Trunk1]quit [sw1]int e0/0/1 [sw1-Ethernet0/0/1]port link-type access [sw1-Ethernet0/0/1]port default vlan 10 [sw1]int e0/0/2 [sw1-Ethernet0/0/2]port link-type access [sw1-Ethernet0/0/2]port default vlan 20
sw2
<Huawei>system-view [Huawei]sysname sw2 [sw2]vlan batch 30 40 [sw2]interface Eth-Trunk 2 [sw2-Eth-Trunk1]trunkport Ethernet 0/0/3 0/0/4 [sw2-Eth-Trunk1]port link-type trunk [sw2-Eth-Trunk1]port trunk allow-pass vlan 30 40 [sw2-Eth-Trunk1]quit [sw2]int e0/0/1 [sw2-Ethernet0/0/1]port link-type access [sw2-Ethernet0/0/1]port default vlan 30 [sw2]int e0/0/2 [sw2-Ethernet0/0/2]port link-type access [sw2-Ethernet0/0/2]port default vlan 40
2. 配置三層交換機
3sw1
<Huawei>system-view [Huawei]sysname 3sw1 [3sw1]vlan batch 10 20 30 40 50 [3sw1]interface Eth-Trunk 1 [3sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 0/0/4 [3sw1-Eth-Trunk1]port link-type trunk [3sw1-Eth-Trunk1]port trunk allow-pass vlan 10 20 [3sw1-Eth-Trunk1]quit [3sw1]interface Eth-Trunk 2 [3sw1-Eth-Trunk2]trunkport GigabitEthernet 0/0/5 0/0/6 [3sw1-Eth-Trunk2]port link-type trunk [3sw1-Eth-Trunk2]port trunk allow-pass vlan 30 40 [3sw1-Eth-Trunk2]quit [3sw1]int g0/0/2 [3sw1-GigabitEthernet0/0/2]port link-type access [3sw1-GigabitEthernet0/0/2]port default vlan 50 [3sw1]dhcp enable [3sw1]int Vlanif 10 [3sw1-Vlanif10]ip add 192.168.1.254 24 [3sw1-Vlanif10]dhcp select interface [3sw1]int Vlanif 20 [3sw1-Vlanif20]ip add 192.168.2.254 24 [3sw1-Vlanif20]dhcp select interface [3sw1]int Vlanif 30 [3sw1-Vlanif30]ip add 192.168.3.254 24 [3sw1-Vlanif30]dhcp select interface [3sw1]int Vlanif 40 [3sw1-Vlanif40]ip add 192.168.4.254 24 [3sw1-Vlanif40]dhcp select interface [3sw1]int Vlanif 50 [3sw1-Vlanif10]ip add 192.168.5.254 24 [3sw1]int Vlanif 1 [3sw1-Vlanif1]ip add 192.168.6.1 24 [3sw1]ip route-static 0.0.0.0 0 192.168.6.2 #默認路由
3. 配置路由器
<Huawei>system-view [Huawei]sysname NAT [NAT]int g0/0/0 [NAT-GigabitEthernet0/0/0]ip add 192.168.6.2 24 [NAT-GigabitEthernet0/0/0]int g0/0/1 [NAT-GigabitEthernet0/0/1]ip add 100.1.1.1 30 [NAT]ip route-static 0.0.0.0 0 100.1.1.2 [NAT]ip route-static 192.168.1.0 24 192.168.6.1 [NAT]ip route-static 192.168.2.0 24 192.168.6.1 [NAT]ip route-static 192.168.3.0 24 192.168.6.1 [NAT]ip route-static 192.168.4.0 24 192.168.6.1 [NAT]ip route-static 192.168.5.0 24 192.168.6.1 [NAT]acl 2000 [NAT-acl-basic-2000]rule permit source any [NAT-acl-basic-2000]quit [NAT]int g0/0/1 [NAT-GigabitEthernet0/0/1]nat outbound 2000 #PC共享上網 [NAT-GigabitEthernet0/0/1]nat server protocol tcp global current-interface www inside 192.168.5.1 www #發佈服務器
4. 配置ISP
<Huawei>system-view [Huawei]sysname ISP [ISP]int g0/0/1 [ISP-GigabitEthernet0/0/1]ip add 200.1.1.1 24 [ISP-GigabitEthernet0/0/1]int g0/0/0 [ISP-GigabitEthernet0/0/0]ip add 100.1.1.2 30
5. 驗證DHCP、共享上網
(1)打開PC,選擇DHCP,並應用,驗證DHCP是否生效
(2)進入命令行,查看IP地址,並訪問公網服務器,驗證
6. 驗證服務器是否發佈成功
(1)在服務器上配置IP地址
(2)編寫一個測試網頁,並啓動服務器
(3)在公網客戶機上訪問服務器,驗證是否能夠上網
7. 配置SSH,遠程管理內部交換機、路由器
(1)在sw1上啓用SSH
[sw1]user-interface vty 0 4 [sw1-ui-vty0-4]authentication-mode aaa #啓用AAA認證 [sw1-ui-vty0-4]protocol inbound ssh #配置容許登陸用戶類型的協議 [sw1]aaa [sw1-aaa]local-user ysf password simple 123456 #設置用戶和密碼 [sw1-aaa]local-user ysf service-type ssh #設置用戶能夠登陸的方式 [sw1-aaa]local-user ysf privilege level 5 #設置用戶的級別 [sw1]stelnet server enable #開啓ssh服務 [sw1]ssh user zhangsan authentication-type password #配置ssh用戶的認證方式 [sw1]ssh user zhangsan service-type stelnet #在路由器中不用配置這條命令 [sw1]ip route-static 0.0.0.0 0 192.168.1.254 [sw1]int vl 10 [sw1-Vlanif10]ip add 192.168.1.100 24 #配置管理地址
(2)在NAT路由器上管理sw1
[NAT]ssh client first-time enable #啓用SSH客戶端 [NAT]stelnet 192.168.1.100 Please input the username:ysf #輸入用戶 Trying 192.168.1.100 ... Press CTRL+K to abort Connected to 192.168.1.100 ... Enter password: #輸入密碼 Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2018-04-11 23:21:21. <sw1> #成功進入sw1管理界面
若是須要在公網遠程管理sw1,須要設置一下NAT
(1)設置NAT
同理,只有改一下公網的端口,能夠管理全部的設備
[NAT]int g0/0/1 [NAT-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 2200 inside 192.168.1.100 22
(2)在公網上遠程管理sw1
[ISP]ssh client first-time enable [ISP]stelnet 100.1.1.1 2200 Please input the username:ysf Trying 100.1.1.1 ... Press CTRL+K to abort Connected to 100.1.1.1 ... Enter password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2018-04-11 23:34:45. <sw1> #成功進入sw1管理界面