在华为eNSP模拟器上根据要求进行配置
发布网友
发布时间:2022-04-21 02:06
我来回答
共1个回答
热心网友
时间:2022-04-11 02:18
我是看到好久了, 没人回答你的问题,其实我也不想回答, 敲命令也累啊。是吧。
今天有时间,。还是敲给你看一下吧。 废话不多说,上命令。
R1配置:
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0 \\连接SERVER2
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
#
ip route-static 192.168.0.0 255.255.0.0 192.168.1.2 \\静态路由到 SW1
---------------------------
SW1上配置:
sysname SW1
#
vlan batch 10 20 30 100
dhcp enable \\开启dhcp
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
#
ip pool vlan30 \\创建了3个vlan的地址池
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select global \\选择全局DHCP地址,当然你也可以直接在接口下配置dhcp
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
dhcp select global
#
interface Vlanif100
ip address 192.168.1.2 255.255.255.0 \\与路由器连接
interface GigabitEthernet0/0/23
port link-type trunk \\与SW2连接
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/24 \\与路由器连接
port link-type access
port default vlan 100
-----------------------------
SW2上配置:
sysname SW2
#
vlan batch 10 20 30
#
time-range working 08:30 to 17:30 working-day \\配置时间列表(工作日8:30到17:30)
#
acl number 3010 \\配置vlan10不可以访问20的访问控制列表
rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
acl number 3030 \\配置Server1根据时间允许访问tcp的80端口的
rule 5 permit tcp source 192.168.10.0 0.0.0.255 destination 192.168.30.1 0 destination-port eq www
rule 10 permit tcp source 192.168.20.0 0.0.0.255 destination 192.168.30.1 0 destination-port eq www
rule 15 deny tcp
#
interface Ethernet0/0/1 \\划分端口到vlan10
port link-type access
port default vlan 10
traffic-filter inbound acl 3010 调用访问控制列列表
#
interface Ethernet0/0/2 \\划分端口到vlan20
port link-type access
port default vlan 20
#
interface Ethernet0/0/3 \\划分端口到vlan30
port link-type access
port default vlan 30
traffic-filter outbound acl 3030 \\调用时间段访问控制列表
#
interface GigabitEthernet0/0/1 \\与SW1连接
port link-type trunk
port trunk allow-pass vlan 10 20 30
根据你的图,纯手敲,并验证结果。