- PC1、PC2、SW1、RT1、RT2、RT3、FTP Server为局域网内的设备,其中RT3为局域网的网关;RT4、SW2、PC3模拟广域网上的设备;
- PC机IP地址以及路由器各接口IP地址根据表格中的IP进行设置;
- PC1属于VLAN2,PC2属于VLAN3,通过在RT1上使用单臂路由使其连通;
- RT1、RT2、RT3之间使用多区域0SPF连通,串行链路使用PPP,使用CHAP进行认证;
- 内网访问外网采用Easy IP,采用RT3出接口的IP地址作为转换后的源地址;
- RT3与RT4之间采用HDLC进行连接;
- FTP Server映射到外网的IP地址是200.1.1.2,禁止 PC2 访问PC3。
单臂路由
SW1
<H3C>sy
System View: return to User View with Ctrl+Z.
[H3C]vlan 2
[H3C-vlan2]port g1/0/1
[H3C-vlan2]vlan 3
[H3C-vlan3]port g1/0/2
[H3C-vlan3]int g1/0/3
[H3C-GigabitEthernet1/0/3]port link-type trunk
[H3C-GigabitEthernet1/0/3]port trunk permit vlan 2 3R1
<H3C>sy
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip address 10.0.0.254 24
[H3C-GigabitEthernet0/0]int g0/0.2
[H3C-GigabitEthernet0/0.2]ip address 10.0.1.254 24
[H3C-GigabitEthernet0/0.2]vlan-type dot1q vid 2
[H3C-GigabitEthernet0/0.2]int g0/0.3
[H3C-GigabitEthernet0/0.3]vlan-type dot1q vid 3
[H3C-GigabitEthernet0/0.3]ip address 10.0.2.254 24OSPF
R1
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ospf 100 area 1
[H3C-GigabitEthernet0/0]int g0/0.2
[H3C-GigabitEthernet0/0.2]ospf 100 area 1
[H3C-GigabitEthernet0/0.2]int g0/0.3
[H3C-GigabitEthernet0/0.3]ospf 100 area 1
[H3C-GigabitEthernet0/0.3]int s1/0
[H3C-Serial1/0]ip address 10.1.0.1 30
[H3C-Serial1/0]ospf 100 area 1R2
[H3C]int s1/0
[H3C-Serial1/0]ip address 10.1.0.2 30
[H3C-Serial1/0]ospf 100 area 1
[H3C-Serial1/0]int s2/0
[H3C-Serial2/0]ip address 10.1.0.5 30
[H3C-Serial2/0]ospf 100 area 0
[H3C-Serial2/0]quit
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip address 10.2.0.254 24
[H3C]ospf 100
[H3C-ospf-100]import-route direct cost 2R3
<H3C>sy
[H3C]int s2/0
[H3C-Serial2/0]ip address 10.1.0.6 30
[H3C-Serial2/0]ospf 100 area 0
[H3C-Serial2/0]int s1/0
[H3C-Serial1/0]ip address 200.1.1.1 24
[H3C-Serial1/0]quit
[H3C]ip route-static 0.0.0.0 0.0.0.0 200.1.1.101
[H3C]ospf 100
[H3C-ospf-100]default-route-advertise alwaysCHAP
R2
XXX
R1
[H3C]int s1/0
[H3C-Serial1/0]ppp chap user 31931
[H3C-Serial1/0]ppp chap password simple 000Easy IP
R3
[H3C]acl basic 2000
[H3C-acl-ipv4-basic-2000]rule 0 permit source 10.0.0.0 0.255.255.255
[H3C-acl-ipv4-basic-2000]int s1/0
[H3C-Serial1/0]nat outbound 2000HDLC
R3
[H3C-Serial1/0]link-protocol hdlcR4
[H3C]int s1/0
[H3C-Serial1/0] ip address 200.1.1.101 24
[H3C-Serial1/0]link-protocol hdlc
[H3C-Serial1/0]int g0/0
[H3C-GigabitEthernet0/0]ip address 200.2.1.254 24NAT server
R3
[H3C]int s1/0
[H3C-Serial1/0]nat server global 200.1.1.2 inside 10.2.0.1R2
[H3C]acl advanced 3000
[H3C-acl-ipv4-adv-3000]rule 1 deny ip source 10.0.2.1 0.0.0.255 destination 200.2.1.1 0.0.0.255
[H3C-acl-ipv4-adv-3000]int s2/0
[H3C-Serial2/0]packet-filter 3000 outbound
评论