朗朗最难的钢琴曲:华为的路由器模拟器及实验内容 - ah..zhangrui的日志 - 网易博客
实验一:基本命令实验
实验二:配置端口聚合
实验三:基本VLAN设置
实验四:配置primary VLAN和secondary VLAN
实验五:其它功能
实验六:路由器BootROM升级
实验七:直联路由
实验八:单臂路由
实验九:静态路由实验
实验十:动态路由实验
实验十一:访问控制列表
实验十二:地址转换配置
华为的路由器模拟器下载地址 (右键迅雷下载)
实验一 基本命令实验
添加一个交换机,一个计算机,双击交换机,进入终端配置:
password:
[Quidway]sysname S3026 交换机命名
[S3026]super password111 修改特权用户密码
[S3026]user-interface vty 0 4
[S3026-ui-vty0-4]authentication-modepassword
[S3026-ui-vty0-4]set authentication-modepassword simple 222
[S3026-ui-vty0-4]user privilege level 3
[S3026-ui-vty0-4]quit
[S3026]quit
password:111
[S3026]display currect-config
[S3026]dis curr
[S3026]vlan 2
[S3026-vlan2]port ethernet0/2
[S3026-vlan2]port e0/4 to et0/6
[S3026-vlan2]quit
[S3026]dis vlan
[S3026]int e0/3
[S3026-Ethernet1]port access vlan 2
[S3026-Ethernet1]quit
[S3026]dis vlan
[S3026]dis curr
[S3026]interface vlan 1 进入接口视图
[S3026-Vlan-interface1]ip address 10.65.1.1255.255.0.0
[S3026-Vlan-interface1]quit
[S3026]ip route-static 0.0.0.0 0.0.0.010.65.1.2
[S3026]ip default-gateway 10.65.1.2
[S3026]dis curr
[S3026]save
双击小电脑:
login:root
password:linux
[root@PCA root]#ifconfig eth0 10.65.1.1netmask 255.255.0.0
[root@PCA root]#ping 10.65.1.2
[root@PCA root]#telnet 10.65.1.2
实验二 配置端口聚合
要求聚合的端口工作在全双工,速度一致,在同一槽口且连续,
ingress:源MAC, both:源和目的MAC
对于SwitchA:
[SwitchA]interface ethernet0/1
[SwitchA-Ethernet0/1]duplex full
[SwitchA-Ethernet0/1]speed 100
[SwitchA-Ethernet0/1]int e0/2
[SwitchA-Ethernet0/2]duplex full
[SwitchA-Ethernet0/2]speed 100
对于SwitchB:
[SwitchB]interface ethernet0/1
[SwitchB-Ethernet0/1]duplex full
[SwitchB-Ethernet0/1]speed 100
[SwitchB-Ethernet0/1]int e0/2
[SwitchB-Ethernet0/2]duplex full
[SwitchB-Ethernet0/2]speed 100
聚合操作:
[SwitchA]link-aggregation ethernet0/1 toethernet0/2 both
[SwitchB]link-aggregation ethernet0/1 toethernet0/2 both
[SwitchA]display link-aggregationethernet0/1
[SwitchA]undo link-aggregation all
实验三 基本VLAN设置
[SwitchA]vlan 2
[SwitchA-vlan2]port e0/3 to e0/4
[SwitchA]vlan 3
[SwitchA-vlan3]port e0/5 to e0/6
[SwitchB]vlan 2
[SwitchB-vlan2]port e0/3 to e0/4
[SwitchB]vlan 3
[SwitchB-vlan3]port e0/5 to e0/6
设置计算机的IP为:
PCA:10.65.1.1 PCB:10.65.1.2 PCC:10.65.1.3 PCD:10.65.1.4
[root@PCA root]#ping 10.65.1.1 通
[root@PCA root]#ping 10.65.1.2 不通
[root@PCA root]#ping 10.65.1.3 不通
[root@PCA root]#ping 10.65.1.4 不通
将PCA改接到SwitchA E0/2, PCC改接到SwitchB E0/2
[root@PCA root]#ping 10.65.1.3 通(这时都在vlan1)
再改回来:
[S3026A]interface ethernet 0/8
[S3026A-Ethernet0/8]port link-type trunk
[S3026A-Ethernet0/8]port trunk permit vlanall
[S3026B]interface ethernet 0/1
[S3026B-Ethernet0/1]port link-type trunk
[S3026B-Ethernet0/1]port trunk permit vlanall
[root@PCA root]#ping 10.65.1.3 通
[root@PCA root]#ping 10.65.1.4 不通
[root@PCB root]#ping 10.65.1.4 通
即:PCA和PCC同在vlan 2 是通的。
PCB和PCD同在vlan 3是通的。
PCA和PCB是不通的。同理PCC和PCD也是不通的。
[S3026C]interface ethernet 0/1
[S3026C-Ethernet0/1]port link-type trunk
[S3026C-Ethernet0/1]port trunk permit vlanall
[S3026C]interface ethernet 0/8
[S3026C-Ethernet0/8]port link-type trunk
[S3026C-Ethernet0/8]port trunk permit vlanall
[root@PCA root]#ping 10.65.1.3 通
[root@PCA root]#ping 10.65.1.4 不通
实验四 配置primaryVLAN和secondary VLAN
[SwitchA]vlan 2
[SwitchA-vlan2]port ethernet 0/5 toethernet 0/6
[SwitchA]vlan 3
[SwitchA-vlan3]port ethernet 0/7 toethernet 0/8
[SwitchA]vlan 5
[SwitchA-vlan5]port ethernet 0/1 toethernet 0/4
[SwitchA-vlan5]isolate-user-vlan enable ;vlan5是主vlan
[SwitchA-vlan5]quit
[SwitchA]isolate-user-vlan 5 secondary 2,3 ;vlan2,3是子vlan
[SwitchB]vlan 2
[SwitchB-vlan2]port ethernet 0/5 toethernet 0/6
[SwitchB]vlan 3
[SwitchB-vlan3]port ethernet 0/7 toethernet 0/8
[SwitchA]vlan 4
[SwitchB-vlan4]port ethernet 0/1 toethernet 0/4
[SwitchB-vlan4]isolate-user-vlanenable ;vlan4是主vlan
[SwitchB-vlan4]quit
[SwitchB]isolate-user-vlan 4 secondary2,3 ;vlan2,3是子vlan
实验五 其它功能
(一) 设置镜像
[Quidway]monitor-port e0/8
[Quidway]port mirror e0/1
或:[Quidway]port mirror e0/1 to e0/2observing-port e0/8
(二) 生成树
[Quidway]stp {enable|disable}
[Quidway]stp priority 4096 设置交换机的优先级
[Quidway]stp root primary 设置交换机为树根
[Quidway-Ethernet0/1]stp cost 200 设置交换机端口的花费
实验六 路由器BootROM升级
[Quidway]reload
Press Ctrl+B to enter Boot Menu …
Boot Menu:
1:Download application program
2:Download Bootrom program
3:Modify Bootrom password
4:Exit menu
5:Reboot
Enter your choice(1-5):1
Downloading application program
from serial ... (rs232)
please choose your download speed:
1:9600bps
2:19200bps
3:38400bps
4:Exit and reboot
Enter your choice(1-4):2
Download speed is 38400bps.
Please change the terminal's speed to38400bps.
And select XMODEM
protocol. Press ENTER key when ready.
Downloading ...CC (please select[File]->[Send])
Download completed.
Write flash auccessfully!
实验七 直联路由
password:
[Quidway]interface ethernet0
[Quidway-Ethernet0]ip addr 10.65.1.2255.255.255.0
[Quidway-Ethernet0]undo shutdown
[Quidway-Ethernet0]int e1
[Quidway-Ethernet1]ip addr 10.66.1.2255.255.255.0
[Quidway-Ethernet1]undo shutdown
[root@PCA root]#ifconfig eth0 10.65.1.1netmask 255.255.0.0
[root@PCB root]#ifconfig eth0 10.66.1.1netmask 255.255.0.0
[root@PCA root]#ping 10.65.1.2 通
[root@PCA root]#ping 10.66.1.2 不通,没设网关
[root@PCA root]#route add default gw10.65.1.2
[root@PCA root]#ping 10.66.1.2 通
去掉Host B与Router的连线,再ping:
[root@PCA root]#ping 10.66.1.2不通(没有接线端口会自动down掉)
再连接Host B与Router的连线,再ping:
[root@PCA root]#ping 10.66.1.2 通了
实验八 单臂路由
设PCA:10.65.1.1 PCB:10.66.1.1
1.一个接口两个IP的情况
password:
[Quidway]interface ethernet0
[Quidway-Ethernet0]ip addr 10.65.1.2255.255.255.0
[Quidway-Ethernet1]ip addr 10.66.1.2255.255.255.0 secondary
[Quidway-Ethernet1]undo shutdown
[root@PCA root]#ping 10.66.1.1 通
2.划分两个子接口,对两个vlan的路由
[SwitchA]vlan 2
[SwitchA-vlan2]port e0/3
[SwitchA]vlan 3
[SwitchA-vlan3]port e0/6
[SwitchA]ine e0/1
[SwitchA-Ethernet0/1]port link-type trunk
[SwitchA-Ethernet0/1]port trunk permit vlanall
[SwitchA-Ethernet0/1]port trunk encap dot1q
[SwitchA]dis curr
[Quidway]int e0
[SwitchA-Ethernet0]int e0.1
[SwitchA-Ethernet0.1]encapsulation dot1q 2
[SwitchA-Ethernet0.1]ip addr 10.65.1.2255.255.255.0
[SwitchA-Ethernet0.1]nudo shut
[SwitchA-Ethernet0.1]int e0.2
[SwitchA-Ethernet0.2]encapsulation dot1q 2
[SwitchA-Ethernet0.2]ip addr 10.66.1.2255.255.255.0
[SwitchA-Ethernet0.2]nudo shut
[SwitchA]dis curr
[root@PCA root]#ping 10.66.1.1 通
实验九 静态路由实验
PCA:10.65.1.1 PCB:10.66.1.1 PCC:10.68.1.1 PCD:10.69.1.1
[RouterA]interface ethernet0
[RouterA-Ethernet0]ip addrress 10.65.1.2255.255.0.0
[RouterA-Ethernet0]undo shutdown
[RouterA-Ethernet0]int e1
[RouterA-Ethernet1]ip addrress 10.66.1.2255.255.0.0
[RouterA-Ethernet1]undo shutdown
[RouterA-Ethernet1]int s1
[RouterA-Serial1]ip addrress 10.67.1.2255.255.0.0
[RouterA-Serial1]undo shutdown
[RouterA-Serial1]clock rate 64000
[RouterA-Serial1]quit
[RouterA]ip routing
[RouterA]dis curr
[RouterB]interface ethernet0
[RouterB-Ethernet0]ip addrress 10.68.1.2255.255.0.0
[RouterB-Ethernet0]undo shutdown
[RouterB-Ethernet0]int e1
[RouterB-Ethernet1]ip addrress 10.69.1.2255.255.0.0
[RouterB-Ethernet1]undo shutdown
[RouterB-Ethernet1]int s0
[RouterB-Serial0]ip addrress 10.67.1.1255.255.0.0
[RouterB-Serial0]undo shutdown
[RouterB-Serial0]quit
[RouterB]ip routing
[RouterB]dis curr
[root@PCA root]#ifconfig eth0 10.65.1.1netmask 255.255.0.0
[root@PCA root]#route add default gw10.65.1.2
[root@PCA root]#ping 10.65.1.2 通
[root@PCA root]#ping 10.66.1.2 通
[root@PCA root]#ping 10.67.1.2 通
[root@PCA root]#ping 10.68.1.2 不通
[root@PCA root]#ping 10.69.1.2 不通
[RouterA]ip route-static 10.69.0.0255.255.0.0 10.67.1.1
[root@PCA root]#ping 10.69.1.1 通
下面再加入一个路由器Router C:
[RouterB-Serial0]undo ip addrress 10.67.1.1255.255.0.0
[RouterB-Serial0]ip addrress 10.70.1.1255.255.0.0
[RouterC]interface serial0
[RouterC-Serial0]ip addrress 10.67.1.1255.255.0.0
[RouterC-Serial0]undo shutdown
[RouterC-Serial0]clock rate 64000
[RouterC-Serial0]int s1
[RouterC-Serial1]ip addrress 10.70.1.1255.255.0.0
[RouterC-Serial1]undo shutdown
[RouterC-Serial1]quit
[RouterC]ip route-static 10.69.0.0255.255.0.0 10.70.1.1
[RouterC]dis curr
[root@PCA root]#ping 10.69.1.1 通
[root@PCA root]#ping 10.68.1.1 不通
实验十 动态路由实验
[RouterA]rip version 2 multicast
[RouterA-rip]network 10.0.0.0 ;可以all
[RouterA-rip]ip routing
[RouterB]rip version 2 multicast
[RouterB-rip]network 10.0.0.0
[RouterB-rip]ip routing
[RouterC]rip version 2 multicast
[RouterC-rip]network 10.0.0.0
[RouterC-rip]ip routing
[RouterC]dis ip route
[root@PCA root]#ping 10.68.1.1 通
[root@PCA root]#ping 10.69.1.1 通
[RouterA-rip]peer10.67.1.1 ;指明交换点
[RouterA-rip]summary ;聚合
[RouterA-Serial0]ripsplit-horizon ;水平分隔
[RouterA]rip work
[RouterA]rip input
[RouterA]rip output
[Quidway]router idA.B.C.D ;配置路由器的ID
[Quidway]ospfenable ;启动OSPF协议
[Quidway-ospf]imp
[Quidway-Serial0]ospf enable area0 ;配置OSPF区域
[Quidway-Serial0]link-protocol ppp
实验十一 访问控制列表实验
1.基本访问列表
[RouterC]firewall enable
[RouterC]firewall default permit
[RouterC]acl 10
[RouterC-acl-10]rule normal deny source10.65.1.1
[RouterC-acl-10]rule normal permit sourceany
[RouterC]int s0
[RouterC-Serial0]firewall packet-filter 10inbound
[RouterC-Serial0]quit
[RouterC]display acl
[root@PCA root]#ping 10.68.1.1 不通
[root@PCB root]#ping 10.68.1.1 通
[RouterC]undo acl 10
[RouterC]display acl
[root@PCA root]#ping 10.68.1.1 通
[root@PCB root]#ping 10.68.1.1 通
[RouterC]acl 11
[RouterC-acl-11]rule normal deny source10.65.1.1 0.0.0.255
[RouterC-acl-11]rule normal permit sourceany
[RouterC]int s0
[RouterC-Serial0]firewall packet-filter 11inbound
[RouterC]display acl
[root@PCA root]#ping 10.68.1.1 不通
[root@PCB root]#ping 10.68.1.1 不通
[RouterC]undo acl
2.扩展访问控制列表
[RouterC]firewall enable
[RouterC]firewall default permit
[RouterC]acl 101
[RouterC-acl-101]rule deny tcp source10.65.1.1 0 destination 10.69.1.1 0
[RouterC-acl-101]rule permit ip source anydestination any
[RouterC]int s1
[RouterC-Serial1]firewall packet-filter 101outbound
[RouterC-Serial1]quit
[RouterC]dis acl
[root@PCA root]#ping 10.68.1.1 通
[root@PCA root]#ping 10.69.1.1 不通
[root@PCB root]#ping 10.69.1.1 通
[RouterC]undo acl
[root@PCA root]#ping 10.69.1.1 通
实验十二 地址转换配置
设置公司三个公网IP:133.0.0.1、133.0.0.2、133.0.0.3。为地址池pool。
内部网络10.1.0.0网络可以通过公网IP访问外部计算机。自动转换成公网IP。
设置:Host A : 10.1.1.1 255.255.0.0
Host B : 10.1.1.2 255.255.0.0
Host C : 10.1.1.3 255.255.0.0
Host D : 10.2.1.1 255.255.0.0
RouterA E0: 10.1.1.9 255.255.0.0
Host F : 133.0.0.8 255.255.0.0
[Quidway]nat address-group 133.0.0.1133.0.0.3 pool1
[Quidway]acl 1
[Quidway-acl-1]rule permit source 10.1.0.00.0.255.255
[Quidway-acl-1]rule deny source any
[Quidway-acl-1]int s0
[Quidway-Serial0]undo shut
[Quidway-Serial0]nat outbound 1address-group pool1
[Quidway-Serial0]nat server global133.0.0.1 inside 10.1.1.1 ftp tcp
[Quidway-Serial0]nat server global133.0.0.2 inside 10.1.1.2 www tcp
[Quidway-Serial0]nat server global133.0.0.3 inside 10.1.1.3 smtp udp