华为与CISCO路由器单臂路由实例

需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台支持802.1Q的路由器实现VLAN的互通。这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.

组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.

拓扑图如下:

1.路由器的配置

[Router]

[Router]inter e0

[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0

[Router-Ethernet0]inter e0.1 //定义子接口E0.1

[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0

[Router-Ethernet0.1]vlan-typedot1q vid 1//指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后,以太网子接口才会根据配置的VLAN ID号在以太网帧头中嵌入VLAN 标签,与该网口相连的交换机接口才能正确处理接收到的帧。

[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2

[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0

[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2

[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3

[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0

[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3

[Router-Ethernet0.3]inter e0

[Router-Ethernet0]undo shut

% Interface Ethernet0 is up

[Router-Ethernet0] //用网线将E0端口连到S3026第24端口

%19:46:32: Interface Ethernet0 changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP

2.交换机的配置 sys

Enter system view , return user view with Ctrl+Z.

[Quidway]vlan 1

[Quidway-vlan1]vlan 2

[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口,和第22端口加入VLAN2

[Quidway-vlan2]vlan 3

[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2

[Quidway-vlan3]inter e0/24

[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口

[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过

Please wait........................................... Done.

[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置

Now, the following trunking ports exist:

Ethernet0/24

[Quidway-Ethernet0/24]dis vlan 2 //检验VLAN2的配置

VLAN ID: 2

VLAN Type: static

Route Interface: not configured

Description: VLAN 0002

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22

[Quidway-Ethernet0/24]dis vlan 3 //检验VLAN3的配置

VLAN ID: 3

VLAN Type: static

Route Interface: not configured

Description: VLAN 0003

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/21

3.在工作站上检查网络是否连通。此工作站连接S3026第21端口,属于VLAN2。

C:Documents and SettingsAdministrator>ipconfig

Windows2000 IP Configuration

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.2.22

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.2.1

C:Documents and SettingsAdministrator>ping 172.16.3.1

Pinging 172.16.3.1 with 32 bytes of data:

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Ping statistics for 172.16.3.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

4.在路由器上查看路由表。可以发现,由于172.16各网段都是直连路由,故不需启用路由协议或静态路由即能

实现VLAN之间的通讯。

[Router]display ip routing-table

Routing Tables:

Destination/Mask Proto Pref Metric Nexthop Interface

10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0

10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1

172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2

172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3

172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0

组网描述:

PC---------------------3050C-------------------------AR28-31-------------------------INTERNET 组网实现:

3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS [AR28-31]dis cu #

sysname Quidway #

FTP server enable #

nat address-group 0 222.222.222.2 222.222.222.10 #

radius scheme system #

domain system #

local-user admin

password cipher .]@USE=B,53Q=^Q`MAF4

service-type ftp

local-user huawei password simple huawei service-type telnet level 3 #

dhcp server ip-pool 10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 100.100.100.100 #

dhcp server ip-pool 20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 100.100.100.100 #

dhcp server ip-pool 30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 100.100.100.100 #

dhcp server ip-pool 40 network 192.168.40.0 mask 255.255.255.0

用于上公网的地址池 telnet用户,用于远程管理 为VLAN10分配IP地址 为VLAN20分配IP地址 为VLAN30分配IP地址 为VLAN40分配IP地址

gateway-list 192.168.40.1 dns-list 100.100.100.100 #

interface Aux0 async mode flow #

interface Ethernet1/0 用于与交换机的管理IP互通 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound #

interface Ethernet1/0.1 tcp mss 1024

ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10 #

interface Ethernet1/0.2 tcp mss 1024

ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20 #

interface Ethernet1/0.3 tcp mss 1024

ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30 #

interface Ethernet1/0.4 tcp mss 1024

ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40 #

interface Ethernet2/0

ip address 222.222.222.1 255.255.255.0

nat outbound 2000 address-group 0 #

interface NULL0 #

acl number 2000 行地址转换

rule 0 permit source 192.168.0.0 0.0.255.255 rule 1 deny

终结交换机上的VLAN10 终结交换机上的VLAN20 终结交换机上的VLAN30 终结交换机上的VLAN40 进行私网到公网的地址转换 允许192.168.0.0 这个网段的地址进

acl number 3000

rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135

rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny tcp destination-port eq 139

rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 rule 15 deny tcp destination-port eq 9996 rule 16 deny tcp destination-port eq 5554 rule 17 deny udp destination-port eq 9996 rule 18 deny udp destination-port eq 5554 rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025 rule 22 deny udp destination-port eq 1025 rule 23 deny tcp destination-port eq 9995 rule 24 deny udp destination-port eq 9995 rule 25 deny tcp destination-port eq 1068 rule 26 deny udp destination-port eq 1068 rule 27 deny tcp destination-port eq 1023 rule 28 deny udp destination-port eq 1023 #

ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60 到电信网关的缺省路由 #

user-interface con 0 user-interface aux 0 user-interface vty 0 4

authentication-mode scheme # return

=============================================================== dis cu #

sysname Quidway

radius scheme system server-type huawei

primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain

domain system

radius-scheme system access-limit disable state active

vlan-assignment-mode integer idle-cut disable

self-service-url disable messenger time disable

domain default enable system #

local-server nas-ip 127.0.0.1 key huawei

local-user huawei password simple huawei service-type telnet level 3 # vlan 1 #

vlan 10 #

vlan 20 #

vlan 30 #

vlan 40 #

interface Vlan-interface1 ip address 192.168.100.2 255.255.255.0 #

interface Aux0/0 #

interface Ethernet0/1 port access vlan 10 #

interface Ethernet0/2 port access vlan 10

用于WEB网管和TELNET 管理IP

interface Ethernet0/3 port access vlan 10 #

interface Ethernet0/4 port access vlan 10 #

interface Ethernet0/5 port access vlan 10 #

interface Ethernet0/6 port access vlan 10 #

interface Ethernet0/7 port access vlan 10 #

interface Ethernet0/8 port access vlan 10 #

interface Ethernet0/9 port access vlan 10 #

interface Ethernet0/10 port access vlan 10 #

interface Ethernet0/11 port access vlan 20 #

interface Ethernet0/12 port access vlan 20 #

interface Ethernet0/13 port access vlan 20 #

interface Ethernet0/14 port access vlan 20 #

interface Ethernet0/15 port access vlan 20 #

interface Ethernet0/16 port access vlan 20 #

interface Ethernet0/17

port access vlan 20

#

interface Ethernet0/18

port access vlan 20

#

interface Ethernet0/19

port access vlan 20

#

interface Ethernet0/20

port access vlan 20

#

interface Ethernet0/21

port access vlan 30

#

interface Ethernet0/22

port access vlan 30

#

interface Ethernet0/23

port access vlan 30

#

interface Ethernet0/24

port access vlan 30

#

interface Ethernet0/25

port access vlan 30

#

interface Ethernet0/26

port access vlan 30

#

interface Ethernet0/27

port access vlan 30

#

interface Ethernet0/28

port access vlan 30

#

interface Ethernet0/29

port access vlan 30

#

interface Ethernet0/30

port access vlan 30

#

interface Ethernet0/31

port access vlan 40

#

interface Ethernet0/32

port access vlan 40

#

interface Ethernet0/33

port access vlan 40

#

interface Ethernet0/34

port access vlan 40

#

interface Ethernet0/35

port access vlan 40

#

interface Ethernet0/36

port access vlan 40

#

interface Ethernet0/37

port access vlan 40

#

interface Ethernet0/38

port access vlan 40

#

interface Ethernet0/39

port access vlan 40

#

interface Ethernet0/40

port access vlan 40

#

interface Ethernet0/41

port access vlan 40

#

interface Ethernet0/42

port access vlan 40

#

interface Ethernet0/43

port access vlan 40

#

interface Ethernet0/44

port access vlan 40

#

interface Ethernet0/45

port access vlan 40

#

interface Ethernet0/46

port access vlan 40

#

interface Ethernet0/47

port access vlan 40

#

interface Ethernet0/48 上行口

port link-type trunk

port trunk permit vlan 1 10 20 30 40 只允许这几个VLAN标签透传

#

interface NULL0

#

user-interface aux 0

user-interface vty 0 4

#

return

CISCO的单臂路由

单臂路由实验是一个基本的路由实验,现在把我个人的配置方法写出来,和大家一起探讨。以下是拓扑图!(本实验在BOSON模拟实验中完成

)

首先对SW进行VLAN配置 >enable #(config)hostname sw #(config)vlan database进入vlan配置模式 #(config)vlan 10 name test1划分vlan并命名 #(config)vlan 20 name test2 #(config)exit退出vlan配置模式 #(config)int f0/1进入端口f0/1 将相应端口划分到相应的vlan中

#(config)switchport access vlan 10

#(config)int f0/2

#(config)switchport access vlan 20

我们知道,如果没有路由支持的情况下,vlan10与vlan 20 是不能进行通信的。这里,我们就用到单臂路由来作为各vlan 间的桥梁。在这个实验里,我们要用到dot1q封装协议。同时,在交换机上配置trunk,并进行封装。

#(config)int f0/12

#(config)switchport mode trunk

#(config)switchport trunk encapsulation dot1q

在交换机上配置trunk,并进行封装。

由于本节只探讨单臂路由,所以交换机就配置到这里

下面进行router配置

>enable

#(config)int e0进入e0并激活

#(config)no shut

#(config)int e0.10 建立子接口,并分配IP地址,这里的IP将成

为后面加入各vlan电脑的网关

#(config)encapsulation dot1q 10

#(config)ip add 192.168.1.1 255.255.255.0

#(config)no shut

#(config)exit

#(config)int e0.20

#(config)encapsulation dot1q 20

#(config)ip add 192.168.2.1 255.255.255.0

#(config)no shut

现在我们对pc 进行配置,这里介绍两种方法,一种图形界面,一种命令界面。首先用图形#winipcfg 当输入些命后有一个图形界面弹出,把相应的IP与网关填上。以PC1为例,我们就应填入。192.168.1.X 255.255.255.0网关:192.168.1.1

下面对PC2进行配置(命令模式)

#ipconfig /ip 192.168.2.X 255.255.255.0 #ipconfig /dg 192.168.2.1到些我们的单臂路由就已经做完了,这时我们在PC2 上PING PC1就能P通,实验成功!

我是一个网络新手,这也是第一次写博,如有不道之处还请大家多多指教。

需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台支持802.1Q的路由器实现VLAN的互通。这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.

组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.

拓扑图如下:

1.路由器的配置

[Router]

[Router]inter e0

[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0

[Router-Ethernet0]inter e0.1 //定义子接口E0.1

[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0

[Router-Ethernet0.1]vlan-typedot1q vid 1//指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后,以太网子接口才会根据配置的VLAN ID号在以太网帧头中嵌入VLAN 标签,与该网口相连的交换机接口才能正确处理接收到的帧。

[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2

[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0

[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2

[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3

[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0

[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3

[Router-Ethernet0.3]inter e0

[Router-Ethernet0]undo shut

% Interface Ethernet0 is up

[Router-Ethernet0] //用网线将E0端口连到S3026第24端口

%19:46:32: Interface Ethernet0 changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP

2.交换机的配置 sys

Enter system view , return user view with Ctrl+Z.

[Quidway]vlan 1

[Quidway-vlan1]vlan 2

[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口,和第22端口加入VLAN2

[Quidway-vlan2]vlan 3

[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2

[Quidway-vlan3]inter e0/24

[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口

[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过

Please wait........................................... Done.

[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置

Now, the following trunking ports exist:

Ethernet0/24

[Quidway-Ethernet0/24]dis vlan 2 //检验VLAN2的配置

VLAN ID: 2

VLAN Type: static

Route Interface: not configured

Description: VLAN 0002

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22

[Quidway-Ethernet0/24]dis vlan 3 //检验VLAN3的配置

VLAN ID: 3

VLAN Type: static

Route Interface: not configured

Description: VLAN 0003

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/21

3.在工作站上检查网络是否连通。此工作站连接S3026第21端口,属于VLAN2。

C:Documents and SettingsAdministrator>ipconfig

Windows2000 IP Configuration

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.2.22

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.2.1

C:Documents and SettingsAdministrator>ping 172.16.3.1

Pinging 172.16.3.1 with 32 bytes of data:

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Reply from 172.16.3.1: bytes=32 time

Ping statistics for 172.16.3.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

4.在路由器上查看路由表。可以发现,由于172.16各网段都是直连路由,故不需启用路由协议或静态路由即能

实现VLAN之间的通讯。

[Router]display ip routing-table

Routing Tables:

Destination/Mask Proto Pref Metric Nexthop Interface

10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0

10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1

172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2

172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3

172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0

组网描述:

PC---------------------3050C-------------------------AR28-31-------------------------INTERNET 组网实现:

3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS [AR28-31]dis cu #

sysname Quidway #

FTP server enable #

nat address-group 0 222.222.222.2 222.222.222.10 #

radius scheme system #

domain system #

local-user admin

password cipher .]@USE=B,53Q=^Q`MAF4

service-type ftp

local-user huawei password simple huawei service-type telnet level 3 #

dhcp server ip-pool 10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 100.100.100.100 #

dhcp server ip-pool 20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 100.100.100.100 #

dhcp server ip-pool 30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 100.100.100.100 #

dhcp server ip-pool 40 network 192.168.40.0 mask 255.255.255.0

用于上公网的地址池 telnet用户,用于远程管理 为VLAN10分配IP地址 为VLAN20分配IP地址 为VLAN30分配IP地址 为VLAN40分配IP地址

gateway-list 192.168.40.1 dns-list 100.100.100.100 #

interface Aux0 async mode flow #

interface Ethernet1/0 用于与交换机的管理IP互通 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound #

interface Ethernet1/0.1 tcp mss 1024

ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10 #

interface Ethernet1/0.2 tcp mss 1024

ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20 #

interface Ethernet1/0.3 tcp mss 1024

ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30 #

interface Ethernet1/0.4 tcp mss 1024

ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40 #

interface Ethernet2/0

ip address 222.222.222.1 255.255.255.0

nat outbound 2000 address-group 0 #

interface NULL0 #

acl number 2000 行地址转换

rule 0 permit source 192.168.0.0 0.0.255.255 rule 1 deny

终结交换机上的VLAN10 终结交换机上的VLAN20 终结交换机上的VLAN30 终结交换机上的VLAN40 进行私网到公网的地址转换 允许192.168.0.0 这个网段的地址进

acl number 3000

rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135

rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny tcp destination-port eq 139

rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 rule 15 deny tcp destination-port eq 9996 rule 16 deny tcp destination-port eq 5554 rule 17 deny udp destination-port eq 9996 rule 18 deny udp destination-port eq 5554 rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025 rule 22 deny udp destination-port eq 1025 rule 23 deny tcp destination-port eq 9995 rule 24 deny udp destination-port eq 9995 rule 25 deny tcp destination-port eq 1068 rule 26 deny udp destination-port eq 1068 rule 27 deny tcp destination-port eq 1023 rule 28 deny udp destination-port eq 1023 #

ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60 到电信网关的缺省路由 #

user-interface con 0 user-interface aux 0 user-interface vty 0 4

authentication-mode scheme # return

=============================================================== dis cu #

sysname Quidway

radius scheme system server-type huawei

primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain

domain system

radius-scheme system access-limit disable state active

vlan-assignment-mode integer idle-cut disable

self-service-url disable messenger time disable

domain default enable system #

local-server nas-ip 127.0.0.1 key huawei

local-user huawei password simple huawei service-type telnet level 3 # vlan 1 #

vlan 10 #

vlan 20 #

vlan 30 #

vlan 40 #

interface Vlan-interface1 ip address 192.168.100.2 255.255.255.0 #

interface Aux0/0 #

interface Ethernet0/1 port access vlan 10 #

interface Ethernet0/2 port access vlan 10

用于WEB网管和TELNET 管理IP

interface Ethernet0/3 port access vlan 10 #

interface Ethernet0/4 port access vlan 10 #

interface Ethernet0/5 port access vlan 10 #

interface Ethernet0/6 port access vlan 10 #

interface Ethernet0/7 port access vlan 10 #

interface Ethernet0/8 port access vlan 10 #

interface Ethernet0/9 port access vlan 10 #

interface Ethernet0/10 port access vlan 10 #

interface Ethernet0/11 port access vlan 20 #

interface Ethernet0/12 port access vlan 20 #

interface Ethernet0/13 port access vlan 20 #

interface Ethernet0/14 port access vlan 20 #

interface Ethernet0/15 port access vlan 20 #

interface Ethernet0/16 port access vlan 20 #

interface Ethernet0/17

port access vlan 20

#

interface Ethernet0/18

port access vlan 20

#

interface Ethernet0/19

port access vlan 20

#

interface Ethernet0/20

port access vlan 20

#

interface Ethernet0/21

port access vlan 30

#

interface Ethernet0/22

port access vlan 30

#

interface Ethernet0/23

port access vlan 30

#

interface Ethernet0/24

port access vlan 30

#

interface Ethernet0/25

port access vlan 30

#

interface Ethernet0/26

port access vlan 30

#

interface Ethernet0/27

port access vlan 30

#

interface Ethernet0/28

port access vlan 30

#

interface Ethernet0/29

port access vlan 30

#

interface Ethernet0/30

port access vlan 30

#

interface Ethernet0/31

port access vlan 40

#

interface Ethernet0/32

port access vlan 40

#

interface Ethernet0/33

port access vlan 40

#

interface Ethernet0/34

port access vlan 40

#

interface Ethernet0/35

port access vlan 40

#

interface Ethernet0/36

port access vlan 40

#

interface Ethernet0/37

port access vlan 40

#

interface Ethernet0/38

port access vlan 40

#

interface Ethernet0/39

port access vlan 40

#

interface Ethernet0/40

port access vlan 40

#

interface Ethernet0/41

port access vlan 40

#

interface Ethernet0/42

port access vlan 40

#

interface Ethernet0/43

port access vlan 40

#

interface Ethernet0/44

port access vlan 40

#

interface Ethernet0/45

port access vlan 40

#

interface Ethernet0/46

port access vlan 40

#

interface Ethernet0/47

port access vlan 40

#

interface Ethernet0/48 上行口

port link-type trunk

port trunk permit vlan 1 10 20 30 40 只允许这几个VLAN标签透传

#

interface NULL0

#

user-interface aux 0

user-interface vty 0 4

#

return

CISCO的单臂路由

单臂路由实验是一个基本的路由实验,现在把我个人的配置方法写出来,和大家一起探讨。以下是拓扑图!(本实验在BOSON模拟实验中完成

)

首先对SW进行VLAN配置 >enable #(config)hostname sw #(config)vlan database进入vlan配置模式 #(config)vlan 10 name test1划分vlan并命名 #(config)vlan 20 name test2 #(config)exit退出vlan配置模式 #(config)int f0/1进入端口f0/1 将相应端口划分到相应的vlan中

#(config)switchport access vlan 10

#(config)int f0/2

#(config)switchport access vlan 20

我们知道,如果没有路由支持的情况下,vlan10与vlan 20 是不能进行通信的。这里,我们就用到单臂路由来作为各vlan 间的桥梁。在这个实验里,我们要用到dot1q封装协议。同时,在交换机上配置trunk,并进行封装。

#(config)int f0/12

#(config)switchport mode trunk

#(config)switchport trunk encapsulation dot1q

在交换机上配置trunk,并进行封装。

由于本节只探讨单臂路由,所以交换机就配置到这里

下面进行router配置

>enable

#(config)int e0进入e0并激活

#(config)no shut

#(config)int e0.10 建立子接口,并分配IP地址,这里的IP将成

为后面加入各vlan电脑的网关

#(config)encapsulation dot1q 10

#(config)ip add 192.168.1.1 255.255.255.0

#(config)no shut

#(config)exit

#(config)int e0.20

#(config)encapsulation dot1q 20

#(config)ip add 192.168.2.1 255.255.255.0

#(config)no shut

现在我们对pc 进行配置,这里介绍两种方法,一种图形界面,一种命令界面。首先用图形#winipcfg 当输入些命后有一个图形界面弹出,把相应的IP与网关填上。以PC1为例,我们就应填入。192.168.1.X 255.255.255.0网关:192.168.1.1

下面对PC2进行配置(命令模式)

#ipconfig /ip 192.168.2.X 255.255.255.0 #ipconfig /dg 192.168.2.1到些我们的单臂路由就已经做完了,这时我们在PC2 上PING PC1就能P通,实验成功!

我是一个网络新手,这也是第一次写博,如有不道之处还请大家多多指教。


相关文章

  • 华为三层交换机配置方法.命令及实例
  • 华为三层交换机配置方法(1) (2008-07-21 11:27:34) 转载 标签: 分类: 工作汇报 杂谈 本文以河南平临高速所使用的华为华三通信的H3C S3600-28P-SI为例,配置前首先要确定型号后缀是SI还是EI,EI的支持 ...查看


  • Cisco不同的网段,通过配置单臂路由及静态路由
  • 如图 PC1 PC2 PC3 PC4分别属于不同VLAN ,不同的网段,通过配置单臂路由及静态路由,实现全网互通 R1(config)#int e0/0 R1(config-if)#ip add 192.168.1.1 255.255.25 ...查看


  • Cisco单臂路由命令
  • Cisco单路由配臂 置 臂路单由,在即由器上路设多置个逻子接口辑,每个子接口应一对v个ln.a在每个接子口的数在据理物链路上递都传标要封装.记iscCo设备支IS持和80L.21(qot1dQ)协议.华只为支持8201q.. OTDQ1I ...查看


  • 华为路由器与CISCO路由器配置差别
  • 深圳华为公司,作为目前国内最大的电信成套设备及数据通信设备生产商,近年来其路由器产品及技术有了长足的进展.其生产的高中低端 Quidway 路由器系列产品已有极广的覆盖面,特别是中低端产品凭着极高的性价比,完备的功能特性与良好的兼容性,市场 ...查看


  • 路由器配置实例--100例
  • 路由器配置实例--100例 Cisco 路由器VOIP 配置解析 在企业网络中推广IP 语音技术有很多优点,例如可以控制数据流量,保证语音质量,充分利用企业租用的数据线路资源,节省传统的长途话费等等.企业使用IP 语音技术,可以将语音.数据 ...查看


  • 硬件防火墙配置实例大全
  • 思科pix防火墙配置实例大全 在配置PIX防火墙之前,先来介绍一下防火墙的物理特性.防火墙通常具有至少3个接口,但许多早期的防火墙只具有2个接口:当使用具有3个接口的防火墙时,就至少产生了3个网络,描述如下: 内部区域(内网):内部区域通常 ...查看


  • 计算机网络工程师笔试面试题汇总
  • 网路学员面试常见问题: 1.请你修改一下LINUX的视频驱动和声音驱动 答: redhatlinux中用sndconfig来设置声卡,如果没有某个模块,就需要重新编译内核(编译最新发布的linux 内核),如果还不行,只好用ALSA 音效驱 ...查看


  • 网络工程师基本技术
  • 安全网关,应用层网关,售后&售前TCP/IPIOS七层模型:从下往下:物理层(比特流传输)----------数据链路层(提供介质访问.链路管理等)-----------网络层(寻址和路由选择)---------传输层(端到端的连接 ...查看


  • Cisco路由器配置命令大全
  • Cisco路由器配置命令大全 1. switch配置命令 (1)模式转换命令 用户模式----特权模式,使用命令"enable" 特权模式----全局配置模式,使用命令"config t" 全局配置模 ...查看


热门内容