华为eNSP小型园区网络配置（上）

news2024/5/18 15:30:45

→跟着大佬学习的b站直通车←

在这里插入图片描述

目标1：dhcp分配ip地址

目标2：内网用户访问www.yzy.com

sw1

#
vlan batch 10 
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#

sw2

#
vlan batch 20 30
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 20
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 20 30
#

sw3

#
vlan batch 10 20 30 40 50
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20 30
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 40
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 50
#
dhcp enable
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select interface
 dhcp server dns-list 172.16.100.1
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select interface
 dhcp server dns-list 172.16.100.1
#
interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
 dhcp select interface
 dhcp server dns-list 172.16.100.1
#
interface Vlanif40
 ip address 172.16.100.254 255.255.255.0
#
interface Vlanif50
 ip address 10.10.10.2 255.255.255.0
#

Server1
在这里插入图片描述

目标3：nat内网用户访问外网

SW3

#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
#

#
 nat address-group 1 64.1.1.4 64.1.1.4
#
 acl number 2000  
 rule 5 permit source 192.168.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 64.1.1.1 255.255.255.0 
 nat outbound 2000 address-group 1 
#
 ip route-static 0.0.0.0 0.0.0.0 64.1.1.10
 ip route-static 192.168.0.0 255.255.0.0 10.10.10.2
#

#
interface GigabitEthernet0/0/0
 ip address 64.1.1.10 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 8.8.8.254 255.255.255.0 
#

目标4：acl禁止vlan10访问外网 traffic-filter

#
acl number 2001  
 rule 5 deny source 192.168.10.0 0.0.0.255 
 rule 10 permit 
#
interface GigabitEthernet0/0/0
 traffic-filter inbound acl 2001
#

对视频的补充-目标4用MQC实现

#
acl number 2002  
 rule 5 permit source 192.168.10.0 0.0.0.255 
#
traffic classifier no_vlan10 operator or
 if-match acl 2002
#
traffic behavior no_vlan10
 deny
#
traffic policy no_vlan10
 classifier no_vlan10 behavior no_vlan10
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.1 255.255.255.0 
 traffic-policy no_vlan10 inbound

↑狗骑吕布了属于是

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/1641635.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！