当前位置：首页 > news >正文

H3CNE综合实验

news 2025/7/17 16:23:38

H3CNE综合实验机器人

实验拓扑图

在这里插入图片描述

实验需求

1.按照图示配置 ip 地址
2.SW1 和 SW2 之间的直连链路配置链路聚合
3.公司内部业务网段为 Vlan10 和 Van20:Vlan10 是市场部，Van20 是技术部，要求对 Vlana 进行命名以便识别:PC1属于 Vlan10，PC2属于 Vlan20,Vlan30 用于 SW1和 SW2 建立 OSPF 邻居:Vlan111 为 SW1 和 R1 的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan
4.所有交换机相连的端口配置为 Trunk，允许相关流量通过
5.交换机连接 PC 的端口配置为边缘端口

6.在 SW1 上配置 DHCP 服务，为 Van10 和 Van20 的 PC 动态分配 IP 地址、网关和 DNS 地址;要求 Vlan10 的网关是192.168.1.252，Vlan20 的网关是192.168.2.253
7.按图示分区域配置 OSPF 实现公司内部网络全网互通，ABR 的环回口宣告进骨干区域:业务网段不允许出现协议报文
8.R1 上配置默认路由指向互联网，并引入到 OSPF
9.R1 通过双线连接到互联网，配置 PPP-MP，并配置双向 chap 验证
10.配置 EASY IP，只有业务网段和的数据流可以通过 R1 访问互联网192.168.1.0/24 192.168.2.0/2411.R1 开启 11.TELNET 远程管理，使用用户ikun登录，密码 123456abc，只允许技术部远程管理 R1

实验步骤

1.按照图示配置 ip 地址

在R1
[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 10.0.0.5 30
[R1-GigabitEthernet0/0]int g0/1
[R1-GigabitEthernet0/1]ip add 10.0.0.1 30
[R1-GigabitEthernet0/1]int g0/2
[R1-GigabitEthernet0/2]ip add 10.0.0.14 30
[R1-GigabitEthernet0/2]int lo0
[R1-LoopBack0]ip add 10.1.1.1 32
在R2
[R2]int g0/0
[R2-GigabitEthernet0/0]ip add 10.0.0.9 30
[R2-GigabitEthernet0/0]int g0/1
[R2-GigabitEthernet0/1]ip add 10.0.0.18 30
[R2-GigabitEthernet0/1]int g0/2
[R2-GigabitEthernet0/2]ip add 10.0.0.2 30
[R2-GigabitEthernet0/2]int lo0
[R2-LoopBack0]ip add 10.1.1.2 32
在R3
[R3]int g0/0
[R3-GigabitEthernet0/0]ip add 10.0.0.13 30
[R3-GigabitEthernet0/0]int g0/1
[R3-GigabitEthernet0/1]ip add 10.0.0.17 30
[R3-GigabitEthernet0/1]int g0/2
[R3-GigabitEthernet0/2]ip add 192.168.3.254 24
[R3-GigabitEthernet0/2]int lo0
[R3-LoopBack0]ip add 10.1.1.3 32
在sw1
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]vlan 30
[SW1-vlan30]vlan 111
[SW1-vlan111]int lo0
[SW1-LoopBack0]ip add 10.1.1.11 32
[SW1-LoopBack0]int vlan 10
[SW1-Vlan-interface10]ip add 192.168.1.252 24
[SW1-Vlan-interface10]int vlan 20
[SW1-Vlan-interface20]ip add 192.168.2.252 24
[SW1-Vlan-interface20]int vlan 111
[SW1-Vlan-interface111]ip add 10.0.0.6 30
[SW1-Vlan-interface111]qu
在sw2
[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]vlan 30
[SW2-vlan30]vlan 222
[SW2-vlan222]int lo0
[SW2-LoopBack0]ip add 10.1.1.12 32
[SW2-LoopBack0]int vlan 10
[SW2-Vlan-interface10]ip add 192.168.1.253 24
[SW2-Vlan-interface10]int vlan 20
[SW2-Vlan-interface20]ip add 192.168.2.253 24
[SW2-Vlan-interface20]int vlan 30
[SW2-Vlan-interface30]ip add 10.1.2.2 30
[SW2-Vlan-interface30]int vlan 222
[SW2-Vlan-interface222]ip add 10.0.0.10 30

2.在R1上创建MP -GROUP口

在R1
R1]int MP-group 1
[R1-MP-group1]ip add 200.100.1.2 30
[R1-MP-group1]
在INTERHET
[INTERNET]int MP-group 1
[INTERNET-MP-group1]ip add 202.100.1.1 30
[INTERNET-MP-group1]int lo0
[INTERNET-LoopBack0]ip add 100.1.1.1 32

3.SW1 和 SW2 之间的直连链路配置链路聚合

在SW1
[SW1]int Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]link-aggregation mode dynamic 
[SW1-Bridge-Aggregation1]qu
[SW1]int range g1/0/1 to g1/0/2
[SW1-if-range]port link-aggregation group 1
在SW2
[SW2]int Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]link-aggregation mode dynamic 
[SW2-Bridge-Aggregation1]qu
[SW2]int range g1/0/1 to g1/0/2
[SW2-if-range]port link-aggregation group 1

4.公司内部业务网段为 Vlan10 和 Van20:Vlan10 是市场部，Van20 是技术部，要求对 Vlana 进行命名以便识别:PC1属于 Vlan10，PC2属于 Vlan20,Vlan30 用于 SW1和 SW2 建立 OSPF 邻居:Vlan111 为 SW1 和 R1 的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan

在SW3
[SW3]vlan 10
[SW3-vlan10]port g1/0/3
[SW3-vlan10]vlan 20
[SW3-vlan20]port g1/0/4
[SW3]int g1/0/1
[SW3-GigabitEthernet1/0/1]port link-type trunk
[SW3-GigabitEthernet1/0/1]port trunk permit vlan 10 20
[SW3-GigabitEthernet1/0/1]qu
[SW3]int g1/0/2
[SW3-GigabitEthernet1/0/2]port link-type trunk
[SW3-GigabitEthernet1/0/2]port trunk permit vlan 10 20
在SW1
[SW1]vlan 111
[SW1-vlan111]port g1/0/4
[SW1-vlan111]int g1/0/3
[SW1-GigabitEthernet1/0/3]
[SW1-GigabitEthernet1/0/3]port link-type trunk
[SW1-GigabitEthernet1/0/3]port trunk permit vlan 10 20
[SW1]int Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
[SW1-Bridge-Aggregation1]port trunk permit vlan 10 20 30
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
在SW2
[SW2]vlan 222
[SW2-vlan222]port g1/0/4
[SW2-vlan222]int g1/0/3
[SW2-GigabitEthernet1/0/3]port link-type trunk
[SW2-GigabitEthernet1/0/3]port trunk permit vlan 10 20
[SW2]int Bridge-Aggregation 1
[SW2-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.
[SW2-Bridge-Aggregation1]port trunk permit vlan 10 20
Configuring GigabitEthernet1/0/1 done.
Configuring GigabitEthernet1/0/2 done.

5.交换机连接 PC 的端口配置为边缘端口

[SW3-GigabitEthernet1/0/2]int g1/0/3
[SW3-GigabitEthernet1/0/3]stp edged-port
Edge port should only be connected to terminal. It will cause temporary loops if port GigabitEthernet1/0/3 is connected to bridges. Please use it carefully.
[SW3-GigabitEthernet1/0/3]int g1/0/4
[SW3-GigabitEthernet1/0/4]stp edged-port 
Edge port should only be connected to terminal. It will cause temporary loops if port GigabitEthernet1/0/4 is connected to bridges. Please use it carefully.
[SW3-GigabitEthernet1/0/4]

6.在 SW1 上配置 DHCP 服务，为 Van10 和 Van20 的 PC 动态分配 IP 地址、网关和 DNS 地址;要求 Vlan10 的网关是192.168.1.252，Vlan20 的网关是192.168.2.253

[SW1]dhcp enable
[SW1]dhcp server ip-pool vlan10
[SW1-dhcp-pool-vlan10]gateway-list 192.168.1.252
[SW1-dhcp-pool-vlan10]dns-list 114.114.114.114
[SW1-dhcp-pool-vlan10]network 192.168.1.0 24
[SW1-dhcp-pool-vlan10]qu
[SW1]dhcp server ip-pool vlan20
[SW1-dhcp-pool-vlan20]network 192.168.2.0 24
[SW1-dhcp-pool-vlan20]gateway-list 192.168.2.253
[SW1-dhcp-pool-vlan20]dns-list 114.114.114.114

7.pc1 2 自动获取IP地址

在这里插入图片描述

8.按图示分区域配置 OSPF 实现公司内部网络全网互通，ABR 的环回口宣告进骨干区域:业务网段不允许出现协议报文

在R1
[R1]ospf 1 r
[R1]ospf 1 router-id 10.1.1.1
[R1-ospf-1]ar 0
[R1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.14 0.0.0.0
[R1-ospf-1-area-0.0.0.0]ar 1
[R1-ospf-1-area-0.0.0.1]network 10.0.0.5 0.0.0.0
[R1-ospf-1]dis th
#
ospf 1 router-id 10.1.1.1area 0.0.0.0network 10.0.0.1 0.0.0.0network 10.0.0.14 0.0.0.0network 10.1.1.1 0.0.0.0area 0.0.0.1network 10.0.0.5 0.0.0.0
#
return
在R2
[R2]ospf 1 router-id 10.1.1.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]network 10.1.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.0.18 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.0.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]ar%Jul 16 13:34:34:504 2025 R2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 10.0.0.1(GigabitEthernet0/2) changed from LOADING to FULL.1
[R2-ospf-1-area-0.0.0.1]net
[R2-ospf-1-area-0.0.0.1]network 10.0.0.9 0.0.0.0
[R2-ospf-1]dis th
#
ospf 1 router-id 10.1.1.2area 0.0.0.0network 10.0.0.2 0.0.0.0network 10.0.0.18 0.0.0.0network 10.1.1.2 0.0.0.0area 0.0.0.1network 10.0.0.9 0.0.0.0
#
return
在R3
[R3]ospf 1 router-id 10.1.1.3
[R3-ospf-1]ar 0
[R3-ospf-1-area-0.0.0.0]network 10.0.0.13 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10%Jul 16 13:16:10:391 2025 R3 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 10.0.0.14(GigabitEthernet0/0) changed from LOADING to FULL.
[R3-ospf-1-area-0.0.0.0]network 10.0.0.17 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network %Jul 16 13:16:27:863 2025 R3 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 10.0.0.18(GigabitEthernet0/1) changed from LOADING to FULL.
[R3-ospf-1-area-0.0.0.0]network 192.168.3.254 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.1.1.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]dis th
#area 0.0.0.0network 10.0.0.13 0.0.0.0network 10.0.0.17 0.0.0.0network 10.1.1.3 0.0.0.0network 192.168.3.254 0.0.0.0
#
return
在SW1
[SW1]ospf 1 router-id 100.1.1.1
[SW1-ospf-1]ar 1
[SW1-ospf-1-area-0.0.0.1]network 192.168.1.252 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]network 192.168.2.252 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]network 10.1.2.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]network 10.0.0.6 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]net%Jul 16 13:49:01:590 2025 SW1 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 10.0.0.5(Vlan-interface111) changed from LOADING to FULL.[SW1-ospf-1-area-0.0.0.1]network 10.1.1.1 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]dis th
#area 0.0.0.1network 10.0.0.6 0.0.0.0network 10.1.2.1 0.0.0.0network 10.1.1.1 0.0.0.0network 192.168.1.252 0.0.0.0network 192.168.2.252 0.0.0.0
#
return
在SW2
[SW2]ospf 1 router-id 10.1.1.12
[SW2-ospf-1]ar 1
[SW2-ospf-1-area-0.0.0.1]net
[SW2-ospf-1-area-0.0.0.1]network 192.168.1.253 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]n%Jul 16 13:51:47:499 2025 SW2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.1.252(Vlan-interface10) changed from LOADING to FULL.[SW2-ospf-1-area-0.0.0.1]network 192.168.2.253 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]network 10.1.2%Jul 16 13:52:09:411 2025 SW2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.2.252(Vlan-interface20) changed from LOADING to FULL.[SW2-ospf-1-area-0.0.0.1]network 10.1.2.2 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]network 10.0.0.10 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]n%Jul 16 13:52:33:228 2025 SW2 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 10.0.0.9(Vlan-interface222) changed from LOADING to FULL.[SW2-ospf-1-area-0.0.0.1]network 10.1.1.12 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]dis th
#area 0.0.0.1network 10.0.0.10 0.0.0.0network 10.1.1.12 0.0.0.0network 10.1.2.2 0.0.0.0network 192.168.1.253 0.0.0.0network 192.168.2.253 0.0.0.0
#在R3
[R3]ospf 1
[R3-ospf-1]silent-interface g0/2
在SW1
[SW1]ospf 1
[SW1-ospf-1]silent-interface vlan 10
[SW1-ospf-1]%Jul 16 13:58:10:545 2025 SW1 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.1.253(Vlan-interface10) changed from FULL to DOWN.
[SW1-ospf-1]silent-interface vlan 20
[SW1-ospf-1]%Jul 16 13:58:20:282 2025 SW1 OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 192.168.2.253(Vlan-interface20) changed from FULL to DOWN.
在SW2
[SW2-ospf-1]silent-interface vlan 10
[SW2-ospf-1]silent-interface vlan 20

9测试是否全网互通

<H3C>ping 192.168.3.1
Ping 192.168.3.1 (192.168.3.1): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.3.1: icmp_seq=0 ttl=252 time=7.000 ms
56 bytes from 192.168.3.1: icmp_seq=1 ttl=252 time=8.000 ms
56 bytes from 192.168.3.1: icmp_seq=2 ttl=252 time=6.000 ms
56 bytes from 192.168.3.1: icmp_seq=3 ttl=252 time=6.000 ms
56 bytes from 192.168.3.1: icmp_seq=4 ttl=252 time=7.000 ms--- Ping statistics for 192.168.3.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 6.000/6.800/8.000/0.748 ms
<H3C>%Jul 16 13:55:23:116 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.3.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 6.000/6.800/8.000/0.748 ms.
<H3C>ping 192.168.2.1
Ping 192.168.2.1 (192.168.2.1): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.1: icmp_seq=0 ttl=254 time=7.000 ms
56 bytes from 192.168.2.1: icmp_seq=1 ttl=254 time=7.000 ms
56 bytes from 192.168.2.1: icmp_seq=2 ttl=254 time=8.000 ms
56 bytes from 192.168.2.1: icmp_seq=3 ttl=254 time=7.000 ms
56 bytes from 192.168.2.1: icmp_seq=4 ttl=254 time=7.000 ms--- Ping statistics for 192.168.2.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 7.000/7.200/8.000/0.400 ms
<H3C>%Jul 16 13:55:42:767 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.2.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 7.000/7.200/8.000/0.400 ms.<H3C>ping 10.1.1.1
Ping 10.1.1.1 (10.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 10.1.1.1: icmp_seq=0 ttl=254 time=4.000 ms
56 bytes from 10.1.1.1: icmp_seq=1 ttl=254 time=4.000 ms
56 bytes from 10.1.1.1: icmp_seq=2 ttl=254 time=3.000 ms
56 bytes from 10.1.1.1: icmp_seq=3 ttl=254 time=3.000 ms
56 bytes from 10.1.1.1: icmp_seq=4 ttl=254 time=3.000 ms--- Ping statistics for 10.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.000/3.400/4.000/0.490 ms
<H3C>%Jul 16 13:55:54:957 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 10.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 3.000/3.400/4.000/0.490 ms.

10.R1 上配置默认路由指向互联网，并引入到 OSPF

[R1]ip route-static 0.0.0.0 0 202.100.1.1
[R1-ospf-1]default-route-advertise

11.R1 通过双线连接到互联网，配置 PPP-MP，并配置双向 chap 验证

[R1]local-user ssz class network 
New local user added.
[R1-luser-network-ssz]password simple 123
[R1-luser-network-ssz]service-type ppp
[R1-luser-network-ssz]qu
[R1]int s1/0
[R1-Serial1/0]ppp mp MP-group 1
[R1-Serial1/0]%Jul 16 14:04:55:928 2025 R1 IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to down.[R1-Serial1/0]ppp%Jul 16 14:05:01:957 2025 R1 IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to up.
[R1-Serial1/0]ppp authentication-mode chap 
[R1-Serial1/0]ppp chap user ssz
[R1-Serial1/0]int s2/0
[R1-Serial2/0]ppp mp MP-group 1
[R1-Serial2/0]%Jul 16 14:07:18:514 2025 R1 IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial2/0 changed to down.[R1-Serial2/0]ppp %Jul 16 14:07:24:559 2025 R1 IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial2/0 changed to up.[R1-Serial2/0]ppp authentication-mode chap
[R1-Serial2/0]ppp chap user ssz
在INTERNET
[INTERNET]local-user ssz class network 
New local user added.
[INTERNET-luser-network-ssz]password simple 123
[INTERNET-luser-network-ssz]service-type ppp
[INTERNET-luser-network-ssz]qu
[INTERNET]int s1/0
[INTERNET-Serial1/0]ppp mp MP-group 1
[INTERNET-Serial1/0]%Jul 16 14:09:53:578 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to down.[INTERNET-Serial1/0]%Jul 16 14:09:56:638 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to up.
%Jul 16 14:09:56:639 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to down.
%Jul 16 14:09:56:639 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface MP-group1 changed to up.
%Jul 16 14:09:56:641 2025 INTERNET IFNET/3/PHY_UPDOWN: Physical state on the interface MP-group1 changed to up.
%Jul 16 14:09:56:644 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface MP-group1 changed to down.
%Jul 16 14:09:56:644 2025 INTERNET IFNET/3/PHY_UPDOWN: Physical state on the interface MP-group1 changed to down.[INTERNET-Serial1/0]ppp authentication-mode chap
[INTERNET-Serial1/0]ppp chap user ssz
[INTERNET-Serial1/0]in%Jul 16 14:10:25:910 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial1/0 changed to up.
%Jul 16 14:10:25:923 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface MP-group1 changed to up.
%Jul 16 14:10:25:924 2025 INTERNET IFNET/3/PHY_UPDOWN: Physical state on the interface MP-group1 changed to up.[INTERNET-Serial1/0]int s2/0
[INTERNET-Serial2/0]ppp mp mp
[INTERNET-Serial2/0]ppp mp MP-group 1
[INTERNET-Serial2/0]%Jul 16 14:10:46:982 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial2/0 changed to down.[INTERNET-Serial2/0]ppp au
[INTERNET-Serial2/0]ppp authentication-mode c%Jul 16 14:10:53:033 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial2/0 changed to up.
h%Jul 16 14:10:53:038 2025 INTERNET IFNET/5/LINK_UPDOWN: Line protocol state on the interface Serial2/0 changed to down.
ap
[INTERNET-Serial2/0]ppp chap user ssz

12.配置 EASY IP，只有业务网段和的数据流可以通过 R1 访问互联网192.168.1.0/24 192.168.2.0/2411.R1 开启

[R1]acl basic 2000
[R1-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R1]int MP-group 1
[R1-MP-group1]nat outbound 2000

13.TELNET 远程管理，使用用户ssz登录，密码 123456.com，只允许技术部远程管理 R1

[R1]telnet server enable 
[R1]local-user ssz class manage 
New local user added.
[R1-luser-manage-ssz]password simple 123456.com
[R1-luser-manage-ssz]service-type telnet
[R1-luser-manage-ssz]authorization-attribute user-role level-15
[R1-luser-manage-ssz]qu
[R1]user-interface vty 0 4
[R1-line-vty0-4]user-role level-15[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule permit tcp source 192.168.2.0 0.0.0.255 destination-p
ort eq telnet
[R1-acl-ipv4-adv-3000]rule deny tcp
[R1-acl-ipv4-adv-3000]qu
[R1]int range g0/0 to g0/2
[R1-if-range]packet-filter 3000 inbound

测试

在pc_1 不能登录
<H3C>telnet 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Failed to connect to the remote host! 
pc_2能登录
<H3C>telnet 202.100.1.2
Trying 202.100.1.2 ...
Press CTRL+K to abort
Connected to 202.100.1.2 ...******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************Login: abc
Password: 
<R1>

查看全文

http://www.dtcms.com/a/283558.html