综合小实验之电视机

综合小实验1

一、实验拓扑图

二、实验要求

1. 按照图示配置IP地址；
2. 按照图示区域划分配置对应的动态路由协议；
3. 在R7上配置dhcp服务器，能够让pc可以获取IP地址；
4. 将所有环回⼝宣告进ospf中，将环回⼝7宣告进rip中，将rip路由引⼊ospf 中，ospf路由引⼊rip中 ；
5. 要求实现全⽹互通；
6. 在r3和r6上开启rip的端⼝验证，密码为maoqi；
7. 在R5和R4上开启ospf端⼝验证，密码为maoqi；
8. 要求在R4上配置ftp服务，测试时可以允许所有设备均可登录访问；
9. 要求在R1上配置telnet服务，测试时可以允许所有设备均可登录访问管理；
10. 要求拒绝R5访问R1的telnet服务，其他设备均不影响；
11. 要求拒绝R2访问R4的ftp服务，其他设备均不影响；
12. 要求拒绝10.1.1.0/24⽹段ping通R1地址；

三、实验步骤

1. 配置IP地址

   R1：

   [H3C]sysn R1
   [R1]int g0/0
   [R1-GigabitEthernet0/0]ip add 192.168.1.1 24
   [R1-GigabitEthernet0/0]int g0/1
   [R1-GigabitEthernet0/1]ip add 192.168.2.1 24
   [R1-GigabitEthernet0/1]int g0/2
   [R1-GigabitEthernet0/2]ip add 100.3.3.1 24
   [R1-GigabitEthernet0/2]quit
   [R1]int lo0                 //配置环回口地址LoopBack 0 简写为lo0
   [R1-LoopBack0]ip add 1.1.1.1 32
   [R1-LoopBack0]quit
   

   R2：

   [H3C]sysn R2
   [R2]int g0/0
   [R2-GigabitEthernet0/0]ip add 192.168.1.2 24
   [R2-GigabitEthernet0/0]int g0/1
   [R2-GigabitEthernet0/1]ip add 192.168.3.2 24
   [R2-GigabitEthernet0/1]int g0/2
   [R2-GigabitEthernet0/2]ip add 100.1.1.2 24
   [R2-GigabitEthernet0/2]quit
   [R2]int LoopBack 0
   [R2-LoopBack0]ip add 2.2.2.2 32
   [R2-LoopBack0]quit
   

   R3：

   <H3C>sys
   System View: return to User View with Ctrl+Z.
   [H3C]
   [H3C]sysn R3
   [R3]int g0/0 
   [R3-GigabitEthernet0/0]ip add 192.168.2.3 24
   [R3-GigabitEthernet0/0]int g0/1
   [R3-GigabitEthernet0/1]ip add 192.168.3.3 24
   [R3-GigabitEthernet0/1]int g0/2
   [R3-GigabitEthernet0/2]ip add 200.2.2.3 24
   [R3-GigabitEthernet0/2]int g5/0
   [R3-GigabitEthernet5/0]ip add 200.1.1.3 24
   [R3-GigabitEthernet5/0]quit
   [R3]int lo0
   [R3-LoopBack0]ip add 3.3.3.3 32
   [R3-LoopBack0]quit
   

   R4：

   <H3C>sys
   System View: return to User View with Ctrl+Z.
   [H3C]sysn R4
   [R4]int g0/0
   [R4-GigabitEthernet0/0]ip add 172.16.3.4 24
   [R4-GigabitEthernet0/0]int g0/1
   [R4-GigabitEthernet0/1]ip add 172.16.1.4 24
   [R4-GigabitEthernet0/1]int g0/2
   [R4-GigabitEthernet0/2]ip add 100.3.3.4 24
   [R4-GigabitEthernet0/2]qu
   [R4]int lo0
   [R4-LoopBack0]ip add 4.4.4.4 32
   [R4-LoopBack0]qu
   

   R5：

   <H3C>sys
   System View: return to User View with Ctrl+Z.
   [H3C]sysn R5
   [R5]int g0/0
   [R5-GigabitEthernet0/0]ip add 172.16.1.5 24
   [R5-GigabitEthernet0/0]int g0/1
   [R5-GigabitEthernet0/1]ip add 172.168.2.5 24
   [R5-GigabitEthernet0/1]int g0/2
   [R5-GigabitEthernet0/2]ip add 100.2.2.5 24
   [R5-GigabitEthernet0/2]qu
   [R5]int lo0
   [R5-LoopBack0]ip add 5.5.5.5 32
   [R5-LoopBack0]qu
   

   R6：

   <H3C>sys
   System View: return to User View with Ctrl+Z.
   [H3C]sysn R6
   [R6]int g0/0
   [R6-GigabitEthernet0/0]ip add 200.3.3.6 24
   [R6-GigabitEthernet0/0]int g0/1
   [R6-GigabitEthernet0/1]ip add 200.1.1.6 24
   [R6-GigabitEthernet0/1]int g0/2
   [R6-GigabitEthernet0/2]ip add 172.16.3.6 24
   [R6-GigabitEthernet0/1]int g5/0
   [R6-GigabitEthernet5/0]ip add 172.16.2.6 24
   [R6-GigabitEthernet5/0]qu
   [R6]int lo0
   [R6-LoopBack0]ip add 6.6.6.6 32
   [R6-LoopBack0]qu
   

   R7：

   [R7]int g0/0
   [R7-GigabitEthernet0/0]ip add 200.2.2.7 24
   [R7-GigabitEthernet0/0]int g0/1
   [R7-GigabitEthernet0/1]ip add 200.3.3.7 24
   [R7-GigabitEthernet0/1]int g0/2
   [R7-GigabitEthernet0/2]ip add 100.1.1.7 24
   [R7-GigabitEthernet0/2]int g5/0
   [R7-GigabitEthernet5/0]ip add 100.2.2.7 24
   [R7-GigabitEthernet5/0]int g5/1
   [R7-GigabitEthernet5/1]ip add 10.1.1.7 24
   [R7-GigabitEthernet5/1]qu
   [R7]int lo0
   [R7-LoopBack0]ip add 7.7.7.7 32
   [R7-LoopBack0]qu
   

2. 划分对应的动态路由协议

   R1：

   <R1>sys
   System View: return to User View with Ctrl+Z.
   [R1]ospf 1 router-id 1.1.1.1   //手动配置全局的router-id
   [R1-ospf-1]area 0      //设置为主干区域
   [R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
   [R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255   //宣告网段
   [R1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
   [R1-ospf-1-area-0.0.0.0]network 100.3.3.0 0.0.0.255
   [R1-ospf-1-area-0.0.0.0]qu
   [R1-ospf-1]dis this     //查看宣告的网段
   #
   ospf 1
    area 0.0.0.0
     network 1.1.1.1 0.0.0.0
     network 100.3.3.0 0.0.0.255
     network 192.168.1.0 0.0.0.255
     network 192.168.2.0 0.0.0.255
   #
   return
   

   R2：

   [R2]ospf 1 router-id 2.2.2.2
   [R2-ospf-1]area 0
   [R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
   [R2-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
   [R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
   [R2-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
   [R2-ospf-1-area-0.0.0.0]qu
   [R2-ospf-1]dis this
   #
   ospf 1
    area 0.0.0.0
     network 2.2.2.2 0.0.0.0
     network 100.1.1.0 0.0.0.255
     network 192.168.1.0 0.0.0.255
     network 192.168.3.0 0.0.0.255
   #
   

   R3：

   [R3]ospf 1 router-id 3.3.3.3
   [R3-ospf-1]area  0
   [R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
   [R3-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
   [R3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
   [R3-ospf-1-area-0.0.0.0]qu
   [R3-ospf-1]dis this
   #
   ospf 1
    area 0.0.0.0
     network 3.3.3.3 0.0.0.0
     network 192.168.2.0 0.0.0.255
     network 192.168.3.0 0.0.0.255
   #
   return
   [R3-ospf-1]quit
   [R3]rip 1
   [R3-rip-1]version 2
   [R3-rip-1]undo summary 
   [R3-rip-1]network 200.1.1.0
   [R3-rip-1]network 200.2.2.0
   [R3-rip-1]qu
   

   R4：

   [R4]ospf 2 router-id 4.4.4.4
   [R4-ospf-2]area 0
   [R4-ospf-2-area-0.0.0.0]netwrok 4.4.4.4 0.0.0.0
   [R4-ospf-2-area-0.0.0.0]network 100.3.3.0 0.0.0.255
   [R4-ospf-2-area-0.0.0.0]network 172.16.3.0 0.0.0.255
   [R4-ospf-2-area-0.0.0.0]qu
   [R4-ospf-2]dis this
   #
   ospf 2
    area 0.0.0.0
     network 4.4.4.4 0.0.0.0
     network 100.3.3.0 0.0.0.255
     network 172.16.1.0 0.0.0.255
     network 172.16.3.0 0.0.0.255
   #
   return
   

   R5：

   [R5]ospf 2 router-id 5.5.5.5
   [R5-ospf-2]area 0
   [R5-ospf-2-area-0.0.0.0]network 5.5.5.5 0.0.0.0
   [R5-ospf-2-area-0.0.0.0]network 172.16.1.0 0.0.0.255
   [R5-ospf-2-area-0.0.0.0]network 100.2.2.0 0.0.0.255
   [R5-ospf-2-area-0.0.0.0]qu
   [R5-ospf-2]dis this
   #
   ospf 2
    area 0.0.0.0
     network 5.5.5.5 0.0.0.0
     network 100.2.2.0 0.0.0.255
     network 172.16.1.0 0.0.0.255
     network 172.16.2.0 0.0.0.255
   #
   return
   

   R6：

   [R6]ospf 2 router-id 6.6.6.6
   [R6-ospf-2]area 0
   [R6-ospf-2-area-0.0.0.0]network 6.6.6.6 0.0.0.0
   [R6-ospf-2-area-0.0.0.0]network 172.16.3.0 0.0.0.255
   [R6-ospf-2-area-0.0.0.0]qu
   [R6-ospf-2]dis this
   #
   ospf 2
    area 0.0.0.0
     network 6.6.6.6 0.0.0.0
     network 172.16.2.0 0.0.0.255
     network 172.16.3.0 0.0.0.255
   #
   return
   [R6-ospf-2]qu
   [R6]rip 1
   [R6-rip-1]version 2
   [R6-rip-1]undo summary 
   [R6-rip-1]network 200.1.1.0 
   [R6-rip-1]network 200.3.3.0
   [R6-rip-1]dis this
   #
   rip 1
    undo summary
    version 2
    network 200.1.1.0
    network 200.3.3.0
   #
   return
   

   R7:

   [R7]rip 1
   [R7-rip-1]version 2
   [R7-rip-1]undo summary 
   [R7-rip-1]net 200.2.2.7
   [R7-rip-1]net 200.3.3.7
   [R7-rip-1]net 7.7.7.7
   [R7-rip-1]quit
   [R7]ospf 1
   [R7-ospf-1]area 0
   [R7-ospf-1-area-0.0.0.0]net 100.1.1.0 0.0.0.255
   [R7-ospf-1-area-0.0.0.0]qu
   [R7-ospf-1]quit
   [R7]
   [R7]ospf 2
   [R7-ospf-2]area 0
   [R7-ospf-2-area-0.0.0.0]net 100.2.2.0 0.0.0.255
   [R7-ospf-2-area-0.0.0.0]quit
   [R7-ospf-2]quit
   

3. 在R7上配置DHCP服务器，让PC端可以自动获取IP地址

   [R7]dhcp enable
   [R7]dhcp server ip-pool 1
   [R7-dhcp-pool-1]network 10.1.1.0 24         //设置需要分配的网段
   [R7-dhcp-pool-1]gateway-list 10.1.1.7  //配置网关
   [R7-dhcp-pool-1]qu
   

   

4. 将rip路由引入ospf中，ospf路由引入rip中

   R3：

   [R3]rip 1
   [R3-rip-1]import-route ospf 1    //在rip路由引入ospf
   [R3-rip-1]import-route direct 
   [R3-rip-1]qu
   [R3]ospf 1
   [R3-ospf-1]import-route rip 1    //在ospf中引入rip
   [R3-ospf-1]import-route direct 
   [R3-ospf-1]
   

   R6：

   [R6]rip 1
   [R6-rip-1]import-route ospf 2
   [R6-rip-1]import-route direct 
   [R6-rip-1]qu
   [R6]ospf 2
   [R6-ospf-2]import-route rip 1
   [R6-ospf-2]import-route direct 
   [R6-ospf-2]
   

   R7：

   [R7]rip
   [R7-rip-1]import-route ospf 1
   [R7-rip-1]import-route ospf 2
   [R7-rip-1]import-route direct 
   [R7-rip-1]quit
   [R7]ospf 1
   [R7-ospf-1]import-route rip 1
   [R7-ospf-1]import-route direct 
   [R7-ospf-1]quit
   [R7]ospf 2
   [R7-ospf-2]import-route rip 1
   [R7-ospf-2]import-route direct 
   [R7-ospf-2]quit
   

5. 实现全网互通

   在R1中去pingR7，或者去ping其他端口都是可以ping通的

   

   因为在之前我们在ospf协议中或者在rip协议中宣告了环回口的路由，所以我们可以直接用环回口的路由来ping。

6. 在R3和R6开启rip的端口验证，密码为maoqi。

   R3：

   [R3]int g5/0
   [R3-GigabitEthernet5/0]rip authentication-mode simple plain maoqi
   [R3-GigabitEthernet5/0]quit
   

   R6：

   [R6]int g0/1
   [R6-GigabitEthernet0/1]rip authentication-mode simple plain maoqi
   [R6-GigabitEthernet0/1]quit
   

7. 在R5和R4上开启ospf端口验证，密码为123。

   R4：

   [R4]int g0/1
   [R4-GigabitEthernet0/1]ospf authentication-mode simple plain 123
   [R4-GigabitEthernet0/1]quit
   

   R5：

   [R5]int g0/0
   [R5-GigabitEthernet0/0]ospf authentication-mode simple plain 123
   [R5-GigabitEthernet0/0]quit
   

8. 在R4上配置ftp服务，允许所有设备登陆访问

   [R4]ftp server enable    //开启ftp服务
   [R4]local-user maoqi class manage    //创建用户
   New local user added.
   [R4-luser-manage-maoqi]password simple 123456789a
   [R4-luser-manage-maoqi]service-type ftp    为创建的用户开启ftp服务
   [R4-luser-manage-maoqi]quit
   [R4]line vty  0 4
   [R4-line-vty0-4]authentication-mode scheme 
   [R4-line-vty0-4]user-role level-15
   [R4-line-vty0-4]quit
   

   在R2中调用FTP服务，发现是可以调用成功的
   

9. 在R1上配置telnet服务，允许所有设备登陆访问

   [R1]telnet server enable 
   [R1]local-user maoqi class manage 
   New local user added.
   [R1-luser-manage-maoqi]password simple 123456789a
   [R1-luser-manage-maoqi]service-type telnet
   [R1-luser-manage-maoqi]authorization-attribute user-role 15
   [R1-luser-manage-maoqi]qu
   [R1]line vty 0 4
   [R1-line-vty0-4]authentication-mode scheme 
   [R1-line-vty0-4]user-role level-15
   

10. 只拒绝R5访问R1的ftp服务

    [R1]acl advanced 3000
    [R1-acl-ipv4-adv-3000]rule deny tcp source 100.2.2.5 0 destination-port eq telne
    t 
    [R1-acl-ipv4-adv-3000]rule deny tcp source 172.16.2.5 0 destination-port eq teln
    et 
    [R1-acl-ipv4-adv-3000]rule deny tcp source 172.16.1.5 0 destination-port eq teln
    [R1-acl-ipv4-adv-3000]rule deny tcp source 5.5.5.5 0 destination-port eq telnet
    [R1-acl-ipv4-adv-3000]quit
    [R1]int g0/0
    [R1-GigabitEthernet0/0]packet-filter 3000 inbound 
    [R1-GigabitEthernet0/0]int g0/1
    [R1-GigabitEthernet0/1]packet-filter 3000 inbound 
    [R1-GigabitEthernet0/1]int g0/2
    [R1-GigabitEthernet0/2]packet-filter 3000 inbound
    

    查看配置
    

    配置完成后在R5去访问R1的telnet服务，发现被拒绝

    

11. 只拒绝R2访问R4的ftp服务

    [R4]acl ad
    [R4]acl advanced 3000
    [R4-acl-ipv4-adv-3000]rule deny tcp source 192.168.1.2 0 destination-port range 
    20 21
    [R4-acl-ipv4-adv-3000]rule deny tcp source 192.168.3.2 0 destination-port range 
    20 21
    [R4-acl-ipv4-adv-3000]rule deny tcp source 100.1.1.2 0 destination-port range 20
     21
    [R4-acl-ipv4-adv-3000]rule deny tcp source 2.2.2.2 0 destination-port range 20 21
    
    [R4-acl-ipv4-adv-3000]dis this
    #
    acl advanced 3000
     rule 5 deny tcp source 192.168.1.2 0 destination-port range ftp-data ftp
     rule 10 deny tcp source 192.168.3.2 0 destination-port range ftp-data ftp
     rule 15 deny tcp source 100.1.1.2 0 destination-port range ftp-data ftp
     rule 20 deny tcp source 2.2.2.2 0 destination-port range ftp-data ftp
    #
    return
    [R4-acl-ipv4-adv-3000]quit
    [R4]int g0/0
    [R4-GigabitEthernet0/0]packet-filter 3000 inbound 
    [R4-GigabitEthernet0/0]int g0/1
    [R4-GigabitEthernet0/1]packet-filter 3000 inbound 
    [R4-GigabitEthernet0/1]int g0/2
    [R4-GigabitEthernet0/2]packet-filter 3000 inbound 
    [R4-GigabitEthernet0/2]quit
    

12. 拒绝10.1.1.0/24网段ping通R1地址

    R1：

    [R1]acl basic 2000
    [R1-acl-ipv4-basic-2000]rule deny source 10.1.1.0 0.0.0.255 
    [R1-acl-ipv4-basic-2000]quit
    [R1]int range g0/0 to g0/2
    [R1-if-range]packet-filter 2000 inbound 
    [R1-if-range]quit
    

    此时在pc1中去pingR1发现ping不通