网络设备实训总结报告基于H3C设备_网络设备维护实训报告

网络设备实训总结报告基于H3C设备由刀豆文库小编整理，希望给你工作、学习、生活带来方便，猜你可能喜欢“网络设备维护实训报告”。

※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※

网络设备配置与管理实训小结

—基于H3C设备

1.学习到的网络互联知识总结归纳

一、调试命令 思科：

Switch#show run

显示所有配置命令

Switch#show

ip

inter

brief

显示所有接口状态 Switch#show vlan brief

显示所有VLAN的信息 Switch#show

version

显示版本信息 华为：

[Quidway]dis cur 显示所有配置命令

[Quidway]display interfaces

显示所有接口状态 [Quidway]display vlan all

显示所有VLAN的信息

[Quidway]display version

显示版本信息

二、接口配置命令 思科：

Switch(config)#interface f0/8 进入接口视图 Switch(config-if)#no shut 此命令开启接口 Switch(config-if)#description to server01 端口描述

Switch(config-if)#ip add 192.168.1.100 255.255.255.0 设置接口IP

华为：

[Quidway]interface e0/1 进入接口视图 [Quidway]undo shutdown 此命令开启接口 [Quidway]description to server02

端口描述

[Quidway]ip add 192.168.1.102 255.255.255.0

设置接口IP

三、VLAN配置命令： 思科：

建立和删除VLAN Switch# vlan database Switch(vlan)# vlan 20 name test20 Switch(vlan)# no vlan 20 Switch(vlan)# exit 将端口分配给一个VLAN Switch(config)# interface f0/1

Switch(config-if)# switchport mode acce Switch(config-if)# switchport acce vlan 20 设置VLAN TRUNK

Switch(config)# interface f0/24

Switch(config-if)# switchport mode trunk

Switch(config-if)#switchport trunk allow vlan {ID|All} Switch(config-if)# switchport trunk encapsulation dot1q 华为：

建立和删除VLAN [Quidway]vlan 30 [Quidway]undo vlan 30 将端口分配给一个VLAN [Quidway]int ethernet0/1 [Quidway-Ethernet0/1]port acce vlan 30(port default vlan 30)或[Quidway]vlan 30

[Quidway-vlan3]port ethernet 0/1 在VLAN中增加端口

[Quidway-vlan3]port ethernet 0/1 to ethernet 0/4

在VLAN中增加多个连续端口 设置VLAN TRUNK [Quidway]int e0/24

[Quidway-Ethernet0/24] port link-type trunk [Quidway-Ethernet0/24]port trunk permit vlan {ID|All}

四、端口镜像配置 思科： 配置镜像源端口

Switch(config)#monitor seion 1 source interface gigabitEthernet 0/2-5 rx 上面命令最后一个参数: both 监听双向数据,默认为both rx

接收 tx

发送

配置镜像目的端口

Switch(config)#monitor seion 1 destination interface gigabitEthernet 0/6 删除镜像端口

Switch(config)#no monitor seion 1 华为：

将端口E0/2配置为监控端口 [Quidway]monitor-port Ethernet 0/2 端口E0/1配置为镜像端口 [Quidway]port mirror Ethernet 0/1 或者直接配置监控端口和镜像端口

[Quidway]port mirror Ethernet 0/1 observing-port Ethernet 0/2 删除镜像[Quidway]undo

monitor-port

五、冗余配置 思科HSRP：

Switch# interface Vlan20

ip addre 172.29.197.33 255.255.255.248 standby 20 ip 172.29.197.53 standby 20 priority 105

优先级

standby 20 preempt

抢占

standby 20 track GigabitEthernet0/25 decrement 10

跟踪端口如果DOWN了优先级减10 华为VRRP：

[Quidway]interface Vlanif30 ip addre 172.29.197.9

255.255.255.248 vrrp vrid 30 virtual-ip 172.29.141.11 vrrp vrid 30 priority 150 优先级

vrrp vrid 30 preempt-mode

抢占

vrrp vrid 30 track interface GigabitEthernet0/0/18 reduced 60 跟踪端口如果DOWN了优先级减60

2.完成实训项目的主要实施过程说明

项目一交换网络组建

实验1.1络设备的基本配置

sysSystem View: return to User View with Ctrl+Z.[H3C]vlan 10 [H3C –Vlan10]port Ethernet1/0/1 to Ethernet1/0/10 [H3C-vlan10]quit [H3C]int Vlan-interface 10 [H3C-Vlan-interface10]ip addre 192.168.1.1 255.255.255.0 [H3C-Vlan-interface10]quit

[H3C]user-interface vty 0 4

//进入VTY 用户界面视图，E328支持0-4共5个VTY用户同时登录，S2126只支持一个用户同时登录// [H3C-ui-vty0-4]authentication-mode paword //设置通过VTY 口登录交换机的用户进行Paword 认证//

[H3C-ui-vty0-4]set authentication paword simple 123 // 设置用户的认证口令为明文方式，口令为123//

[H3C-ui-vty0-4]user privilege level 3 // 设置从VTY用户界面登录后可以访问的命令级别为3 级，默认为0级// [H3C-ui-vty0-4]protocol inbound telnet

//设置VTY0用户界面支持Telnet 协议// 实训1.2 交换机链路聚合配置

1.交换机H3C S2126配置

system [H3C]sysname S2126 [S2126]interface Ethernet 0/1 [S2126-Ethernet0/1]duplex full

//聚合端口的双工状态// [S2126-Ethernet0/1]speed 100

//聚合端口的速率100// [S2126-Ethernet0/1]quit [S2126]interface Ethernet 0/2

//聚合端口的端口号必须连续// [S2126-Ethernet0/2]duplex full

//聚合端口的双工状态// [S2126-Ethernet0/2]speed 100

//聚合端口的速率100// [S2126-Ethernet0/2]quit [S2126]link-aggregation Ethernet 0/1 to Ethernet 0/2

2.交换机H3C E328配置

system [H3C]sysname E328 [E328]interface Ethernet 1/0/1 [E328-Ethernet1/0/1]duplex full

//聚合端口的双工状态// [E328-Ethernet1/0/1]speed 100

//聚合端口的速率100// [E328-Ethernet1/0/1]quit [E328]interface Ethernet 1/0/2

//聚合端口的端口号必须连续// [E328-Ethernet1/0/2]duplex full

//聚合端口的双工状态// [E328-Ethernet1/0/2]speed 100

//聚合端口的速率100// [E328-Ethernet1/0/2]quit [E328]link-aggregation group 100 mode manual

//设置链路汇聚组100手动模式// [E328interface Ethernet 1/0/1 [E328-Ethernet1/0/1]port link-aggregation group 100 //将端口E1/0/1划入端口的链路汇聚组100// [E328-Ethernet1/0/1]quit [E328]interface Ethernet 1/0/2 [E328-Ethernet1/0/2]port link-aggregation group 100

//将端口E1/0/2划入端口的链路汇聚组100// [E328-Ethernet1/0/2]quit #交换机S2126

[S2126]disp link-aggregation Master port: Ethernet0/1

Other sub-ports:

Ethernet0/2 #交换机E328 [E328]disp link-aggregation interface Ethernet 1/0/1

Ethernet1/0/1:

Selected AggID: 100 Local:

Port-Priority: 32768, Oper key: 1, Flag: 0x00

Remote:

System ID: 0x0, 0000-0000-0000

Port Number: 0, Port-Priority: 0 , Oper-key: 0, Flag: 0x00

实训1.3 交换机端口镜像配置

1.交换机H3C S2126配置

system [H3C]sysname S2126 [S2126] monitor-port Ethernet 0/2 //显示端口E0/24// [S2126] mirroring-port Ethernet 0/1 to Ethernet 0/3 both

//镜像端口E0/1到E0/3// #交换机S2126 显示汇聚端口组的相关信息

[S2126]display mirror Monitor-port:

Ethernet0/24 Mirroring-port:

Ethernet0/1

both

Ethernet0/2

both

Ethernet0/3

both [S2126]display current-configuration sysname S2126 Monitor-port:

Ethernet0/24 Mirroring-port:

Ethernet0/1

both

Ethernet0/2

both

Ethernet0/3

both

vlan 1 interface vlan-interface1 ip addre : not configured interface Ethernet0/1 interface Ethernet0/2-------user-interface aux 0 user-interface vty 0 2.交换机H3C E328配置

system [H3C]sysname E328 [E328]interface Ethernet 1/0/24 [E328-Ethernet1/0/24] monitor-port [E328-Ethernet1/0/24]quit [E328]interface Ethernet 1/0/1 [E328-Ethernet1/0/1] mirroring-port both [E328-Ethernet1/0/1]quit [E328]interface Ethernet 1/0/2 [E328-Ethernet1/0/2] mirroring-port both [E328-Ethernet1/0/2]quit 显示汇聚端口组的相关信息 #交换机E328 [E328] display mirror Monitor-port:

Ethernet1/0/24 Mirroring-port:

Ethernet1/0/1

both

Ethernet1/0/2

botH

[E328]display current-configuration sysname E328 link-aggregation group 100 mode manual radius scheme system domain system vlan 1 interface Aux1/0/0 interface Ethernet1/0/1 mirroring-port both interface Ethernet1/0/2 mirroring-port both interface Ethernet1/0/3 interface Ethernet1/0/23 interface Ethernet1/0/24 monitor-port

interface GigabitEthernet1/1/1 interface GigabitEthernet1/1/2 interface GigabitEthernet1/1/3 undo irf-fabric authentication-mode interface NULL0 user-interface aux 0 7 user-interface vty 0 4

实训1.4 单交换机VLAN配置

system [H3C]sysname S2126

[S2126]vlan 100

//创建vlan100 //

[S2126-Vlan100]port Ethernet0/1 //将端口E0/1划入vlan100// [S2126-Vlan100]quit [S2126]interface Ethernet0/3

[S2126-Ethernet0/3]port link-type acce

[S2126-Ethernet0/3]port acce vlan 100

//将端口E0/3划入vlan100// [S2126-Ethernet0/3]quit [S2126]vlan 200

//创建vlan200//

[S2126-VLAN200]port Ethernet0/2

//将端口E0/2划入vlan200// [S2126-VLAN200]quit [S2126]interface Ethernet0/4

[S2126-Ethernet0/4]port link-type acce [S2126-Ethernet0/4]port acce vlan 200

//将端口E0/1划入vlan200// [S2126-Ethernet0/4]quit #交换机S2126 [S2126]disp vlan 100 VLAN ID: 100 VLAN Type: Static Route Interface: not configured Tagged Ports: none Untagged Ports:

Ethernet0/1

Ethernet0/3 Port-isolate: disable

[SwitchA]disp vlan 200 VLAN ID: 200 VLAN Type: Static Route Interface: not configured Tagged Ports: none Untagged Ports:

Ethernet0/2

Ethernet0/4 Port-isolate: disable

#在PCA的命令行方式下测试能ping通PCC C:>ping 192.168.2.30 Pinging 192.168.2.30with 32 bytes of data: Reply from 192.168.2.30: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms #在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.2.20 Pinging 192.168.2.20 with 32 bytes of data: Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.2.20:

Packets: Sent = 4, Received = 0, Lost = 4(100% lo)[S2126]display current-configuration SysnameS2126 The monitor port has not been configured vlan 1 vlan 100 vlan 200 interface vlan-interface1 ip addre : not configured interface Ethernet0/1 port acce vlan 100 interface Ethernet0/2 port acce vlan 200 interface Ethernet0/3 port acce vlan 100 interface Ethernet0/4

port acce vlan 200

实训1.5 多交换机VLAN配置

交换机H3C S2126配置

system [H3C]sysname S2126 [ S2126]vlan 2 [S2126-Vlan2]port Ethernet0/17 to Ethernet0///将E0/17到E0/21划入VLAN 2//

[S2126-Vlan2]quit [ S2126]vlan 3 [ S2126-VLAN3]port Ethernet0/9 to Ethernet0/16

//将E0/9到E0/16划入VLAN 3//

[ S2126-VLAN3]quit [ S2126]interface Ethernet 0/8 [ S2126-Ethernet0/8]port link-type trunk

//配置交换机间的端口为Trunk// [ S2126-Ethernet0/8] port trunk permit vlan all

//允许所有VLAN通过// [ S2126-Ethernet0/8]quit 交换机H3C E328配置

system [H3C]sysname E328 [ E328]vlan 2 [ E328-vlan2]port Ethernet 1/0/17 to Ethernet 1/0/21

//将E1/0/17到E1/0/21划入VLAN 2// [ E328-vlan2]quit [ E328]vlan 3 [ E328-VLAN3]port Ethernet 1/0/9 to Ethernet 1/0/16

//将E1/0/9到E1/0/16划入VLAN 2// [E328-VLAN3]quit3 [E328]interface Ethernet 1/0/8

[ E328-Ethernet1/0/8]port link-type trunk

/配置交换机间的端口为Trunk// [E328-Ethernet1/0/8] port trunk permit vlan all

//允许所有VLAN通过// [ E328-Ethernet1/0/8]quit

#在PC1的命令行方式下测试能ping通PC3 C:>ping 192.168.2.30 Pinging 192.168.2.30with 32 bytes of data: Reply from 192.168.2.30: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms #在PC1的命令行方式下测试能ping通PC2 C:>ping 192.168.3.20 Pinging 192.168.3.20 with 32 bytes of data: Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.3.20: Packets: Sent = 4, Received = 0, Lost = 4(100% lo),3.项目二局域网间互联

4.5.实训2.1 静态路由配置

[H3C]sysnameRA

[RA]interface Ethernet 0/0 [RA-Ethernet0/0]ip addre 192.168.2.1 24 [RA-Ethernet0/0]undo shutdown Interface Ethernet0/0 is not shut down [RA-Ethernet0/0]quit [RA]interface Serial 0/0 [RA-Serial0/0]ip addre 192.168.3.1 24 [RA-Serial0/0] %Jun 12 04:02:43:354 2012 RA IFNET/5/UPDOWN:PPP IPCP protocol on the interface Serial0/0 is DOWN %Jun 12 04:02:43:368 2012 RA IFNET/5/UPDOWN:PPP IPCP protocol on the interface Serial0/0 is UP [RA-Serial0/0]undo shutdown Interface Serial0/0 is not shut down [RA-Serial0/0]quit [RA]ip route-static 192.168.4.0 24 192.168.3.2 preference 60

//配置静态路由// [RA] [H3C]sysynameRB [RB]interface Ethernet 0/0 [RB-Ethernet0/0]ip addre 192.168.4.1 24 [RB-Ethernet0/0]undo shutdown Interface Ethernet0/0 is not shut down [RB-Ethernet0/0]quit [RB]interface Serial 0/0 [RB-Serial0/0]ip addre 192.168.3.2 24

[RB-Serial0/0] %Jun 12 08:34:26:237 2012 RB IFNET/5/UPDOWN:PPP IPCP protocol on the interface Serial0/0 is DOWN %Jun 12 08:34:26:248 2012 RB IFNET/5/UPDOWN:PPP IPCP protocol on the interface Serial0/0 is UP [RB-Serial0/0]undo shutdown Interface Serial0/0 is not shut down [RB-Serial0/0]quit [RB]ip route-static 192.168.2.0 24 192.168.3.1 perference 60 //配置静态路由// [RB]quit #在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.4.2 Pinging 192.168.4.2 with 32 bytes of data: Reply from 192.168.4.2: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms 实训2.2 动态路由协议RIP配置

system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0]undo shutdown [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Serial0/0]undo shutdown [RouterA-Serial0/0]quit

[RouterA]rip

//配置RIP路由// [RouterA-rip]network 192.168.1.0 [RouterA-rip]network 192.168.2.0 [RouterA-rip]quit [SwitchA]

system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 255.255.255.0 [RouterB-Ethernet0/0]undo shutdown [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.2.2 255.255.255.0 [RouterB-Serial0/0]undo shutdown [RouterB-Serial0/0]quit

[RouterB]rip

//配置RIP路由// [RouterB-rip]network 192.168.2.0 [RouterB-rip]network 192.168.3.0 [RouterB-rip]quit [SwitchB]

[RouterA] disp ip routing Routing Table: public net Destination/Mask

Protocol Pre Cost

Nexthop

Interface 127.0.0.0/8

DIRECT

0

0

127.0.0.1

InLoopBack0 127.0.0.1/32

DIRECT

0

0

127.0.0.1

InLoopBack0 192.168.1.0/24

DIRECT

0

0

192.168.1.1

Ethernet0/0 192.168.1.1/32

DIRECT

0

0

127.0.0.1

InLoopBack0 192.168.2.0/24

DIRECT

0

0

192.168.2.1

Serial0/0 192.168.2.1/32

DIRECT

0

0

127.0.0.1

InLoopBack0 192.168.2.2/32

DIRECT

0

0

192.168.2.2

Serial0/0 192.168.3.0/24

RIP

1

192.168.2.2

Serial0/0

[RouterA]display rip routing RIP routing table: public net A = Active

I = Inactive

G = Garbage collection C = Change

T = Trigger RIP Destination/Mask

Cost NextHop

Age

SourceGateway

Att 192.168.3.0/24

192.168.2.2

15s

192.168.2.2

A [RouterA]disp rip

RIP is running

public net

Checkzero is on

Default cost : 1

Summary is on

Preference : 100

Validate-source-addre is on

Traffic-share-acro-interface is off

Period update timer : 30

Timeout timer : 180

Garbage-collection timer : 120

No peer router

Network :

192.168.1.0

192.168.2.0

#在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

实训2.3 动态路由协议OSPF配置

system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0]undo shutdown [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Serial0/0]undo shutdown [RouterA-Serial0/0]quit

[RouterA]ospf

//配置OSPF路由// [RouterA]ospf

[RouterA-ospf-1]area 0

[RouterA-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0]quit [RouterA-ospf-1]quit system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 255.255.255.0 [RouterB-Ethernet0/0]undo shutdown [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.2.2 255.255.255.0 [RouterB-Serial0/0]undo shutdown [RouterB-Serial0/0]quit

[RouterA]ospf

//配置OSPF路由// [RouterA]ospf

[RouterA-ospf-1]area 0

[RouterA-ospf-1-area-0.0.0.0]network 192.168.2.2 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0]network 192.168.3.1 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0]quit [RouterA-ospf-1]quit [RouterA] disp ospf routing

OSPF Proce 1 with Router ID 1.1.1.1

Routing Tables Routing for Network Destination

Cost Type NextHop

AdvRouter 192.168.2.0/24

1562 Stub 192.168.2.1

1.1.1.1

192.168.1.0/24Stub 192.168.1.1

1.1.1.1

192.168.3.0/24

1563 Stub 192.168.2.2

192.168.3.1 Total Nets: 3

Intra Area: 3 Inter Area: 0 ASE: 0 NSSA: 0 [RouterA]disp ospf brief OSPF Proce 1 with Router ID 1.1.1.1

OSPF Protocol Information RouterID: 1.1.1.1 Spf-schedule-interval: 5 Routing preference: Inter/Intra: 10 External: 150 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 SPF computation count: 7 Area Count: 1

Na Area Count: 0 LSA MaxAge Purge Time:Intra 135 Inter 199 Ase 17 Na 17 Area 0.0.0.0:

Authtype: none

Flags:

Area 0.0.0.0 0.0.0.0 0.0.0.0

SPF scheduled:

Interface: 192.168.2.1(Serial0/0)--> 192.168.2.2

Cost: 1562 State: PtoP

Type: PointToPoint

Priority: 1

Timers: Hello 10, Dead 40, Poll 40, Retransmit 5, Transmit Delay 1 Interface: 192.168.1.1(Ethernet0/0)

Cost: 1 State: DR

Type: Broadcast

Priority: 1

Designated Router: 192.168.1.1

Timers: Hello 10, Dead 40, Poll 40, Retransmit 5, Transmit Delay 1

#在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms 多区域的OSPF

system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0]undo shutdown [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Serial0/0]undo shutdown [RouterA-Serial0/0]quit

[RouterA]ospf

//配置OSPF路由//

[RouterA]ospf

[RouterA-ospf-1]area 0

[RouterA-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.255

//将192.168.2.0划入Area 0// [RouterA-ospf-1-area-0.0.0.0]quit [RouterA-ospf-1]area 1 [RouterA-ospf-1-area-1.1.1.1]network 192.168.1.1 0.0.0.255

//将192.168.1.0划入Area 1//

[RouterA-ospf-1-area-1.1.1.1]quit [RouterA-ospf-1]quit 同理Router B 操作过程与此相同。实训2.4 VLAN间路由配置(单臂路由)

system [H3C]sysname SwitchA

[SwitchA]vlan 2

//配置VLAN// [SwitchA-Vlan2]port Ethernet0/1 to Ethernet0/2 [SwitchA-Vlan2]quit [SwitchA]vlan 3 [SwitchA-VLAN3]port Ethernet0/9 to Ethernet0/10 [SwitchA-VLAN3]quit [SwitchA]interface Ethernet 0/24

[SwitchA-Ethernet0/24]port link-type trunk

//配置交换机与路由器连接的端口为Trunk// [SwitchA-Ethernet0/24] port trunk permit vlan all

//允许所有VLAN通过//

[SwitchA-Ethernet0/24]quit [SwitchA] H3C>system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]undo ip addre [RouterA-Ethernet0/0]quit [RouterA-Ethernet0/0]interface Ethernet 0/0.1 [RouterA-Ethernet0/0.1]ip addre 192.168.2.1 255.255.255.0 [RouterA-Ethernet0/0.1]vlan-type dot1q vid 2 [RouterA-Ethernet0/0.1]quit

[RouterA]interface Ethernet 0/0.2 [RouterA-Ethernet0/0.2]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0.2]vlan-type dot1q vid 3 [RouterA-Ethernet0/0.2]quit [RouterA] [RouterA]disp interface Ethernet 0/0.1 Ethernet0/0.100 current state :UP Line protocol current state :UP Description : Ethernet0/0.1 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Addre is 192.168.2.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware addre is 000f-e258-8582 Media type is twisted pair, loopback not set, promiscuous mode not set 100Mb/s, Full-duplex, link type is autonegotiation Output flow-control is disabled, input flow-control is disabled

0 packets input, 0 bytes, 0 drops 2 packets output, 92 bytes, 0 drops [RouterA]disp interface Ethernet 0/0.2 Ethernet0/0.200 current state :UP Line protocol current state :UP Description : Ethernet0/0.2 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Addre is 192.168.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware addre is 000f-e258-8582 Media type is twisted pair, loopback not set, promiscuous mode not set 100Mb/s, Full-duplex, link type is autonegotiation Output flow-control is disabled, input flow-control is disabled

0 packets input, 0 bytes, 0 drops 2 packets output, 92 bytes, 0 drops

#在PC1的命令行方式下测试能ping通PC3 C:>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.2: bytes=32 time

实训2.5 DHCP

[H3C]sysname AR28-11

[AR28-11]int e0/0 [AR28-11-Ethernet0/0]ip addree 192.168.2.1 255.255.255.0 [AR28-11-Ethernet0/0]undo shutdown Interface Ethernet0/0 is not shut down [AR28-11-Ethernet0/0]dhcp enable

//开启DHCP// DHCP task has already been started![AR28-11]dhcp server ip-pool net1

//DHCP服务器的IP池NET1// [AR28-11-dhcp-pool-net1]network 192.168.2.0 24 [AR28-11-dhcp-pool-net1]gateway-list 192.168.2.1 //网关列表192.168.2.1// [AR28-11-dhcp-pool-net1]dns-list 10.10.10.10

//DNS-名单10.10.10.10// [AR28-11-dhcp-pool-net1]quit [AR28-11]disp curr sysname AR28-11 cpu-usage cycle 1min radius scheme system domain system local-user admin paword cipher.]@USE=B,53Q=^Q`MAF4

interface Ethernet0/0

----More----[42D

42D ip addre 192.168.2.1 255.255.255.0 interface Ethernet0/1 ip addre dhcp-alloc interface Serial0/0 clock DTECLK1 link-protocol ppp ip addre dhcp-alloc interface NULL0 FTP server enable user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme return [AR28-11]

项目三 广域网接入

实训3.1 PPP协议配置(PAP验证)#路由器H3C AR28-11配置

system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Serial0/0]quit

[RouterA]rip

//配置RIP协议// [RouterA-rip]network 192.168.1.0 [RouterA-rip]network 192.168.2.0 [RouterA-rip]quit

system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 255.255.255.0 [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.2.2 255.255.255.0 [RouterB-Serial0/0]quit [RouterB]rip [RouterB-rip]network 192.168.2.0 [RouterB-rip]network 192.168.3.0 [RouterB-rip]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0] link-protocol ppp

//封装PPP协议//

[RouterA-Serial0/0] ppp pap local-user rta paword simple rta

//送给对端的用户名密码// [RouterA-Serial0/0] undo shutdown [RouterA-Serial0/0]quit

[RouterB] local-user rta

//创建用来验证的本地帐号// [RouterB-luser-rta] paword simple rta

//设置帐号密码// [RouterB-luser-rta] service-type ppp

//设置服务类型为ppp//

[RouterB-luser-rta] quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0] link-protocol ppp

//封装PPP协议// [RouterB-Serial0/0] ppp authentication-mode pap //使能PAP验证// [RouterB-Serial0/0] undo shutdown [RouterB-Serial0/0]quit

#在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms [RouterA]disp current-configuration

sysname RouterA cpu-usage cycle 1min radius scheme system #domain system local-user admin paword cipher.]@USE=B,53Q=^Q`MAF4

service-type telnet terminal level 3 service-type ftp interface Aux0 async mode flow interface Ethernet0/0 ip addre 192.168.1.1 255.255.255.0 interface Ethernet0/1 ip addre dhcp-alloc interface Serial0/0 link-protocol ppp ip addre 192.168.2.1 255.255.255.0 interface NULL0 rip network 192.168.1.0 network 192.168.2.0 FTP server enable user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme Return 实训3.2 PPP协议配置(CHAP验证)

system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Serial0/0]quit

[RouterA]rip

//配置RIP协议// [RouterA-rip]network 192.168.1.0 [RouterA-rip]network 192.168.2.0 [RouterA-rip]quit

system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 255.255.255.0 [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.2.2 255.255.255.0 [RouterB-Serial0/0]quit [RouterB]rip [RouterB-rip]network 192.168.2.0 [RouterB-rip]network 192.168.3.0 [RouterB-rip]quit

RouterA] local-user rtb

//创建用来验证的本地帐号// [RouterA-luser-rtb] paword simple hello

//设置帐号密码// [RouterA-luser-rtb] service-type ppp

//设置服务类型为ppp// [RouterA-luser-rtb] quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0] link-protocol ppp

//封装PPP协议// [RouterA-Serial0/0] ppp chap user rta

//CHAP认证帐号// [RouterA-Serial0/0] undo shutdown [RouterA-Serial0/0]quit

#路由器H3C AR28-12配置

[RouterB] local-user rta

//创建用来验证的本地帐号// [RouterB-luser-rta] paword simple hello

//设置帐号密码//

[RouterB-luser-rta] service-type ppp

//设置服务类型为ppp// [RouterB-luser-rta] quit

[RouterB]interface Serial 0/0 [RouterB-Serial0/0] link-protocol ppp

//封装PPP协议// [RouterB-Serial0/0] ppp authentication-mode chap

//使能CHAP验证// [RouterB-Serial0/0] ppp chap user rtb

//CHAP认证帐号// [RouterB-Serial0/0] undo shutdown [RouterB-Serial0/0]quit

#在PCA的命令行方式下测试能ping通PCB C:>ping 192.168.3.2 Pinging 192.168.3.2 with 32 bytes of data: Reply from 192.168.3.2: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

实训3.4 帧中继配置

RouterA system-view [H3C]sysname routerA [routerA]interface Serial 0/0 [routerA-Serial0/0]link-protocol fr [routerA]interface Serial 0/0.1

//创建子接口// [routerA-Serial0/0.1]ip addre 202.38.163.25 255.255.255.0 [routerA-Serial0/0.1]fr map ip 202.38.163.252 50

//建立地址映射// [routerA-Serial0/0.1]fr dlci 50

//分配DLCI//

[routerA-fr-dlci-Serial0/0.1-50]quit [routerA-Serial0/0.1]quit [routerA]interface Serial 0/0.2 [routerA-Serial0/0.2]ip addre 202.38.163.26 255.255.255.0 [routerA-Serial0/0.2]fr map ip 202.38.163.252 60 [routerA-Serial0/0.2]fr dlci 60 [routerA-fr-dlci-Serial0/0.2-60]quit [routerA-Serial0/0.2]quit

RouterB system-view [H3C]sysname routerB [routerB]interface Serial 0/0 [routerB-Serial0/0]ip addre 202.38.163.252 255.255.255.0 [routerB-Serial0/0]fr map ip 202.38.163.25 70 [routerB-Serial0/0]fr dlci 70 [routerB-fr-dlci-Serial0/0-70]quit [routerB-Serial0/0]quit [routerB]quit RouterC system-view

[H3C]sysname routerC [routerC]interface Serial 0/0 [routerC-Serial0/0]ip addre 202.38.163.253 255.255.255.0 [routerC-Serial0/0]fr map ip 202.38.163.26 80 [routerC-Serial0/0]fr dlci 80 [routerC-fr-dlci-Serial0/0-80]quit [routerC-Serial0/0]quit [routerC]quit Fr-Switching system-view [H3C]sysname fr-switch [fr-switch]fr switching

[fr-switch]interface Serial 0/0 [fr-switch-Serial0/0]link-protocol fr [fr-switch-Serial0/0]fr interface-type dce [fr-switch-Serial0/0]fr dlci-switch 50 interface Serial 0/1.1 dlci 70

//配置PVC交换// [fr-switch-Serial0/0]fr dlci-switch 60 interface Serial 0/1.2 dlci 80 [fr-switch-Serial0/0]quit [fr-switch]interface Serial 0/1.1 [fr-switch-Serial0/1.1]link-protocol fr [fr-switch-Serial0/1.1]fr interface-type dce [fr-switch-Serial0/1.1]fr dlci-switch 70 interface Serial 0/0 dlci 50 [fr-switch-Serial0/1.1]quit [fr-switch]interface Serial 0/1.2 [fr-switch-Serial0/1.2]link-protocol fr [fr-switch-Serial0/1.2]fr interface-type dce [fr-switch-Serial0/1.2]fr dlci-switch 80 interface Serial 0/0 dlci 60 [fr-switch-Serial0/1.2]quit

ping 202.38.163.25

PING 202.38.163.25: 56 data bytes, pre CTRL_C to break

Reply from 202.38.163.25: bytes=56 Sequence=1 ttl=255 time=53 ms

Reply from 202.38.163.25: bytes=56 Sequence=2 ttl=255 time=53 ms

Reply from 202.38.163.25: bytes=56 Sequence=3 ttl=255 time=53 ms

Reply from 202.38.163.25: bytes=56 Sequence=4 ttl=255 time=53 ms

Reply from 202.38.163.25: bytes=56 Sequence=5 ttl=255 time=52 ms---202.38.163.25 ping statistics---packet(s)transmittedpacket(s)received

0.00% packet lo

项目四 网络访问控制

实训4.1 防火墙配置(ACL-访问控制列表)

对28-11配置 system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Ethernet0/0]undo shutdown [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Serial0/0]undo shutdown [RouterA-Serial0/0]quit [RouterA]rip [RouterA-rip]network 192.168.1.0 [RouterA-rip]network 192.168.2.0 [RouterA-rip]quit system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 [RouterB-Ethernet0/0]undo shutdown [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.1.2 [RouterB-Serial0/0]undo shutdown [RouterB-Serial0/0]quit [RouterB]rip [RouterB-rip]network 192.168.1.0 [RouterB-rip]network 192.168.3.0

[RouterB-rip]quit [RouterA] firewall enable

//启动防火墙// [RouterA]time-range timea 10:00 to 16:00 working-day

//定义时间段 [RouterA] acl number 2000 match-order auto

#标准ACL [RouterA-acl-basic-2000] rule 0 permit source 192.168.2.5 0.0.0.0//允许Web服务器访问外网// [RouterA-acl-basic-2000] rule 0 permit source192.168.2.4 0.0.0.0 //允许FTP服务器访问外网[RouterA-acl-basic-2000] rule 0 permit source 192.168.2.3 0.0.0.0 //允许邮件服务器访问外网 [RouterA-acl-basic-2000] rule 0 permit source 192.168.2.6 0.0.0.0 //允许特定主机// [RouterA-acl-basic-2000] rule 0 permit source 192.168.2.2 0.0.0.0 time-range timea //允许特定主机在特定时段访问外网// [RouterA-acl-basic-2000] rule 1 deny source 192.168.0.0 0.0.255.255 //禁止其他主机// [RouterA-acl-basic-2000]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0] firewall packet-filter 2000 outbound //在接口出站方向使ACL生效// [RouterA-Serial0/0]quit [RouterA] firewall enable

//启动防火墙 [RouterA] acl number 3000 match-order config

//扩展ACL RouterA-acl-avd-3000]rule 0 permit ip source 192.168.3.2 0.0.0.0 destination any

//允许外部特定主机访问公司内网//

[RouterA-acl-avd-3000]rule 1 permit destination 192.168.2.5 0.0.0.0 //允许外网访问Web服务器 [RouterA-acl-avd-3000]rule 2 permit destination 192.168.2.4 0.0.0.0 //允许外网访问FTP服务器 [RouterA-acl-avd-3000]rule 3 deny destination 192.168.2.3 0.0.0.0 //禁止外网访问邮件服务器// [RouterA-acl-avd-3000]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0] firewall packet-filter 3000 inbound

//在接口入站方向使ACL生效// [RouterA-Serial0/0]quit

#在PCC的命令行方式下测试能ping通Web服务器

C:>ping 192.168.2.5 Pinging 192.168.2.5with 32 bytes of data: Reply from 192.168.2.5: bytes=32 time

Packets: Sent = 4, Received = 4, Lost = 0(0% lo), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms #在PCC的命令行方式下测试不能ping通邮件服务器

C:>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.2.3: Packets: Sent = 4, Received = 0, Lost = 4(100% lo), 实训4.2 网络地址转换(NAT)配置

#路由器H3C AR28-11配置 system [H3C]sysname RouterA

[RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 192.168.2.1 255.255.255.0 [RouterA-Ethernet0/0]undo shutdown [RouterA-Ethernet0/0]quit [RouterA]interface Serial 0/0 [RouterA-Serial0/0]ip addre 192.168.1.1 255.255.255.0 [RouterA-Serial0/0]undo shutdown [RouterA-Serial0/0]quit

[RouterA] ip route-static192.168.3.0 255.255.255.0 202.38.160.1 preference 60 //配置静态路由// #路由器H3C AR28-12配置 system [H3C]sysname RouterB

[RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 192.168.3.1 255.255.255.0 [RouterB-Ethernet0/0]undo shutdown [RouterB-Ethernet0/0]quit [RouterB]interface Serial 0/0 [RouterB-Serial0/0]ip addre 192.168.1.2 255.255.255.0 [RouterB-Serial0/0]undo shutdown [RouterB-Serial/0]quit

[RouterA] ip route-static 192.168.2.0 255.255.0.0 202.38.160.101 preference 60 //配置静态路由// {Easy NAT}

路由器H3C AR28-11配置

[28-11]firewall enable

//启动防火墙// [28-11]acl number 2000

//定义ACL// [28-11-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [28-11-acl-basic-2000]rule deny source any [28-11-acl-basic-2000] quit [28-11]interface Serial 0/0 [28-11-Serial0/0]firewall packet-filter 2000 outbound

//在接口应用ACL// [28-11-Serial0/0]nat outbound 2000 [28-11-Serial0/0]nat server protocol tcp global 192.168.1.3 inside192.168.2.3 Smtp [28-11-Serial0/0]nat server protocol tcp global 192.168.1.4 inside 192.168.2.5 www [28-11-Serial0/0]quit {地址池方式做NAT}路由器H3C AR28-11配置 [28-11]firewall enable [28-11]nat addre-group 1 192.168.1.3 192.168.1.4

//定义地址池// [28-11]acl number 2000

//定义ACL [28-11-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [28-11-acl-basic-2000]rule deny source any [28-11-acl-basic-2000] quit [28-11]int s0/0 [28-11-Serial0/0]firewall packet-filter 2000 outbound

//地址池和ACL关联 [28-11-Serial0/0]nat outbound 2000 addre-group 1 [28-11-Serial0/0]nat server protocol tcp global 192.168.1.4 inside 192.168.2.5 www [28-11-Serial0/0]nat server protocol tcp global 192.168.1.3 inside 192.168.2.3 smtp [28-11]display nat all

//地址池方式下查看结果// NAT addre-group information:: from 192.168.1.3

to 192.168.1.4 NAT outbound information:

Serial0/0: acl(2000)---NAT addre-group(1)Server(s)in private network information:

Currently 2 internal server(s)configured

Interface:Serial0/0, Protocol:6(tcp), [global]

192.168.1.4 :

80(www)

[local]

192.168.2.5:

80(www)

Interface:Serial0/0, Protocol:6(tcp), [global]

192.168.1.3 : 25(smtp)

[local]

192.168.2.3 : 25(smtp)NAT aging-time value information:

tcp----aging-time value is 86400(seconds)

udp----aging-time value is

300(seconds)

icmp----aging-time value is

60(seconds)

pptp----aging-time value is 86400(seconds)

dns----aging-time value is

60(seconds)

tcp-fin----aging-time value is

60(seconds)

tcp-syn----aging-time value is

60(seconds)

ftp-ctrl----aging-time value is

7200(seconds)

ftp-data----aging-time value is

300(seconds)1用出接口地址做Easy NAT [28-11-Serial0/0]display current-configuration sysname 28-11 cpu-usage cycle 1min firewall enable radius scheme system domain system local-user admin paword cipher.]@USE=B,53Q=^Q`MAF4

radius scheme system domain system local-user admin paword cipher.]@USE=B,53Q=^Q`MAF4

实训4.3 VPN(GRE)

interface Ethernet0/0 ip addre 192.168.1.1 255.255.255.0 interface Serial1/0 ip addre 202.0.0.1 255.255.255.0 interface Tunnel0 description 169.0.0.1 ip addre 192.168.0.1 255.255.255.252 source 202.0.0.1 ip route-static 169.0.0.1 255.255.255.0 Serial 0 preference 60

//公网静态路由//

ip route-static 192.168.2.0 255.255.255.0 Tunnel 0 preference 60

//私网静态路由//

【Router B】 interface Ethernet0/0 ip addre 192.168.2.1 255.255.255.0 interface Serial1/0 ip addre 169.0.0.1 255.255.255.0 interface Tunnel0 description 202.0.0.1 ip addre 192.168.0.2 255.255.255.252 source 169.0.0.1 ip route-static 202.0.0.1 255.255.255.0 Serial 0 preference 60

//公网静态路由// ip route-static 192.168.1.0 255.255.255.0 Tunnel 0 preference 60

//私网静态路由//

项目五 网络备份冗余

实训5.2 虚拟路由冗余协议(VRRP)配置

#路由器H3C AR28-11配置

（路由器A）system [H3C]sysname RouterA [RouterA]interface Ethernet 0/0 [RouterA-Ethernet0/0]ip addre 10.1.1.2 255.255.255.0 [RouterA-Ethernet0/0]quit [RouterA]interface Ethernet 0/1 [RouterA-Ethernet0/1]ip addre 20.1.1.2 255.255.255.0 [RouterA-Ethernet0/1]quit

#路由器H3C AR28-12配置

（路由器B）system [H3C]sysname RouterB [RouterB]interface Ethernet 0/0 [RouterB-Ethernet0/0]ip addre 10.1.1.3 255.255.255.0 [RouterB-Ethernet0/0]quit [RouterB]interface Ethernet 0/1 [RouterB-Ethernet0/1]ip addre 20.1.1.3 255.255.255.0 [RouterB-Ethernet0/1]quit

#交换机E 328配置

（交换机A）system #

[H3C]sysname SwitchA

[SwitchA]vlan 10

[SwitchA-Vlan10]port Ethernet0/1 [SwitchA-Vlan10]quit [SwitchA] interface Vlan-interface 10 [SwitchA-Vlan-interface10] ip addre 30.1.1.2 24 [SwitchA-Vlan-interface10] quit [SwitchA]vlan 20

[SwitchA –Vlan20]port Ethernet0/2 [SwitchA –Vlan20]quit [SwitchA] interface Vlan-interface 20 [SwitchA-Vlan-interface20] ip addre 30.1.1.3 24 [SwitchA-Vlan-interface20] quit [SwitchA]vlan 30

[SwitchA –Vlan30]port Ethernet0/3 [SwitchA –Vlan30]quit [SwitchA] interface Vlan-interface 30 [SwitchA-Vlan-interface30] ip addre 40.1.1.1 24 [SwitchA-Vlan-interface30] quit 2.配置路由协议

路由器H3C AR28-11配置

（路由器A）[RouterA]rip [RouterA-rip] network 10.1.1.0 0.0.0.255 [RouterA-rip] network 20.1.1.0 0.0.0.255 [RouterA-rip]quit 路由器H3C AR28-12配置

（路由器B）[RouterB]rip [RouterB-rip] network 10.1.1.0 0.0.0.255 [RouterB-rip] network 30.1.1.0 0.0.0.255 [RouterB-rip]quit 交换机E 328配置

（交换机A）[SwitchA]rip [SwitchA-rip] network 20.1.1.0 [SwitchA-rip] network 30.1.1.0 [SwitchA-rip] network 40.1.1.0 [SwitchA-rip]quit 3.1 VRRP单备份组

路由器H3C AR28-11配置

（路由器A）

[RouterA] interface Ethernet 0/0

[RouterA-Ethernet0/0] vrrp vrid 1 virtual-ip 10.1.1.1 [RouterA-Ethernet0/0]quit

路由器H3C AR28-12配置

（路由器B）

[RouterB] interface Ethernet 0/0

[RouterB-Ethernet0/0] vrrp vrid 1 virtual-ip 10.1.1.1

//配置VRRP

//配置VRRP

[RouterB-Ethernet0/0]quit

3.遇到的问题及解决办法

1.版本不一样，输入的命令不一样。比如设远程登录时操作的个版本有差异，2.配置的前的坏境，比如防火墙的要关闭等细节。

3.在操作路由RIP、单区域ospf，单臂路由。出现的问题配置路由交换机时流畅没问题，只是先过多，无法分辨清楚，我们给网线贴了标签便于区分。

4.在进行DHCP服务器，我们根据指定操作流程操作时，因为输入的时候只有命令，而没有标入操作的模式，我们要经过自己的考虑。所以不能照葫芦画瓢，要思考每个操作流程。

5.实训4.2 网络地址转换(NAT)配置，因为图上有些接口没标，我们将nat outbound 2000 陪在E0/0上，所以在操作之前我们要画图。做好操作使得准备

6.在做VRRP时，两台电脑相互PUING时，PING不通时，我们就先PING通自己，在发现自身没问题时，PING附近的IP地址，最后发现原来PCA的IP地址输入错了。在出现问题时，先找物理层上或自身的问题，再不断PING通附近的IP地址，逐一排查问题，并将之解决。

4.个人体会

本项目是网络设备实训，总共学习来了两个星期，在吴敏君老师的带领下，以理论和实践结合以来，在H3C真实的交换机和路由器上完成从五个方面来学习，分别是1 交换机网络组建项目、2 局域网间互联项目、3 广域网接入项目、4 网络访问控制项目、5 网络备份冗余。

一交换机网络组建项目:通过Console端口访问和Telnet访问来配置交换机。交换机是第2层的设备，可以隔离冲突域。交换机是基于收到的数据的源MAC地址和目的MAC地址来进行工作的。交换机的作用主要是两个：一个是维护CAM表，该表计算机的MAC地址和交换机端口的映射表;另一个是根据CAM来进行数据帧的转发。交换机的STP生成树协议就是在具有物理回环的交换机网络上，生成没有回环的逻辑网络方法。针对交换网络环路问题，根据生成树及快速生成树工作原理，对网络交换机配置生成树协议及快速生成树协议，为网络提供余链路。交换机不仅具有2层交换功能，它还具有VLAN等功能，采

用VLAN技术，交换机之间的级联链路就需要Trunk技术来保证该链路可以同时传输多个VLAN的数据。VLAN将局域网内设备逻辑而不是物理划分成一个个网段从而实现虚拟工作组。

二局域网间互联项目：主要介绍的是路由器,通过Console端口访问和Telnet访问和配置路由器。路由分为直连路由、静态路由，动态路由。对于静态路由来说，路由器转发数据包时需要查找路由表，管理员可以通过手工的方法在路由器中直接配置路由表，这就是所谓的静态路由。静态路由的缺陷不适于大的网络中使用，但是由于静态路由简单、路由负载小、可控性强等原因。而对于动态路由而言，动态路由由路由协议动态建立的路由，路由器通过自己学习得到的路由。它主要分为RIP与OSPF协议。静态路由优势：安全可靠、简单直观，避免了动态路由选择的开销。适用环境：不太复杂的互联网结构。劣势：不适用于复杂的互联网结构：建立和维护工作量大，容易出现路由环。互联网出现故障，静态路由不会自动做出更改。而对于动态路由与静态路由比较而言：动态路由可以通过自身学习，自动修改和刷新路由表动态路由要求路由器之间不断地交换路由信息。优势：更多的自主性和灵活性。适用环境：拓扑结构复杂、网络规模庞大的互联网。自动排除错误路径:自动选择性能更优的路径。RIP（路由信息协议）是采用距离向量路由协议。OSPF(开放式最短链路优先）是典型的链路状态路由协议。距离向量路由协议：算法简单、易于实现。缺点：1.慢收敛问题：路由器的路径变化需要像波浪一样从相邻路由器传播出去，过程缓慢。2.需要交换的信息量较大与自己路由表的大小相似适用。环境：路由变化不剧烈的中小型互联网。链路状态路由协议：依赖于整个互联网的拓扑结构图，利用整个互联网的拓扑结构图得到SPF树，进而由SPF树生成路由表。

三广域网接入项目：ppp协议配置与帧中继。PPP经过四个过程：1链路的建立和配置协调，2链路质量检测，3网络层协议配置协调，4关闭链路。PPP认证又分为PAP和CHAP。PAP利用2次握手的简单方式进行认证。在PPP链路建立毕后，源节点不停滴在链路上发送用户名和密码，直到验证通过。CHAP验证过程：被验证方向验证方发送用户名作连接请求，验证方向被验证方发送随机字符，被验证方用这MD5算法加密，在发送给验证方。对于帧中继而言帧中继是面向连接的第二层传输协议，帧中继是典型的包交换技术。相比而言，同样的带宽的帧中继通信费用比DDN专线要低，而且允许用户在帧中继交换网络比较空闲的时候以高于ISP所承诺的速率进行传输。

四网络访问控制项目：访问控制列表：包过滤实现了对IP数据包的过滤。对设备需要转发的数据包，先获取其包头信息（包括IP层所承载的上层协议的协议号、数据包的源地址、目的地址、源端口和目的端口等），然后与设定的ACL规则进行比较，根据比较的结果数据包进行相应处理。ACL是用来实现识别功能的。网络设备为了过滤报文，需要配置一系列的匹配条件对报文进行分类，这些条件可以报文的源地址、目的地址、端口等。基本ACL2000-2999 只根据报文的源IP地址信息制定匹配规则。高级ACL 3000-3999根据报文的源IP地址信息、目的IP地址信息、IP承载的协议类型、协议特性第三、四层信息制定匹配规则。

NAT 它可以让那些使用私有地址的内部网络连接Internet或其它IP网络上。NAT路由器在将内部网络的数据包发送到公用网络时，在IP包的报头把私有地址转换成合法的IP地址。是解决IP地址短缺的重要手段。NAT负责把内部IP地址翻译成外部合法的IP地址。NAT有3种类型：静态NAT、单向动态

NAT 和PAT。静态NAT是一对一的映射，是内部网络对于外部网络的服务。动态NAT是动态一对一的映射。PAT是把内部地址映射到外部网络的IP地址的不同端口上，从而可以实现多对一的映射。PAT对于节省IP地址是最有效的。

五网络备份冗余：虚拟路由协议（VRRP)是一种选择协议，它可以把一个虚拟路由器的责任动态分配到局域网上的VRRP路由器的一台。控制虚拟路由器IP地址的VRRP路由器称为主路由器，他负责转发数据包到这些虚拟IP地址。一旦主路由器不可用，这种选择过程就提供了动态的故障转移机制，这就允许虚拟路由器的IP地址可以作为终端主机的默认第一跳路由器。使用VRRP的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。VRRP包封包装在IP包中发送。

通过两周网络设备配实训的学习，从理论知识到实践操作系统性的，全面性、系统的学习了在H3C的环境下的交换、路由方面的知识，我们更应该去掌握每条输入命令的意思以及作用。不能简简单单的照葫芦画瓢，要明白理解，怎么做和这样做的目的和理由是什么等！总之，在两周网络设备实训的学习下，受益匪浅！

※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※