必看!华为HCIA路由与交换实验配置大全
Posted Ldest1nyB
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了必看!华为HCIA路由与交换实验配置大全相关的知识,希望对你有一定的参考价值。
ARP代理
实验:如下配置两台PC,要求实现两台PC的互相通信。
在这里插入图片描述
为PC各自配置IP,网关设置为G0/0/0口和G0/0/1接口的IP
配置AR3的接口IP,并开启相关的服务
[R1-GigabitEthernet0/0/0]undo info en //不会提示信息
[R1-GigabitEthernet0/0/0]arp-proxy enable //开启ARP代理
[R1-GigabitEthernet0/0/1]arp-proxy enable
[R1-GigabitEthernet0/0/1]dis ip int bri //查看所有的接口信息,检查IP地址是否配上以及接口是否双up
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.10.254/24 up up
GigabitEthernet0/0/1 192.168.20.254/24 up up
[R1-GigabitEthernet0/0/1]dis arp all //查看ARP表项
####在PC上做连通性测试
可以通过配置网关实现互通,网关地址为路由器与PC接口的IP通过ARP代理实现互通,需要改变子网掩码使不同网段的IP处于同一网段,如本题中的可以将子网掩码修改为255.255.192.0,即可不通过网关实现互通
划分VLAN
实验:如下图配置PC的IP地址,需求相同VLAN可以互通,不同VLAN不能互通。
[SW1]dis vlan //查看VLAN
[SW1]vlan batch 10 20 //创建VLAN10、VLAN20
[SW1]int e0/0/2
[SW1-Ethernet0/0/2]port link-type access //设置接口类型为Access
[SW1-Ethernet0/0/2]port default vlan 10 //默认划分进VLAN10
同样方法配置e0/0/3接口,划分进VLAN 20
[SW1]int g0/0/1 //进入g0/0/1接口
[SW1-GigabitEthernet0/0/1]port link-type trunk //配置接口类型为Trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 //设置允许通过的VLAN为10 20 ,VLAN1默认允许通过
#SW2相同的配置
#做连通性测试#同样方法配置e0/0/2接口port hybrid pvid vlan 10
port hybrid untagged vlan 10 30
#同样方法配置e0/0/2接口
#配置e0/0/4接口
port hybrid pvid vlan 30
port hybrid untagged vlan 10 20 30
#配置e/0/1接口
port hybrid tagged vlan 10 20 30
默认PVID是VLAN 1
#SW2同样的配置
#进行连通性测试
hybrid
按照如下拓扑,配置相关IP地址。需求:
- 不同楼层的HR部门和市场部门实现部门内部通信
- 两部门之间不允许通信
- IT部门可以访问任意部门
[SW1]dis vlan //查看是否创建
[SW1]int e0/0/3//进入e0/0/3接口
[SW1-Ethernet0/0/3]port hybrid untagged vlan 20 30 //设置允许通信的VLAN
[SW1-Ethernet0/0/3]port hybrid pvid vlan 20 //设置PVID
[SW1-Ethernet0/0/3]dis th //查看当前接口下的命令
[SW1]vlan batch 10 20 30 //创建VLAN10、20、30
port hybrid pvid vlan 10
port hybrid untagged vlan 10 30
#配置e0/0/4接口
port hybrid pvid vlan 30
port hybrid untagged vlan 10 20 30
#配置e/0/1接口
port hybrid tagged vlan 10 20 30
默认PVID是VLAN 1
#SW2同样的配置
#进行连通性测试
#同样方法配置e0/0/2接口
VLAN间路由
单臂路由
- 把PC划分到相应的VLAN
- 把g0/0/1接口配置成trunk,并允许所有VLAN通过
- 配置路由器的子接口配置IP地址
- 子接口配置VLAN ID封装(
dot1q termination vid 10) - 接口开启arp广播(
arp broadcast enable)
#先给PC配置相应的IP地址,网关254
[SW1]vlan batch 10 20 30 //创建VLAN
[SW1]dis vlan //查看VLAN是否创建成功
[SW1]int g0/0/2 //进入g0/0/2接口
[SW1-GigabitEthernet0/0/2]port link-type access //配置接口类型为access
[SW1-GigabitEthernet0/0/2]port default vlan 10 //划分默认VLAN
#同样的方法配置g0/0/3、g0/0/4接口
#配置trunk接口,并允许所有VLAN通过
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk //配置接口类型为trunk
[SW1-GigabitEthernet0/0/1]port trunk all vlan all //允许所有VLAN通过
#在R1上配置子接口
[R1]int g0/0/0.1 //配置子接口
[R1-GigabitEthernet0/0/0.1]ip add 192.168.10.254 24 //为子接口配置IP
#同样方法配置其他子接口
[R1]dis ip int br //查看所有接口详细信息
#封装VLAN号
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 10 //指定vid,即这个接口对应的VLAN ID
[R1-GigabitEthernet0/0/0.1]arp broadcast enable //开启ARP的广播功能
#同样方法配置其他的子接口
#进行连通性测试
三层交换
[SW1]int Vlanif 10 //创建VLAN10
[SW1-Vlanif10]ip add 192.168.10.254 24 //配置IP地址
[SW1-Vlanif10]int vlanif 20
[SW1-Vlanif20]ip add 192.168.20.254 24
[SW1-Vlanif20]int vlanif 30
[SW1-Vlanif30]ip add 192.168.30.254 24
#进行连通性测试
STP配置
SW1:4c1f-cc5c-74c7
SW2:4c1f-cc2d-7013
SW3:4c1f-cc80-7370
SW4:4c1f-cc6f-1691
# 查看MAC地址
[SW1]dis stp //查看MAC地址
[SW1]dis stp bri //查看SW1的STP
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
# Ethernet0/0/1为RP,FORWARDING为正常转发数据,Ethernet0/0/2为DP
[SW2]dis stp bri //查看SW2的STP
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Ethernet0/0/3 DESI FORWARDING NONE
0 Ethernet0/0/4 DESI FORWARDING NONE
0 Ethernet0/0/5 DESI FORWARDING NONE
[SW3]dis stp bri //查看SW3的STP
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 ALTE DISCARDING NONE
0 Ethernet0/0/3 ALTE DISCARDING NONE
# Ethernet0/0/1为RP,数据正常转发,Ethernet0/0/2和Ethernet0/0/3为AP,DISCARDING端口关闭,不转发数据
[SW4]dis stp bri //查看SW4的STP
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
拓展:使SW1为根桥,SW3位次根桥
[SW1]stp root primary //使SW1成为主根桥
[SW1]dis stp //查看cost优先级为0
[SW3]stp root secondary //使SW3成为次根桥
[SW3]dis stp //查看cost优先级为4096
增长为12次方增长,下一个是8192,一次类推
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]stp cost ? //修改接口开销
INTEGER<1-200000000> Port path cost
[SW1-Ethernet0/0/1]stp cost 55
静态路由协议
配置本地环回口地址
[R1]int LoopBack 1
[R1-LoopBack1]ip ad 4.4.4.4 32
R1上的静态路由配置
ip route-static 2.2.2.2 255.255.255.255 192.168.12.2
ip route-static 3.3.3.3 255.255.255.255 192.168.13.3
ip route-static 4.4.4.4 255.255.255.255 192.168.12.2 preference 10
ip route-static 4.4.4.4 255.255.255.255 192.168.13.3 preference 100
ip route-static 192.168.24.0 255.255.255.0 192.168.12.2
ip route-static 192.168.34.0 255.255.255.0 192.168.12.2
R2上的静态路由配置
ip route-static 1.1.1.1 255.255.255.255 192.168.12.1
ip route-static 3.3.3.3 255.255.255.255 192.168.12.1
ip route-static 4.4.4.4 255.255.255.255 192.168.24.4
ip route-static 192.168.13.0 255.255.255.0 192.168.12.1
ip route-static 192.168.34.0 255.255.255.0 192.168.24.4
R3上的静态路由配置
ip route-static 1.1.1.1 255.255.255.255 192.168.13.1
ip route-static 2.2.2.2 255.255.255.255 192.168.13.1
ip route-static 4.4.4.4 255.255.255.255 192.168.34.4
ip route-static 192.168.12.0 255.255.255.0 192.168.13.1
ip route-static 192.168.24.0 255.255.255.0 192.168.34.4
R4上的静态路由配置
ip route-static 1.1.1.1 255.255.255.255 192.168.34.3 preference 10
ip route-static 2.2.2.2 255.255.255.255 192.168.24.2
ip route-static 3.3.3.3 255.255.255.255 192.168.34.3
ip route-static 192.168.12.0 255.255.255.0 192.168.34.3 preference 10
ip route-static 192.168.12.0 255.255.255.0 192.168.24.2
ip route-static 192.168.13.0 255.255.255.0 192.168.34.3 preference 10
#进行连通性测试,Tracer跟踪查看数据转发路径
动态路由协议
RIP配置
配置环回接口地址与物理接口地址
[R1]int LoopBack 1
[R1-LoopBack1]ip ad 1.1.1.1 24
[R1-LoopBack1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip ad 12.1.1.1 24
相同方法配置其他路由器
配置RIP,对外宣告主网(宣告的为自身已知的主网)
[R1]rip 1
[R1-rip-1]network 1.0.0.0
[R1-rip-1]network 12.0.0.0
#相同方法配置其他路由器 连通性测试
RIP环路
- 网络发生故障时,RIP网络有可能会产生环路
- 环路避免:
- 水平分割:路由器从某个接口学到的路由,不会从该接口再发回给领居路由
- 毒性逆转:路由从某个接口学到路由后,将该路由的跳数设置为16,并从原接收接口发回给领居路由器
- 触发更新:当路由信息发生变化时,立即向邻居设备发送触发更新报文(避免环路产生)
# RIP配置
[R1]rip //进入RIP协议视图
[R1-rip-1]version 2 //更改V2的版本
[R1-rip-1]network 10.0.0.0 //对外宣告主网
# 配置Metricin(度量值)
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]rip metricin 2 //更改进接口的度量值
[R1-GigabitEthernet0/0/0]rip metricout 2 //更改出接口的度量值
# 水平分割 & 毒性逆转
[R1-GigabitEthernet0/0/0]rip split-horizon //配置水平分割,默认开启
[R1-GigabitEthernet0/0/0]rip poison-reverse //配置毒性逆转,默认开启
# 当两个特性都配置时,只有毒性逆转会生效
# 配置RIP报文的收发
[R1-GigabitEthernet0/0/0]undo rip output //禁止发送RIP报文
[R1-GigabitEthernet0/0/0]undo rip input //禁止接收RIP报文
# 抑制接口,命令优先级大于rip in/output
[R1]rip //进入接口视图
[R1-rip-1]silent-interface g0/0/0 //抑制接口,只接受RIP报文,不发送
OSPF
OSPF单区域
# R1
[R1]ospf router-id 1.1.1.1 //手动指定Router-id
[R1-ospf-1]area 0 //进入骨干区域
[R1-ospf-1-area-0.0.0.0]net 1.1.1.1 0.0.0.0 //精确宣告1.1.1.1
[R1-ospf-1-area-0.0.0.0]net 172.16.1.254 0.0.0.0 //精确宣告172.16.1.254
[R1-ospf-1-area-0.0.0.0]net 172.16.13.1 0.0.0.0 //精确宣告172.16.13.1
[R1-ospf-1-area-0.0.0.0]net 172.16.12.1 0.0.0.0 //精确宣告172.16.12.1
# R2
[R2]ospf router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.2.254 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.12.2 0.0.0.0
# R3
[R3]ospf router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.3.254 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.13.3 0.0.0.0
[R1]dis cu conf ospf //查看OSPF的所有配置
[R1]dis ospf peer bri //查看OSPF的邻居状态
[R1]dis ip routing-table protocol ospf //查看OSPF学习到的路由表
# 连通性测试
OSPF多区域
# R1
[R1]ospf router-id 1.1.1.1 //手动指定Router-id
[R1-ospf-1]area 0 //进入骨干区域
[R1-ospf-1-area-0.0.0.0]net 1.1.1.1 0.0.0.0 //精确宣告1.1.1.1
[R1-ospf-1-area-0.0.0.0]net 172.16.1.254 0.0.0.0 //精确宣告172.16.1.254
[R1-ospf-1-area-0.0.0.0]net 172.16.13.1 0.0.0.0 //精确宣告172.16.13.1
[R1-ospf-1-area-0.0.0.0]net 172.16.12.1 0.0.0.0 //精确宣告172.16.12.1
# R2
[R2]ospf router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.2.254 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]net 172.16.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net 172.16.24.2 0.0.0.0
# R3
[R3]ospf router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.3.254 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]net 172.16.13.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]q
[R3-ospf-1]area 2
[R3-ospf-1-area-0.0.0.2]net 172.16.35.3 0.0.0.0
# R4
[R4]ospf 1 //进入OSPF进程
[R4-ospf-1]area 1 //进入区域1
[R4-ospf-1-area-0.0.0.1]net 4.4.4.4 0.0.0.0 //精确宣告IP地址
[R4-ospf-1-area-0.0.0.1]net 172.16.24.4 0.0.0.0
# R5
[R5]ospf 1
[R5-ospf-1]area 2 //进入区域2
[R5-ospf-1-area-0.0.0.2]net 5.5.5.5 0.0.0.0 //精确宣告
[R5-ospf-1-area-0.0.0.2]net 172.16.35.5 0.0.0.0
# 显示当前学习到的LSA信息
[R2]dis ospf lsdb //查看连接的数据库
# 连通性测试
OSPF开销&认证
# 修改cost值
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ospf cost 20
# 修改带宽
[R1]ospf
[R1-ospf-1]bandwidth-reference 10000
# 基于接口认证
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher huawei
AAA
- 配置AAA步骤:
- 起aaa(
aaa) - 配置本地用户和米玛(
local-user bad password cipher huawei@123) - 应用的服务类型(
local-user bad service-type telnet) - 设置权限(
local-user bad privilege level 5) - 允许同时登录的用户数量(
user-interface vty 0 4) - 修改认证模式(
authentication-mode aaa)
[AC1]telnet server enable //开启Telnet服务
[AC1]aaa //配置aaa
[AC1-aaa]local-user bad password cipher huawei@123 //创建用户并设置米玛
[AC1-aaa]local-user bad service-type telnet //设置账户类型
[AC1-aaa]local-user bad privilege level 5 //设置等级
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y
[AC1-aaa]q
[AC1]user-interface vty 0 4
[AC1-ui-vty0-4]protocol inbound all // 允许登录接入用户类型的协议
[AC1-ui-vty0-4]authentication-mode aaa //修改aaa认证模式
[AC1-ui-vty0-4]return
<AC1>telnet 192.168.43.120 //Telnet登录
DHCP配置
- 配置接口地址池
- 配合全局地址池
- 配置DHCP,使两台PC获得不同网段的IP地址
接口地址池
[DHCP Server]dhcp enable //开启DHCP服务
[DHCP Server]int g0/0/0
[DHCP Server-GigabitEthernet0/0/0]ip ad 192.168.43.254 24 //配置地址
[DHCP Server-GigabitEthernet0/0/0]dhcp select interface //接口调用
[DHCP Server-GigabitEthernet0/0/0]dhcp server dns-list 8.8.8.8 //配置DNS
[DHCP Server-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.43.244 192.168.43.253 //不参与分配的IP地址
[DHCP Server-GigabitEthernet0/0/0]dhcp server lease day 3 //IP地址租约
# PC使用DHCP获取IP地址,查看IP地址
全局地址池
[DHCP Server]dhcp enable //开启DHCP服务
[DHCP Server]ip pool bad //创建全局地址池
[DHCP Server-ip-pool-bad]net 192.168.43.0 mask 24 //添加一个网段
[DHCP Server-ip-pool-bad]gateway-list 192.168.43.254 //配置网关
[DHCP Server-ip-pool-bad]dns-list 114.114.114.114 //配置DNS
[DHCP Server-ip-pool-bad]excluded-ip-address 192.168.43.250 192.168.43.253 //不参与分配的IP地址
[DHCP Server-ip-pool-bad]lease day 5 //IP地址租约时间
[DHCP Server-ip-pool-bad]dis ip pool //查看地址池的相关信息
# 将接口使用本地地址池
[DHCP Server]int g0/0/0
[DHCP Server-GigabitEthernet0/0/0]dhcp select global //调用本地的地址池
[DHCP Server-GigabitEthernet0/0/0]ip ad 192.168.43.254 24 //接口添加IP地址(与地址池的地址同一网段)
# PC查看获取的IP地址
- 拓展:两台PC分配不同网段的IP(此处的配置是继续上面的实验)
方法一:配置单臂路由,配置子接口
# 交换机上的配置
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 20
[SW1-GigabitEthernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
# 路由器上配置
[DHCP Server]int g0/0/0
[DHCP Server-GigabitEthernet0/0/0]undo dhcp select global //删除DHCP的配置
[DHCP Server-GigabitEthernet0/0/0]undo ip add //删除IP地址
# 配置子接口
[DHCP Server]int g0/0/0.1
[DHCP Server-GigabitEthernet0/0/0.1]dot1q termination vid 10 //封装VLAN ID
[DHCP Server-GigabitEthernet0/0/0.1]arp broadcast enable //开启ARP转发
[DHCP Server-GigabitEthernet0/0/0.1]ip add 192.168.43.254 24 //配置IP地址
[DHCP Server-GigabitEthernet0/0/0.1]int g0/0/0.2
[DHCP Server-GigabitEthernet0/0/0.2]dot1q termination vid 20
[DHCP Server-GigabitEthernet0/0/0.2]arp broadcast enable
[DHCP Server-GigabitEthernet0/0/0.2]ip add 192.168.53.254 24
# 查看地址池
[DHCP Server]dis ip pool
# 创建地址池
[DHCP Server]ip pool boy
[DHCP Server-ip-pool-boy]net 192.168.53.0 mask 24 //分配的网段
[DHCP Server-ip-pool-boy]gateway-list 192.168.53.254 //网关
[DHCP Server-ip-pool-boy]lease day 3 //IP地址租约
[DHCP Server-ip-pool-boy]dns-list 8.8.8.8 //DNS服务器
[DHCP Server-ip-pool-boy]excluded-ip-address 192.168.53.200 192.168.53.253 //不参与分配的IP地址
# 查看地址池
[DHCP Server]dis ip pool
# 接口调用地址池
[DHCP Server]int g0/0/0.1
[DHCP Server-GigabitEthernet0/0/0.1]dhcp select global //调用全局地址池
[DHCP Server-GigabitEthernet0/0/0.1]int g0/0/0.2
[DHCP Server-GigabitEthernet0/0/0.2]dhcp select global //调用地址池
# PC查看获取的IP地址
- 方法二:DHCP中继
# 配置DHCP中继
[SW1]dhcp enable
[SW1]int Vlanif 10
[SW1-Vlanif10]dhcp select relay
[SW1-Vlanif10]dhcp relay server-ip 192.168.43.254 //DHCP服务器的出接口地址
[SW1-Vlanif10]q
[SW1]int Vlanif 20
[SW1-Vlanif20]dhcp select relay
[SW1-Vlanif20]dhcp relay server-ip 192.168.43.254
NAT配置
静态NAT
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat static global 202.169.10.3 inside 172.16.1.1 //建立公网地址与私网地址的映射关系
Easy IP
# 删除静态NAT
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo nat static global 202.169.10.3 inside 172.16.1.1
# 调用ACL
[R1]acl 2000 //配置ACL
[R1-acl-basic-2000]rule permit //配置允许所有通过
[R1-acl-basic-2000]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000 //接口调用ACL
[R1-GigabitEthernet0/0/0]q
[R1]dis nat outbound //查看
动态NAT
# 删除Easy IP配置
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo nat outbound 2000
[R1-GigabitEthernet0/0/0]q
[R1]undo acl 2000
# 创建公网地址池
# 创建名为1范围为202.169.10.2-202.169.10.50的地址池
[R1]nat address-group 1 202.169.10.2 202.169.10.50
# 创建名为2范围为202.169.10.100-202.169.10.200的地址池
[R1]nat address-group 2 202.169.10.100 202.169.10.200
# 配置ACL
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[R1-acl-basic-2000]q
[R1]acl 2001
[R1-acl-basic-2001]rule permit source 172.17.1.0 0.0.0.255
# 公网地址池调用ACL
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/0]nat outbound 2001 address-group 2 no-pat
# 查看地址池
[R1]dis nat outbound
NAT Outbound Information:
-----------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
-----------------------------------------------------------------------
GigabitEthernet0/0/0 2000 1 no-pat
GigabitEthernet0/0/0 2001 2 no-pat
-----------------------------------------------------------------------
Total : 2
NAT Server
# 删除动态NAT配置
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo nat outbound 2000 address-group 1 no-pat
[R1-GigabitEthernet0/0/0]undo nat outbound 2001 address-group 2 no-pat
[R1-GigabitEthernet0/0/0]q
[R1]undo acl 2000
[R1]undo acl 2001
# 重新配置ACL,并调用
[R1]acl 2000
[R1-acl-basic-2000]rule permit
[R1-acl-basic-2000]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat outbound 2000
- 配置NAT Server
# 配置ftp端口映射
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]nat server protocol tcp global current-interface ftp inside 172.16.1.3 ftp
以上是关于必看!华为HCIA路由与交换实验配置大全的主要内容,如果未能解决你的问题,请参考以下文章