网络安全基础——HLCA综合实验

HLCA综合实验

一、实验要求

网络安全基础——HLCA综合实验

二、实验内容

1、进行IP地址规划及拓扑搭建

网络安全基础——HLCA综合实验

2、进行划分vlan

[Huawei]interface GigabitEthernet0/0/1.1 [Huawei-GigabitEthernet0/0/1.1]ip address 192.168.1.65 27 [Huawei-GigabitEthernet0/0/1.1]Q [Huawei]interface GigabitEthernet 0/0/1.2 [Huawei-GigabitEthernet0/0/1.2]ip address 192.168.1.97 27 

创建VLAN2、VLAN3,将HTTP服务器划分到VLAN3,将两台pc划分到VLAN2中;

示例LSW1:

[Huawei]vlan 2 [Huawei-vlan2]vlan 3 [Huawei-vlan3]q [Huawei]interface Ethernet 0/0/2 [Huawei-Ethernet0/0/2]port link-type access [Huawei-Ethernet0/0/2]port default vlan 2 [Huawei]interface Ethernet 0/0/3 [Huawei-Ethernet0/0/3]port link-type access [Huawei-Ethernet0/0/3]port default vlan 2 [Huawei]interface Ethernet 0/0/4 [Huawei-Ethernet0/0/4]port link-type access [Huawei-Ethernet0/0/4]port default vlan 3 

3、在子接口上进行DHCP配置

示例R1:

[Huawei]dhcp enable [Huawei]ip pool a Info:It’s successful to create an IP address pool. [Huawei-ip-pool-a]network 192.168.1.64 mask 27 [Huawei-ip-pool-a]gateway-list 192.168.1.65 [Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8  [Huawei]ip pool b Info:It’s successful to create an IP address pool. [Huawei-ip-pool-a]network 192.168.1.96 mask 27 [Huawei-ip-pool-a]gateway-list 192.168.1.97 [Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8 

然后开启DHCP服务:

[Huawei]interface GigabitEthernet0/0/1.1 [Huawei-GigabitEthernet0/0/1.1]dhcp select global [Huawei]interface GigabitEthernet0/0/1.2 [Huawei-GigabitEthernet0/0/1.2]dhcp select global 

R2也与R1同理。

4、对R1、R2上启动OSPF协议

1、在R1上进行配置

[Huawei]ospf 1 router-id 192.168.1.1 [Huawei-ospf-1]area 0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 

2、在R2上进行配置

[R2]ospf 1 router-id 192.168.1.129 [R2-ospf-1]area 0 [R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 

5、进行trunk干道配置

[LSW1]interface Ethernet 0/0/1 [LSW1-Ethernet0/0/1]port link-type trunk [LSW1-Ethernet0/0/1]port trunk allow-pass vlan all [LSW2]interface GigabitEthernet 0/0/1 [LSW2-GigabitEthernet0/0/1]port link-type trunk [LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all 

配置到现在让pc1能够Ping通pc3、pc4.
网络安全基础——HLCA综合实验

6、在路由器上设置telent登录

示例R1:

[r1]aaa [r1-aaa]local-user chen privilege level 15 password cipher 123456 [r1-aaa]local-user chen service-type telnet [r1]user-interface vty 0 4 [r1-ui-vty0-4]authentication-mode aaa 

示例R2:

[r2]aaa [r2-aaa]local-user yu privilege level 15 password cipher 123456 [r2-aaa]local-user yu service-type telnet [r2]user-interface vty 0 4 [r2-ui-vty0-4]authentication-mode aaa 

然后在R1上设置策略

[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.1 0 destination-port eq 23 [r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.65 0 destination-port eq 23 [r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.97 0 destination-port eq 23 

在接口上调用这个命令

[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 

7、由公有IP12.1.1.1令pc1–4可以访问pc5

[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 [r2]interface GigabitEthernet 0/0/2 [r2-GigabitEthernet0/0/2]nat outbound 2000 

然后在R2上写一条缺省路由

[r2]ip route-static 0.0.0.0 0.0.0.0 1.1.1.0 

三、通过client去访问HTTP和server

HTTP配置如下:
网络安全基础——HLCA综合实验
DNS配置如下:
网络安全基础——HLCA综合实验
网络安全基础——HLCA综合实验
在内网中的服务器进行端口映射;

在示例r2上配置如下:

[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.98 80 Warning:The port 80 is well-known port. If you continue it may cause function failure. Are you sure to continue?[Y/N]:y 

实验结束

版权声明:玥玥 发表于 2021-04-09 10:31:14。
转载请注明:网络安全基础——HLCA综合实验 | 女黑客导航