网络系统建设与运维(初级)-实验 6.4 综合实验

4.IPv4编址及静态路由配置项目背景您是公司的网络管理员，现在公司安排您来组建企业网。现在公司有一个总部与两个分支机构，组网需求如下。1.总部有两个部门，分属于不同VLAN。2.总部所有主机IP在同一网段，不同部门之间不能通信。3.总部两个部门的部门经理之间可以互相通信。4.总部与分支之间通过静态路由实现互通。5.所有路由器可远程登录。项目目的通过本项目可以掌握如下知识点和技能点。掌握IP地址的配置方法掌握VLAN的配置方法掌握静态路由的相关配置掌握Telnet登录环境的搭建掌握STelnet登录环境的搭建掌握设备资源管理的方法掌握软件升级的操作掌握补丁的操作管理项目拓扑图1.综合实验拓扑项目规划本项目的主要任务是复习与巩固网络运维相关的知识点和能力。项目前期准备工作数据准备。搭建配置环境。项目任务基础配置。链路聚合配置。基于端口划分VLAN。IP编址。静态路由配置。Telnet远程登录相关配置。STelnet远程登录相关配置。配置Web登录相关设置FTP服务器搭建。电子标签、配置文件等资源备份。项目实施项目准备工作数据准备。表1.VLAN规划表设备接口描述链路类型PVIDVLAN-ListU=untaggedT=taggedHQ-S-1GE0/0/1To_managerHybrid44(U)5(U)GE0/0/2To_staffAccess44(U)GE0/0/24To_HQ-RAccess11~4094(U)Eth-Trunk1(GE0/0/9,GE0/0/10)To_HQ-AS-2Trunk11(U)2~4094(T)HQ-S-2GE0/0/1To_managerHybrid54(U)5(U)GE0/0/2To_staffAccess55(U)Eth-Trunk1(GE0/0/9,GE0/0/10)To_HQ-AS-1Trunk11(U)2~4094(T)表2.IP地址规划表设备接口描述IP地址B1-RLoopback0无/24GE0/0/1To-HQ-R/24GE0/0/2To-B2-R/24B2-RLoopback0无/24GE0/0/0To-HQ-R/24GE0/0/2To-B1-R/24HQ-RLoopback0无/24GE0/0/0To-B2-R/24GE0/0/1To-B1-R/24GE0/0/2To-HQ-S-1/24PC本地网卡部门1经理1/24部门1员工/24部门2经理2/24部门2员工/24表3.用户名和密码规划表设备业务类型用户名密码超级密码B1-RTelnethuaweihuawei@B1Huawei@B1Webwebuserhuawei123B2-RTelnethuaweihuawei@B2Huawei@B2HQ-RSSHhuaweihuawei@HQHuawei@HQftpftpuserhuawei123搭建配置环境项目任务设备名称和接口描述等基础配置，此处列出HQ-R上的配置，其他设备的基础配置请参考HQ-R自行完成。<Huawei>system-viewEntersystemview,returnuserviewwithCtrl+Z.[Huawei]sysnameHQ-R[HQ-R]interfaceGigabitEthernet0/0/0[HQ-R-GigabitEthernet0/0/0]descriptionto-B2-R[HQ-R-GigabitEthernet0/0/0]quit[HQ-R]interfaceGigabitEthernet0/0/1[HQ-R-GigabitEthernet0/0/1]descriptionto-B1-R[HQ-R-GigabitEthernet0/0/0]quit[HQ-R]interfaceGigabitEthernet0/0/2[HQ-R-GigabitEthernet0/0/2]descriptionto-HQ-S-1[HQ-R-GigabitEthernet0/0/0]quit链路聚合配置，配置该Eth-Trunk为静态LACP模式，HQ-S-1为LACP主动端。[HQ-S-1]interfaceEth-Trunk1[HQ-S-1-Eth-Trunk1]quit[HQ-S-1-Eth-Trunk1]modelacp-static[HQ-S-1]lacppriority100[HQ-S-1]interfaceGigabitEthernet0/0/9[HQ-S-1-GigabitEthernet0/0/9]eth-trunk1[HQ-S-1-GigabitEthernet0/0/9]lacppriority100[HQ-S-1-GigabitEthernet0/0/9]quit[HQ-S-1]interfaceGigabitEthernet0/0/10[HQ-S-1-GigabitEthernet0/0/10]eth-trunk1[HQ-S-1-GigabitEthernet0/0/10]lacppriority100[HQ-S-2]interfaceEth-Trunk1[HQ-S-2-Eth-Trunk1]modelacp-static[HQ-S-2-Eth-Trunk1]quit[HQ-S-2]interfaceGigabitEthernet0/0/9[HQ-S-2-GigabitEthernet0/0/9]eth-trunk1[HQ-S-2-GigabitEthernet0/0/9]quit[HQ-S-2]interfaceGigabitEthernet0/0/10[HQ-S-2-GigabitEthernet0/0/10]eth-trunk1基于端口划分VLAN。HQ-S-1上配置[HQ-S-1]vlanbatch45[HQ-S-1]interfaceGigabitEthernet0/0/1 [HQ-S-1-GigabitEthernet0/0/1]portlink-typehybrid[HQ-S-1-GigabitEthernet0/0/1]porthybridpvidvlan4[HQ-S-1-GigabitEthernet0/0/1]porthybriduntaggedvlan45[HQ-S-1-GigabitEthernet0/0/1]quit[HQ-S-1]interfaceGigabitEthernet0/0/2 [HQ-S-1-GigabitEthernet0/0/2]portlink-typeaccess[HQ-S-1-GigabitEthernet0/0/2]portdefaultvlan4[HQ-S-1-GigabitEthernet0/0/2]quit[HQ-S-1]interfaceGigabitEthernet0/0/24 [HQ-S-1-GigabitEthernet0/0/24]porthybriduntaggedvlanall[HQ-S-1-GigabitEthernet0/0/2]quit[HQ-S-1]interfaceEth-Trunk1[HQ-S-1-Eth-Trunk1]portlink-typetrunk[HQ-S-1-Eth-Trunk1]porttrunkallow-passvlanall[HQ-S-1-Eth-Trunk1]quitHQ-S-2上配置[HQ-S-2]vlanbatch45[HQ-S-2]interfaceGigabitEthernet0/0/1 [HQ-S-2-GigabitEthernet0/0/1]portlink-typehybrid[HQ-S-2-GigabitEthernet0/0/1]porthybridpvidvlan5[HQ-S-2-GigabitEthernet0/0/1]porthybriduntaggedvlan45[HQ-S-2-GigabitEthernet0/0/1]quit[HQ-S-2]interfaceGigabitEthernet0/0/2 [HQ-S-2-GigabitEthernet0/0/2]portlink-typeaccess[HQ-S-2-GigabitEthernet0/0/2]portdefaultvlan5[HQ-S-2-GigabitEthernet0/0/2]quit[HQ-S-2]interfaceEth-Trunk1[HQ-S-2-Eth-Trunk1]portlink-typetrunk[HQ-S-2-Eth-Trunk1]porttrunkallow-passvlanall[HQ-S-2-Eth-Trunk1]quitIPv4编址。按表2IP地址规划表完成配置。B1-R配置[B1-R]interfaceLoopBack0[B1-R-LoopBack0]ipaddress24[B1-R-LoopBack0]quit[B1-R]interfaceGigabitEthernet0/0/1[B1-R-GigabitEthernet0/0/1]ipaddress24[B1-R-GigabitEthernet0/0/1]quit[B1-R]interfaceGigabitEthernet0/0/2[B1-R-GigabitEthernet0/0/2]ipaddress24[B1-R-GigabitEthernet0/0/2]quitB2-R配置[B2-R]interfaceLoopBack0[B2-R-LoopBack0]ipaddress24[B2-R-LoopBack0]quit[B2-R]interfaceGigabitEthernet0/0/0[B2-R-GigabitEthernet0/0/0]ipaddress24[B2-R-GigabitEthernet0/0/0]quit[B2-R]interfaceGigabitEthernet0/0/2[B2-R-GigabitEthernet0/0/2]ipaddress24[B2-R-GigabitEthernet0/0/2]quitHQ-R配置[HQ-R]interfaceLoopBack0[HQ-R-LoopBack0]ipaddress24[HQ-R-LoopBack0]quit[HQ-R]interfaceGigabitEthernet0/0/0[HQ-R-GigabitEthernet0/0/0]ipaddress24[HQ-R-GigabitEthernet0/0/0]quit[HQ-R]interfaceGigabitEthernet0/0/1[HQ-R-GigabitEthernet0/0/1]ipaddress24[HQ-R-GigabitEthernet0/0/1]quit[HQ-R]interfaceGigabitEthernet0/0/2[HQ-R-GigabitEthernet0/0/2]ipaddress24[HQ-R-GigabitEthernet0/0/2]quitPC上IP地址配置仅以部门1经理为例，其他PC请自行据此参考完成。图2PC上IP地址配置示意静态路由配置，假定分公司访问互联网需要经过总部HQ-R上中转。HQR上的配置。在图1所示的拓扑中，我们要求实现全网互通，HQ-R上配置如下几条静态路由。[HQ-R]iproute-static24[HQ-R]iproute-static24[HQ-R]iproute-static24[HQ-R]iproute-static24B1R上的配置。在图1所示的拓扑中，由于分公司访问互联网需要经过HQ-R，因此B2R上配置一条缺省路由路由指向HQ-R，另外分公司之间存在直接互联的链路/24，因此对于分公司之间的通信，采用浮动路由配置，主路由为B1R到B2R互联的链路，备份路由为经过HQR再到B2R的链路，具体配置如下。[B1-R]iproute-static0[B1-R]iproute-static24[B1-R]iproute-static24preference80B2R上的配置。与B1R类似，B2R上配置一条缺省路由路由指向HQ-R，另外对于分公司之间的通信，采用浮动路由配置，主路由为B1R到B2R互联的链路，备份路由为经过HQR再到B1R的链路，具体配置如下。[B2-R]iproute-static0[B2-R]iproute-static24[B2-R]iproute-static24preference80Telnet远程登录相关配置。配置B1-R采用password认证方式进行Telnet远程登录，密码为“huawei@B1”，默认用户级别为level0，超级密码为“Huawei@B1”。[B1-R]user-interfacevty04[B1-R-ui-vty0-4]authentication-modepasswordPleaseconfiguretheloginpassword(maximumlength16):huawei@B1[B1-R-ui-vty0-4]userprivilegelevel0[B1-R-ui-vty0-4]quit[B1-R]superpasswordcipherHuawei@B1配置B2-R采用AAA本地认证方式进行Telnet远程登录，用户名为“huawei”，密码为“huawei@B2”，默认用户级别为level0，超级密码为“Huawei@B2”。[B2-R]aaa[B2-R-aaa]local-userhuaweipasswordcipherhuawei@B2[B2-R-aaa]local-userhuaweiservice-typetelnet[B2-R-aaa]local-userhuaweiprivilegelevel0[B2-R-aaa]quit[B2-R]user-interfacevty04[B2-R-ui-vty0-4]au [B2-R-ui-vty0-4]authentication-modeaaa[B2-R-ui-vty0-4]userprivilegelevel0[B2-R-ui-vty0-4]quit[B2-R]superpasswordcipherHuawei@B2STelnet远程登录相关配置。配置HQ-R允许STelnet登录，VTY用户界面采用AAA本地认证，SSH用户采用password认证，默认用户级别为Level0。用户名为“huawei”，密码为“huawei@HQ”,超级密码为“Huawei@HQ”。1）AAA视图下配置用于STelnet登录的用户。[HQ-R]aaa[HQ-R-aaa]local-userhuaweipasswordcipherHuawei@HQ[HQ-R-aaa]local-userhuaweiprivilegelevel0[HQ-R-aaa]local-userhuaweiservice-typessh2）配置VTY用户界面。[HQR]user-interfacevty04[HQR-ui-vty0-4]authentication-modeaaa[HQR-ui-vty0-4]protocolinboundssh[HQR-ui-vty0-4]userprivilegelevel03）使能STelnet服务器，并创建RSA本地密钥。[HQ-R]stelnetserverenable[HQ-R]rsalocal-key-paircreateThekeynamewillbe:Host%RSAkeysdefinedforHostalreadyexist.Confirmtoreplacethem?(y/n)[n]:yTherangeofpublickeysizeis(512~2048).NOTES:Ifthekeymodulusisgreaterthan512,Itwilltakeafewminutes.Inputthebitsinthemodulus[default=512]:1024Generatingkeys++++++++++++...++++++++++++++++4）配置SSH用户认证方式为“password”方式。[HQ-R]sshuserhuaweiauthentication-typepassword配置Web登录相关设置。配置B1-R允许Web登录，用户名为webuser，密码“huawei123”，https端口为8443。[B1-R]aaa[B1-R-aaa]local-userwebuserpasswordcipherhuawei123[B1-R-aaa]local-userwebuserprivilegelevel3[B1-R-aaa]local-userwebuserservice-typehttp[B1-R]httpsecure-serverenable[B1-R]httpserverenable[B1-R]httpsecure-port8443[B1-R]httpserverport8080[B1-R]httpserverpermitinterfaceGigabitEthernet0/0/1[B1-R]httptimeout15注：在使能HTTPS服务时，可能会提示没有配置SSl策略，无法启动，此时可自己创建SSL策略，并进行绑定，如下所示，然后再重新使能HTTPS服务器。[B1-R]pkirealmdefault[B1-R-pki-realm-default]enrollmentself-signed[B1-R-pki-realm-default]quit[B1-R]sslpolicydefaulttypeserver[B1-R-ssl-policy-default]pki-realmdefault[B1-R-ssl-policy-default]quit[B1-R]httpsecure-serverssl-policydefaultFTP服务器搭建。该部分配置不同设备上配置重复程度较高，简便起见，此处实验只要求在HQ-R上完成。要求路由器HQ-R上搭建FTP服务器，FTP用户名为“ftpuser”,密码为“huawei123”。[HQ-R]ftpserverenable[HQ-R]setdefaultftp-directoryflash:/[HQ-R]aaa[HQ-R-aaa]local-userftpuserpasswordcipherhuawei123[HQ-R-aaa]local-userftpuserservice-typeftp[HQ-R-aaa]local-userftpuserprivilegelevel15[HQ-R-aaa]local-userftpuserftp-directoryflash:电子标签、配置文件等备份管理。1）路由器HQR上执行如下操作，将电子标签备份到本地，建议文件名为“设备-elabel-日期”。[HQ-R]backupelabelHQR-elabel-05062）路由器HQR上执行如下操作，保存配置文件，建议文件名为“设备-cfg-日期”。<HQ-R>saveHQR-cfg-0506.zipAreyousuretosavetheconfigurationtoHQR-cfg-0506.zip?(y/n)[n]:yItwilltakeseveralminutestosaveconfigurationfile,pleasewaitConfigurationfilehadbeensavedsuccessfullyNote:Theconfigurationfilewilltakeeffectafterbeingactivated3）维护终端上执行如下操作，将电子标签、配置文件保存到计算机。C:\Users>E:E:\>cdbackupE:\backup>ftp连接到。220FTPserviceready.530PleaseloginwithUSERandPASS.用户(:(none)):ftpuser331Passwordrequiredforftpuser.密码:230Userloggedin.ftp>dir200Portcommandokay.150OpeningASCIImodedataconnectionfor*.-rwxrwxrwx1noonenogroup5470May0612:04hqr-elabel-0506drwxrwxrwx1noonenogroup0May0604:49dhcp-rwxrwxrwx1noonenogroup121802May262014portalpage.zip-rwxrwxrwx1noonenogroup540May0607:09rsa_server_key.efs-rwxrwxrwx1noonenogroup684May0607:09rsa_host_key.efs-rwxrwxrwx1noonenogroup865May0612:11hqr-cfg-0506.zip-rwxrwxrwx1noonenogroup2263May0604:49statemach.efs-rwxrwxrwx1noonenogroup828482May262014sslvpn.zip-rwxrwxrwx1noonenogroup223May0604:56private-data.txtdrwxrwxrwx1noonenogroup0May0612:11.-rwxrwxrwx1noonenogroup779May0607:20vrpcfg.zip226Transfercomplete.ftp:收到763字节，用时0.07秒10.75千字节/秒。ftp>binary200TypesettoI.ftp>gethqr-elabel-0506200Portcommandokay.150OpeningBINARYmodedataconnectionforhqr-elabel-0506.226Transfercomplete.ftp:收到5470字节，用时0.01秒1094.00千字节/秒。ftp>gethqr-cfg-0506.zip200Portcommandokay.150OpeningBINARYmodedataconnectionforhqr-cfg-0506.zip.226Transfercomplete.ftp:收到865字节，用时0.00秒865.00千字节/秒。ftp>bye221Serverclosing.结果验证与配置文件结果验证查看聚合链路[HQ-S-1]displayeth-trunk1Eth-Trunk1'sstateinformationis:Local:LAGID:1WorkingMode:STATICPreemptDelay:Disabled Hasharithmetic:AccordingtoSIP-XOR-DIPSystemPriority:100 SystemID:4c1f-ccd7-1786LeastActive-linknumber:1 MaxActive-linknumber:8Operatestatus:up NumberOfUpPortInTrunk:2ActorPortNameStatusPortTypePortPriPortNoPortKeyPortStateWeightGigabitEthernet0/0/9Selected1GE10010305101111001GigabitEthernet0/0/10Selected1GE10011305101111001Partner:ActorPortNameSysPriSystemIDPortPriPortNoPortKeyPortStateGigabitEthernet0/0/9327684c1f-ccf9-1a68327681030510111100GigabitEthernet0/0/10327684c1f-ccf9-1a68327681130510111100[HQ-S-2]displayeth-trunk1Eth-Trunk1'sstateinformationis:Local:LAGID:1WorkingMode:STATICPreemptDelay:DisabledHasharithmetic:AccordingtoSIP-XOR-DIPSystemPriority:32768SystemID:4c1f-ccf9-1a68LeastActive-linknumber:1MaxActive-linknumber:8Operatestatus:upNumberOfUpPortInTrunk:2ActorPortNameStatusPortTypePortPriPortNoPortKeyPortStateWeightGigabitEthernet0/0/9Selected1GE3276810305101111001GigabitEthernet0/0/10Selected1GE3276811305101111001Partner:ActorPortNameSysPriSystemIDPortPriPortNoPortKeyPortStateGigabitEthernet0/0/91004c1f-ccd7-17861001030510111100GigabitEthernet0/0/101004c1f-ccd7-17861001130510111100查看portvlan划分，并验证连通性1）HQ-S-1查看portvlan划分。[HQ-S-1]displayportvlanactiveT=TAGU=UNTAGPortLinkTypePVIDVLANListEth-Trunk1trunk1U:1T:4to5GE0/0/1hybrid4U:14to5GE0/0/2access4U:4GE0/0/3hybrid1U:1GE0/0/4hybrid1U:1GE0/0/5hybrid1U:1GE0/0/6hybrid1U:1GE0/0/7hybrid1U:1GE0/0/8hybrid1U:1GE0/0/11hybrid1U:1GE0/0/12hybrid1U:1GE0/0/13hybrid1U:1GE0/0/14hybrid1U:1GE0/0/15hybrid1U:1GE0/0/16hybrid1U:1GE0/0/17hybrid1U:1GE0/0/18hybrid1U:1GE0/0/19hybrid1U:1GE0/0/20hybrid1U:1GE0/0/21hybrid1U:1GE0/0/22hybrid1U:1GE0/0/23hybrid1U:1GE0/0/24hybrid1U:14to52）HQ-S-2查看portvlan划分。[HQ-S-2]displayportvlanactiveT=TAGU=UNTAGPortLinkTypePVIDVLANListEth-Trunk1trunk1U:1T:4to5GE0/0/1hybrid5U:14to5GE0/0/2access5U:5GE0/0/3hybrid1U:1GE0/0/4hybrid1U:1GE0/0/5hybrid1U:1GE0/0/6hybrid1U:1GE0/0/7hybrid1U:1GE0/0/8hybrid1U:1GE0/0/11hybrid1U:1GE0/0/12hybrid1U:1GE0/0/13hybrid1U:1GE0/0/14hybrid1U:1GE0/0/15hybrid1U:1GE0/0/16hybrid1U:1GE0/0/17hybrid1U:1GE0/0/18hybrid1U:1GE0/0/19hybrid1U:1GE0/0/20hybrid1U:1GE0/0/21hybrid1U:1GE0/0/22hybrid1U:1GE0/0/23hybrid1U:1GE0/0/24hybrid1U:13）部门1员工验证连通性，只能部门内通信，部门2员工亦是如此。C:\>ping1正在Ping1具有32字节的数据:来自1的回复:字节=32时间=55msTTL=128来自1的回复:字节=32时间=36msTTL=128来自1的回复:字节=32时间=43msTTL=128来自1的回复:字节=32时间=25msTTL=1281的Ping统计信息:数据包:已发送=4，已接收=4，丢失=0(0%丢失)，往返行程的估计时间(以毫秒为单位):最短=25ms，最长=55ms，平均=39msC:\>ping2正在Ping2具有32字节的数据:请求超时。请求超时。来自的回复:无法访问目标主机。请求超时。2的Ping统计信息:数据包:已发送=4，已接收=1，丢失=3(75%丢失)，C:\>ping正在Ping具有32字节的数据:请求超时。请求超时。请求超时。请求超时。的Ping统计信息:数据包:已发送=4，已接收=0，丢失=4(100%丢失)，4）部门1经理测试连通性，可以部门内通信，也可以与部门2经理通信。C:\>ping正在Ping具有32字节的数据:来自的回复:字节=32时间=23msTTL=128来自的回复:字节=32时间=41msTTL=128来自的回复:字节=32时间=27msTTL=128来自的回复:字节=32时间=28msTTL=128的Ping统计信息:数据包:已发送=4，已接收=4，丢失=0(0%丢失)，往返行程的估计时间(以毫秒为单位):最短=23ms，最长=41ms，平均=29msC:\>ping2正在Ping2具有32字节的数据:来自2的回复:字节=32时间=93msTTL=128来自2的回复:字节=32时间=47msTTL=128来自2的回复:字节=32时间=61msTTL=128来自2的回复:字节=32时间=49msTTL=1282的Ping统计信息:数据包:已发送=4，已接收=4，丢失=0(0%丢失)，往返行程的估计时间(以毫秒为单位):最短=47ms，最长=93ms，平均=62msC:\>ping正在Ping具有32字节的数据:来自1的回复:无法访问目标主机。请求超时。请求超时。请求超时。的Ping统计信息:数据包:已发送=4，已接收=1，丢失=3(75%丢失)，执行[displayipinterfacebrief]查看三层接口，并与表2比对，确认IPv4编址结果。<B1-R>displayipinterfacebrief*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis4ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis4ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysical ProtocolGigabitEthernet0/0/0unassigned downdownGigabitEthernet0/0/1 /24 upupGigabitEthernet0/0/2 /24 upupLoopBack0 /24 upup(s)NULL0 unassigned upup(s)<B2-R>displayipinterfacebrief*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis4ThenumberofinterfacethatisDOWNinPhysicalis1ThenumberofinterfacethatisUPinProtocolis4ThenumberofinterfacethatisDOWNinProtocolis1InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0/24 upupGigabitEthernet0/0/1unassigned downdownGigabitEthernet0/0/2/24 upupLoopBack0 /24 upup(s)NULL0 unassigned upup(s)<HQ-R>displayipinterfacebrief*down:administrativelydown^down:standby(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis5ThenumberofinterfacethatisDOWNinPhysicalis0ThenumberofinterfacethatisUPinProtocolis5ThenumberofinterfacethatisDOWNinProtocolis0InterfaceIPAddress/MaskPhysicalProtocolGigabitEthernet0/0/0/24 upupGigabitEthernet0/0/1/24 upupGigabitEthernet0/0/2/24 upupLoopBack0 /24 upup(s)NULL0 unassigned upup(s)查看静态路由，验证连通性。<B1-R>dispiprouting-tableprotocolstaticRouteFlags:R-relay,D-downloadtofibPublicroutingtable:StaticDestinations:2Routes:3ConfiguredRoutes:3Staticroutingtablestatus:<Active>Destinations:2Routes:2Destination/Mask Proto PreCostFlags NextHopInterface/0 Static 600RD GigabitEthernet0/0//24 Static 600RD GigabitEthernet0/0/2Staticroutingtablestatus:<Inactive>Destinations:1Routes:1Destination/Mask Proto PreCostFlags NextHopInterface/24 Static 800R GigabitEthernet0/0/1<B2-R>displayiprouting-tableprotocolstaticRouteFlags:R-relay,D-downloadtofibPublicroutingtable:StaticDestinations:2Routes:3ConfiguredRoutes:3Staticroutingtablestatus:<Active>Destinations:2Routes:2Destination/Mask Proto PreCostFlags NextHopInterface/0 Static 600RD GigabitEthernet0/0/0/24 Static 600RD GigabitEthernet0/0/2Staticroutingtablestatus:<Inactive>Destinations:1Routes:1Destination/Mask Proto PreCostFlags NextHopInterface/24 Static 800R GigabitEthernet0/0/0<HQ-R>displayiprouting-tableprotocolstaticRouteFlags:R-relay,D-downloadtofibPublicroutingtable:StaticDestinations:3Routes:4ConfiguredRoutes:4Staticroutingtablestatus:<Active>Destinations:3Routes:4Destination/Mask Proto PreCostFlags NextHopInterface/24 Static 600RD GigabitEthernet0/0//24 Static 600RD GigabitEthernet0/0/0/24 Static 600RD GigabitEthernet0/0/1 Static 600RD GigabitEthernet0/0/0Staticroutingtablestatus:<Inactive>Destinations:0Routes:0总部PC测试到分公司1的连通性并跟踪路由。C:\>ping正在Ping具有32字节的数据:来自的回复:字节=32时间=36msTTL=254来自的回复:字节=32时间=24msTTL=254来自的回复:字节=32时间=44msTTL=254来自的回复:字节=32时间=42msTTL=254的Ping统计信息:数据包:已发送=4，已接收=4，丢失=0(0%丢失)，往返行程的估计时间(以毫秒为单位):最短=24ms，最长=44ms，平均=36msC:\>tracert-d通过最多30个跃点跟踪到的路由129ms42ms41ms231ms42ms41ms总部PC测试到分公司2的连通性并跟踪路由。C:\>tracert-d通过最多30个跃点跟踪到的路由128ms41ms42ms227ms41ms42ms跟踪完成。C:\>tracert-d通过最多30个跃点跟踪到的路由139ms42ms41ms232ms42ms41ms跟踪完成。总部PC测试到/24的连通性，并跟踪路由C:\>tracert-d通过最多30个跃点跟踪到的路由126ms41ms42ms228ms42ms42ms365ms42ms43ms跟踪完成。C:\>tracert-d通过最多30个跃点跟踪到的路由142ms42ms41ms233ms43ms41ms353ms44ms42msB1-R上执行【tracert–a】命令跟踪到B2-R的路由。<B1-R>tracert-atracerouteto(),maxhops:30,packetlength:40,pressCTRL_Ctobreak120ms20ms10msB1-R上关闭接口GE0/0/2（模拟接口故障），此时分公司之间主链路故障，应该切换至备份链路（绕行HQ-R）进行通信。查看路由表并跟踪路由表，确认切换成功。<B1-R>displayiprouting-tableprotocolstaticRouteFlags:R-relay,D-downloadtofibPublicroutingtable:StaticDestinations:2Routes:3ConfiguredRoutes:3Staticroutingtablestatus:<Active>Destinations:2Routes:2Destination/Mask Proto PreCostFlags NextHopInterface/0 Static 600RD GigabitEthernet0/0//24 Static 800RD GigabitEthernet0/0/1Staticroutingtablestatus:<Inactive>Destinations:1Routes:1Destination/Mask Proto PreCostFlags NextHopInterface/24 Static 600 Unknown[B1-R]quit<B1-R>tracert-atracerouteto(),maxhops:30,packetlength:40,pressCTRL_Ctobreak130ms30ms20ms2*30ms30ms分公司1路由器Telnet远程登录测试1）终端上Telnet登录B1-R，并进行用户级别切换。C:\>telnetLoginauthenticationPassword:<B1-R>sys^Error:Unrecognizedcommandfoundat'^'position.<B1-R>superPassword:Nowuserprivilegeislevel3,andonlythosecommandswhoselevelisequaltoorlessthanthislevelcanbeused.Privilegenote:0-VISIT,1-MONITOR,2-SYSTEM,3-MANAGE<B1-R>system-viewEntersystemview,returnuserviewwithCtrl+Z.[B1-R]2）B1-R上查看Telnet服务器状态及用户登录情况。<B1-R>displaytelnetserverstatusTELNETIPV4server:EnableTELNETIPV6server:EnableTELNETserverport:23<B1-R>displayusersUser-IntfDelayTypeNetworkAddressAuthenStatusAuthorcmdFlag129VTY000:00:53TEL1passUsername:Unspecified分公司2路由器Telnet远程登录测试。1）终端上Telnet登录B2-R，并进行用户级别切换。C:\>telnetLoginauthenticationUsername:huaweiPassword:Userlastlogininformation:AccessType:TelnetIP-Address:1Time:2020-05-0811:30:03-08:00<B2-R>system-view^Error:Unrecognizedcommandfoundat'^'position.<B2-R>superPassword:Nowuserprivilegeislevel3,andonlythosecommandswhoselevelisequaltoorlessthanthislevelcanbeused.Privilegenote:0-VISIT,1-MONITOR,2-SYSTEM,3-MANAGE<B2-R>system-viewEntersystemview,returnuserviewwithCtrl+Z.[B2-R]2）B2-R上查看Telnet服务器状态及用户登录情况。[B2-R]displaytelnetser[B2-R]displaytelnetserverst[B2-R]displaytelnetserverstatusTELNETIPV4server:EnableTELNETIPV6server :EnableTELNETserverport :23[B2-R]displayusersUser-IntfDelayTypeNetworkAddressAuthenStatusAuthorcmdFlag+129VTY000:00:00TEL1passUsername:huaweiSTelnet远程登录测试。1）终端上STelnet远程登录HQ-R，并进行用户级别切换。图2PuttySTelnet登录设置图3STelnet登录测试2）HQ-R上查看STelnet服务器状态及在线用户信息。[HQ-R]displaysshserverstatusSSHversion :1.99SSHconnectiontimeout :60secondsSSHserverkeygeneratinginterval :0hoursSSHAuthenticationretries :3timesSFTPServer:DisableStelnetserver :Enable[HQ-R]displaysshserversessionConnVerEncryStateAuth-typeUsernameVTY02.0AESrunpasswordHuawei[HQ-R]displaysshuser-informationUsernameAuth-typeUser-public-key-namehuaweipasswordnull查看Web服务器状态，并进行登录管理。[B1-R]displayhttpserverHTTPserverstatus :Disabled(default:disable)HTTPserverport :80(default:80)HTTPtimeoutinterval :3(default:3minutes)Currentonlineusers :0Maximumusersallowed :5HTTPSserverstatus :Disabled(default:disable)HTTPSserverport :443(default:443)HTTPSSSLPolicy :终端上使用URL::8443,进行远程Web登录管理。终端测试登录HQR的FTP服务器，然后查看FTP服务器相关配置及状态。[HQ-R]displayftp-serverFTPserverisrunningMaxusernumber 5Usercount 1Timeoutvalue(inminute) 30Listeningport 21Aclnumber 0FTPserver'ssourceaddress [HQ-R]displayftp-usersusernamehostport idletopdirftpuser159143 1flash:配置文件<B1-R>displaycurrent-configuration[V200R003C00]#sysnameB1-R#superpasswordlevel3cipher%$%$n=z)5Gcqs:%"<_DrQDGO,,\f%$%$#httpserverport8080httptimeout15httpserverenablehttpsecure-serverport8443httpsecure-serverssl-policydefaulthttpsecure-serverenablehttpserverpermitinterfaceGigabitEthernet0/0/1#pkirealmdefaultenrollmentself-signed##sslpolicydefaulttypeserverpki-realmdefault#aaalocal-userwebuserpasswordcipher%$%$`bv:%2Mi75)G\kG;7FwJW%2I%$%$local-userwebuserprivilegelevel3local-userwebuserservice-typehttp#interfaceGigabitEthernet0/0/1descriptionto-HQ-Ripaddress#interfaceGigabitEthernet0/0/2descriptionto-B2-Rshutdownipaddress#interfaceLoopBack0ipaddress#iproute-staticiproute-staticiproute-staticpreference80#user-interfacecon0authentication-modepassworduser-interfacevty04authentication-modepasswordsetauthenticationpasswordcipher%$%$Bz1f7*~W3DH`]h8F}K8+,,]VnS`>@\G+`6bw7W!OxIP%,]Y,%$%$user-interfacevty1620#return<B2-R>displaycurrent-configuration[V200R003C00]#sysnameB2-R#superpasswordlevel3cipher%$%$xeW[&$3T"A>hg`Ur$[wV,,uv%$%$#aaaauthentication-schemedefaultauthorization-schemedefaultaccounting-schemedefaultdomaindefa