文章介绍:通过eNSP部署一台AR路由器,作为企业出口路由器配置NAT上网,启用DHCP Server功能给终端用户下发IP。一个云用于桥接本地网卡上网,充当运营商的光猫。一台交换机用于区分不通用户的VLAN,俩台PC测试ping公网百度

一、eNSP下载

HUAWEI eNSP

二、实验拓扑

yydy_2024-09-26_19-17-36

三、云桥接配置

3.1、添加环回网卡

详细请按照如下步骤,首先CMD输入:hdwwiz

hdwwiz

yydy_2024-09-26_19-22-56

yydy_2024-09-26_19-23-12

yydy_2024-09-26_19-23-40

yydy_2024-09-26_19-24-03

yydy_2024-09-26_19-24-40

yydy_2024-09-26_19-24-51

yydy_2024-09-26_19-25-01

ncpa.cpl

yydy_2024-09-26_19-25-14

重命名:ensp

yydy_2024-09-26_19-28-38

3.2、网卡桥接

如下图所示,选择自己上网的网卡,无线或者有线,然后共享网络给环回网卡ensp

yydy_2024-09-26_19-32-21

查看ensp环回网卡的ip地址,此ip是我们AR1的默认路由网关

yydy_2024-09-26_19-35-25

四、设备配置

4.1、云配置

yydy_2024-09-26_19-37-05

4.2、AR1

#
 sysname AR1
#
dhcp enable
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
interface GigabitEthernet0/0/0
 description to-Cloud
 ip address 192.168.137.2 255.255.255.0 
 nat outbound 2000
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.10
 dot1q termination vid 10
 ip address 192.168.10.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 223.5.5.5 223.6.6.6 
#
interface GigabitEthernet0/0/1.20
 dot1q termination vid 20
 ip address 192.168.20.1 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server dns-list 223.5.5.5 223.6.6.6 
#
ip route-static 0.0.0.0 0.0.0.0 192.168.137.1
#

4.3、SW1

#
sysname SW1
#
vlan batch 10 20
#
interface Ethernet0/0/1
 description to-PC1
 port link-type access
 port default vlan 10
#
interface Ethernet0/0/2
 description to-PC2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/1
 description to-AR1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 20
#

4.4、PC

yydy_2024-09-26_19-40-55

yydy_2024-09-26_19-41-11

五、PC测试ping百度域名

5.1、查看PC的ip地址获取情况

yydy_2024-09-26_19-42-37

yydy_2024-09-26_19-43-06

5.2、ping测试

yydy_2024-09-26_19-44-19

yydy_2024-09-26_19-45-00

六、通信过程

  • 1、PC1和PC2通过AR1路由器下发的DHCP获取到IP地址
  • 2、PC1和PC2访问百度域名的流量,通过SW1交换机抵达AR1路由器,进过AR1的G0/0/0接口时,匹配上ACL 2000,out方向命令nat,将192.168.10.0/24和192.168.20.0/24内网地址NAT成192.168.137.2出去上网

七、DHCP全局模式

7.1、AR1配置

#
 sysname AR1
#
dhcp enable
#
acl number 2000  
 rule 5 permit source 192.168.10.0 0.0.0.255 
 rule 10 permit source 192.168.20.0 0.0.0.255 
#
ip pool vlan20
 gateway-list 192.168.20.20 
 network 192.168.20.0 mask 255.255.255.0 
 excluded-ip-address 192.168.20.30 192.168.20.254 
 dns-list 114.114.114.114 114.114.115.115 
#
ip pool vlan10
 gateway-list 192.168.10.10 
 network 192.168.10.0 mask 255.255.255.0 
 excluded-ip-address 192.168.10.20 192.168.10.254 
 dns-list 114.114.114.114 114.114.115.115 
#
interface GigabitEthernet0/0/0
 ip address 192.168.137.2 255.255.255.0 
 nat outbound 2000
#
interface GigabitEthernet0/0/1.10
 dot1q termination vid 10
 ip address 192.168.10.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/1.20
 dot1q termination vid 20
 ip address 192.168.20.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 192.168.137.1
#

7.2、PC重新获取IP地址

ipconfig /renew

yydy_2024-09-26_22-11-56

yydy_2024-09-26_22-12-26