1+X云计算平台运维与开发（中级）eNSP A~E卷 试题+答案

A卷

路由器管理(40分)

41

配置R1和R2路由器（路由器使用R2220），R1路由器配置端口g0/0/1地址为192.168.1.1/30，端口g0/0/1连接R2路由器。配置端口g0/0/2地址为192.168.2.1/24，作为内部PC1机网关地址。R2路由器配置端口g0/0/1地址为192.168.1.2/30，端口g0/0/1连接R1路由器，配置端口g0/0/2地址为192.168.3.1/24，作为内部PC2机网关地址。R1和R2路由器启用OSPF动态路由协议自动学习路由。使PC1和PC2可以相互访问。（所有配置命令使用完整命令）将上述所有操作命令及返回结果以文本形式提交到答题框。

参考答案：

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 30

[Huawei-GigabitEthernet0/0/1]quit

[Huawei]interface GigabitEthernet 0/0/2

[Huawei-GigabitEthernet0/0/2]ip address 192.168.2.1 24

[Huawei-GigabitEthernet0/0/2]quit

[Huawei]ospf 1

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3

[Huawei-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.2 30

[Huawei-GigabitEthernet0/0/1]quit

[Huawei]interface GigabitEthernet 0/0/2

[Huawei-GigabitEthernet0/0/2]ip address 192.168.3.1 24

[Huawei-GigabitEthernet0/0/2]quit

[Huawei]ospf 1

[Huawei-ospf-1]area 0

[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3

[Huawei-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255

无线AC管理(40分)

42

配置无线AC控制器（型号使用AC6005），开启dhcp功能，设置vlan20网关地址为172.16.20.1/24，并配置vlan20接口服务器池，设置dhcp分发dns为114.114.114.114、223.5.5.5。将上述所有操作命令及返回结果以文本形式提交到答题框。

参考答案：

[SW1]vlan batch 20

[SW1]dhcp enable

[SW1]interface vlanif 20

[SW1-Vlanif20]ip address 172.16.20.1 24

[SW1-Vlanif20]dhcp select interface #给接口配置

[SW1-Vlanif20]dhcp server dns-list 114.114.114.114 223.5.5.5

B卷

交换机管理(40分)

41

在eNSP中使用S5700交换机进行配置，通过一条命令划分vlan 2、vlan 3、vlan 1004，通过端口组的方式配置端口1-5为access模式，并添加至vlan2中。配置端口10为trunk模式，并放行vlan3。创建三层vlan 2，配置IP地址为：172.16.2.1/24，创建三层vlan1004，配置IP地址为：192.168.4.2/30。通过命令添加默认路由，下一跳为192.168.4.1。（使用完整命令）将上述操作命令及返回结果以文本形式提交到答题框。

参考答案：

[Huawei]vlan batch 2 3 1004

[Huawei]port-group 1

[Huawei-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/5

[Huawei-port-group-1]port link-type access

[Huawei-port-group-1]port default vlan 2

[Huawei]interface GigabitEthernet 0/0/10

[Huawei-GigabitEthernet0/0/10]port link-type trunk

[Huawei-GigabitEthernet0/0/10]port trunk allow-pass vlan 3

[Huawei]interface Vlanif 2

[Huawei-Vlanif2]ip address 172.16.2.1 24

[Huawei]interface Vlanif 1004

[Huawei-Vlanif1004]ip address 192.168.4.2 30

[Huawei]ip route-static 0.0.0.0 0 192.168.4.1

交换机管理(40分)

42

交换机配置：交换机g0/0/1端口连接R1路由器，所属vlan1001，配置地址192.168.1.2/30，与路由器通信。配置g0/0/2连接PC1机，所属vlan101，配置PC1机网关地址为172.16.101.254/24。配置默认路由下一跳为路由器地址。路由器配置：R1路由器g0/0/1端口配置地址12.12.12.1/30，配置端口多路复用PAT配置。R1路由器g0/0/2端口配置地址192.168.1.1/30，连接交换机。路由器配置默认路由访问外部网络，配置静态路由访问PC机网络。（所有配置命令使用完整命令）将上述操作命令及返回结果以文本形式提交到答题框。

参考答案：

[Huawei]vlan batch 101 1001

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type access

[Huawei-GigabitEthernet0/0/1]port default vlan 1001

[Huawei-GigabitEthernet0/0/1]quit

[Huawei]interface vlan 1001

[Huawei-Vlanif1001]ip address 192.168.1.2 30

[Huawei]interface GigabitEthernet 0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type access

[Huawei-GigabitEthernet0/0/2]port default vlan 101

[Huawei-GigabitEthernet0/0/2]quit

[Huawei]interface vlan 101

[Huawei-Vlanif101]ip address 172.16.101.254 24

[Huawei-Vlanif101]quit

[Huawei]ip route-static 0.0.0.0 0 192.168.1.1

[Huawei]acl number 2000

[Huawei-acl-basic-2000]rule 1 permit

[Huawei-acl-basic-2000]quit

[Huawei]interface GigabitEthernet 0/0/1

[Huawei-GigabitEthernet0/0/1]ip add

[Huawei-GigabitEthernet0/0/1]ip address 12.12.12.1 30

[Huawei-GigabitEthernet0/0/1]nat outbound 2000

[Huawei-GigabitEthernet0/0/1]quit

[Huawei]interface GigabitEthernet 0/0/2

[Huawei-GigabitEthernet0/0/2]ip address 192.168.1.1 30

[Huawei-GigabitEthernet0/0/2]quit

[Huawei]ip route-static 0.0.0.0 0 GigabitEthernet 0/0/1

[Huawei]ip route-static 172.16.101.0 255.255.255.0 192.168.1.2

C卷

防火墙墙管理(40分)

41

配置防火墙g0/0/2端口添加至trust域，g0/0/1端口添加至untrust域。配置trust域到untrust域规则，放行内部地址172.16.105.0/24网段。配置NAT规则，匹配内部地址172.16.105.0/24网段，使用g0/0/1端口的地址进行转换。（所有配置命令使用完整命令）将上述所有操作命令及返回结果以文本形式提交到答题框。

参考答案：

[SRG]firewall zone trust

[SRG-zone-trust]add interface GigabitEthernet 0/0/2

[SRG-zone-trust]quit

[SRG]firewall zone untrust

[SRG-zone-untrust]add interface GigabitEthernet 0/0/1

[SRG-zone-untrust]quit

[SRG]policy interzone trust untrust outbound

[SRG-policy-interzone-trust-untrust-outbound]policy 0

[SRG-policy-interzone-trust-untrust-outbound-0]action permit

[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.105.0 0.255.255.255

[SRG-policy-interzone-trust-untrust-outbound-0]quit

[SRG-policy-interzone-trust-untrust-outbound]quit

[SRG]nat-policy interzone trust untrust outbound

[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1

[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat

[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.105.0 0.255.255.255

[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1

无线AC网络管理(40分)

42

配置无线AC控制器，设置安全策略Internet，配置安全认证方式为wpa-wpa2，密码为a1234567，设置无线ssid为Internet，创建VAP模板名称为Internet，绑定业务vlan为101，绑定安全策略，绑定SSID模板，创建AP组，名称为ap-group1，绑定vap模板到射频卡0、1上。将上述所有操作命令及返回结果以文本形式提交到答题框。

参考答案：

[AC1-wlan-view]security-profile name Internet

[AC1-wlan-sec-prof-Internet]security wpa-wpa2 psk pass-phrase a1234567 aes

[AC1-wlan-sec-prof-Internet]quit

[AC1-wlan-view]ssid-profile name Internet

[AC1-wlan-ssid-prof-Internet]ssid Internet

[AC1-wlan-ssid-prof-Internet]quit

[AC1-wlan-view]vap-profile name Internet

[AC1-wlan-vap-prof-Internet]forward-mode direct-forward

[AC1-wlan-vap-prof-Internet]service-vlan vlan-id 101

[AC1-wlan-vap-prof-Internet]security-profile Internet

[AC1-wlan-vap-prof-Internet]ssid-profile Internet

[AC1-wlan-vap-prof-Internet]quit

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]vap-profile Internet wlan 1 radio 0

[AC1-wlan-ap-group-ap-group1]vap-profile Internet wlan 1 radio 1

[AC1-wlan-ap-group-ap-group1]quit

D卷

网络管理(40分)

41

通过一条命令在S1交换机上创建vlan100、vlan101，配置vlan100网关为：172.16.100.254/24。配置vlan101网关为：172.16.101.254/24。配置g0/0/1端口为trunk模式，放行vlan100。配置g0/0/2端口为access模式，所属vlan101。将上述操作命令及返回结果以文本形式提交到答题框。

参考答案：

[SW1]vlan batch 101 102

[SW1]interface Vlanif 100

[SW1-Vlanif100]ip address 172.16.100.254 24

[SW1]interface Vlanif 101

[SW1-Vlanif101]ip address 172.16.101.254 24

[SW1]interface GigabitEthernet 0/0/1

[SW1-GigabitEthernet0/0/1]port link-type trunk

[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

[SW1-GigabitEthernet0/0/1]quit

[SW1]interface GigabitEthernet 0/0/2

[SW1-GigabitEthernet0/0/2]port link-type access

[SW1-GigabitEthernet0/0/2]port default vlan 101

[SW1-GigabitEthernet0/0/2]quit

防火墙管理(40分)

42

配置防火墙g0/0/2为trust域，配置g0/0/1为untrust域，配置g0/0/2地址为10.10.5.1/24，配置g0/0/1端口地址为192.168.10.254/24，配置默认路由下一跳为192.168.10.1，配置从trust域到untrust域策略，匹配放行内部地址为172.16.0.0/16网段，配置从trust域到untrust域nat策略，匹配内部地址为172.16.0.0/16网段，使用g0/0/1端口地址。将上述操作命令及返回结果以文本形式提交到答题框。

参考答案：

[SRG]firewall zone trust

[SRG-zone-trust]add interface GigabitEthernet 0/0/2

[SRG-zone-trust]quit

[SRG]firewall zone untrust

[SRG-zone-untrust]add interface GigabitEthernet 0/0/1

[SRG-zone-untrust]quit

[SRG]interface GigabitEthernet 0/0/2

[SRG-GigabitEthernet0/0/2]ip address 10.10.5.1 24

[SRG-GigabitEthernet0/0/2]quit

[SRG]interface GigabitEthernet 0/0/1

[SRG-GigabitEthernet0/0/1]ip address 192.168.10.254 24

[SRG-GigabitEthernet0/0/1]quit

[SRG]ip route-static 0.0.0.0 0 192.168.10.1

[SRG]policy interzone trust untrust outbound

[SRG-policy-interzone-trust-untrust-outbound]policy 0

[SRG-policy-interzone-trust-untrust-outbound-0]action permit

[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.0.0 0.0.255.255

[SRG-policy-interzone-trust-untrust-outbound-0]quit

[SRG-policy-interzone-trust-untrust-outbound]quit

[SRG]nat-policy interzone trust untrust outbound

[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1

[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat

[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.0.0 0.0.255.255

[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1

[SRG-nat-policy-interzone-trust-untrust-outbound-1]quit

[SRG-nat-policy-interzone-trust-untrust-outbound]quit

E卷

网络管理(40分)

41

在eNSP中使用S5700交换机进行配置，通过一条命令划分vlan 2、vlan 3、vlan 1004，通过端口组的方式配置端口1-5为access模式，并添加至vlan2中。配置端口10为trunk模式，并放行vlan3。创建三层vlan 2，配置IP地址为：172.16.2.1/24，创建三层vlan1004，配置IP地址为：192.168.4.2/30。通过命令添加默认路由，下一跳为192.168.4.1。（使用完整命令）将上述操作命令以文本形式提交到答题框。

参考答案：

[Huawei]vlan batch 2 3 1004

[Huawei]port-group 1

[Huawei-port-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/5

[Huawei-port-group-1]port link-type access

[Huawei-port-group-1]port default vlan 2

[Huawei]interface GigabitEthernet 0/0/10

[Huawei-GigabitEthernet0/0/10]port link-type trunk

[Huawei-GigabitEthernet0/0/10]port trunk allow-pass vlan 3

[Huawei]interface Vlanif 2

[Huawei-Vlanif2]ip address 172.16.2.1 24

[Huawei]interface Vlanif 1004

[Huawei-Vlanif1004]ip address 192.168.4.2 30

[Huawei]ip route-static 0.0.0.0 0 192.168.4.1

网络管理(40分)

42

配置SW1交换机vlan20地址为172.17.20.253/24，配置vrrp虚拟网关为172.17.20.254， vrid为1，配置优先级为120。配置vlan17地址为172.17.17.253/24，配置vrrp虚拟网关为172.17.17.254，vrid为2。配置mstp协议，vlan20为实例1，vlan17为实例2，vlan20在SW1上为主，vlan17在SW1上为备。将上述操作命令以文本形式提交到答题框。

参考答案：

[SW1]interface Vlanif 20

[SW1-Vlanif20]ip address 172.17.20.253 24

[SW1-Vlanif20]vrrp vrid 1 virtual-ip 172.17.20.254

[SW1-Vlanif20]vrrp vrid 1 priority 120

[SW1-Vlanif20]vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15

[SW1-Vlanif20]quit

[SW1]interface Vlanif 17

[SW1-Vlanif17]ip address 172.17.17.253 24

[SW1-Vlanif17]vrrp vrid 2 virtual-ip 172.17.17.254

[SW1-Vlanif17]quit

[SW1]stp region-configuration

[SW1-mst-region]region-name RG1

[SW1-mst-region]instance 1 vlan 20

[SW1-mst-region]instance 2 vlan 17

[SW1-mst-region]active region-configuration

[SW1-mst-region]quit

[SW1]stp instance 1 root primary

[SW1]stp instance 2 root secondary

[SW1]stp pathcost-standard legacy

[SW1]stp enable