HCIA---综合实验

一、实验要求

1.ISP路由器只能配置IP地址,之后不得·进行任何配置
2.内部整个网络基于192.168.1.0/24进行地址规划—左边区域就是内部网络
3.R1 R2之间启动ospf协议,单区域
4.PC1–PC4 自动获取IP地址—DHCP
5.PC1不能telnetR1,PC1外的其他内网Pc可以—ACL
6.PC1 —PC4可以访问PC5 ,R2的公网接口只拥有一个公有IP12.0.0.1—NAT
7.外部的client 可以通过域名访问http server----端口映射80
8.isp 路由telnet 12.0.0.1 ,最终成功登录R1—端口映射23
HCIA---综合实验

二、实验拓扑

HCIA---综合实验

三、IP地址规划

先数清楚有几个广播域,交换机还要先配置,因为VLAN里面还有广播域划分;
需要5个网段,所以需要借3位,用5个网段,还剩3个预留地址作为后期升级使用。
192.168.1.0 /24

  • 192.168.1.000 00000 /27—192.168.1.0/27
  • 192.168.1.001 00000 /27—192.168.1.32/27
  • 192.168.1.010 00000 /27—192.168.1.64/27
  • 192.168.1.011 00000 /27—192.168.1.96/27
  • 192.168.1.100 00000 /27----192.168.1.128/27

预留地址:

  • 192.168.1.101 00000 /27
  • 192.168.1.110 00000 /27
  • 192.168.1.111 00000 /27

四、路由配置信息

1.先配置交换机:

[sw1]vlan 2
[sw1]vlan 3
[sw1]port-group group-member g0/0/2 to g0/0/3	
[sw1-port-group]p l a
[sw1-GigabitEthernet0/0/2]p l a
[sw1-GigabitEthernet0/0/3]p l a
[sw1-port-group]p d v 2
[sw1-GigabitEthernet0/0/2]p d v 2
[sw1-GigabitEthernet0/0/3]p d v 2
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access 	
[sw1-GigabitEthernet0/0/4]port default vlan  3
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk 
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan  all 
[sw2]vlan 2
[sw2]vlan 3
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access 
[sw2-GigabitEthernet0/0/2]port default vlan  2
[sw2-GigabitEthernet0/0/2]int g 0/0/3
[sw2-GigabitEthernet0/0/3]port link-type access 
[sw2-GigabitEthernet0/0/3]port default vlan  3
[sw2-GigabitEthernet0/0/3]int g 0/0/1	
[sw2-GigabitEthernet0/0/1]port link-type trunk 
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all 

2.路由器IP配置

[r1]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]ip add 192.168.1.33 27
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2
Feb  7 2022 10:37:46-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0.1 has entered the UP state. 
[r1-GigabitEthernet0/0/0.1]arp broadcast  enable 
[r1-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r1-GigabitEthernet0/0/0.2]ip add 192.168.1.65 27
[r1-GigabitEthernet0/0/0.2]dot1q termination  vid  3
Feb  7 2022 10:38:13-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0.2 has entered the UP state. 
[r1-GigabitEthernet0/0/0.2]arp broadcast  enable 
[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 30
[r2-GigabitEthernet0/0/1]int g 0/0/0.1
[r2-GigabitEthernet0/0/0.1]ip add 192.168.1.97 27
[r2-GigabitEthernet0/0/0.1]dot1q  termination  vid  2
[r2-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r2-GigabitEthernet0/0/0.2]ip add 192.168.1.129 27
[r2-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/0.2]arp broadcast  enable 
[r2-GigabitEthernet0/0/0.2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip add 192.168.1.2 30
[r2-GigabitEthernet0/0/0]int g 0/0/2
[r2-GigabitEthernet0/0/2]ip add 12.0.0.1 24
[r3]int g 0/0/1
[r3-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[r3-GigabitEthernet0/0/1]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add 1.1.1.1 24

3、PC自动获取IP,做DHCP配置:

[r1]dhcp enable 
[r1]ip pool aa
[r1-ip-pool-aa]network 192.168.1.32 mask 27	
[r1-ip-pool-aa]gateway-list 192.168.1.33 
[r1-ip-pool-aa]dns-list  114.114.114.114
[r1]int g 0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp  select global 
[r2]dhcp enable 
[r2]ip pool bb
[r2-ip-pool-bb]network 192.168.1.96 mask 27
[r2-ip-pool-bb]gateway-list  192.168.1.97 
[r2-ip-pool-bb]dns-list 114.114.114.114
[r2]ip pool cc
[r2-ip-pool-cc]network 192.168.1.128 mask 27
[r2-ip-pool-cc]gateway-list 192.168.1.129
[r2-ip-pool-cc]dns-list 114.114.114.114
[r2]int g0/0/0.1	
[r2-GigabitEthernet0/0/0.1]dhcp  select global 
[r2-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r2-GigabitEthernet0/0/0.2]dhcp  select global

测试可以自动获取IP地址;
HCIA---综合实验
HCIA---综合实验
HCIA---综合实验
HCIA---综合实验4.ospf的配置:

[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1-area-0.0.0.0]network  192.168.1.0 0.0.0.255
[r2]ospf 1 router-id  2.2.2.2
[r2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[r2-ospf-1]default-route-advertise always 

HCIA---综合实验
简单测试一下内网:
HCIA---综合实验

5.开启telnet服务:

[r1]aaa
[r1-aaa]local-user an privilege level 15 password cipher 123456
[r1-aaa]local-user an service-type telnet 
[r1]user-interface vty  0 4
[r1-ui-vty0-4]authentication-mode aaa

测试:
HCIA---综合实验
6、做一个ACL抓取感兴趣流量:

[r1]acl 3000
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port  eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.33 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.65 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]display  this 
[V200R003C00]
#
acl number 3000  
 rule 10 deny tcp source 192.168.1.61 0 destination 192.168.1.1 0 destination-po
rt eq telnet 
 rule 15 deny tcp source 192.168.1.61 0 destination 192.168.1.33 0 destination-p
ort eq telnet 
 rule 20 deny tcp source 192.168.1.61 0 destination 192.168.1.65 0 destination-p
ort eq telnet 
#
return
[r1]interface  g 0/0/0	
[r1-GigabitEthernet0/0/0]traffic-filter inbound  acl 3000

因为下面是PC 所以无法测试。
7.做一个nat:

[r2]acl 2000	
[r2-acl-basic-2000]rule permit  source  192.168.1.0 0.0.0.255 
[r2]int g 0/0/2
[r2-GigabitEthernet0/0/2]nat  outbound  2000

HCIA---综合实验
HCIA---综合实验
测试结果:
HCIA---综合实验
8、端口映射:

[r2-GigabitEthernet0/0/2]nat  server protocol  tcp global current-interface 80 i
nside 192.168.1.66 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]

测试结果:
HCIA---综合实验

HCIA---综合实验
9.telnet:

[r2-GigabitEthernet0/0/2]nat  server protocol tcp global current-interface 23 in
side 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]

HCIA---综合实验

IA阶段的就此结束,以后接触更多的再和大家分享

上一篇:腾讯五十题 No.23 合并两个有序数组


下一篇:静态指定MPLS的LSP实验