HCIA实验报告册

一实验拓扑二实验需求1所有PC均需要通过DHCP获取IP地址-地址池名称和设备VLAN一致例如PC1-ip pool vlan10,其中只有业务B网络用户需要访问互联网web服务-需要DNS信息。2交换机配置VLAN需要遵循最小VLAN透传原则。3利用OSPF协议使内外用户互相访问-全网可达设备Router-ID需要手工配置和设备编号一致例如R1-RID1.1.1.1并采用精准宣告的方式进行宣告例如172.16.64.1/24接口宣告172.16.64.1 0.0.0.04内网全网可达并且需要尽可能减小路由表条目数量汇总采用精确汇总方式能够利用缺省省去的配置可省略防止环路并且保障安全在OSPF区域0需要配置认证-采用MD5认证密码为123456企业内网所有用户网段能够汇总都需要尽量汇总;OSPF网络用户终端不能收到OSPF协议报文。5内网所有用户均可访问互联网边界路由器配置NATACL采用基础ACL编号为2000R3-0/0/2接口不允许宣告在内网中包含静态。6test设备需要远程登陆到内网telnet-server设备,登录账号为 huawei 密码 123456登录权限为最高。7不允许VLAN 40和VLAN 50 用户访问内网B业务acl编号为2001在R3设备0/0/0接口配置不允许PC1访问PC5ACL编号为3000。8R3-R4中间百兆链路作为备份链路不允许正常情况下数据通过需要降低优先级数值配置为100。9所有设备严格按照拓扑图标识进行配置注意大小写。10图示中所有服务器和client设备均为体现需求地址固定不做更改在配置时需求注意。clinet1用来模拟内网用户访问互联网ISP-服务器test设备用来测试互联网用户远程登陆内网telent-server主机。三实验思路一、企业A内网配置思路1、配置IP地址2、配置vlan技术1创建vlan2将接口加到相应vlan3配置trunk链路放行相应vlan4配置单臂路由子接口3、配置DHCP技术1启动DHCP服务2创建地址池3在网关接口下发DHCP服务是的PC获得IP地址4、配置OSPF协议1创建OSPF的协议进程配置RID2进入相应的areanetwork网段接口地址3查看OSPF的邻居表、路由表。做全网通测试---ping测试5、配置OSPF的区域汇总--ABR汇总精简路由表的路由条目数量。6、配置静态路由空接口防环7、配置OPSF区域0的认证8、配置easy ip 实现内网访问外网9、让OSPF协议下发缺省给内网路由器保证内网设备访问外网10、配置telnet服务器配置NAT SERVER实现外网访问内网的服务二、企业B内网配置思路1、配置IP地址2、配置vlan技术3、配置DHCP技术使得PC获得IP地址4、配置静态路由协议使得全网通PING5、配置静态路由空接口防环9、配置静态缺省保证内网设备访问三、公网通1、配置IP地址四实验步骤企业A内网配置一、交换机配置[sw1]vlan batch 10 20 30[sw1]int g0/0/2[sw1-GigabitEthernet0/0/2]port link-type access[sw1-GigabitEthernet0/0/2]port default vlan 10[sw1]int g0/0/3[sw1-GigabitEthernet0/0/3]port link-type access[sw1-GigabitEthernet0/0/3]port default vlan 20[sw1]int g0/0/3[sw1-GigabitEthernet0/0/3]port link-type access[sw1-GigabitEthernet0/0/3]port default vlan 30[sw1]int g0/0/1[sw1-GigabitEthernet0/0/1]port link-type trunk[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30[sw2]int g0/0/2[sw2-GigabitEthernet0/0/2]port link-type access[sw2-GigabitEthernet0/0/2]port default vlan 40[sw2]int g0/0/3[sw2-GigabitEthernet0/0/2]port link-type access[sw2-GigabitEthernet0/0/2]port default vlan 50[sw2]int g0/0/1[sw2-GigabitEthernet0/0/1]port link-type trunk[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 50二、路由器配置[R1-GigabitEthernet0/0/0]ip add 172.16.67.1/24[R2-GigabitEthernet0/0/0]ip add 172.16.67.2/24[R2-GigabitEthernet0/0/2]ip add 172.16.2.1/24[R3-GigabitEthernet0/0/0]ip add 172.16.2.2/24[R1-GigabitEthernet0/0/1.10]ip add 172.16.64.1/24[R1-GigabitEthernet0/0/1.10]dot1q termination vid 10[R1-GigabitEthernet0/0/1.10]arp broadcast enable[R1-GigabitEthernet0/0/1.10]dhcp select global[R1-GigabitEthernet0/0/1.20]ip add 172.16.65.1/24[R1-GigabitEthernet0/0/1.20]dot1q termination vid 20[R1-GigabitEthernet0/0/1.20]arp broadcast enable[R1-GigabitEthernet0/0/1.20]dhcp select global[R1-GigabitEthernet0/0/1.30]ip add 172.16.66.1/24[R1-GigabitEthernet0/0/1.30]dot1q termination vid 30[R1-GigabitEthernet0/0/1.30]arp broadcast enable[R1-GigabitEthernet0/0/1.30]dhcp select global[R2-GigabitEthernet0/0/1.40]ip add 172.16.0.1/24[R2-GigabitEthernet0/0/1.40]dot1q termination vid 40[R2-GigabitEthernet0/0/1.40]arp broadcast enable[R2-GigabitEthernet0/0/1.40]dhcp select global[R2-GigabitEthernet0/0/1.50]ip add 172.16.1.1/24[R2-GigabitEthernet0/0/1.50]dot1q termination vid 50[R2-GigabitEthernet0/0/1.50]arp broadcast enable[R2-GigabitEthernet0/0/1.50]dhcp select global三、DHCP配置[R1]dhcp enable[R1]ip pool vlan10[R1-ip-pool-vlan10]network 172.16.64.0 mask 24[R1-ip-pool-vlan10]gateway-list 172.16.64.1[R1-ip-pool-vlan10]dns-list 8.8.8.8 114.114.114.114[R1]ip pool vlan20[R1-ip-pool-vlan20]network 172.16.65.0 mask 24[R1-ip-pool-vlan20]gateway-list 172.16.65.1[R1-ip-pool-vlan20]dns-list 8.8.8.8 114.114.114.114[R1]ip pool vlan30[R1-ip-pool-vlan30]network 172.16.66.0 mask 24[R1-ip-pool-vlan30]gateway-list 172.16.66.1[R1-ip-pool-vlan30]dns-list 8.8.8.8 114.114.114.114[R2]dhcp enable[R2]ip pool vlan40[R2-ip-pool-vlan40]network 172.16.0.0 mask 24[R2-ip-pool-vlan40]gateway-list 172.16.0.1[R2-ip-pool-vlan40]dns-list 8.8.8.8 114.114.114.114[R2]ip pool vlan50[R2-ip-pool-vlan50]network 172.16.1.0 mask 24[R2-ip-pool-vlan50]gateway-list 172.16.1.1[R2-ip-pool-vlan50]dns-list 8.8.8.8 114.114.114.114四、ospf配置[R1]ospf 1 router-id 1.1.1.1[R1-ospf-1]area 1[R1-ospf-1-area-0.0.0.1]network 172.16.67.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.64.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.65.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.66.1 0.0.0.0[R2]ospf 2 router-id 2.2.2.2[R2-ospf-2]area 1[R2-ospf-2-area-0.0.0.1]network 172.16.67.2 0.0.0.0[R2-ospf-2]area 0[R2-ospf-2-area-0.0.0.0]network 172.16.2.1 0.0.0.0[R2-ospf-2-area-0.0.0.0]network 172.16.0.1 0.0.0.0[R2-ospf-2-area-0.0.0.0]network 172.16.1.1 0.0.0.0[R3-ospf-3-area-0.0.0.0]network 172.16.2.2 0.0.0.0企业B内网配置一、配置路由器ip[R4-GigabitEthernet0/0/0]ip add 172.16.129.2 24[R4-Ethernet4/0/0]ip add 172.16.130.2 24[R4-GigabitEthernet0/0/1]ip add 172.16.131.1 24[R4-GigabitEthernet0/0/2]ip add 172.16.132.2 24[R3-GigabitEthernet0/0/1]ip add 172.16.129.1 24[R3-Ethernet4/0/0]ip add 172.16.130.1 24[R5-GigabitEthernet0/0/0]ip add 172.16.131.2 24[R5-GigabitEthernet0/0/1]ip add 172.16.133.2 24[R6-GigabitEthernet0/0/0]ip add 172.16.132.1 24[R6-GigabitEthernet0/0/1]ip add 172.16.134.1 24[R7-GigabitEthernet0/0/0]ip add 172.16.133.1 24[R7-GigabitEthernet0/0/1]ip add 172.16.134.3 24给R7的0/0/2接口配置子接口[R7]int g0/0/2.60[R7-GigabitEthernet0/0/2.60]ip add 172.16.128.1 25[R7-GigabitEthernet0/0/2.60]int g0/0/2.70[R7-GigabitEthernet0/0/2.70]ip add 172.16.128.129 25二、配置vlan技术[sw3]vlan batch 60 70[sw3-GigabitEthernet0/0/3]port link-type access[sw3-GigabitEthernet0/0/3]port default vlan 60[sw3-GigabitEthernet0/0/4]port link-type access[sw3-GigabitEthernet0/0/4]port default vlan 60[sw3-GigabitEthernet0/0/2]port link-type access[sw3-GigabitEthernet0/0/2]port default vlan 70[sw3-GigabitEthernet0/0/1]port link-type trunk[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan 60 70[R7-GigabitEthernet0/0/2.60]dot1q termination vid 60[R7-GigabitEthernet0/0/2.60]arp broadcast enable[R7-GigabitEthernet0/0/2.70]dot1q termination vid 70[R7-GigabitEthernet0/0/2.70]arp broadcast enable三、配置DHCP[R7]dhcp enable[R7]ip pool vlan70[R7-ip-pool-vlan70]network 172.16.128.128 mask 25[R7-ip-pool-vlan70]gateway-list 172.16.128.129[R7-ip-pool-vlan70]dns-list 8.8.8.8 114.114.114.114[R7-GigabitEthernet0/0/2.70]dhcp select global四、配置静态路由[R3]ip route-static 172.16.131.0 24 172.16.129.2[R3]ip route-static 172.16.131.0 24 172.16.130.2[R3]ip route-static 172.16.133.0 24 172.16.129.2[R3]ip route-static 172.16.133.0 24 172.16.130.2[R3]ip route-static 172.16.128.0 24 172.16.129.2[R3]ip route-static 172.16.128.0 24 172.16.130.2[R3]ip route-static 172.16.134.0 24 172.16.129.2[R3]ip route-static 172.16.134.0 24 172.16.130.2[R3]ip route-static 172.16.132.0 24 172.16.129.2[R3]ip route-static 172.16.132.0 24 172.16.130.25、防环[R3]ip route-static 172.16.128.0 24 NULL 0[R4]ip route-static 172.16.128.0 24 NULL 0[R5]ip route-static 172.16.128.0 24 NULL 0[R6]ip route-static 172.16.128.0 24 NULL 06、手动配置静态缺省路由[R4]ip route-static 0.0.0.0 0 172.16.129.1[R4]ip route-static 0.0.0.0 0 172.16.130.1[R5]ip route-static 0.0.0.0 0 172.16.131.1[R6]ip route-static 0.0.0.0 0 172.16.132.1[R7]ip route-static 0.0.0.0 0 172.16.133.1[R7]ip route-static 0.0.0.0 0 172.16.134.17、配置静态浮动路由[R4]ip route-static 0.0.0.0 0 172.16.130.1 preference 100[R3]ip route-static 172.16.128.0 24 172.16.130.2 preference 100[R3]ip route-static 172.16.131.0 24 172.16.130.2 preference 100[R3]ip route-static 172.16.132.0 24 172.16.130.2 preference 100[R3]ip route-static 172.16.133.0 24 172.16.130.2 preference 100[R3]ip route-static 172.16.134.0 24 172.16.130.2 preference 100公网1、配置IP地址[test]interface GigabitEthernet 0/0/0[test-GigabitEthernet0/0/0]ip address 100.0.0.2 24[R3]interface GigabitEthernet 0/0/2[R3-GigabitEthernet0/0/2]ip address 100.0.0.1 24