CMS
CMS

HCNA综合实验

HCNA综合实验

作者:五柳狂少 我们先来看拓扑需求

1.SW1 和 SW2 之间的直连链路配置链路聚合

2.公司内部业务网段为 Vlan10 和 Vlan20;Vlan10 是市场部,Vlan20 是技术部,要求对 Vlan 进行命名以便识别;PC1 属于 Vlan10,PC2 属于 Vlan20,Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居;Vlan111 为 SW1 和 R1 的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan

3.所有交换机相连的端口配置为 Trunk,允许相关流量通过

4.交换机连接 PC 的端口配置为边缘端口

5.按图示分区域配置 OSPF 实现公司内部网络全网互通,ABR 的环回口宣告进骨干区域;业务网段不允许出现协议报文

6.R1 上配置默认路由指向互联网,并引入到 OSPF

7.R1 通过双线连接到互联网,配置 PPP-MP,并配置双向 chap 验证

8.配置 EASY IP,只有业务网段 192.168.1.0/24 和 192.168.2.0/24 的数据流可以通过 R1 访问互联网

9.R1 开启 TELNET 远程管理,使用用户 abc 登录,密码 abc,只允许技术部远程管理 R1

实验过程:

SW3:

interface Ethernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface Ethernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10 20

interface Ethernet0/0/3

port link-type access

port default vlan 10

interface Ethernet0/0/4

port link-type access

port default vlan 20

vlan 10

description jsb //打上VLAN注释

vlan 20

description cwb //打上VLAN注释

SW1:

interface Vlanif10

ip address 192.168.1.254 255.255.255.0

interface Vlanif20

ip address 192.168.2.253 255.255.255.0

interface Vlanif30

ip address 10.1.21.11 255.255.255.0

interface Vlanif111

ip address 10.1.11.11 255.255.255.0

interface GigabitEthernet0/0/1

port link-type access

port default vlan 111

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10 20

OSPF配置

ospf 1 router-id 10.1.1.1

silent-interface GigabitEthernet0/0/2 //静默接口 不让OSPF报文在这个接口下传输

area 0.0.0.1

network 192.168.1.254 0.0.0.0

network 192.168.2.253 0.0.0.0

network 10.1.11.11 0.0.0.0

network 10.1.21.11 0.0.0.0

network 10.1.1.1 0.0.0.0

Rth配置

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10 to 222 //让这一条聚合链路可以通过VLAN

SW2:

接口配置

interface Vlanif10

ip address 192.168.1.253 255.255.255.0

interface Vlanif20

ip address 192.168.2.254 255.255.255.0

interface Vlanif30

ip address 10.1.21.22 255.255.255.0

interface Vlanif222

ip address 10.1.22.22 255.255.255.0

interface Eth-Trunk1 //聚合链路

port link-type trunk

port trunk allow-pass vlan 10 to 222

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2

port link-type access

interface GigabitEthernet0/0/3

eth-trunk 1

interface GigabitEthernet0/0/4

eth-trunk 1

OSPF配置

ospf 1 router-id 10.2.2.2

silent-interface GigabitEthernet0/0/1

area 0.0.0.1

network 192.168.1.253 0.0.0.0

network 192.168.2.254 0.0.0.0

network 10.1.21.22 0.0.0.0

network 10.1.22.22 0.0.0.0

network 10.2.2.2 0.0.0.0

AR1:

ACL配置

acl number 2000 //这个ACL是针对nat的

rule 5 permit source 192.168.1.0 0.0.0.255

rule 10 permit source 192.168.2.0 0.0.0.255

rule 15 deny

acl number 2005 //这个ACL是针对TELNET

rule 5 permit source 192.168.1.0 0.0.0.255

rule 10 permit source 192.168.2.0 0.0.0.255

接口配置

interface GigabitEthernet0/0/0

ip address 10.1.12.1 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.11.1 255.255.255.0

interface GigabitEthernet0/0/2

ip address 10.1.13.1 255.255.255.0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

//利用PPP做chan双向认证

interface Serial1/0/0

link-protocol ppp

ppp authentication-mode chap

ppp chap user zzw

ppp chap password cipher 123

ppp mp Mp-group 0/0/1

interface Serial1/0/1

link-protocol ppp

ppp authentication-mode chap

ppp chap user zzw

ppp chap password cipher 123

ppp mp Mp-group 0/0/1

interface Mp-group0/0/1

ip address 202.100.1.1 255.255.255.0

nat outbound 2000

//ppp模式下的聚合

//远程登陆

user-interface vty 0 4

acl 2005 inbound

authentication-mode aaa

OSPF配置

ospf 1 router-id 1.1.1.1

default-route-advertise //引入缺省路由 到OSPF里面

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 10.1.12.1 0.0.0.0

network 10.1.13.1 0.0.0.0

area 0.0.0.1

network 10.1.11.1 0.0.0.0

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2

AR2

接口配置

g0/0/0:10.1.12.2/24

g0/0/1:10.1.23.2/24

g0/0/2:10.1.22.2/24

lo0:2.2.2.2/32

OSPF配置

ospf 1 router-id 2.2.2。2

default-route-advertise //引入缺省路由 到OSPF里面

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 10.1.12.2 0.0.0.0

network 10.1.23.2 0.0.0.0

area 0.0.0.1

network 10.1.22.2 0.0.0.

AR3

接口配置

interface GigabitEthernet0/0/0

ip address 192.168.3.254 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.1.23.3 255.255.255.0

interface GigabitEthernet0/0/2

ip address 10.1.13.3 255.255.255.0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

OSPF配置

ospf 1 router-id 3.3.3.3

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 10.1.13.3 0.0.0.0

network 10.1.23.3 0.0.0.0

network 192.168.3.254 0.0.0.0

AR Internet

interface Mp-group0/0/1

ip address 202.100.1.2 255.255.255.0

interface Serial1/0/0

link-protocol ppp

ppp authentication-mode chap

ppp chap user zzw

ppp chap password cipher 123

ppp mp Mp-group 0/0/1

interface Serial1/0/1

link-protocol ppp

ppp authentication-mode chap

ppp chap user zzw

ppp chap password cipher 123

ppp mp Mp-group 0/0/1

interface LoopBack0

ip address 100.1.1.1 255.255.255.255

2019-08-05 22:23:37
0 热度