HCIA基础课程综合实验
通过前期的学习和实验已经了解了很多的配置方法,今天的实验就是相当于之前的一个汇总,下面使用ensp进行配置,具体实验如下:
一·实验要求
综合实验要求:
1、AR6理解为ISP设备,所连接的两个网段为公网;R1-R5构建为一个私有的局域网;
2、AR6上只能进行ip地址配置,之后不得对该路由器进行其他任何配置
3、公网范围IP地址已经指定,剩余R1-R5整个私网使用192.168.1.0/24进行合理分配
4、PC1/3为划分到VLAN2,PC2/4/HTTP 服务器划分到VLAN3;PC1-4通过DHCP自动获取ip地址;
5、所有路由器路由表应尽量控制减少,预防出现环路,所有选路均为最佳路径;R4与R5之间正常使用1000M链路,
1000M链路故障时自动切换到100m链路,整个网络仅使用静态路由协议;
6、PC1—PC4均可ping通PC5,同时PC5可以通过域名www.beixin.com来访问http服务器;
7、全网仅R1可以telnet登录R2
二·具体配置如下
1.IP地址划分
| 192.168.1.0/27 | 骨干划分 |
| 192.168.1.32/27 | 用户划分 |
| 192.168.1.64/27 | 用户划分 |
| 192.168.1.96/27 | 预留 |
| 192.168.1.128/27 | 预留 |
| 192.168.1.160/27 | 预留 |
| 192.168.1.192/27 | 预留 |
| 192.168.1.224/27 | 预留 |
| 192.168.1.0/30 | 骨干 |
| 192.168.1.4/30 | 骨干 |
| 192.168.1.8/30 | 骨干 |
| 192.168.1.12/30 | 骨干 |
| 192.168.1.16/30 | 骨干 |
| 192.168.1.20/30 | 骨干 |
| 192.168.1.24/30 | 预留 |
| 192.168.1.28/30 | 预留 |
| 192.168.1.32/28 | vlan1 |
| 192.168.1.48/28 | vlan2 |
| 192.168.1.64/28 | vlan1 |
| 192.168.1.80/28 | vlan2 |
具体分配如下:
2.IP地址配置
一号路由器:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.1.5 30
二号路由器:
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.1.13 30
三号路由器:
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.1.9 30
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.1.6 30
四号路由器:
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.1.10 30
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.1.14 30
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip address 192.168.1.21 30
[r4]int g3/0/0
[r4-GigabitEthernet3/0/0]ip address 192.168.1.17 30
五号路由器:
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]ip address 192.168.1.18 30
[r5]int g0/0/2
[r5-GigabitEthernet0/0/1]ip address 192.168.1.22 30
六号路由器:
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[r6]int g0/0/1
[r6-GigabitEthernet0/0/1]ip address 1.1.1.10 24
3.划分vlan,配置trunk栈道
一号交换机:
[n1]int e0/0/1
[n1-Ethernet0/0/1]port link-type trunk
[n1-Ethernet0/0/1]port trunk allow-pass vlan all(开通trunk栈道)
[n1]int e0/0/2
[n1-Ethernet0/0/2]port link-type access
[n1-Ethernet0/0/2]port default vlan 2
[n1]int e0/0/3
[n1-Ethernet0/0/3]port link-type access
[n1-Ethernet0/0/3]port default vlan 3
二号交换机:
[n2]int e0/0/1
[n2-Ethernet0/0/1]port link-type trunk
[n2-Ethernet0/0/1]port trunk allow-pass vlan all(开通trunk栈道)
[n2]int e0/0/2
[n2-Ethernet0/0/2]port link-type access
[n2-Ethernet0/0/2]port default vlan 2
[n2]int e0/0/3
[n2-Ethernet0/0/3]port link-type access
[n2-Ethernet0/0/3]port default vlan 3
[n2]int e0/0/4
[n2-Ethernet0/0/4]port link-type access
[n2-Ethernet0/0/4]port default vlan 3
一号路由器:
[r1]int g0/0/2.1
[r1-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/2.1]ip address 192.168.1.33 28
[r1-GigabitEthernet0/0/2.1]arp broadcast enable
[r1]int g0/0/2.2
[r1-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/2.2]ip address 192.168.1.49 28
[r1-GigabitEthernet0/0/2.2]arp broadcast enable
三号路由器:
[r3]int g0/0/2.1
[r3-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r3-GigabitEthernet0/0/2.1]ip address 192.168.1.65 28
[r3-GigabitEthernet0/0/2.1]arp broadcast enable
[r3]int g0/0/2.2
[r3-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r3-GigabitEthernet0/0/2.2]ip address 192.168.1.81 28
[r3-GigabitEthernet0/0/2.2]arp broadcast enable4.配置静态路由和缺省路由以及空接口
一号路由器:
ip route-static 192.168.1.12 30 192.168.1.2
ip route-static 192.168.1.8 30 192.168.1.6
ip route-static 192.168.1.20 30 192.168.1.2
ip route-static 192.168.1.20 30 192.168.1.6
ip route-static 192.168.1.16 30 192.168.1.2
ip route-static 192.168.1.16 30 192.168.1.6
ip route-static 192.168.1.64 27 192.168.1.6
ip route-static 0.0.0.0 0 192.168.1.2(缺省路由)
ip route-static 0.0.0.0 0 192.168.1.6(缺省路由)
ip route-static 192.168.1.32 27 NULL 0(空接口)
二号路由器:
ip route-static 192.168.1.4 30 192.168.1.1
ip route-static 192.168.1.8 30 192.168.1.14
ip route-static 192.168.1.16 30 192.168.1.14
ip route-static 192.168.1.20 30 192.168.1.14
ip route-static 192.168.1.64 27 192.168.1.14
ip route-static 192.168.1.64 27 192.168.1.1
ip route-static 192.168.1.32 27 192.168.1.1
ip route-static 0.0.0.0 0 192.168.1.13(缺省路由)
三号路由器:
ip route-static 192.168.1.0 30 192.168.1.5
ip route-static 192.168.1.12 30 192.168.1.10
ip route-static 192.168.1.16 30 192.168.1.10
ip route-static 192.168.1.20 30 192.168.1.10
ip route-static 192.168.1.32 27 192.168.1.5
ip route-static 0.0.0.0 0 192.168.1.10(缺省路由)
ip route-static 192.168.1.64 27 NULL 0(空接口)
四号路由器:
ip route-static 192.168.1.0 30 192.168.1.13
ip route-static 192.168.1.4 30 192.168.1.9
ip route-static 192.168.1.32 27 192.168.1.13
ip route-static 192.168.1.32 27 192.168.1.9
ip route-static 192.168.1.64 27 192.168.1.9
ip route-static 0.0.0.0 0 192.168.1.22(缺省路由)
五号路由器:
ip route-static 192.168.1.12 30 192.168.1.21
ip route-static 192.168.1.8 30 192.168.1.21
ip route-static 192.168.1.0 30 192.168.1.21
ip route-static 192.168.1.4 30 192.168.1.21
ip route-static 192.168.1.32 27 192.168.1.21
ip route-static 192.168.1.32 27 192.168.1.21
ip route-static 192.168.1.64 27 192.168.1.21
ip route-static 0.0.0.0 0 12.1.1.2(缺省路由)5.开启DHCP服务分配IP地址
一号路由器:
dhcp enable
ip pool n1
network 192.168.1.32 mask 28
gateway-list 192.168.1.33
dns-list 1.1.1.3
进入接口2.1:dhcp select global
ip pool n2
network 192.168.1.48 mask 28
gateway-list 192.168.1.49
dns-list 1.1.1.3
进入接口2.2:dhcp select global
三号路由器:
dhcp enable
ip pool n1
network 192.168.1.64 mask 28
gateway-list 192.168.1.65
dns-list 1.1.1.3
进入接口2.1:dhcp select global
ip pool n2
network 192.168.1.80 mask 28
gateway-list 192.168.1.81
dns-list 1.1.1.3
进入接口2.2:dhcp select global6.配置NAT实现外网访问,设置端口映射实现服务器链接
五号路由器:
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.255.255
[r5-acl-basic-2000]q
[r5]interface g0/0/0
[r5-GigabitEthernet0/0/2]nat outbound 2000
[r5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 inside 192.168.1.90 80
Are you sure to continue?[Y/N]:y7.配置优先级实现链路切换
四号路由器:
ip route-static 0.0.0.0 0 192.168.1.18 p 61
五号路由器:
ip route-static 192.168.1.12 30 192.168.1.17 p 61
ip route-static 192.168.1.8 30 192.168.1.17 p 61
ip route-static 192.168.1.0 30 192.168.1.17 p 61
ip route-static 192.168.1.4 30 192.168.1.17 p 61
ip route-static 192.168.1.32 27 192.168.1.17 p 61
ip route-static 192.168.1.32 27 192.168.1.17 p 61
ip route-static 192.168.1.64 27 192.168.1.17 p 618.配置ACL实现全网仅R1可以telnet登录R2
创建账号lisi,密码10086
[r2]aaa
[r2-aaa]local-user lisi privilege level 15 password cipher 10086
[r2-aaa]local-user lisi service-type telnet
[r2-aaa]q
调用账号
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
配置ACL访问控制
[r2]acl 3001(拒绝除R1以外所有的路由器访问23端口)
[r2-acl-basic-3001]rule deny tcp source 192.168.1.6 0 destination 192.168.1.2 0 destination-port eq 23
[r2-acl-basic-3001]rule deny tcp source 192.168.1.10 0 destination 192.168.1.2 0 destination-port eq 23
[r2-acl-basic-3001]rule deny tcp source 192.168.1.22 0 destination 192.168.1.2 0 destination-port eq 23
[r2-acl-basic-3001]rule deny tcp source 192.168.1.14 0 destination 192.168.1.2 0 destination-port eq 23
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3001
三·实验效果展示
1、PC1/3为划分到VLAN2,PC2/4/HTTP 服务器划分到VLAN3;PC1-4通过DHCP自动获取ip地址;
以上为vlan划分
这里为DHCP自动获取的IP地址
2、1000M链路故障时自动切换到100m链路,整个网络仅使用静态路由协议;
这里我将1000m链路断开看是否会使用100m链路,成果如下:
1000m链路断开后使用100m链路优先级为61
3、PC1—PC4均可ping通PC5,同时PC5可以通过域名www.beixin.com来访问http服务器;
这里PC5的IP地址为1.1.1.1然后使用PC1—PC4pingPC5成果如下:
PC5通过域名www.beixin.com访问http服务器成果如下:
4、全网仅R1可以telnet登录R2
R1可以访问R2并且登录R2,具体结果如下:
R3,4,5不可以登录R2,具体结果如下:
