HCIA综合实验

一、实验要求

1、AR6理解为ISP设备，所连接的两个网段为公网；R1-R5构建为一个私有的局域网；

2、AR6上只能进行ip地址配置，之后不得对该路由器进行其他任何配置

3、公网范围IP地址已经指定，剩余R1-R5整个私网使用192.168.1.0/24进行合理分配

4、PC1/3为划分到VLAN2，PC2/4/HTTP 服务器划分到VLAN3；PC1-4通过DHCP自动获取ip地址；

5、所有路由器路由表应尽量控制减少，预防出现环路，所有选路均为最佳路径；R4与R5之间正常使用1000M链路，1000M链路故障时自动切换到100m链路，整个网络仅使用静态路由协议；

6、PC1—PC4均可ping通PC5，同时PC5可以通过域名www.beixin.com来访问http服务器；

7、全网仅R1可以telnet登录R2

二、搭建拓扑图，并划分网段

 由实验要求可知，实验过程中需要一个骨干链路和一个DHCP，其中骨干链路需要6个网段，DHCP需要两个

网段划分如下：

192.168.1.0/25

192.168.1.0/25

 192.168.1.16/28
 192.168.1.32/28
 192.168.1.48/28
 192.168.1.64/28
 192.168.1.80/28
 192.168.1.96/28

192.168.1.128/25

  192.168.1.128/26
       192.168.1.128/27
       192.168.1.160/27
   192.168.1.192/26
       192.168.1.192/27
       192.168.1.224/27

三、配置各路由器IP，并配置交换机，R1、R3分别创建子接口，并使用DHCP为PC下放IP

配置路由器IP

[r1]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.17 28
[r1-GigabitEthernet0/0/1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.33 28

[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.1.18 28
[r2-GigabitEthernet0/0/0]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip add 192.168.1.65 28

[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 192.168.1.34 28
[r3-GigabitEthernet0/0/1]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add 192.168.1.49 28

[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 192.168.1.66 28
[r4-GigabitEthernet0/0/0]int g0/0/1
[r4-GigabitEthernet0/0/1]ip add 192.168.1.50 28
[r4-GigabitEthernet0/0/1]int g4/0/0
[r4-GigabitEthernet4/0/0]ip add 192.168.1.81 28
[r4-GigabitEthernet4/0/0]int g0/0/2
[r4-GigabitEthernet0/0/2]ip add 192.168.1.97 28

[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]ip add 192.168.1.82 28
[r5-GigabitEthernet0/0/1]int g0/0/0
[r5-GigabitEthernet0/0/0]ip add 192.168.1.98 28
[r5-GigabitEthernet0/0/0]int g 0/0/2
[r5-GigabitEthernet0/0/2]ip add 12.1.1.1 24

[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r6-GigabitEthernet0/0/0]int g 0/0/1
[r6-GigabitEthernet0/0/1]ip add 1.1.1.1 24

  R1、R3配置子接口

[r1-GigabitEthernet0/0/1.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/1.1]ip add 192.168.1.129 27
[r1-GigabitEthernet0/0/1.1]q
[r1]int g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/1.2]ip add 192.168.1.161 27
[r1-GigabitEthernet0/0/1.2]

[r3]int g0/0/1.1
[r3-GigabitEthernet0/0/1.1]dot1q termination vid 2
[r3-GigabitEthernet0/0/1.1]arp broadcast enable
[r3-GigabitEthernet0/0/1.1]int g0/0/1.2
[r3-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r3-GigabitEthernet0/0/1.2]ip add 192.168.1.225 27
[r3-GigabitEthernet0/0/1.2]
[r3-GigabitEthernet0/0/1.2]arp    
[r3-GigabitEthernet0/0/1.2]arp broadcast enable

配置交换机

[sw1]vlan batch  2 to 3

[sw1-Ethernet0/0/1]port link-type access 

[sw1-Ethernet0/0/1]port default vlan 2

[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 3
[sw1-GigabitEthernet0/0/2]port link-type trunk

[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3

[sw2]vlan batch  2 to 3

[sw2-Ethernet0/0/1]p l a
[sw2-Ethernet0/0/1]p d v 2
[sw2-Ethernet0/0/2]p l a
[sw2-Ethernet0/0/3]p l a
[sw2-port-group]p d v 3
[sw2-Ethernet0/0/2]p d v 3
[sw2-Ethernet0/0/3]p d v 3
[sw2-GigabitEthernet0/0/2]port link-type trunk
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3

DHCP下放IP

[r1]dhcp enable
[r1]ip pool 1
[r1-ip-pool-1]network 192.168.1.128 mask 27
[r1-ip-pool-1]gateway-list 192.168.1.129[r1-ip-pool-1]dns-list 114.114.114.114
[r1-ip-pool-1]q
[r1]ip pool 2
[r1-ip-pool-2]network 192.168.1.160 mask 27
[r1-ip-pool-2]gateway-list 192.168.1.161
[r1-ip-pool-2]dns-list 114.114.114.114
[r1-ip-pool-2]q
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]dhcp select global
[r1-GigabitEthernet0/0/1.1]q
[r1]int g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dhcp select global
[r1-GigabitEthernet0/0/1.2]arp broadcast enable
[r1-GigabitEthernet0/0/1.2]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]arp broadcast enable

[r3]dhcp enable 
[r3]ip pool 1
[r3-ip-pool-1]netbios-type
[r3-ip-pool-1]network 192.168.1.192 mask 27
[r3-ip-pool-1]gateway-list  192.168.1.193
[r3-ip-pool-1]dns-list 114.114.114.114
[r3-ip-pool-1]q
[r3]ip pool 2
[r3-ip-pool-2]network 192.168.1.224 mask 27
[r3-ip-pool-2]gateway-list 192.168.1.225
[r3-ip-pool-2]dns-list 114.114.114.114
[r3-ip-pool-2]q
[r3]int g0/0/1.1
[r3-GigabitEthernet0/0/1.1]dhcp select global
[r3-GigabitEthernet0/0/1.1]int g0/0/1.2
[r3-GigabitEthernet0/0/1.2]dhcp select global

四、配置静态，R4与R5之间正常使用1000M链路，1000M链路故障时自动切换到100m链路

[r4]ip route-static 0.0.0.0 0 192.168.1.82
[r4]ip route-static 0.0.0.0 0 192.168.1.98 preference 70

五、给pc5、PAD、DNS手动添加IP，PC1—PC4均可ping通PC5

六、全网仅R1可以telnet登录R2

[r2-acl-adv-3000]rule deny tcp source any destination 192.168.1.65 0.0.0.0 destination-port eq 23
[r2-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[r1-acl-adv-3000]rule deny tcp source any destination 192.168.1.33 0.0.0.0 destination-port eq 23
[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

七、PC5可以通过域名www.beixin.com来访问http服务器

[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80
inside 192.168.1.127 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y