HCIA-经典综合实验(一)
经典综合实验(一)
- 实验拓扑
- 配置步骤
-
- 第一步:配置二层VLAN
- 第二步:配置IP地址
- 第三步:配置DHCP服务
- 第四步:配置路由协议OSPF
- 第五步:配置ACL+NAT+Telnet
- 配置验证
-
- 测试PC1能不能telnet登录到R1
- 测试所有PC是否都可以ping通公网
- 华为模拟器如何配置通过域名访问服务器
- 测试ISP是否可以成功telnet登录到R1
实验拓扑
配置步骤
第一步:配置二层VLAN
SW5
sysname SW5
#
undo info-center enable
#
vlan batch 40 50
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 40 50
SW6
sysname SW6
#
undo info-center enable
#
vlan batch 10 20 30
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 10 20 30
第二步:配置IP地址
R1
sysname R1
#
interface GigabitEthernet0/0/0
ip address 192.168.12.1 255.255.255.0
# //配置单臂路由
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip address 192.168.10.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 20
ip address 192.168.20.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.30
dot1q termination vid 30
ip address 192.168.30.254 255.255.255.0
arp broadcast enable
R2
sysname R2
#
interface GigabitEthernet0/0/0
ip address 192.168.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2.40
dot1q termination vid 40
ip address 192.168.40.254 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2.50
dot1q termination vid 50
ip address 192.168.50.254 255.255.255.0
arp broadcast enable
ISP
sysname ISP
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 202.1.1.254 255.255.255.0
PC1
sysname PC1
#
dhcp enable
#
interface GigabitEthernet0/0/0
ip address dhcp-alloc
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.254
PC2
sysname PC2
#
dhcp enable
#
interface GigabitEthernet0/0/0
ip address dhcp-alloc
#
ip route-static 0.0.0.0 0.0.0.0 192.168.20.254
第三步:配置DHCP服务
R1
dhcp enable
#
ip pool VLAN10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.230 192.168.10.253
lease day 2 hour 0 minute 0
#
ip pool VLAN20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.230 192.168.20.253
lease day 2 hour 0 minute 0
#
interface GigabitEthernet0/0/1.10
dhcp select global
#
interface GigabitEthernet0/0/1.20
dhcp select global
R2
dhcp enable
#
ip pool VLAN40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.230 192.168.40.253
lease day 2 hour 0 minute 0
#
ip pool VLAN50
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
excluded-ip-address 192.168.50.230 192.168.50.253
lease day 2 hour 0 minute 0
#
interface GigabitEthernet0/0/2.40
dhcp select global
#
interface GigabitEthernet0/0/2.50
dhcp select global
第四步:配置路由协议OSPF
R1
ospf 1 router-id 1.1.1.1
area 0.0.0.0
authentication-mode md5 1 cipher wml
network 192.168.10.0 0.0.0.255
network 192.168.12.1 0.0.0.0
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
R2
ospf 1 router-id 2.2.2.2
default-route-advertise //通过OSPF给R1下发默认路由
area 0.0.0.0
authentication-mode md5 1 cipher wml
network 192.168.12.2 0.0.0.0
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
第五步:配置ACL+NAT+Telnet
R1
acl number 3000
//配置高级ACL来拒绝PC1访问R1的telnet功能
rule 5 deny tcp source 192.168.10.229 0 destination 192.168.10.254 0 destination-port eq telnet
rule 10 deny tcp source 192.168.10.229 0 destination 192.168.20.254 0 destination-port eq telne
rule 15 deny tcp source 192.168.10.229 0 destination 192.168.30.254 0 destination-port eq telne
rule 20 deny tcp source 192.168.10.229 0 destination 192.168.12.1 0 destination-port eq telnet
#
interface GigabitEthernet0/0/1
traffic-filter inbound acl 3000 //再R1的0/0/1接口的入方向调用此ACL
#
aaa //通过AAA的方式配置R1的telnet
local-user wml password cipher wml idle-timeout 100 0
local-user wml privilege level 15
local-user wml service-type telnet
#
user-interface vty 0 4
authentication-mode aaa
R2
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.30.0 0.0.0.255
rule 20 permit source 192.168.40.0 0.0.0.255
rule 25 permit source 192.168.50.0 0.0.0.255
#
interface GigabitEthernet0/0/1
//配置nat,让公网接口映射内网的web服务器
nat server protocol tcp global current-interface www inside 192.168.30.100 www
nat server protocol tcp global current-interface telnet inside 192.168.12.1 telnet
nat outbound 2000
# //配置默认路由,通过easy-IP的方式让内网的用户可以访问公网
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
配置验证
测试PC1能不能telnet登录到R1
PC1不允许telnet到R1
PC2允许telnet到R1
测试所有PC是否都可以ping通公网
其他PC1,PC3,PC4自行测试,是都可以正常访问的
华为模拟器如何配置通过域名访问服务器
启动本地WEB服务器
配置client的DNS域名服务器地址
启动DNS域名服务器,并且配置相关的域名和IP地址
弹出下面这个对话框则表示成功访问到WEB服务器
测试ISP是否可以成功telnet登录到R1
可以成功访问到R1
