HCNA综合实验（hcna综合实验二）

HCNA综合实验（hcna综合实验二）

作者：五柳狂少 我们先来看拓扑需求

1.SW1 和 SW2 之间的直连链路配置链路聚合2.公司内部业务网段为 Vlan10 和 Vlan20；Vlan10 是市场部，Vlan20 是技术部，要求对 Vlan 进行命名以便识别；PC1 属于 Vlan10，PC2 属于 Vlan20，Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居；Vlan111 为 SW1 和 R1 的互联 Vlan，Vlan222 为 SW2 和 R2 的互联 Vlan3.所有交换机相连的端口配置为 Trunk，允许相关流量通过4.交换机连接 PC 的端口配置为边缘端口5.按图示分区域配置 OSPF 实现公司内部网络全网互通，ABR 的环回口宣告进骨干区域；业务网段不允许出现协议报文6.R1 上配置默认路由指向互联网，并引入到 OSPF7.R1 通过双线连接到互联网，配置 PPP-MP，并配置双向 chap 验证8.配置 EASY IP，只有业务网段 192.168.1.0/24 和 192.168.2.0/24 的数据流可以通过 R1 访问互联网9.R1 开启 TELNET 远程管理，使用用户 abc 登录，密码 abc，只允许技术部远程管理 R1

实验过程：SW3:interface Ethernet0/0/1port link-type trunkport trunk allow-pass vlan 10 20

interface Ethernet0/0/2port link-type trunkport trunk allow-pass vlan 10 20

interface Ethernet0/0/3port link-type accessport default vlan 10

interface Ethernet0/0/4port link-type accessport default vlan 20vlan 10description jsb //打上VLAN注释vlan 20description cwb //打上VLAN注释

SW1:interface Vlanif10ip address 192.168.1.254 255.255.255.0

interface Vlanif20ip address 192.168.2.253 255.255.255.0

interface Vlanif30ip address 10.1.21.11 255.255.255.0

interface Vlanif111ip address 10.1.11.11 255.255.255.0

interface GigabitEthernet0/0/1port link-type accessport default vlan 111

interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 10 20

OSPF配置ospf 1 router-id 10.1.1.1silent-interface GigabitEthernet0/0/2 //静默接口 不让OSPF报文在这个接口下传输area 0.0.0.1network 192.168.1.254 0.0.0.0network 192.168.2.253 0.0.0.0network 10.1.11.11 0.0.0.0network 10.1.21.11 0.0.0.0network 10.1.1.1 0.0.0.0

Rth配置interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 10 to 222 //让这一条聚合链路可以通过VLAN

SW2：接口配置interface Vlanif10ip address 192.168.1.253 255.255.255.0

interface Vlanif20ip address 192.168.2.254 255.255.255.0

interface Vlanif30ip address 10.1.21.22 255.255.255.0

interface Vlanif222ip address 10.1.22.22 255.255.255.0interface Eth-Trunk1 //聚合链路port link-type trunkport trunk allow-pass vlan 10 to 222

interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2port link-type access

interface GigabitEthernet0/0/3eth-trunk 1interface GigabitEthernet0/0/4eth-trunk 1

OSPF配置ospf 1 router-id 10.2.2.2silent-interface GigabitEthernet0/0/1area 0.0.0.1network 192.168.1.253 0.0.0.0network 192.168.2.254 0.0.0.0network 10.1.21.22 0.0.0.0network 10.1.22.22 0.0.0.0network 10.2.2.2 0.0.0.0

AR1：ACL配置acl number 2000 //这个ACL是针对nat的rule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255 rule 15 deny acl number 2005 //这个ACL是针对TELNETrule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255

接口配置interface GigabitEthernet0/0/0ip address 10.1.12.1 255.255.255.0

interface GigabitEthernet0/0/1ip address 10.1.11.1 255.255.255.0

interface GigabitEthernet0/0/2ip address 10.1.13.1 255.255.255.0 interface LoopBack0ip address 1.1.1.1 255.255.255.255

//利用PPP做chan双向认证interface Serial1/0/0link-protocol pppppp authentication-mode chap ppp chap user zzwppp chap password cipher 123ppp mp Mp-group 0/0/1

interface Serial1/0/1link-protocol pppppp authentication-mode chap ppp chap user zzwppp chap password cipher 123ppp mp Mp-group 0/0/1

interface Mp-group0/0/1ip address 202.100.1.1 255.255.255.0 nat outbound 2000//ppp模式下的聚合

//远程登陆user-interface vty 0 4acl 2005 inboundauthentication-mode aaa

OSPF配置ospf 1 router-id 1.1.1.1 default-route-advertise //引入缺省路由 到OSPF里面area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.12.1 0.0.0.0 network 10.1.13.1 0.0.0.0 area 0.0.0.1 network 10.1.11.1 0.0.0.0

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2

AR2接口配置g0/0/0:10.1.12.2/24g0/0/1:10.1.23.2/24g0/0/2:10.1.22.2/24lo0:2.2.2.2/32

OSPF配置ospf 1 router-id 2.2.2。2default-route-advertise //引入缺省路由 到OSPF里面area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.12.2 0.0.0.0 network 10.1.23.2 0.0.0.0 area 0.0.0.1 network 10.1.22.2 0.0.0.

AR3接口配置interface GigabitEthernet0/0/0ip address 192.168.3.254 255.255.255.0

interface GigabitEthernet0/0/1ip address 10.1.23.3 255.255.255.0

interface GigabitEthernet0/0/2ip address 10.1.13.3 255.255.255.0

interface LoopBack0ip address 3.3.3.3 255.255.255.255

OSPF配置ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.13.3 0.0.0.0 network 10.1.23.3 0.0.0.0 network 192.168.3.254 0.0.0.0

AR Internetinterface Mp-group0/0/1ip address 202.100.1.2 255.255.255.0

interface Serial1/0/0link-protocol pppppp authentication-mode chap ppp chap user zzwppp chap password cipher 123ppp mp Mp-group 0/0/1

interface Serial1/0/1link-protocol pppppp authentication-mode chap ppp chap user zzwppp chap password cipher 123ppp mp Mp-group 0/0/1interface LoopBack0ip address 100.1.1.1 255.255.255.255

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。