HCLA綜合實驗
- 一、實驗題目
- 1、IP地址規劃及拓撲搭建
- 2、劃分vlan
- 3、在子介面上配置DHCP
- 4、在R1和R2上啟動ospf協議
- 5、配置trunk干道
- 6、現在在路由器R1、R2上設定telnet登錄
- 7、R1上設定策略:
- 7、通過公有IP12.1.1.1使得PC1-PC4可以訪問PC5
- 8、通過client通過域名訪問httpserver
- 9、ISP路由telnet12.1.1.1登錄到r1
一、實驗題目
1、IP地址規劃及拓撲搭建
2、劃分vlan
以R1為例:
[Huawei]interface GigabitEthernet0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]ip address 192.168.1.65 27
[Huawei-GigabitEthernet0/0/1.1]Q
[Huawei]interface GigabitEthernet 0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]ip address 192.168.1.97 27
創建vlan2 vlan3,將兩臺pc劃入vlan2中,將http服務器劃入vlan3中;
以LSW1為例:
[Huawei]vlan 2
[Huawei-vlan2]vlan 3
[Huawei-vlan3]q
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 2
[Huawei]interface Ethernet 0/0/4
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-Ethernet0/0/4]port default vlan 3
3、在子介面上配置DHCP
以R1為例:
[Huawei]dhcp enable
[Huawei]ip pool a
Info:It’s successful to create an IP address pool.
[Huawei-ip-pool-a]network 192.168.1.64 mask 27
[Huawei-ip-pool-a]gateway-list 192.168.1.65
[Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[Huawei]ip pool b
Info:It’s successful to create an IP address pool.
[Huawei-ip-pool-a]network 192.168.1.96 mask 27
[Huawei-ip-pool-a]gateway-list 192.168.1.97
[Huawei-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
開啟該dhcp服務:
[Huawei]interface GigabitEthernet0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]dhcp select global
[Huawei]interface GigabitEthernet0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]dhcp select global
路由器R2的配置與上面相同,
4、在R1和R2上啟動ospf協議
在R1上配置如下:
[Huawei]ospf 1 router-id 192.168.1.1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
在R2上配置如下:
[R2]ospf 1 router-id 192.168.1.129
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
5、配置trunk干道
[LSW1]interface Ethernet 0/0/1
[LSW1-Ethernet0/0/1]port link-type trunk
[LSW1-Ethernet0/0/1]port trunk allow-pass vlan all
[LSW2]interface GigabitEthernet 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
配置到現在pc1已經可以ping通pc3和pc4了;
6、現在在路由器R1、R2上設定telnet登錄
[r1]aaa
[r1-aaa]local-user chen privilege level 15 password cipher 123456
[r1-aaa]local-user chen service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r2]aaa
[r2-aaa]local-user yu privilege level 15 password cipher 123456
[r2-aaa]local-user yu service-type telnet
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
7、R1上設定策略:
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.1 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.65 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.97 0 destination-port eq 23
然后在介面上呼叫該命令
[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
注:由于華為模擬器的pc不支持telnet所以我們通過路由器模擬pc
在路由器上設定網關,并且配置靜態路由使得模仿pc的路由器可以ping通內網的所有埠;
到了這一步已經完成了該實驗的前五項要求了;
7、通過公有IP12.1.1.1使得PC1-PC4可以訪問PC5
[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
在R2上寫一條預設路由
[r2]ip route-static 0.0.0.0 0.0.0.0 1.1.1.0
這樣PC1-PC4就可以訪問PC5
8、通過client通過域名訪問httpserver
服務器填寫如下:
DNS配置如下:
client配置如下:
在內網中的服務器進行埠映射;
在r2上配置如下:
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.98 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
這樣配置了以后就可以通過client通過域名訪問httpserver
9、ISP路由telnet12.1.1.1登錄到r1
6、的時候已經在r1和r2上設定的telnet登錄服務,所以通過先登錄12.1.1.1登錄在r2路由器上,再通過r2路由器登錄r1路由器;
實驗到此結束
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/273767.html
標籤:其他
上一篇:面試記錄貼
下一篇:華為杯題A細胞分解