HCIA综合实验

一.实验需求

1.ISP路由器仅配置IP地址

2.内部网络基于192.168.1.0/24网段进行IP划分

3.R1/R2之间使用OSPF做到内网全通，单区域

4.PC1-PC4使用DHCP获取地址

5.PC2-PC4可以访问PC5；PC1不行

6.R2出口只有一个公网IP

7.test-2设备可以登录到内网服务器；test-1不行

二.实验操作

1.搭建拓扑图

 2.分配IP

192.168.1.0/26---R1与R2间网段

R1下区域：

192.168.1.64/28---vlan2

192.168.1.80/28---vlan3

192.168.1.96/28---vlan4

R2下区域：

192.168.1.128/27---vlan2

192.168.1.160/27---vlan3

3.配置交换机

[SW1]vlan 2
[SW1-vlan2]q
[SW1]vlan 3
[SW1-vlan3]q
[SW1]vlan 4
[SW1-vlan4]q
[SW1]int g 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 2
[SW1-GigabitEthernet0/0/2]int g 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access 	
[SW1-GigabitEthernet0/0/3]port default vlan 3
[SW1-GigabitEthernet0/0/3]int g 0/0/4	
[SW1-GigabitEthernet0/0/4]port link-type access 	
[SW1-GigabitEthernet0/0/4]port default vlan 4
[SW1-GigabitEthernet0/0/4]int g 0/0/1	
[SW1-GigabitEthernet0/0/1]port link-type trunk 		
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 4
[SW1-GigabitEthernet0/0/1]q
[SW2]vlan 2
[SW2-vlan2]q
[SW2]vlan 3
[SW2-vlan3]q
[SW2]int g 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access 	
[SW2-GigabitEthernet0/0/2]port default vlan 2
[SW2-GigabitEthernet0/0/2]	int g 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access 	
[SW2-GigabitEthernet0/0/3]port default vlan 3
[SW2-GigabitEthernet0/0/3]int g 0/0/1	
[SW2-GigabitEthernet0/0/1]port link-type trunk 	
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan  2 3
[SW2-GigabitEthernet0/0/1]q

4.配置R1、R2、Telnet Server 、test-1、test-2IP并激活R1,R2子接口vlan

R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.1 26
[R1-GigabitEthernet0/0/1]q
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]q
[R1]int g 0/0/0.1
[R1-GigabitEthernet0/0/0.1]ip add 192.168.1.65 28
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]arp broadcast enable 
[R1-GigabitEthernet0/0/0.1]q
[R1]int g 0/0/0.2
[R1-GigabitEthernet0/0/0.2]ip add 192.168.1.81 28	
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[R1-GigabitEthernet0/0/0.2]arp broadcast enable 
[R1-GigabitEthernet0/0/0.2]q
[R1]int g 0/0/0.3
[R1-GigabitEthernet0/0/0.3]ip add 192.168.1.97 28
[R1-GigabitEthernet0/0/0.3]dot1q termination vid 4]	
[R1-GigabitEthernet0/0/0.3]arp broadcast enable 
[R1-GigabitEthernet0/0/0.3]q


[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.1.2 26
[R2-GigabitEthernet0/0/0]q
[R2]int g 0/0/1.1
[R2-GigabitEthernet0/0/1.1]ip add 192.168.1.129 27
[R2-GigabitEthernet0/0/1.1]dot1q termination vid 2
[R2-GigabitEthernet0/0/1.1]arp broadcast enable 
[R2-GigabitEthernet0/0/1.1]q
[R2]int g 0/0/1.2
[R2-GigabitEthernet0/0/1.2]ip add 192.168.1.161 27
[R2-GigabitEthernet0/0/1.2]dot1q termination vid 3	
[R2-GigabitEthernet0/0/1.2]arp broadcast enable 
[R2-GigabitEthernet0/0/1.2]q
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]ip add 23.1.1.1 24
[R2-GigabitEthernet0/0/2]q


[ISP]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip add 23.1.1.2 24
[ISP-GigabitEthernet0/0/0]q
[ISP]int g 0/0/1
[ISP-GigabitEthernet0/0/1]ip add 1.1.1.1 24
[ISP-GigabitEthernet0/0/1]


[Telnet Server]int g 0/0/0
[Telnet Server-GigabitEthernet0/0/0]ip add 192.168.1.98 28

[test-1]int g 0/0/0
[test-1-GigabitEthernet0/0/0]ip add 1.1.1.2 24

[test-2]int g 0/0/0
[test-2-GigabitEthernet0/0/0]ip add 1.1.1.3 24

5.配置OSPF

[R1]ospf 1 router-id 1.1.1.1	
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.65 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.81 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.97 0.0.0.0
[R1-ospf-1-area-0.0.0.0]q
[R1-ospf-1]q

[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.129 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.161 0.0.0.0
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]q

6.配置DHCP

[R1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip pool 1
Info: It's successful to create an IP address pool.	
[R1-ip-pool-1]network 192.168.1.64 mask 28
[R1-ip-pool-1]gateway-list 192.168.1.65
[R1-ip-pool-1]q
[R1]ip pool 2	
[R1-ip-pool-2]network 192.168.1.80 mask 28
[R1-ip-pool-2]gateway-list 192.168.1.81
[R1-ip-pool-2]q
[R1]int g 0/0/0.1	
[R1-GigabitEthernet0/0/0.1]dhcp select global 
[R1-GigabitEthernet0/0/0.1]int g 0/0/0.2	
[R1-GigabitEthernet0/0/0.2]dhcp select global 
[R1-GigabitEthernet0/0/0.2]q


[R2]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R2]ip pool 1
Info: It's successful to create an IP address pool.
[R2-ip-pool-1]network 192.168.1.128 mask 27
[R2-ip-pool-1]gateway-list 192.168.1.129
[R2-ip-pool-1]q
[R2]q
[R2]ip pool 2
Info: It's successful to create an IP address pool.	
[R2-ip-pool-2]network 192.168.1.160 mask 27
[R2-ip-pool-2]gateway-list 192.168.1.161
[R2-ip-pool-2]q
[R2]int g 0/0/1.1	
[R2-GigabitEthernet0/0/1.1]dhcp select global 
[R2-GigabitEthernet0/0/1.1]int g 0/0/1.2	
[R2-GigabitEthernet0/0/1.2]dhcp select global 
[R2-GigabitEthernet0/0/1.2]q

7.PC1-PC4获取IP

 

 

 

 8.PC1来ping各PC检测连通性

 

 

 9.配置acl

[R1]acl 3000	
[R1-acl-adv-3000]rule deny ip source 192.168.1.64 0.0.0.15 destination 1.1.1.100
 0.0.0.0
[R1-acl-adv-3000]q
[R1]int g 0/0/0.1	
[R1-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000
[R1-GigabitEthernet0/0/0.1]q

 检测由PC1pingPC5

 PC2pingPC5

PC3pingPC5

 

PC4pingPC5

 

检验无误

10.配置R2 acl以及nat

[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]nat outbound 2000
[R2-GigabitEthernet0/0/2]q
[R2]ip route-static 0.0.0.0 0 23.1.1.2
[R2]ospf 1
[R2-ospf-1]default-route-advertise 
[R2-ospf-1]q
[R2]int g 0/0/2	
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telnet
 inside 192.168.1.98 telnet 
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[R2-GigabitEthernet0/0/2]q

11.开启telnet并配置缺省路由

[Telnet Server]user-interface vty 0 4
[Telnet Server-ui-vty0-4]authentication-mode aaa
[Telnet Server-ui-vty0-4]q
[Telnet Server]aaa
[Telnet Server-aaa]local-user huawei password cipher 123456
Info: Add a new user.	
[Telnet Server-aaa]local-user huawei privilege level 15	
[Telnet Server-aaa]local-user huawei service-type telnet
[Telnet Server-aaa]q

	
[Telnet Server]ip route-static 0.0.0.0 0 192.168.1.97

12配置.test-1与test-2并登录telnet检验

[test-1]ip route-static 23.1.1.1 32 1.1.1.1
[test-1]q
[test-2]ip route-static 23.1.1.1 32 1.1.1.1

<test-2>telnet 23.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 23.1.1.1 ...
  Connected to 23.1.1.1 ...

Login authentication


Username:huawei
Password:
  ----------------------------------------------------------------------------- 
    
  User last login information:     
  -----------------------------------------------------------------------------
  Access Type: Telnet      
  IP-Address : 1.1.1.2     
  Time       : 2023-05-16 21:52:43-08:00     
  -----------------------------------------------------------------------------
<Telnet Server>q



<test-1>telnet 23.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 23.1.1.1 ...
  Connected to 23.1.1.1 ...

Login authentication


Username:huawei
Password:
Error: Local authentication is rejected.

  Logged Fail!

Username:huawei
Password:
<Telnet Server>q

13.配置R2acl使test-1不能登录telnet

R2]acl 3000
[R2-acl-adv-3000]rule deny tcp source 1.1.1.2 0 destination-port eq 23
[R2-acl-adv-3000]q
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000
[R2-GigabitEthernet0/0/2]q

检验

 三.完成实验，各要求均完成