hcip第一次作业

以下是本次作业的各个设置的配置命令,配置流程是先配交换机(VLAN 划分 + Trunk)→ 再配路由器接口 IP → 接着配路由协议(OSPF + 静态路由)→ 最后配 DHCP、NAT、ACL、Telnet 等业务。
SW1:<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30
[SW1]interface GigabitEthernet0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 20
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface GigabitEthernet0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 30
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all

SW2用于接入pc3,pc4
<Huawei>sys
[Huawei]sysname SW2
[SW2]vlan batch 40 50
[SW2]interface GigabitEthernet0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 40
[SW2-GigabitEthernet0/0/2]quit
[SW2]interface GigabitEthernet0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 50
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface GigabitEthernet0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]quit

SW3用于接入DNs,Client1,pc5
<Huawei>sys
[Huawei]sysname SW3
[SW3]vlan batch 60 70
[SW3]interface GigabitEthernet0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 60
[SW3-GigabitEthernet0/0/3]quit
[SW3]interface GigabitEthernet0/0/4
[SW3-GigabitEthernet0/0/4]port link-type access
[SW3-GigabitEthernet0/0/4]port default vlan 60
[SW3-GigabitEthernet0/0/4]quit
[SW3]interface GigabitEthernet0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 70
[SW3-GigabitEthernet0/0/2]quit
[SW3]interface GigabitEthernet0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW3-GigabitEthernet0/0/1]quit

路由器配置,其中ospf区域为r1,r2,r3
R1,链接sw1,dhcp分配vlan10/20/30地址
<Huawei>sys
[Huawei]sysname R1
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.67.1 255.255.255.0
[R1-GigabitEthernet0/0/0]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 172.16.64.1 255.255.255.0
[R1-GigabitEthernet0/0/1]quit
[R1]ip pool vlan10
[R1-ip-pool-vlan10]gateway-list 172.16.64.1 # 网关指向R1接口IP
[R1-ip-pool-vlan10]network 172.16.64.0 mask 255.255.255.0
[R1-ip-pool-vlan10]quit
[R1]ip pool vlan20
[R1-ip-pool-vlan20]gateway-list 172.16.65.1
[R1-ip-pool-vlan20]network 172.16.65.0 mask 255.255.255.0
[R1-ip-pool-vlan20]quit
[R1]ip pool vlan30
[R1-ip-pool-vlan30]gateway-list 172.16.66.1
[R1-ip-pool-vlan30]network 172.16.66.0 mask 255.255.255.0
[R1-ip-pool-vlan30]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]dhcp select global
[R1-GigabitEthernet0/0/1]quit
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.64.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]network 172.16.67.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]quit
[R1-ospf-1]quit

R2配置Area 0/Area 1,md5
<Huawei>sys
[Huawei]sysname R2
[R2]interface GigabitEthernet0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.67.2 255.255.255.0
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.0.1 255.255.255.0
[R2-GigabitEthernet0/0/1]quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.2.1 255.255.255.0
[R2-GigabitEthernet0/0/2]quit
[R2]ip pool vlan40
[R2-ip-pool-vlan40]gateway-list 172.16.0.1
[R2-ip-pool-vlan40]network 172.16.0.0 mask 255.255.255.0
[R2-ip-pool-vlan40]quit
[R2]ip pool vlan50
[R2-ip-pool-vlan50]gateway-list 172.16.1.1
[R2-ip-pool-vlan50]network 172.16.1.0 mask 255.255.255.0
[R2-ip-pool-vlan50]quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]dhcp select global
[R2-GigabitEthernet0/0/1]quit
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R2-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.67.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]quit

R3配置Area0,边界路由,nat+acl+静态路由
<Huawei>sys
[Huawei]sysname R3
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.2.2 255.255.255.0
[R3-GigabitEthernet0/0/0]quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1]ip address 172.16.29.1 255.255.255.0
[R3-GigabitEthernet0/0/1]quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 100.0.0.1 255.255.255.0
[R3-GigabitEthernet0/0/2]quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3]ip address 172.16.30.1 255.255.255.0
[R3-GigabitEthernet0/0/3]quit
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R3-ospf-1-area-0.0.0.0]network 172.16.2.2 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.29.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3]ospf priority 100
[R3-GigabitEthernet0/0/3]quit
[R3]ip route-static 0.0.0.0 0.0.0.0 100.0.0.2
[R3]acl number 2000
[R3-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.15.255
[R3-acl-basic-2000]rule 10 permit source 172.16.128.0 0.0.63.255
[R3-acl-basic-2000]quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]nat outbound 2000
[R3-GigabitEthernet0/0/2]quit
[R3]acl number 2001
[R3-acl-basic-2001]rule 5 deny source 172.16.0.0 0.0.0.255 # VLAN40
[R3-acl-basic-2001]rule 10 deny source 172.16.1.0 0.0.0.255 # VLAN50
[R3-acl-basic-2001]rule 15 permit
[R3-acl-basic-2001]quit
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0]traffic-filter outbound acl 2001
[R3-GigabitEthernet0/0/0]quit
[R3]acl number 3000
[R3-acl-adv-3000]rule 5 deny ip source 172.16.64.0 0.0.0.255 destination 172.16.128.128 0.0.0.127 # PC1→PC5
[R3-acl-adv-3000]rule 10 permit ip
[R3-acl-adv-3000]quit

允许telnet登录
[test]telnet server enable
[test]user-interface vty 0 4
[test-ui-vty0-4]authentication-mode password
[test-ui-vty0-4]set authentication password cipher 123456
[test-ui-vty0-4]user privilege level 3
[test-ui-vty0-4]quit

允许远程登录
[telnet-server]telnet server enable
[telnet-server]user-interface vty 0 4
[telnet-server-ui-vty0-4]authentication-mode password
[telnet-server-ui-vty0-4]set authentication password cipher 123456
[telnet-server-ui-vty0-4]user privilege level 3
[telnet-server-ui-vty0-4]quit

其中验证过程DHCP 验证:在 PC 上执行 ipconfig,确认获取对应 VLAN 网段 IP 和网关。
Telnet 验证:在 test 设备上执行 telnet 172.16.66.254,输入密码 123456,确认登录成功
ACL 验证:PC1 ping PC5(不通)、PC3 ping 业务 B 网段(不通),其他设备互通
NAT 验证:在 Client1 上 ping 100.0.0.2,在 R3 上执行 display nat session 查看转换记录。

以上就是本次配置的部分过程

[SW1-GigabitEthernet0/0/1]quit

©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容