HCNA综合实验

原创

五柳狂少 2019-08-02 18:53:56 ©著作权

©著作权归作者所有：来自51CTO博客作者五柳狂少的原创作品，如需转载，请与作者联系，否则将追究法律责任

																												   作者：五柳狂少
		我们先来看拓扑需求

1.SW1 和 SW2 之间的直连链路配置链路聚合 2.公司内部业务网段为 Vlan10 和 Vlan20；Vlan10 是市场部，Vlan20 是技术部，要求对 Vlan 进行命名以便识别；PC1 属于 Vlan10，PC2 属于 Vlan20，Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居；Vlan111 为 SW1 和 R1 的互联 Vlan，Vlan222 为 SW2 和 R2 的互联 Vlan 3.所有交换机相连的端口配置为 Trunk，允许相关流量通过 4.交换机连接 PC 的端口配置为边缘端口 5.按图示分区域配置 OSPF 实现公司内部网络全网互通，ABR 的环回口宣告进骨干区域；业务网段不允许出现协议报文 6.R1 上配置默认路由指向互联网，并引入到 OSPF 7.R1 通过双线连接到互联网，配置 PPP-MP，并配置双向 chap 验证 8.配置 EASY IP，只有业务网段 192.168.1.0/24 和 192.168.2.0/24 的数据流可以通过 R1 访问互联网 9.R1 开启 TELNET 远程管理，使用用户 abc 登录，密码 abc，只允许技术部远程管理 R1

实验过程： SW3: interface Ethernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20

interface Ethernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20

interface Ethernet0/0/3 port link-type access port default vlan 10

interface Ethernet0/0/4 port link-type access port default vlan 20 vlan 10 description jsb //打上VLAN注释 vlan 20 description cwb //打上VLAN注释

SW1: interface Vlanif10 ip address 192.168.1.254 255.255.255.0

interface Vlanif20 ip address 192.168.2.253 255.255.255.0

interface Vlanif30 ip address 10.1.21.11 255.255.255.0

interface Vlanif111 ip address 10.1.11.11 255.255.255.0

interface GigabitEthernet0/0/1 port link-type access port default vlan 111

interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20

OSPF配置 ospf 1 router-id 10.1.1.1 silent-interface GigabitEthernet0/0/2 //静默接口不让OSPF报文在这个接口下传输 area 0.0.0.1 network 192.168.1.254 0.0.0.0 network 192.168.2.253 0.0.0.0 network 10.1.11.11 0.0.0.0 network 10.1.21.11 0.0.0.0 network 10.1.1.1 0.0.0.0

Rth配置 interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 to 222 //让这一条聚合链路可以通过VLAN

SW2：接口配置 interface Vlanif10 ip address 192.168.1.253 255.255.255.0

interface Vlanif20 ip address 192.168.2.254 255.255.255.0

interface Vlanif30 ip address 10.1.21.22 255.255.255.0

interface Vlanif222 ip address 10.1.22.22 255.255.255.0 interface Eth-Trunk1 //聚合链路 port link-type trunk port trunk allow-pass vlan 10 to 222

interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2 port link-type access

interface GigabitEthernet0/0/3 eth-trunk 1 interface GigabitEthernet0/0/4 eth-trunk 1

OSPF配置 ospf 1 router-id 10.2.2.2 silent-interface GigabitEthernet0/0/1 area 0.0.0.1 network 192.168.1.253 0.0.0.0 network 192.168.2.254 0.0.0.0 network 10.1.21.22 0.0.0.0 network 10.1.22.22 0.0.0.0 network 10.2.2.2 0.0.0.0

AR1： ACL配置 acl number 2000 //这个ACL是针对nat的 rule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255 rule 15 deny acl number 2005 //这个ACL是针对TELNET rule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255

接口配置 interface GigabitEthernet0/0/0 ip address 10.1.12.1 255.255.255.0

interface GigabitEthernet0/0/1 ip address 10.1.11.1 255.255.255.0

interface GigabitEthernet0/0/2 ip address 10.1.13.1 255.255.255.0 interface LoopBack0 ip address 1.1.1.1 255.255.255.255

//利用PPP做chan双向认证 interface Serial1/0/0 link-protocol ppp ppp authentication-mode chap ppp chap user zzw ppp chap password cipher 123 ppp mp Mp-group 0/0/1

interface Serial1/0/1 link-protocol ppp ppp authentication-mode chap ppp chap user zzw ppp chap password cipher 123 ppp mp Mp-group 0/0/1

interface Mp-group0/0/1 ip address 202.100.1.1 255.255.255.0 nat outbound 2000 //ppp模式下的聚合

//远程登陆 user-interface vty 0 4 acl 2005 inbound authentication-mode aaa

OSPF配置 ospf 1 router-id 1.1.1.1 default-route-advertise //引入缺省路由到OSPF里面 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.12.1 0.0.0.0 network 10.1.13.1 0.0.0.0 area 0.0.0.1 network 10.1.11.1 0.0.0.0

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2

AR2 接口配置 g0/0/0:10.1.12.2/24 g0/0/1:10.1.23.2/24 g0/0/2:10.1.22.2/24 lo0:2.2.2.2/32

OSPF配置 ospf 1 router-id 2.2.2。2 default-route-advertise //引入缺省路由到OSPF里面 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.12.2 0.0.0.0 network 10.1.23.2 0.0.0.0 area 0.0.0.1 network 10.1.22.2 0.0.0.

AR3 接口配置 interface GigabitEthernet0/0/0 ip address 192.168.3.254 255.255.255.0

interface GigabitEthernet0/0/1 ip address 10.1.23.3 255.255.255.0

interface GigabitEthernet0/0/2 ip address 10.1.13.3 255.255.255.0

interface LoopBack0 ip address 3.3.3.3 255.255.255.255

OSPF配置 ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.13.3 0.0.0.0 network 10.1.23.3 0.0.0.0 network 192.168.3.254 0.0.0.0

AR Internet interface Mp-group0/0/1 ip address 202.100.1.2 255.255.255.0

interface Serial1/0/0 link-protocol ppp ppp authentication-mode chap ppp chap user zzw ppp chap password cipher 123 ppp mp Mp-group 0/0/1

interface Serial1/0/1 link-protocol ppp ppp authentication-mode chap ppp chap user zzw ppp chap password cipher 123 ppp mp Mp-group 0/0/1 interface LoopBack0 ip address 100.1.1.1 255.255.255.255