hcip第一次作業(yè)

以下是本次作業(yè)的各個設(shè)置的配置命令,配置流程是先配交換機(VLAN 劃分 + Trunk)→ 再配路由器接口 IP → 接著配路由協(xié)議(OSPF + 靜態(tài)路由)→ 最后配 DHCP、NAT、ACL、Telnet 等業(yè)務(wù)。
SW1:<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 10 20 30
[SW1]interface GigabitEthernet0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 20
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface GigabitEthernet0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 30
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all

SW2用于接入pc3,pc4
<Huawei>sys
[Huawei]sysname SW2
[SW2]vlan batch 40 50
[SW2]interface GigabitEthernet0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 40
[SW2-GigabitEthernet0/0/2]quit
[SW2]interface GigabitEthernet0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 50
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface GigabitEthernet0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]quit

SW3用于接入DNs,Client1,pc5
<Huawei>sys
[Huawei]sysname SW3
[SW3]vlan batch 60 70
[SW3]interface GigabitEthernet0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 60
[SW3-GigabitEthernet0/0/3]quit
[SW3]interface GigabitEthernet0/0/4
[SW3-GigabitEthernet0/0/4]port link-type access
[SW3-GigabitEthernet0/0/4]port default vlan 60
[SW3-GigabitEthernet0/0/4]quit
[SW3]interface GigabitEthernet0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 70
[SW3-GigabitEthernet0/0/2]quit
[SW3]interface GigabitEthernet0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW3-GigabitEthernet0/0/1]quit

路由器配置,其中ospf區(qū)域為r1,r2,r3
R1,鏈接sw1,dhcp分配vlan10/20/30地址
<Huawei>sys
[Huawei]sysname R1
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.67.1 255.255.255.0
[R1-GigabitEthernet0/0/0]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 172.16.64.1 255.255.255.0
[R1-GigabitEthernet0/0/1]quit
[R1]ip pool vlan10
[R1-ip-pool-vlan10]gateway-list 172.16.64.1 # 網(wǎng)關(guān)指向R1接口IP
[R1-ip-pool-vlan10]network 172.16.64.0 mask 255.255.255.0
[R1-ip-pool-vlan10]quit
[R1]ip pool vlan20
[R1-ip-pool-vlan20]gateway-list 172.16.65.1
[R1-ip-pool-vlan20]network 172.16.65.0 mask 255.255.255.0
[R1-ip-pool-vlan20]quit
[R1]ip pool vlan30
[R1-ip-pool-vlan30]gateway-list 172.16.66.1
[R1-ip-pool-vlan30]network 172.16.66.0 mask 255.255.255.0
[R1-ip-pool-vlan30]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]dhcp select global
[R1-GigabitEthernet0/0/1]quit
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.64.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]network 172.16.67.1 0.0.0.0
[R1-ospf-1-area-0.0.0.1]quit
[R1-ospf-1]quit

R2配置Area 0/Area 1,md5
<Huawei>sys
[Huawei]sysname R2
[R2]interface GigabitEthernet0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.67.2 255.255.255.0
[R2-GigabitEthernet0/0/0]quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ip address 172.16.0.1 255.255.255.0
[R2-GigabitEthernet0/0/1]quit
[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2]ip address 172.16.2.1 255.255.255.0
[R2-GigabitEthernet0/0/2]quit
[R2]ip pool vlan40
[R2-ip-pool-vlan40]gateway-list 172.16.0.1
[R2-ip-pool-vlan40]network 172.16.0.0 mask 255.255.255.0
[R2-ip-pool-vlan40]quit
[R2]ip pool vlan50
[R2-ip-pool-vlan50]gateway-list 172.16.1.1
[R2-ip-pool-vlan50]network 172.16.1.0 mask 255.255.255.0
[R2-ip-pool-vlan50]quit
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]dhcp select global
[R2-GigabitEthernet0/0/1]quit
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R2-ospf-1-area-0.0.0.0]network 172.16.0.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.67.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]quit

R3配置Area0,邊界路由,nat+acl+靜態(tài)路由
<Huawei>sys
[Huawei]sysname R3
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.2.2 255.255.255.0
[R3-GigabitEthernet0/0/0]quit
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1]ip address 172.16.29.1 255.255.255.0
[R3-GigabitEthernet0/0/1]quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 100.0.0.1 255.255.255.0
[R3-GigabitEthernet0/0/2]quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3]ip address 172.16.30.1 255.255.255.0
[R3-GigabitEthernet0/0/3]quit
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[R3-ospf-1-area-0.0.0.0]network 172.16.2.2 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.29.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]quit
[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3]ospf priority 100
[R3-GigabitEthernet0/0/3]quit
[R3]ip route-static 0.0.0.0 0.0.0.0 100.0.0.2
[R3]acl number 2000
[R3-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.15.255
[R3-acl-basic-2000]rule 10 permit source 172.16.128.0 0.0.63.255
[R3-acl-basic-2000]quit
[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]nat outbound 2000
[R3-GigabitEthernet0/0/2]quit
[R3]acl number 2001
[R3-acl-basic-2001]rule 5 deny source 172.16.0.0 0.0.0.255 # VLAN40
[R3-acl-basic-2001]rule 10 deny source 172.16.1.0 0.0.0.255 # VLAN50
[R3-acl-basic-2001]rule 15 permit
[R3-acl-basic-2001]quit
[R3]interface GigabitEthernet0/0/0
[R3-GigabitEthernet0/0/0]traffic-filter outbound acl 2001
[R3-GigabitEthernet0/0/0]quit
[R3]acl number 3000
[R3-acl-adv-3000]rule 5 deny ip source 172.16.64.0 0.0.0.255 destination 172.16.128.128 0.0.0.127 # PC1→PC5
[R3-acl-adv-3000]rule 10 permit ip
[R3-acl-adv-3000]quit

允許telnet登錄
[test]telnet server enable
[test]user-interface vty 0 4
[test-ui-vty0-4]authentication-mode password
[test-ui-vty0-4]set authentication password cipher 123456
[test-ui-vty0-4]user privilege level 3
[test-ui-vty0-4]quit

允許遠程登錄
[telnet-server]telnet server enable
[telnet-server]user-interface vty 0 4
[telnet-server-ui-vty0-4]authentication-mode password
[telnet-server-ui-vty0-4]set authentication password cipher 123456
[telnet-server-ui-vty0-4]user privilege level 3
[telnet-server-ui-vty0-4]quit

其中驗證過程DHCP 驗證:在 PC 上執(zhí)行 ipconfig,確認獲取對應(yīng) VLAN 網(wǎng)段 IP 和網(wǎng)關(guān)。
Telnet 驗證:在 test 設(shè)備上執(zhí)行 telnet 172.16.66.254,輸入密碼 123456,確認登錄成功
ACL 驗證:PC1 ping PC5(不通)、PC3 ping 業(yè)務(wù) B 網(wǎng)段(不通),其他設(shè)備互通
NAT 驗證:在 Client1 上 ping 100.0.0.2,在 R3 上執(zhí)行 display nat session 查看轉(zhuǎn)換記錄。

以上就是本次配置的部分過程

[SW1-GigabitEthernet0/0/1]quit

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容