HCIA课程总结(七)
动态综合实验
要求:
1.基于192.168.1.0/24 进行划分
如图要求6可知,r2右为公网,所以内网基于192.168.1.0/24进行划分,骨干视为1,两个广播域;
所以1+1+1=3;将192.168.1.0/24进行网络位借2划分,略。
2.建立拓扑并标识ip与vlan
3.配置dhcp,划分vlan(略)
AR1:
[r1]dhcp enable
[r1]ip pool a
[r1-ip-pool-a]network 192.168.1.64 mask 255.255.255.224
[r1-ip-pool-a]gateway-list 192.168.1.65
[r1-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[r1]ip pool b
[r1-ip-pool-a]network 192.168.1.96 mask 255.255.255.224
[r1-ip-pool-a]gateway-list 192.168.1.97
[r1-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
创建子接口并于子接口中开启dhcp服务
AR1:
[r1]interface GigabitEthernet0/0/1.1
[r1-GigabitEthernet0/0/1.1]dhcp select global
[r1]interface GigabitEthernet0/0/1.2
[r1-GigabitEthernet0/0/1.2]dhcp select global
4.启动ospf动态协议并划分区域
AR1:
[r1]ospf 1 router-id 192.168.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
AR2:
[r2]ospf 1 router-id 192.168.1.129
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
5.交换机与路由器链路的配置
在LSW1交换机的Ethernet 0/0/1接口和LSW2交换机的Ethernet 0/0/2接口上配置trunk干道(中继)
[sw1]interface Ethernet 0/0/1
[sw1-Ethernet0/0/1]port link-type trunk
[sw1-Ethernet0/0/1]port trunk allow-pass vlan all
[sw2]interface GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
6.telent的配置
AR1:
[r1]aaa
[r1-aaa]local-user chen privilege level 15 password cipher 123456
[r1-aaa]local-user chen service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
AR2:
[r2]aaa
[r2-aaa]local-user yu privilege level 15 password cipher 123456
[r2-aaa]local-user yu service-type telnet
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
于AR1上配置策略
AR1:
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.1 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.65 0 destination-port eq 23
[r1-acl-adv-3001]rule deny tcp source 192.168.1.93 0 destination 192.168.1.97 0 destination-port eq 23
于接口调用
AR1:
[r1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
7.PC1到PC4可访问PC5
AR2:
[r2-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
布置到PC5的缺省
AR2:
[r2]ip route-static 0.0.0.0 0.0.0.0 1.1.1.0
8.外部client可以通过域名访问httpserver
如图:
client配置如图
将内网中的服务器进行端口映射:
AR2:
[r2-GigabitEthernet0/0/2]nat static protocol tcp global current-interface 80 inside 192.168.1.98 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
如图:
实验完成