HCIA的综合实验

                                                                                                                   作者：五柳狂少
        我们先来看拓扑需求

1.SW1 和 SW2 之间的直连链路配置链路聚合
2.公司内部业务网段为 Vlan10 和 Vlan20；Vlan10 是市场部，Vlan20 是技术部，要求对 Vlan 进行命名以便识别；PC1 属于 Vlan10，PC2 属于 Vlan20，Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居；Vlan111 为 SW1 和 R1 的互联 Vlan，Vlan222 为 SW2 和 R2 的互联 Vlan
3.所有交换机相连的端口配置为 Trunk，允许相关流量通过
4.交换机连接 PC 的端口配置为边缘端口
5.按图示分区域配置 OSPF 实现公司内部网络全网互通，ABR 的环回口宣告进骨干区域；业务网段不允许出现协议报文
6.R1 上配置默认路由指向互联网，并引入到 OSPF
7.R1 通过双线连接到互联网，配置 PPP-MP，并配置双向 chap 验证
8.配置 EASY IP，只有业务网段 192.168.1.0/24 和 192.168.2.0/24 的数据流可以通过 R1 访问互联网
9.R1 开启 TELNET 远程管理，使用用户 abc 登录，密码 abc，只允许技术部远程管理 R1

实验过程：
SW3:
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20

interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20

interface Ethernet0/0/3
port link-type access
port default vlan 10

interface Ethernet0/0/4
port link-type access
port default vlan 20
vlan 10
description jsb //打上VLAN注释
vlan 20
description cwb //打上VLAN注释

SW1:
interface Vlanif10
ip address 192.168.1.254 255.255.255.0

interface Vlanif20
ip address 192.168.2.253 255.255.255.0

interface Vlanif30
ip address 10.1.21.11 255.255.255.0

interface Vlanif111
ip address 10.1.11.11 255.255.255.0

interface GigabitEthernet0/0/1
port link-type access
port default vlan 111

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20

OSPF配置
ospf 1 router-id 10.1.1.1
silent-interface GigabitEthernet0/0/2 //静默接口 不让OSPF报文在这个接口下传输
area 0.0.0.1
network 192.168.1.254 0.0.0.0
network 192.168.2.253 0.0.0.0
network 10.1.11.11 0.0.0.0
network 10.1.21.11 0.0.0.0
network 10.1.1.1 0.0.0.0

Rth配置
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 to 222 //让这一条聚合链路可以通过VLAN

SW2：
接口配置
interface Vlanif10
ip address 192.168.1.253 255.255.255.0

interface Vlanif20
ip address 192.168.2.254 255.255.255.0

interface Vlanif30
ip address 10.1.21.22 255.255.255.0

interface Vlanif222
ip address 10.1.22.22 255.255.255.0
interface Eth-Trunk1 //聚合链路
port link-type trunk
port trunk allow-pass vlan 10 to 222

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2
port link-type access

interface GigabitEthernet0/0/3
eth-trunk 1
interface GigabitEthernet0/0/4
eth-trunk 1

OSPF配置
ospf 1 router-id 10.2.2.2
silent-interface GigabitEthernet0/0/1
area 0.0.0.1
network 192.168.1.253 0.0.0.0
network 192.168.2.254 0.0.0.0
network 10.1.21.22 0.0.0.0
network 10.1.22.22 0.0.0.0
network 10.2.2.2 0.0.0.0

AR1：
ACL配置
acl number 2000 //这个ACL是针对nat的
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255
rule 15 deny
acl number 2005 //这个ACL是针对TELNET
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255

接口配置
interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.1.11.1 255.255.255.0

interface GigabitEthernet0/0/2
ip address 10.1.13.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255

//利用PPP做chan双向认证
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1

interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1

interface Mp-group0/0/1
ip address 202.100.1.1 255.255.255.0
nat outbound 2000
//ppp模式下的聚合

//远程登陆
user-interface vty 0 4
acl 2005 inbound
authentication-mode aaa

OSPF配置
ospf 1 router-id 1.1.1.1
default-route-advertise //引入缺省路由 到OSPF里面
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.12.1 0.0.0.0
network 10.1.13.1 0.0.0.0
area 0.0.0.1
network 10.1.11.1 0.0.0.0

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2

AR2
接口配置
g0/0/0:10.1.12.2/24
g0/0/1:10.1.23.2/24
g0/0/2:10.1.22.2/24
lo0:2.2.2.2/32

OSPF配置
ospf 1 router-id 2.2.2。2
default-route-advertise //引入缺省路由 到OSPF里面
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.12.2 0.0.0.0
network 10.1.23.2 0.0.0.0
area 0.0.0.1
network 10.1.22.2 0.0.0.

AR3
接口配置
interface GigabitEthernet0/0/0
ip address 192.168.3.254 255.255.255.0

interface GigabitEthernet0/0/1
ip address 10.1.23.3 255.255.255.0

interface GigabitEthernet0/0/2
ip address 10.1.13.3 255.255.255.0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255

OSPF配置
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.13.3 0.0.0.0
network 10.1.23.3 0.0.0.0
network 192.168.3.254 0.0.0.0

AR Internet
interface Mp-group0/0/1
ip address 202.100.1.2 255.255.255.0

interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1

interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface LoopBack0
ip address 100.1.1.1 255.255.255.255