HCIA的技术考察

 

编写实验报告：
1、拓扑信息
2、要求及分析
3、IP规划
4、配置截图
5、测试

1、拓扑信息

2、要求及分析

1、ISP路由器仅配置IP地址

• 全网配置IP

2、内部网络基于192.168.1.0/24网段进行IP规划

• 先进行内网操作配置

3、R1/R2之间使用OSPF做到内网全通，单区域

• area 0   缺省下发

4、PC1-PC4使用DHCP获取地址

• 开启DHCP服务

5、PC2-PC4可以访问PC5;PC1不行

• PC1    icmp  PC5

6、R2出口只拥有一个公网IP

• 静态NAT

7、test-1设备可以登录到内网teInet服务器；test-2不行

• test-2   TCP/telnet    teInet

3、IP规划

4、配置截图

1.配置LW1的VLAN

2.查看LW1的VLAN

3.配置LW2的VLAN（图忘截图了）

LW2
sys
sys LW2
vlan 20 
q
vlan 30
q
int g0/0/2
port link-type access
port de v 20
int g0/0/3
port link-type access
port de v 30
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30

4.查看LW2的VLAN

5.配置IP地址

6.开启OSPF

7.查看发现G0/0/0.3未配置

8.LW3只需改名即可

9.开启DHCP与R2配置NAT

acl 2000
rule permit source 192.168.1.0 0.0.0.255
int g0/0/2
nat outbound 2000
q
ip route-static 0.0.0.0 0 202.1.1.2
ospf 1
default-route-advertise

10.测试PC1  ping  PC2/PC3

            PC3  ping  PC4

11.将公网完善

12.PC1-PC4可以访问PC5

13.R1配置后PC1不可访问PC5

acl 3000
rule deny ip source 192.168.1.29 0.0.0.0 destination 203.1.1.100 0.0.0.0
q
int g0/0/0.1
traffic-filter inbound acl 3000

14.R2开启端口映射

15.Telner Server 开启telnet服务

16.测试可以登录

 17.创建ACL，使test-1设备可以登录到内网teInet服务器；test-2不行

18.测试test-2不可登录

 

因有部分配置未截图，我将配置重写了一遍

R1


sys
sys R1
int g0/0/1
ip add 192.168.1.161 30
q
int g0/0/0.1
ip add 192.168.1.30 27
dotlq termination vid 2
arp broadcast enable
int g0/0/0.2
ip add 192.168.1.62 27
dotlq termination vid 3
arp broadcast enable
int g0/0/0.3
ip add 192.168.1.158 27
dotlq termination vid 4
arp broadcast enable


ospf 1 rou 1.1.1.1
area 0
network 192.168.1.0 0.0.0.255
dis this
q
dis ip int b
dis ip rou p o


dhcp enble
ip pool 1
network 192.168.1.0 mask 27
gateway-list 192.168.1.30 
q
ip pool 2
network 192.168.1.32 mask 27
gateway-list 192.168.1.62
q
int g0/0/0.1
dhcp select globle
int g0/0/0.2
dhcp select globle
q
dis cu





acl 3000
rule deny ip source 192.168.1.29 0.0.0.0 destination 203.1.1.100 0.0.0.0
q
int g0/0/0.1
traffic-filter inbound acl 3000

R2


sys
sys R2
int g0/0/1
ip add 192.168.1.162 30
int g0/0/0.1
ip add 192.168.1.94 27
dotlq termination vid 20
arp broadcast enable
int g0/0/0.2
ip add 192.168.1.126 27
dotlq termination vid 30
arp broadcast enable
int g0/0/2
ip add 202.1.1.1 30
q



ospf 1 rou 2.2.2.2
area 0
network 192.168.1.0 0.0.0.255
q
dis ip rou p o



dhcp enble
ip pool 1
network 192.168.1.64 mask 27
gateway-list 192.168.1.94 
q
ip pool 2
network 192.168.1.96 mask 27
gateway-list 192.168.1.126
q
int g0/0/0.1
dhcp select globle
int g0/0/0.2
dhcp select globle
q






acl 2000
rule permit source 192.168.1.0 0.0.0.255
int g0/0/2
nat outbound 2000
q
ip route-static 0.0.0.0 0 202.1.1.2
ospf 1
default-route-advertise


int g0/0/2
nat server protocol tcp global current-interface telent inside 192.168.1.129 telnet
y


acl 3000
rule deny tcp source 203.1.1.2 0 destination-port eq 23
q
int g0/0/2
traffic-filter inbound acl 3000

ISP


sys
sys ISP
int g0/0/0
ip add 202.1.1.2 30
int g0/0/1
ip add 203.1.1.254 24

Telnet Server



sys
sys Telnet Server
int g0/0/0
ip add 192.168.1.129 27



user-interface vty 0 4
authentication-mode aaa
q
aaa
local-user huawei password cipher 123456
local-user huawei privilege level 15
local-user huawei service-type telnet
q
用R1 验证


ip rou 0.0.0.0 0 192.168.1.158 

test-1


sys 
sys test-1
int g0/0/0
ip add 203.1.1.1 24



ip rou 202.1.1.1 32 203.1.1.254

test-2


sys
sys test-2
int g0/0/0
ip add 203.1.1.2 24



ip rou 202.1.1.1 32 203.1.1.254

LW1


sys
sys LW1
vlan 2
q
vian 3
q
vlan 4
q
int g0/0/2
port link-type access
port default vlan 2
int g0/0/3
port link-type access
port default vlan 3
int g0/0/4
port link-type access
port default vlan 4
q
int g0/0/1
port link-type t
port t all vlan 2 3 4
q
dis vlan 查看

LW2


sys
sys LW2
vlan 20 
q
vlan 30
q
int g0/0/2
port link-type access
port de v 20
int g0/0/3
port link-type access
port de v 30
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30

LW3

sys
sys LW3