HCIP第一次实验（VLAN/DHCP/HTTP服务/远程登陆）

拓扑图及实验要求如下：

实验步骤：

1.在交换机上配置vlan：

[LSW1]vlan batch 10 20
[LSW1]interface g0/0/1	
[LSW1-GigabitEthernet0/0/1]port link-type access 
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1]interface g0/0/5
[LSW1-GigabitEthernet0/0/5]port link-type access 
[LSW1-GigabitEthernet0/0/5]port default vlan 10
[LSW1]interface g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access 
[LSW1-GigabitEthernet0/0/2]port default vlan 20
[LSW1]interface g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access 
[LSW1-GigabitEthernet0/0/3]port default vlan 20

2.配置单臂路由：

[neiwang]interface g0/0/0.1
[neiwang-GigabitEthernet0/0/0.1]dot1q termination vid 10
[neiwang-GigabitEthernet0/0/0.1]ip address 172.16.10.1 24
[neiwang]interface g0/0/0.2
[neiwang-GigabitEthernet0/0/0.2]dot1q termination vid 20
[neiwang-GigabitEthernet0/0/0.2]ip address 172.16.20.1 24

 3.在内网路由器上配置DHCP服务器：

[neiwang]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[neiwang]ip pool vlan10
Info: It's successful to create an IP address pool.
[neiwang-ip-pool-vlan10]network 172.16.10.0 mask 24
[neiwang-ip-pool-vlan10]gateway-list 172.16.10.1
[neiwang-ip-pool-vlan10]dns-list 100.1.1.100
[neiwang]ip pool vlan20
Info: It's successful to create an IP address pool.
[neiwang-ip-pool-vlan20]network 172.16.20.0 mask 24
[neiwang-ip-pool-vlan20]gateway-list 172.16.20.1
[neiwang-ip-pool-vlan20]dns-list 100.1.1.100

4.全局调用：

[neiwang-GigabitEthernet0/0/0.1]dhcp select global 
[neiwang-GigabitEthernet0/0/0.2]dhcp select global 
[LSW1]interface g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type trunk 	
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 20

此时pc1和pc2已经自动获取到地址，如下图：

 

5.pc2和pc3自动获取地址（此处用路由器来模拟pc）：

[pc2]dhcp enable 
[pc2]interface g0/0/0
[pc2-GigabitEthernet0/0/0]ip address dhcp-alloc
[pc3]dhcp enable 
[pc3]interface g0/0/0
[pc3-GigabitEthernet0/0/0]ip address dhcp-alloc

获取到的地址如下：

 

6.要想让子接口下实现互通，需要在子接口下开启arp广播：

[neiwang-GigabitEthernet0/0/0.2]arp broadcast enable 
[neiwang-GigabitEthernet0/0/0.2]arp broadcast enable 

此时vlan10和vlan20互通

 

7.配置路由器的接口地址:

[neiwang-GigabitEthernet0/0/1]ip address 172.16.0.1 30
[bianjie-GigabitEthernet0/0/0]ip address 172.16.0.2 30
[bianjie-GigabitEthernet0/0/1]ip address 202.100.1.1 24

8.ISP路由器不能拥有公司内网内网区域网段的路由，只给ISP路由器配置接口地址即可:

[ISP-GigabitEthernet0/0/0]ip address 202.100.1.2 24
[ISP-GigabitEthernet0/0/1]ip address 100.1.1.1 24

 9.配置静态路由:

[bianjie]ip route-static 172.16.10.0 24 172.16.0.1
[bianjie]ip route-static 172.16.20.0 24 172.16.0.1

10.配置缺省路由:

[neiwang]ip route-static 0.0.0.0 0 172.16.0.2
[bianjie]ip route-static 0.0.0.0 0 202.100.1.2

此时内网互通

11.配置DNS和HTTP服务器,如下图:

12.内网vlan10访问不到外网：

[bianjie]acl 2000
[bianjie-acl-basic-2000]rule deny source 172.16.10.0 0.0.0.255
[bianjie-acl-basic-2000]rule permit source any 
[bianjie]interface g0/0/1	
[bianjie-GigabitEthernet0/0/1]nat outbound 2000

 13.远程登录：

[pc2]user-interface vty 0 4
[pc2-ui-vty0-4]authentication-mode aaa
[pc2-ui-vty0-4]q
[pc2]aaa
[pc2-aaa]local-user pc2 password cipher pc2
Info: Add a new user.
[pc2-aaa]local-user pc2 privilege level 3
[pc3]user-interface vty 0 4
[pc3-ui-vty0-4]authentication-mode aaa
[pc3-ui-vty0-4]q
[pc3]aaa
[pc3-aaa]local-user pc3 password cipher pc3
Info: Add a new user.
[pc3-aaa]local-user pc3 privilege level 3

 14.NAT端口映射：

[bianjie-GigabitEthernet0/0/1]nat server protocol tcp global 202.100.1.10 23 inside 172.16.20.254 23
[bianjie-GigabitEthernet0/0/1]nat server protocol tcp global 202.100.1.10 2323 inside 172.16.20.253 23

此时从ISP上可以登录到pc2和pc3，结果如下：

15.搭建HTTP服务器（本地文件）：

16.扩展部分：

将cloud1划分到vlan10中

[LSW1]interface g0/0/6	
[LSW1-GigabitEthernet0/0/6]port link-type access 
[LSW1-GigabitEthernet0/0/6]port default vlan 10

                                                                       实验结束