HCIP第一天实验-CSDN博客

本文链接：https://blog.csdn.net/m0_59760462/article/details/120239449

1子网划分

AR1

G0/0/0 192.168.0.225/30 G0/0/1 192.168.0.229/30

Lo0 192.168.0.1/27 Lo1 192.168.0.33/27

AR2

G0/0/0 192.168.0.237/30 G0/0/1 192.168.0.226/30

Lo0 192.168.0.65/27 Lo1 192.168.0.97/27

AR3

G0/0/0 192.168.0.233/30 G0/0/1 192.168.0.230/30

G0/0/2 192.168.0.193/27 Lo0 192.168.0.193/27

AR4

G0/0/0 192.168.0.234/30 G0/0/1 192.168.0.238/30

G0/0/2 192.168.0.245/30 E0/0/0 192.168.0.241/30

Lo0 192.168.0.129/27 Lo1 192.168.0.161/27

AR5

G0/0/0 4.4.4.1/24 G0/0/2 192.168.0.246/30

E0/0/0 192.168.0.242/30

AR6

G0/0/0 4.4.4.200/24 LO0 5.5.5.5 /30

为了防止环路，在每个路由器上配置黑洞路由。

ip route-static 192.168.0.64 255.255.255.192 NULL0

AR5上配置nat

acl name nat 2000
rule 10 permit source 192.168.0.0 0.0.0.255

nat address-group 2 4.4.4.10 4.4.4.20

interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
nat outbound 2000 address-group 2

AR3上配置DHCP

ip pool 192
gateway-list 192.168.0.193
network 192.168.0.192 mask 255.255.255.224
excluded-ip-address 192.168.0.194 192.168.0.196
lease day 0 hour 0 minute 30
dns-list 114.114.114.114 8.8.8.8

interface GigabitEthernet0/0/2
ip address 192.168.0.193 255.255.255.224
dhcp select global

AR5上配置端口映射

interface GigabitEthernet0/0/0
nat server protocol tcp global 4.4.4.2 telnet inside 192.168.0.225 telnet

AR1上开启Tlenet

user-interface vty 0 4
authentication-mode password
set authentication password cipher %$%$4EN./\jo05V<{QCL#PY$,<#A5cp]Y;*3|1]GVwIw
7gXP<#D,%$%$

验证nat

验证telnet及端口映射

验证DHCP

ar1配置

[V200R003C00]
#
sysname ar1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.225 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.229 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.33 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.226
ip route-static 0.0.0.0 0.0.0.0 192.168.0.220 preference 100
ip route-static 192.168.0.0 255.255.255.192 NULL0
ip route-static 192.168.0.64 255.255.255.192 192.168.0.226
ip route-static 192.168.0.128 255.255.255.192 192.168.0.226
ip route-static 192.168.0.128 255.255.255.192 192.168.0.230
ip route-static 192.168.0.192 255.255.255.224 192.168.0.230
ip route-static 192.168.0.236 255.255.255.252 192.168.0.226
ip route-static 192.168.0.240 255.255.255.248 192.168.0.226
ip route-static 192.168.0.240 255.255.255.248 192.168.0.230
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode password
set authentication password cipher %$%$WAwH'yu$8EPFU2;T`SMR,<zO'|];QB",fJcVJ0=d
zKX@<zR,%$%$
user-interface vty 16 20
#
wlan ac
#
return

ar2配置

[V200R003C00]
#
sysname ar2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.226 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.237 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.65 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.97 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.238
ip route-static 0.0.0.0 0.0.0.0 192.168.0.225 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.225
ip route-static 192.168.0.64 255.255.255.192 NULL0
ip route-static 192.168.0.192 255.255.255.224 192.168.0.225
ip route-static 192.168.0.192 255.255.255.224 192.168.0.238 preference 100
ip route-static 192.168.0.228 255.255.255.252 192.168.0.225
ip route-static 192.168.0.232 255.255.255.252 192.168.0.238
ip route-static 192.168.0.240 255.255.255.248 192.168.0.238
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

ar3配置

[V200R003C00]
#
sysname ar3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool 192
gateway-list 192.168.0.193
network 192.168.0.192 mask 255.255.255.224
excluded-ip-address 192.168.0.194 192.168.0.196
lease day 0 hour 0 minute 30
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.233 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.230 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 192.168.0.193 255.255.255.224
dhcp select global
#
interface NULL0
#
interface LoopBack0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.234
ip route-static 0.0.0.0 0.0.0.0 192.168.0.229 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.229
ip route-static 192.168.0.64 255.255.255.192 192.168.0.229
ip route-static 192.168.0.64 255.255.255.192 192.168.0.234 preference 100
ip route-static 192.168.0.128 255.255.255.192 192.168.0.234
ip route-static 192.168.0.236 255.255.255.252 192.168.0.234
ip route-static 192.168.0.240 255.255.255.248 192.168.0.234
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

ar4配置

[V200R003C00]
#
sysname ar4
#
board add 0/4 2FE
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet4/0/0
ip address 192.168.0.241 255.255.255.252
#
interface Ethernet4/0/1
#
interface GigabitEthernet0/0/0
ip address 192.168.0.234 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.238 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 192.168.0.245 255.255.255.252
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.129 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.161 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.246
ip route-static 0.0.0.0 0.0.0.0 192.168.0.242 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.237
ip route-static 192.168.0.0 255.255.255.192 192.168.0.233 preference 100
ip route-static 192.168.0.192 255.255.255.224 192.168.0.233
ip route-static 192.168.0.224 255.255.255.252 192.168.0.237
ip route-static 192.168.0.228 255.255.255.252 192.168.0.233
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

ar5 配置
[V200R003C00]
#
sysname ar5
#
board add 0/4 2FE
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl name nat 2000
rule 10 permit source 192.168.0.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 4.4.4.10 4.4.4.20
#
interface Ethernet4/0/0
ip address 192.168.0.242 255.255.255.252
#
interface Ethernet4/0/1
#
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
nat server protocol tcp global 4.4.4.2 telnet inside 192.168.0.225 telnet
nat outbound 2000 address-group 2
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 192.168.0.246 255.255.255.252
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 4.4.4.200
ip route-static 192.168.0.0 255.255.255.0 192.168.0.245
ip route-static 192.168.0.0 255.255.255.0 192.168.0.241 preference 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

ar6配置

[V200R003C00]
#
sysname ar6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 4.4.4.200 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.252
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return