【HCIA综合实验】

最新推荐文章于 2024-07-26 16:30:30 发布

ice_白昼

最新推荐文章于 2024-07-26 16:30:30 发布

阅读量200

点赞数 5

分类专栏：路由与交换技术文章标签：网络运维

本文链接：https://blog.csdn.net/m0_62533730/article/details/140637179

版权

路由与交换技术专栏收录该内容

16 篇文章 0 订阅

订阅专栏

实验拓扑

实验要求

VLAN创建与划分
实现VALN间的通信
通过AC配置AP。（隧道转发）
链路集合（LSW1与LSW2之间完成链路聚合）
私网1内部（LSW1、LSW2以及AR1）运行0SPF
DHCP（PC1、PC2通过DHCP获取IP地址，其中VLAN30基于全局地址池，VLAN50基于接口，VLAN60基于接口）
ACL流量过滤（禁止VLAN50内的流量访问VLAN40内的服务器，其他的流量放行)
NAT配置（私网1、私网2可以访问公网），NAT Server配置（私网2内客户端可以访问私网1内服务器）

实验配置与分析

VLAN配置

# SW1
sys
sys SW1
vlan batch 30 40 50
int G 0/0/2
 port link-type access
 port default vlan 30
int G 0/0/3
 port link-type access
 port default vlan 30
int G 0/0/6
 port link-type access
 port default vlan 40
# SW2
sys
sys SW2
vlan batch 30 40 50 60 100
int G 0/0/2
 port link-type access
 port default vlan 50
int G 0/0/3
 port link-type access
 port default vlan 50

VLAN间通信

# SW1
int VLANIF 30
 ip address 10.1.3.254 24
int VLANIF 40
 ip address 10.1.4.254 24
# SW2
int VLANIF 50
 ip address 10.1.5.254 24

链路聚合

# SW1
int Eth-Trunk 1
 port link-type trunk
 port trunk allow-pass vlan all
 trunkport G 0/0/4 to 0/0/5
# SW2 
 int Eth-Trunk 1
 port link-type trunk
 port trunk allow-pass vlan all
 trunkport G 0/0/4 to 0/0/5

WLAN配置

# SW2
int G 0/0/6
 port link-type trunk
 port trunk allow-pass vlan 60 100
int G 0/0/7
 port link-type access
 port default vlan 100
# AC 
sys
sys AC
dhcp enable
vlan batch 100 60
int G 0/0/1 
 port link-type trunk
 port trunk allow-pass vlan 100 60
int vlanif 100
 ip address  10.1.10.1 24
 dhcp select int
capwap source interface vlanif 100
wlan
 ap-id 1 ap-mac 00e0-fc62-2f10
  ap-name AP1
display ap all
wlan
 ssid-profile name huawei
  ssid huawei
 vap-profile name huawei
  service-vlan vlan-id 60
  ssid-profile huawei
  security-profile huawei_PWD
  forward-mode tunnel
 security-profile name huawei_PWD
  security wpa2 psk pass-phrase huawei@123 aes
 ap-group name huawei
  vap-profile huawei wlan 1 radio 0
 ap-id 1
  ap-group huawei
# SW2
dhcp enable
int vlanif 60
 ip address 10.1.6.254 24
 dhcp select int

OSPF

# SW1
ospf 1 router-id 2.2.2.2
 area 0
int VLANIF 30 
 ospf enable 1 area 0
int VLANIF 40
 ospf enable 1 area 0
# 主要用于建立OSPF邻居
int VLANIF 1
 ip address 10.1.1.254 24
int G 0/0/1
 port link-type access
 ospf enable 1 area 0
ip route-static 0.0.0.0 0 10.1.1.1
# SW2
ospf 1 router-id 3.3.3.3
 area 0
int VLANIF 50
 ospf enable 1 area 0
int VLANIF 60
 ospf enable 1 area 0
int VLANIF 1
 ip address 10.1.2.254 24
 ospf enable 1 area 0
int G 0/0/1
 port link-type access
ip route-static 0.0.0.0 0 10.1.2.1
# AR1
sys
sys AR1
ospf 1 router-id 1.1.1.1
 area 0
int G 0/0/1
 ip address 10.1.1.1 24
 ospf enable 1 area 0
int G 0/0/2
 ip address 10.1.2.1 24
 ospf enable 1 area 0
int G 0/0/0
 ip address 12.1.1.1 24
 ospf enable 1 area 0

DHCP

# SW1
dhcp enable
ip pool pool30
 network 10.1.3.0 mask 24
 gateway-list 10.1.3.254
int VLANIF 30
 dhcp select global
# SW2
int VLANIF 50
 dhcp select int

ACL流量过滤

# SW1
acl 3000
 rule 5 deny ip source 10.1.5.0 0.0.0.255 
 rule 10 permit ip 
int G 0/0/6
 traffic-filter outbound acl 3000

NAT配置

# AR1
acl 2000
 rule 5 permit
int G 0/0/0
 nat outbound 2000
ip route-static 0.0.0.0 0 12.1.1.2 
# AR2
sys
sys AR2
int G 0/0/1
 ip address 12.1.1.2 24
int G 0/0/0
 ip address 23.1.1.2 24
# AR3
sys
sys AR3
int G 0/0/1
 ip address 23.1.1.3 24
int G 0/0/0
 ip address 10.1.1.254 24
acl 2000
 rule 5 permit
int G 0/0/1
 nat outbound 2000
ip route-static 0.0.0.0 0 23.1.1.2
# AR1
# 配置NAT server
int G 0/0/0
 nat server protocol tcp global 12.1.1.254 any inside 10.1.4.1 any