HCIA联合实验题 ---配置详解

第三题

Agg01

[Agg01]in eth1

[Agg01-Eth-Trunk1]mode lacp-static

[Agg01-Eth-Trunk1]trunkport g 0/0/3 to 0/0/5

[Agg01-Eth-Trunk1]max active-linknumber 1

Agg02

[Agg02]in eth1

[Agg02-Eth-Trunk1]mode lacp-static

[Agg02-Eth-Trunk1]trunkport g 0/0/3 to 0/0/5

第四题

Acc01

v b 10 20

in g0/0/1

p l t

p t p v 1

p t a v 10 20         

q

in g0/0/2

p t p v 1

p t a v 10 20

q

in e0/0/1

p h p v 10

p h u v 10           

q

in e0/0/2

p h p v 20

p h u v 20

Acc02

v b 10 20

in g0/0/1

p l t

p t p v 1

p t a v 10 20

in g0/0/2

p l t

p t p v 1

p t a v 10 20

q

in e0/0/1

p l a

p d v 10              access接口配置

q

in e0/0/2

p l a

p d v 20

q

Agg01

[Agg01]v b 10 20 100

[Agg01]in g0/0/1

[Agg01-GigabitEthernet0/0/1]p l t

[Agg01-GigabitEthernet0/0/1]p t p v 1

[Agg01-GigabitEthernet0/0/1]p t a v 10 20

[Agg01-GigabitEthernet0/0/1]q

[Agg01]in g0/0/2

[Agg01-GigabitEthernet0/0/2]p l t

[Agg01-GigabitEthernet0/0/2]p t p v 1

[Agg01-GigabitEthernet0/0/2]p t a v 10 20

[Agg01-GigabitEthernet0/0/2]in g0/0/6

[Agg01-GigabitEthernet0/0/6]p l a

[Agg01-GigabitEthernet0/0/6]p d v 100

[Agg01-GigabitEthernet0/0/6]in eth1

[Agg01-Eth-Trunk1]p l t

[Agg01-Eth-Trunk1]p t p v 1

[Agg01-Eth-Trunk1]p t a v 1 10 20

Agg02

[Agg02]v b 10 20 200

[Agg02]in g0/0/1

[Agg02-GigabitEthernet0/0/1]p l t

[Agg02-GigabitEthernet0/0/1]p t p v 1

[Agg02-GigabitEthernet0/0/1]p t a v 10 20

[Agg02-GigabitEthernet0/0/1]in g0/0/2

[Agg02-GigabitEthernet0/0/2]p l t

[Agg02-GigabitEthernet0/0/2]p t p v 1

[Agg02-GigabitEthernet0/0/2]p t a v 10 20

[Agg02-GigabitEthernet0/0/2]in g0/0/6

[Agg02-GigabitEthernet0/0/6]p l a

[Agg02-GigabitEthernet0/0/6]p d v 200

[Agg02-GigabitEthernet0/0/6]in eth1

[Agg02-Eth-Trunk1]p l t

[Agg02-Eth-Trunk1]p t  p v 1

[Agg02-Eth-Trunk1]p t a v 1 10 20

第五题

1，

[Agg01]stp mode rstp

[Agg01]stp priority 4096

[Agg02]stp mode rstp

[Agg02]stp priority 8192

[Acc02]stp mode rstp

[Acc01]stp mode rstp

2，

[Acc01]in e0/0/1

[Acc01-Ethernet0/0/1]stp edged-port enable

[Acc01-Ethernet0/0/1]in e0/0/2

[Acc01-Ethernet0/0/2]stp edged-port enable

[Acc01-Ethernet0/0/2]q

[Acc01]stp bpdu-protection

[Acc02]in e0/0/1

[Acc02-Ethernet0/0/1]stp edged-port enable

[Acc02-Ethernet0/0/1]in e0/0/2

[Acc02-Ethernet0/0/2]stp edged-port enable

[Acc02-Ethernet0/0/2]q

[Acc02]stp bpdu-protection

3，4，

[Acc01]in g0/0/2

[Acc01-GigabitEthernet0/0/2]stp cost 200000

[Acc01-GigabitEthernet0/0/2]stp loop-protection

[Acc02]in g0/0/2

[Acc02-GigabitEthernet0/0/2]stp cost 200000

[Acc02-GigabitEthernet0/0/2]stp loop-protection

[Agg01]in g0/0/2

[Agg01-GigabitEthernet0/0/2]stp cost 200000

[Agg01-GigabitEthernet0/0/2]stp loop-protection

[Agg02]in g0/0/2

[Agg02-GigabitEthernet0/0/2]stp cost 200000

[Agg02-GigabitEthernet0/0/2]stp loop-protection

第六题

[Agg01]in vlan10

[Agg01-Vlanif10]

[Agg01-Vlanif10]ip address 192.168.10.1 24

[Agg01-Vlanif10]in vlan20

[Agg01-Vlanif20]ip address 192.168.20.1 24

[Agg01-Vlanif20]in vlan100

[Agg01-Vlanif100]ip address 10.1.100.1  30

[Agg01-Vlanif100]in loop0

[Agg01-LoopBack0]ip address 1.1.1.1 32

[Agg02]in vlan10

[Agg02-Vlanif10]ip add

[Agg02-Vlanif10]ip address 192.168.10.2 24

[Agg02-Vlanif10]in vlan20

[Agg02-Vlanif20]ip address 192.168.20.2 24

[Agg02-Vlanif20]in vlan200

[Agg02-Vlanif200]ip address 10.1.200.1 30

[Agg02-Vlanif200]in loop0

[Agg02-LoopBack0]ip address 2.2.2.2 32

[Core1]in g0/0/0

[Core1-GigabitEthernet0/0/0]ip address 10.1.100.2 30

[Core1-GigabitEthernet0/0/0]q

[Core1]in g0/0/1

[Core1-GigabitEthernet0/0/1]ip address 10.1.12.1 30

[Core1-GigabitEthernet0/0/1]in g0/0/2

[Core1-GigabitEthernet0/0/2]ip address 10.1.22.1 30

[Core1-GigabitEthernet0/0/2]in loop0

[Core1-LoopBack0]ip address 3.3.3.3  32

[Core2]in g0/0/0

[Core2-GigabitEthernet0/0/0]ip address 10.1.200.2  30

[Core2]in g0/0/1

[Core2-GigabitEthernet0/0/1]ip address 10.1.12.2 30

[Core2-GigabitEthernet0/0/1]in g0/0/2

[Core2-GigabitEthernet0/0/2]ip address 10.1.33.1 30

[Core2-GigabitEthernet0/0/2]in loop0

[Core2-LoopBack0]ip add

[Core2-LoopBack0]ip address 4.4.4.4 32

[HZ-XiaoYuan-Edge]in g0/0/0

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/0]ip address 10.1.22.2 30

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/0]in g0/0/1

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/1]ip address 10.1.33.2 30

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/1]in g0/0/2

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/2]ip address 172.16.1.1 30

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/2]in s1/0/0

[HZ-XiaoYuan-Edge-Serial1/0/0]ip address 202.1.1.1  30

[HZ-XiaoYuan-Edge-Serial1/0/0]in loop0

[HZ-XiaoYuan-Edge-LoopBack0]ip address 5.5.5.5  32

[SH-XiaoYuan-Edge]in g0/0/0

[SH-XiaoYuan-Edge-GigabitEthernet0/0/0]ip address 192.168.30.254  24

[SH-XiaoYuan-Edge-GigabitEthernet0/0/0]in g0/0/1

[SH-XiaoYuan-Edge-GigabitEthernet0/0/1]ip address 172.16.1.2  30

[SH-XiaoYuan-Edge-GigabitEthernet0/0/1]in loop0

[SH-XiaoYuan-Edge-LoopBack0]ip address 6.6.6.6  32

[HZ-EDU-Edge]in s1/0/1

[HZ-EDU-Edge-Serial1/0/1]ip address 202.1.1.2 30

[HZ-EDU-Edge-Serial1/0/1]in g0/0/0

[HZ-EDU-Edge-GigabitEthernet0/0/0]ip address 8.8.8.1  24

第七题

1，2

[Agg01]in vlan10

[Agg01-Vlanif10]vrrp vrid 1 virtual-ip  192.168.10.254

[Agg01-Vlanif10]vrrp vrid 1 priority 120

[Agg01-Vlanif10]in vlan20

[Agg01-Vlanif20]vrrp v

[Agg01-Vlanif20]vrrp vrid 2 v

[Agg01-Vlanif20]vrrp vrid 2 virtual-ip

[Agg01-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254

[Agg02]in vlan10

[Agg02-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254

[Agg02-Vlanif10]in vlan20

[Agg02-Vlanif20]vrrp vrid 2 virtual-ip  192.168.20.254

[Agg02-Vlanif20]vrrp vrid 2 pr

[Agg02-Vlanif20]vrrp vrid 2 priority 120

3，4

Agg01

[Agg01]in vlan10

[Agg01-Vlanif10]vrrp vrid 1 track in

[Agg01-Vlanif10]vrrp vrid 1 track interface GigabitEthernet 0/0/6 reduced 30

[Agg01-Vlanif10]vrrp vrid 1 preempt-mode tim

[Agg01-Vlanif10]vrrp vrid 1 preempt-mode timer de

[Agg01-Vlanif10]vrrp vrid 1 preempt-mode timer delay 10

[Agg01-Vlanif10]vrrp vrid 1 authentication-mode md5 huawei

[Agg01-Vlanif10]in vlan20

[Agg01-Vlanif20]vrrp vrid 2 authentication-mode simple huawei

Agg02

[Agg02-Vlanif20]vrrp vrid 2 track interface GigabitEthernet 0/0/6 reduced 30

[Agg02-Vlanif20]vrrp vrid 2 preempt-mode tim

[Agg02-Vlanif20]vrrp vrid 2 preempt-mode timer d

[Agg02-Vlanif20]vrrp vrid 2 preempt-mode timer delay 10

[Agg02-Vlanif20]vrrp vrid 2 authentication-mode simple huawei

[Agg02-Vlanif20]in vlan10

[Agg02-Vlanif10]vrrp vrid 1 authentication-mode md5 huawei

第八题

[Agg01]

ospf 1

area 0.0.0.0

network 192.168.10.1 0.0.0.0

network 192.168.20.1 0.0.0.0

network 10.1.100.1 0.0.0.0

network 1.1.1.1 0.0.0.0

authentication-mode md5 1 cipher Huawei

[Agg02]

ospf 1

area 0.0.0.0

network 192.168.10.2 0.0.0.0

network 192.168.20.2 0.0.0.0

network 10.1.200.1 0.0.0.0

network 2.2.2.2 0.0.0.0

authentication-mode md5 1 ci

authentication-mode md5 1 cipher Huawei

[Core1]

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 10.1.12.1 0.0.0.0

network 10.1.22.1 0.0.0.0

network 10.1.100.2 0.0.0.0

authentication-mode md5 1 cipher Huawei

[Core2]

ospf 1

area 0.0.0.0

network 4.4.4.4  0.0.0.0

network 10.1.12.2 0.0.0.0

network 10.1.33.1 0.0.0.0

network 10.1.200.2 0.0.0.0

authentication-mode md5 1 cipher Huawei

[HZ-XiaoYuan-Edge]

ospf 1

area 0.0.0.0

network 10.1.22.2 0.0.0.0

network 10.1.33.2 0.0.0.0

network 172.16.1.1 0.0.0.0

authentication-mode md5 1 cipher

7、配置 HZ-XiaoYuan-edge 的 G0/0/0 接口的优先级为最高，使其成为 DR。

q

Int  g0/0/0

Ospf dr-priority 255       

[SH-XiaoYuan-Edge]

ospf 1

area 0.0.0.0

network 172.16.1.2  0.0.0.0

network 192.168.30.254 0.0.0.0

authentication-mode md5 1 cipher

8、在 Agg01,Agg02 上将Vlanif10 和Vlanif20 的OSPF 开销修改为 100,将Core2 和 HZ-XiaoYuan- Edge 之间的链路 OSPF 开销修改为 100.

[Agg01]interface vlan10

[Agg01-Vlanif10]ospf cost 100

[Agg01]interface vlan20

[Agg01-Vlanif20]ospf cost 100

[Agg02]in vlan10

[Agg02-Vlanif10]ospf cost 100

[Agg02-Vlanif10]in vlan20

[Agg02-Vlanif20]ospf cost 100

[Core2]in g0/0/2

[Core2-GigabitEthernet0/0/2]ospf cost 100

[HZ-XiaoYuan-Edge]in g0/0/1

[HZ-XiaoYuan-Edge-GigabitEthernet0/0/1]ospf cost 100

9、将 HZ-XiaoYuan-Edge 的 G0/0/2 和 SH-XiaoYuan-Edge 的 G0/0/1 的链路配置为 P2P 链路。配置篇p2p链路

[HZ-XiaoYuan-Edge]

in g0/0/2

ospf network-type p2p

[SH-XiaoYuan-Edge]

Int g0/0/1

Ospf network-type p2p

第九题   注意啊

1.HZ-XiaoYuan-Edge

AAA

local-user user1 password cip Huawei@123

local-user user1 service-type ppp

interface Serial1/0/0

link-protocol ppp

ppp authentication-mode pap

HZ-EDU-Edge

interface Serial1/0/0

link-protocol ppp

ppp pap local-user user1 password sim Huawei@123

2.HZ-EDU-Edge

AAA

local-user user2 password cipher Huawei

local-user user2 service-type ppp

interfaceSerial1/0/0

link-protocol ppp

ppp authentication-mode chap

HZ-XiaoYuan-Edge

interface Serial1/0/0

link-protocol ppp

ppp chap user user2

ppp chap password cipher Huawei

第十题

[HZ-XiaoYuan-Edge]

ip route-static 0.0.0.0 0.0.0.0 172.16.1.2

ip route-static 8.8.8.8 255.255.255.255 202.1.1.2

ospf 1

import-route static cost 1 type 2

[HZ-EDU-Edge]

ip route-static  192.168.0.0 16 202.1.1.1

ip route-static 0.0.0.0 0 202.1.1.1

第十一题

[Agg02]

dhcp en

int v 20

dhcp select interface

dhcp server dns-list 8.8.8.8

[SH-XiaoYuan-Edge]

dhcp en

ip pool 1

gateway-list 192.168.30.254

network  192.168.30.0 mask  255.255.255.0

dns-list 8.8.8.8

q

in g0/0/0

dhcp select global

第十二题   

nat address-group 1 202.1.1.10 202.1.1.20

acl number 2000  

rule 5 permit source 192.160.10.0 0.0.0.255

rule 10 permit source 192.160.20.0 0.0.0.255

nat outbound 2000 address-group 1

2.

acl number 2001  

rule 5 permit source 192.168.30.0 0.0.0.25

int s1/0/0

nat outbound 2001

3.

int s1/0/0

nat ser protocol  tcp global 203.1.1.1 telnet insi

de 1.1.1.1 telnet

4.有点小问题

user-interface vty 0 4

 user privilege level 3

 set authentication password cipher Huawei

 

5.

int s1/0/0

nat server protocol tcp  global 203.1.1.1 ftp insi

de 2.2.2.2 ftp

aaa

local-user ftp password cipher Huawei

local-user ftp privilege level 3

local-user ftp service-type ftp

q

user-interface vty 0 4

authentication-mode aaa

6.

int s1/0/0

nat server protocol  tcp global 203.1.1.2 80 insid

e 192.168.20.10

十三题

[HZ-XiaoYuan-Edge]

acl number 3000

rule deny icmp source 192.168.10.20 0.0.0.0 destination 8.8.8.8 0.0.0.0

in s1/0/0

traffic-filter outbound acl 3000

十四题

[SH-XiaoYuan-Edge]aaa

[SH-XiaoYuan-Edge-aaa]local-user telnet password  cipher Huawei@123

[SH-XiaoYuan-Edge-aaa]local-user telnet privilege  level 15

[SH-XiaoYuan-Edge-aaa]local-user telnet  service-type telnet

[SH-XiaoYuan-Edge-aaa]q

[SH-XiaoYuan-Edge]user-interface vty 0 4

[SH-XiaoYuan-Edge-ui-vty0-4]authentication-mode aaa

[SH-XiaoYuan-Edge-ui-vty0-4]q

[SH-XiaoYuan-Edge]acl 3000

[SH-XiaoYuan-Edge-acl-adv-3000]rule permit tcp source 1.1.1.1 0.0.0.0 destination 6.6.6.6 0.0.0.0

[SH-XiaoYuan-Edge-acl-adv-3000]in g0/0/1

[SH-XiaoYuan-Edge-GigabitEthernet0/0/1]traffic-filter inbound  acl 3000