@[TOC]HCIA知识综合网络拓扑实验(超详细)
实验总拓扑
实验主要完成某公司网络布线工程,完成办公楼内部的结构化布线工程和信息系统集成,使用DHCP进行IP地址规划及子网划分;单臂路由技术和三层设备实现VLAN间路由;利用VLAN技术进行业务隔离;通过配置MSTP技术使链路实现消除环路和链路备份功能;利用OSPF协议和RIP协议实现路由信息的快速收敛;使用ACL协议来根据需求控制网络访问,达到保障网络安全的目的;链路聚合技术来增大链带宽及线路冗余和负载均衡;利用虚拟路由器冗余(vrrp)协议来达到网关备份、负载分担的目的;使用NAT技术实现公司内网与外网的ip地址转换;Telnet实现远程登录;ftp、HTTP服务器配置来完成公司内网的上传与下载等功能。
IP规划
部门
VLAN IP 网关
市场部 11 10.1.11.0/24 .1
服务器 12 10.1.100.100/24
技术部 13 10.1.13.0/24
生产部 14 10.1.14.0/24
财务部 22 10.1.22.0/24
管理端 21 10.1.21.0/24
SW1实现DHCP 和VRRP
#
vlan batch 11 to 14 1000 to 1001 //创建VLAN域
dhcp enable//开启DHCP
interface Vlanif11
ip address 10.1.11.2 255.255.255.0
#
ip pool 1 //添加地址池
gateway-list 10.1.11.1 //出口网关为VRRP备份组的virtual-ip
network 10.1.11.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 2
gateway-list 10.1.12.1
network 10.1.12.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 3
gateway-list 10.1.13.1
network 10.1.13.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 4
gateway-list 10.1.14.1
network 10.1.14.0 mask 255.255.255.0
dns-list 8.8.8.8
#
//VRRP与开启端口地址分配
#
interface Vlanif11
ip address 10.1.11.2 255.255.255.0 //配置vlanif11的ip
vrrp vrid 1 virtual-ip 10.1.11.1 //创建VRRP备份组1,虚拟ip即为pc默认网关
vrrp vrid 1 priority 120 //设置备份组1的优先级为120
vrrp vrid 1 preempt-mode timer delay 20//延时20秒通过抢占的方式重新成为Master
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30//VRRP组1要监控GE0/0/1口,如果该接口的协议状态或者是物理状态变成DOWN,则将该VRRP组的优先级减去30,由于R1这个VRRP组的优先级现在为120,减去30就变成了90,也就比R2的VRRP组优先级要小,所以R2就能在R1的GE0/0/1口发生故障的情况下VRRP状态过渡到Master
dhcp select global //在该端口开启DHCP地址分配
(其他接口相同)
#
interface Vlanif12
ip address 10.1.12.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.12.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
vrrp vrid 2 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif13
ip address 10.1.13.2 255.255.255.0
vrrp vrid 3 virtual-ip 10.1.13.1
vrrp vrid 3 priority 120
vrrp vrid 3 preempt-mode timer delay 20
vrrp vrid 3 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif14
ip address 10.1.14.2 255.255.255.0
vrrp vrid 4 virtual-ip 10.1.14.1
vrrp vrid 4 priority 120
vrrp vrid 4 preempt-mode timer delay 20
vrrp vrid 4 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif1001
ip address 10.1.111.12 255.255.255.0
SW1设置3a认证
aaa
local-user wql password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user wql privilege level 3
local-user wql service-type telnet
local-user hcie password cipher #*C>*$C`S!INZPO3JBXBHA!!
local-user hcie privilege level 3
local-user hcie service-type telnet
local-user admin password simple admin
SW2的配置
配置与SW1相同
vlan b 11 to 13 1000 to 1002
dhcp enable
#
ip pool 1
gateway-list 10.1.11.1
network 10.1.11.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 2
gateway-list 10.1.12.1
network 10.1.12.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 3
gateway-list 10.1.13.1
network 10.1.13.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool 4
gateway-list 10.1.14.1
network 10.1.14.0 mask 255.255.255.0
dns-list 8.8.8.8
#
#
interface Vlanif11
ip address 10.1.11.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.11.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif12
ip address 10.1.12.2 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.12.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode timer delay 20
vrrp vrid 2 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif13
ip address 10.1.13.2 255.255.255.0
vrrp vrid 3 virtual-ip 10.1.13.1
vrrp vrid 3 priority 120
vrrp vrid 3 preempt-mode timer delay 20
vrrp vrid 3 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif14
ip address 10.1.14.2 255.255.255.0
vrrp vrid 4 virtual-ip 10.1.14.1
vrrp vrid 4 priority 120
vrrp vrid 4 preempt-mode timer delay 20
vrrp vrid 4 track interface GigabitEthernet0/0/1 reduced 30
dhcp select global
#
interface Vlanif1002
ip address 10.1.112.12 255.255.255.0
SW1端口类型的配置
interface Eth-Trunk0 //设置链路聚合端口类型
undo port hybrid vlan 1
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/1 //上行路由接口设置为access
port link-type access
port default vlan 1001
#
interface GigabitEthernet0/0/2 //下行接口设置允许通过的VLAN
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/11 //将接口加入到聚合组
eth-trunk 0
#
interface GigabitEthernet0/0/12
eth-trunk 0
#
interface GigabitEthernet0/0/21
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/22
port hybrid tagged vlan 11 to 14
SW2端口类型的配置
#
interface Eth-Trunk0
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 1002
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/11
eth-trunk 0
#
interface GigabitEthernet0/0/12
eth-trunk 0
#
interface GigabitEthernet0/0/23
port hybrid tagged vlan 11 to 14
#
interface GigabitEthernet0/0/24
port hybrid tagged vlan 11 to 14
接入层交换机端口类型配置与VLAN划分
SW3
#
interface Ethernet0/0/1 //下行为access
port link-type access
port default vlan 11
#
interface Ethernet0/0/2 上行为Trunk
port link-type trunk
port trunk allow-pass vlan 11 to 14
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 14
#
SW4
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 12
#
interface Ethernet0/0/1
port link-type access
port default vlan 12
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 12
SW5
interface Ethernet0/0/1
port link-type access
port default vlan 13
#
interface gthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 13
#
interface gthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 13
#
SW6
interface Ethernet0/0/1
port link-type access
port default vlan 13
#
interface gthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 13
#
interface gthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 13
#
成功获取IP
汇聚层配置MSTP
SW1、SW2配置相同
#
stp region-configuration //进入MSTI域视图
region-name a
instance 1 vlan 11 //设置VLAN映射
instance 2 vlan 12
instance 3 vlan 13
instance 4 vlan 14
active region-configuration //开启
stp instance 1 root primary
stp instance 2 root primary
stp instance 3 root primary
stp instance 4 root primary
SW3、4、5、6配置相同
#
stp region-configuration
region-name a
instance 1 vlan 11
instance 2 vlan 12
instance 3 vlan 13
instance 4 vlan 14
active region-configuration
OSPF协议的发布
SW1
ospf 1
area 0.0.0.0
network 10.1.11.0 0.0.0.255
network 10.1.12.0 0.0.0.255
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
network 10.1.111.0 0.0.0.255
#
SW2
#
ospf 1
area 0.0.0.0
network 10.1.11.0 0.0.0.255
network 10.1.12.0 0.0.0.255
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
network 10.1.112.0 0.0.0.255
#
出口路由R1配置
#
acl number 2000 //设置只能内网访问外网
rule 5 permit source 10.1.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
ip address 10.1.111.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 202.2.12.2 255.255.255.0
nat server protocol tcp global 202.2.12.3 ftp inside 10.1.100.100 ftp //设置服务器映射
nat server protocol tcp global 202.2.12.3 www inside 10.1.100.100 www
nat outbound 2000
#
interface GigabitEthernet0/0/2
ip address 10.1.113.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.1.114.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 10.1.112.1 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
default-route-advertise //引入缺省静态路由到OSPF域
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.111.0 0.0.0.255
network 10.1.112.0 0.0.0.255
network 10.1.113.0 0.0.0.255
network 10.1.114.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 202.2.12.1 //通往外网的静态
#
R3配置
interface GigabitEthernet0/0/1
ip address 10.1.134.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.113.2 255.255.255.0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
import-route rip 1 cost 5 type 1 //ospf域引入RIP
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.113.0 0.0.0.255
#
rip 1
default-route originate
version 2
network 10.0.0.0
import-route ospf 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
R4配置
dhcp enable //开启DHCP
#
ip pool wql
gateway-list 10.1.21.1
network 10.1.21.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool cf
gateway-list 10.1.22.1
network 10.1.22.0 mask 255.255.255.0
dns-list 8.8.8.8
#
interface GigabitEthernet0/0/0.21 //配置单臂路由
dot1q termination vid 21
ip address 10.1.21.1 255.255.255.0
arp broadcast enable
dhcp select global
#
interface GigabitEthernet0/0/0.22
dot1q termination vid 22
ip address 10.1.22.1 255.255.255.0
arp broadcast enable
dhcp select global
#
interface GigabitEthernet0/0/1
ip address 10.1.134.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.135.1 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
rip 1
version 2
network 10.0.0.0
network 4.0.0.0
AR5的配置
#
interface GigabitEthernet0/0/0
ip address 10.1.100.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 10.1.135.2 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
rip 1
version 2
network 10.0.0.0
Smart Link(SW12、SW14 )部分
SW14
#
interface Ethernet0/0/3
stp disable
#
interface Ethernet0/0/4
stp disable
#
smart-link group 1
restore enable
smart-link enable
port Ethernet0/0/3 master
port Ethernet0/0/4 slave
timer wtr 30
SW12
#
monitor-link group 1
port GigabitEthernet0/0/1 uplink
port Ethernet0/0/3 downlink 1
timer recover-time 10
SW11的配置
vlan batch 21 to 22
#
interface Ethernet0/0/1
port link-type access
port default vlan 21
#
interface Ethernet0/0/2
port link-type access
port default vlan 22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
服务器的配置
FTP服务器
HTTP服务器
至此功能实现完成
查看出口路由AR2的路由表
** 总部出口设备路由表**
Vlan的用户端能够访问服务器、外网、相互通信。实现数据的相互通信。
市场部与服务器
市场部与技术部测试
市场部与外网测试
单臂路由的实现
管理层与虚拟接口测试
acl过滤的实现
外网无法链接内网
HTTP服务器的实现
外网登录内网HTTP服务器
ftp服务器的实现
允许外网用户登录内网Ftp服务器进行文件下载等。
外网登录内网ftp服务器
DHCP技术测试
在路由器AR2上配置DHCP技术的相关命令,各部门网段采用在全局模式下自动获取IP地址。
市场部IP
MSTP+VRRP功能实现
相应配置了虚拟路由器冗余协议和MSTP协议的交换机设备上查看结果,可以知道,当前网络中VRRP协议和MSTP协议均处于正常运行的状态。测试结果可以显示出SW1交换机上不同VLAN之间相互备份,在10.1.0.0网段的为Master状态。
VRRP状态查询
对汇聚层交换机SW3进行MSTP的检查,可以知道其e0/0/2端口处于堵塞,g0/0/1端口是SW3的根端口。
现关闭交换机SW1,市场部仍能ping通公司服务器。
成功链接服务器
远程登录实现
各设备在用户模式下进行远程登录,使用登录到主机名的用户名(wql)和设置的密码(123)就可以登陆到远程交换机SW1
远程登录SW1
扫一扫
4886
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
