HCIA拓扑实验

最新推荐文章于 2024-03-28 00:22:46 发布
最新推荐文章于 2024-03-28 00:22:46 发布
阅读量473 收藏 5
点赞数 1
文章标签: 网络安全 网络 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_66216073/article/details/126053234
版权

 1.按照分配好的ip给路由器和pc配置ip地址。

2.启用ospf路由协议,按照区域宣告接口,将ospf协议的hello时间改小加快收敛,启用接口认证提高安全性,区域0中r2r3路由优先级改为0,实现r1为dr没有bdr。

3.在与运营商连接的路由器r6上配置缺省路由指向运营商,并下放缺省,配置nat使内部需要访问外网的路由都换上公网ip

4.通过acl抓取流量实现对pc、路由器间的互访权限控制

具体配置如下:

sysname r1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 172.1.1.2 255.255.192.0 
#
interface GigabitEthernet0/0/1
 ip address 172.1.64.1 255.255.192.0 
 ospf timer hello 5
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 1.1.1.1 
 area 0.0.0.0 
  network 172.1.64.1 0.0.0.0 
 area 0.0.0.1 
  authentication-mode md5
  network 172.1.1.2 0.0.0.0 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

sysname r2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 172.1.64.2 255.255.192.0 
 ospf dr-priority 0
 ospf timer hello 5
#
interface GigabitEthernet0/0/1
 ip address 172.1.128.1 255.255.192.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 2.2.2.2 
 area 0.0.0.0 
  network 172.1.64.2 0.0.0.0 
 area 0.0.0.2 
  network 172.1.128.1 0.0.0.0 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

sysname r3
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 172.1.64.3 255.255.192.0 
 ospf dr-priority 0
 ospf timer hello 5
#
interface GigabitEthernet0/0/1
 ip address 172.1.192.1 255.255.192.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 3.3.3.3 
 area 0.0.0.0 
  network 172.1.64.3 0.0.0.0 
 area 0.0.0.3 
  network 172.1.192.1 0.0.0.0 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

sysname r4
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool 1
 gateway-list 192.168.3.1 
 network 192.168.3.0 mask 255.255.255.0 
 dns-list 8.8.8.8 
#
ip pool 2
 gateway-list 192.168.4.1 
 network 192.168.4.0 mask 255.255.255.0 
 dns-list 8.8.8.8 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user xx password cipher %$%$.#LI8[u<g#BSQ5*IAp"Qh1<\%$%$
 local-user xx privilege level 15
 local-user xx service-type telnet
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 172.1.192.2 255.255.192.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
 dot1q termination vid 2
 ip address 192.168.3.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/1.2
 dot1q termination vid 3
 ip address 192.168.4.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 4.4.4.4 
 area 0.0.0.3 
  network 0.0.0.0 255.255.255.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return

sysname r8
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
dhcp enable
#
acl number 3000  
 rule 5 deny icmp source 192.168.2.254 0 destination 192.168.4.254 0 icmp-type e
cho-reply 
#
ip pool 1
 gateway-list 192.168.1.1 
 network 192.168.1.0 mask 255.255.255.0 
 dns-list 8.8.8.8 
#
ip pool 2
 gateway-list 192.168.2.1 
 network 192.168.2.0 mask 255.255.255.0 
 dns-list 8.8.8.8 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 172.1.128.2 255.255.192.0 
#
interface GigabitEthernet0/0/1
 traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/1.1
 dot1q termination vid 2
 ip address 192.168.1.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/1.2
 dot1q termination vid 3
 ip address 192.168.2.1 255.255.255.0 
 arp broadcast enable
 dhcp select global
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 7.7.7.7 
 area 0.0.0.2 
  network 0.0.0.0 255.255.255.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

sysname r7
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 11.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

sysname r6
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
acl number 2000  
 rule 5 permit 
#
acl number 3000  
 rule 5 deny tcp source 192.168.3.254 0 destination 172.1.1.1 0 destination-port
 eq telnet 
 rule 10 deny tcp source 192.168.3.254 0 destination 10.1.1.2 0 destination-port
 eq telnet 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.1.1.2 255.255.255.0 
 nat server protocol tcp global 10.1.1.3 telnet inside 172.1.192.2 telnet
 nat outbound 2000
#
interface GigabitEthernet0/0/1
 ip address 172.1.1.1 255.255.192.0 
 traffic-filter inbound acl 3000
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 100 router-id 5.5.5.5 
 default-route-advertise
 area 0.0.0.1 
  authentication-mode md5
  network 172.1.1.1 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 authentication-mode password
 user privilege level 15
 set authentication password cipher %$%$)o_uBmeqy6~LMC>"X}Q5,.r#T/^W1H+:T/[i,09q
Jry*.r&,%$%$
user-interface vty 16 20
#
wlan ac
#
return

sysname sw1
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

sysname sw2
#
vlan batch 2 to 3
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 2
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

sysname sw3
#
vlan batch 2 to 3
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 2
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

小guan想摸鱼
关注
  • 1
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
双向重发布实验
weixin_43796645的博客
11-30 278
要求: sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80...
H3C交换机SNMP配置详解
weixin_34342578的博客
06-22 3480
H3C交换机SNMP配置 1.启动/关闭SNMP Agent服务 在系统视图模式下: 启用:snmp-agent 关闭:undo snmp-agent 注:缺省情况下snmp agent是关闭的 2. 使能或禁止SNMP相应版本 ...
NAT ip地址转换(项目)
云计算
10-29 529
AR1 <R1>display current-configuration [V200R003C00] # sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal.
HCIA综合实验(五)
01-09
实验目的及要求:HCIA全部知识点,全网可通 具体是实现会一一介绍 本人已经将全部做完的实验拓扑保存:链接:https://pan.baidu.com/s/1l8JlXiJlWJIhNNNswxY9tQ 提取码:y1j5 配置思想: 首先从最低层开始进行配置 先将二层配置好再对三层进行配置         将vlan10、20、30、40分别划入LSW3、LSW4中,并使用access接口         LSW1、LSW2分别为vlan80、90         LSW5上分别为vlan100、101、900,并使用access接口         lldp enable 便于以后查看周围设
h3c snmp配置实例_四种常见厂商交换机SNMP配置实例
weixin_39680380的博客
02-15 1317
四种常见厂商交换机SNMP配置实例SNMP:1、华为核心:snmp-agentsnmp-agentlocal-engineid 000007DB7FFFFFFF00006FACsnmp-agent communityreadamtt-rosnmp-agent communitywriteamtt-rwsnmp-agent sys-infocontact R&D Nanjing, Huawe...
HCIA-RS[QUESTION 24]手敲题目及网络拓扑实验.zip
09-13
HCIA-RS(H12-211)题库V2.5第一部分的第24题【QUESTION 24】手敲题目及网络拓扑实验: 如下图所示的网络,下列哪些命令可以使RouterA可以转发目的IP地址为10.0.3.3的效据包? A. ip route-static 10.0.3.3 255.255....
华为eNSP拓扑综合实验-HCIA综合
11-01
【华为eNSP拓扑综合实验-HCIA综合】 华为eNSP(Enterprise Network Simulation Platform)是一款强大的网络仿真工具,广泛用于模拟和测试各种网络环境,尤其在华为认证的学习和考试中扮演着重要角色。本实验是针对...
HCIA 网工初级实验拓扑 汇总-ENSP打开.zip
04-05
实验1基础配置 实验2-FTP 实验3静态路由 实验4缺省路由 实验5-企业双出口冗余 实验6-Rip 实验7-ospf 实验8-dhcp 实验9-ad 实验10NAT 实验11-广域网ppp 实验12-PPPOE 实验13-50人企业网设计(静态ip地址) 实验14-50...
HCIA基础配置使用拓扑
05-24
HCIA基础配置使用拓扑
HCIA-综合实验(二)实验拓扑及配置
11-15
HCIA-综合实验(二)实验拓扑及配置
20套CCIE实验pdf版(拓扑,需求,解法,配置).zip
04-01
本资料共包含以下附件: 20套CCIE实验pdf版(拓扑,需求,解法,配置).zip
华为二层交换机配置命令详解
热门推荐
Baple的专栏
10-11 2万+
配置交换机,从基础开始。 以下是配置的交换机命令。(HUAWEI S3000) 本人认为有五个步骤是重点(红色字体) 配置过程(// 后面为注释) 1.改变中文模式 language-mode chinese //习惯英语的可以不用此步骤 2.进入系统试图 system-view 3.设置特权密码: super password cipher NIMEI //
华为数通HCIA小型拓扑综合实验,运用OSPF动态路由协议、ACL访问控制列表,交换机生成树协议,修改交换机根桥、交换机划分vlan、链路聚合等相关数通技术、NAT地址转换以及NAT网络地址转换的配置
运维派大星
08-29 4746
华为数通HCIA小型拓扑综合实验,运用OSPF动态路由协议、ACL访问控制列表,交换机生成树协议,修改交换机根桥、交换机划分vlan、链路聚合等相关数通技术、NAT地址转换以及NAT网络地址转换的配置、ACL访问控制列表的配置方法。访问控制列表的书写技巧、ACL访问控制列表的匹配原则。...
HCIA数通实验练习拓扑
最新发布
weixin_52212266的博客
03-28 915
R1-ui-console0]authentication-mode aaa ##设置Console的登录模式。[R1-aaa]local-user admin service-type terminal ##开启登录终端。[R2-ui-vty0-4]authentication-mode password ##远程登录模式。[R2-ui-vty0-4]user privilege level 15 ##远程登录用户优先级。
HCIA的综合实验
m0_63199267的博客
11-03 264
首先分配全网的ip地址在两台交换机上配置vlan 路由R1 R2 DHCP自动分配IP一条一条配置静态路由实现内网全网可达
HCIA综合实验——题目篇
xianranruyi的博客
05-24 1101
武职比赛试题某院校网络项目,请根据项目步骤完成配置。
Ospf基础配置应用( 综合实验: 干涉选举 缺省路由 区域汇总 认证--接口认证)
m0_64188996的博客
07-12 514
目录 综合实验: 干涉选举 缺省路由 区域汇总 认证--接口认证第一步:子网划分 首先进行IP地址的规划,实验要求R4环回固定,其他网段均使用192.168.1.0/24进行划分。R1—R3为区域0,R3—R4为区域1,其中每个都有一个环回,R3的环回在区域0.两个区域,我们先将母网一分为二,得到192.168.1.0/25 与192.168.1.128/25 这样有便于之后的区域汇总。然后再根据两个区域的需求进行划分,区域0需要4个网段(3个环回+骨干链路),区域1需要1个网段(骨干链路
HCIP---第八天
灵兮诺雪的博客
04-21 426
OSPF的拓展配置 1,手工认证 2,缺省路由 3类缺省 --- 这类缺省只能在特殊区域中自动产生。 普通末梢,完全末梢,完全NSSA 特定 --- 通过3类LSA传递的缺省信息,标记位OSPF,默认优先级为10。 5类缺省 --- 可以通过命令手动下发:default-route-advertise 特点 --- 通过5类LSA传递缺省信息,default-route-advertise下发的前提条件是要求边界设备上的路由表本身存在通过其他方式获取到的缺省信息,之后,通过这个命...
思科网络中多路访问网络DR及BDR的选举配置
2201_75693008的博客
03-03 1639
(1)在思科设备中,用于选举DR(Designated Router)和BDR(Backup Designated Router)的协议是OSPF(Open Shortest Path First)协议。在OSPF网络中,每个路由器都有一个路由器优先级(Router Priority)的值,该值用于确定路由器是否有资格成为DR或BDR。
hcia综合实验拓扑
07-27
HCIA综合实验拓扑是一个网络拓扑结构,其中包含了多个设备和网络配置。根据引用\[1\]和引用\[2\]的描述,该拓扑包括以下要点: 1. ISP路由器只能配置IP地址,不能进行其他配置。 2. 内部网络使用192.168.1.0/24进行...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值