实验HCIA

最新推荐文章于 2024-09-14 18:46:05 发布

yhk2022023534

最新推荐文章于 2024-09-14 18:46:05 发布

阅读量36

点赞数

文章标签： java 开发语言

本文链接：https://blog.csdn.net/yhk2022023534/article/details/130748479

版权

配置描述了网络中的VLAN划分，接口类型如access和trunk，以及DHCP服务器的配置，包括两个不同的IP地址池。OSPF路由协议被用来进行路由信息交换，同时使用MD5认证增强安全性。此外，还设置了访问控制列表（ACL）限制了特定TCP流量，并进行了NAT转换以允许内部设备访问外部网络。

摘要由CSDN通过智能技术生成

SW1
vlan batch 2 to 3

interface Ethernet0/0/1
port link-type access
port default vlan 2

interface Ethernet0/0/2
port link-type access
port default vlan 2

interface Ethernet0/0/3
port link-type access
port default vlan 3

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3

SW2
vlan batch 2 to 3

interface Ethernet0/0/1
port link-type access
port default vlan 2

interface Ethernet0/0/2
port link-type access
port default vlan 3

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3

R1
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.252

dhcp enable

ip pool v2
gateway-list 192.168.1.65
network 192.168.1.64 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8

ip pool v3
gateway-list 192.168.1.97
network 192.168.1.96 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8

interface GigabitEthernet0/0/1.1
dot1q termination vid 2
arp broadcast enable  ip address 192.168.1.65 255.255.255.224
dhcp select global

interface GigabitEthernet0/0/1.2
dot1q termination vid 3
arp broadcast enable
ip address 192.168.1.97 255.255.255.224
dhcp select global

R2
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.252

interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0

dhcp enable

ip pool v2
gateway-list 192.168.1.129
network 192.168.1.128 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8

ip pool v3
gateway-list 192.168.1.161
network 192.168.1.160 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8

interface GigabitEthernet0/0/2.1
dot1q termination vid 2
ip address 192.168.1.129 255.255.255.224
arp broadcast enable
dhcp select global

interface GigabitEthernet0/0/2.2
dot1q termination vid 3
ip address 192.168.1.161 255.255.255.224
arp broadcast enable
dhcp select global
ISP
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 3.3.3.1 255.255.255.0

2.OSPF配置
R1
ospf 1 router-id 1.1.1.1    //开启ospf协议，给定router-id
area 0.0.0.0        //进入区域0
network 192.168.1.0 0.0.0.255    //宣告网段

interface GigabitEthernet0/0/0
ospf authentication-mode md5 1 cipher xiaoli123 //在与邻居相连接口上做认证，保障安全

R2
ospf 1 router-id 2.2.2.2
default-route-advertise always
area 0.0.0.0
network 192.168.1.0 0.0.0.255

interface GigabitEthernet0/0/0
ospf authentication-mode md5 1 cipher xiaoli123

3.ACL+NAT
R1
aaa
local-user xiaoli password cipher xiaoli123
local-user xiaoli service-type telnet
local-user xiaoli privilege level 15

user-interface vty 0 4
authentication-mode aaa

acl number 3000
rule 5 deny tcp source 192.168.1.94 0 destination 192.168.1.65 0 destination-port eq telnet
rule 10 deny tcp source 192.168.1.94 0 destination 192.168.1.97 0 destination-port eq telnet
rule 10 deny tcp source 192.168.1.94 0 destination 192.168.1.1 0 destination-port eq telnet

interface GigabitEthernet0/0/1.1
traffic-filter inbound acl 3000

R2
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255

interface GigabitEthernet0/0/1
nat outbound 2000
nat static protocol tcp global current-interface www inside 192.168.1.98 www netmask 255.255.255.255
nat static protocol tcp global current-interface telnet inside 192.168.1.1 telnet netmask 2