学习新思想,争做新青年。今天学习的是HCIA综合实验!
实验拓扑
实验需求
总部:
1、除了SW8 SW9是三层交换机,其他交换机均为2层交换机。
2、GW为总部的出口设备,使用单臂路由技术,VLAN10,20,100的网关都在GW上
3、总部、分支8、分支9之间互有专线连接,目标:GW与SW8与SW9三台建立OSPF
互相宣告互为邻居,进程号200,区域0,达到企业内网全网互通。
4、在SW8和SW9建立的邻居中,SW8的互联接口要永远成为DR
5、要求DHCP服务器在路由追踪PC8的时候,路径中必须包含SW9
特性:
6、VLAN10,20的PC均由DHCP服务器提供IP地址,DHCP服务器的地址池配置如下
VLAN10:192.168.10.0/24 GW:192.168.10.254 DNS:8.8.8.8 租期:8天
VLAN20:192.168.20.0/24 GW:192.168.20.254 DNS:8.8.8.8 租期:8天
PC2是老板的PC,老板要求通过DHCP给他固定IP:192.168.20.100/24其他与地址池一致
由于员工区存在打印机,需要排除掉192.168.10.240~254;192.168.20.240~254
7、GW路由器使用NAT技术,配置EASY IP技术让内部设备可以上网,在Internet路由器上使用
环回接口模拟公网地址,让所有PC可以Ping通100.1.1.1
8、服务器区有一台HTTP服务器,将其80端口发布至Internet网络,在Internet路由器上使用
telnet 70.1.1.1 80 来验证是否成功
分支8:
1、PC8配置静态IP,PC8可以通过总部GW上网,ping 100.1.1.1
分支9:
1、PC9配置静态IP,PC9可以通过总部GW上网,ping 100.1.1.1
实验配置
GW
sysname GW
#
undo info-center enable
#
vlan batch 10 20 100 200 to 202
#
dhcp enable //使能DHCP
#
acl number 2000 //创建ACL
rule 5 permit
#
interface Eth-Trunk1 //创建聚合口1
undo portswitch //切换为三层接口
#
interface Eth-Trunk1.10 //进入聚合口的子接口
dot1q termination vid 10
ip address 192.168.10.254 255.255.255.0
arp broadcast enable //使能arp广播
dhcp select relay //使能子接口DHCP中继
dhcp relay server-ip 192.168.100.100 //配置DHCP服务器地址
#
interface Eth-Trunk1.20
dot1q termination vid 20
ip address 192.168.20.254 255.255.255.0
arp broadcast enable
dhcp select relay
dhcp relay server-ip 192.168.100.100
#
interface Eth-Trunk1.100
dot1q termination vid 100
ip address 192.168.100.254 255.255.255.0
arp broadcast enable
#
interface Eth-Trunk1.200
dot1q termination vid 200
ip address 60.30.1.2 255.255.255.248
arp broadcast enable
nat server protocol tcp global 70.1.1.1 www inside 192.168.100.101 www //配置NAT转换
nat outbound 2000
#
interface Eth-Trunk1.201
dot1q termination vid 201
ip address 192.168.201.1 255.255.255.0
ospf cost 3 //修改路径开销为3
arp broadcast enable
#
interface Eth-Trunk1.202
dot1q termination vid 202
ip address 192.168.202.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0
eth-trunk 1
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 100 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 60.30.1.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.100.0 0.0.0.255
network 192.168.201.0 0.0.0.255
network 192.168.202.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 60.30.1.1
#
return
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
- 93.
- 94.
- 95.
- 96.
- 97.
- 98.
- 99.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
- 107.
- 108.
- 109.
- 110.
- 111.
- 112.
- 113.
- 114.
- 115.
- 116.
- 117.
- 118.
- 119.
- 120.
- 121.
- 122.
- 123.
- 124.
- 125.
- 126.
- 127.
- 128.
- 129.
- 130.
- 131.
- 132.
- 133.
- 134.
- 135.
- 136.
- 137.
- 138.
- 139.
- 140.
- 141.
- 142.
- 143.
- 144.
- 145.
L2-Core-SW
sysname L2-Core-SW
#
undo info-center enable
#
vlan batch 10 20 100 200 to 202
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 201
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface GigabitEthernet0/0/4
eth-trunk 2
#
interface GigabitEthernet0/0/5
eth-trunk 2
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 202
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
DHCP
sysname DHCP
#
undo info-center enable
#
dhcp enable
#
ip pool VLAN10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.240 192.168.10.253
lease day 8 hour 0 minute 0
dns-list 8.8.8.8
#
ip pool VLAN20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
static-bind ip-address 192.168.20.100 mac-address 5489-9806-68e7
excluded-ip-address 192.168.20.240 192.168.20.253
lease day 8 hour 0 minute 0
dns-list 8.8.8.8
#
interface GigabitEthernet0/0/0
ip address 192.168.100.100 255.255.255.0
dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
ACC_SW
# sysname ACC_SW # undo info-center enable # vlan batch 200 # interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type access port default vlan 200 # interface GigabitEthernet0/0/2 eth-trunk 1 # interface GigabitEthernet0/0/3 eth-trunk 1
ACC-SW-Staff01
#
sysname ACC-SW-Staff01
#
undo info-center enable
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
ACC-SW-Staff02
#
sysname ACC-SW-Staff02
#
undo info-center enable
#
vlan batch 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
ACC-SW-Server01
#
sysname ACC-SW-Server01
#
undo info-center enable
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 100
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
SW8
#
sysname SW8
#
undo info-center enable
#
vlan batch 80 201 203
#
interface Vlanif80
ip address 192.168.80.254 255.255.255.0
#
interface Vlanif201
ip address 192.168.201.2 255.255.255.0
#
interface Vlanif203
ip address 192.168.203.1 255.255.255.0
ospf dr-priority 255 //修改ospf优先级
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 201
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 80
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 203
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
ospf 100 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 192.168.201.0 0.0.0.255
network 192.168.80.0 0.0.0.255
network 192.168.203.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.201.1
#
return
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
SW9
#
sysname SW9
#
undo info-center enable
#
vlan batch 90 202 to 203
#
interface Vlanif90
ip address 192.168.90.254 255.255.255.0
#
interface Vlanif202
ip address 192.168.202.2 255.255.255.0
#
interface Vlanif203
ip address 192.168.203.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 202
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 90
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 203
#
interface LoopBack0
ip address 9.9.9.9 255.255.255.255
#
ospf 100 router-id 9.9.9.9
area 0.0.0.0
network 9.9.9.9 0.0.0.0
network 192.168.202.0 0.0.0.255
network 192.168.90.0 0.0.0.255
network 192.168.203.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.202.1
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
Internet
#
sysname Internet
#
undo info-center enable
#
vlan batch 200
#
interface GigabitEthernet0/0/0
ip address 60.30.1.1 255.255.255.248
#
interface LoopBack0
ip address 100.1.1.1 255.255.255.255
#
ip route-static 70.1.1.1 255.255.255.255 60.30.1.2
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
配置完毕,验证配置
PC1获取IP地址
PC2获取IP地址
PC1 Ping DHCP服务器
PC1 Ping Internet
PC1 Ping PC8
PC1 Ping PC9
验证完毕,全网互通。