综合实验操作步骤:

张开发
2026/4/20 8:25:23 15 分钟阅读

最新文章

推荐文章

相关文章

分享文章

综合实验操作步骤:
题目要求及配置思路拓扑结构需求--1.所有PC均需要通过DHCP获取IP地址-地址池名称和设备VLAN一致例如PC1-ip pool vlan10,其中只有业务B网络用户需要访问互联网web服务-需要DNS信息。2.交换机配置VLAN需要遵循最小VLAN透传原则3.利用OSPF协议使内外用户互相访问-全网可达设备Router-ID需要手工配置和设备编号一致例如R1-RID1.1.1.1并采用精准宣告的方式进行宣告例如172.16.64.1/24接口宣告172.16.64.1 0.0.0.04.内网全网可达并且需要尽可能减小路由表条目数量汇总采用精确汇总方式能够利用缺省省去的配置可省略防止环路并且保障安全在OSPF区域0需要配置认证-采用MD5认证密码为123456企业内网所有用户网段能够汇总都需要尽量汇总;OSPF网络用户终端不能收到OSPF协议报文。5.内网所有用户均可访问互联网边界路由器配置NATACL采用基础ACL编号为2000R3-0/0/2接口不允许宣告在内网中包含静态。6.test设备需要远程登陆到内网telnet-server设备,登录账号为 huawei 密码 123456登录权限为最高。7.不允许VLAN 40和VLAN 50 用户访问内网B业务acl编号为2001在R3设备0/0/0接口配置不允许PC1访问PC5ACL编号为3000。8.R3-R4中间百兆链路作为备份链路不允许正常情况下数据通过需要降低优先级数值配置为100。9.所有设备严格按照拓扑图标识进行配置注意大小写。10.图示中所有服务器和client设备均为体现需求地址固定不做更改在配置时需求注意。clinet1用来模拟内网用户访问互联网ISP-服务器test设备用来测试互联网用户远程登陆内网telent-server主机。分析先按照区域分块配置最后配置附加需求一、企业A内网配置思路配置路由IP配置vlana.创建vlanb.给接口划分vlanc.配置trunk接口下发vlanDHCP获取IPa.启动DHCP协议b.创建地址池c.在相应端口下放地址池OSPF宣告路由a.启动OSPF协议进程配置RIDb.进入相应区域network网段c.查看OSPF领居表和路由表进行访问测试配置OSPF的区域汇总——ABR汇总精简路由表的路由条路数量配置静态路由空接口防环配置OSPF区域0 的认证配置easyIP实现内网访问外网让OSPF协议下放缺省给内网路由器保证内网设备访问外网配置telnet服务器配置NATserver实现外网访问内网的服务配置基础ACL和高级ACL实现访问控制二、企业B内网配置思路配置IP地址配置vlan地址配置DHCP技术使得PC获得IP地址配置静态路由协议使得全网通ping配置静态路由空接口防环配置静态缺省保证内网设备访问配置静态浮动路由实现正常走千兆故障走百兆具体操作步骤企业一路由器IP接口配置[R1-GigabitEthernet0/0/1]int gi 0/0/0[R1-GigabitEthernet0/0/0]ip add 172.16.67.1 24[R2]int gi 0/0/0[R2-GigabitEthernet0/0/0]ip add 172.16.67.2 24[R2-GigabitEthernet0/0/0]int gi 0/0/2[R2-GigabitEthernet0/0/2]ip add 172.16.2.1 24[R3]int gi 0/0/0[R3-GigabitEthernet0/0/0]ip add 172.16.2.2 24[R3]int Ethernet 4/0/0[R3-Ethernet4/0/0]ip add 172.16.129.1 24[R3]int gi 0/0/1[R3-GigabitEthernet0/0/1]ip add 172.16.130.1 24vlan配置以下的路由器配置命令需要先创建vlan交换机配置SW1的交换机配置创建vlan创建vlan 并且在相应接划分vlan[SW1]vlan batch 10 20 30将vlan划分到相应接口[SW1]int gi 0/0/2[SW1-GigabitEthernet0/0/2]port link-type access[SW1-GigabitEthernet0/0/2]port default vlan 10[SW1]int gi 0/0/3[SW1-GigabitEthernet0/0/3]port link-ty access[SW1-GigabitEthernet0/0/3]port default vlan 20[SW1-GigabitEthernet0/0/3]int gi 0/0/4[SW1-GigabitEthernet0/0/4]port link-type access[SW1-GigabitEthernet0/0/4]port default vlan 30配置trunk并放行vlan10 20 30[SW1-GigabitEthernet0/0/4]int gi 0/0/1SW1-GigabitEthernet0/0/1]port link-type trunk[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30SW2的交换机配置[SW2]vlan batch 40 50[SW2]int gi 0/0/2[SW2-GigabitEthernet0/0/2]port link-type access[SW2-GigabitEthernet0/0/2]port default vlan 40[SW2-GigabitEthernet0/0/2]int gi 0/0/3[SW2-GigabitEthernet0/0/3]port link-ty acc[SW2-GigabitEthernet0/0/3]port default vlan 50配置trunk接口并下放vlan40 50[SW2-GigabitEthernet0/0/3]int gi 0/0/1[SW2-GigabitEthernet0/0/1]port link-type trunk[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 40 50单臂路由配置R1的逻辑接口配置[R1]int gi 0/0/1.10[R1-GigabitEthernet0/0/1.10]ip add 172.16.64.1 24[R1-GigabitEthernet0/0/1.10]dot1q termination vid 10[R1-GigabitEthernet0/0/1.10]arp broadcast enable[R1]int gi 0/0/1.20[R1-GigabitEthernet0/0/1.20]ip add 172.16.65.1 24[R1-GigabitEthernet0/0/1.20]dot1q ter vid 20[R1-GigabitEthernet0/0/1.20]arp broadcast enable[R1]int gi 0/0/1.30[R1-GigabitEthernet0/0/1.30]ip add 172.16.66.1 24[R1-GigabitEthernet0/0/1.30]dot ter vid 30[R1-GigabitEthernet0/0/1.30]arp br enableR2的逻辑接口配置[R2]int gi 0/0/1.40[R2-GigabitEthernet0/0/1.40]ip add 172.16.0.1 24[R2-GigabitEthernet0/0/1.40]dot ter vid 40[R2-GigabitEthernet0/0/1.40]arp bro ena[R2-GigabitEthernet0/0/1.40]int gi 0/0/1.50[R2-GigabitEthernet0/0/1.50]ip add 172.16.1.1 24[R2-GigabitEthernet0/0/1.50]dot ter vid 50[R2-GigabitEthernet0/0/1.50]arp bro enR1与R2的接口与IP情况DHCP配置R1 的DHCP创建启动DHCP服务[R1]dhcp enable创建地址池[R1]ip pool vlan10Info: Its successful to create an IP address pool.[R1-ip-pool-vlan10]network 172.16.64.0 mask 24[R1-ip-pool-vlan10]gateway-list 172.16.64.1[R1-ip-pool-vlan10]dns 8.8.8.8[R1]ip pool vlan20[R1-ip-pool-vlan20]net 172.16.65.0 mask 24[R1-ip-pool-vlan20]gate 172.16.65.1[R1-ip-pool-vlan20]dns 8.8.8.8[R1]ip pool vlan30[R1-ip-pool-vlan30]net 172.16.66.0 mask 24[R1-ip-pool-vlan30]gate 172.16.66.1[R1-ip-pool-vlan30]dns 8.8.8.8R2 的DHCP创建[R2]dhcp enable[R2]ip pool vlan40[R2-ip-pool-vlan40]netw 172.16.0.0 mask 24[R2-ip-pool-vlan40]gate 172.16.0.1[R2-ip-pool-vlan40]dns 8.8.8.8[R2]ip pool vlan50[R2-ip-pool-vlan50]net 172.16.1.0 mask 24[R2-ip-pool-vlan50]gate 172.16.1.1[R2-ip-pool-vlan50]dns 8.8.8.8进入接口下放地址池在R1中下放[R1]int gi 0/0/1.10[R1-GigabitEthernet0/0/1.10]dhcp select global[R1]int gi 0/0/1.20[R1-GigabitEthernet0/0/1.20]dhcp select global[R1-GigabitEthernet0/0/1.20]int gi 0/0/1.30[R1-GigabitEthernet0/0/1.30]dhcp sel gl在SW2中下放[R2]int gi 0/0/1.40[R2-GigabitEthernet0/0/1.40]dhcp sel global[R2-GigabitEthernet0/0/1.40]int gi 0/0/1.50[R2-GigabitEthernet0/0/1.50]dhcp sel gl[telent-server]dhcp enable[telent-server]int gi 0/0/0[telent-server-GigabitEthernet0/0/0]ip add dhcp-alloc成功获取IP以PC4为示例OSPF配置创建OSPF的协议进程配置RIDR1[R1]ospf 1 router-id 1.1.1.1进入相应的area宣告network网段[R1-ospf-1]area 1[R1-ospf-1-area-0.0.0.1]network 172.16.64.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.67.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.65.1 0.0.0.0[R1-ospf-1-area-0.0.0.1]network 172.16.66.1 0.0.0.0R2[R2]ospf 1 router-id 2.2.2.2[R2-ospf-1]area 1[R2-ospf-1-area-0.0.0.1]net 172.16.67.2 0.0.0.0[R2-ospf-1-area-0.0.0.1]area 0[R2-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0[R2-ospf-1-area-0.0.0.0] network 172.16.0.1 0.0.0.0[R2-ospf-1-area-0.0.0.0] network 172.16.1.1 0.0.0.0[R2-ospf-1]default-route-advertise alwaysR3[R3]ospf 1 router-id 3.3.3.3[R3-ospf-3]a 0[R3-ospf-3-area-0.0.0.0]network 172.16.2.2 0.0.0.0查看OSPF的领居表路由表测试连通性PC1pingPC4配置OSPF的区域汇总——ABR汇总精简路由表的路由条目数区域1的汇总命令R2-ospf-1]area 1[R2-ospf-1-area-0.0.0.1]abr-summary 172.16.64.0 255.255.252.0在ABR【R2】与骨干区域和非骨干区域相连的设备上做汇总在ABRR2上设置汇总区域0的汇总命令[R2-ospf-1]area 1[R2-ospf-1-area-0.0.0.1]abr-summary 172.16.64.0 255.255.252.0[R2-ospf-1-area-0.0.0.1]q[R2-ospf-1]area 0[R2-ospf-1-area-0.0.0.0]abr-summary 172.16.0.0 255.255.252.0配置静态路由空接口防环企业A[R2]ip route-static 172.16.0.0 22 null 0[R2]ip route-static 172.16.64.0 22 null 0在OSPF中下放缺省[R3]ospf 3[R3-ospf-3]default-route-advertise alwaysR2和R1配置认证[R3]int gi 0/0/0[R3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456[R2]int gi 0/0/2[R2-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher 123456配置easyIP实现内外网互通[R3]acl 2000[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255[R3]int gi 0/0/2[R3-GigabitEthernet0/0/2]nat outbound acl 2000配置telnet服务器配置NATserver实现外网访问内网的服务telnet服务创建[telnet-server]telnet server enable[telnet-server]aaa[telnet-server-aaa]local-user wu privilege level 15[telnet-server-aaa]local-user wu password cipher 12345[telnet-server-aaa]local-user wu service-type telnet[telnet-server]user-interface vty 0 4[telnet-server-ui-vty0-4]authentication-mode aaa以用户名加密码登录使用R2测试telnet在R3上做NAT SERVER的地址[R3]int gi 0/0/2[R3-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 inside 172.16.66.254 23test 测试telnet配置基础ACL和高级ACL实现访问控制使用ACL禁止访问某些网络PC3和PC4禁止访问内网B[R2]acl 2000rule 5 deny source 172.16.0.0 0.0.0.255rule 10 deny source 172.16.1.0 0.0.0.255[R2]interface gi 0/0/2[R2-GigabitEthernet0/0/2]traffic-filter outbound acl 2000【PC3访问企业B的PC5】【PC1禁止访问PC5】ACL 3000[R1-acl-adv-3000]rule deny icmp source 172.16.64.254 0.0.0.0 destination 172.16.128.254 0.0.0.0[R1]int gi 0/0/0[R1-GigabitEthernet0/0/0]traffic-filter outbound acl 3000【PC1访问PC5】企业二配置IP地址R4interface Ethernet4/0/0ip address 172.16.129.2 255.255.255.0interface GigabitEthernet0/0/0ip address 172.16.130.2 255.255.255.0interface GigabitEthernet0/0/1ip address 172.16.131.1 255.255.255.0interface GigabitEthernet0/0/2ip address 172.16.132.1 255.255.255.0R5interface GigabitEthernet0/0/0ip address 172.16.131.2 255.255.255.0interface GigabitEthernet0/0/1ip address 172.16.133.1 255.255.255.0R6interface GigabitEthernet0/0/0ip address 172.16.132.2 255.255.255.0interface GigabitEthernet0/0/1ip address 172.16.134.1 255.255.255.0R7interface GigabitEthernet0/0/0ip address 172.16.133.2 255.255.255.0interface GigabitEthernet0/0/1ip address 172.16.134.2 255.255.255.07配置vlan交换机SW3的配置Vlan vatch 60 70Int gi 0/0/2Port link-type accessPort default access vlan 70Int gi 0/0/4Port link-type accessPort default vlan access vlan 60Int gi 0/0/3Port link-typr accessPort default vlan access vlan 60Int gi 0/0/1Port link-type trunkPort trunk allow-pass vlan 60 70逻辑接口配置interface GigabitEthernet0/0/2.1dot1q termination vid 60[R7-GigabitEthernet0/0/2.1]arp br enableip address 172.16.128.1 255.255.255.128interface GigabitEthernet0/0/2.2dot1q termination vid 70[R7-GigabitEthernet0/0/2.1]arp br enableip address 172.16.128.129 255.255.255.128DHCP 配置DHCP enable[R7]ip pool vlan60[R7-ip-pool-vlan60]network 172.16.128.0 mask 25[R7-ip-pool-vlan60]gate 172.16.128.1[R7-ip-pool-vlan60]dns 8.8.8.8[R7-ip-pool-vlan60]ip pool vlan70[R7-ip-pool-vlan70]network 172.16.128.128 mask 25[R7-ip-pool-vlan70]gate 172.16.128.129[R7-ip-pool-vlan70]dns 8.8.8.8下放iIP地址池[R7]int gi 0/0/2.1[R7-GigabitEthernet0/0/2.1]dhcp select global[R7]int gi 0/0/2.2[R7-GigabitEthernet0/0/2.2]dhcp select global配置静态路由R4[R4]ip route-static 172.16.134.0 24 172.16.132.2[R4]ip route-static 172.16.128.0 24 172.16.132.2[R4]ip route-static 172.16.133.0 24 172.16.131.2R5[R5]ip route-static 172.16.129.0 24 172.16.131.1[R5]ip route-static 172.16.130.0 24 172.16.131.1[R5]ip route-static 172.16.132.0 24 172.16.131.1[R5]ip route-static 172.16.134.0 24 172.16.133.2[R5]ip route-static 172.16.128.0 24 172.16.133.2R6[R6]ip route-static 172.16.129.0 24 172.16.132.1[R6]ip route-static 172.16.130.0 24 172.16.132.1[R6]ip route-static 172.16.131.0 24 172.16.132.1[R6]ip route-static 172.16.133.0 24 172.16.134.2[R6]ip route-static 172.16.128.0 24 172.16.134.2R7[R7]ip route-static 172.16.131.0 24 172.16.133.1[R7]ip route-static 172.16.129.0 24 172.16.133.1[R7]ip route-static 172.16.130.0 24 172.16.133.1[R7]ip route-static 172.16.130.0 24 172.16.134.1[R7]ip route-static 172.16.129.0 24 172.16.134.1[R7]ip route-static 172.16.132.0 24 172.16.134.1R3[R3]ip route-static 172.16.128.0 24 172.16.130.2[R3]ip route-static 172.16.134.0 24 172.16.129.2[R3]ip route-static 172.16.132.0 24 172.16.129.2[R3]ip route-static 172.16.132.0 24 172.16.130.2[R3]ip route-static 172.16.134.0 24 172.16.130.2PC5pingR3测试DNS pingR3测试配置缺省路由防环在每个路由设备上配置通网汇总路由vlan60和vlan70的缺省路由[R3]ip route-static 172.16.128.0 24 null 0[R4]ip route-static 172.16.128.0 24 null 0[R5]ip route-static 172.16.128.0 24 null 0[R6]ip route-static 172.16.128.0 24 null 0[R7]ip route-static 172.16.128.0 24 null 0[内网PC5ping公网ISP服务器]配置缺省路由保证内网设备访问[R4]ip route-static 0.0.0.0 0 172.16.129.1[R4]ip route-static 0.0.0.0 0 172.16.130.1[R5]ip route-static 0.0.0.0 0 172.16.131.1[R6]ip route-static 0.0.0.0 0 172.16.132.1[R7]ip route-static 0.0.0.0 0 172.16.134.1[R7]ip route-static 0.0.0.0 0 172.16.133.1配置静态浮动路由实现正常走千兆不正常走百兆R4入方向修改[R4]ip route-static 0.0.0.0 0 172.16.130.1 preference 100【不活跃路由】R3出方向修改[R3]ip route-static 172.16.128.0 255.255.255.0 172.16.130.2 preference 100[R3]ip route-static 172.16.131.0 255.255.255.0 172.16.130.2 preference 100[R3]ip route-static 172.16.132.0 255.255.255.0 172.16.130.2 preference 100[R3]ip route-static 172.16.133.0 255.255.255.0 172.16.130.2 preference 100[R3]ip route-static 172.16.134.0 255.255.255.0 172.16.130.2 preference 100【不活跃路由】

更多文章