H3CNE综合实验
文章目录
H3CNE综合实验
实验拓扑
实验要求
- 按图示配置IP地址
- SW1 和 SW2 之间的直连链路配置链路聚合
- 公司内部业务网段为Vlan10 和Vlan20;Vlan10是市场部,Vlan20是技术部,要求对Vlan进行命名以便识别;PC1属于Vlan10,PC2属于Vlan20,Vlan30用于SW1和SW2建立OSPF邻居;Vlan111为SW1和R1的互联Vlan,Vlan222为SW2和R2的互联Vlan
- 所有交换机相连的端口配置为Trunk,允许相关流量通过
- 交换机连接PC的端口配置为边缘端口
- 各个交换机上配置mstp,mst域为nidaye,vlan10映射到instance1,vlan20映射到instance2,要求vlan10流量默认走SW1,vlan20的流量默认走SW2
- SW1和SW2配置VRRP互为备份,监听上行接口,避免抢占
- 在SW1上配置DHCP服务,为Vlan10和Vlan20的PC动态分配IP地址、网关和DNS地址;要求Vlan10的网关是192.168.1.252,Vlan20的网关是192.168.2.253
- 配置OSPF实现公司内部网络全网互通,ABR的环回口宣告进骨干区域;业务网段不允许出现协议报文
- R1上配置默认路由指向互联网,并引入到OSPF
- R1通过双线连接到互联网,配置PPP-MP,并配置双向chap验证
- 配置easy ip,只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网
- R1开启TELNET远程管理,使用用户 telnet登录,密码nidaye123456,只允许技术部远程管理R1
实验步骤
1.配置IP地址略
2.配置链路聚合
SW1
#创建聚合组
int Bridge-Aggregation 1
port link-type trunk
port trunk permit vlan 10 20 30
#把端口加入到聚合组
int g1/0/1
port link-aggregation group 1
int g1/0/2
port link-aggregation group 1
#
SW2配置类似
注意,先把链路聚合配好了再去配trunk
3.配置vlan地址和接口类型略
4.配置边缘端口
SW3
#
interface GigabitEthernet1/0/3
stp edged-port
#
interface GigabitEthernet1/0/4
stp edged-port
#
5.配置MSTP
SW1、SW2、SW3
#配置mst域
stp region-configuration
region-name nidaye
instance 1 vlan 10
instance 2 vlan 20
active region-configuration 这里别忘记激活
#
SW1
#
stp instance 1 root primary
stp instance 2 root secondary
#
SW2
#
stp instance 1 root secondary
stp instance 2 root primary
#
6.配置VRRP
SW1
#
track 1 interface GigabitEthernet1/0/4 监听上行接口
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.168.1.254
vrrp vrid 10 priority 120
vrrp vrid 10 track 1 priority reduced 30 降低优先级避免发生抢占
interface Vlan-interface20
vrrp vrid 20 virtual-ip 192.168.2.254
#
SW2
#
track 1 interface GigabitEthernet 1/0/4 监听上行接口
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.168.1.254
interface Vlan-interface20
vrrp vrid 20 virtual-ip 192.168.2.254
vrrp vrid 20 priority 120
vrrp vrid 20 track 1 priority reduced 30 降低优先级避免发生抢占
#
7.配置DHCP服务
SW1
#
dhcp enable 开启dhcp服务
dhcp server ip-pool 1 创建dhcp地址池
gateway-list 192.168.1.252
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8
#
dhcp server ip-pool 2
gateway-list 192.168.2.253
network 192.168.2.0 mask 255.255.255.0
dns-list 8.8.8.8
#
配置完后,在PC1和PC2中开启DHCP就可以获取到IP地址
8.配置OSPF
SW1
#
ospf 1 router-id 10.1.1.11
业务网段不能出现协议报文,所以要配置静默接口
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.1
network 10.0.0.6 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.1.1.11 0.0.0.0
network 10.1.2.1 0.0.0.0
network 192.168.1.252 0.0.0.0
network 192.168.2.252 0.0.0.0
#
--------------------------------------------------------------------------------
SW2
#
ospf 1 router-id 10.1.1.12
业务网段不能出现协议报文,所以要配置静默接口
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.1
network 10.0.0.10 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.1.1.12 0.0.0.0
network 10.1.2.2 0.0.0.0
network 192.168.1.253 0.0.0.0
network 192.168.2.253 0.0.0.0
#
--------------------------------------------------------------------------------
R1
#
ospf 1 router-id 10.1.1.1
area 0.0.0.0
network 10.0.0.1 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.14 0.0.0.0
network 10.1.1.1 0.0.0.0
area 0.0.0.1
network 10.0.0.5 0.0.0.0
#
注意R1和R2之间的那两个接口宣告进同一个区域,不然邻居起不来
--------------------------------------------------------------------------------
R2
#
ospf 1 router-id 10.1.1.2
area 0.0.0.0
network 10.0.0.2 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.18 0.0.0.0
network 10.1.1.2 0.0.0.0
area 0.0.0.1
network 10.0.0.9 0.0.0.0
#
--------------------------------------------------------------------------------
R3
#
ospf 1 router-id 10.1.1.3
业务网段不能出现协议报文,所以要配置静默接口
silent-interface GigabitEthernet0/2
area 0.0.0.0
network 10.0.0.13 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.17 0.0.0.0
network 10.1.1.3 0.0.0.0
network 192.168.3.254 0.0.0.0
#
可以用display ospf peer查看邻居是否都起来了
R1有三个邻居
[R1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.2 10.0.0.2 1 35 Full/DR GE0/1
10.1.1.3 10.0.0.13 1 35 Full/DR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.0.0.6 1 34 Full/DR GE0/0
--------------------------------------------------------------------------------
R2有三个邻居
[R2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.2
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.3 10.0.0.17 1 33 Full/DR GE0/1
10.1.1.1 10.0.0.1 1 34 Full/BDR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.0.0.10 1 30 Full/DR
--------------------------------------------------------------------------------
R3有两个邻居
[R3]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.1 10.0.0.14 1 38 Full/BDR GE0/0
10.1.1.2 10.0.0.18 1 30 Full/BDR
--------------------------------------------------------------------------------
SW1有两个邻居
[SW1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.11
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.1.2.2 1 40 Full/BDR Vlan30
10.1.1.1 10.0.0.5 1 40 Full/BDR
--------------------------------------------------------------------------------
SW2有两个邻居
[SW2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.12
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.1.2.1 1 34 Full/DR Vlan30
10.1.1.2 10.0.0.9 1 36 Full/BDR
9.配置默认路由并引入到OSPF
R1
#
ip route-static 0.0.0.0 0 202.100.1.1
#
ospf 1 router-id 10.1.1.1
default-route-advertise
#
配置完后,其他运行OSPF的路由器也能学习到外部默认路由,注意OSPF外部路由的默认优先级为150
[R2]display ip routing-table
Destinations : 28 Routes : 29
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.1 GE0/2
......
--------------------------------------------------------------------------------
[R3]display ip routing-table
Destinations : 28 Routes : 32
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.14 GE0/0
......
--------------------------------------------------------------------------------
[SW1]display ip routing-table
Destinations : 36 Routes : 38
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.5 Vlan111
......
--------------------------------------------------------------------------------
[SW2]display ip routing-table
Destinations : 36 Routes : 38
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.1.2.1 Vlan30
......
--------------------------------------------------------------------------------
10.配置PPP-MP和双向CHAP验证
R1
#创建MP组
interface MP-group1
ip address 202.100.1.2 255.255.255.252
#把接口加入到组
interface Serial1/0
ppp mp MP-group1
interface Serial2/0
ppp mp MP-group1
#internet配置类似
--------------------------------------------------------------------------------
R1
#创建对端用于ppp验证的用户
local-user internet class network
password simple nidaye123456
service-type ppp
#
interface Serial1/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
interface Serial2/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
--------------------------------------------------------------------------------
internet
#创建对端用于ppp验证的用户
local-user r1 class network
password simple nidaye123456
service-type ppp
#
interface Serial1/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
interface Serial2/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
11.配置easy ip
R1
#创建基本acl,允许两个业务网段访问internet
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
interface MP-group1
nat outbound 2000 将acl应用到配置了IP地址的接口上
#
配置完后,只有PC1和PC2能ping通internet,PC3ping不通internet
<PC1>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=5.000 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=4.000 ms
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/3.000/5.000/1.265 ms
--------------------------------------------------------------------------------
<PC2>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=6.000 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=7.000 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=8.000 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=5.000 ms
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/5.600/8.000/2.059 ms
--------------------------------------------------------------------------------
<PC3>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
12.配置telnet服务
R1
#
telnet server enable 开启telnet服务
local-user telnet class manage 创建远程管理用户
password simple nidaye123456
service-type telnet
authorization-attribute user-role level-15
#
user-interface vty 0 4
authentication-mode scheme 认证模式为AAA
user-role level-15
#创建基本acl,只允许技术部远程管理R1
acl basic 2001
rule 0 permit source 192.168.2.0 0.0.0.255
#将acl应用到telnet服务上
telnet server acl 2001
#
配置完后PC2可以telnet到R1上,由于模拟器中PC不支持telnet,所以我就不做演示了,大家可以用路由器替换掉PC,在路由器上可以实现telnet登录
这个综合实验基本上运用到了NE阶段的所有内容,学习并不是一蹴而就的,还是要多做实验才能熟练,将理论与实践相结合!
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
THE END
二维码