HCIA综合实验

学习新思想，争做新青年。今天学习的是HCIA综合实验！

实验拓扑

实验需求

总部：

1、除了SW8 SW9是三层交换机，其他交换机均为2层交换机。

2、GW为总部的出口设备，使用单臂路由技术，VLAN10,20,100的网关都在GW上

3、总部、分支8、分支9之间互有专线连接，目标：GW与SW8与SW9三台建立OSPF

互相宣告互为邻居，进程号200，区域0，达到企业内网全网互通。

4、在SW8和SW9建立的邻居中，SW8的互联接口要永远成为DR

5、要求DHCP服务器在路由追踪PC8的时候，路径中必须包含SW9

特性：

6、VLAN10,20的PC均由DHCP服务器提供IP地址，DHCP服务器的地址池配置如下

VLAN10：192.168.10.0/24 GW：192.168.10.254 DNS：8.8.8.8 租期：8天

VLAN20：192.168.20.0/24 GW：192.168.20.254 DNS：8.8.8.8 租期：8天

PC2是老板的PC，老板要求通过DHCP给他固定IP：192.168.20.100/24其他与地址池一致

由于员工区存在打印机，需要排除掉192.168.10.240~254；192.168.20.240~254

7、GW路由器使用NAT技术，配置EASY IP技术让内部设备可以上网，在Internet路由器上使用

环回接口模拟公网地址，让所有PC可以Ping通100.1.1.1

8、服务器区有一台HTTP服务器，将其80端口发布至Internet网络,在Internet路由器上使用

telnet 70.1.1.1 80 来验证是否成功

分支8：

1、PC8配置静态IP，PC8可以通过总部GW上网，ping 100.1.1.1

分支9：

1、PC9配置静态IP，PC9可以通过总部GW上网，ping 100.1.1.1

实验配置

GW

登录后复制

sysname GW

#

undo info-center enable

#

vlan batch 10 20 100 200 to 202

#

dhcp enable   //使能DHCP

#

acl number 2000   //创建ACL

rule 5 permit

#

interface Eth-Trunk1   //创建聚合口1

undo portswitch           //切换为三层接口

#

interface Eth-Trunk1.10    //进入聚合口的子接口

dot1q termination vid 10  

ip address 192.168.10.254 255.255.255.0

arp broadcast enable    //使能arp广播

dhcp select relay      //使能子接口DHCP中继

dhcp relay server-ip 192.168.100.100  //配置DHCP服务器地址

#

interface Eth-Trunk1.20

dot1q termination vid 20

ip address 192.168.20.254 255.255.255.0

arp broadcast enable

dhcp select relay

dhcp relay server-ip 192.168.100.100

#

interface Eth-Trunk1.100

dot1q termination vid 100

ip address 192.168.100.254 255.255.255.0

arp broadcast enable

#

interface Eth-Trunk1.200

dot1q termination vid 200

ip address 60.30.1.2 255.255.255.248

arp broadcast enable

nat server protocol tcp global 70.1.1.1 www inside 192.168.100.101 www   //配置NAT转换

nat outbound 2000

#

interface Eth-Trunk1.201

dot1q termination vid 201

ip address 192.168.201.1 255.255.255.0

ospf cost 3    //修改路径开销为3

arp broadcast enable

#

interface Eth-Trunk1.202

dot1q termination vid 202

ip address 192.168.202.1 255.255.255.0

arp broadcast enable

#

interface GigabitEthernet0/0/0

eth-trunk 1

#

interface GigabitEthernet0/0/1

eth-trunk 1

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

ospf 100 router-id 1.1.1.1

area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 60.30.1.0 0.0.0.255

  network 192.168.10.0 0.0.0.255

  network 192.168.20.0 0.0.0.255

  network 192.168.100.0 0.0.0.255

  network 192.168.201.0 0.0.0.255

  network 192.168.202.0 0.0.0.255

#

ip route-static 0.0.0.0 0.0.0.0 60.30.1.1

#

return

L2-Core-SW

登录后复制

sysname L2-Core-SW

#

undo info-center enable

#

vlan batch 10 20 100 200 to 202

#

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

#

interface Eth-Trunk2

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 201

#

interface GigabitEthernet0/0/2

 eth-trunk 1

#

interface GigabitEthernet0/0/3

 eth-trunk 1

#

interface GigabitEthernet0/0/4

 eth-trunk 2

#

interface GigabitEthernet0/0/5

 eth-trunk 2

#

interface GigabitEthernet0/0/6

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/7

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/8

 port hybrid tagged vlan 100

#

interface GigabitEthernet0/0/9

 port link-type access

 port default vlan 202

DHCP

登录后复制

sysname DHCP
#
 undo info-center enable
#
dhcp enable
#
ip pool VLAN10
 gateway-list 192.168.10.254 
 network 192.168.10.0 mask 255.255.255.0 
 excluded-ip-address 192.168.10.240 192.168.10.253 
 lease day 8 hour 0 minute 0 
 dns-list 8.8.8.8 
#
ip pool VLAN20
 gateway-list 192.168.20.254 
 network 192.168.20.0 mask 255.255.255.0 
 static-bind ip-address 192.168.20.100 mac-address 5489-9806-68e7 
 excluded-ip-address 192.168.20.240 192.168.20.253 
 lease day 8 hour 0 minute 0 
 dns-list 8.8.8.8 
#
interface GigabitEthernet0/0/0
 ip address 192.168.100.100 255.255.255.0 
 dhcp select global
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254

ACC_SW

sysname ACC_SW # undo info-center enable # vlan batch 200 # interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/1 port link-type access port default vlan 200 # interface GigabitEthernet0/0/2 eth-trunk 1 # interface GigabitEthernet0/0/3 eth-trunk 1

ACC-SW-Staff01

登录后复制

#

sysname ACC-SW-Staff01

#

undo info-center enable

#

vlan batch 10

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 10

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

ACC-SW-Staff02

登录后复制

#

sysname ACC-SW-Staff02

#

undo info-center enable

#

vlan batch 20

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 20

 port trunk allow-pass vlan 20

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

ACC-SW-Server01

登录后复制

#

sysname ACC-SW-Server01

#

undo info-center enable

#

vlan batch 100

#

interface GigabitEthernet0/0/1

 port hybrid pvid vlan 100

 port hybrid untagged vlan 100

#

interface GigabitEthernet0/0/2

 port hybrid pvid vlan 100

 port hybrid untagged vlan 100

#

interface GigabitEthernet0/0/3

 port hybrid tagged vlan 100

SW8

登录后复制

#

sysname SW8

#

undo info-center enable

#

vlan batch 80 201 203

#

interface Vlanif80

 ip address 192.168.80.254 255.255.255.0

#

interface Vlanif201

 ip address 192.168.201.2 255.255.255.0

#

interface Vlanif203

 ip address 192.168.203.1 255.255.255.0

 ospf dr-priority 255  //修改ospf优先级

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 201

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 80

#

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 203

#

interface LoopBack0

 ip address 8.8.8.8 255.255.255.255

#

ospf 100 router-id 8.8.8.8

 area 0.0.0.0

  network 8.8.8.8 0.0.0.0

  network 192.168.201.0 0.0.0.255

  network 192.168.80.0 0.0.0.255

  network 192.168.203.0 0.0.0.255

#

ip route-static 0.0.0.0 0.0.0.0 192.168.201.1

#

return

SW9

登录后复制

#

sysname SW9

#

undo info-center enable

#

vlan batch 90 202 to 203

#

interface Vlanif90

 ip address 192.168.90.254 255.255.255.0

#

interface Vlanif202

 ip address 192.168.202.2 255.255.255.0

#

interface Vlanif203

 ip address 192.168.203.2 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 202

#

interface GigabitEthernet0/0/2

 port link-type access

 port default vlan 90

#

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 203

#

interface LoopBack0

 ip address 9.9.9.9 255.255.255.255

#

ospf 100 router-id 9.9.9.9

 area 0.0.0.0

  network 9.9.9.9 0.0.0.0

  network 192.168.202.0 0.0.0.255

  network 192.168.90.0 0.0.0.255

  network 192.168.203.0 0.0.0.255

#

ip route-static 0.0.0.0 0.0.0.0 192.168.202.1

Internet

登录后复制

#

 sysname Internet

#

 undo info-center enable

#

vlan batch 200

#

interface GigabitEthernet0/0/0

 ip address 60.30.1.1 255.255.255.248

#

interface LoopBack0

 ip address 100.1.1.1 255.255.255.255

#

ip route-static 70.1.1.1 255.255.255.255 60.30.1.2

配置完毕，验证配置

PC1获取IP地址

PC2获取IP地址

PC1 Ping DHCP服务器

PC1 Ping Internet

PC1 Ping PC8

PC1 Ping PC9

验证完毕，全网互通。