- H3CNE综合实验
- 实验拓扑
- 实验要求
- 实验步骤
- 1.配置IP地址略
- 2.配置链路聚合
- 3.配置vlan地址和接口类型略
- 4.配置边缘端口
- 5.配置MSTP
- 6.配置VRRP
- 7.配置DHCP服务
- 8.配置OSPF
- 9.配置默认路由并引入到OSPF
- 10.配置PPP-MP和双向CHAP验证
- 11.配置easy ip
- 12.配置telnet服务
- 按图示配置IP地址
- SW1 和 SW2 之间的直连链路配置链路聚合
- 公司内部业务网段为Vlan10 和Vlan20;Vlan10是市场部,Vlan20是技术部,要求对Vlan进行命名以便识别;PC1属于Vlan10,PC2属于Vlan20,Vlan30用于SW1和SW2建立OSPF邻居;Vlan111为SW1和R1的互联Vlan,Vlan222为SW2和R2的互联Vlan
- 所有交换机相连的端口配置为Trunk,允许相关流量通过
- 交换机连接PC的端口配置为边缘端口
- 各个交换机上配置mstp,mst域为nidaye,vlan10映射到instance1,vlan20映射到instance2,要求vlan10流量默认走SW1,vlan20的流量默认走SW2
- SW1和SW2配置VRRP互为备份,监听上行接口,避免抢占
- 在SW1上配置DHCP服务,为Vlan10和Vlan20的PC动态分配IP地址、网关和DNS地址;要求Vlan10的网关是192.168.1.252,Vlan20的网关是192.168.2.253
- 配置OSPF实现公司内部网络全网互通,ABR的环回口宣告进骨干区域;业务网段不允许出现协议报文
- R1上配置默认路由指向互联网,并引入到OSPF
- R1通过双线连接到互联网,配置PPP-MP,并配置双向chap验证
- 配置easy ip,只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R1访问互联网
- R1开启TELNET远程管理,使用用户 telnet登录,密码nidaye123456,只允许技术部远程管理R1
SW1 #创建聚合组 int Bridge-Aggregation 1 port link-type trunk port trunk permit vlan 10 20 30 #把端口加入到聚合组 int g1/0/1 port link-aggregation group 1 int g1/0/2 port link-aggregation group 1 # SW2配置类似
注意,先把链路聚合配好了再去配trunk
3.配置vlan地址和接口类型略 4.配置边缘端口SW3 # interface GigabitEthernet1/0/3 stp edged-port # interface GigabitEthernet1/0/4 stp edged-port #5.配置MSTP
SW1、SW2、SW3 #配置mst域 stp region-configuration region-name nidaye instance 1 vlan 10 instance 2 vlan 20 active region-configuration 这里别忘记激活 # SW1 # stp instance 1 root primary stp instance 2 root secondary # SW2 # stp instance 1 root secondary stp instance 2 root primary #6.配置VRRP
SW1 # track 1 interface GigabitEthernet1/0/4 监听上行接口 interface Vlan-interface10 vrrp vrid 10 virtual-ip 192.168.1.254 vrrp vrid 10 priority 120 vrrp vrid 10 track 1 priority reduced 30 降低优先级避免发生抢占 interface Vlan-interface20 vrrp vrid 20 virtual-ip 192.168.2.254 # SW2 # track 1 interface GigabitEthernet 1/0/4 监听上行接口 interface Vlan-interface10 vrrp vrid 10 virtual-ip 192.168.1.254 interface Vlan-interface20 vrrp vrid 20 virtual-ip 192.168.2.254 vrrp vrid 20 priority 120 vrrp vrid 20 track 1 priority reduced 30 降低优先级避免发生抢占 #7.配置DHCP服务
SW1 # dhcp enable 开启dhcp服务 dhcp server ip-pool 1 创建dhcp地址池 gateway-list 192.168.1.252 network 192.168.1.0 mask 255.255.255.0 dns-list 8.8.8.8 # dhcp server ip-pool 2 gateway-list 192.168.2.253 network 192.168.2.0 mask 255.255.255.0 dns-list 8.8.8.8 #
配置完后,在PC1和PC2中开启DHCP就可以获取到IP地址
8.配置OSPFSW1 # ospf 1 router-id 10.1.1.11 业务网段不能出现协议报文,所以要配置静默接口 silent-interface Vlan-interface10 silent-interface Vlan-interface20 area 0.0.0.1 network 10.0.0.6 0.0.0.0 将接口宣告进区域可以避免掩码计算出错 network 10.1.1.11 0.0.0.0 network 10.1.2.1 0.0.0.0 network 192.168.1.252 0.0.0.0 network 192.168.2.252 0.0.0.0 # -------------------------------------------------------------------------------- SW2 # ospf 1 router-id 10.1.1.12 业务网段不能出现协议报文,所以要配置静默接口 silent-interface Vlan-interface10 silent-interface Vlan-interface20 area 0.0.0.1 network 10.0.0.10 0.0.0.0 将接口宣告进区域可以避免掩码计算出错 network 10.1.1.12 0.0.0.0 network 10.1.2.2 0.0.0.0 network 192.168.1.253 0.0.0.0 network 192.168.2.253 0.0.0.0 # -------------------------------------------------------------------------------- R1 # ospf 1 router-id 10.1.1.1 area 0.0.0.0 network 10.0.0.1 0.0.0.0 将接口宣告进区域可以避免掩码计算出错 network 10.0.0.14 0.0.0.0 network 10.1.1.1 0.0.0.0 area 0.0.0.1 network 10.0.0.5 0.0.0.0 # 注意R1和R2之间的那两个接口宣告进同一个区域,不然邻居起不来 -------------------------------------------------------------------------------- R2 # ospf 1 router-id 10.1.1.2 area 0.0.0.0 network 10.0.0.2 0.0.0.0 将接口宣告进区域可以避免掩码计算出错 network 10.0.0.18 0.0.0.0 network 10.1.1.2 0.0.0.0 area 0.0.0.1 network 10.0.0.9 0.0.0.0 # -------------------------------------------------------------------------------- R3 # ospf 1 router-id 10.1.1.3 业务网段不能出现协议报文,所以要配置静默接口 silent-interface GigabitEthernet0/2 area 0.0.0.0 network 10.0.0.13 0.0.0.0 将接口宣告进区域可以避免掩码计算出错 network 10.0.0.17 0.0.0.0 network 10.1.1.3 0.0.0.0 network 192.168.3.254 0.0.0.0 #
可以用display ospf peer查看邻居是否都起来了
R1有三个邻居
[R1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.2 10.0.0.2 1 35 Full/DR GE0/1
10.1.1.3 10.0.0.13 1 35 Full/DR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.0.0.6 1 34 Full/DR GE0/0
--------------------------------------------------------------------------------
R2有三个邻居
[R2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.2
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.3 10.0.0.17 1 33 Full/DR GE0/1
10.1.1.1 10.0.0.1 1 34 Full/BDR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.0.0.10 1 30 Full/DR
--------------------------------------------------------------------------------
R3有两个邻居
[R3]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.1 10.0.0.14 1 38 Full/BDR GE0/0
10.1.1.2 10.0.0.18 1 30 Full/BDR
--------------------------------------------------------------------------------
SW1有两个邻居
[SW1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.11
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.1.2.2 1 40 Full/BDR Vlan30
10.1.1.1 10.0.0.5 1 40 Full/BDR
--------------------------------------------------------------------------------
SW2有两个邻居
[SW2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.12
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.1.2.1 1 34 Full/DR Vlan30
10.1.1.2 10.0.0.9 1 36 Full/BDR
9.配置默认路由并引入到OSPF
R1 # ip route-static 0.0.0.0 0 202.100.1.1 # ospf 1 router-id 10.1.1.1 default-route-advertise #
配置完后,其他运行OSPF的路由器也能学习到外部默认路由,注意OSPF外部路由的默认优先级为150
[R2]display ip routing-table Destinations : 28 Routes : 29 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.0.0.1 GE0/2 ...... -------------------------------------------------------------------------------- [R3]display ip routing-table Destinations : 28 Routes : 32 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.0.0.14 GE0/0 ...... -------------------------------------------------------------------------------- [SW1]display ip routing-table Destinations : 36 Routes : 38 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.0.0.5 Vlan111 ...... -------------------------------------------------------------------------------- [SW2]display ip routing-table Destinations : 36 Routes : 38 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.1.2.1 Vlan30 ...... --------------------------------------------------------------------------------10.配置PPP-MP和双向CHAP验证
R1 #创建MP组 interface MP-group1 ip address 202.100.1.2 255.255.255.252 #把接口加入到组 interface Serial1/0 ppp mp MP-group1 interface Serial2/0 ppp mp MP-group1 #internet配置类似 -------------------------------------------------------------------------------- R1 #创建对端用于ppp验证的用户 local-user internet class network password simple nidaye123456 service-type ppp # interface Serial1/0 ppp authentication-mode chap 认证模式为chap ppp chap password simple nidaye123456 ppp chap user internet 指定本端用户 # interface Serial2/0 ppp authentication-mode chap 认证模式为chap ppp chap password simple nidaye123456 ppp chap user internet 指定本端用户 # -------------------------------------------------------------------------------- internet #创建对端用于ppp验证的用户 local-user r1 class network password simple nidaye123456 service-type ppp # interface Serial1/0 ppp authentication-mode chap 认证模式为chap ppp chap password simple nidaye123456 ppp chap user internet 指定本端用户 # interface Serial2/0 ppp authentication-mode chap 认证模式为chap ppp chap password simple nidaye123456 ppp chap user internet 指定本端用户 #11.配置easy ip
R1 #创建基本acl,允许两个业务网段访问internet acl basic 2000 rule 0 permit source 192.168.1.0 0.0.0.255 rule 5 permit source 192.168.2.0 0.0.0.255 # interface MP-group1 nat outbound 2000 将acl应用到配置了IP地址的接口上 #
配置完后,只有PC1和PC2能ping通internet,PC3ping不通internet
12.配置telnet服务ping 100.1.1.1 Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break 56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=5.000 ms 56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms 56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms 56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=4.000 ms --- Ping statistics for 100.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/3.000/5.000/1.265 ms -------------------------------------------------------------------------------- ping 100.1.1.1 Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break 56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms 56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=6.000 ms 56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=7.000 ms 56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=8.000 ms 56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=5.000 ms --- Ping statistics for 100.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/5.600/8.000/2.059 ms -------------------------------------------------------------------------------- ping 100.1.1.1 Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 100.1.1.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
R1 # telnet server enable 开启telnet服务 local-user telnet class manage 创建远程管理用户 password simple nidaye123456 service-type telnet authorization-attribute user-role level-15 # user-interface vty 0 4 authentication-mode scheme 认证模式为AAA user-role level-15 #创建基本acl,只允许技术部远程管理R1 acl basic 2001 rule 0 permit source 192.168.2.0 0.0.0.255 #将acl应用到telnet服务上 telnet server acl 2001 # 配置完后PC2可以telnet到R1上,由于模拟器中PC不支持telnet,所以我就不做演示了,大家可以用路由器替换掉PC,在路由器上可以实现telnet登录
这个综合实验基本上运用到了NE阶段的所有内容,学习并不是一蹴而就的,还是要多做实验才能熟练,将理论与实践相结合!
