欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

華為HCIA認證R&S路由與交換綜合實驗案例詳解

  發(fā)布時間:2020-06-01 15:02:48   作者:壞壞-5   我要評論
這篇文章主要介紹了華為HCIA認證R&S路由與交換綜合實驗,結(jié)合具體實驗案例形式詳細分析了華為HCIA認證路由與交換子網(wǎng)劃分、路由配置相關(guān)原理、操作技巧與配置命令,需要的朋友可以參考下

本文講述了華為HCIA認證R&S路由與交換綜合實驗。分享給大家供大家參考,具體如下:

文章目錄

HCIA-R&S綜合實驗一

如下拓撲圖

在這里插入圖片描述

實驗要求

  1. 內(nèi)部所有網(wǎng)段從192.168.0.0/24中劃分,運營商分配202.102.24.96/30
    和120.202.249.192/30兩個網(wǎng)段給邊界路由器;
  2. 內(nèi)部客戶端A屬于VLAN 10,內(nèi)部客戶端B屬于VLAN 20;
  3. 內(nèi)部三臺交換機之間的雙鏈路使用以太網(wǎng)通道將鏈路聚合;
  4. 多層交換VLAN間互通;
  5. 阻塞內(nèi)部二層交換機B上面向內(nèi)部交換機A的兩個端口;
  6. 內(nèi)部路由使用OSPF協(xié)議;
  7. 分別映射兩臺FTP服務(wù)器的TCP 21端口至兩臺邊界路由器的外部端口;
  8. 不允許內(nèi)部客戶端A訪問FTP服務(wù)器A;
    不允許內(nèi)部客戶端B訪問FTP服務(wù)器B的TCP 21端口

子網(wǎng)劃分

  • ISP運營商—http-pc
    • G0/0/0:100.100.100.1/24
    • http-pc:100.100.100.2/24
  • ISP運營商—邊界路由器A
    • G0/0/1:202.102.24.97/30
    • 邊界路由器A:G0/0/0:202.102.24.98/30
  • ISP運營商—邊界路由器B
    • G0/0/2:120.202.249.193/30
    • 邊界路由器B:G0/0/0:120.202.249.194/30

分析

  • ISP運營商—邊界路由器A
    • 運營商分配的網(wǎng)段為:202.102.24.96/30
    • 網(wǎng)段為:202.102.24.96
    • 廣播地址:202.102.24.99
    • 可用子網(wǎng):202.102.24.97和202.102.24.98
  • ISP運營商—邊界路由器B
    • 運營商分配的網(wǎng)段為:120.202.249.192/30
    • 網(wǎng)段為:120.202.249.192
    • 廣播地址:120.202.249.195
    • 可用子網(wǎng):120.202.249.193和120.202.249.194
  • 邊界路由器A—SW3—邊界路由器B
    • 邊界路由器A:G0/0/1:192.168.0.97/27
    • 邊界路由器B:G0/0/1:192.168.0.98/27
    • SW3-Vlanif1:192.168.0.126/27

分析:

  • 給定網(wǎng)段為:192.168.0.96/27
  • 網(wǎng)段:192.168.0.96
  • 廣播地址:192.168.0.127
  • 可用子網(wǎng):192.168.0.97-192.168.0.126
  • 內(nèi)部路由器A—SW3—內(nèi)部路由器B
    • 內(nèi)部路由器A:G0/0/0:192.168.0.65/27
    • 內(nèi)部路由器B:G0/0/0:192.168.0.66/27
    • SW3-Vlanif100:192.168.0.94/27

分析

  • 給定網(wǎng)段為:192.168.0.64/27
  • 網(wǎng)段:192.168.0.64
  • 廣播地址:192.168.0.95
  • 可用子網(wǎng):192.168.0.65-192.168.0.94
  • 內(nèi)部路由器A—FTP_A
    • 內(nèi)部路由器A:G0/0/1:192.168.0.1/27
    • FTP_A:E0/0/0:192.168.0.2/27

分析

  • 給定網(wǎng)段:192.168.0.0/27
  • 網(wǎng)段:192.168.0.0
  • 廣播地址:192.168.0.32
  • 可用子網(wǎng):192.168.0.1-192.168.0.31
  • 內(nèi)部路由器B—FTP_B
    • 內(nèi)部路由器B:G/0/0/1:192.168.0.33/27
    • FTP_B:E0/0/0:192.168.0.34/27

分析

  • 給定網(wǎng)段:192.168.0.32/27
  • 網(wǎng)段:192.168.0.32
  • 廣播地址:192.168.0.63
  • 可用子網(wǎng):192.168.0.33-192.168.0.62
  • SW_A—PC_A
    • SW_A-Vlanif10:192.168.0.158/27
    • PC_A:192.168.0.129/27

分析

  • 給定網(wǎng)段:192.168.0.128/27
  • 網(wǎng)段:192.168.0.128
  • 廣播地址:192.168.0.159
  • 可用子網(wǎng):192.168.0.129-192.168.0.158
  • SW_B—PC_B
    • SW_B-Vlanif20:192.168.0.222/27
    • PC_B:192.168.0.193/27

分析

  • 給定網(wǎng)段:192.168.0.192/27
  • 網(wǎng)段:192.168.0.192
  • 廣播地址:192.168.0.223
  • 可用子網(wǎng):192.168.0.193-192.168.0.222

配置相關(guān)IP地址

  • http-pc

    • IP:100.100.100.2/24
    • 網(wǎng)關(guān):100.100.100.1/24

  • ISP運營商

[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip ad 100.100.100.1 24
[ISP-GigabitEthernet0/0/0]int g0/0/1
[ISP-GigabitEthernet0/0/1]ip ad 202.102.24.97 30
[ISP-GigabitEthernet0/0/1]int g0/0/2
[ISP-GigabitEthernet0/0/2]ip ad 120.202.249.193 30
[ISP-GigabitEthernet0/0/2]q
[ISP]dis ip int brief 
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              100.100.100.1/24     up         up    
GigabitEthernet0/0/1              202.102.24.97/30     up         up    
GigabitEthernet0/0/2              120.202.249.193/30   up         up    
NULL0                             unassigned           up         up(s)
  • 邊界路由器A
[BoadeA]int g0/0/0
[BoadeA-GigabitEthernet0/0/0]ip ad 202.102.24.98 30
[BoadeA-GigabitEthernet0/0/0]
[BoadeA-GigabitEthernet0/0/0]int g0/0/1
[BoadeA-GigabitEthernet0/0/1]ip ad 192.168.0.97 27
[BoadeA-GigabitEthernet0/0/1]q
[BoadeA]dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              202.102.24.98/30     up         up   
GigabitEthernet0/0/1              192.168.0.97/27      up         up   
GigabitEthernet0/0/2              unassigned           down       down 
NULL0                             unassigned           up         up(s) 
[BoadeA]
  • 邊界路由器B
[BoadeB]int g0/0/0
[BoadeB-GigabitEthernet0/0/0]ip ad 120.202.249.194 30
[BoadeB-GigabitEthernet0/0/0]int g0/0/1
[BoadeB-GigabitEthernet0/0/1]ip ad 192.168.0.98 27
[BoadeB-GigabitEthernet0/0/1]q
[BoadeB]dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              120.202.249.194/30   up         up   
GigabitEthernet0/0/1              192.168.0.98/27      up         up   
GigabitEthernet0/0/2              unassigned           down       down 
NULL0                             unassigned           up         up(s)
[BoadeB]
  • 內(nèi)部路由器A
[ltemalA]int g0/0/0
[ltemalA-GigabitEthernet0/0/0]ip ad 192.168.0.65 27
[ltemalA-GigabitEthernet0/0/0]int g0/0/1
[ltemalA-GigabitEthernet0/0/1]ip ad 192.168.0.1 27
[ltemalA-GigabitEthernet0/0/1]q
[ltemalA]dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.0.65/27      up         up   
GigabitEthernet0/0/1              192.168.0.1/27       up         up   
GigabitEthernet0/0/2              unassigned           down       down 
NULL0                             unassigned           up         up(s) 
[ltemalA]
  • 內(nèi)部路由器B
[ltemalB]int g0/0/0
[ltemalB-GigabitEthernet0/0/0]ip ad 192.168.0.66 27
[ltemalB-GigabitEthernet0/0/0]int g0/0/1
[ltemalB-GigabitEthernet0/0/1]ip ad 192.168.0.33 27
[ltemalB-GigabitEthernet0/0/1]q
[ltemalB]dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.0.66/27      up         up     
GigabitEthernet0/0/1              192.168.0.33/27      up         up     
GigabitEthernet0/0/2              unassigned           down       down   
NULL0                             unassigned           up         up(s) 
[ltemalB]
  • SW3
[SW3]vlan batch 10 20 100
[SW3]int Vlanif 1
[SW3-Vlanif1]ip ad 192.168.0.126 27
[SW3-Vlanif1]q
[SW3]int Vlanif 100
[SW3-Vlanif100]ip ad 192.168.0.94 27
[SW3-Vlanif100]q
[SW3]

  • FTP_A:

    • IP地址:192.168.0.2
    • 子網(wǎng)掩碼:255.255.255.224
    • 網(wǎng)關(guān):192.168.0.1

  • FTP_B

    • IP地址:192.168.0.34
    • 子網(wǎng)掩碼:255.255.255.224
    • 網(wǎng)關(guān):192.168.0.33

  • PC_A

    • IP地址:192.168.0.129
    • 子網(wǎng)掩碼:255.255.255.224
    • 網(wǎng)關(guān):192.168.0.158

  • PC_B

    • IP地址:192.168.0.193
    • 子網(wǎng)掩碼:255.255.255.224
    • 網(wǎng)關(guān):192.168.0.222

SW3配置

[SW3]vlan batch 10 20
[SW3]int Vlanif 10
[SW3-Vlanif10]ip ad 192.168.0.158 27	
[SW3-Vlanif10]int vlan 20
[SW3-Vlanif20]ip ad 192.168.0.222 27
[SW3-Vlanif20]q
[SW3]

劃分VLAN

# SWA配置
[SWA]vlan 10
[SWA-vlan10]q
[SWA]int g0/0/10
[SWA-GigabitEthernet0/0/10]port link-type access 
[SWA-GigabitEthernet0/0/10]port default vlan 10
[SWA-GigabitEthernet0/0/10]q
[SWA]

# SWB配置
[SWB]vlan 20
[SWB-vlan20]q
[SWB]int g0/0/10
[SWB-GigabitEthernet0/0/10]port link-type access 
[SWB-GigabitEthernet0/0/10]port default vlan 20
[SWB-GigabitEthernet0/0/10]q
[SWB]

# SW3配置
[SW3]int g0/0/5	
[SW3-GigabitEthernet0/0/5]port link-type access 
[SW3-GigabitEthernet0/0/5]port default vlan 100
[SW3-GigabitEthernet0/0/5]q
[SW3]int g0/0/6
[SW3-GigabitEthernet0/0/6]port link-type access 
[SW3-GigabitEthernet0/0/6]port default vlan 100

配置鏈路聚合

# SWA配置
[SWA]int Eth-Trunk 1
[SWA-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SWA-Eth-Trunk1]port link-type trunk 
[SWA-Eth-Trunk1]port trunk allow-pass vlan all 
[SWA-Eth-Trunk1]q
[SWA]int Eth-Trunk 2
[SWA-Eth-Trunk2]trunkport GigabitEthernet 0/0/5 to 0/0/6
[SWA-Eth-Trunk2]port link-type trunk 
[SWA-Eth-Trunk2]port trunk allow-pass vlan all 
[SWA-Eth-Trunk2]q
[SWA]

# SWB配置
[SWB]int Eth-Trunk 1
[SWB-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/4
[SWB-Eth-Trunk1]port link-type trunk 
[SWB-Eth-Trunk1]port trunk allow-pass vlan all 
[SWB-Eth-Trunk1]q
[SWB]int Eth-Trunk 2
[SWB-Eth-Trunk2]trunkport GigabitEthernet 0/0/5 to 0/0/6
[SWB-Eth-Trunk2]port link-type trunk 
[SWB-Eth-Trunk2]port trunk allow-pass vlan all 
[SWB-Eth-Trunk2]q
[SWB]

# SW3配置
[SW3]int Eth-Trunk 1
[SW3-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/4
[SW3-Eth-Trunk1]port link-type trunk 
[SW3-Eth-Trunk1]port trunk allow-pass vlan all 
[SW3-Eth-Trunk1]q
[SW3]int Eth-Trunk 2
[SW3-Eth-Trunk2]trunkport GigabitEthernet 0/0/1 to 0/0/2
[SW3-Eth-Trunk2]port link-type trunk 
[SW3-Eth-Trunk2]port trunk allow-pass vlan all 
[SW3-Eth-Trunk2]q
[SW3]

三層接口(已配置)

[SW3]dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down   
NULL0                             unassigned           up         up(s) 
Vlanif1                           192.168.0.126/27     up         up     
Vlanif10                          192.168.0.158/27     up         up     
Vlanif20                          192.168.0.222/27     up         up     
Vlanif100                         192.168.0.94/27      up         up

阻塞端口

[SW3]stp root primary  //將SW3設(shè)置為根橋

# 查看SW3的端口角色
[SW3]dis stp brief 
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/5        DESI  FORWARDING      NONE
   0    GigabitEthernet0/0/6        DESI  FORWARDING      NONE
   0    GigabitEthernet0/0/10       DESI  FORWARDING      NONE
   0    GigabitEthernet0/0/11       DESI  FORWARDING      NONE
   0    Eth-Trunk1                  DESI  FORWARDING      NONE
   0    Eth-Trunk2                  DESI  FORWARDING      NONE
[SW3]

# 查看SWB的端口角色
[SWB]dis stp brief
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/10       DESI  FORWARDING      NONE
   0    Eth-Trunk1                  ROOT  FORWARDING      NONE
   0    Eth-Trunk2                  ALTE  DISCARDING      NONE
[SWB]

配置OSPF

# BoadeA配置
[BoadeA]ospf
[BoadeA-ospf-1]area 0
[BoadeA-ospf-1-area-0.0.0.0]network 192.168.0.96 0.0.0.31  //宣告一個網(wǎng)段
[BoadeA-ospf-1-area-0.0.0.0]q
[BoadeA-ospf-1]default-route-advertise  //交換默認路由

# BoadeB配置
[BoadeB]ospf
[BoadeB-ospf-1]area 0
[BoadeB-ospf-1-area-0.0.0.0]net 192.168.0.96 0.0.0.31
[BoadeB-ospf-1-area-0.0.0.0]q
[BoadeB-ospf-1]default-route-advertise

# SW3配置
[SW3]ospf
[SW3-ospf-1]area 0
# 精確宣告
[SW3-ospf-1-area-0.0.0.0]network 192.168.0.126 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 192.168.0.158 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]net 192.168.0.222 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]net 192.168.0.94 0.0.0.0

# ltemalA
[ltemalA]ospf
[ltemalA-ospf-1]area 0
[ltemalA-ospf-1-area-0.0.0.0]net 192.168.0.0 0.0.0.31
[ltemalA-ospf-1-area-0.0.0.0]net 192.168.0.64 0.0.0.31

# ltemalB
[ltemalB]ospf
[ltemalB-ospf-1]area 0
[ltemalB-ospf-1-area-0.0.0.0]net 192.168.0.32 0.0.0.31
[ltemalB-ospf-1-area-0.0.0.0]net 192.168.0.64 0.0.0.31
  • OSPF精確宣告:[BoadeA-ospf-1-area-0.0.0.0]network 192.168.0.97 0.0.0.0
  • 測試FTP_A與PC的連通性
  • 查看所有設(shè)備的路由表

配置FTP映射

# BoadeA配置
[BoadeA]ip route-static 0.0.0.0 0.0.0.0 202.102.24.97
[BoadeA]acl 2000
[BoadeA-acl-basic-2000]rule permit 
[BoadeA-acl-basic-2000]q
[BoadeA]int g0/0/0
[BoadeA-GigabitEthernet0/0/0]nat outbound 2000
[BoadeA-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 21 inside 192.168.0.2 21
Warning:The port 21 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y  //Y確認
[BoadeA-GigabitEthernet0/0/0]

# BoadeB配置
[BoadeB]ip route-static 0.0.0.0 0.0.0.0 120.202.249.193
[BoadeB]acl 2000
[BoadeB-acl-basic-2000]rule permit 
[BoadeB-acl-basic-2000]q
[BoadeB]int g0/0/0
[BoadeB-GigabitEthernet0/0/0]nat outbound 2000
[BoadeB-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 21 inside 192.168.0.34 21
Warning:The port 21 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y  //Y確認
[BoadeB-GigabitEthernet0/0/0]
  • FTP_A與ISP運營商連通性測試
  • FTP_A與http-pc連通性測試
  • http-pc訪問FTP_A測試
    • 配置內(nèi)網(wǎng)FTP_A服務(wù)器
    • http-pc訪問內(nèi)網(wǎng)FTP_A(文件傳輸模式PORT)

禁止訪問FTP

# ltemalA配置ACL
[ltemalA]acl 3000
[ltemalA-acl-adv-3000]rule deny tcp source 192.168.0.129 0.0.0.0 destination-port eq 21 
[ltemalA-acl-adv-3000]q
[ltemalA]int g0/0/0
[ltemalA-GigabitEthernet0/0/0]traffic-filter inbound acl 3000

# ltemalB配置ACL
[ltemalB]acl 3000
[ltemalB-acl-adv-3000]rule deny tcp source 192.168.0.193 0.0.0.0 destination-port eq 21
[ltemalB-acl-adv-3000]q
[ltemalB]int g0/0/0
[ltemalB-GigabitEthernet0/0/0]traffic-filter inbound acl  3000
  • PC測試登錄FTP服務(wù)器
  • PC與FTP連通性測試

不是我說,這步驟是真的多!我以為會很簡單,天真了!?。∵€是需要多練習!加油!

相關(guān)文章

最新評論