网站导航
> 技术文档 > HCIA综合实验_ip address 12.1.1.1 8

HCIA综合实验_ip address 12.1.1.1 8

网友: 技术文档 2025-09-03 03:26:26

实验需求:

1.ISP路由器只配置IP地址,再不做任何配置;

2.内部网络基于192.168.1.0/24进行规划;

3.R1-R2之间启动ospf协议;

4.PC1-PC4自动获取IP地址;

5.PC1不能Telnet  R1,其他内网pc都可以Telnet;

6.PC1-PC4可以访问PC5,R2的公网接口只有一个公网IP:12.1.1.1;

7.ISP路由Telnet 12.1.1.1 ,最终成功登陆到R1上。

实验思路:

1.交换机配置(创建vlan、改接口类型、放行vlan)

2.路由器配置(IP地址、子接口配置)

3.配置DHCP协议,设置路由器接口,使PC1、PC3都能自动获取IP,并测试IP地址获取情况

4.配置ospf协议,实现PC1-PC4之间互通

5.配置Telnet服务

6.配置ACL,实现PC1不能Telnet,其他内网pc都可以Telnet

7.配置Easy ip ,实现PC1-PC4可以访问PC5,做全网互通测试

8.配置 NAT server ,实现 ISP 路由Telnet 12.1.1.1 ,最终成功登陆到R1上

实验步骤:

1.交换机配置  
[SW1]vlan batch 2 3
[SW1]interface g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access 
[SW1-GigabitEthernet0/0/2]port default vlan 2
[SW1]interface g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access 
[SW1-GigabitEthernet0/0/3]port default vlan 2
[SW1]interface g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type  access 
[SW1-GigabitEthernet0/0/4]port default vlan 3

[SW2]vlan batch 2 3
[SW2]interface g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access 
[SW2-GigabitEthernet0/0/2]port default vlan 2
[SW2]interface g0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access 
[SW2-GigabitEthernet0/0/3]port default vlan 3
[SW2]interface g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk 
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3

2.路由器配置

[R1]interface g0/0/0  
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[R1]interface g0/0/1.1    
[R1-GigabitEthernet0/0/1.1]ip address 192.168.1.65 27
[R1-GigabitEthernet0/0/1.1]dot1q  termination vid 2
[R1-GigabitEthernet0/0/1.1]arp broadcast enable 
[R1]interface g0/0/1.2   
[R1-GigabitEthernet0/0/1.2]ip address 192.168.1.97 27  
[R1-GigabitEthernet0/0/1.2]dot1q termination vid 3
[R1-GigabitEthernet0/0/1.2]arp broadcast enable 

[R2]interface g0/0/0   
[R2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[R2]interface g0/0/2.1 
[R2-GigabitEthernet0/0/2.1]ip address 192.168.1.129 27
[R2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[R2-GigabitEthernet0/0/2.1]arp broadcast enable 
[R2]interface g0/0/2.2    
[R2-GigabitEthernet0/0/2.2]ip address 192.168.1.161 27
[R2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[R2-GigabitEthernet0/0/2.2]arp broadcast enable 

[ISP]interface g0/0/0  
[ISP-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[ISP]interface g0/0/1
[ISP-GigabitEthernet0/0/1]ip address 1.1.1.1 24

3.配置DHCP协议

[R1]dhcp enable 
[R1]ip pool vlan2 
[R1-ip-pool-vlan2]network 192.168.1.64 mask 255.255.255.224
[R1-ip-pool-vlan2]gateway-list 192.168.1.65
[R1-ip-pool-vlan2]dns-list 8.8.8.8 114.114.114.114 
[R1]interface g0/0/1.1
[R1-GigabitEthernet0/0/1.1]dhcp select global  
[R1]ip pool vlan3
[R1-ip-pool-vlan3]network 192.168.1.96 mask 255.255.255.224 
[R1-ip-pool-vlan3]gateway-list 192.168.1.97
[R1-ip-pool-vlan3]dns-list 8.8.8.8 114.114.114.114
[R1]interface g0/0/1.2 
[R1-GigabitEthernet0/0/1.2]dhcp select global

[R2]dhcp enable   
[R2]ip pool vlan2
[R2-ip-pool-vlan2]network 192.168.1.128 mask 255.255.255.224  
[R2-ip-pool-vlan2]gateway-list 192.168.1.129
[R2-ip-pool-vlan2]dns-list 8.8.8.8 114.114.114.114
[R2]interface g0/0/2.1
[R2-GigabitEthernet0/0/2.1]dhcp select global 
[R2]ip pool vlan3  
[R2-ip-pool-vlan3]network 192.168.1.160 mask 255.255.255.224   
[R2-ip-pool-vlan3]gateway-list 192.168.1.161 
[R2-ip-pool-vlan3]dns-list 8.8.8.8 114.114.114.114 
[R2]interface g0/0/2.2
[R2-GigabitEthernet0/0/2.2]dhcp select global 

测试:

设置路由器接口,使PC1、PC3都能自动获取IP
[PC1]dhcp enable 
[PC1]interface g0/0/0 
[PC1-GigabitEthernet0/0/0]ip address dhcp-alloc

[PC3]dhcp enable 
[PC3]interface g0/0/0
[PC3-GigabitEthernet0/0/0]ip address dhcp-alloc 

4.配置ospf协议,实现PC1-PC4之间互通
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]a 0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[R1-ospf-1]a 1 
[R1-ospf-1-area-0.0.0.1]network 192.168.1.65 0.0.0.0  
[R1-ospf-1-area-0.0.0.1]network 192.168.1.97 0.0.0.0

[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[R2-ospf-1]a 2  
[R2-ospf-1-area-0.0.0.2]network 192.168.1.129 0.0.0.0  
[R2-ospf-1-area-0.0.0.2]network 192.168.1.161 0.0.0.0 
[R2-ospf-1]default-route-advertise always 

测试:

5.配置Telnet服务

[R1]aaa   
[R1-aaa]local-user zkh privilege level 15 password cipher zkh12345    
[R1-aaa]local-user zkh service-type telnet
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa

测试:

6.配置ACL,实现PC1不能Telnet,其他内网pc都可以Telnet

[R1]acl 3000
[R1-acl-adv-3000]rule deny tcp source 192.168.1.93 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.93 0.0.0.0 destination 192.168.1
.65 0.0.0.0 destination-port eq 23 
[R1-acl-adv-3000]rule deny tcp source 192.168.1.93 0.0.0.0 destination 192.168.1
.97 0.0.0.0 destination-port eq 23
[R1]interface g0/0/01.1    
[R1-GigabitEthernet0/0/1.1]traffic-filter inbound acl 3000

测试:



7.配置Easy ip ,实现PC1-PC4可以访问PC5,做全网互通测试

[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 
[R2]interface g0/0/1   
[R2-GigabitEthernet0/0/1]nat outbound 2000
[R2]ip route-static 0.0.0.0 0 12.1.1.2

[ISP]ip route-static 0.0.0.0 0 12.1.1.1
测试:

8.配置 NAT server ,实现 ISP 路由Telnet 12.1.1.1 ,最终成功登陆到R1上

[R2]interface g0/0/1

[R2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

网络标签:

相关问题