当前位置:网站首页>HCIA experiment (07) comprehensive experiment
HCIA experiment (07) comprehensive experiment
2022-07-25 11:07:00 【Rainy days_】
【1】 The first stage : Basic configuration
1. Carry out topology design and address planning
192.168.1.0/24 ( Divided into three subnets , A backbone ,R1 and R2 Two subnets are required )
192.168.1.0/26 ( The backbone )
192.168.1.0/30
192.168.1.4/30 192.168.1.8/30 ...... 192.168.1.60/30
192.168.1.64/26 R1 192.168.1.64/27 192.168.1.96/27
192.168.1.128/26 R2 192.168.1.128/27 192.168.1.160/27
192.168.1.192/26
2. Configuring the router interface IP Address and sub interface
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/1.1]arp broadcast enable
[r1-GigabitEthernet0/0/1.1]ip add 192.168.1.65 27
[r1]int g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/1.2]arp broadcast enable
[r1-GigabitEthernet0/0/1.2]ip add 192.168.1.97 27
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 12.1.1.1 24
[r2]int g0/0/2.1
[r2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/2.1]arp broadcast enable
[r2-GigabitEthernet0/0/2.1]ip add 192.168.1.129 27
[r2]int g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/2.2]arp broadcast enable
[r2-GigabitEthernet0/0/2.2]ip add 192.168.1.161 27
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 1.1.1.1 24
3. To configure DHCP service , Create a pond
[r1]ip pool v2
[r1-ip-pool-v2]network 192.168.1.64 mask 255.255.255.224
[r1-ip-pool-v2]gateway-list 192.168.1.65
[r1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[r1]ip pool v3
[r1-ip-pool-v3]network 192.168.1.96 mask 255.255.255.224
[r1-ip-pool-v3]gateway-list 192.168.1.97
[r1-ip-pool-v3]dns-list 114.114.114.114 8.8.8.8
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]dhcp select global
[r1]int g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dhcp select global
[r2]ip pool v2
[r2-ip-pool-v2]network 192.168.1.128 mask 255.255.255.224
[r2-ip-pool-v2]gateway-list 192.168.1.129
[r2-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[r2]ip pool v3
[r2-ip-pool-v3]network 192.168.1.160 mask 255.255.255.224
[r2-ip-pool-v3]gateway-list 192.168.1.161
[r2-ip-pool-v3]dns-list 114.114.114.114
[r2]int g0/0/2.1
[r2-GigabitEthernet0/0/2.1]dhcp select global
[r2]int g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dhcp select global
4. Divide the interfaces on the switch into corresponding interfaces VLAN in
[sw1]vlan batch 2 to 3
[sw1]port-group group-member e0/0/2 to e0/0/3
[sw1-port-group]port link-type access
[sw1-port-group]port default vlan 2
[sw1]int e0/0/4
[sw1-Ethernet0/0/4]port link-type access
[sw1-Ethernet0/0/4]port default vlan 3
[sw2]vlan batch 2 to 3
[sw2]int e0/0/2
[sw2-Ethernet0/0/2]port link-type access
[sw2-Ethernet0/0/2]port default vlan 2
[sw2]int e0/0/3
[sw2-Ethernet0/0/3]port link-type access
[sw2-Ethernet0/0/3]port default vlan 3
5. To configure trunk main rd
[sw1]int e0/0/1
[sw1-Ethernet0/0/1]port link-type trunk
[sw1-Ethernet0/0/1]port trunk allow-pass vlan all
[sw2]int e0/0/1
[sw2-Ethernet0/0/1]port link-type trunk
[sw2-Ethernet0/0/1]port trunk allow-pass vlan all
6. Write for the server IP Address
7. test
【2】 The second stage : Divide the area
1. Declare
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 192.168.1.65 0.0.0.0
[r1-ospf-1-area-0.0.0.1]network 192.168.1.97 0.0.0.0
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[r2-ospf-1]area 2
[r2-ospf-1-area-0.0.0.2]network 192.168.1.129 0.0.0.0
[r2-ospf-1-area-0.0.0.2]network 192.168.1.161 0.0.0.0
2. see
(R1 and R2 Established adjacency relationship between )
3. Optimize
[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]abr-summary 192.168.1.64 255.255.255.192
[r2]ospf 1
[r2-ospf-1]area 2
[r2-ospf-1-area-0.0.0.2]abr-summary 192.168.1.128 255.255.255.192
( Interregional summary , Summarize the two loops into one loop )
4. Further optimization ( Block its hair Hello package )
Set silent interface
[r1]ospf 1
[r1-ospf-1]silent-interface g0/0/1.1
[r1-ospf-1]silent-interface g0/0/1.2
[r2]ospf 1
[r2-ospf-1]silent-interface g0/0/2.1
[r2-ospf-1]silent-interface g0/0/2.2
5. Perform encryption authentication
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
6. Turn on telnet function
[r1]aaa
[r1-aaa]local-user wang password cipher 123456
[r1-aaa]local-user wang service-type telnet
[r1-aaa]local-user wang privilege level 15
[r1-aaa]q
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
adopt DHCP obtain IP, There is a default route automatically
verification :
7. Refuse PC1 To three IP Of telnet Behavior
[r1] acl 3000
[r1-acl-adv-3000]
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.1 0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.65 0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.97 0 destination-port eq 23
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]traffic-filter inbound acl 3000
verification :
【3】 The third stage : LAN access Wan
1. Build default routes
[r2]ospf 1
[r2-ospf-1]default-route-advertise always 
( by R1 Send the default route )
[r2]ip route-static 0.0.0.0 0 12.1.1.2( For the border router R2 Handwritten default route )
2. structure EASY NAT
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]nat outbound 2000
verification :
【4】 The fourth stage : Access through domain name HTTP
1. Set up servers and client
2. Port mapping
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.1.100 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
3. verification
4. Set up port mapping
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
Successfully logged in :
5. Guard ring
[r1]ip route-static 192.168.1.0 26 NULL 0
[r2]ip route-static 192.168.1.128 26 null 0
边栏推荐
- Last week's hot review (7.18-7.24)
- Flask framework - flask WTF form: data validation, CSRF protection
- Learn NLP with Transformer (Chapter 3)
- UE4 framework introduction
- Hucang integrated e-commerce project (II): project use technology, version and basic environment preparation
- Wechat applet wxprase contains files that cannot be solved by clicking
- 2021 jd.com written examination summary
- 2021 written examination summary of niuke.com 01
- SQL语言(六)
- 哥廷根大学提出CLIPSeg:一个使用文本和图像prompt能同时作三个分割任务的模型
猜你喜欢
随机推荐
[domain generalization] 2022 IJCAI domain generalization tutorial Report
MySQL advanced statement (I) (there is always someone who will make your life no longer bad)
Ue4.26 source code version black screen problem of client operation when learning Wan independent server
UE4 collision
企业实践开源的动机
Flask框架——Session与Cookie
Kraken中事件通道原理分析
C3d model pytorch source code sentence by sentence analysis (II)
HCIA experiment (10) nat
树形动态规划
【信息系统项目管理师】思维导图系列精华汇总
三万字速通Servlet
信号完整性(SI)电源完整性(PI)学习笔记(三十三)102条使信号完整性问题最小化的通用设计规则
ESP32C3基于Arduino框架下的 ESP32 RainMaker开发示例教程
Redis sentry, high availability executor
接口流量突增,如何做好性能调优?
2021 jd.com written examination summary
HCIA实验(08)
How to optimize the performance when the interface traffic increases suddenly?
ESP8266 使用 DRV8833驱动板驱动N20电机