IA综合实验

Yang2024-06-212024-06-22

如图所示为某园区网络简易拓扑，LSW1,LSW2作为汇聚层交换机，AR1作为核心路由器，LSW3-4作为
各自楼层的接入交换机，现按照要求实现如下配置：

一.IP地址规划
1.办公楼1所有PC的网段为：192.168.10.0/24 网关地址为：192.168.10.254
2.办公楼2所有PC的网段为：192.168.20.0/24 网关地址为：192.168.20.254
3.服务器区所有PC的网段为：192.168.30.0/24 网关地址为：192.168.30.254
4.LSW1作为汇聚层交换机使用INT VLANIF 100接口与R1互连，IP地址为100.1.1.1/24；
R1与LSW1互连接口的IP地址为100.1.1.2/24
5.R1与R2接口,R1接口IP地址为：200.1.1.1/24,R2接口IP地址为：200.1.1.2/24,
6.配置设备的名称

二.配置LSW1与LSW2汇聚交换机之间的链路聚合，采用LACP的方式，活动链路2条
要求G0/0/3端口down掉之后，数据走G0/0/2转发。

三.配置交换机之间的生成树
1.要求所有运行RSTP
2.LSW1作为主根桥，LSW2作为备份根桥
3.配置边缘端口，让所有的终端接入到网络中，能立即转发数据
四.配置交换机的链路类型以及VLAN
1.在交换机上创建拓扑图中所存在的VLAN
2.配置交换机与PC与路由器的链路类型为access链路，然后将接口划分进相应的VLAN；
办公楼1为VLAN 10
办公楼2为VLAN 20
服务器区为VLAN 30
LSW1与连接R1的接口VLAN 100
3.配置交换机与交换机互连的链路的trunk，并且允许相应的VLAN通过

五.在汇聚交换机LSW1配置相应的VLANIF接口，使不同楼层的PC能实现通讯

六.DHCP配置:
在LSW1上配置全局地址池1：
地址池pool10分配地址段为192.168.10.0/24,网关为192.168.10.254,DNS为114.114.114.114，
为VLAN10的主机分配IP地址；
在LSW2上配置全局地址池2：
地址池pool20分配地址段为192.168.20.0/24,网关为192.168.20.254,DNS为8.8.8.8
为VLAN20的主机分配IP地址。
七.路由协议
1.在核心路由器AR1和汇聚交换机LSW1上配置动态路由协议ospf，使R1能学到教学楼和服务器区网段的路由
配置完成之后，测试R1是否访问到每台PC上
2.在核心路由器AR1配置一跳静态默认路由指向ISP的路由器AR2

八.NAT技术
1、在AR1上使用NAT技术，使内网VLAN10，VLAN20的网段访问外网时，转化的地址为AR1 g0/0/1接口的IP地址。
（通过easy ip技术实现）

LSW3-1

sys

[Huawei]sysn lsw3-1

[lsw3-1]v b 10 20

Info: This operation may take a few seconds. Please wait for a

moment…done.

[lsw3-1]int e0/0/3

[lsw3-1-Ethernet0/0/3]p l a

[lsw3-1-Ethernet0/0/3]p d v 10

[lsw3-1-Ethernet0/0/3]int e0/0/4

[lsw3-1-Ethernet0/0/4]p l a[lsw3-1-Ethernet0/0/4]p d v 10

[lsw3-1-Ethernet0/0/4]int e0/0/1

[lsw3-1-Ethernet0/0/1]p l t

[lsw3-1-Ethernet0/0/1]p t a v 10 20

[lsw3-1-Ethernet0/0/1]int e0/0/2

[lsw3-1-Ethernet0/0/2]p l t

[lsw3-1-Ethernet0/0/2]p t a v 10 20

[lsw3-1]stp mode r

[lsw3-1]int e0/0/3

[lsw3-1-Ethernet0/0/3]stp edged-port enable //设置边缘端口便于快速收

敛

[lsw3-1-Ethernet0/0/3]int e0/0/4

[lsw3-1-Ethernet0/0/4]stp edged-port enable

LSW4

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sysn LSW4-1

[LSW4-1]v b 20

[LSW4-1]int e0/0/4

[LSW4-1-Ethernet0/0/4]p l a

[LSW4-1-Ethernet0/0/4]p d v 20

[LSW4-1-Ethernet0/0/4]int e0/0/5

[LSW4-1-Ethernet0/0/5]p l a

[LSW4-1-Ethernet0/0/5]p d v 20

[LSW4-1-Ethernet0/0/5]int e0/0/1

[LSW4-1-Ethernet0/0/1]p l t

[LSW4-1-Ethernet0/0/1]p t a v 10 20

[LSW4-1-Ethernet0/0/1]int e0/0/2

[LSW4-1-Ethernet0/0/2]p l t

[LSW4-1-Ethernet0/0/2]p t a v 10 20

[LSW4-1]stp mode r

[LSW4-1]int e0/0/4

[LSW4-1-Ethernet0/0/4]stp edged-port enable

[LSW4-1-Ethernet0/0/4]int e0/0/5[LSW4-1-Ethernet0/0/5]stp ed e

[LSW4-1]int e0/0/1

[LSW4-1-Ethernet0/0/1]stp cost 300000 //修改端口cost来使到达网关最优

LSW1

[LSW1]v b 10 20 12 100 30

[LSW1]int g0/0/4

[LSW1-GigabitEthernet0/0/4]p l t

[LSW1-GigabitEthernet0/0/4]p t a v 10 20

[LSW1-GigabitEthernet0/0/4]int g0/0/5

[LSW1-GigabitEthernet0/0/5]p l t

[LSW1-GigabitEthernet0/0/5]p t a v 10 20

[LSW1-GigabitEthernet0/0/5]q

[LSW1]int Eth-Trunk 1

[LSW1-Eth-Trunk1]mode lacp-static

[LSW1-Eth-Trunk1]max active-linknumber 2 //设置聚合最大数量为2

[LSW1-Eth-Trunk1]trunkport g 0/0/1 0/0/2 0/0/3

[LSW1-Eth-Trunk1]p l t

[LSW1-Eth-Trunk1]p t a v 10 20 30 12

[LSW1-Eth-Trunk1]shutdown

[LSW1-Eth-Trunk1]undo shutdown

[LSW1-Eth-Trunk1]q

[LSW1]int g0/0/6

[LSW1-GigabitEthernet0/0/6]p l a

[LSW1-GigabitEthernet0/0/6]p d v 100

[LSW1-GigabitEthernet0/0/6]int g0/0/7

[LSW1-GigabitEthernet0/0/7]p l a

[LSW1-GigabitEthernet0/0/7]p d v 30

[LSW1-GigabitEthernet0/0/7]int g0/0/8

[LSW1-GigabitEthernet0/0/8]p l a

[LSW1-GigabitEthernet0/0/8]p d v 30

[LSW1-GigabitEthernet0/0/8]q

[LSW1]stp mode rstp

[LSW1]stp root primary

[LSW1]int g0/0/7[LSW1-GigabitEthernet0/0/7]stp ed e

[LSW1-GigabitEthernet0/0/7]int g0/0/8

[LSW1-GigabitEthernet0/0/8]stp ed e

[LSW1-GigabitEthernet0/0/8]q

[LSW1]int v 10

[LSW1-Vlanif10]ip add 192.168.10.254 24

[LSW1-Vlanif10]int v 12

[LSW1-Vlanif12]ip add 10.0.12.1 24

[LSW1-Vlanif12]int v 100

[LSW1-Vlanif100]ip add 100.1.1.1 24

[LSW1-Vlanif100]int v 30

[LSW1-Vlanif30]ip add 192.168.30.254 24

[LSW1-Vlanif30]q

[LSW1]ip pool vlan10

[LSW1-ip-pool-vlan10]network 192.168.10.0 mask 24

[LSW1-ip-pool-vlan10]gateway-list 192.168.10.254

[LSW1-ip-pool-vlan10]dns-list 8.8.8.8

[LSW1-ip-pool-vlan10]q

[LSW1]ip pool vlan30

[LSW1-ip-pool-vlan30]network 192.168.30.0 m 24

[LSW1-ip-pool-vlan30]g 192.168.30.254

[LSW1-ip-pool-vlan30]dns 114.114.114.114

[LSW1-ip-pool-vlan30]q

[LSW1]dhcp enable

[LSW1]int v 10

[LSW1-Vlanif10]dhcp se g

[LSW1-Vlanif10]int v 30

[LSW1-Vlanif30]dhcp s g

[LSW1]ospf

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 100.1.1.1 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255LSW2

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]v b 12 10 20 40

[Huawei]sysn LSW2

[LSW2]int g0/0/4

[LSW2-GigabitEthernet0/0/4]p l t

[LSW2-GigabitEthernet0/0/4]p t a v 10 20

[LSW2-GigabitEthernet0/0/4]int g0/0/5

[LSW2-GigabitEthernet0/0/5]p l t

[LSW2-GigabitEthernet0/0/5]p t a v 10 20

[LSW2]int Eth-Trunk 1

[LSW2-Eth-Trunk1]mode lacp-static

[LSW2-Eth-Trunk1]max active-linknumber 2

[LSW2-Eth-Trunk1]trunkport g 0/0/1 0/0/2 0/0/3

[LSW2-Eth-Trunk1]q

[LSW2]int g0/0/2

[LSW2-GigabitEthernet0/0/2]lacp priority 32769 //设置该端口在聚合时

为备份

[LSW2-GigabitEthernet0/0/2]int e 1

[LSW2-Eth-Trunk1]shutdown

[LSW2-Eth-Trunk1]undo shutdown //非抢占所以需要重启

[LSW2-Eth-Trunk1]p l t

[LSW2-Eth-Trunk1]p t a v 12 10 20

[LSW2-Eth-Trunk1]q

[LSW2]stp mode rs

[LSW2]stp root secondary

[LSW2]ip pool vlan20

[LSW2-ip-pool-vlan20]network 192.168.20.0 m 24

[LSW2-ip-pool-vlan20]g 192.168.20.254

[LSW2-ip-pool-vlan20]q

[LSW2]dhcp enable

[LSW2]int v 20

[LSW2-Vlanif20]ip add 192.168.20.254 24

[LSW2-Vlanif20]q[LSW2-Vlanif20]dhcp se g

[LSW2-Vlanif20]int v 12

[LSW2-Vlanif12]ip add 10.0.12.2 24

[LSW2-Vlanif12]q

-–

接下来为ac这部分配置

[LSW2]int g0/0/7

[LSW2-GigabitEthernet0/0/7]p l t

[LSW2-GigabitEthernet0/0/7]p t a v 40 50

[LSW2-GigabitEthernet0/0/7]int g0/0/6

[LSW2-GigabitEthernet0/0/6]p l t

[LSW2-GigabitEthernet0/0/6]p t a v 40 50 10 20 12

[LSW2-GigabitEthernet0/0/6]p t p v 40

[LSW2]ospf

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

sys

Enter system view, return user view with Ctrl+Z.

[AC6005]sysn AC

[AC]int g0/0/1

[AC-GigabitEthernet0/0/1]q

[AC]v b 40 50

[AC]int g0/0/1

[AC-GigabitEthernet0/0/1]p l t

[AC-GigabitEthernet0/0/1]p t a v 40 50

[AC-GigabitEthernet0/0/1]q

[AC]int v 40

[AC-Vlanif40]ip add 192.168.40.254 24

[AC-ip-pool-vlan40]int v 50

[AC-Vlanif50]ip add 192.168.50.254 24

[AC-Vlanif50]int v 1

[AC-Vlanif1]ip add 10.0.11.2 24 // 与ar1 通信[AC-Vlanif1]q

[AC]ip pool vlan40

[AC-ip-pool-vlan40]network 192.168.40.0 m 24

[AC-ip-pool-vlan40]g 192.168.40.254

[AC-ip-pool-vlan40]q

[AC]ip pool vlan50

[AC-ip-pool-vlan50]network 192.168.50.0 m 24

[AC-ip-pool-vlan50]g 192.168.50.254

[AC-ip-pool-vlan50]q

[AC-wlan-view]int v 40

[AC-Vlanif40]dhcp select g

[AC-Vlanif40]int v 50

[AC-Vlanif50]dhcp select global

[AC]capwap source interface Vlanif 40

[AC]wlan

[AC-wlan-view]ssid-profile name HCIA-WLAN

[AC-wlan-ssid-prof-HCIA-WLAN]ssid HCIA-WLAN

[AC-wlan-ssid-prof-HCIA-WLAN]q

[AC-wlan-view]security-profile name HCIA-WLAN

[AC-wlan-sec-prof-HCIA-WLAN]security wpa-wpa2 psk pass-phrase HCIA

Datacom aes

[AC-wlan-sec-prof-HCIA-WLAN]q

[AC-wlan-view]vap-profile name HCIA-WLAN

[AC-wlan-vap-prof-HCIA-WLAN]ssid-profile HCIA-WLAN

[AC-wlan-vap-prof-HCIA-WLAN]security-profile HCIA-WLAN

[AC-wlan-vap-prof-HCIA-WLAN]service-vlan vlan-id 50

[AC-wlan-vap-prof-HCIA-WLAN]forward-mode direct-forward

[AC-wlan-view]ap-group name ap-group1

[AC-wlan-ap-group-ap-group1]vap-profile HCIA-WLAN wlan 1 radio all

[AC-wlan-ap-group-ap-group1]q

[AC-wlan-view]ap-id 1 ap-mac 00E0-FC27-2F80

[AC-wlan-ap-1]ap-group ap-group1

[AC]ospf

[AC-ospf-1]area 0

[AC-ospf-1-area-0.0.0.0]network 10.0.11.0 0.0.0.255

[AC-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255AR1

[ar1]int g0/0/0

[ar1-GigabitEthernet0/0/0]ip add 100.1.1.2 24

[ar1-GigabitEthernet0/0/0]int g0/0/1

[ar1-GigabitEthernet0/0/1]ip add 200.1.1.1 24

[ar1-GigabitEthernet0/0/1]int g0/0/2

[ar1-GigabitEthernet0/0/2]ip add 10.0.11.1 24

[ar1-GigabitEthernet0/0/2]q

[ar1]ip route-static 0.0.0.0 0 200.1.1.2

[ar1-GigabitEthernet0/0/2]ospf

[ar1-ospf-1]area 0

[ar1-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

[ar1-ospf-1-area-0.0.0.0]network 10.0.11.1 0.0.0.255

[ar1-ospf-1]default-route-advertise always

[ar1]acl 2000

[ar1-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255

[ar1-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255

[ar1-acl-basic-2000]rule permit source 192.168.50.0 0.0.0.255

ar1]int g0/0/1

[ar1-GigabitEthernet0/0/1]nat outbound 2000

此时依然可以全部进行通信这是因为走默认路径可以直接出去而且对端会回包

[ar1]acl 2001

[ar1-acl-basic-2001]rule permit source 192.168.10.0 0.0.0.255

[ar1-acl-basic-2001]rule permit source 192.168.20.0 0.0.0.255

rule deny source 0.0.0.0 255.255.255.255

[ar1-acl-basic-2001]q

[ar1]int g0/0/0

[ar1-GigabitEthernet0/0/1]traffic-filter inbound acl 2001

AR2

添加默认回程路由

[AR2]ip route-static 0.0.0.0 0 200.1.1.1

测试环回口[AR2]int LoopBack 0

[AR2-LoopBack0]ip add 2.2.2.2 24