hcia综合大实验练习

要求：

1，isp路由器仅配置ip地址
2，内网基于192.168.1.0 24进行划分
3，r1 r2之间用ospf做到内网全通
4，pc1-pc4谁用dhcp获取ip地址
5，pc2-pc4可以访问pc5，pc1不行
6，r2出口只有一个公网ip
7，test-1设备可以登陆内网telnet服务器，test-2不可以

地址划分：

192.168.1.0/24划分：

192.168.1.00 000000 26???? 192.168.1.0 26 骨干

192.168.1.01 000000 26???? 192.168.1.64 26 R1

------192.168.1.64/28

------192.168.1.80/28

------192.168.1.96/28

------192.168.1.112/28

192.168.1.10 000000 26???? 192.168.1.128 26 R2

------192.168.1.128/27

------192.168.1.160/27

192.168.1.11 000000 26 192.168.1.192 26 预留

r2---isp

202.1.1.0/30 随意

isp下放

203.1.1.0/24 随意

做法及注意事项：

1.lsw配置，vlan，access，trunk

2.ip配置，子接口配置方法： int g ， ip address ， dot1q ter mon ， arp bro enable

3.内网使用ospf进行连接 ospf rou id 1.1.1.1 area 0 network

注意：r2不要宣告连接外网的网段

4.dhcp地址下放

5.边界路由器做nat进行地址转换

6.r2有一条缺省路由指向isp，同时下发一下缺省

7.在r1的 0/0/0口阻止pc1访问pc5

8.在r2的0/0/2口阻止test--2访问telnet

操作：

lsw1：

??? <Huawei>sys
??? Enter system view, return user view with Ctrl+Z.
??? [Huawei]sys sw1
??? <sw1>undo terminal mon
??? Info: Current terminal monitor is off.
?? ?
??? <sw1>sys
??? Enter system view, return user view with Ctrl+Z.
??? [sw1]vlan 2
??? [sw1-vlan2]q
??? [sw1]vlan 3
??? [sw1-vlan3]q
??? [sw1]vlan 4
??? [sw1-vlan4]q
??? [sw1]int g0/0/2 ?
??? [sw1-GigabitEthernet0/0/2]port link-type access ?
??? [sw1-GigabitEthernet0/0/2]port default vlan 2
??? [sw1-GigabitEthernet0/0/2]int g0/0/3
??? [sw1-GigabitEthernet0/0/3]port link-type access
??? [sw1-GigabitEthernet0/0/3]port default vlan 3
??? [sw1-GigabitEthernet0/0/3]int g0/0/4
??? [sw1-GigabitEthernet0/0/4]port link-type access
??? [sw1-GigabitEthernet0/0/4]port default vlan 4
??? [sw1-GigabitEthernet0/0/4]int g0/0/1
??? [sw1-GigabitEthernet0/0/1]port link-type trunk
??? [sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 4
??? [sw1-GigabitEthernet0/0/1] User interface con0 is available

lsw2：

??? <Huawei>undo terminal monitor
??? Info: Current terminal monitor is off.
??? <Huawei>sys
??? Enter system view, return user view with Ctrl+Z.
??? [Huawei]sys sw2
??? [sw2]vlan batch 2 3
??? Info: This operation may take a few seconds. Please wait for a moment...done.
??? [sw2]int g0/0/2
??? [sw2-GigabitEthernet0/0/2]port link-type access
??? [sw2-GigabitEthernet0/0/2]port default vlan 2
??? [sw2-GigabitEthernet0/0/2]int g0/0/3
??? [sw2-GigabitEthernet0/0/3]port link-type access
??? [sw2-GigabitEthernet0/0/3]port default vlan 3
??? [sw2-GigabitEthernet0/0/3]int g0/0/1
??? [sw2-GigabitEthernet0/0/1]port link-type trunk
??? [sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
??? [sw2-GigabitEthernet0/0/1]q
??? [sw2] User interface con0 is available

r1：

?[Huawei]sys r1[r1]int g0/0/1

[r1-GigabitEthernet0/0/1]ip address 192.168.1.1 26

[r1-GigabitEthernet0/0/1]int g0/0/0.1

[r1-GigabitEthernet0/0/0.1]ip address 192.168.1.65 28[r1-GigabitEthernet0/0/0.1]int g0/0/0.2

[r1-GigabitEthernet0/0/0.2]ip address 192.168.1.81 28[r1-GigabitEthernet0/0/0.2]int g0/0/0.3

[r1-GigabitEthernet0/0/0.3]ip address 192.168.1.97 28[r1-GigabitEthernet0/0/0.3]int g0/0/0.1

[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2

[r1-GigabitEthernet0/0/0.1]arp broadcast enable [r1-GigabitEthernet0/0/0.1]int g0/0/0.2

[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3

[r1-GigabitEthernet0/0/0.2]arp broadcast enable [r1-GigabitEthernet0/0/0.2]int g0/0/0.3

[r1-GigabitEthernet0/0/0.3]dot1q termination vid 4

[r1-GigabitEthernet0/0/0.3]arp broadcast enable

[r1-GigabitEthernet0/0/0.3]q

[r1]ospf 1 router-id 1.1.1.1

[r1-ospf-1]area 0

[r1-ospf-1-area-0.0.0.0]network 192.168.1.64 0.0.0.15

[r1-ospf-1-area-0.0.0.0]network 192.168.1.80 0.0.0.15

[r1-ospf-1-area-0.0.0.0]network 192.168.1.96 0.0.0.15

[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.63[r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:18-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init) [r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:28-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=2Way) [r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:43-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=AdjOk?, NeighborPreviousState=2Way, NeighborCurrentState=ExStart) [r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:59-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=Exchange) [r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:59-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[8]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loading) [r1-ospf-1-area-0.0.0.0]Dec 21 2023 18:07:59-08:00 r1 %%01OSPF/4/NBR_CHANGE_E(l)[9]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.1.168.192, NeighborEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)

[r1-ospf-1-area-0.0.0.0]q[r1-ospf-1]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.

[r1]ip pool 1Info: It's successful to create an IP address pool.

[r1-ip-pool-1]network 192.168.1.64 mask 28

[r1-ip-pool-1]gateway-list 192.168.1.65[r1-ip-pool-1]q[r1]ip pool 2Info: It's successful to create an IP address pool.

[r1-ip-pool-2]network 192.168.1.80 mask 28

[r1-ip-pool-2]gateway-list 192.168.1.81[r1-ip-pool-2]q[r1]ip pool 3Info: It's successful to create an IP address pool.

[r1-ip-pool-3]network 192.168.1.96 mask 28

[r1-ip-pool-3]gateway-list 192.168.1.97[r1-ip-pool-3]q[r1]int g0/0/0.1

[r1-GigabitEthernet0/0/0.1]dhcp select global [r1-GigabitEthernet0/0/0.1]int g0/0/0.2[r1-GigabitEthernet0/0/0.2]dhcp select global[r1-GigabitEthernet0/0/0.2]int g0/0/0.3[r1-GigabitEthernet0/0/0.3]dhcp select global

<r1>sysEnter system view, return user view with Ctrl+Z.[r1]acl 3000[r1-acl-adv-3000]rule deny ip source 192.168.1.64 0.0.0.15 destination 203.1.1.100 0.0.0.0[r1-acl-adv-3000]q[r1]int g0/0/0.1[r1-GigabitEthernet0/0/0.1]traffic-filter inbound acl 3000

r2：

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 26
[r2-GigabitEthernet0/0/0]int g0/0/2
[r2-GigabitEthernet0/0/2]ip address 202.1.1.1 30
[r2-GigabitEthernet0/0/2]int g0/0/1.1
[r2-GigabitEthernet0/0/1.1]ip address 192.168.1.129 27
[r2-GigabitEthernet0/0/1.1]int g0/0/1.2
[r2-GigabitEthernet0/0/1.2]ip address 192.168.1.161 27
[r2-GigabitEthernet0/0/1.2]int g0/0/1.1
[r2-GigabitEthernet0/0/1.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/1.1]arp broadcast enable
[r2-GigabitEthernet0/0/1.1]int g0/0/1.2
[r2-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/1.2]arp broadcast enable
[r2-GigabitEthernet0/0/1.2]q
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.63
??? ?
?
Dec 21 2023 18:07:25-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init)
?
Dec 21 2023 18:07:25-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=2Way)
?
Dec 21 2023 18:07:56-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=AdjOk?, NeighborPreviousState=2Way, NeighborCurrentState=ExStart)
?
Dec 21 2023 18:07:58-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=Exc
hange)
?
Dec 21 2023 18:07:58-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[8]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loadi
ng)
?
Dec 21 2023 18:07:58-08:00 r2 %%01OSPF/4/NBR_CHANGE_E(l)[9]:Neighbor changes eve
nt: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.168.192, Neighb
orEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
[r2-ospf-1-area-0.0.0.0]network 192.168.1.128 0.0.0.31
[r2-ospf-1-area-0.0.0.0]network 192.168.1.160 0.0.0.31
[r2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[r2]ip pool 1
Info: It's successful to create an IP address pool.
[r2-ip-pool-1]network 192.168.1.128 mask 27
[r2-ip-pool-1]gateway-list 192.168.1.129
[r2-ip-pool-1]q
[r2]ip pool 2
Info: It's successful to create an IP address pool.
[r2-ip-pool-2]network 192.168.1.160 mask 27?? ?
[r2-ip-pool-2]gateway-list 192.168.1.161
[r2-ip-pool-2]q
[r2]int g0/0/1.1?? ?
[r2-GigabitEthernet0/0/1.1]dhcp select global
[r2-GigabitEthernet0/0/1.1]int g0/0/1.2
[r2-GigabitEthernet0/0/1.2]dhcp select global
[r2-GigabitEthernet0/0/1.2]q
[r2]acl 2000?? ?
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
[r2-GigabitEthernet0/0/2]q
[r2]ip route-static 0.0.0.0 0 202.1.1.2
[r2]ospf 1?? ?
[r2-ospf-1]default-route-advertise
[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telnet
?inside 192.168.1.98 telnet
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]
[r2]acl 3000
[r2-acl-adv-3000]rule deny tcp source 203.1.1.3 0 destination-port eq 23
[r2-acl-adv-3000]q
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]traffic-filter inbound acl 3000

ISP:
<Huawei>sys
[Huawei]sys ISP
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip address 202.1.1.2 30
Dec 21 2023 18:20:51-08:00 ISP %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
?on the interface GigabitEthernet0/0/0 has entered the UP state.
[ISP-GigabitEthernet0/0/0]int g0/0/1
[ISP-GigabitEthernet0/0/1]ip address 203.1.1.1 24
?

telnet server：

<Huawei>sys
[Huawei]sys telnet server
[telnet server]user-interface vty 0 4
[telnet server-ui-vty0-4]authentication-mode aaa
[telnet server-ui-vty0-4]q
[telnet server]aaa
[telnet server-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[telnet server-aaa]local-user huawei privilege level 15
[telnet server-aaa]local-user huawei service-type telnet
[telnet server-aaa]q
[telnet server]int g0/0/0
[telnet server-GigabitEthernet0/0/0]ip address 192.168.1.98 28

[telnet server]ip route-static 0.0.0.0 0 192.168.1.97 -------服务器一般不参与ospf，因此通过缺省

test-1：

<Huawei>sys
[Huawei]sys test-1
[test-1]int g0/0/0
[test-1-GigabitEthernet0/0/0]ip address 203.1.1.2 24
[test-1-GigabitEthernet0/0/0]q
[test-1]ip route-static 202.1.1.1 32 203.1.1.1
?

?
<test-1>telnet 202.1.1.1
? Press CTRL_] to quit telnet mode
? Trying 202.1.1.1 ...
? Connected to 202.1.1.1 ...

Login authentication

Username:huawei
Password:
?

test-2：
?

<Huawei>sys
[Huawei]sys r2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip address 203.1.1.3 24
[r2-GigabitEthernet0/0/0]q
[r2]sys test-2
[test-2]ip route-static 202.1.1.1 32 203.1.1.1
?
?
<test-2>telnet 202.1.1.1
? Press CTRL_] to quit telnet mode
? Trying 202.1.1.1 ...
? Connected to 202.1.1.1 ...

Login authentication

Username:huawei
Password:
<telnet server>
<telnet server>
<telnet server>q
?

?
<test-2>telnet 202.1.1.1
? Press CTRL_] to quit telnet mode
? Trying 202.1.1.1 ...
? Error: Can't connect to the remote host

pc1得到地址：

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fe99:fa8
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.78
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.1.65
Physical address..................: 54-89-98-99-0F-A8
DNS server........................:

pc2得到地址：

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fef6:7196
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.94
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.1.81
Physical address..................: 54-89-98-F6-71-96
DNS server........................:

pc3得到地址：

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fedd:6068
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.158
Subnet mask.......................: 255.255.255.224
Gateway...........................: 192.168.1.129
Physical address..................: 54-89-98-DD-60-68
DNS server........................:

pc4得到地址：

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fe96:2e04
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.1.190
Subnet mask.......................: 255.255.255.224
Gateway...........................: 192.168.1.161
Physical address..................: 54-89-98-96-2E-04
DNS server........................:

pc1 ping通测试：

PC>ping 192.168.1.190

Ping 192.168.1.190: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.1.190: bytes=32 seq=2 ttl=126 time=78 ms
From 192.168.1.190: bytes=32 seq=3 ttl=126 time=47 ms
From 192.168.1.190: bytes=32 seq=4 ttl=126 time=63 ms
From 192.168.1.190: bytes=32 seq=5 ttl=126 time=47 ms

--- 192.168.1.190 ping statistics ---
? 5 packet(s) transmitted
? 4 packet(s) received
? 20.00% packet loss
? round-trip min/avg/max = 0/58/78 ms

PC>ping 203.1.1.1

Ping 203.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 203.1.1.1: bytes=32 seq=2 ttl=253 time=47 ms
From 203.1.1.1: bytes=32 seq=3 ttl=253 time=47 ms
From 203.1.1.1: bytes=32 seq=4 ttl=253 time=47 ms
From 203.1.1.1: bytes=32 seq=5 ttl=253 time=31 ms

--- 203.1.1.1 ping statistics ---
? 5 packet(s) transmitted
? 4 packet(s) received
? 20.00% packet loss
? round-trip min/avg/max = 0/43/47 ms

PC>ping 203.1.1.100

Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 203.1.1.100: bytes=32 seq=2 ttl=125 time=79 ms
From 203.1.1.100: bytes=32 seq=3 ttl=125 time=78 ms
From 203.1.1.100: bytes=32 seq=4 ttl=125 time=78 ms
From 203.1.1.100: bytes=32 seq=5 ttl=125 time=78 ms

--- 203.1.1.100 ping statistics ---
? 5 packet(s) transmitted
? 4 packet(s) received
? 20.00% packet loss
? round-trip min/avg/max = 0/78/79 ms

PC>ping 203.1.1.100

Ping 203.1.1.100: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!

--- 203.1.1.100 ping statistics ---
? 5 packet(s) transmitted
? 0 packet(s) received
? 100.00% packet loss