实验软件为华为ensp1.3版本
1.SW2使用telnet方式登录另一台交换机SW1
实验配置:两台二层交换机,IP分别为192.168.1.10/20,子网掩码255.255.255.0
(1)交换机初始化操作
undo terminal monitor #关闭消息提示(用户视图) system-view #登录系统视图 sysname SW1/SW2 #交换机改名为SW1/2 user-interface console 0 #进入主控模式 idle-timeout 0 0 #设置窗口永不过期
(2)配置交换机IP(系统视图)
interface Vlanif 1
ip address 192.168.1.10/20 255.255.255.0
(3)测试两个交换机是否能互相ping通
ping 192.168.1.10/20
(4)SW1作为telnet服务端配置telnet服务(系统视图)
user-interface vty 0 4 #进入telnet authentication-mode password #验证模式为密码模式 set authentication password simple <密码> #设置密文或者明文密码 user privilege level 3 #设置用户权限为3级
(5)客户机验证telnet功能(SW2 telnet SW1登录)
telnet 192.168.1.10(用户视图)
命令提升符变为<SW1>,实验成功
2.配置VLAN使得同一台交换机下的3台PC不互通
实验配置:一台二层交换机,3台PC
(1)划分vlan
交换机默认有vlan1,所有接口都在vlan1中,所以需要划分vlan2,vlan3
system-view
vlan bat 2 3 #批量划分vlan,连续划分命令为 vlan bat ?? to ??
dis vlan #查看vlan是否划分成功
(2)将交换机接口划分到vlan,e0/0/1--vlan1,e0/0/2--vlan2,e0/0/3--vlan3,一号接口默认在vlan1中,不需要划分
int e0/0/2 #进入2号接口
port link-type access #设置接口模式为access,华为有三种接口模式 access,trunk,hybrid
port default vlan 2 #设置2号接口在vlan 2中
display vlan #查看vlan,U为使用的接口,D为未使用的接口
3号接口划分到vlan 3中
(3)验证
3台PC无法互相ping通,vlan隔离完成
(4)清除配置
交换机清除接口配置后接口会关闭,使用需手动开启,int 进入接口,undo shutdown开启接口
clear config int e0/0/?
display this #查看接口状态
3.同一个部门的员工划分到了不同交换机,但是是在同一个vlan,要求同一个部门员工可以通信,不同部门员工不可通信
实验配置:两台二层交换机,6台PC
(1)两台交换机分别创建vlan
vlan bat 10 20 30
(2)将两台交换机接口划分到对应的vlan中
e0/0/1--vlan10 e0/0/2--vlan20 e0/0/3--vlan30
int e0/0/1
port link-type access
port default vlan 10
dis vlan
其他接口对应操作
(3)两台交换机设置trunk(接口号要一样)
int e0/0/22 #接口号自选,不冲突就行 port link-type trunk #设置为trunk模式 port trunk allow-pass vlan 10 20 30 #允许带有vlan标签 10 20 30 的数据帧通过 dis port vlan #查看
(4)测试连通性
vlan10,vlan20 ,vlan30互相隔离,不可ping通
相同vlan里面的两台机可以ping通
4.不同VLAN如何通信(使用单臂路由技术)
实验配置:一台路由器(router或者AR),一台二层交换机,两台PC
(1)交换机配置
undo terminal monitor
system-view
sysname SW1
user-interface console 0
idle-timeout 0 0
vlan bat 10 20
int e0/0/1
port link-type access
port default vlan 10
int e0/0/2
port link-type access
port default vlan 20
int g0/0/1
port link-type trunk
port trunk allow-pass vlan all
(2)路由器配置
undo terminal monitor system-view sysname R1 user-interface console 0 idle-timeout 0 0 int g0/0/0 undo shutdown #开启接口,开启物理接口后虚拟接口也开启 q int g0/0/0.? #查看最多子接口的数量 int g0/0/0.10 vlan-type dot1q 10 default ip add 192.168.10.1 24 q int g0/0/0.20 vlan-type dot1q 20 default ip add 192.168.20.1 24 q display ip routing-table #查看路由表
(3)PC配置
PC1
192.168.10.10
255.255.255.0
192.168.10.1
PC2
192.168.20.10
255.255.255.0
192.168.20.1
(4)验证
PC1和PC2互相能ping通,则不同vlan可以互相通信
(5) 使用AR路由器完成此实验
AR路由器命令和R1路由器不太一样,配置如下
undo terminal monitor
system-view
sysname AR1
user-interface console 0
idle-timeout 0 0
int g0/0/0
undo shutdown
q
int g0/0/0.?
int g0/0/0.10
dot1q termination vid 10
ip add 192.168.10.1 255.255.255.0
arp broadcast enable #AR路由器ARP广播默认关闭,需手动开启
q
int g0/0/0.20
dot1q termination vid 20
ip add 192.168.20.1 255.255.255.0
arp broadcast enable
q
display ip routing-table
5.使用三层交换机实现不同VLAN机器通信
实验配置:一台三层交换机,两台PC
(1)交换机配置
undo terminal monitor
system-view
syaname layer3-SW
user-interface console 0
idle-time 0 0
q
vlan bat 10 20
int g0/0/1
port link-type access
port default vlan 10
q
int g0/0/2
port link-type access
port default vlan 20
q
dis vlan
int Vlanif 10 #物理接口不可以配置IP,可以在虚拟接口配置
ip address 192.168.10.1 24
q
int Vlanif 20
ip address 192.168.20.1 24
(2)PC机配置
PC1
192.168.10.10
255.255.255.0
192.168.10.1
PC2
192.168.20.10
255.255.255.0
192.168.20.1
(3)验证
PC机可互相ping通,实验成功
6.使用二层交换机实现链路聚合(eth-trunk)
实验配置:两台二层交换机,两台PC
(1)两个交换机配置
undo terminal monitor
system-view
sysname link-SW1/link-SW2
user-interface console 0
idle-timeout 0 0
vlan 2 #两个交换机分别创建vlan2
int eth-trunk 1 #创建eth-trunk链路1
int e0/0/1
eth-trunk 1 #一号接口成为eth-trunk 1成员
int e0/0/2
eth-trunk 1
int eth-trunk 1 #进入eth-trunk 1号链路接口
port link-type trunk #设置为trunk模式
port trunk allow-pass vlan all
int e0/0/3
port link-type access
port default vlan 2 #两个交换机3号接口连接pc,处在vlan 2中
(2)PC机配置
PC1
192.168.1.10
255.255.255.0
PC2
192.168.1.20
255.255.255.0
(3)验证
PC1/2可以互相Ping通,链路连通
7.路由配置实验
实验配置:三台AR1220路由器,两台PC
(1)AR1配置
int g0/0/1 ip add 192.168.1.1 24 undo shutdown int g0/0/0 ip add 10.1.1.1 24 undo shutdown dis ip routing-table
ip route-static 10.1.2.0 24 10.1.1.2
ip route-static 192.168.2.0 24 10.1.1.2
(2)AR2配置
int g0/0/0 ip add 10.1.1.2 24 undo shutdown int g0/0/1 ip add 10.1.2.2 24 undo shutdown dis ip routing-table
ip route-static 192.168.1.0 24 10.1.1.1
ip route-static 192.168.2.0 24 10.1.2.3
(3)AR3配置
int g0/0/0 ip add 10.1.2.3 24 undo shutdown int g0/0/1 ip add 192.168.2.3 24 undo shutdown dis ip routing-table
ip route-static 192.168.1.0 24 10.1.2.2
ip route-static 10.1.1.0 24 10.1.2.2
(4)PC配置
PC1 192.168.1.10 255.255.255.0 192.168.1.1 PC2 192.168.2.10 255.255.255.0 192.168.2.3
(5)验证
PC1和PC2能互相ping通
8.默认路由实现PC1和PC2互通
(1)AR1配置
int g0/0/0 ip add 192.168.1.1 24 undo shutdown int g0/0/1 ip add 10.1.1.1 24 undo shutdown ip route-static 0.0.0.0 0 10.1.1.2
(2)AR2配置
int g0/0/0 ip add 10.1.1.2 24 undo shutdown int g0/0/1 ip add 10.1.2.2 24 undo shutdown ip route-static 192.168.1.0 24 10.1.1.1 ip route-static 192.168.2.0 24 10.1.2.3
(3)AR3配置
int g0/0/0 ip add 10.1.2.3 24 undo shutdown int g0/0/1 ip add 192.168.2.3 24 undo shutdown ip route-static 0.0.0.0 0 10.1.2.2
(4)PC配置
PC1 192.168.1.10 255.255.255.0 192.168.1.1 PC2 192.168.2.10 255.255.255.0 192.168.2.3
(5)验证
ping或者tracert
9.在实验8基础上实现浮动路由
浮动路由指的是配置两条静态路由,默认选取链路质量优(带宽大的)作为主路径,当路径出现故障时,由带宽较小的备份路由顶替,保持网络的不中断。
AR1和AR2之间加了一条链路,网段设为 10.1.3.0/24
(1) AR1配置
int g0/0/2 ip add 10.1.3.1 24 undo shutdown
ip route-static 0.0.0.0 0 10.1.3.2 preference 65 #优先级要设置比60大,范围为1-255
(2)AR2配置
int g0/0/2 ip add 10.1.3.2 24 undo shutdown
ip route-static 192.168.1.0 24 10.1.3.1 preference 65
(3)验证
关闭10.1.1.0网段链路,PC1和PC2仍可互通,证明备用链路可用
关闭AR1的主链路接口测试一下 int g0/0/1 shutdown #关闭接口 q dis ip routing-table #查看路由表有一条10.1.3.0,优先级为65的路由 ping 192.168.2.10 tracert 192.168.2.10
int g0/0/1
undo shutdown #开启接口
10.三层链路聚合
实验配置:两台三层CE12800交换机
(1)优化配置
undo terminal monitor system-view sysname CE1/CE2 user-interface console 0 idle-timeout 1440
(2)CE1
在系统视图下创建一个eth-trunk接口,开启三层端口并设置IP地址(三层接口不能划分VLAN)
int eth-trunk 1 undo portswitch #portswitch是将三层接口转换为二层接口,undo portswitch取消转换 ip add 10.1.1.1 24
将成员接口加入到eth-trunk中
int g1/0/0 undo shutdown eth-trunk 1 int g1/0/1 undo shutdown eth-trunk 1
int loopback0 ip address 192.168.1.100 32 <>save display ip routing-table
(2)CE2
int eth-trunk 1 undo portswitch ip add 10.1.1.2 255.255.255.0 将成员接口加入eth-trunk接口 int GE1/0/0 undo shutdown eth-trunk 1 int GE1/0/1 undo shutdown eth-trunk 1 int loopback0 ip add 192.168.2.100 32 save display ip routing-table ping 10.1.1.1
(3)CE1 #添加双向主机网络路由,实现通信
ip route-static 192.168.2.100 32 10.1.1.2 save display ip routing-table
(4)CE2
ip route-static 192.168.1.100 32 10.1.1.1 save display ip routing-table
(5)带源IP ping/tracert 目标IP
CE1 源IP 目标IP ping -a 192.168.1.100 192.168.2.100 CE2 ping -a 192.168.2.100 192.168.1.100 tracert -a 源IP 目标IP
11.使用动态路由协议RIP实现通信
需求配置:三台AR3260路由器
(1)三台路由器初始化配置
undo terminal monitor system-view sysname AR1/2/3 user-interface console 0 idle-timeout 0 0 q
(2)AR1配置
int g0/0/0 ip add 192.168.1.1 24 int LoopBack 0 ip add 10.2.1.8 32 rip version 2 undo summary dis this #查看版本是否已改变 network 10.0.0.0 network 192.168.1.0
dis ip routing-table
(3)AR2配置
int g0/0/0 ip add 192.168.1.2 24 int g0/0/1 ip add 172.16.1.2 24 rip version 2 undo summary dis this network 192.168.1.0 network 172.16.0.0 dis ip routing-table
(4)AR3配置
int g0/0/1 ip add 172.16.1.3 24 int LoopBack 0 ip add 10.2.3.10 32 rip version 2 undo summary dis this network 172.16.0.0 network 10.0.0.0 dis ip routing-table
(5)验证
ping -a 10.2.1.8 1.2.3.10
12.使用动态路由协议OSPF实现单区域通信
实验配置:三台AR3260路由器
(1)三台路由器初始化配置
undo terminal monitor system-view sysname AR1/2/3 user-interface console 0 idle-timeout 0 0
(2)三台路由器接口加IP
AR1
[AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 10.1.1.1 24 [AR1-GigabitEthernet0/0/0]q [AR1]int LoopBack 0 [AR1-LoopBack0]ip add 192.168.1.1 32 [AR1-LoopBack0]q
AR2
[AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 10.1.1.2 24 [AR2-GigabitEthernet0/0/0]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 10.1.2.2 24 [AR2-GigabitEthernet0/0/1]q
AR3
[AR3]int g0/0/1 [AR3-GigabitEthernet0/0/1]ip add 10.1.2.3 24 [AR3-GigabitEthernet0/0/1]q [AR3]int LoopBack 0 [AR3-LoopBack0]ip add 172.16.1.1 32 [AR3-LoopBack0]q
(3)配置OSPF协议
AR1
[AR1]ospf 1 router-id 1.1.1.1 [AR1-ospf-1]area 0 [AR1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0 [AR1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 [AR1-ospf-1-area-0.0.0.0]dis ospf peer
AR2
[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]dis ospf peer
AR3
[AR3]ospf 1 [AR3-ospf-1]area 0 [AR3-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255 [AR3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0 [AR3-ospf-1-area-0.0.0.0]dis ospf peer
(4)测试
ping/tracert 两个主机网段是否可以通信
(5)重选DR/BDR
reset ospf process #重启ospf,重选DR/BDR需要重启OSPF协议 ospf dr-priority ? #设置DR/BDR优先级,优先级范围为0-255,数值越大,优先级越高,默认为1,如果路由器的优先级被设置为0,它将不参与DR和BDR的选举 dis ospf interface #查看DR/BDR
13.使用动态路由协议OSPF实现多区域通信
实验配置:4台AR3260路由器
(1)初始化配置
%%%
%%%
%%%
undo terminal monitor system-view sysname AR1/2/3/4 user-interface console 0 idle-timeout 0 0
(2)配置路由器IP并测试直连网段是否联通
AR1
[AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 10.1.1.1 24 [AR1-GigabitEthernet0/0/0]q [AR1]int LoopBack 0 [AR1-LoopBack0]ip add 1.1.1.1 32 [AR1-LoopBack0]q [AR1]ping 10.1.1.2
AR2
[AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 10.1.1.2 24 [AR2-GigabitEthernet0/0/0]q [AR2]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 10.1.2.2 24 [AR2-GigabitEthernet0/0/1]q [AR2]int LoopBack 0 [AR2-LoopBack0]ip add 2.2.2.2 32 [AR2-LoopBack0]q [AR2]ping 10.1.2.3
AR3
[AR3]int g0/0/1 [AR3-GigabitEthernet0/0/1]ip add 10.1.2.3 24 [AR3-GigabitEthernet0/0/1]q [AR3]int g0/0/0 [AR3-GigabitEthernet0/0/0]ip add 10.1.3.3 24 [AR3-GigabitEthernet0/0/0]q [AR3]int LoopBack 0 [AR3-LoopBack0]ip add 3.3.3.3 32 [AR3-LoopBack0]q [AR3]ping 10.1.3.4
AR4
[AR4]int g0/0/0 [AR4-GigabitEthernet0/0/0]ip add 10.1.3.4 24 [AR4-GigabitEthernet0/0/0]q [AR4]int loo [AR4]int LoopBack 0 [AR4-LoopBack0]ip add 4.4.4.4 32 [AR4-LoopBack0]q
(3)配置OSPF动态路由协议
AR1
[AR1]ospf 1 router-id 1.1.1.1 #进程内设router-id [AR1-ospf-1]area 1 [AR1-ospf-1-area-0.0.0.1]network 10.1.1.0 0.0.0.255 [AR1-ospf-1-area-0.0.0.1]network 1.1.1.1 0.0.0.0
AR2
[AR2]ospf 1 router-id 2.2.2.2 [AR2-ospf-1]area 1 [AR2-ospf-1-area-0.0.0.1]network 10.1.1.0 0.0.0.255 [AR2-ospf-1-area-0.0.0.1]network 2.2.2.2 0.0.0.0 [AR2-ospf-1-area-0.0.0.1]q [AR2-ospf-1]area 0 [AR2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255
AR3
[AR3]ospf 1 router-id 3.3.3.3 [AR3-ospf-1]area 0 [AR3-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255 [AR3-ospf-1-area-0.0.0.0]q [AR3-ospf-1]area 2 [AR3-ospf-1-area-0.0.0.2]network 3.3.3.3 0.0.0.0 [AR3-ospf-1-area-0.0.0.2]network 10.1.3.0 0.0.0.255
AR4
[AR4]router id 4.4.4.4 #全局设router-id Info: Router ID has been modified, please reset the relative protocols manually to update the Router ID. [AR4]ospf 1 [AR4-ospf-1]area 2 [AR4-ospf-1-area-0.0.0.2]network 10.1.3.0 0.0.0.255 [AR4-ospf-1-area-0.0.0.2]network 4.4.4.4 0.0.0.0
(4)查看邻居关系和路由表
dis ospf peer #查看邻接关系 dis ip routing-table #查看路由表
(5)测试
ping 测试全网互通
14.OSPF通过虚链路实现跨区域连接
实验配置:五台AR3260路由器
说明:默认情况下,通过OSPF动态路由协议连接的路由器只有和area 0相连的路由器才可以互相通信,但是我们可以通过在area 0和area 3之间建立虚链路来进行通信,虚链路只能跨一个区域。
(1)初始化配置
undo terminal monitor system-view sysname AR1/2/3/4/5 user-interface console 0 idle-timeout 0 0
q
(2)配置IP并测试直连
AR1
[AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 12.1.1.1 24 [AR1-GigabitEthernet0/0/0]q [AR1]int LoopBack 0 [AR1-LoopBack0]ip add 1.1.1.1 32
AR2
[AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 12.1.1.2 24 [AR2-GigabitEthernet0/0/0]q [AR2]int LoopBack 0 [AR2-LoopBack0]ip add 2.2.2.2 32 [AR2-LoopBack0]q [AR2]int g0/0/1 [AR2-GigabitEthernet0/0/1]ip add 23.1.1.2 24
AR3
[AR3]int g0/0/1 [AR3-GigabitEthernet0/0/1]ip add 23.1.1.3 24 [AR3-GigabitEthernet0/0/1]q [AR3]int LoopBack 0 [AR3-LoopBack0]ip add 3.3.3.3 32 [AR3-LoopBack0]q [AR3]int g0/0/0 [AR3-GigabitEthernet0/0/0]ip add 34.1.1.3 24
AR4
[AR4]int g0/0/0 [AR4-GigabitEthernet0/0/0]ip add 34.1.1.4 24 [AR4-GigabitEthernet0/0/0]q [AR4]int LoopBack 0 [AR4-LoopBack0]ip add 4.4.4.4 32 [AR4-LoopBack0]q [AR4]int g0/0/1 [AR4-GigabitEthernet0/0/1]ip add 45.1.1.4 24
AR5
[AR5]int g0/0/1 [AR5-GigabitEthernet0/0/1]ip add 45.1.1.5 24 [AR5-GigabitEthernet0/0/1]q [AR5]int LoopBack 0 [AR5-LoopBack0]ip add 5.5.5.5 32
(3)配置OSPF路由协议
AR1
[AR1]ospf 1 router-id 1.1.1.1 [AR1-ospf-1]area 1 [AR1-ospf-1-area-0.0.0.1]network 12.1.1.0 0.0.0.255 [AR1-ospf-1-area-0.0.0.1]network 1.1.1.1 0.0.0.0
AR2
[AR2]ospf 1 router-id 2.2.2.2 [AR2-ospf-1]area 1 [AR2-ospf-1-area-0.0.0.1]network 12.1.1.0 0.0.0.255 [AR2-ospf-1-area-0.0.0.1]q [AR2-ospf-1]area 0 [AR2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255 [AR2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
AR3
[AR3]ospf 1 router-id 3.3.3.3 [AR3-ospf-1]area 0 [AR3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0 [AR3-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255 [AR3-ospf-1-area-0.0.0.0]q [AR3-ospf-1]area 2 [AR3-ospf-1-area-0.0.0.2]network 34.1.1.0 0.0.0.255
AR4
[AR4]ospf 1 router-id 4.4.4.4 [AR4-ospf-1]area 2 [AR4-ospf-1-area-0.0.0.2]network 34.1.1.0 0.0.0.255 [AR4-ospf-1-area-0.0.0.2]network 4.4.4.4 0.0.0.0 [AR4-ospf-1-area-0.0.0.2]q [AR4-ospf-1]area 3 [AR4-ospf-1-area-0.0.0.3]network 45.1.1.0 0.0.0.255
AR5
[AR5]ospf 1 router-id 5.5.5.5 [AR5-ospf-1]area 3 [AR5-ospf-1-area-0.0.0.3]network 45.1.1.0 0.0.0.255 [AR5-ospf-1-area-0.0.0.3]network 5.5.5.5 0.0.0.0
(4)area 2配置虚链路
AR3
[AR3]ospf 1 [AR3-ospf-1]area 2 [AR3-ospf-1-area-0.0.0.2]vlink-peer 4.4.4.4 #写的对方router-id
AR4
[AR4]ospf 1 [AR4-ospf-1]area 2 [AR4-ospf-1-area-0.0.0.2]vlink-peer 3.3.3.3
(5)测试
ping 测试全网互通
15.rip和ospf通过重分发实现互联互通
实验配置:在14实验的基础上加一个AR3260
说明:AR5和AR6配置rip动态路由协议
(1)AR6初始配置
undo terminal monitor system-view sysname AR6 user-interface console 0 idle-timeout 0 0 q
(2)接口配置IP并测试直连
AR5
[AR5]int g0/0/0 [AR5-GigabitEthernet0/0/0]ip add 56.1.1.5 24 [AR5-GigabitEthernet0/0/0]q
AR6
[AR6]int g0/0/0 [AR6-GigabitEthernet0/0/0]ip add 56.1.1.6 24 [AR6-GigabitEthernet0/0/0]q [AR6]int LoopBack 0 [AR6-LoopBack0]ip add 6.6.6.6 32 [AR6-LoopBack0]q
(3)配置RIP协议
AR5
[AR5]rip [AR5-rip-1]version 2 [AR5-rip-1]undo summary
[AR5-rip-1]network 56.0.0.0
AR6
[AR6]rip [AR6-rip-1]version 2 [AR6-rip-1]undo summary [AR6-rip-1]dis this [V200R003C00] # rip 1 undo summary version 2 # return [AR6-rip-1]network 56.0.0.0 [AR6-rip-1]network 6.0.0.0
(4)AR5配置重分发
AR5
[AR5]ospf 1 [AR5-ospf-1]import-route rip 1 cost 100 [AR5-ospf-1]q [AR5]rip [AR5-rip-1]import-route ospf 1 cost 0
(5)测试全网互通
在AR1上
ping -a 1.1.1.1 6.6.6.6
(6)area 3 做 NSSA
AR4
[AR4]ospf 1 [AR4-ospf-1]area 3 [AR4-ospf-1-area-0.0.0.3]nssa
dis ospf lsdb asbr #4类LSA存在
dis ospf lsdb ase #5类LSA存在
dis ospf lsdb nssa #7类LSA存在
AR5
[AR5]ospf 1 [AR5-ospf-1]area 3 [AR5-ospf-1-area-0.0.0.3]nssa
dis ospf lsdb asbr #4类LSA没了
dis ospf lsdb ase #5类LSA还在
dis ospf lsdb nssa #生成了7类LSA
AR3
dis ospf lsdb asbr #4类LSA存在
dis ospf lsdb ase #5类LSA存在
dis ospf lsdb nssa #7类LSA不存在
AR4
[AR4]ospf [AR4-ospf-1]area 3 [AR4-ospf-1-area-0.0.0.3]nssa no-summary #完全次末节
AR5
[AR5]rip [AR5-rip-1]default-route originate cost 0 #rip里下发默认路由给rip邻居 [AR5-rip-1]dis this
(7)area 1 做末梢STUB
简化路由
AR1
[AR1]ospf 1 [AR1-ospf-1]area 1 [AR1-ospf-1-area-0.0.0.1]stub
AR2
[AR2]ospf 1 [AR2-ospf-1]area 1 [AR2-ospf-1-area-0.0.0.1]stub no-summary
16.使用三层交换机开启DHCP功能给下接PC分配地址
实验配置:一台三层交换机,4台PC
(1)交换机初始化命令
undo terminal monitor system-view sysname SW1 user-interface console 0 idle-timeout 0 0 q
(2)交换机将接口分配到VLAN中
vlan bat 10 20 int g0/0/1 port link-type access port default vlan 10 q int g0/0/2 port link-type access port default vlan 20 q int g0/0/3 port link-type access port default vlan 10 q int g0/0/4 port link-type access port default vlan 20 q
(3)全局开启DHCP
dhcp enable
(4)vlan10用方法1配置DHCP
int vlan 10 ip add 192.168.10.1 255.255.255.0 dhcp select interface dhcp server dns-list 8.8.8.8 218.2.135.1
(5)vlan20用方法2配置DHCP
ip pool dhcp2 network 192.168.20.0 mask 24 gateway-list 192.168.20.1 dns-list 4.4.4.4 114.114.114.114 lease day 7 int vlan 20 ip add 192.168.20.1 255.255.255.0 dhcp select global
(6)4台PC开启dhcp配置
(7)验证
PC命令行输入ipconfig查看是否有ip
17.DHCP中继
实验配置:一台三层交换机,两台二层交换机,一台普通路由器,4台PC
(1)初始化命令
undo terminal monitor system-view sysname xxx user-interface console 0 idle-timeout 0 0 q
(2)二层交换机配置
LSW2
[SW2]vlan bat 10 20 [SW2]int e0/0/1 [SW2-Ethernet0/0/1]port link-type access [SW2-Ethernet0/0/1]port default vlan 10 [SW2-Ethernet0/0/1]q [SW2]int e0/0/2 [SW2-Ethernet0/0/2]port link-type access [SW2-Ethernet0/0/2]port default vlan 20 [SW2-Ethernet0/0/2]q [SW2]int g0/0/1 [SW2-GigabitEthernet0/0/1]port link-type trunk [SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all [SW2-GigabitEthernet0/0/1]q
LSW3
[SW3]vlan bat 10 20 [SW3]int e0/0/1 [SW3-Ethernet0/0/1]port link-type access [SW3-Ethernet0/0/1]port default vlan 10 [SW3-Ethernet0/0/1]q [SW3]int e0/0/2 [SW3-Ethernet0/0/2]port link-type access [SW3-Ethernet0/0/2]port default vlan 20 [SW3-Ethernet0/0/2]q [SW3]int g0/0/1 [SW3-GigabitEthernet0/0/1]port link-type trunk [SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan all [SW3-GigabitEthernet0/0/1]q
(3)三层交换机LSW1配置
[SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type trunk [SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all [SW1-GigabitEthernet0/0/1]q [SW1]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type trunk [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all [SW1-GigabitEthernet0/0/2]q [SW1]vlan bat 10 20 100 [SW1]int vlan 10 [SW1-Vlanif10]ip add 192.168.10.1 24 [SW1-Vlanif10]q [SW1]int vlan 20 [SW1-Vlanif20]ip add 192.168.20.1 24 [SW1-Vlanif20]q [SW1]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 100 [SW1-GigabitEthernet0/0/3]q [SW1]int vlan 100 [SW1-Vlanif100]ip add 10.10.10.1 24 [SW1-Vlanif100]q [SW1]dhcp enable [SW1]int vlan 10 [SW1-Vlanif10]dhcp select relay [SW1-Vlanif10]dhcp relay server-ip 10.10.10.2 [SW1-Vlanif10]q [SW1]int vlan 20 [SW1-Vlanif20]dhcp select relay [SW1-Vlanif20]dhcp relay server-ip 10.10.10.2 [SW1-Vlanif20]q
(4)路由器R1配置
[R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 10.10.10.2 24 [R1-GigabitEthernet0/0/0]undo shutdown [R1-GigabitEthernet0/0/0]q [R1]dhcp enable [R1]ip pool dhcp1 [R1-ip-pool-dhcp1]network 192.168.10.0 mask 24 [R1-ip-pool-dhcp1]gateway-list 192.168.10.1 [R1-ip-pool-dhcp1]dns-list 8.8.8.8 192.168.10.1 [R1-ip-pool-dhcp1]lease day 7 [R1-ip-pool-dhcp1]q [R1]ip pool dhcp2 [R1-ip-pool-dhcp2]network 192.168.20.0 mask 24 [R1-ip-pool-dhcp2]gateway-list 192.168.20.1 [R1-ip-pool-dhcp2]dns-list 114.114.114.114 192.168.20.1 [R1-ip-pool-dhcp2]lease day 7 [R1-ip-pool-dhcp2]q [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]dhcp select global [R1-GigabitEthernet0/0/0]q [R1]ip route-static 192.168.10.0 24 10.10.10.1 [R1]ip route-static 192.168.20.0 24 10.10.10.1
(5)PC配置
4台PC打开DHCP
(6)验证
PC命令行输入ipconfig查看是否有ip
18.VRRP实验
实验配置:一台普通路由器,两台三层交换机,一台二层交换机,两台PC
(1)路由器交换机初始化配置
undo terminal monitor system-view sysname xxx user-interface console 0 idle-timeout 0 0 q
(2)二层交换机配置L2-SW3
vlan bat 10 20 int e0/0/1 port link-type access port default vlan 10 int e0/0/2 port link-type access port default vlan 20 q int g0/0/1 port link-type trunk port trunk allow-pass vlan all q int g0/0/2 port link-type trunk port trunk allow-pass vlan all q
(3)三层交换机配置
L3-SW1
vlan bat 10 20 100 int g0/0/1 port link-type trunk port trunk allow-pass vlan all q int g0/0/2 port link-type access port default vlan 100 q int vlan 10 ip add 192.168.10.10 24 vrrp vrid 1 virtual-ip 192.168.10.1 vrrp vrid 1 priority 105 vrrp vrid 1 track interface g0/0/2 q int vlan 20 ip add 192.168.20.10 24 vrrp vrid 2 virtual-ip 192.168.20.1 vrrp vrid 2 track interface g0/0/2 q int vlan 100 ip add 10.10.10.1 24 q ip route-static 1.1.1.1 32 10.10.10.254 q
L3-SW2
vlan bat 10 20 200 int g0/0/1 port link-type trunk port trunk allow-pass vlan all q int g0/0/2 port link-type access port default vlan 200 q int vlan 10 ip add 192.168.10.11 24 vrrp vrid 1 virtual-ip 192.168.10.1 #此处不需要设优先级 vrrp vrid 1 track interface g0/0/2 q int vlan 20 ip add 192.168.20.11 24 vrrp vrid 2 virtual-ip 192.168.20.1 vrrp vrid 2 priority 105 vrrp vrid 2 track interface g0/0/2 q int vlan 200 ip add 20.20.20.2 24 q ip route-static 1.1.1.1 32 20.20.20.254 q
(4)路由器配置
int g0/0/0 ip add 10.10.10.254 24 q int g0/0/1 ip add 20.20.20.254 24 q int loop 0 ip add 1.1.1.1 32 q ip route-static 192.168.10.0 24 10.10.10.1 ip route-static 192.168.10.0 24 20.20.20.2 preference 65 ip route-static 192.168.20.0 24 20.20.20.2 ip route-static 192.168.20.0 24 10.10.10.1 preference 65 q
(5)PC配置
PC1
192.168.10.100 255.255.255.0 192.168.10.1
PC2
192.168.20.100 255.255.255.0 192.168.20.1
(6)验证
PC1 ping/tracert PC2
断开修复上行链路查看路由表
dis ip routing-table
dis vrrp 1/2
19.ACL实验
实验配置:一台服务器,四台客户机,两台AR路由器,一台二层交换机
(1)初始化配置
undo terminal monitor system-view sysname xxx user-interface console 0 idle-timeout 0 0 q
(2)二层交换机配置
vlan bat 10 20 int e0/0/1 port link-type access port default vlan 10 q int e0/0/2 port link-type access port default vlan 20 q int e0/0/3 port link-type access port default vlan 10 q int e0/0/4 port link-type access port default vlan 20 q int g0/0/1 port link-type trunk port trunk allow-pass vlan all q
(3)AR路由器配置
AR1
int g0/0/0 undo shutdown int g0/0/0.10 dot1q termination vid 10 ip add 192.168.10.1 24 traffic-filter inbound acl 3000 arp broadcast enable q int g0/0/0.20 dot1q termination vid 20 ip add 192.168.20.1 24 traffic-filter outbound acl 2000 arp broadcast enable q acl 2000 rule 5 deny source 192.168.10.0 0.0.0.255 q int g0/0/1 ip add 12.1.1.1 24 q ip route-static 202.10.100.0 24 12.1.1.2 acl 3000 rule deny tcp source 192.168.10.10 0.0.0.0 destination 202.10.100.100 destination-port 0.0.0.0 eq 21 rule permit ip source any destination any rule 6 per tcp source any destination any destination-port eq ftp
AR2
int g0/0/0 ip add 12.1.1.2 24 q int g0/0/1 ip add 202.10.100.2 24 q ip route-static 192.168.10.0 24 12.1.1.1 ip route-static 192.168.20.0 24 12.1.1.1
(4)测试
PC1无法ping通vlan20中的机器
服务器开启ftp服务
PC1无法登录ftp服务器但是可以ping通,禁用了21端口,网络是连通的
20.静态NAT和动态NAT(PAT)
静态NAT:一个内网地址对应一个公网地址
动态NAT:多个内网地址对应多个公网地址
实验配置:一台PC,一台Client,一台二层交换机,两台AR路由器,一台服务器
---静态NAT
(1) 初始化配置
undo terminal monitor system-view sysname XXX user-interface console 0 idle-timeout 0 0 q
(2)用户端配置
---Client1
192.168.100.10 192.168.100.1
---PC1
192.168.100.20 255.255.255.0 192.168.100.1
(3)出口网关配置
int g0/0/0 ip add 192.168.100.1 24 q int g0/0/1 ip add 12.1.1.1 24 q ip route-static 0.0.0.0 0 12.1.1.2 int g0/0/1 nat static global 100.10.10.105 inside 192.168.100.10 netmask 255.255.255.255 q
(4)ISP配置
int g0/0/0 ip add 12.1.1.2 24 q int g0/0/1 ip add 110.10.20.2 24 ip route-static 100.10.10.105 32 12.1.1.1
(5)WEB服务器配置
110.10.20.100 110.10.20.2
(6)验证静态NAT
client可以和服务器通信
PC不能和服务器通信
---动态NAT配置(在静态NAT基础上)
(7)清除静态NAT配置
#出口网关删除静态NAT命令 int g0/0/1 undo nat static global 100.10.10.105 inside 192.168.100.10 netmask 255.255.255.255 q #ISP删除回执路由 undo ip route-static 100.10.10.105 32 12.1.1.1
(8)出口网关配置
nat address-group 1 100.100.100.10 100.100.100.12 acl 2000 rule permit source 192.168.100.0 0.0.0.255 q int g0/0/1 nat outbound 2000 address-group 1 q
(9)ISP配置
ip route-static 100.100.100.0 24 12.1.1.1
(10)WEB启动http服务
client客户端信息验证是否能连接server http://110.10.20.100/default.htm
21.Easyip实验
Easyip:多个内网地址对一个接口
实验配置:两个PC,一个二层交换机,两个AR路由器,一个
(1)初始化配置
undo terminal monitor system-view sysname XXX user-interface console 0 idle-timeout 0 0 q
(2)二层交换机配置
vlan bat 100 200 int e0/0/1 port link-type access port default vlan 100 q int e0/0/2 port link-type access port default vlan 200 q int g0/0/1 port link-type trunk port trunk allow-pass vlan all q
(3)AR1配置
int g0/0/0 undo shutdown int g0/0/0.10 dot1q termination vid 100 ip add 192.168.100.1 24 arp broadcast enable q int g0/0/0.20 dot1q termination vid 200 ip add 192.168.200.1 24 arp broadcast enable q int g0/0/1 ip add 12.1.1.1 24 q ip route-static 0.0.0.0 0 12.1.1.2 acl 2000 rule permit source 192.168.0.0 0.0.255.255 q int g0/0/1 nat outbound 2000 q
(4)AR2配置
int g0/0/1 ip add 202.10.100.2 24 q int g0/0/0 ip add 12.1.1.2 24 q
(5)PC配置
PC1 192.168.100.10 255.255.255.0 192.168.100.1 PC2 192.168.200.10 255.255.255.0 192.168.200.1
(6)Server配置
202.10.100.100 202.10.100.2
(7)验证
PC1/2都可以ping通服务器