华为1+x(中级)实验2


华为1+X《网络系统建设与运维(中级)》认证实验(2)

拓扑图

VLAN信息表:

LSW1 链路类型 VLAN参数 LSW2 链路类型 VLAN参数
GE0/0/1 Trunk Allow pass:10,20 GE0/0/1 Trunk Allow pass:10,20
GE0/0/2 Trunk Allow pass:10,20 GE0/0/2 Trunk Allow pass:10,20
Eth-Trunk 1 Trunk Allow pass:10,20 Eth-Trunk 1 Trunk Allow pass:10,20
GE0/0/3 Access VLAN 100 GE0/0/3 Access VLAN 101
LSW3 链路类型 VLAN参数 LSW4 链路类型 VLAN参数
GE0/0/1 Trunk Allow pass:10,20 GE0/0/1 Trunk Allow pass:10,20
GE0/0/2 Trunk Allow pass:10,20 GE0/0/2 Trunk allow pass:10,20
Eth0/0/1 Access VLAN 10 Eth0/0/1 Access VLAN 10
Eth0/0/2 Access VLAN 20 N/A N/A N/A

IP地址表:

R1 IP地址 R2 IP地址 R3 IP地址
GE0/0/1 10.1.12.2/30 GE0/0/1 10.1.100.2/30 GE0/0/1 10.1.101.2/30
GE0/0/2 10.1.13.2/30 GE0/0/2 10.1.11.1/30 GE0/0/2 10.1.11.2/30
GE0/0/3 172.16.1.2/30 GE0/0/3 10.1.12.1/30 GE0/0/3 10.1.13.1/30
SE0/0/1 10.2.14.2/30 Loopback0 10.1.2.2/32 Loopback0 10.1.3.3/32
Loopback0 10.1.1.1/32 N/A N/A N/A N/A
R4 IP地址 N/A N/A R5 IP地址
GE0/0/1 172.16.1.1/30 N/A N/A SE0/0/0 10.2.14.1/30
GE0/0/2 192.168.30.254/24 N/A N/A GE0/0/1 8.8.8.1/24
Loopback0 10.1.5.5/32 N/A N/A N/A N/A
LSW1 IP地址 N/A N/A LSW2 IP地址
vlan-if10 192.168.10.1/24 N/A N/A vlan-if10 192.168.10.2/24
vlna-if20 192.168.20.1/24 N/A N/A vlan-if20 192.168.20.2/24
vlan-if100 10.1.100.1/30 N/A N/A vlan-if100 10.1.101.1/30
Loopback0 10.1.6.6/32 N/A N/A Loopback0 10.1.7.7/32

链路聚合配置:

在LSW1与LSW2之间配置链路聚合。请通过Lacp模式实现二层链路聚合,成员接口为GE0/0/21、GE0/0/22和GE0/0/23,链路聚合接口ID为1。

LSW1:
[LSW1]interface Eth-Trunk 1
[LSW1-Eth-Trunk1]mode lacp-static 
[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/21 to 0/0/23
LSW2:
[LSW2]interface Eth-Trunk 1
[LSW2-Eth-Trunk1]mode lacp-static 
[LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/21 to 0/0/23

VLAN&Trunk配置:

在LSW3,LSW4创建vlan10和vlan20。
在 LSW1,LSW2创建vlan10,vlan20,vlan100,vlan101。注意LSW1不用创建vlan 101;LSW2不用创建vlan100。
根据VLAN配置表,将eth-trunk和交换机互联的链路配置为Trunk以及主机加入到对应VLAN中。并拒绝放行vlan1。

LSW1:
[LSW1]vlan batch 10 20 100
[LSW1]interface GigabitEthernet 0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk 
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW1-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1

LSW1]interface GigabitEthernet 0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk 
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[LSW1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[LSW1]interface Eth-Trunk 1
[LSW1-Eth-Trunk1]port link-type trunk 
[LSW1-Eth-Trunk1]port trunk allow-pass vlan 10 20
[LSW1-Eth-Trunk1]undo port trunk allow-pass vlan 1
[LSW1]interface GigabitEthernet 0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access 
[LSW1-GigabitEthernet0/0/3]port default vlan 100
LSW2:
[LSW2]vlan batch 10 20 101
[LSW2]interface GigabitEthernet 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk 
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW2-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1

[LSW2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[LSW2-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[LSW2]interface Eth-Trunk 1
[LSW2-Eth-Trunk1]port link-type trunk
[LSW2-Eth-Trunk1]port trunk allow-pass vlan 10 20
[LSW2-Eth-Trunk1]undo port trunk allow-pass vlan 1
[LSW2]interface GigabitEthernet 0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type access
[LSW2-GigabitEthernet0/0/3]port default vlan 101
LSW3:
[LSW3]vlan batch 10 20
[LSW3]interface GigabitEthernet 0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type trunk
[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW3-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1

[LSW3]interface GigabitEthernet 0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type trunk
[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[LSW3-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[LSW3]interface Ethernet0/0/1
[LSW3-Ethernet0/0/2]port link-type access
[LSW3-Ethernet0/0/1]port default vlan 10
[LSW3]interface Ethernet0/0/2
[LSW3-Ethernet0/0/2]port link-type access
[LSW3-Ethernet0/0/1]port default vlan 20
LSW4:
[LSW4]vlan batch 10 20
[LSW4]interface GigabitEthernet 0/0/1
[LSW4-GigabitEthernet0/0/1]port link-type trunk
[LSW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW4-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1

LSW4]interface GigabitEthernet 0/0/2
[LSW4-GigabitEthernet0/0/2]port link-type trunk
[LSW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[LSW4-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[LSW4]interface Ethernet0/0/1
[LSW4-Ethernet0/0/1]port link-type access 
[LSW4-Ethernet0/0/1]port default vlan 10

RSTP 协议配置:

LSW1,LSW2,LSW3,LSW3运行RSTP协议,将LSW1配置为根桥,优先级为4096,LSW2配置为备份根桥,优先级为8192。

将交换机连接PC的端口配置为边缘端口,可以快速进入到转发状态,并在LSW3,LSW4上启用BPDU防护功能。

将必要的接入层设备接口开销改为200000,并开启环路防护功能。

在LSW1和LSW2的G0/0/3端口上启用STP的根防护功能。

LSW1:
[LSW1]stp mode rstp
[LSW1]stp priority 4096
[LSW1]interface GigabitEthernet 0/0/3
[LSW1-GigabitEthernet0/0/3]stp root-protection 
LSW2:
[LSW2]stp mode rstp
[LSW2]stp priority 8192
[LSW2]interface GigabitEthernet 0/0/3
[LSW2-GigabitEthernet0/0/3]stp root-protection 
LSW3:
[LSW3]stp mode rstp
[LSW3]stp bpdu-protection
[LSW3]interface Ethernet0/0/1
[LSW3-Ethernet0/0/1]stp edged-port enable

[LSW3]interface Ethernet0/0/2
[LSW3-Ethernet0/0/2]stp edged-port enable
[LSW3]interface GigabitEthernet 0/0/1
[LSW3-GigabitEthernet0/0/1]stp cost 200000
[LSW3-GigabitEthernet0/0/1]stp loop-protection

[LSW3]interface GigabitEthernet 0/0/2
[LSW3-GigabitEthernet0/0/2]stp cost 200000
[LSW3-GigabitEthernet0/0/2]stp loop-protection
LSW4:
[LSW4]stp mode rstp
[LSW4]stp bpdu-protection
[LSW4]interface Ethernet0/0/1
[LSW4-Ethernet0/0/1]stp edged-port enable
[LSW4]interface GigabitEthernet 0/0/1
[LSW4-GigabitEthernet0/0/1]stp cost 200000
[LSW4-GigabitEthernet0/0/1]stp loop-protection

[LSW4]interface GigabitEthernet 0/0/2
[LSW4-GigabitEthernet0/0/2]stp cost 200000
[LSW4-GigabitEthernet0/0/2]stp loop-protection

IP地址配置:

R1:
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.1.12.2 30

[R1]interface GigabitEthernet0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.1.13.2 30

[R1]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3]ip address 172.16.1.2 30
[R1]interface Serial 0/0/1
[R1-Serial0/0/1]ip address 10.2.14.2 30
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 10.1.1.1 32
R2:
[R2]interface GigabitEthernet0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.1.100.2 30

[R2]interface GigabitEthernet0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.1.11.1 30

[R2]interface GigabitEthernet0/0/3
[R2-GigabitEthernet0/0/3]ip address 10.1.12.1 30
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.1.2.2 32
R3:
[R3]interface GigabitEthernet0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.1.101.2 30

[R3]interface GigabitEthernet0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.1.11.2 30

[R3]interface GigabitEthernet0/0/3
[R3-GigabitEthernet0/0/3]ip address 10.1.13.1 30
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.1.3.3 32
R4:
[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1]ip address 172.16.1.1 30

[R4]interface GigabitEthernet0/0/2
[R4-GigabitEthernet0/0/2]ip address 192.168.30.254 24
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.1.5.5 32
R5:
[R5]interface Serial 0/0/0
[R5-Serial0/0/0]ip address 10.2.14.1 30
[R5]interface GigabitEthernet0/0/1
[R5-GigabitEthernet0/0/1]ip address 8.8.8.1 24
LSW1:
[LSW1]interface Vlanif 10
[LSW1-Vlanif10]ip address 192.168.10.1 24

[LSW1]interface Vlanif 20
[LSW1-Vlanif20]ip address 192.168.20.1 24

[LSW1]interface Vlanif 100
[LSW1-Vlanif100]ip address 10.1.100.1 30
[LSW1]interface LoopBack 0
[LSW1-LoopBack0]ip address 10.1.6.6 32
LSW2:
[LSW2]interface Vlanif 10
[LSW2-Vlanif10]ip address 192.168.10.2 24

[LSW2]interface Vlanif 20
[LSW2-Vlanif20]ip address 192.168.20.2 24

[LSW2]interface Vlanif 101
[LSW2-Vlanif101]ip address 10.1.101.1 30
[LSW2]interface LoopBack 0
[LSW2-LoopBack0]ip address 10.1.7.7 32

PC1

PC2

PC3

PC4

PC5

VRRP配置:

在LSW1和LSW2上配置VRRP协议,Vlan10的vrid为1;Vlan20的vrid为2,Vlan10/VLAN20虚拟网关地址为:192.168.10.254/20.254。在LSW1和LSW2上配置VRRP协议,Vlan10的vrid为1;Vlan20的vrid为2,Vlan10/VLAN20虚拟网关地址192.168.10.254/20.254。

LSW1为VLAN10主网关,Vlan20的备份网关,LSW2为VLAN20主网关,VLAN10的备份网关。主网关的优先级均为120。

为了防止上行链路失效,当LSW1和LSW2的G0/0/3接口失效,则主网关优先级自己下降30。

为了保证安全性,启动VRRP认证,vrid 1使用md5认证,密码为huawei, vrid2使用明文认证,密码为huawei。

LSW1:
[LSW1]interface Vlanif 10
[LSW1-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[LSW1-Vlanif10]vrrp vrid 1 priority 120
[LSW1-Vlanif10]vrrp vrid 1 track interface GigabitEthernet 0/0/3 reduced 30
[LSW1-Vlanif10]vrrp vrid 1 authentication-mode md5 hauwei
[LSW1]interface Vlanif 20
[LSW1-Vlanif20]vrrp vrid 2 authentication-mode simple hauwei
LSW2:
[LSW2]interface Vlanif 10
[LSW2-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254
[LSW2-Vlanif10]vrrp vrid 1 authentication-mode md5 huawei
[LSW2]interface Vlanif 20
[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254
[LSW2-Vlanif20]vrrp vrid 2 priority 120
[LSW2-Vlanif20]vrrp vrid 2 track interface GigabitEthernet 0/0/3 reduced 30
[LSW2-Vlanif20]vrrp vrid 2 authentication-mode simple hauwei

OSPF配置:

在R1、R2、R3、R4、LSW1、LSW2配置OSPF协议,配置为骨干区域,进程号为1,Router ID为Loopback0接口地址。
除了R1和教育网路由器R5互联的接口之外其他所有接口都要加入的区域0中,所有接口采用精确宣告的方式。
配置OSPF区域认证,认证方式为md5,密钥号为1,加密方式为ciper密码为huawei。
配置R1的G0/0/1接口的优先级为最高,使其成为 DR。
在LSW1和LSW2上将Vlanif10和Vlanif20的OSPF开销修改为100。将R2和R1之间的链路OSPF开销修改为100。
将R1和R4的链路配置为P2P链路。

R1:
[R1]ospf 1 router-id 10.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.1.12.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.1.13.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ospf dr-priority 255

[R1]interface GigabitEthernet0/0/3
[R1-GigabitEthernet0/0/3]ospf network-type p2p
R2:
[R2]ospf 1 router-id 10.1.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.1.100.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.1.11.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.1.12.1 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.1.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
R3:
[R3]ospf 1 router-id 10.1.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.1.101.2 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.1.11.2 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 10.1.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
R4:
[R4]ospf 1 router-id 10.1.5.5
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 192.168.30.254 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 10.1.5.5 0.0.0.0
[R4-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[R4]interface GigabitEthernet0/0/1
[R4-GigabitEthernet0/0/1]ospf network-type p2p
LSW1:
[LSW1]ospf 1 router-id 10.1.6.6
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 192.168.10.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 192.168.20.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.100.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.6.6 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[LSW1]interface Vlanif 10
[LSW1-Vlanif10]ospf cost 100

[LSW1]interface Vlanif 20
[LSW1-Vlanif20]ospf cost 100
LSW2:
[LSW2]ospf 1 router-id 10.1.7.7
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 192.168.10.2 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 192.168.20.2 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.101.1 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.7.7 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher huawei
[LSW2]interface Vlanif 10
[LSW2-Vlanif10]ospf cost 100

[LSW2]interface Vlanif 20
[LSW2-Vlanif20]ospf cost 100

CHAP认证配置:

配置CHAP认证,R5做为认证方,R1做为被认证方,用户名为huawei密码为Huawei123密码模式为 cipher。

R1:
[R1]interface Serial 0/0/1
[R1-Serial0/0/1]link-protocol ppp 
[R1-Serial0/0/1]ppp chap user huawei
[R1-Serial0/0/1]ppp chap password cipher Huawei123
R5:
[R5]aaa
[R5-aaa]local-user huawei password cipher Huawei123
[R5-aaa]local-user huawei service-type ppp 
[R5]interface Serial 0/0/0
[R5-Serial0/0/0]link-protocol ppp
[R5-Serial0/0/0]ppp authentication-mode chap

静态路由配置:

在R1配置静态路由,使得能访问PC5,下一跳为R5。
在R5上配置去往PC4网段的静态路由,使得教育网能访问校园网PC4,访问校园网其他网段时采用缺省路由。
在R1引入静态路由到OSPF网络中,开销类型为2。

R1:
[R1]ip route-static 8.8.8.0 24 10.2.14.1
[R1]ospf 1
[R1-ospf-1]import-route static type 2
R5:
[R5]ip route-static 192.168.30.0 24 10.2.14.2
[R5]ip route-static 0.0.0.0 0 10.2.14.2 preference 61

文章作者: Naraku
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 Naraku !
  目录