HCIA复习作业

news2026/3/26 17:43:48

一、实验拓扑二、实验需求1.学校内HTTP客户端可以正常通过域名www.baidu.com访问百度的服务器2.学校网络内部基于192.168.1.0/24划分PC1可以访问3.3.3.0/24网段PC2不允许3.学校内部使用静态路由R1和R2之间浮动静态路由4.运营商使用动态路由协议5.AR1可以被telnet三、需求分析二层与网关LSW1 负责 VLAN 接入AR2 作为三层网关通过单臂路由子接口实现 VLAN 间通信。路由策略内网使用静态路由。主路由优先级 60备路由优先级设置为 100数值越大优先级越低。运营商各接口宣告进 OSPF Area 0确保 ISP 内部路由动态刷新。地址转换Easy IP (NAT)在 AR1 的出接口配置转换内网私网地址。NAT Server在 AR6 配置将内网 172.16.1.1 的 80 端口静态映射到公网 IP 56.0.0.6。安全控制在 AR2 的 VLAN 3 子接口应用入方向 ACL匹配 PC2 的 IP 并拒绝其去往特定网段的数据包。四、设备详细配置配置vlanHuaweisys Enter system view, return user view with CtrlZ. [Huawei]sys LSW1 [LSW1]vlan batch 2 3 Info: This operation may take a few seconds. Please wait for a moment...done. [LSW1]interface GigabitEthernet 0/0/1 [LSW1-GigabitEthernet0/0/1]port link-type access [LSW1-GigabitEthernet0/0/1]port default vlan 3 [LSW1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [LSW1-GigabitEthernet0/0/2]port link-type access [LSW1-GigabitEthernet0/0/2]port default vlan 3 [LSW1-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3 [LSW1-GigabitEthernet0/0/3]port link-type access [LSW1-GigabitEthernet0/0/3]port default vlan 2 [LSW1-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/4 [LSW1-GigabitEthernet0/0/4]port link-type trunk [LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3AR2Huawei sys [Huawei] sysn AR2 [AR2] interface GigabitEthernet0/0/0.2 [AR2-GigabitEthernet0/0/0.2] dot1q termination vid 2 [AR2-GigabitEthernet0/0/0.2] ip address 192.168.1.65 26 [AR2-GigabitEthernet0/0/0.2] arp broadcast enable [AR2] interface GigabitEthernet0/0/0.3 [AR2-GigabitEthernet0/0/0.3] dot1q termination vid 3 [AR2-GigabitEthernet0/0/0.3] ip address 192.168.1.1 26 [AR2-GigabitEthernet0/0/0.3] arp broadcast enable [AR2] interface GigabitEthernet0/0/1 [AR2-GigabitEthernet0/0/1] ip address 192.168.1.129 26 [AR2] interface GigabitEthernet0/0/2 [AR2-GigabitEthernet0/0/2] ip address 192.168.1.193 26 [AR2] acl 3000 [AR2-acl-adv-3000] rule deny ip source 192.168.1.2 0 destination 3.3.3.0 0.0.0.255 [AR2-acl-adv-3000] rule permit ip [AR2] interface GigabitEthernet0/0/0.3 [AR2-GigabitEthernet0/0/0.3] traffic-filter inbound acl 3000 [AR2] ip route-static 0.0.0.0 0.0.0.0 192.168.1.130 [AR2] ip route-static 0.0.0.0 0.0.0.0 192.168.1.194 preference 100AR1Huawei sys [Huawei] sys AR1 [AR1] interface GigabitEthernet0/0/0 [AR1-GigabitEthernet0/0/0] ip address 192.168.1.130 26 [AR1] interface GigabitEthernet0/0/2 [AR1-GigabitEthernet0/0/2] ip address 192.168.1.194 26 [AR1] interface GigabitEthernet0/0/1 [AR1-GigabitEthernet0/0/1] ip address 13.0.0.1 24 [AR1] ip route-static 192.168.1.0 255.255.255.0 192.168.1.129 [AR1] ip route-static 192.168.1.0 255.255.255.0 192.168.1.193 preference 100 # 默认路由指向运营商 [AR1] ip route-static 0.0.0.0 0.0.0.0 13.0.0.2 # NAT 配置 [AR1] acl 2000 [AR1-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255 [AR1] interface GigabitEthernet0/0/1 [AR1-GigabitEthernet0/0/1] nat outbound 2000 # Telnet 服务 [AR1] user-interface vty 0 4 [AR1-ui-vty0-4] authentication-mode password [AR1-ui-vty0-4] set authentication password cipher admin123 [AR1-ui-vty0-4] user privilege level 3AR3Huawei sys [Huawei] sys AR3 [AR3] interface GigabitEthernet0/0/0 [AR3-GigabitEthernet0/0/0] ip address 13.0.0.2 24 [AR3] interface GigabitEthernet0/0/1 [AR3-GigabitEthernet0/0/1] ip address 34.0.0.3 24 [AR3] interface GigabitEthernet0/0/2 [AR3-GigabitEthernet0/0/2] ip address 35.0.0.3 24 [AR3] interface LoopBack 0 [AR3-LoopBack0] ip address 3.3.3.3 24 [AR3] ospf 1 router-id 3.3.3.3 [AR3-ospf-1] area 0 [AR3-ospf-1-area-0.0.0.0] network 3.3.3.0 0.0.0.255 [AR3-ospf-1-area-0.0.0.0] network 34.0.0.0 0.0.0.255 [AR3-ospf-1-area-0.0.0.0] network 35.0.0.0 0.0.0.255AR4Huawei sys [Huawei] sys AR4 [AR4] interface GigabitEthernet0/0/0 [AR4-GigabitEthernet0/0/0] ip address 34.0.0.4 24 [AR4] interface GigabitEthernet0/0/1 [AR4-GigabitEthernet0/0/1] ip address 100.1.1.2 24 [AR4] ospf 1 router-id 4.4.4.4 [AR4-ospf-1] area 0 [AR4-ospf-1-area-0.0.0.0] network 34.0.0.0 0.0.0.255 [AR4-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255AR5Huawei sys [Huawei] sys AR5 [AR5] interface GigabitEthernet0/0/0 [AR5-GigabitEthernet0/0/0] ip address 35.0.0.5 24 [AR5] interface GigabitEthernet0/0/1 [AR5-GigabitEthernet0/0/1] ip address 56.0.0.5 24 [AR5] ospf 1 router-id 5.5.5.5 [AR5-ospf-1] area 0 [AR5-ospf-1-area-0.0.0.0] network 35.0.0.0 0.0.0.255 [AR5-ospf-1-area-0.0.0.0] network 56.0.0.0 0.0.0.255AR6Huawei sys [Huawei] sys AR6 [AR6] interface GigabitEthernet0/0/0 [AR6-GigabitEthernet0/0/0] ip address 56.0.0.6 24 [AR6] interface GigabitEthernet0/0/1 [AR6-GigabitEthernet0/0/1] ip address 172.16.1.254 24 # 默认路由指向运营商 [AR6] ip route-static 0.0.0.0 0.0.0.0 56.0.0.5 # NAT Server 配置 (外网访问 56.0.0.6 的 80 端口映射到内部 172.16.1.1) [AR6] interface GigabitEthernet0/0/0 [AR6-GigabitEthernet0/0/0] nat server protocol tcp global current-interface 80 inside 172.16.1.1 80PC1/2HTTP客户端/服务器DNS服务器五、结果验证

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/2451692.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！