侧边栏壁纸
博主头像
加夫列尔·加西亚·马尔克斯博主等级

  • 累计撰写 46 篇文章
  • 累计创建 11 个标签
  • 累计收到 0 条评论

目 录CONTENT

文章目录
牛马网工

HCIA综合实验【QC-24-2-12】

加夫列尔·加西亚·马尔克斯
加夫列尔·加西亚·马尔克斯
2024-02-12 / 0 评论 / 1 点赞 / 41 阅读 / 13173 字 / 正在检测是否收录...
温馨提示:
有问题欢迎加入QQ交流群交流:461796942
广告 广告

HCIA综合实验【QC-24-2-12】

一.实验拓扑:

二.网络规划说明

题目1:

PC1与PC2 同属于VLAN 10,PC3 属于VLAN 20,Server1与Server2 属于VLAN 100

LSW3:

 [LSW3]vlan batch 100
 [LSW3]int g0/0/1
 [LSW3-GigabitEthernet0/0/1]port link-type access 
 [LSW3-GigabitEthernet0/0/1]port default vlan 100
 [LSW3-GigabitEthernet0/0/1]int g0/0/2
 [LSW3-GigabitEthernet0/0/2]port link-type access 
 [LSW3-GigabitEthernet0/0/2]port default vlan 100

LSW4:

 [LSW4]vlan batch 10 20
 [LSW4]interface Ethernet 0/0/1
 [LSW4-Ethernet0/0/1]port link-type access
 [LSW4-Ethernet0/0/1]port default vlan 10
 ​
 [LSW4-Ethernet0/0/1]int g0/0/1
 [LSW4-GigabitEthernet0/0/1]port link-type trunk 
 [LSW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 88
 [LSW4-GigabitEthernet0/0/1]int g0/0/2
 [LSW4-GigabitEthernet0/0/2]port link-type trunk
 [LSW4-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 88

LSW5:

 [LSW5]vlan batch 10 20 
 [LSW5]interface Ethernet 0/0/1
 [LSW5-Ethernet0/0/1]port link-type access
 [LSW5-Ethernet0/0/1]port default vlan 10
 [LSW5]interface Ethernet 0/0/2
 [LSW5-Ethernet0/0/2]port link-type access
 [LSW5-Ethernet0/0/2]port default vlan 20
 ​
 [LSW5-Ethernet0/0/2]int g0/0/1
 [LSW5-GigabitEthernet0/0/1]port link-type trunk 
 [LSW5-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 88
 [LSW5-GigabitEthernet0/0/1]int g0/0/2
 [LSW5-GigabitEthernet0/0/2]port link-type trunk
 [LSW5-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 88

题目2:

正常情况下,PC1访问Internet的流量路径是 LSW4—LSW2—LSW1—AR6—AR7当LSW4与LSW2出现故障时,流量切换为LSW4—LSW5—LSW2—LSW1—AR6—AR7

LSW2:

 [LSW2]stp enable 
 ​
 [LSW2]stp mode rstp 
 ​
 [LSW2]stp root primary

LSW4:

 [LSW4]stp enable 
 ​
 [LSW4]stp mode rstp

LSW5:

 [LSW5]stp enable 
 ​
 [LSW5]stp mode rstp

题目3:

为了增加LSW1 与LSW2,LSW1与LSW3之间链路的可靠性,需要做链路捆绑

LSW1:

 [LSW1]int Eth-Trunk 1
 [LSW1-Eth-Trunk1]mode lacp-static
 [LSW1-Eth-Trunk1]trunkport g0/0/2
 [LSW1-Eth-Trunk1]trunkport g0/0/3
 [LSW1-Eth-Trunk1]port link-type trunk 
 [LSW1-Eth-Trunk1]port trunk allow-pass vlan 12 88
 [LSW1-Eth-Trunk1]port trunk pvid vlan 88
 ​
 [LSW1]int Eth-Trunk 2
 [LSW1-Eth-Trunk2]mode lacp-static 
 [LSW1-Eth-Trunk2]trunkport GigabitEthernet 0/0/4
 [LSW1-Eth-Trunk2]trunkport GigabitEthernet 0/0/5
 [LSW1-Eth-Trunk2]port link-type trunk 
 [LSW1-Eth-Trunk2]port trunk allow-pass vlan 13 88
 [LSW1-Eth-Trunk2]port trunk pvid vlan 88

LSW2:

 [LSW2]int Eth-Trunk 1
 [LSW2-Eth-Trunk1]mode lacp-static 
 [LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/2
 [LSW2-Eth-Trunk1]trunkport GigabitEthernet 0/0/3
 [LSW2-Eth-Trunk1]port link-type trunk 
 [LSW2-Eth-Trunk1]port trunk allow-pass vlan 12 88
 [LSW2-Eth-Trunk1]port trunk pvid vlan 88

LSW3:

[LSW3]int Eth-Trunk 2
[LSW3-Eth-Trunk2]mode lacp-static 
[LSW3-Eth-Trunk2]trunkport GigabitEthernet 0/0/4
[LSW3-Eth-Trunk2]trunkport GigabitEthernet 0/0/5
[LSW3-Eth-Trunk2]port link-type trunk 
[LSW3-Eth-Trunk2]port trunk allow-pass vlan 13 88
[LSW3-Eth-Trunk2]port trunk pvid vlan 88

题目4:

交换机的管理VLAN为VLAN 88,每台交换机的管理地址为 192.168.88.A/24 (A为交换机编号)

LSW1:

[LSW1]vlan 88
[LSW1]int vlan 88
[LSW1-Vlanif88]ip address 192.168.88.1 24

LSW2:

[LSW2]vlan 88
[LSW2]int Vlanif 88
[LSW2-Vlanif88]ip address 192.168.88.2 24

LSW3:

[LSW3]vlan 88 
[LSW3]int vlanif 88
[LSW3-Vlanif88]ip add 192.168.88.3 24

LSW4:

[LSW4]vlan 88
[LSW4]interface Vlanif 88
[LSW4-Vlanif88]ip address 192.168.88.4 24
[LSW4]ip route-static 0.0.0.0 0.0.0.0 192.168.88.1

LSW5:

[LSW5]vlan 88
[LSW5]interface Vlanif 88
[LSW5-Vlanif88]ip address 192.168.88.5 24
[LSW5]ip route-static 0.0.0.0 0.0.0.0 192.168.88.1

题目5:

PC1使用固定IP地址192.168.10.1/24;PC2能够自动获取192.168.10.0/24网段的IP地址,网关是 192.168.10.254,DNS服务器是172.16.100.1;PC3能够自动获取192.168.20.0/24网段的IP地址,网关是192.168.20.254,DNS服务器是172.16.100.1;服务器的网关地址是172.16.100.254

LSW2:

[LSW2]vlan batch 10 20 
[LSW2]int vlanif 10
[LSW2-Vlanif10]ip add 192.168.10.254 24
[LSW2-Vlanif10]int vlanif 20
[LSW2-Vlanif20]ip add 192.168.20.254 24
[LSW2]dhcp enable
[LSW2]int vlanif 10
[LSW2-Vlanif10]dhcp select interface 
[LSW2-Vlanif10]dhcp server dns-list 172.16.100.1
[LSW2-Vlanif10]dhcp server excluded-ip-address 192.168.10.1
[LSW2-Vlanif10]int vlanif 20
[LSW2-Vlanif20]dhcp select interface 
[LSW2-Vlanif20]dhcp server dns-list 172.16.100.1

LSW3:

[LSW2]vlan 100
[LSW3]int vlanif 100
[LSW3-Vlanif100]ip add 172.16.100.254 24

题目6:

该网络内部运行OSPF路由,区域号为0,交换机的Router ID使用管理口IP,AR6的Router-ID是 6.6.6.6/32。运营商路由器AR7只有公网路由信息,不学习私网路由

LSW1:

[LSW1]ospf 1 router 192.168.88.1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network  0.0.0.0 255.255.255.255

LSW2:

[LSW2]ospf 1 router 192.168.88.2
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network  0.0.0.0 255.255.255.255

LSW3:

[LSW3]ospf 1 router 192.168.88.3
[LSW3-ospf-1]area 0
[LSW3-ospf-1-area-0.0.0.0]network  0.0.0.0 255.255.255.255

AR6:

[AR6]int LoopBack 0
[AR6-LoopBack0]ip add 6.6.6.6 32
[AR6]ospf 1 router-id 6.6.6.6
[AR6-ospf-1]area 0
[AR6-ospf-1-area-0.0.0.0]network 6.6.6.6 0.0.0.0
[AR6-ospf-1-area-0.0.0.0]network 10.0.16.6 0.0.0.0

AR7:

[AR7]int g0/0/0
[AR7-GigabitEthernet0/0/0]ip address 100.0.0.254 24
[AR7-GigabitEthernet0/0/0]int loop8
[AR7-LoopBack8]ip add 8.8.8.8 32

题目7:

LSW1与AR6互联地址为10.0.16.0/24,互联VLAN 16; LSW1 与LSW2互联地址为 10.0.12.0/24,互联VLAN 12; LSW1 与LSW3互联地址为 10.0.13.0/24, 互联VLAN为13

LSW1:

[LSW1]vlan batch 12 13 16
[LSW1]int vlanif12
[LSW1-Vlanif12]ip add 10.0.12.1 24
[LSW1]int vlanif 13
[LSW1-Vlanif13]ip add 10.0.13.1 24
[LSW1-Vlanif13]int vlanif 16
[LSW1-Vlanif16]ip add 10.0.16.1 24
[LSW1-Vlanif16]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access 	
[LSW1-GigabitEthernet0/0/1]port default vlan 16

LSW2:

[LSW2]vlan 12
[LSW2-Vlanif20]int vlanif 12
[LSW2-Vlanif12]ip address 10.0.12.2 24
[LSW2]int g0/0/23
[LSW2-GigabitEthernet0/0/23]port link-type trunk 
[LSW2-GigabitEthernet0/0/23]port trunk allow-pass vlan 10 20 88
[LSW2-GigabitEthernet0/0/23]int g0/0/24
[LSW2-GigabitEthernet0/0/24]port link-type trunk 
[LSW2-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 20 88

LSW3:

[LSW3]vlan 13 
[LSW3]int vlanif 13
[LSW3-Vlanif13]ip add 10.0.13.3 24
[LSW3]int g0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type access 
[LSW3-GigabitEthernet0/0/1]port default vlan 100
[LSW3-GigabitEthernet0/0/1]int g0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type access 
[LSW3-GigabitEthernet0/0/2]port default vlan 100

AR6:

[AR6-LoopBack0]int g0/0/1
[AR6-GigabitEthernet0/0/1]ip add 10.0.16.6 24
[AR6-GigabitEthernet0/0/1]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip add 100.0.0.1 24

题目8:

AR6是园区的出口路由器。该园区从运营商处申请了一根宽带,运营商分配的公网IP地址是100.0.0.1/24 ~ 100.0.0.5/24, 网关是 100.0.0.254

AR6:

[AR6]ip route-static 0.0.0.0 0.0.0.0 100.0.0.254
[AR6]acl number 2000
[AR6-acl-basic-2000]rule 1 permit source any
[AR6]nat address-group 1 100.0.0.2 100.0.0.4
[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]nat outbound 2000 address-group 1

AR7:

 [AR7]ip route-static 0.0.0.0 0.0.0.0 100.0.0.1

题目9:

172.16.100.2是公司的应用服务器,员工需要在公网访问该服务器,管理员分配 公网地址100.0.0.5给员工外网访问该应用服务器使用。100.0.0.2~100.0.0.4分配给企业内网上Internet使用

AR6:

 [AR6]int g0/0/0
 [AR6-GigabitEthernet0/0/0]nat static global 100.0.0.5 inside 172.16.100.2 netmask 255.255.255.255

题目10:

PC1上有重要资料,公司领导担心它中毒,所以,要禁止PC1上外网

AR6:

 [AR6]acl number 3000
 [AR6-acl-adv-3000]rule 1 deny ip source 192.168.10.1 0.0.0.0 destination any 
 [AR6-acl-adv-3000]int g0/0/1
 [AR6-GigabitEthernet0/0/1]traffic-filter inbound acl 3000


1
牛马网工

  1. 支付宝打赏

    qrcode alipay

  2. 微信打赏

    qrcode weixin
版权归属: 加夫列尔·加西亚·马尔克斯
本文链接: http://localhost:8090/2024/02/12/hciazong-he-shi-yan-qc-24-2-12
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权
广告 广告

评论区