脚本宝典收集整理的这篇文章主要介绍了H3CNE综合实验,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
SW1
#创建聚合组
int Bridge-Aggregation 1
port link-tyPE trunk
port trunk permIT vlan 10 20 30
#把端口加入到聚合组
int g1/0/1
port link-aggregation group 1
int g1/0/2
port link-aggregation group 1
#
SW2配置类似
注意,先把链路聚合配好了再去配trunk
SW3
#
interface GigabitEthernet1/0/3
stp Edged-port
#
interface GigabitEthernet1/0/4
stp edged-port
#
SW1、SW2、SW3
#配置mst域
stp region-configuration
region-name nidaye
instance 1 vlan 10
instance 2 vlan 20
active region-configuration 这里别忘记激活
#
SW1
#
stp instance 1 root Primary
stp instance 2 root secondary
#
SW2
#
stp instance 1 root secondary
stp instance 2 root PRimary
#
SW1
#
track 1 interface GigabitEthernet1/0/4 监听上行接口
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.168.1.254
vrrp vrid 10 priority 120
vrrp vrid 10 track 1 priority reduced 30 降低优先级避免发生抢占
interface Vlan-interface20
vrrp vrid 20 virtual-ip 192.168.2.254
#
SW2
#
track 1 interface GigabitEthernet 1/0/4 监听上行接口
interface Vlan-interface10
vrrp vrid 10 virtual-ip 192.168.1.254
interface Vlan-interface20
vrrp vrid 20 virtual-ip 192.168.2.254
vrrp vrid 20 priority 120
vrrp vrid 20 track 1 priority reduced 30 降低优先级避免发生抢占
#
SW1
#
dhcp enable 开启dhcp服务
dhcp server ip-pool 1 创建dhcp地址池
gateway-list 192.168.1.252
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8
#
dhcp server ip-pool 2
gateway-list 192.168.2.253
network 192.168.2.0 mask 255.255.255.0
dns-list 8.8.8.8
#
配置完后,在PC1和PC2中开启DHCP就可以获取到IP地址
SW1
#
ospf 1 router-id 10.1.1.11
业务网段不能出现协议报文,所以要配置静默接口
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.1
network 10.0.0.6 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.1.1.11 0.0.0.0
network 10.1.2.1 0.0.0.0
network 192.168.1.252 0.0.0.0
network 192.168.2.252 0.0.0.0
#
--------------------------------------------------------------------------------
SW2
#
ospf 1 router-id 10.1.1.12
业务网段不能出现协议报文,所以要配置静默接口
silent-interface Vlan-interface10
silent-interface Vlan-interface20
area 0.0.0.1
network 10.0.0.10 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.1.1.12 0.0.0.0
network 10.1.2.2 0.0.0.0
network 192.168.1.253 0.0.0.0
network 192.168.2.253 0.0.0.0
#
--------------------------------------------------------------------------------
R1
#
ospf 1 router-id 10.1.1.1
area 0.0.0.0
network 10.0.0.1 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.14 0.0.0.0
network 10.1.1.1 0.0.0.0
area 0.0.0.1
network 10.0.0.5 0.0.0.0
#
注意R1和R2之间的那两个接口宣告进同一个区域,不然邻居起不来
--------------------------------------------------------------------------------
R2
#
ospf 1 router-id 10.1.1.2
area 0.0.0.0
network 10.0.0.2 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.18 0.0.0.0
network 10.1.1.2 0.0.0.0
area 0.0.0.1
network 10.0.0.9 0.0.0.0
#
--------------------------------------------------------------------------------
R3
#
ospf 1 router-id 10.1.1.3
业务网段不能出现协议报文,所以要配置静默接口
silent-interface GigabitEthernet0/2
area 0.0.0.0
network 10.0.0.13 0.0.0.0 将接口宣告进区域可以避免掩码计算出错
network 10.0.0.17 0.0.0.0
network 10.1.1.3 0.0.0.0
network 192.168.3.254 0.0.0.0
#
可以用display ospf peer查看邻居是否都起来了
R1有三个邻居
[R1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time state Interface
10.1.1.2 10.0.0.2 1 35 Full/DR GE0/1
10.1.1.3 10.0.0.13 1 35 Full/DR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.0.0.6 1 34 Full/DR GE0/0
--------------------------------------------------------------------------------
R2有三个邻居
[R2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.2
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.3 10.0.0.17 1 33 Full/DR GE0/1
10.1.1.1 10.0.0.1 1 34 Full/BDR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.0.0.10 1 30 Full/DR
--------------------------------------------------------------------------------
R3有两个邻居
[R3]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
10.1.1.1 10.0.0.14 1 38 Full/BDR GE0/0
10.1.1.2 10.0.0.18 1 30 Full/BDR
--------------------------------------------------------------------------------
SW1有两个邻居
[SW1]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.11
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.12 10.1.2.2 1 40 Full/BDR Vlan30
10.1.1.1 10.0.0.5 1 40 Full/BDR
--------------------------------------------------------------------------------
SW2有两个邻居
[SW2]dis ospf peer
OSPF Process 1 with Router ID 10.1.1.12
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
10.1.1.11 10.1.2.1 1 34 Full/DR Vlan30
10.1.1.2 10.0.0.9 1 36 Full/BDR
R1
#
ip route-static 0.0.0.0 0 202.100.1.1
#
ospf 1 router-id 10.1.1.1
default-route-advertise
#
配置完后,其他运行OSPF的路由器也能学习到外部默认路由,注意OSPF外部路由的默认优先级为150
[R2]display ip routing-table
Destinations : 28 Routes : 29
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.1 GE0/2
......
--------------------------------------------------------------------------------
[R3]display ip routing-table
Destinations : 28 Routes : 32
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.14 GE0/0
......
--------------------------------------------------------------------------------
[SW1]display ip routing-table
Destinations : 36 Routes : 38
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.0.0.5 Vlan111
......
--------------------------------------------------------------------------------
[SW2]display ip routing-table
Destinations : 36 Routes : 38
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.1.2.1 Vlan30
......
--------------------------------------------------------------------------------
R1
#创建MP组
interface MP-group1
ip address 202.100.1.2 255.255.255.252
#把接口加入到组
interface Serial1/0
ppp mp MP-group1
interface Serial2/0
ppp mp MP-group1
#internet配置类似
--------------------------------------------------------------------------------
R1
#创建对端用于ppp验证的用户
local-user internet class network
password simple nidaye123456
service-type ppp
#
interface Serial1/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
interface Serial2/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
--------------------------------------------------------------------------------
internet
#创建对端用于ppp验证的用户
local-user r1 class network
password simple nidaye123456
service-type ppp
#
interface Serial1/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
interface Serial2/0
ppp authentication-mode chap 认证模式为chap
ppp chap password simple nidaye123456
ppp chap user internet 指定本端用户
#
R1
#创建基本acl,允许两个业务网段访问internet
acl basic 2000
rule 0 permit source 192.168.1.0 0.0.0.255
rule 5 permit source 192.168.2.0 0.0.0.255
#
interface MP-group1
nat outbound 2000 将acl应用到配置了IP地址的接口上
#
配置完后,只有PC1和PC2能ping通internet,PC3ping不通internet
<PC1>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, Press CTRL_C to break
56 bytes From 100.1.1.1: icmp_seq=0 TTL=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=5.000 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=4.000 ms
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/3.000/5.000/1.265 ms
--------------------------------------------------------------------------------
<PC2>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=6.000 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=7.000 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=8.000 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=5.000 ms
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/5.600/8.000/2.059 ms
--------------------------------------------------------------------------------
<PC3>ping 100.1.1.1
Ping 100.1.1.1 (100.1.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
R1
#
telnet server enable 开启telnet服务
local-user telnet class manage 创建远程管理用户
password simple nidaye123456
service-type telnet
authorization-attribute user-role level-15
#
user-interface vty 0 4
authentication-mode scheme 认证模式为AAA
user-role level-15
#创建基本acl,只允许技术部远程管理R1
acl basic 2001
rule 0 permit source 192.168.2.0 0.0.0.255
#将acl应用到telnet服务上
telnet server acl 2001
#
配置完后PC2可以telnet到R1上,由于模拟器中PC不支持telnet,所以我就不做演示了,大家可以用路由器替换掉PC,在路由器上可以实现telnet登录
这个综合实验基本上运用到了NE阶段的所有内容,学习并不是一蹴而就的,还是要多做实验才能熟练,将理论与实践相结合!
以上是脚本宝典为你收集整理的H3CNE综合实验全部内容,希望文章能够帮你解决H3CNE综合实验所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。