综合练习.paper
@author:Lee.poch
@time: 2022/5/26
@software:Typora
配置要求
-
任务1:设备命名
修改设备名称与显示名称一致,注意大小写
-
任务2:链路聚合
为了保证链路的稳定性,在S1和S2之间配置链路聚合,请通过LACP模式实现二层链路聚合,聚合接口ID为5。
-
任务3:配置VLAN
按图示进行VLAN配置,并实现VLAN间通信。
-
任务4:VRRP配置
1.在S1和S2上创建两个虚拟组分配是11和12,11组上的虚拟组IP:10.11.11.254,12组上的虚拟组IP:10.12.12.254.
2.11组选择S1上为master,12组选择S2上的VLAN 12为master,优先级都设置为200,备用网关优先级默认。
-
任务5:RSTP配置
1.vlan 11和vlan12的流量进行负载分担。
2.S1为实例11跟桥,为实例12备用根桥(根桥优先级为4096和备份根桥优先级8192)。
3.S2为实例12根桥,为实例11备用根桥(根桥优先级为4096和备份根桥优先级8192)。
3.S3和S4连接用户的接口不要参与STP计算。
4.配置域名为scitc,并配置域内VLAN和实例的映射关系(VLAN11映射实例11,VLAN12 映射实例12)。
-
任务6:IP地址配置
1.按图示给各接口配置IP地址;
2.使用全局方式在DHCP设备上配置DHCP服务器,地址池分别为v11和v12,DNS:119.6.6.6,地址租约时间为90分钟。
3.设置DHCP中继转发。
-
任务7:通信配置
-
内网使用RIPv2路由协议通信。
2.出外网使用默认路由。
3.将默认路由重分布进RIP
-
-
任务8:出口设计
1.将WWW服务器设置静态NAT,全局地址为200.1.1.3
2.PAT配置:全局地址编号为1,全局地址池为:200.1.1.4 -200.1.1.6,内网地址使用ACL2000指定范围,使用两个条件,让VLAN11和VLAN12内的主机上公网。
-
任务9:远程登录配置
开启FW远程登录,用户认证方为AAA,用户名为jw,密码为jw@2020,加密方式为cipher,服务类型为Telnet,配置服务器的用户权限等级为3级,设置同时在线人数为5人,认证方式为aaa。文章来源:https://www.toymoban.com/news/detail-440882.html
拓扑图
文章来源地址https://www.toymoban.com/news/detail-440882.html
配置详细过程
任务一:设备命名
S1:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname S1
S2:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname S2
S3:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname S3
S4:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname S4
DHCP:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname DHCP
FW:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname FW
ISP:
<Huawei>system-view
[Huawei]un in en
[Huawei]sysname ISP
任务二:链路聚合
S1:
[S1]interface Eth-Trunk 5
[S1-Eth-Trunk5]mode lacp-static
[S1-Eth-Trunk5]trunkport GigabitEthernet 0/0/2 to 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-Eth-Trunk5]port link-type trunk
[S1-Eth-Trunk5]port trunk allow-pass vlan 11 to 14
[S1-Eth-Trunk5]q
S2:
[S2]interface Eth-Trunk 5
[S2-Eth-Trunk5]mode lacp-static
[S2-Eth-Trunk5]trunkport GigabitEthernet 0/0/2 to 0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-Eth-Trunk5]port link-type trunk
[S2-Eth-Trunk5]port trunk allow-pass vlan 11 to 14
[S2-Eth-Trunk5]q
[S2]display eth-trunk 5
Eth-Trunk5's state information is:
Local:
LAG ID: 5 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to SIP-XOR-DIP
System Priority: 32768 System ID: 4c1f-cc5f-3fab
Least Active-linknumber: 1 Max Active-linknumber: 8
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet0/0/2 Selected 1GE 32768 3 1329 10111100 1
GigabitEthernet0/0/3 Selected 1GE 32768 4 1329 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet0/0/2 32768 4c1f-cc8f-6c0c 32768 3 1329 10111100
GigabitEthernet0/0/3 32768 4c1f-cc8f-6c0c 32768 4 1329 10111100
任务三:配置VLAN
S1:
[S1]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]int Vlanif 11
[S1-Vlanif11]ip address 10.11.11.1 24
[S1-Vlanif11]q
[S1]int Vlanif 12
[S1-Vlanif12]ip address 10.12.12.1 24
[S1-Vlanif12]q
[S1]int Vlanif 13
[S1-Vlanif13]ip address 10.13.13.1 24
[S1-Vlanif13]q
[S1]int g 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 13
[S1-GigabitEthernet0/0/1]q
[S1]port-group group-member g 0/0/20 to g 0/0/21
[S1-port-group]port link-type trunk
[S1-GigabitEthernet0/0/20]port link-type trunk
[S1-GigabitEthernet0/0/21]port link-type trunk
[S1-port-group]port trunk allow-pass vlan 11 to 14
[S1-GigabitEthernet0/0/20]port trunk allow-pass vlan 11 to 14
[S1-GigabitEthernet0/0/21]port trunk allow-pass vlan 11 to 14
[S1-port-group]q
S2:
[S2]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2]int Vlanif 11
[S2-Vlanif11]ip address 10.11.11.2 24
[S2-Vlanif11]q
[S2]int Vlanif 12
[S2-Vlanif12]ip address 10.12.12.2 24
[S2-Vlanif12]q
[S2]int Vlanif 14
[S2-Vlanif14]ip address 10.14.14.1 24
[S2-Vlanif14]q
[S2]int g 0/0/1
[S2-GigabitEthernet0/0/1]port link-type access
[S2-GigabitEthernet0/0/1]port default vlan 14
[S2-GigabitEthernet0/0/1]q
[S2]port-group group-member g 0/0/20 to g 0/0/21
[S2-port-group]port link-type trunk
[S2-GigabitEthernet0/0/20]port link-type trunk
[S2-GigabitEthernet0/0/21]port link-type trunk
[S2-port-group]port trunk allow-pass vlan 11 to 14
[S2-GigabitEthernet0/0/20]port trunk allow-pass vlan 11 to 14
[S2-GigabitEthernet0/0/21]port trunk allow-pass vlan 11 to 14
[S2-port-group]q
S3:
[S3]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3]port-group group-member e 0/0/20 to e 0/0/21
[S3-port-group]port link-type trunk
[S3-Ethernet0/0/20]port link-type trunk
[S3-Ethernet0/0/21]port link-type trunk
[S3-port-group]port trunk allow-pass vlan 11 to 14
[S3-Ethernet0/0/20]port trunk allow-pass vlan 11 to 14
[S3-Ethernet0/0/21]port trunk allow-pass vlan 11 to 14
[S3-port-group]q
[S3]int e 0/0/1
[S3-Ethernet0/0/1]port link-type access
[S3-Ethernet0/0/1]port default vlan 11
[S3-Ethernet0/0/1]q
[S3]int e 0/0/11
[S3-Ethernet0/0/11]port link-type access
[S3-Ethernet0/0/11]port default vlan 12
[S3-Ethernet0/0/11]q
S4:
[S4]vlan batch 11 to 14
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4]port-group group-member e 0/0/20 to e 0/0/21
[S4-port-group]port link-type trunk
[S4-Ethernet0/0/20]port link-type trunk
[S4-Ethernet0/0/21]port link-type trunk
[S4-port-group]port trunk allow-pass vlan 11 to 14
[S4-Ethernet0/0/20]port trunk allow-pass vlan 11 to 14
[S4-Ethernet0/0/21]port trunk allow-pass vlan 11 to 14
[S4-port-group]q
[S4]int e 0/0/1
[S4-Ethernet0/0/1]port link-type access
[S4-Ethernet0/0/1]port default vlan 11
[S4-Ethernet0/0/1]q
[S4]int e 0/0/11
[S4-Ethernet0/0/11]port link-type access
[S4-Ethernet0/0/11]port default vlan 12
[S4-Ethernet0/0/11]q
任务四:VRRP配置
S1:
[S1]int Vlanif 11
[S1-Vlanif11]vrrp vrid 11 virtual-ip 10.11.11.254
[S1-Vlanif11]vrrp vrid 11 priority 200
[S1-Vlanif11]q
[S1]int Vlanif 12
[S1-Vlanif12]vrrp vrid 12 virtual-ip 10.12.12.254
[S1-Vlanif12]q
S2:
[S2]int Vlanif 11
[S2-Vlanif11]vrrp vrid 11 virtual-ip 10.11.11.254
[S2-Vlanif11]q
[S2]int Vlanif 12
[S2-Vlanif12]vrrp vrid 12 virtual-ip 10.12.12.254
[S2-Vlanif12]vrrp vrid 12 priority 200
[S2-Vlanif12]q
任务五:MSTP配置
S1:
[S1]stp region-configuration
[S1-mst-region]region-name scitc
[S1-mst-region]instance 11 vlan 11
[S1-mst-region]instance 12 vlan 12
[S1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1-mst-region]q
[S1]stp instance 11 priority 4096
[S1]stp instance 12 priority 8192
S2:
[S2]stp region-configuration
[S2-mst-region]region-name scitc
[S2-mst-region]instance 11 vlan 11
[S2-mst-region]instance 12 vlan 12
[S2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2-mst-region]q
[S2]stp instance 11 priority 8192
[S2]stp instance 12 priority 4096
S3:
[S3]stp region-configuration
[S3-mst-region]region-name scitc
[S3-mst-region]instance 11 vlan 11
[S3-mst-region]instance 12 vlan 12
[S3-mst-region]active region-configuration
[S3-mst-region]q
S4:
[S4]stp region-configuration
[S4-mst-region]region-name scitc
[S4-mst-region]instance 11 vlan 11
[S4-mst-region]instance 12 vlan 12
[S4-mst-region]active region-configuration
[S4-mst-region]q
任务六:IP地址配置
DHCP:
[DHCP]int g 0/0/0
[DHCP-GigabitEthernet0/0/0]ip address 10.20.20.20 24
[DHCP-GigabitEthernet0/0/0]q
[DHCP]dhcp enable
[DHCP]ip pool v11
[DHCP-ip-pool-v11]network 10.11.11.0 mask 24
[DHCP-ip-pool-v11]gateway-list 10.11.11.254
[DHCP-ip-pool-v11]dns-list 119.6.6.6
Info:Part of the domain-name-server IP has already exist.
[DHCP-ip-pool-v11]lease day 0 hour 1 minute 30
[DHCP-ip-pool-v11]q
[DHCP]ip pool v12
[DHCP-ip-pool-v12]network 10.12.12.0 mask 24
[DHCP-ip-pool-v12]gateway-list 10.12.12.254
[DHCP-ip-pool-v12]dns-list 119.6.6.6
Info:Part of the domain-name-server IP has already exist.
[DHCP-ip-pool-v12]lease day 0 hour 1 minute 30
[DHCP-ip-pool-v12]q
[DHCP]int g 0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global
[DHCP-GigabitEthernet0/0/0]q
Core:
[Core]int g 0/0/0
[Core-GigabitEthernet0/0/0]ip address 10.13.13.2 24
[Core-GigabitEthernet0/0/0]int g 0/0/1
[Core-GigabitEthernet0/0/1]ip address 10.14.14.2 24
[Core-GigabitEthernet0/0/1]int g 0/0/2
[Core-GigabitEthernet0/0/2]ip address 10.1.1.1 24
[Core-GigabitEthernet0/0/2]int g 4/0/0
[Core-GigabitEthernet4/0/0]ip address 10.20.20.1 24
[Core-GigabitEthernet4/0/0]q
FW:
[FW]int g 0/0/0
[FW-GigabitEthernet0/0/0]ip address 10.1.1.2 24
[FW-GigabitEthernet0/0/0]int g 0/0/1
[FW-GigabitEthernet0/0/1]ip address 10.10.10.1 24
[FW-GigabitEthernet0/0/1]int g 0/0/2
[FW-GigabitEthernet0/0/2]ip address 200.1.1.1 29
[FW-GigabitEthernet0/0/2]q
ISP:
[ISP]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 200.1.1.2 29
[ISP-GigabitEthernet0/0/0]int g 0/0/1
[ISP-GigabitEthernet0/0/1]ip address 201.1.1.1 30
[ISP-GigabitEthernet0/0/1]q
S1:
[S1]dhcp enable
[S1]int Vlanif 11
[S1-Vlanif11]dhcp select relay
[S1-Vlanif11]dhcp relay server-ip 10.20.20.20
[S1-Vlanif11]int vlan 12
[S1-Vlanif12]dhcp select relay
[S1-Vlanif12]dhcp relay server-ip 10.20.20.20
[S1-Vlanif12]q
S2:
[S2]dhcp enable
[S2]int Vlanif 11
[S2-Vlanif11]dhcp select relay
[S2-Vlanif11]dhcp relay server-ip 10.20.20.20
[S2-Vlanif11]int vlan 12
[S2-Vlanif12]dhcp select relay
[S2-Vlanif12]dhcp relay server-ip 10.20.20.20
[S2-Vlanif12]q
任务七:通信配置
Core
[Core]rip 1
[Core-rip-1]version 2
[Core-rip-1]un summary
[Core-rip-1]network 10.0.0.0
[Core-rip-1]q
S1
[S1]rip 1
[S1-rip-1]version 2
[S1-rip-1]un summary
[S1-rip-1]network 10.0.0.0
[S1-rip-1]q
S2
[S2]rip 1
[S2-rip-1]version 2
[S2-rip-1]un summary
[S2-rip-1]network 10.0.0.0
[S2-rip-1]q
FW
[FW]ip route-static 0.0.0.0 0 200.1.1.2
[FW]rip 1
[FW-rip-1]version 2
[FW-rip-1]un summary
[FW-rip-1]network 10.0.0.0
[FW-rip-1]default-route originate
[FW-rip-1]q
DHCP
[DHCP]rip 1
[DHCP]version 2
[DHCP]un summary
[DHCP]network 10.0.0.0
[DHCP]q
任务八: 出口设计
FW
[FW]int GigabitEthernet 0/0/2
[FW-GigabitEthernet0/0/2]nat static global 200.1.1.3 inside 10.10.10.10
[FW-GigabitEthernet0/0/2]q
[FW]nat address-group 1 200.1.1.4 200.1.1.6
[FW]acl 2000
[FW-acl-basic-2000]rule permit source 10.11.11.0 0.0.0.255
[FW-acl-basic-2000]rule permit source 10.12.12.0 0.0.0.255
[FW-acl-basic-2000]q
[FW]int GigabitEthernet 0/0/2
[FW-GigabitEthernet0/0/2]nat outbound 2000 address-group 1
[FW-GigabitEthernet0/0/2]q
任务九:远程登陆配置
FW
[FW]user-interface vty 0 4
[FW-ui-vty0-4]authentication-mode aaa
[FW-ui-vty0-4]user privilege level 3
[FW-ui-vty0-4]q
[FW]aaa
[FW-aaa]local-user jw password cipher jw@2020
Info: Add a new user.
[FW-aaa]local-user jw privilege level 3
[FW-aaa]local-user jw service-type telnet
[FW-aaa]q
到了这里,关于【ensp】综合练习详细配置步骤的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
