vrrp+dhcp+链路聚合+nat+chap

Crq
Crq
Crq
218
文章
0
评论
2021年6月8日22:30:10
评论
484 7168字阅读23分53秒

试验拓扑

vrrp+dhcp+链路聚合+nat+chap

 

题目要求与试验要实现的现象

需求1:pc1、pc3属于人事部vlan10,pc2、pc4属于技术部vlan20
需求2:R2作为vlan10的网关,并且通过DHCP接口模式为vlan10主机分配地址
其中为pc分配一个固定ip地址192.168.1.1,预留192.168.1.100-150
同时ip地址的租期为3天,DNS服务地址为114.114.114.114
需求3:SW1作为vlan20的网关,并且实现vlan间互通
需求4:SW1和SW2之间通过链路聚合技术实现负载,并且G0/0/2为非活动链路
需求5:为满足pc5和Server的业务,通过vrrp和链路聚合技术实现流量的主备负载
需求6:在广域网中,R1通过PAP对R3进行认证,用户名为tech3,密码为tech3
同时R7通过CHAP对R4进行认证,用户名为tech4,密码为tech4
需求7:DHCP Server为pc6、pc7分配ip地址,其中pc7为打印机,为pc7分配一个固定ip地址172.16.1.7
DNS服务地址为8.8.8.8,地址租期为2.5天,R8作为网关
需求8:R1为公司A出口路由器,通过地址池模式为内网主机提供上网服务,地址池为:24.1.1.10-24.1.1.25
R7为公司B出口路由器,并且通过easy-ip为内网主机提供上网服务,pc7无访问外网需求
需求9:R3、R4、R5、R6之间运行路由协议实现路由互通,两个公司出口路由器连接运营商侧不使用路由协议
需求10:公司A内网使用路由协议实现互通,公司B内网使用静态路由实现互通
需求11:Server开启Tenlet服务,R1可以通过用户名为tech1,密码为tech1,登录到Server,并且拥有配置ip权限
R7通过用户名tech2,密码tech2登录到Server,只允许查看,并且允许同时在线人数为7人

现象1:vlan10、vlan20主机能够互通
现象2:vlan10、vlan20主机能够ping通pc5和Server
现象3:vlan10、vlan20主机能够ping通R4的G0/0/1口
现象4:vlan10、vlan20主机能够ping通R7的S4/0/0口
现象5:pc6、pc7能够ping通pc5、Server
现象6:pc6、pc7能够ping通R1的S4/0/0口
现象7:R1、R7能够telnet到Server

 

 

配置命令展示(disp cur 展示的命令 不一定可以直接粘贴 比如AAA)

R1

sysname R1

acl number 2000 
rule 5 permit source 192.168.1.0 0.0.0.255 
rule 10 permit source 192.168.2.0 0.0.0.255 

aaa 
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default 
domain default_admin 
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user tech3 password cipher %$%$B{=sPG=arO~Srf;p@&n~SZ:e%$%$
local-user tech3 service-type ppp

nat address-group 1 24.1.1.10 24.1.1.25

interface Serial4/0/0
link-protocol ppp
ppp authentication-mode pap 
ppp pap local-user tech3 password cipher %$%$NM){YAa%*LOHX,7gQ$eS,"DU%$%$
ip address 10.1.13.1 255.255.255.0 
nat outbound 2000 address-group 1 


interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0 

ospf 2 
import-route direct
import-route static
area 0.0.0.0 
network 10.1.12.0 0.0.0.255 

ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0

 

R2

 sysname R2
dhcp enable


interface GigabitEthernet0/0/0
 ip address 10.1.12.2 255.255.255.0 

interface GigabitEthernet0/0/1.1
 dot1q termination vid 10
 ip address 192.168.1.254 255.255.255.0 
 arp broadcast enable
 dhcp select interface
 dhcp server static-bind ip-address 192.168.1.1 mac-address 5489-98fe-611a 
 dhcp server excluded-ip-address 192.168.1.100 192.168.1.150 
 dhcp server lease day 3 hour 0 minute 0 
 dhcp server dns-list 114.114.114.114 

interface GigabitEthernet0/0/1.2
 dot1q termination vid 20
 ip address 192.168.2.253 255.255.255.0 
 arp broadcast enable


ospf 2 
 area 0.0.0.0 
  network 10.1.12.0 0.0.0.255 
  network 192.168.1.0 0.0.0.255 
  network 192.168.2.0 0.0.0.255

 

R3

sysname R3

interface Serial4/0/0
 link-protocol ppp
 ppp pap local-user tech3 password cipher %$%$n16*3XpDQ29no*53a~aO,%M(%$%$
 ip address 10.1.13.3 255.255.255.0 

interface GigabitEthernet0/0/0
 ip address 10.1.34.3 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 10.1.35.3 255.255.255.0 


ospf 1 
 default-route-advertise
 import-route static
 area 0.0.0.0 
  network 10.1.13.0 0.0.0.255 
  network 10.1.34.0 0.0.0.255 
  network 10.1.35.0 0.0.0.255 

ip route-static 24.1.1.0 255.255.255.0 Serial4/0/0
ip route-static 192.168.1.0 255.255.255.0 Serial4/0/0
ip route-static 192.168.2.0 255.255.255.0 Serial4/0/0

 

R4

sysname R4
interface Serial4/0/0
 link-protocol ppp
 ppp chap user tech4
 ppp chap password cipher %$%$9ec>ET=$u7~&D]"}+*oI,.@m%$%$
 ip address 10.1.47.4 255.255.255.0 

interface GigabitEthernet0/0/0
 ip address 10.1.34.4 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 10.1.46.4 255.255.255.0 

ospf 1 
 default-route-advertise always
 import-route direct
 import-route static
 area 0.0.0.0 
  network 10.1.34.0 0.0.0.255 
  network 10.1.46.0 0.0.0.255 
  network 10.1.47.0 0.0.0.255 

ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0

 

R5

 sysname R5

interface Eth-Trunk1
 undo portswitch
 ip address 10.1.56.253 255.255.255.0 
 vrrp vrid 10 virtual-ip 10.1.56.253
 vrrp vrid 20 virtual-ip 10.1.56.254

interface GigabitEthernet0/0/0
 ip address 10.1.35.5 255.255.255.0 

interface GigabitEthernet0/0/1
 eth-trunk 1

interface GigabitEthernet0/0/2
 eth-trunk 1

ospf 1 
 area 0.0.0.0 
  network 10.1.35.0 0.0.0.255 
  network 10.1.56.0 0.0.0.255

 

R6

 sysname R6

interface Eth-Trunk2
 undo portswitch
 ip address 10.1.56.254 255.255.255.0 
 vrrp vrid 10 virtual-ip 10.1.56.253
 vrrp vrid 20 virtual-ip 10.1.56.254

interface GigabitEthernet0/0/0
 ip address 10.1.46.6 255.255.255.0 

interface GigabitEthernet0/0/1
 eth-trunk 2

interface GigabitEthernet0/0/2
 eth-trunk 2

ospf 1 
 area 0.0.0.0 
  network 10.1.46.0 0.0.0.255 
  network 10.1.56.0 0.0.0.255

 

R7

 sysname R7
acl number 2000  
 rule 5 permit source 172.16.1.0 0.0.0.255 
 rule 10 deny source 172.16.1.7 0 

aaa 
 local-user tech4 password cipher %$%$".2FY/y@+@BS={GM+.;'ShV{%$%$
 local-user tech4 service-type ppp

interface Serial4/0/0
 link-protocol ppp
 ppp authentication-mode chap 
 ppp chap user tech4
 ppp chap password cipher %$%$E$LT,~nva.lM0z4S8_D;,%6g%$%$
 ip address 10.1.47.7 255.255.255.0 
 nat outbound 2000

interface Serial4/0/1
 link-protocol ppp

interface GigabitEthernet0/0/0
 ip address 10.1.78.7 255.255.255.0 

ip route-static 10.1.13.0 255.255.255.0 Serial4/0/0
ip route-static 10.1.56.0 255.255.255.0 Serial4/0/0
ip route-static 24.1.1.0 255.255.255.0 Serial4/0/0
ip route-static 172.16.1.0 255.255.255.0 10.1.78.8
ip route-static 192.168.1.0 255.255.255.0 Serial4/0/0
ip route-static 192.168.2.0 255.255.255.0 Serial4/0/0

 

R8

 sysname R8
interface GigabitEthernet0/0/0
 ip address 10.1.78.8 255.255.255.0 

interface GigabitEthernet0/0/1
 ip address 172.16.1.254 255.255.255.0 

ip route-static 10.1.13.0 255.255.255.0 10.1.78.7
ip route-static 10.1.56.0 255.255.255.0 10.1.78.7
ip route-static 10.1.78.0 255.255.255.0 10.1.78.7

 

 

DHCP Server

sysname DHCP Server

dhcp enable

ip pool 1
 gateway-list 172.16.1.254 
 network 172.16.1.0 mask 255.255.255.0 
 static-bind ip-address 172.16.1.7 mac-address 5489-9896-47ff 
 lease day 2 hour 12 minute 0 
 dns-list 8.8.8.8 

interface GigabitEthernet0/0/0
 ip address 172.16.1.1 255.255.255.0 
 dhcp select global

 

 

Server

 sysname Server

aaa 
 local-user tech1 password cipher %$%$Y7GN"GCyoWxnzIV$65<%TbdH%$%$
 local-user tech1 privilege level 15
 local-user tech1 service-type telnet
 local-user tech2 password cipher %$%$s,@]Kp>o./&7r{%u3I-LTd2c%$%$
 local-user tech2 privilege level 0
 local-user tech2 service-type telnet

interface GigabitEthernet0/0/0
 ip address 10.1.56.2 255.255.255.0 

ip route-static 0.0.0.0 0.0.0.0 10.1.56.254

user-interface maximum-vty 7
user-interface vty 0 6
 authentication-mode aaa

 

 

SW1

sysname SW1

interface Vlanif20
 ip address 192.168.2.254 255.255.255.0

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10 20
 mode lacp-static
 max active-linknumber 3

interface GigabitEthernet0/0/1
 eth-trunk 1
 lacp priority 1000

interface GigabitEthernet0/0/2
 eth-trunk 1

interface GigabitEthernet0/0/3
 eth-trunk 1
 lacp priority 1001

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 10

interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 20

interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/7
 shutdown
 eth-trunk 1
 lacp priority 1002

ip route-static 0.0.0.0 0.0.0.0 192.168.2.253
ip route-static 192.168.1.0 255.255.255.0 192.168.2.253

 

SW2

sysname SW2

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 10 20
 mode lacp-static
 max active-linknumber 3

interface GigabitEthernet0/0/1
 eth-trunk 1
 lacp priority 1000

interface GigabitEthernet0/0/2
 eth-trunk 1

interface GigabitEthernet0/0/3
 eth-trunk 1
 lacp priority 1001

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 10

interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 20

interface GigabitEthernet0/0/7
 eth-trunk 1
 lacp priority 1002

 

 

SW3

sysname SW3

interface Eth-Trunk1

interface Eth-Trunk2

interface GigabitEthernet0/0/1
 eth-trunk 1

interface GigabitEthernet0/0/2
 eth-trunk 1

interface GigabitEthernet0/0/3
 eth-trunk 2

interface GigabitEthernet0/0/4
 eth-trunk 2

 

SW4

NULL

weinxin
我的微信
这是我的微信扫一扫
Crq
  • 本文由 发表于 2021年6月8日22:30:10
  • 转载请注明:https://www.cncrq.com/9886.html
IPv6 华为HCIA

IPv6

  IPv6将地址分为了三类:单播、组播、任意播,也就是说我们的IPv6的通信方式也从IPv4的单播、组播、广播发生了一个比较大的改变,那就是没有广播了。 What?没有广播了,那么我们的A...
帧中继 RIP 华为HCIA

帧中继 RIP

实验拓扑   配置命令,自动映射 R1 # sysname R1 # router id 1.1.1.1 # interface Serial1/0/0 link-protocol fr i...
帧中继 OSPF 华为HCIA

帧中继 OSPF

先要了解什么是帧中继 帧中继(frame-ralay)是一种广域网技术,属于分组交换门里的一种;frame-relay是一种二层技术,与具体的物理链路无关。再说说ospf:ospf是一种动态路由协议,...
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: