HCIA园区网(VLAN、OSPF、ACL)

张开发
2026/4/20 16:45:56 15 分钟阅读

最新文章

推荐文章

相关文章

分享文章

HCIA园区网(VLAN、OSPF、ACL)
1园区内部全网可达2园区内所有办公电脑可以访问外网3所有内网设备均可以通过域名访问内部的HTTP服务器除了教学楼2的设备4外网可以访问内部的HTTP服务器5所有学生的电脑不允许访问办公室电脑及摄像头6园区内使用多区域OSPF网络保证路由可达1、先做VLAN---教学楼1和教学楼2教学楼1-接入VLAN接入-1[1-L2-a]vl ba 2 3 Info: This operation may take a few seconds. Please wait for a moment...done. [1-L2-a]int g0/0/2 [1-L2-a-GigabitEthernet0/0/2]po li ac [1-L2-a-GigabitEthernet0/0/2]po de vl 2 [1-L2-a-GigabitEthernet0/0/1]int g0/0/24 [1-L2-a-GigabitEthernet0/0/24]po li ac [1-L2-a-GigabitEthernet0/0/24]po de vl 3 [1-L2-a-GigabitEthernet0/0/3]int g0/0/1 [1-L2-a-GigabitEthernet0/0/1]po li tr [1-L2-a-GigabitEthernet0/0/1]po tr al vl 2 3 [1-L2-a-GigabitEthernet0/0/1]undo po tr al vl 1 #最小vlan透传原则关闭默认的vlan1接入-2[1-L2-b]int g0/0/2 [1-L2-b-GigabitEthernet0/0/2]po li ac [1-L2-b-GigabitEthernet0/0/2]po de vl 2 [1-L2-b-GigabitEthernet0/0/2]int g0/0/24 [1-L2-b-GigabitEthernet0/0/24]po li ac [1-L2-b-GigabitEthernet0/0/24]po de vl 3 [1-L2-b-GigabitEthernet0/0/24]int g0/0/1 [1-L2-b-GigabitEthernet0/0/1]po li tr [1-L2-b-GigabitEthernet0/0/1]po tr al vl 2 3接入-3可以只在连接的三层交换机的接口放通VLAN3即可教学楼1-汇聚VLAN[1-L1]int g0/0/1 [1-L1-GigabitEthernet0/0/1]po li tr [1-L1-GigabitEthernet0/0/1]po tr al vl 2 3 [1-L1-GigabitEthernet0/0/1]undo p t a v 1 [1-L1-GigabitEthernet0/0/1]int g0/0/2 [1-L1-GigabitEthernet0/0/2]p l t [1-L1-GigabitEthernet0/0/2]p t a v 2 3 [1-L1-GigabitEthernet0/0/2]undo p t a v 1 [1-L1-GigabitEthernet0/0/2]int g0/0/3 [1-L1-GigabitEthernet0/0/3]p l a [1-L1-GigabitEthernet0/0/3]p d v 3使用教学楼1的三层交换机做VLAN间路由使用DHCP自动获取IP地址教学楼1-汇聚[1-L1]int vl 2 [1-L1-Vlanif2]ip add 192.168.2.1 24 [1-L1-Vlanif2]int vl 3 [1-L1-Vlanif3]ip add 192.168.3.1 24 [1-L1]dhcp en Info: The operation may take a few seconds. Please wait for a moment.done. [1-L1]ip pool vlan2 Info:Its successful to create an IP address pool. [1-L1-ip-pool-vlan2]net 192.168.2.0 mask 24 [1-L1-ip-pool-vlan2]gat 192.168.2.1 [1-L1-ip-pool-vlan2]q [1-L1]ip poo vlan3 Info:Its successful to create an IP address pool. [1-L1-ip-pool-vlan3]net 192.168.3.0 mask 24 [1-L1-ip-pool-vlan3]gat 192.168.3.1 [1-L1-ip-pool-vlan3]q [1-L1]int vl 2 [1-L1-Vlanif2]dhcp se gl [1-L1-Vlanif2]int vl 3 [1-L1-Vlanif3]dh se gl教学楼2-接入VLAN接入-1[2-L2-a]vl ba 4 5 Info: This operation may take a few seconds. Please wait for a moment...done. [2-L2-a-GigabitEthernet0/0/3]int g0/0/2 [2-L2-a-GigabitEthernet0/0/2]po li a [2-L2-a-GigabitEthernet0/0/2]p d v 4 [2-L2-a-GigabitEthernet0/0/2]int g0/0/24 [2-L2-a-GigabitEthernet0/0/24]p l a [2-L2-a-GigabitEthernet0/0/24]p d v 5 [2-L2-a-GigabitEthernet0/0/24]int g0/0/1 [2-L2-a-GigabitEthernet0/0/1]p l t [2-L2-a-GigabitEthernet0/0/1]p t a v 4 5 [2-L2-a-GigabitEthernet0/0/1]undo p t a v 1接入-2[2-L2-b]vl ba 4 5 Info: This operation may take a few seconds. Please wait for a moment...done. [2-L2-b]int g0/0/2 [2-L2-b-GigabitEthernet0/0/2]p l a [2-L2-b-GigabitEthernet0/0/2]p d v 4 [2-L2-b-GigabitEthernet0/0/2]int g0/0/24 [2-L2-b-GigabitEthernet0/0/24]p l a [2-L2-b-GigabitEthernet0/0/24]p d v 5 [2-L2-b-GigabitEthernet0/0/24]int g0/0/1 [2-L2-b-GigabitEthernet0/0/1]p l t [2-L2-b-GigabitEthernet0/0/1]p t a v 4 5 [2-L2-b-GigabitEthernet0/0/1]undo p t a v 1接入-3 同教1接入-3教学楼2 -接入[2-L1]vl ba 4 5 Info: This operation may take a few seconds. Please wait for a moment...done. [2-L1]int g0/0/5 [2-L1-GigabitEthernet0/0/5]p l a [2-L1-GigabitEthernet0/0/5]p d v 5 [2-L1-GigabitEthernet0/0/5]int g0/0/3 [2-L1-GigabitEthernet0/0/3]p l t [2-L1-GigabitEthernet0/0/3]p t a v 4 5 [2-L1-GigabitEthernet0/0/3]undo p t a v 1 [2-L1-GigabitEthernet0/0/3]int g0/0/4 [2-L1-GigabitEthernet0/0/4]p l t [2-L1-GigabitEthernet0/0/4]p t a v 4 5 [2-L1-GigabitEthernet0/0/4]undo p t a v 1 [2-L1-GigabitEthernet0/0/4]int g0/0/1 [2-L1-GigabitEthernet0/0/1]p l t [2-L1-GigabitEthernet0/0/1]p t a v 4 5 [2-L1-GigabitEthernet0/0/1]undo p t a v 1教学楼2-汇聚AR3[2-R1-GigabitEthernet0/0/0]int g0/0/0.2 [2-R1-GigabitEthernet0/0/0.2]ip add 192.168.5.1 24 [2-R1-GigabitEthernet0/0/0.2]do te vi 5 Apr 19 2026 01:21:06-08:00 2-R1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol I P on the interface GigabitEthernet0/0/0.2 has entered the UP state. [2-R1-GigabitEthernet0/0/0.2]ar br en [2-R1-GigabitEthernet0/0/0]int g0/0/0.1 [2-R1-GigabitEthernet0/0/0.1]ip add 192.168.4.1 24 [2-R1-GigabitEthernet0/0/0.1]do te vid 4 Apr 19 2026 01:08:46-08:00 2-R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol I P on the interface GigabitEthernet0/0/0.1 has entered the UP state. [2-R1-GigabitEthernet0/0/0.1]arp br en [2-R1-GigabitEthernet0/0/0.1]q教学楼2-DHCP[2-R1]dh en Info: The operation may take a few seconds. Please wait for a moment.done. [2-R1]ip poo vlan4 Info: Its successful to create an IP address pool. [2-R1-ip-pool-vlan4]net 192.168.4.0 mask 24 [2-R1-ip-pool-vlan4]gat 192.168.4.1 [2-R1-ip-pool-vlan4]q [2-R1]ip po vlan5 Info: Its successful to create an IP address pool. [2-R1-ip-pool-vlan5]net 192.168.5.0 mask 24 [2-R1-ip-pool-vlan5]gat 192.168.5.1 [2-R1-ip-pool-vlan5]q [2-R1]int g0/0/1 [2-R1-GigabitEthernet0/0/1]int g0/0/0 [2-R1-GigabitEthernet0/0/0]dh se gl [2-R1-GigabitEthernet0/0/0]int g0/0/0.1 [2-R1-GigabitEthernet0/0/0.1]dh se gl [2-R1-GigabitEthernet0/0/0.2]dh se gl2、办公楼配置网关在核心上服务器接入[S-L1]vl ba 10 20 30 Info: This operation may take a few seconds. Please wait for a moment...done. [S-L1]int g0/0/1 [S-L1-GigabitEthernet0/0/1]p l a [S-L1-GigabitEthernet0/0/1]p d v 10 [S-L1-GigabitEthernet0/0/1]int g0/0/2 [S-L1-GigabitEthernet0/0/2]p l a [S-L1-GigabitEthernet0/0/2]p d v 20 [S-L1-GigabitEthernet0/0/2]int g0/0/4 [S-L1-GigabitEthernet0/0/4]p l a [S-L1-GigabitEthernet0/0/4]p d v 30 [S-L1-GigabitEthernet0/0/4]int g0/0/3 [S-L1-GigabitEthernet0/0/3]p l t [S-L1-GigabitEthernet0/0/3]p t a v 10 20 30 [S-L1-GigabitEthernet0/0/3]undo p t a v 1核心[core]vl ba 10 20 30 Info: This operation may take a few seconds. Please wait for a moment...done. [core]int g0/0/3 [core-GigabitEthernet0/0/3]p l t [core-GigabitEthernet0/0/3]p t a v 10 20 30 [core-GigabitEthernet0/0/3]undo p t a v 1 [core]int vl 10 [core-Vlanif10]ip add 172.16.10.1 24 [core-Vlanif10]int vl 20 [core-Vlanif20]ip add 172.16.20.1 24 [core-Vlanif20]int vl 30 [core-Vlanif30]ip add 172.16.30.1 243、做3层OSPF内网全通在交换机的虚拟接口上配IP创建新的VLAN核心[core]vl ba 100 200 300 Info: This operation may take a few seconds. Please wait for a moment...done. [core]int g0/0/4 [core-GigabitEthernet0/0/4]q [core]int vl 100 [core-Vlanif100]ip add 192.168.1.6 30 [core-Vlanif100]int g0/0/2 [core-GigabitEthernet0/0/2]p l a [core-GigabitEthernet0/0/2]p d v 100 [core-GigabitEthernet0/0/2]int vl 200 [core-Vlanif200]ip add 192.168.1.1 30 [core-Vlanif200]int g0/0/1 [core-GigabitEthernet0/0/1]p l a [core-GigabitEthernet0/0/1]p d v 200 [core-GigabitEthernet0/0/1]int vl 300 [core-Vlanif300]ip add 192.168.1.9 30 [core-Vlanif300]int g0/0/4 [core-GigabitEthernet0/0/4]p l a [core-GigabitEthernet0/0/4]p d v 300其他直连网段[2-R1]int g0/0/1 [2-R1-GigabitEthernet0/0/1]ip add 192.168.1.5 30 [1-L1]vl 200 [1-L1-vlan200]int vl 200 [1-L1-Vlanif200]ip add 192.168.1.2 30 [1-L1-Vlanif200]int g0/0/4 [1-L1-GigabitEthernet0/0/4]p l a [1-L1-GigabitEthernet0/0/4]p d v 200 [bianjie]int g0/0/0 [bianjie-GigabitEthernet0/0/0]ip add 192.168.1.10 30做多区域OSPF核心[core]ospf 1 ro [core]ospf 1 router-id 2.2.2.2 [core-ospf-1]a 0 [core-ospf-1-area-0.0.0.0]net 192.168.1.8 0.0.0.3 [core-ospf-1-area-0.0.0.0]q [core-ospf-1]a 1 [core-ospf-1-area-0.0.0.1]net 192.168.1.0 0.0.0.3 [core-ospf-1-area-0.0.0.1]q [core-ospf-1]a 2 [core-ospf-1-area-0.0.0.2]net 192.168.1.4 0.0.0.3 [core-ospf-1-area-0.0.0.2]q [core-ospf-1]a 3 [core-ospf-1-area-0.0.0.3]net 172.16.0.0 0.0.255.255其他[bianjie]ospf 1 ro [bianjie]ospf 1 router-id 1.1.1.1 [bianjie-ospf-1]a 0 [bianjie-ospf-1-area-0.0.0.0]net 192.168.1.8 0.0.0.3 [bianjie-ospf-1-area-0.0.0.0] Apr 19 2026 01:59:13-08:00 bianjie %%01OSPF/4/NBR_CHANGE_E(l)[0]:Neighbor change s event: neighbor status changed. (ProcessId256, NeighborAddress9.1.168.192, N eighborEventHelloReceived, NeighborPreviousStateDown, NeighborCurrentStateIni t) [bianjie-ospf-1-area-0.0.0.0] Apr 19 2026 01:59:16-08:00 bianjie %%01OSPF/4/NBR_CHANGE_E(l)[1]:Neighbor change s event: neighbor status changed. (ProcessId256, NeighborAddress9.1.168.192, N eighborEvent2WayReceived, NeighborPreviousStateInit, NeighborCurrentStateExSt art) [bianjie-ospf-1-area-0.0.0.0] Apr 19 2026 01:59:16-08:00 bianjie %%01OSPF/4/NBR_CHANGE_E(l)[2]:Neighbor change s event: neighbor status changed. (ProcessId256, NeighborAddress9.1.168.192, N eighborEventNegotiationDone, NeighborPreviousStateExStart, NeighborCurrentStat eExchange) [bianjie-ospf-1-area-0.0.0.0] Apr 19 2026 01:59:16-08:00 bianjie %%01OSPF/4/NBR_CHANGE_E(l)[3]:Neighbor change s event: neighbor status changed. (ProcessId256, NeighborAddress9.1.168.192, N eighborEventExchangeDone, NeighborPreviousStateExchange, NeighborCurrentState Loading) [bianjie-ospf-1-area-0.0.0.0] Apr 19 2026 01:59:16-08:00 bianjie %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor change s event: neighbor status changed. (ProcessId256, NeighborAddress9.1.168.192, N eighborEventLoadingDone, NeighborPreviousStateLoading, NeighborCurrentStateFu ll) [1-L1]ospf 1 router-id 3.3.3.3 Info: The configuration succeeded. You need to restart the OSPF process to valid ate the new router ID. [1-L1-ospf-1]a 1 [1-L1-ospf-1-area-0.0.0.1]net 192.168.0.0 0.0.255.255 [2-R1]ospf 1 r [2-R1]ospf 1 router-id 4.4.4.4 [2-R1-ospf-1]a 2 [2-R1-ospf-1-area-0.0.0.2]net 192.168.4.0 0.0.0.255 [2-R1-ospf-1-area-0.0.0.2]net 192.168.5.0 0.0.0.255 [2-R1-ospf-1-area-0.0.0.2]net 192.168.1.4 0.0.0.3 [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[0]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEventHelloReceived, NeighborPreviousStateDown, NeighborCurrentStateInit) [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[1]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEvent2WayReceived, NeighborPreviousStateInit, NeighborCurrentState2Way) [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[2]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEventAdjOk?, NeighborPreviousState2Way, NeighborCurrentStateExStart) [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[3]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEventNegotiationDone, NeighborPreviousStateExStart, NeighborCurrentStateE xchange) [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEventExchangeDone, NeighborPreviousStateExchange, NeighborCurrentStateLoa ding) [2-R1-ospf-1-area-0.0.0.2] Apr 19 2026 02:07:55-08:00 2-R1 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes e vent: neighbor status changed. (ProcessId256, NeighborAddress6.1.168.192, Neig hborEventLoadingDone, NeighborPreviousStateLoading, NeighborCurrentStateFull)检查dis ip routing-table [core]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 18 Routes : 18 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.16.10.0/24 Direct 0 0 D 172.16.10.1 Vlanif10 172.16.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 172.16.20.0/24 Direct 0 0 D 172.16.20.1 Vlanif20 172.16.20.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 172.16.30.0/24 Direct 0 0 D 172.16.30.1 Vlanif30 172.16.30.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 192.168.1.0/30 Direct 0 0 D 192.168.1.1 Vlanif200 192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif200 192.168.1.4/30 Direct 0 0 D 192.168.1.6 Vlanif100 192.168.1.6/32 Direct 0 0 D 127.0.0.1 Vlanif100 192.168.1.8/30 Direct 0 0 D 192.168.1.9 Vlanif300 192.168.1.9/32 Direct 0 0 D 127.0.0.1 Vlanif300 192.168.2.0/24 OSPF 10 2 D 192.168.1.2 Vlanif200 192.168.3.0/24 OSPF 10 2 D 192.168.1.2 Vlanif200 192.168.4.0/24 OSPF 10 2 D 192.168.1.5 Vlanif100 192.168.5.0/24 OSPF 10 2 D 192.168.1.5 Vlanif1004、完成其他需求1外网边界设备[bianjie]int g0/0/1 [bianjie-GigabitEthernet0/0/1]ip add 12.0.0.1 24 Apr 19 2026 02:15:29-08:00 bianjie %%01IFNET/4/LINK_STATE(l)[0]:The line protoco l IP on the interface GigabitEthernet0/0/1 has entered the UP state. [bianjie]ip route-static 0.0.0.0 0 12.0.0.2 [bianjie]ospf [bianjie-ospf-1]de [bianjie-ospf-1]default-route-advertiseISP[ISP-GigabitEthernet0/0/1]int g0/0/0 [ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24 Apr 19 2026 02:16:20-08:00 ISP %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [ISP-GigabitEthernet0/0/0]int g0/0/1 [ISP-GigabitEthernet0/0/1]ip add 13.0.0.1 24 Apr 19 2026 02:16:35-08:00 ISP %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.2边界设备做NAPT[bianjie]acl 2000 [bianjie-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 [bianjie-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [bianjie-acl-basic-2000]q [bianjie]int g0/0/1 [bianjie-GigabitEthernet0/0/1]nat ou [bianjie-GigabitEthernet0/0/1]nat outbound 20003教学楼2设备不能访问内部的HTTP服务器[2-R1]acl 3000 [2-R1-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.0.255 destination 172.16. 10.0 0.0.0.255 [2-R1-acl-adv-3000]rule deny ip source 192.168.0.0 0.0.0.255 destination 172.16. 20.0 0.0.0.255 [2-R1-acl-adv-3000]int g0/0/0 [2-R1-GigabitEthernet0/0/0]tr [2-R1-GigabitEthernet0/0/0]traffic-filter in [2-R1-GigabitEthernet0/0/0]traffic-filter inbound acl 30004外网可以访问内部的HTTP服务器[bianjie-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 8 0 inside 172.16.10.254 80 Warning:The port 80 is well-known port. If you continue it may cause function fa ilure. Are you sure to continue?[Y/N]:y5所有学生的电脑不允许访问办公室电脑及摄像头教学楼1[1-L1]acl 3000 [1-L1-acl-adv-3000]rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168 .3.0 0.0.0.255 [1-L1-acl-adv-3000]int g0/0/1 [1-L1-GigabitEthernet0/0/1]tr [1-L1-GigabitEthernet0/0/1]traffic-filter in [1-L1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 [1-L1-GigabitEthernet0/0/1]int g0/0/2 [1-L1-GigabitEthernet0/0/2]traffic-filter inbound acl 3000教学楼2[2-R1-acl-adv-3000]rule deny ip source 192.168.5.0 0.0.0.255 destination 192.168 .4.0 0.0.0.2555、测试内部全网可达园区内所有办公电脑可以访问外网所有内网设备均可以通过域名访问内部的HTTP服务器除了教学楼2的设备外网可以访问内部的HTTP服务器所有学生的电脑不允许访问办公室电脑及摄像头园区内使用多区域OSPF网络保证路由可达

更多文章