【HCIA】静态综合实验练习笔记

实验拓扑图如下：

实验配置思路如下：

1、网段划分、配置IP地址

2、配置DHCP，使客户端获得ip地址

3、配置静态明细路由，内网全网通

4、配置空接口防环

5、配置优先级，实现选路最佳

6、配置缺省路由，实现公网通

7、配置nat配置内网访问公网

8、做NAT SERVER，发布内网服务器服务

一、网段划分、配置IP地址

拓扑图中骨干链路有6条，实验要求路由表尽量小，则R1、R2、R4的两条环回需汇总为一条环回，R5、R6各一条环回。

因此，基于192.168.1.0/24的网段需向主机位借3位为网络位。网段划分如下：

192.168.1.0/24

骨干链路

192.168.1.0/27

192.168.1.0/30

192.168.1.4/30

192.168.1.8/30

192.168.1.12/30

192.168.1.16/30

192.168.1.20/30

R1环回

192.168.1.32/27

192.168.1.32/28

192.168.1.48/28

R2环回

192.168.1.64/27

192.168.1.64/28

192.168.1.80/28

R3用户网段

192.168.1.96/27

R4环回

192.168.1.128/27

192.168.1.128/28

192.168.1.144/28

R5环回

192.168.1.160/27

配置R1-R6的IP地址：

[R1]
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.5 30
[R1]int lo1
[R1-LoopBack1]ip add 192.168.1.33 28
[R1-LoopBack1]int lo2
[R1-LoopBack2]ip add 192.168.1.49 28
[R1]dis ip int br
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.1.1/30       up         up        
GigabitEthernet0/0/1              192.168.1.5/30       up         up        
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack1                         192.168.1.33/28      up         up(s)     
LoopBack2                         192.168.1.49/28      up         up(s)     
NULL0                             unassigned           up         up(s)

[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.1.9 30
[R2]int lo1
[R2-LoopBack1]ip add 192.168.1.65 28
[R2-LoopBack1]int lo2
[R2-LoopBack2]ip add 192.168.1.81 28

[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.1.6 30
[R3-GigabitEthernet0/0/0]int g0/0/2
[R3-GigabitEthernet0/0/2]ip add 192.168.1.13 30
[R3-GigabitEthernet0/0/2]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 192.168.1.97 27

[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 192.168.1.10 30
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.1.14 30
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip add 192.168.1.21 30 
[R4-GigabitEthernet0/0/2]int g4/0/0
[R4-GigabitEthernet4/0/0]ip add 192.168.1.17 30
[R4]int lo1
[R4-LoopBack1]ip add 192.168.1.129 28
[R4-LoopBack1]int lo2
[R4-LoopBack2]ip ad 192.168.1.145 28
[R4]dis ip in brief 
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.1.10/30      up         up        
GigabitEthernet0/0/1              192.168.1.14/30      up         up        
GigabitEthernet0/0/2              192.168.1.21/30      up         up        
GigabitEthernet4/0/0              192.168.1.17/30      up         up        
GigabitEthernet4/0/1              unassigned           down       down      
GigabitEthernet4/0/2              unassigned           down       down      
GigabitEthernet4/0/3              unassigned           down       down      
LoopBack1                         192.168.1.129/28     up         up(s)     
LoopBack2                         192.168.1.145/28     up         up(s)     
NULL0                             unassigned           up         up(s)

[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 192.168.1.22 30
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]ip add 192.168.1.18 30
[R5-GigabitEthernet0/0/1]int g0/0/2
[R5-GigabitEthernet0/0/2]ip add 12.0.0.1 24
[R5]int lo1
[R5-LoopBack1]ip add 192.168.1.161 27
[R5]dis ip int br
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              192.168.1.22/30      up         up        
GigabitEthernet0/0/1              192.168.1.18/30      up         up        
GigabitEthernet0/0/2              12.0.0.1/24          up         up        
LoopBack1                         192.168.1.161/27     up         up(s)     
NULL0                             unassigned           up         up(s)

[Huawei]sys ISP
[ISP]int  g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[ISP]int lo1
[ISP-LoopBack1]ip add 1.1.1.1 24

二、配置DHCP，使客户端获得ip地址

[R3]dhcp enable 
[R3]ip pool aa
[R3-ip-pool-aa]network 192.168.1.96 m 27	
[R3-ip-pool-aa]gateway-list 192.168.1.97
[R3-ip-pool-aa]dns-list 8.8.8.8 114.114.114.114
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]dhcp select global

三、配置静态明细路由，内网全网通

R1-R5配置如下：

[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.6
[R1]ip route-static 192.168.1.16 30 192.168.1.6
[R1]ip route-static 192.168.1.16 30 192.168.1.2
[R1]ip route-static 192.168.1.20 30 192.168.1.2
[R1]ip route-static 192.168.1.20 30 192.168.1.6
[R1]ip route-static 192.168.1.160 27 192.168.1.6
[R1]ip route-static 192.168.1.160 27 192.168.1.2
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R1]ip route-static 192.168.1.96 27 192.168.1.6

[R2]ip route-static 192.168.1.128 27 192.168.1.10
[R2]ip route-static 192.168.1.16 30 192.168.1.10
[R2]ip route-static 192.168.1.20 30 192.168.1.10
[R2]ip route-static 192.168.1.160 27 192.168.1.10
[R2]ip route-static 192.168.1.12 30 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.32 27 192.168.1.1

[R3]ip route-static 192.168.1.32 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R3]ip route-static 192.168.1.8 30 192.168.1.14
[R3]ip route-static 192.168.1.128 27 192.168.1.14
[R3]ip route-static 192.168.1.16 30 192.168.1.14
[R3]ip route-static 192.168.1.20 30 192.168.1.14
[R3]ip route-static 192.168.1.160 27 192.168.1.14

[R4]ip route-static 192.168.1.96 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.64 27 192.168.1.9
[R4]ip route-static 192.168.1.160 27 192.168.1.18
[R4]ip route-static 192.168.1.160 27 192.168.1.22

[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.21
[R5]ip route-static 192.168.1.12 30 192.168.1.21
[R5]ip route-static 192.168.1.12 30 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.21
[R5]ip route-static 192.168.1.4 30 192.168.1.21
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.32 27 192.168.1.21
[R5]ip route-static 192.168.1.0 30 192.168.1.21
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.21
[R5]ip route-static 192.168.1.8 30 192.168.1.21
[R5]ip route-static 192.168.1.8 30 192.168.1.17

内网全网通测试（用R1去ping通R5的环回）：

可以ping通，至此，内外全网通了。

四、配置空接口防环

由于R1、R2、R4进行了路由汇总，则可能会会出现路由黑洞和环路，需要配置空接口进行防环。

[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0

五、配置优先级，实现选路最佳

在R4与R5直接有两条直连链路，分别是1000M与100M，我们需要配置两条链路的优先级，来实现当1000M链路出现故障时，路由会自动选择100M链路进行数据传输。配置如下：

[R4]dis ip routing-table protocol static 目标IP/掩码       协议  优先级 花销  标志      下一跳               接口
Destination/Mask Proto  Pre  Cost  Flags     NextHop           Interface
192.168.1.0/30   Static  60   0    RD     192.168.1.9    GigabitEthernet0/0/0
192.168.1.4/30   Static  60   0    RD     192.168.1.13   GigabitEthernet0/0/1
192.168.1.32/27  Static  60   0    RD     192.168.1.13   GigabitEthernet0/0/1Static  60   0    RD     192.168.1.9    GigabitEthernet0/0/0
192.168.1.64/27  Static  60   0    RD     192.168.1.9    GigabitEthernet0/0/0
192.168.1.96/27  Static  60   0    RD     192.168.1.13   GigabitEthernet0/0/1
192.168.1.128/27 Static  60   0    D      0.0.0.0        NULL0
192.168.1.160/27 Static  60   0    RD     192.168.1.18   GigabitEthernet4/0/0Static  60   0    RD     192.168.1.22

通过查看R4的静态路由协议可以看出，只有去往192.168.1.160/27的下一跳为192.168.1.22，该接口在100M的链路上。我们只需修改该路由条目的静态优先级为61即可。

[R4]ip route-static 192.168.1.160 27 192.168.1.22 preference 61

只修改R4上路由的优先级还不够，还需将直连R5的路由优先级修改，才可实现最路最佳。

查看R5 的静态路由协议可以看出，R5去往R1、R2、R3、R4的下一跳均为192.168.1.21，该接口也在100M的链路上。

[R5]dis ip routing-table protocol static 目的IP/掩码        协议  优先级 花销 标志      下一跳                接口
Destination/Mask Proto   Pre  Cost Flags   NextHop             Interface192.168.1.0/30   Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1
192.168.1.4/30   Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1
192.168.1.8/30   Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1
192.168.1.12/30  Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1
192.168.1.32/27  Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0
192.168.1.64/27  Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0
192.168.1.96/27  Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0
192.168.1.128/27 Static  60   0   RD    192.168.1.17    GigabitEthernet0/0/1Static  60   0   RD    192.168.1.21    GigabitEthernet0/0/0

所以，R5配置如下：

[R5]ip route-static 192.168.1.128 27 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.12 30 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.96 27 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.4 30 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.32 27 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.0 30 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.64 27 192.168.1.21 pre 61
[R5]ip route-static 192.168.1.8 30 192.168.1.21 pre 61

关闭1000M链路的接口进行测试如下：

[R4]int g4/0/0
[R4-GigabitEthernet4/0/0]shutdown

#关闭前，跟踪从R1去往R5环回的路径如下
[R1]tracert 192.168.1.161traceroute to  192.168.1.161(192.168.1.161), max hops: 30 ,packet length: 40,pr
ess CTRL_C to break 1 192.168.1.6 50 ms  20 ms 192.168.1.2 120 ms 2  * 192.168.1.10 70 ms  30 ms 3 192.168.1.18 50 ms  30 ms  30 ms 
##关闭后路径跟踪如下：
[R1]tracert 192.168.1.161traceroute to  192.168.1.161(192.168.1.161), max hops: 30 ,packet length: 40,pr
ess CTRL_C to break 1 192.168.1.6 40 ms  20 ms 192.168.1.2 20 ms 2 192.168.1.10 30 ms  20 ms  10 ms 3 192.168.1.22 40 ms  30 ms  30 ms

清楚的看出，关闭前路由走的是192.168.1.18的1000M链路，关闭1000M接口后，路由选择走的是192.168.1.22的100M链路。至此，实现了选录最佳。

六、配置缺省路由，实现公网通

要是内网可以访问公网，则需要在R1-R5上配置去往公网ISP的路由，但R1-R4并不知道去往ISP的IP，这就需要进行缺省配置了。

R1-R5的缺省配置如下：

[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6[R2]ip route-static 0.0.0.0 0 192.168.1.10[R3]ip route-static 0.0.0.0 0 192.168.1.14[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R4]ip route-static 0.0.0.0 0 192.168.1.22
[R4]ip route-static 0.0.0.0 0 192.168.1.22 pre 61[R5]ip route-static 0.0.0.0 0 12.0.0.2

七、配置nat配置内网访问公网

R5作为内网去往ISP的边界路由，我们需要在R5上进行NAT配置，实现公网ip地址和私网ip地址之间的相互转换，且华为设备所有NAT相关的配置都是在边界路由器的出接口上配置，该端口转换属于PAT一对多类型，也就是easy ip配置。

1...通过ACL抓取私网流量，配置如下：

[R5]acl 2000	
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

2... 在出接口上配置

[R5]int g0/0/2	
[R5-GigabitEthernet0/0/2]nat outbound 2000

3...端口映射

[R5]int g0/0/2	
[R5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:yes
[R5-GigabitEthernet0/0/2]q

用pc1去访问ISP的环回：

可以ping通。

八、做NAT SERVER，发布内网服务器服务

实验要求R6 telnet R5的公有地址时，实际登录到R1上，则我们需要在R1上做telnet服务。

配置如下：

[R1]telnet server enable 
[R1]aaa
[R1-aaa]local-user  vicky password cipher 111111 privilege level 15
[R1-aaa]local-user vicky service-type telnet
[R1-aaa]q
[R1]user-interface vty  0 4
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]q

在R6上telnetR5如下：