技术考核1
实验拓扑:
实验需求
1.按照图示配置IP地址设备名
2.在SW1和SW2之间配置链路聚合增加链路带宽,提高可靠性
3.PC5和PC6属于VLAN10, PC7和PC8属于VLAN20
4.SW1和SW2属于二层交换机,SW3为三层交换机(VLAN100用于对接R4),在交换机之间相连的链路
放行相关VLAN(不允许放行所有VLAN)
5.SW3作为DHCP服务器,配置两个地址池,分别为192.168.1.0/24网段和192.168.2.0/24网段网关分
别为192.168.1.254和192.168.2.254,dns统一为114.114.114.114;分别排除地址段192.168.1.1-
192.168.10和192.168.2.1-192.168.2.10
6.在R4上配置静态路由,使其有到达各个部门的路由,在R3上配置默认路由,使其全网互通
7.在R4上配置Telnet服务使两个部门都能登录到R4
实验步骤
1、配置ip地址
r4:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname r4
[r4]int g0/0
[r4-GigabitEthernet0/0]ip add 172.16.1.1 30
[r4-GigabitEthernet0/0]qu
[r4]int LoopBack 0
[r4-LoopBack0]ip add 100.1.1.1 32
[r4-LoopBack0]qu
sw3:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname sw3
--创建vlan
[sw3]vlan 10
[sw3-vlan10]qu
[sw3]vlan 20
[sw3-vlan20]qu
[sw3]vlan 100
[sw3-vlan100]qu
--进入vlan 配置ip地址
[sw3]int vlan 10
[sw3-Vlan-interface10]ip add 192.168.1.254 24
[sw3-Vlan-interface10]qu
[sw3]int vlan 20
[sw3-Vlan-interface20]ip add 192.168.2.254 24
[sw3-Vlan-interface20]quit
[sw3]int vlan 100
[sw3-Vlan-interface100]ip add 172.16.1.2 30
[sw3-Vlan-interface100]quit
2.在SW1和SW2之间配置链路聚合增加链路带宽,提高可靠性
sw1:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname sw1
[sw1]int Bridge-Aggregation 1
[sw1-Bridge-Aggregation1]quit
[sw1]int g1/0/3
[sw1-GigabitEthernet1/0/3]port link-aggregation group 1
[sw1-GigabitEthernet1/0/3]qu
[sw1]int g1/0/4
[sw1-GigabitEthernet1/0/4]port link-aggregation group 1
sw2:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname sw2
[sw2]int Bridge-Aggregation 1
[sw2-Bridge-Aggregation1]qu
[sw2]int g1/0/3
[sw2-GigabitEthernet1/0/3]port link-aggregation group 1
[sw2-GigabitEthernet1/0/3]qu
[sw2]int g1/0/4
[sw2-GigabitEthernet1/0/4]port link-aggregation group 1
3.PC5和PC6属于VLAN10, PC7和PC8属于VLAN20
[sw1]vlan 10
[sw1-vlan10]port g1/0/1
[sw1-vlan10]port g1/0/2
[sw1-vlan10]qu
[sw2]vlan 20
[sw2-vlan20]port g1/0/1
[sw2-vlan20]port g1/0/2
[sw2-vlan20]qu
4.SW1和SW2属于二层交换机,SW3为三层交换机(VLAN100用于对接R4),在交换机之间相连的链路 放行相关VLAN(不允许放行所有VLAN)
注释:
1、以上我们配置完链路聚合,我们应该在链路聚合里面将链路改为trunk,并且放行vlan10、20
2、因为sw1的g1/0/5这个端口他是处于连接sw3的,这个端口需要配置vlan10、20通行,所有也要为trunk链路
3、因为sw2的g1/0/5这个端口他是处于连接sw3的,这个端口需要配置vlan10、20通行,所有也要为trunk链路
4、在sw3与sw1和sw2相连的接口同样配置trunk,并允许vlan10、20通行
5、将sw3与r4相连的链路加入vlan100
1、将链路聚合配置为trunk,并放行vlan10、20
[sw1]int Bridge-Aggregation 1
[sw1-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[sw1-Bridge-Aggregation1]port trunk permit vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[sw2]int Bridge-Aggregation 1
[sw2-Bridge-Aggregation1]port link-type trunk
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
[sw2-Bridge-Aggregation1]port trunk permit vlan 10 20
Configuring GigabitEthernet1/0/3 done.
Configuring GigabitEthernet1/0/4 done.
2、配置sw1的g1/0/5为trunk链路,并放行vlan10 20
[sw1]int g1/0/5
[sw1-GigabitEthernet1/0/5]port link-type trunk
[sw1-GigabitEthernet1/0/5]port trunk permit vlan 10 20
[sw1-GigabitEthernet1/0/5]dis th
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
3、配置sw2的g1/0/5为trunk链路,并放行vlan10 20
[sw2]int g1/0/5
[sw2-GigabitEthernet1/0/5]port link-type trunk
[sw2-GigabitEthernet1/0/5]port trunk permit vlan 10 20
[sw2]int g1/0/5
[sw2-GigabitEthernet1/0/5]dis th
#
interface GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 20
combo enable fiber
#
return
4、在sw3与sw1和sw2相连的接口同样配置trunk,并允许vlan10、20通行
[sw3]int g1/0/1
[sw3-GigabitEthernet1/0/1]port link-type trunk
[sw3-GigabitEthernet1/0/1]port trunk permit vlan 10 20
[sw3-GigabitEthernet1/0/1]qu
[sw3]int g1/0/2
[sw3-GigabitEthernet1/0/2]port link-type trunk
[sw3-GigabitEthernet1/0/2]port trunk permit vlan 10 20
5、将sw3与r4相连的端口加入vlan100
[sw3]vlan 100
[sw3-vlan100]port g1/0/3
[sw3-vlan100]qu
5.SW3作为DHCP服务器,配置两个地址池,分别为192.168.1.0/24网段和192.168.2.0/24网段网关分 别为192.168.1.254和192.168.2.254,dns统一为114.114.114.114;分别排除地址段192.168.1.1- 192.168.10和192.168.2.1-192.168.2.10
[sw3]dhcp enable
[sw3]dhcp server ip-pool 1
[sw3-dhcp-pool-1]network 192.168.1.0 mask 255.255.255.0
[sw3-dhcp-pool-1]gateway-list 192.168.1.254
[sw3-dhcp-pool-1]dns-list 114.114.114.114
[sw3]dhcp server ip-pool 2
[sw3-dhcp-pool-2]network 192.168.2.0 mask 255.255.255.0
[sw3-dhcp-pool-2]gateway-list 192.168.2.254
[sw3-dhcp-pool-2]dns-list 114.114.114.114
[sw3]dhcp server forbidden-ip 192.168.1.1 192.168.1.10
[sw3]dhcp server forbidden-ip 192.168.2.1 192.168.2.10
--查看pc端自动获取dhcp情况
[sw3]dis dhcp server ip-in-use
IP address Client identifier/ Lease expiration Type
Hardware address
192.168.1.11 0030-6362-362e-3361- Aug 3 17:22:09 2025 Auto(C)
6131-2e30-3530-362d-
4745-302f-302f-31
192.168.1.12 0030-6362-362e-3365- Aug 3 17:22:12 2025 Auto(C)
3439-2e30-3630-362d-
4745-302f-302f-31
192.168.2.11 0030-6362-362e-3430- Aug 3 17:22:22 2025 Auto(C)
3530-2e30-3730-362d-
4745-302f-302f-31
192.168.2.12 0030-6362-362e-3433- Aug 3 17:22:41 2025 Auto(C)
3530-2e30-3830-362d-
4745-302f-302f-31
6.在R4上配置静态路由,使其有到达各个部门的路由,在sw3上配置默认路由,使其全网互通
注释
1、在r4上配置到达其他1.0和2.0网段的静态路由,下一跳为vlan100的ip地址。
2、在sw3上配置到达r4上的默认路由
1、在r4上配置到达其他1.0和2.0网段的静态路由,下一跳为vlan100的ip地址。
[r4]ip route-static 192.168.1.0 24 172.16.1.2 --配置到达1.0网段路由
[r4]ip route-static 192.168.2.0 24 172.16.1.2 --配置到达2.0网段路由
--查看
[r4]dis th
#
sysname r4
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
scheduler logfile size 16
#
ip route-static 192.168.1.0 24 172.16.1.2
ip route-static 192.168.2.0 24 172.16.1.2
#
domain default enable system
#
return
测试一下sw3能否 ping通pc端,结果如下:可以
[sw3]ping 192.168.1.11
Ping 192.168.1.11 (192.168.1.11): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.11: icmp_seq=0 ttl=255 time=1.425 ms
56 bytes from 192.168.1.11: icmp_seq=1 ttl=255 time=1.216 ms
56 bytes from 192.168.1.11: icmp_seq=2 ttl=255 time=1.377 ms
56 bytes from 192.168.1.11: icmp_seq=3 ttl=255 time=1.233 ms
56 bytes from 192.168.1.11: icmp_seq=4 ttl=255 time=1.106 ms
--- Ping statistics for 192.168.1.11 ---
[sw3]ping 192.168.1.12
Ping 192.168.1.12 (192.168.1.12): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.12: icmp_seq=0 ttl=255 time=1.610 ms
56 bytes from 192.168.1.12: icmp_seq=1 ttl=255 time=1.192 ms
56 bytes from 192.168.1.12: icmp_seq=2 ttl=255 time=1.283 ms
56 bytes from 192.168.1.12: icmp_seq=3 ttl=255 time=1.224 ms
56 bytes from 192.168.1.12: icmp_seq=4 ttl=255 time=1.028 ms
--- Ping statistics for 192.168.1.12 ---
[sw3]ping 192.168.2.11
Ping 192.168.2.11 (192.168.2.11): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.11: icmp_seq=0 ttl=255 time=2.065 ms
56 bytes from 192.168.2.11: icmp_seq=1 ttl=255 time=1.241 ms
56 bytes from 192.168.2.11: icmp_seq=2 ttl=255 time=1.229 ms
56 bytes from 192.168.2.11: icmp_seq=3 ttl=255 time=1.113 ms
56 bytes from 192.168.2.11: icmp_seq=4 ttl=255 time=1.152 ms
--- Ping statistics for 192.168.2.11 ---
[sw3]ping 192.168.2.12
Ping 192.168.2.12 (192.168.2.12): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.12: icmp_seq=0 ttl=255 time=1.283 ms
56 bytes from 192.168.2.12: icmp_seq=1 ttl=255 time=1.217 ms
56 bytes from 192.168.2.12: icmp_seq=2 ttl=255 time=1.212 ms
56 bytes from 192.168.2.12: icmp_seq=3 ttl=255 time=1.252 ms
56 bytes from 192.168.2.12: icmp_seq=4 ttl=255 time=1.282 ms
--- Ping statistics for 192.168.2.12 ---
2、在sw3上配置到达r4上的默认路由
[sw3]ip route-static 0.0.0.0 0 172.16.1.1
--测试
[sw3]ping 172.16.1.1
Ping 172.16.1.1 (172.16.1.1): 56 data bytes, press CTRL_C to break
56 bytes from 172.16.1.1: icmp_seq=0 ttl=255 time=0.769 ms
56 bytes from 172.16.1.1: icmp_seq=1 ttl=255 time=0.670 ms
56 bytes from 172.16.1.1: icmp_seq=2 ttl=255 time=0.635 ms
56 bytes from 172.16.1.1: icmp_seq=3 ttl=255 time=0.754 ms
56 bytes from 172.16.1.1: icmp_seq=4 ttl=255 time=0.671 ms
--- Ping statistics for 172.16.1.1 ---
-------能够ping通,全网互通成功
7.在R4上配置Telnet服务使两个部门都能登录到R4
[r4]telnet server enable
[r4]local-user lcy class manage
New local user added.
[r4-luser-manage-lcy]password simple admin@12345
[r4-luser-manage-lcy]service-type telnet
[r4-luser-manage-lcy]authorization-attribute user-role level-15
[r4]user-interface vty 0 4
[r4-line-vty0-4]authentication-mode scheme
[r4-line-vty0-4]user-role level-15
[r4-line-vty0-4]qu
测试:
pc5连接telnet
<H3C>telnet 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login: lcy
Password:
<r4>
pc6连接telnet
<H3C>telnet 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login: lcy
Password:
<r4>
pc7连接telnet
<H3C>telnet 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login: lcy
Password:
<r4>
pc8连接telnet
<H3C>telnet 172.16.1.1
Trying 172.16.1.1 ...
Press CTRL+K to abort
Connected to 172.16.1.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login: lcy
Password:
<r4>