HCIA:综合实验(附配置文件)

笔记 · 2023-08-28 · 404 人浏览
HCIA:综合实验(附配置文件)

该实验来自某站UP主:暴风网络-155和150

HCIA_end.png

相关配置文件

  1. 若以下没有该设备文件即表示未作任何配置。
  2. 其中涉及MAC地址部分均采用模拟器提供的MAC(如绑定AP),需要自行更改!
  3. Server、Clinet以及STA根据相关需求配置。

企业区域

AR1:

#
 sysname R1
 header shell information "SUCESS : There will be a price for your actions!"
 header login information "WARNING : Please proceed with caution!"
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent sys-info version v3
 snmp-agent group v3 USER_GROUP privacy
 snmp-agent target-host trap-hostname NMS address 10.1.20.10 udp-port 162 trap-p
aramsname R1
 snmp-agent usm-user v3 USER USER_GROUP authentication-mode md5 4DE14BB77015FFE8
95A65FDE05B8F6E9 privacy-mode des56 4DE14BB77015FFE895A65FDE05B8F6E9
 snmp-agent trap enable feature-name IFNET trap-name linkDown 
 snmp-agent trap enable feature-name IFNET trap-name linkUp 
 snmp-agent 
#
acl number 2000  
 rule 5 permit source 10.1.10.0 0.0.0.255 
#
acl number 3000  
 rule 5 deny icmp icmp-type echo 
 rule 10 deny udp destination-port gt 33433 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user user password cipher %$%$mq2aEX3+x"S0Nl,/<SeK]@gr%$%$
 local-user user privilege level 15
 local-user user service-type ssh
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
 nat address-group 1 155.1.12.11 155.1.12.20
#
interface Eth-Trunk1
 undo portswitch
 ip address 10.1.17.1 255.255.255.0 
 ospf enable 1 area 0.0.0.0
 mode lacp-static
#
interface GigabitEthernet0/0/0
 ip address 155.1.12.1 255.255.255.0 
 traffic-filter inbound acl 3000
 nat server protocol tcp global 155.1.12.10 10080 inside 10.1.20.10 www
 nat outbound 2000 address-group 1 
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
ospf 1 
 default-route-advertise
 area 0.0.0.0 
#
 stelnet server enable 
#
ip route-static 0.0.0.0 0.0.0.0 155.1.12.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode aaa
 idle-timeout 15 0
 protocol inbound ssh
user-interface vty 16 20
#
return

LSW1:

#
sysname S1
#
vlan batch 10 17 20 254
#
stp mode stp
stp instance 0 priority 8192
stp pathcost-standard dot1d-1998
#
dhcp enable
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif10
 ip address 10.1.10.7 255.255.255.0
 dhcp select interface
 dhcp server dns-list 155.1.2.10
#
interface Vlanif17
 ip address 10.1.17.7 255.255.255.0
#
interface Vlanif20
 ip address 10.1.20.7 255.255.255.0
#
interface Vlanif254
 ip address 10.1.254.7 255.255.255.0
 dhcp select interface
 dhcp server static-bind ip-address 10.1.254.1 mac-address 00e0-fce6-3090
#
interface Eth-Trunk1
 port link-type access
 port default vlan 17
 mode lacp-static
#
interface GigabitEthernet0/0/1
 eth-trunk 1
#
interface GigabitEthernet0/0/2
 eth-trunk 1
#
interface GigabitEthernet0/0/10
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 254
#
interface GigabitEthernet0/0/23
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
ospf 1
 area 0.0.0.0
  network 10.1.17.0 0.0.0.255
  network 10.1.10.0 0.0.0.255
  network 10.1.20.0 0.0.0.255
#
ssh client first-time enable
#
return

LSW2:

#
sysname S2
#
vlan batch 10 20 254
#
stp mode stp
stp instance 0 priority 16384
stp pathcost-standard dot1d-1998
#
rsa peer-public-key 10.1.17.1
 public-key-code begin
  308188
    028180
      EBAF3256 AA5B7305 C7B193DB B0BC1B3B C04ABD1B D565E757 250BACA6 A7009AC1
      56227B78 8AA12C72 E1F07ADA 497D536B 23A7DFBE 671FBA0E 933F5B70 C2D654F9
      C4ABD0F5 EE45BC01 DDF0484D D452E74A DF163662 505B0CDD B5370763 C43663B0
      B53D85EC 4615968A F70E7FDB 9E22ACB5 21172B96 012D98CC 18F6A60D 463D5D41
    0203
      010001
 public-key-code end
peer-public-key end
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif10
 ip address 10.1.10.8 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 254
#
interface GigabitEthernet0/0/21
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/23
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 10.1.10.7
#
ssh client first-time enable
ssh client 10.1.17.1 assign rsa-key 10.1.17.1
#
return

LSW3:

#
sysname S3
#
vlan batch 10 20 254
#
stp mode stp
stp pathcost-standard dot1d-1998
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface GigabitEthernet0/0/10
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/21
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
return

AC1:

#
 sysname AC1
#
vlan batch 10 254
#
interface Vlanif254
 ip address 10.1.254.10 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 254
#
interface GigabitEthernet0/0/22
 undo negotiation auto
 duplex half
#
interface GigabitEthernet0/0/23
 undo negotiation auto
 duplex half
#
interface GigabitEthernet0/0/24
 undo negotiation auto
 duplex half
#
capwap source interface vlanif254
#
wlan
 traffic-profile name default
 security-profile name default
 security-profile name SEC_PRO
  security wpa2 psk pass-phrase %^%#~:#$%:tA=<:.>t>2MsC,r){U)yfi/3)BX)7E!FD(%^%#
 aes
 security-profile name default-wds
 security-profile name default-mesh
 ssid-profile name default
 ssid-profile name SSID_PRO
  ssid HUAWEI
 vap-profile name default
 vap-profile name VAP_PRO
  forward-mode tunnel
  service-vlan vlan-id 10
  ssid-profile SSID_PRO
  security-profile SEC_PRO
 wds-profile name default
 mesh-handover-profile name default
 mesh-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default
 wireless-access-specification
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 serial-profile name preset-enjoyor-toeap 
 ap-group name default
 ap-id 1 type-id 45 ap-mac 00e0-fce6-3090 ap-sn 210235448310A2691B79
  ap-name AREA_1
  radio 0
   vap-profile VAP_PRO wlan 1
  radio 1
   vap-profile VAP_PRO wlan 1
 provision-ap
#
return

互联网区域

LSW4:

#
sysname S4
#
vlan batch 2 to 4
#
interface GigabitEthernet0/0/2
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2 to 3
#
interface GigabitEthernet0/0/3
 port hybrid pvid vlan 3
 port hybrid untagged vlan 2 to 4
#
interface GigabitEthernet0/0/4
 port hybrid pvid vlan 4
 port hybrid untagged vlan 3 to 4
#
return

AR2:

#
 sysname R2
#
interface Serial1/0/0
 link-protocol ppp
 ppp pap local-user USER password simple HUAWEI
 ip address 155.1.24.2 255.255.255.0 
#
interface GigabitEthernet0/0/0
 ip address 155.1.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 155.1.0.2 255.255.255.0 
 ospf dr-priority 0
#
interface GigabitEthernet0/0/2
 ip address 155.1.2.2 255.255.255.0 
#
interface LoopBack0
 ip address 150.1.2.2 255.255.255.255 
#
ospf 1 
 silent-interface GigabitEthernet0/0/2
 silent-interface GigabitEthernet0/0/0
 area 0.0.0.0 
  network 150.1.0.0 0.0.255.255 
  network 155.1.0.0 0.0.255.255 
#
arp static 155.1.0.4 00e0-fc4b-0626
#
return

AR3:

#
 sysname R3
#
interface GigabitEthernet0/0/1
 ip address 155.1.0.3 255.255.255.0 
#
#
interface LoopBack0
 ip address 150.1.3.3 255.255.255.255 
#
ospf 1 
 area 0.0.0.0 
  network 150.1.0.0 0.0.255.255 
  network 155.1.0.0 0.0.255.255 
#
return

AR4:

#
 sysname R4
#
interface Serial1/0/0
 link-protocol ppp
 ppp authentication-mode pap 
 ip address 155.1.24.4 255.255.255.0 
#
interface Virtual-Template1
 ppp authentication-mode chap 
 remote address 155.1.45.5 
 ip address unnumbered interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0
 pppoe-server bind Virtual-Template 1
 ip address 155.1.45.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 155.1.0.4 255.255.255.0 
 ospf dr-priority 0
#
interface LoopBack0
 ip address 150.1.4.4 255.255.255.255 
#
ospf 1 
 silent-interface GigabitEthernet0/0/0
 area 0.0.0.0 
  network 150.1.0.0 0.0.255.255 
  network 155.1.0.0 0.0.255.255 
#
arp static 155.1.0.2 00e0-fc4b-0626
#
return

远程用户

AR5:

#
 sysname R5
#
acl number 2000  
 rule 5 permit source 10.1.5.0 0.0.0.255 
#
interface Dialer1
 link-protocol ppp
 ppp ipcp default-route
 ppp chap user USER
 ppp chap password simple HUAWEI
 mtu 1492
 ip address ppp-negotiate
 dialer user TEST
 dialer bundle 1
 nat outbound 2000
#
interface GigabitEthernet0/0/0
 pppoe-client dial-bundle-number 1 
#
interface GigabitEthernet0/0/1
 ip address 10.1.5.5 255.255.255.0 
#
return

相关链接

学习链接

下载链接(回复可见)

此处内容已隐藏,回复后(需要填写邮箱)可见

数通 实验
2023 - 2025 Justin知识库. All Rights Reserved.
Theme Jasmine by Kent Liao

本网站由 又拍云 提供CDN加速/云存储服务

鄂ICP备2023005457号    鄂公网安备 42011302000815号

欢迎来自 * · * 的用户