计网:实验三 综合性训练(搭建中小企业园区网)

实验三  综合性训练(搭建中小企业园区网)

  一、实验目的: 

1.通过对网络设备的连通和对拓扑的分析,加深对常见典型局域网拓扑的理解; 

2.通过路由建立起网络之间的连接,了解网络路由的设计与配置;

3.进一步熟悉交换机、路由器的基本操作命令。

二、实验设备:

计算机、二层交换机、路由器、外网服务器

三、实验拓扑图

 

 

 

四、实验过程:

步骤1:在4台交换机上创建vlan10/20/30,分别命名为yewubu,caiwubu,zonghebu 四台交换机:

Switch0

Switch>enable

Switch#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#vlan 10

Switch(config-vlan)#name yewubu

Switch(config-vlan)#exit

Switch(config)#vlan 20

Switch(config-vlan)#name caiwubu

Switch(config-vlan)#exit

Switch(config)#vlan 30

Switch(config-vlan)#name zonghebu

Switch(config-vlan)#exit

四台交换机代码相同

 

 

步骤2:在交换机s2_01,s2_02(二层交换机)上分别将6-10端口,11-15端口,16-20端口分别划分到vlan10,20,30中 两台二层交换机(下面)//这里可以只将连接主机的端口分配给相应的vlan即可【可以使用2960(有24个端口)】

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int range fa0/6-10

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 10

Switch(config-if-range)#exit

Switch(config)#int range fa0/11-15

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 20

Switch(config-if-range)#exit

Switch(config)#int range fa0/16-20

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 30

Switch(config-if-range)#exit

Switch(config)#

两台交换机代码相同

步骤3:把s2_01,s2_02连s3_01,s3_02的端口设置都为Trunk模式(8个端口) 四台交换机

Switch(config)#

Switch(config)#interface FastEthernet0/1

Switch(config-if)#

Switch(config-if)#switchport mode trunk

 

Switch(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

 

Switch(config-if)#exit

Switch(config)#interface FastEthernet0/2

Switch(config-if)#

Switch(config-if)#switchport mode trunk

 

步骤4:将两台三层交换机之间的fa0/3,fa0/4端口配置为聚合端口 两台三层交换机(上面)

Switch(config)#int range fa0/1-2

Switch(config-if-range)#channel-group 1 mode on

Switch(config-if-range)#

Creating a port-channel interface Port-channel 1

 

%LINK-5-CHANGED: Interface Port-channel1, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

 

Switch(config-if-range)#exit

Switch(config)#int port-channel 1

Switch(config-if)#switchport mode trunk

Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.

Switch(config-if)#exit

 

Show vlan

 

步骤5:在四台交换机上配置RSTP,指定s3_01和s3-02分别为根网桥和备份网桥(生成树协议) 四台交换机

其中两台二层交换机:

spanning-tree mode pvst

剩余的两台三层交换机:

Switch(config)#spanning-tree mode pvst

Switch(config)#spanning-tree vlan 10,20,30 priority 16384

Switch#show spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0001.9609.ECB3

Cost 9

Port 27(Port-channel1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 00E0.F726.8751

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

 

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/3 Desg FWD 19 128.3 P2p

Fa0/4 Desg FWD 19 128.4 P2p

Po1 Root FWD 9 128.27 Shr

 

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 16394

Address 00E0.F726.8751

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 

Bridge ID Priority 16394 (priority 16384 sys-id-ext 10)

Address 00E0.F726.8751

--More--

步骤6:在接入交换机的access链路上实现端口安全,最大连接数量为4个,当违例产生时,将关闭端口并发送一个Trap通知 两台二层交换机(下面)

Switch(config)#int range fa0/6-20

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport port-security

Switch(config-if-range)#switchport port-security maximum 4

Switch(config-if-range)#switchport port-security violation shutdown

步骤7:在三层交换机上配置SVI实现vlan间的路由 两台三层交换机(上面)

左边

Switch(config-if)#int vlan 10

Switch(config-if)#ip address 192.168.10.1 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan20, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

 

Switch(config-if)#ip address 192.168.20.1 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 30

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan30, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up

 

Switch(config-if)#ip address 192.168.30.1 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

 

右边

Switch(config)#int vlan 10

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan10, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

 

Switch(config-if)#ip address 192.168.10.2 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan20, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

 

Switch(config-if)#ip address 192.168.20.2 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 30

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan30, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up

 

Switch(config-if)#ip address 192.168.30.2 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

步骤8:在三层交换机的路由端口,Ra和Rb及模拟Internet的路由上配置接口IP地址 两台三层交换机(上面)和路由器 其中两台三层交换机

左边

Switch(config)#int fa0/24

Switch(config-if)#no switchport

Switch(config-if)#ip address 10.1.1.2 255.255.255.0

Switch(config-if)#no shutdown

右边

Switch(config)#int fa0/24

Switch(config-if)#no switchport

Switch(config-if)#ip address 20.2.2.2 255.255.255.0

Switch(config-if)#no shutdown

Ra路由器

Router(config)#int fa0/0

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Router(config-if)#clock rate 64000

Router(config)#interface FastEthernet1/0

Router(config-if)#ip address 20.2.2.1 255.255.255.0

Router(config-if)#no shutdown

 

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up

Router(config)#interface Serial2/0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#no shutdown

 

Rb路由器

Router>enable

Router#

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface Serial2/0

Router(config-if)#ip address 192.168.1.2 255.255.255.0

Router(config-if)#ip address 192.168.1.2 255.255.255.0

Router(config-if)#clock rate 64000

This command applies only to DCE interfaces

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface Serial2/0, changed state to up

 

Router(config-if)#exit

Router(config)#interface FastEthernet0/0

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

ip address 201.10.8.1 255.255.255.0

Router(config-if)#ip address 201.10.8.1 255.255.255.0

Router(config-if)#no shutdown

 

Rs路由器

Router>enable

Router#

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

 

Router(config-if)#interface loopback 0

 

Router(config-if)#

%LINK-5-CHANGED: Interface Loopback0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

 

Router(config-if)#ip address 201.1.1.1 255.255.255.0

Router(config-if)#no shutdown

 

步骤9:在Ra和Rb上配置广域网链路,启用PPP协议和配置PAP认证 两台路由器

Ra路由器

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

 

Router(config-if)#ppp pap sent-username Ra password 0 123

Router(config-if)#exit

 

Rb路由器

Router(config)#username Ra password 0 123

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

 

Router(config-if)#ppp authentication pap

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

 

Router(config-if)#exit

步骤10:运用RIPv2路由协议,在企业内网实现全网路由互通,用静态路由实现企业内网到互联网的访问 两台三层交换机(上面)和两台路由器

左边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 10.1.1.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

 

右边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 20.2.2.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 20.2.2.1

 

Ra

Router(config)#route rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#network 10.1.1.0

Router(config-router)#network 20.2.2.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

 

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

 

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

 

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 10.0.0.0/8 [120/7] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 10.1.1.0/24 is directly connected, FastEthernet0/0

20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 20.0.0.0/8 [120/6] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 20.2.2.0/24 is directly connected, FastEthernet1/0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, Serial2/0

C 192.168.1.2/32 is directly connected, Serial2/0

R 192.168.10.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

[120/1] via 20.2.2.2, 00:00:03, FastEthernet1/0

R 192.168.20.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

--More--

 

 

Rb

Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 201.10.8.2

 

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

 

Gateway of last resort is 201.10.8.2 to network 0.0.0.0

 

192.168.1.0/32 is subnetted, 1 subnets

C 192.168.1.1 is directly connected, Serial2/0

C 201.10.8.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 201.10.8.2

 

步骤11:在路由器Rb上做NAT实现内网对外网的访问,可用的公网地址包括201.10.8.3/24—201.10.8.10/24 一台路由器Rb

Rb

Router(config)#interface Serial2/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#

Router(config-if)#exit

Router(config)#interface FastEthernet0/0

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.20.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.30.0 0.0.0.255

Router(config)#ip nat pool internet 201.10.8.3 201.10.8.10 netmask 255.255.255.0

Router(config)#ip nat inside source list 1 pool internet

Router(config)#exit

 

步骤12:为了控制内网对互联网的访问,在路由器Rb上做访问控制列表 一台路由器

Rb

Router(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 any

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 21

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 20

Router(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 any

Router(config)#access-list 101 deny tcp 192.168.30.0 0.0.0.255 any

Router(config)#access-list 101 permit ip any any

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#ip access-group 101 in

Router(config-if)#exit

 

Router#show access-lists

Standard IP access list 1

10 permit 192.168.10.0 0.0.0.255

20 permit 192.168.20.0 0.0.0.255

30 permit 192.168.30.0 0.0.0.255

Extended IP access list 101

10 deny ip 192.168.20.0 0.0.0.255 any

20 permit tcp 192.168.10.0 0.0.0.255 any eq www

30 permit tcp 192.168.30.0 0.0.0.255 any eq www

40 permit tcp 192.168.10.0 0.0.0.255 any eq ftp

50 permit tcp 192.168.10.0 0.0.0.255 any eq 20

60 deny tcp 192.168.10.0 0.0.0.255 any

70 deny tcp 192.168.30.0 0.0.0.255 any

80 permit ip any any

 

 

 

posted @ 2022-05-25 20:21  zrswheart  阅读(778)  评论(1编辑  收藏  举报