计网:实验三 综合性训练(搭建中小企业园区网)
实验三 综合性训练(搭建中小企业园区网)
一、实验目的:
1.通过对网络设备的连通和对拓扑的分析,加深对常见典型局域网拓扑的理解;
2.通过路由建立起网络之间的连接,了解网络路由的设计与配置;
3.进一步熟悉交换机、路由器的基本操作命令。
二、实验设备:
计算机、二层交换机、路由器、外网服务器
三、实验拓扑图:
四、实验过程:
步骤1:在4台交换机上创建vlan10/20/30,分别命名为yewubu,caiwubu,zonghebu 四台交换机:
Switch0
Switch>enable
Switch#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name yewubu
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name caiwubu
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#name zonghebu
Switch(config-vlan)#exit
(四台交换机代码相同)
步骤2:在交换机s2_01,s2_02(二层交换机)上分别将6-10端口,11-15端口,16-20端口分别划分到vlan10,20,30中 两台二层交换机(下面)//这里可以只将连接主机的端口分配给相应的vlan即可【可以使用2960(有24个端口)】
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int range fa0/6-10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#int range fa0/11-15
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#int range fa0/16-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#exit
Switch(config)#
(两台交换机代码相同)
步骤3:把s2_01,s2_02连s3_01,s3_02的端口设置都为Trunk模式(8个端口) 四台交换机
Switch(config)#
Switch(config)#interface FastEthernet0/1
Switch(config-if)#
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Switch(config-if)#exit
Switch(config)#interface FastEthernet0/2
Switch(config-if)#
Switch(config-if)#switchport mode trunk
步骤4:将两台三层交换机之间的fa0/3,fa0/4端口配置为聚合端口 两台三层交换机(上面)
Switch(config)#int range fa0/1-2
Switch(config-if-range)#channel-group 1 mode on
Switch(config-if-range)#
Creating a port-channel interface Port-channel 1
%LINK-5-CHANGED: Interface Port-channel1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
Switch(config-if-range)#exit
Switch(config)#int port-channel 1
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Switch(config-if)#exit
Show vlan
步骤5:在四台交换机上配置RSTP,指定s3_01和s3-02分别为根网桥和备份网桥(生成树协议) 四台交换机
其中两台二层交换机:
spanning-tree mode pvst
剩余的两台三层交换机:
Switch(config)#spanning-tree mode pvst
Switch(config)#spanning-tree vlan 10,20,30 priority 16384
Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.9609.ECB3
Cost 9
Port 27(Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00E0.F726.8751
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg FWD 19 128.4 P2p
Po1 Root FWD 9 128.27 Shr
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 16394
Address 00E0.F726.8751
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 16394 (priority 16384 sys-id-ext 10)
Address 00E0.F726.8751
--More--
步骤6:在接入交换机的access链路上实现端口安全,最大连接数量为4个,当违例产生时,将关闭端口并发送一个Trap通知 两台二层交换机(下面)
Switch(config)#int range fa0/6-20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport port-security
Switch(config-if-range)#switchport port-security maximum 4
Switch(config-if-range)#switchport port-security violation shutdown
步骤7:在三层交换机上配置SVI实现vlan间的路由 两台三层交换机(上面)
左边
Switch(config-if)#int vlan 10
Switch(config-if)#ip address 192.168.10.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip address 192.168.20.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
Switch(config-if)#ip address 192.168.30.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
右边
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip address 192.168.10.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip address 192.168.20.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
Switch(config-if)#ip address 192.168.30.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
步骤8:在三层交换机的路由端口,Ra和Rb及模拟Internet的路由上配置接口IP地址 两台三层交换机(上面)和路由器 其中两台三层交换机
左边
Switch(config)#int fa0/24
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.1.1.2 255.255.255.0
Switch(config-if)#no shutdown
右边
Switch(config)#int fa0/24
Switch(config-if)#no switchport
Switch(config-if)#ip address 20.2.2.2 255.255.255.0
Switch(config-if)#no shutdown
Ra路由器
Router(config)#int fa0/0
Router(config-if)#ip address 10.1.1.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 20.2.2.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Router(config)#interface Serial2/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Rb路由器
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial2/0
Router(config-if)#ip address 192.168.1.2 255.255.255.0
Router(config-if)#ip address 192.168.1.2 255.255.255.0
Router(config-if)#clock rate 64000
This command applies only to DCE interfaces
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface Serial2/0, changed state to up
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
ip address 201.10.8.1 255.255.255.0
Router(config-if)#ip address 201.10.8.1 255.255.255.0
Router(config-if)#no shutdown
Rs路由器
Router>enable
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 201.10.8.2 255.255.255.0
Router(config-if)#ip address 201.10.8.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#interface loopback 0
Router(config-if)#
%LINK-5-CHANGED: Interface Loopback0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router(config-if)#ip address 201.1.1.1 255.255.255.0
Router(config-if)#no shutdown
步骤9:在Ra和Rb上配置广域网链路,启用PPP协议和配置PAP认证 两台路由器
Ra路由器
Router(config)#interface Serial2/0
Router(config-if)#encapsulation ppp
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down
Router(config-if)#ppp pap sent-username Ra password 0 123
Router(config-if)#exit
Rb路由器
Router(config)#username Ra password 0 123
Router(config)#Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#interface Serial2/0
Router(config-if)#encapsulation ppp
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up
Router(config-if)#ppp authentication pap
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down
Router(config-if)#exit
步骤10:运用RIPv2路由协议,在企业内网实现全网路由互通,用静态路由实现企业内网到互联网的访问 两台三层交换机(上面)和两台路由器
左边
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#network 10.1.1.0
Switch(config-router)#network 192.168.10.0
Switch(config-router)#network 192.168.20.0
Switch(config-router)#network 192.168.30.0
Switch(config-router)#exit
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1
右边
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#network 20.2.2.0
Switch(config-router)#network 192.168.10.0
Switch(config-router)#network 192.168.20.0
Switch(config-router)#network 192.168.30.0
Switch(config-router)#exit
Switch(config)#ip route 0.0.0.0 0.0.0.0 20.2.2.1
Ra
Router(config)#route rip
Router(config-router)#version 2
Router(config-router)#no auto-summary
Router(config-router)#network 192.168.1.0
Router(config-router)#network 10.1.1.0
Router(config-router)#network 20.2.2.0
Router(config-router)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R 10.0.0.0/8 [120/7] via 10.1.1.2, 00:00:03, FastEthernet0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R 20.0.0.0/8 [120/6] via 10.1.1.2, 00:00:03, FastEthernet0/0
C 20.2.2.0/24 is directly connected, FastEthernet1/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Serial2/0
C 192.168.1.2/32 is directly connected, Serial2/0
R 192.168.10.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0
[120/1] via 20.2.2.2, 00:00:03, FastEthernet1/0
R 192.168.20.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0
--More--
Rb
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#no auto-summary
Router(config-router)#network 192.168.1.0
Router(config-router)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 201.10.8.2
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 201.10.8.2 to network 0.0.0.0
192.168.1.0/32 is subnetted, 1 subnets
C 192.168.1.1 is directly connected, Serial2/0
C 201.10.8.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 201.10.8.2
步骤11:在路由器Rb上做NAT实现内网对外网的访问,可用的公网地址包括201.10.8.3/24—201.10.8.10/24 一台路由器Rb
Rb
Router(config)#interface Serial2/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#interface Serial2/0
Router(config-if)#
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.20.0 0.0.0.255
Router(config)#access-list 1 permit 192.168.30.0 0.0.0.255
Router(config)#ip nat pool internet 201.10.8.3 201.10.8.10 netmask 255.255.255.0
Router(config)#ip nat inside source list 1 pool internet
Router(config)#exit
步骤12:为了控制内网对互联网的访问,在路由器Rb上做访问控制列表 一台路由器
Rb
Router(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 any
Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 80
Router(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq 80
Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 21
Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 20
Router(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 any
Router(config)#access-list 101 deny tcp 192.168.30.0 0.0.0.255 any
Router(config)#access-list 101 permit ip any any
Router(config)#Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#interface Serial2/0
Router(config-if)#ip access-group 101 in
Router(config-if)#exit
Router#show access-lists
Standard IP access list 1
10 permit 192.168.10.0 0.0.0.255
20 permit 192.168.20.0 0.0.0.255
30 permit 192.168.30.0 0.0.0.255
Extended IP access list 101
10 deny ip 192.168.20.0 0.0.0.255 any
20 permit tcp 192.168.10.0 0.0.0.255 any eq www
30 permit tcp 192.168.30.0 0.0.0.255 any eq www
40 permit tcp 192.168.10.0 0.0.0.255 any eq ftp
50 permit tcp 192.168.10.0 0.0.0.255 any eq 20
60 deny tcp 192.168.10.0 0.0.0.255 any
70 deny tcp 192.168.30.0 0.0.0.255 any
80 permit ip any any