拓扑图
拓扑文件:
题干:
网络拓扑如图所示,网络由私网和公网构成,私网包括总部LAN和分公司LAN,请按以下要求完成配置。
1、按拓扑图标示要求设置各路由器主机名,特别地,总部交换机XYZ的主机名以自己姓名拼音第一字母命名,如刘德华即LDH(5分)
参考以下步骤,按照拓扑图标识分别配置各路由器、各交换机以及总部交换机的主机名。
命令格式:hostname 主机名
路由器:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R0
R0(config)#
交换机:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Sw1
Sw1(config)#
总部交换机:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname ZS
ZS(config)#2、图中已给出各网段的网络号及掩码,请据此静态配置路由器各接口IP及所有PC或服务器IP(分公司LAN的PC的IP地址除外)(5分)
配置R0:
R0>en
R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#int f0/0
R0(config-if)#ip add 192.168.1.9 255.255.255.252
R0(config-if)#no sh
R0(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R0(config-if)#int f0/1
R0(config-if)#ip add 192.168.1.1 255.255.255.252
R0(config-if)#no sh
R0(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R0(config-if)#int s0/0
R0(config-if)#ip add 1.1.1.1 255.255.255.252
R0(config-if)#no sh
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R0(config-if)#配置R1:
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.5 255.255.255.252
R1(config-if)#no sh
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R1(config-if)#int f0/1
R1(config-if)#ip add 192.168.1.2 255.255.255.252
R1(config-if)#no sh
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R1(config-if)#int f1/0
R1(config-if)#no sh
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R1(config-if)#配置R2:
R2>en
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.10 255.255.255.252
R2(config-if)#no sh
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#int f0/1
R2(config-if)#ip add 192.168.1.6 255.255.255.252
R2(config-if)#no sh
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R2(config-if)#int s0/0
R2(config-if)#ip add 172.16.1.1 255.255.255.252
R2(config-if)#no sh
%LINK-5-CHANGED: Interface Serial0/0, changed state to down
R2(config-if)#配置R3:
R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int f0/0
R3(config-if)#no sh
R3(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R3(config-if)#int s0/0
R3(config-if)#ip add 172.16.1.2 255.255.255.252
R3(config-if)#no sh
R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
R3(config-if)#配置R4:
R4>en
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#int f0/0
R4(config-if)#ip add 11.1.1.254 255.255.255.0
R4(config-if)#no sh
R4(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R4(config-if)#int s0/0
R4(config-if)#ip add 1.1.1.2 255.255.255.252
R4(config-if)#no sh
R4(config-if)#
%LINK-5-CHANGED: Interface Serial0/0, changed state to up
R4(config-if)#PC0配置:
PC1配置:
S0配置:
S1配置:
PC6配置:
S3配置:
3、在路由器R3上配置DHCP server,使得分公司LAN的PC的IP地址由DHCP server动态分配(10分)
命令格式:
排除地址:
ip dhcp excluded-address 需要排除的IP地址
创建一个地址池。
ip dhcp pool 地址池名称
以下为地址池参数命令:
设置地址池范围及网关。
network 子网地址(网段) 子网掩码
default-router 默认网关
配置R3:
R3(config)#ip dhcp pool VLAN10
R3(dhcp-config)#network 10.2.1.0 255.255.255.0
R3(dhcp-config)#default-router 10.2.1.254
R3(dhcp-config)#exit
R3(config)#ip dhcp pool VLAN20
R3(dhcp-config)#network 10.2.2.0 255.255.255.0
R3(dhcp-config)#default-router 10.2.2.254
R3(dhcp-config)#exit
R3(config)#ip dhcp excluded-address 10.2.1.254
R3(config)#ip dhcp excluded-address 10.2.2.2544、总部LAN划分成两个VLAN(VLAN10、VLAN20),完成相关配置使得VLAN之间互通(10分)
命令格式:
创建VLAN。
vlan VLAN ID
设置接口模式。
switchport mode 接口模式(access|trunk|dynamic)
接口划分VLAN。
switchport access vlan VLAN编号
配置Sw1:
Sw1>en
Sw1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#vlan 10
Sw1(config-vlan)#exit
Sw1(config)#int range f0/1-2
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 10
Sw1(config-if-range)#exit
Sw1(config)#配置Sw2:
Sw2>en
Sw2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Sw2(config)#vlan 20
Sw2(config-vlan)#exit
Sw2(config)#int range f0/1-2
Sw2(config-if-range)#switchport mode access
Sw2(config-if-range)#switchport access vlan 20
Sw2(config-if-range)#exit
Sw2(config)#配置总部交换机XYZ:
ZS>en
ZS#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ZS(config)#vlan 10
ZS(config-vlan)#vlan 20
ZS(config-vlan)#exit
ZS(config)#int f0/24
ZS(config-if)#switchport mode trunk
ZS(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
ZS(config-if)#配置R1:
命令格式:
允许VLAN数据通过。
encapsulation dot1Q VLAN ID
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int f1/0.10
R1(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet1/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0.10, changed state to up
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip add 10.1.1.254 255.255.255.0
R1(config-subif)#no sh
R1(config-subif)#int f1/0.20
R1(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet1/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0.20, changed state to up
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip add 10.1.2.254 255.255.255.0
R1(config-subif)#no sh
R1(config-subif)#exit
R1(config)#验证PC0与S0、S1的连通性。
5、两个分公司LAN分别划分两个VLAN(VLAN10、VLAN20),完成相关配置,使得VLAN之间互通(10分)
配置Sw3:
Sw3>en
Sw3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Sw3(config)#vlan 10
Sw3(config-vlan)#vlan 20
Sw3(config-vlan)#exit
Sw3(config)#int f0/1
Sw3(config-if)#switchport mode access
Sw3(config-if)#switchport access vlan 10
Sw3(config-if)#int f0/2
Sw3(config-if)#switchport mode access
Sw3(config-if)#sw access vlan 20
Sw3(config-if)#int ran f0/23-24
Sw3(config-if-range)#switchport mode trunk
Sw3(config-if-range)#exit
Sw3(config)#配置Switch0:
Switch0>en
Switch0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch0(config)#vlan 10
Switch0(config-vlan)#vlan 20
Switch0(config-vlan)#exit
Switch0(config)#int f0/1
Switch0(config-if)#switchport mode access
Switch0(config-if)#switchport access vlan 20
Switch0(config-if)#int f0/2
Switch0(config-if)#switchport mode access
Switch0(config-if)#switchport access vlan 10
Switch0(config-if)#int f0/24
Switch0(config-if)#switchport mode trunk
Switch0(config-if)#exit
Switch0(config)#配置R3:
R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int f0/0.10
R3(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state to up
R3(config-subif)#encapsulation dot1Q 10
R3(config-subif)#ip add 10.2.1.254 255.255.255.0
R3(config-subif)#no sh
R3(config-subif)#int f0/0.20
R3(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up
R3(config-subif)#encapsulation dot1Q 20
R3(config-subif)#ip add 10.2.2.254 255.255.255.0
R3(config-subif)#no sh
R3(config-subif)#exit
R3(config)#设置PC2、PC3、PC4、PC5为DHCP模式,成功获取IP地址。
测试子公司VLAN10与VLAN20的连通性:
6、在私网内配置OSPF协议,公网配置RIPv2协议,私网边界路由器R0下发默认路由到私网路由器(要求除边界路由器R0外,私网路由不能发布到公网路由器,公网路由不能发布到私网路由器)(20分)
配置R0:
R0>en
R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#router ospf 1
R0(config-router)#router-id 1.1.1.1
R0(config-router)#network 192.168.1.8 0.0.0.3 area 0
R0(config-router)#network 192.168.1.0 0.0.0.3 area 0
R0(config-router)#default-information originate
R0(config-router)#exit
R0(config)#ip route 0.0.0.0 0.0.0.0 s0/0
R0(config)#配置R1:
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#router-id 2.2.2.2
R1(config-router)#network 192.168.1.4 0.0.0.3 area 0
R1(config-router)#network 192.168.1.0 0.0.0.3 area 0
R1(config-router)#network 10.1.1.0 0.0.0.255 area 0
R1(config-router)#network 10.1.2.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#配置R2:
R2>en
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#router-id 3.3.3.3
R2(config-router)#network 192.168.1.4 0.0.0.3 area 0
R2(config-router)#network 192.168.1.8 0.0.0.3 area 0
R2(config-router)#network 172.16.1.0 0.0.0.3 area 0
R2(config-router)#exit
R2(config)#配置R3:
R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router ospf 1
R3(config-router)#router-id 4.4.4.4
R3(config-router)#network 172.16.1.0 0.0.0.3 area 0
R3(config-router)#network 10.2.1.0 0.0.0.255 area 0
R3(config-router)#network 10.2.2.0 0.0.0.255 area 0
R3(config-router)#exit
R3(config)#配置R4:
R4>en
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 1.1.1.0
R4(config-router)#network 11.1.1.0
R4(config-router)#exit
R4(config)#测试总部PC与分公司PC的连通性:
查看路由表:
R0#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 362 0x80000009 0x0071c8 4
1.1.1.1 1.1.1.1 356 0x80000005 0x00b4c4 2
3.3.3.3 3.3.3.3 274 0x80000006 0x00ff38 4
4.4.4.4 4.4.4.4 265 0x80000004 0x004a95 4
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.1.1 1.1.1.1 460 0x80000001 0x0079f3
192.168.1.5 2.2.2.2 362 0x80000001 0x0063f7
192.168.1.9 1.1.1.1 356 0x80000002 0x00f5fa
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 545 0x80000001 0x00fecf 1
R0#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
O 10.1.1.0 [110/2] via 192.168.1.2, 00:07:44, FastEthernet0/1
O 10.1.2.0 [110/2] via 192.168.1.2, 00:07:28, FastEthernet0/1
O 10.2.1.0 [110/66] via 192.168.1.10, 00:04:27, FastEthernet0/0
O 10.2.2.0 [110/66] via 192.168.1.10, 00:04:27, FastEthernet0/0
172.16.0.0/30 is subnetted, 1 subnets
O 172.16.1.0 [110/65] via 192.168.1.10, 00:05:50, FastEthernet0/0
192.168.1.0/30 is subnetted, 3 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
O 192.168.1.4 [110/2] via 192.168.1.10, 00:05:50, FastEthernet0/0
[110/2] via 192.168.1.2, 00:05:50, FastEthernet0/1
C 192.168.1.8 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Serial0/0
R0#7、在分公司的路由器和交换机上分别配置虚拟终端VTY,使得总部PC能够以密码认证方式远程Telnet登录到分公司路由器,以账号、密码方式远程Telnet登录到分公司交换机进行管理,登录密码均为自己学号、账号为自己姓名拼音(10分)
配置Sw3:
Sw3>en
Sw3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Sw3(config)#vlan 99
Sw3(config-vlan)#exit
Sw3(config)#int vlan 99
Sw3(config-if)#
%LINK-5-CHANGED: Interface Vlan99, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up
Sw3(config-if)#ip add 10.2.99.1 255.255.255.0
Sw3(config-if)#no sh
Sw3(config-if)#exit
Sw3(config)#user zhangsan privilege 15 password 88888888
Sw3(config)#line vty 04
Sw3(config-line)#login local
Sw3(config-line)#exit
Sw3(config)#配置Switch0:
Switch0>en
Switch0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch0(config)#vlan 99
Switch0(config-vlan)#exit
Switch0(config)#int vlan 99
Switch0(config-if)#
%LINK-5-CHANGED: Interface Vlan99, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up
Switch0(config-if)#ip add 10.2.99.2 255.255.255.0
Switch0(config-if)#no sh
Switch0(config-if)#exit
Switch0(config)#line vty 0 4
Switch0(config-line)#exit
Switch0(config)#user zhangsan privilege 15 password 88888888
Switch0(config)#line vty 0 4
Switch0(config-line)#login local
Switch0(config-line)#exit
Switch0(config)#配置R3:
R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int f0/0.99
R3(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.99, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.99, changed state to up
R3(config-subif)#encapsulation dot1Q 99
R3(config-subif)#ip add 10.2.99.254 255.255.255.0
R3(config-subif)#no sh
R3(config-subif)#ex
R3(config)#user zhangsan privilege 15 password 88888888
R3(config)#line vty 0 4
R3(config-line)#login local
R3(config-line)#exit
R3(config)#测试总部PC与R3的连通性,并通过Telnet远程连接R3。
连接上R3后,在其远程终端通过Telnet远程连接分公司的两台交换机。
8、在总部路由器R1上进行ACL包过滤配置,要求分公司VLAN10的PC只能访问总部服务器S0,VLAN20的PC只能以WEB方式访问S1,其它禁止(15分)
配置R1:
R1>en
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip access-list extended ACL1
R1(config-ext-nacl)#permit tcp 10.2.2.0 0.0.0.255 host 10.1.2.2 eq 80
R1(config-ext-nacl)#permit tcp 10.2.2.0 0.0.0.255 host 10.1.2.2 eq 443
R1(config-ext-nacl)#permit ip 10.2.1.0 0.0.0.255 host 10.1.2.1
R1(config-ext-nacl)#deny ip 10.2.2.0 0.0.0.255 any
R1(config-ext-nacl)#deny ip 10.2.1.0 0.0.0.255 any
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#exit
R1(config)#int ran f0/0-1
R1(config-if-range)#ip access-group ACL1 in
R1(config-if-range)#exit
R1(config)#查看ACL表:
R1#show ip access-lists
Extended IP access list ACL1
10 permit ip 10.2.1.0 0.0.0.255 host 10.1.2.1 (4 match(es))
20 permit tcp 10.2.2.0 0.0.0.255 host 10.1.2.2 eq www (5 match(es))
30 permit tcp 10.2.2.0 0.0.0.255 host 10.1.2.2 eq 443
40 deny ip 10.2.2.0 0.0.0.255 any (12 match(es))
50 deny ip 10.2.1.0 0.0.0.255 any (12 match(es))
60 permit ip any any (48 match(es))测试连通性,分公司VLAN10只能访问总部S0:
分公司VLAN20只能通过Web访问S1:
9、在私网与公网的边界路由器R0上进行PAT配置,使得总部用户可以访问公网,分公司都只有VLAN10的PC可以访问公网,PAT的转换公网地址是R0路由器连接公网的接口地址(15分)
配置R0:
R0>en
R0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R0(config)#ip access-list standard PAT
R0(config-std-nacl)#permit 10.1.0.0 0.0.255.255
R0(config-std-nacl)#permit 10.2.1.0 0.0.0.255
R0(config-std-nacl)#exit
R0(config)#ip nat inside source list PAT int s0/0 overload
R0(config)#int s0/0
R0(config-if)#ip nat outside
R0(config-if)#int ran f0/0-1
R0(config-if-range)#ip nat inside
R0(config-if-range)#exit
R0(config)#测试总部PC与公网的连通性:
测试分公司VLAN10 PC与公网的连通性:
测试分公司VLAN20 PC与公网的连通性:
查看NAT地址转换表:
R0#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 1.1.1.1:1024 10.2.1.2:38 11.1.1.1:38 11.1.1.1:1024
icmp 1.1.1.1:1025 10.2.1.2:39 11.1.1.1:39 11.1.1.1:1025
icmp 1.1.1.1:1026 10.2.1.2:40 11.1.1.1:40 11.1.1.1:1026
icmp 1.1.1.1:37 10.1.1.1:37 11.1.1.1:37 11.1.1.1:37
icmp 1.1.1.1:38 10.1.1.1:38 11.1.1.1:38 11.1.1.1:38
icmp 1.1.1.1:39 10.1.1.1:39 11.1.1.1:39 11.1.1.1:39
icmp 1.1.1.1:40 10.1.1.1:40 11.1.1.1:40 11.1.1.1:40
icmp 1.1.1.1:41 10.2.1.2:41 11.1.1.1:41 11.1.1.1:41
近期评论