目录
一、实训目的 .................................................................................................................................2
二、实训步骤 .................................................................................................................................3
2.1配置与管理 .......................................................................................................................3 2.2网络互联部分设计 ...........................................................................................................3
三、实训要求 .................................................................................................................................4
四、实训项目及内容 .....................................................................................................................5
4.1 实验一:NAT+DHCP ......................................................................................................5 4.2 实验二:Vrrp ...............................................................................................................10 4.3 实验三:ACL ................................................................................................................12 4.4 实验四:小综合 ..........................................................................................................15 4.5 实验五:NAT ...............................................................................................................22 4.6 实验六:OSPF .............................................................................................................25 4.7 实验七:综合实验 .....................................................................................................27
五、总结及体会 ...........................................................................................................................34 参考资料 .......................................................................................................................................36
1
一、实训目的
通过本次实训,进一步熟悉并掌握网络的基本概念,提高基本操作技能。用现有的设备完成一个真实网络的设计与实现, 并进行网络安全规划。通过理论研究与分析,理解网络组建方法及步骤。通过实际小型局域网理论设计,掌握网络技术在实际应用中的使用方法,加深对网络技术的理解。通过实际应用锻炼动手能力和思维能力。培养学生系统、完整、具体地解决实际问题的职业综合能力,具备收集信息、制定计划、实施计划和自我评价的能力,锻炼团队工作的能力,学生经历综合实训完整的工作过程,学会网络拓扑图的绘制、用网络设备组建和管理网络的核心能力和关键能力。
2
二、实训步骤
2.1配置与管理
网络设计,网络分析,Windows操作系统基本配置,Windows系统管理,Windows下常用服务器的配置与管理,Windows下安全工具的综合应用。
2.2网络互联部分设计
根据实际情况自行设计网络拓扑结构,要求在设计中对二层、三层交换机的设计合理,并对网络中的路由做出合理的部署。
实训内容知识点和操作要点: 设计过程中要求有以下的知识要点: 高级VLAN技术应用 VLAN间路由技术 STP技术应用 ACL基础及高级应用
路由设计(静态、RIP、OSPF综合) 广域网技术(PPP)
3
三、实训要求
根据用户需求进行网络设计,熟练进行Windows操作系统的安装与基本配置,掌握Windows系统管理基本方法,掌握Windows下常用服务器的配置与管理方法,熟练应用Windows下的安全工具。
四、实训项目及内容
4.1 实验一:NAT+DHCP
图4-1
在RT2s0/1/0接口配置NAT使Pc1和RT1都可登录PC3,在RT2和RT4之间创建隧道PC1可以和PC2通信,RT2开启DHCP功能设置IP10.0.0.0网段,子网掩码255.255.255.0,RT1可以自动获取IP RT1 sys System View: return to User View with Ctrl+Z.[RT1]int g0/0/0 [RT1-GigabitEthernet0/0/0]ipaddhcp-alloc [RT1-GigabitEthernet0/0/0]disipint brief *down: administratively down (s): spoofing Interface Physical Protocol IP Addre Description GigabitEthernet0/0/0 up up 10.0.0.1
5
10.0.0.1
GigabitEt...GigabitEthernet0/0/1 down down unaigned GigabitEt...GigabitEthernet0/0/2 down down unaigned GigabitEt...GigabitEthernet0/0/3 down down unaigned GigabitEt...Serial0/1/0 down down unaigned Serial0/1...Serial0/1/1 down down unaigned Serial0/1...Serial0/1/2 down down unaigned Serial0/1...Serial0/1/3 down down unaigned Serial0/1...[RT1]ping 8.8.8.8 PING 8.8.8.8: 56 data bytes, pre CTRL_C to break Request time out Reply from 8.8.8.8: bytes=56 Sequence=2 ttl=62 time=9 ms Reply from 8.8.8.8: bytes=56 Sequence=3 ttl=62 time=26 ms Reply from 8.8.8.8: bytes=56 Sequence=4 ttl=62 time=4 ms Reply from 8.8.8.8: bytes=56 Sequence=5 ttl=62 time=4 ms RT2 sys [RT2]int g0/0/1 [RT2-GigabitEthernet0/0/1]ip ad 192.168.0.254 24 [RT2-GigabitEthernet0/0/1]qu [RT2]int g0/0/0 [RT2-GigabitEthernet0/0/0]ip ad 10.0.0.254 24 [RT2-GigabitEthernet0/0/0]int s0/1/0 [RT2-Serial0/1/0]ip ad 12.12.12.1 24 [RT2-Serial0/1/0]qu
[RT2]dhcp enable DHCP is enabled succefully! [RT2]dhcp server ip-pool 1 [RT2-dhcp-pool-1]network 10.0.0.0 mask 255.255.255.0 [RT2-dhcp-pool-1]gateway-list 10.0.0.254 [RT2-dhcp-pool-1]expired day 1 [RT2-dhcp-pool-1]qu [RT2]ip route-static 0.0.0.0 0 12.12.12.2 [RT2]ping 23.23.23.2 PING 23.23.23.2: 56 data bytes, pre CTRL_C to break Reply from 23.23.23.2: bytes=56 Sequence=1 ttl=254 time=25 ms Reply from 23.23.23.2: bytes=56 Sequence=2 ttl=254 time=5 ms Reply from 23.23.23.2: bytes=56 Sequence=3 ttl=254 time=5 ms Reply from 23.23.23.2: bytes=56 Sequence=4 ttl=254 time=4 ms Request time out --- 23.23.23.2 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet lo round-trip min/avg/max = 4/9/25 ms [RT2]int Tunnel 1 [RT2-Tunnel1]source 12.12.12.1 [RT2-Tunnel1]destination 23.23.23.2 [RT2-Tunnel1] %Dec 1 21:59:30:213 2015 RT2 IFNET/3/LINK_UPDOWN: Tunnel1 link status is UP.%Dec 1 21:59:30:213 2015 RT2 IFNET/5/LINEPROTO_UPDOWN: Line protocol on the interface Tunnel1 is UP.[RT2-Tunnel1]ip ad 20.0.0.1 24 [RT2-Tunnel1]qu [RT2]ip route-static 192.168.1.0 24 Tunnel 1 [RT2]acl number 2000 [RT2-acl-basic-2000]rule 1 permit s 192.168.0.0 0.0.0.255
7
[RT2-acl-basic-2000]rule 2 permit s 10.0.0.0 0.0.0.255 [RT2-acl-basic-2000]qu [RT2]int s0/1/0 [RT2-Serial0/1/0]nat outbound 2000 [RT2-Serial0/1/0]qu [RT2]disnat seion There are currently 5 NAT seions: Protocol GlobalAddr PortInsideAddr Port DestAddr Port ICMP 12.12.12.1 12288 192.168.0.1 37035 8.8.8.8 37035 status:11 TTL:00:00:10 Left:00:00:01 VPN:--- ICMP 12.12.12.1 12292 192.168.0.1 38059 8.8.8.8 38059 status:11 TTL:00:00:10 Left:00:00:06 VPN:--- ICMP 12.12.12.1 12289 192.168.0.1 37291 8.8.8.8 37291 status:11 TTL:00:00:10 Left:00:00:02 VPN:--- ICMP 12.12.12.1 12290 192.168.0.1 37547 8.8.8.8 37547 status:11 TTL:00:00:10 Left:00:00:03 VPN:--- ICMP 12.12.12.1 12291 192.168.0.1 37803 8.8.8.8 37803 status:11 TTL:00:00:10 Left:00:00:05 VPN:--- RT3 sys [RT3]int s0/1/0 [RT3-Serial0/1/0]ip ad 12.12.12.2 24 [RT3-Serial0/1/0] %Dec 1 21:50:56:505 2015 RT3 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[RT3-Serial0/1/0]qu [RT3]int s0/1/1 [RT3-Serial0/1/1]ip ad 23.23.23.1 24 [RT3-Serial0/1/1]int g0/0/0 [RT3-GigabitEthernet0/0/0]ip ad 8.8.8.254 24 [RT3-GigabitEthernet0/0/0] %Dec 1 21:53:15:096 2015 RT3 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on
8
the interface Serial0/1/1 is UP.RT4 sys System View: return to User View with Ctrl+Z.[RT4]int s0/1/1 [RT4-Serial0/1/1]ip ad 23.23.23.2 24 [RT4-Serial0/1/1] %Dec 1 21:53:15:161 2015 RT4 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/1 is UP.[RT4-Serial0/1/1]int g0/0/0 [RT4-GigabitEthernet0/0/0]ip ad 192.168.1.254 24 [RT4-GigabitEthernet0/0/0]qu [RT4]ip route-static 0.0.0.0 0 23.23.23.1 [RT4]int Tunnel 1 [RT4-Tunnel1]source 23.23.23.2 [RT4-Tunnel1]destination 12.12.12.1 [RT4-Tunnel1] %Dec 1 22:00:32:635 2015 RT4 IFNET/3/LINK_UPDOWN: Tunnel1 link status is UP.%Dec 1 22:00:32:635 2015 RT4 IFNET/5/LINEPROTO_UPDOWN: Line protocol on the interface Tunnel1 is UP.[RT4-Tunnel1]ip ad 20.0.0.2 24 [RT4-Tunnel1]qu [RT4]ip route-static 192.168.0.0 24 Tunnel 1
9
4.2 实验二:Vrrp
图4-2 RT1 interface GigabitEthernet0/0/0 port link-mode route ip addre 192.168.1.252 24 vrrpvrid 1 virtual-ip 192.168.1.254 vrrpvrid 1 priority 120 rip 1 undo summary version 2 network 10.0.0.0 network 192.168.1.0 interface s0/1/0 ip addre 10.1.1.1 24 RT2
interface GigabitEthernet0/0/0 port link-mode route ip addre 192.168.1.253 24 vrrpvrid 1 virtual-ip 192.168.1.254 rip 1 undo summary version 2 network 20.1.1.0 network 192.168.1.0 interface s0/1/1 ip addre 20.1.1.2 24 RT3 interface Serial0/1/0 link-protocolppp ip addre 10.1.1.3 255.255.255.0 interface Serial0/1/1 link-protocolppp ip addre 20.1.1.3 255.255.255.0 interface LoopBack0 ip addre 1.1.1.1 255.255.255.255 rip 1 undo summary version 2 network 0.0.0.0
11
4.3 实验三:ACL
图4-3 需求:R1可以ping通R2,不可以telnet R2,R3可以ping通R2,可以telnet R2 RT1 sys System View: return to User View with Ctrl+Z.[RT1]int s0/1/0 [RT1-Serial0/1/0]ip ad 1.1.1.1 24 [RT1-Serial0/1/0] %Dec 2 18:51:58:891 2015 RT1 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[RT1-Serial0/1/0]qu [RT1]ping 2.2.2.1 PING 2.2.2.1: 56 data bytes, pre CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 2.2.2.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet lo RT2 sys System View: return to User View with Ctrl+Z.
12
[RT2]int s0/1/0 [RT2-Serial0/1/0]ip ad 1.1.1.2 24 [RT2-Serial0/1/0] %Dec 2 18:51:58:297 2015 RT2 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[RT2-Serial0/1/0]int s0/1/1 [RT2-Serial0/1/1]ip ad 2.2.2.1 24 [RT2-Serial0/1/1]qu [RT2]tel [RT2]telnet server enable % Start Telnet server [RT2]user-interface vty 0 [RT2-ui-vty0]authentication-mode none [RT2-ui-vty0]user privilege level 3 [RT2]firewall enable [RT2]acl number 3000 [RT2-acl-adv-3000]rule 1 deny tcp source 1.1.1.1 0 destination-port eq telnet [RT2-acl-adv-3000]qu [RT2]int s0/1/0 [RT2-Serial0/1/0]firewall packet-filter 3000 inbound [RT2-Serial0/1/0]qu RT3 sys System View: return to User View with Ctrl+Z.[RT3]int s0/1/1 [RT3-Serial0/1/1]ip ad 2.2.2.2 24 [RT3-Serial0/1/1] %Dec 2 18:52:43:515 2015 RT3 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/1 is UP.[RT3-Serial0/1/1]qu [RT3]ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, pre CTRL_C to break
13
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=4 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms Request time out Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 2.2.2.2 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet lo round-trip min/avg/max = 1/1/4 ms [RT3] telnet 2.2.2.1 Trying 2.2.2.1 ... quit
14
4.4 实验四:小综合
图4-4 需求:PC1和PC2是A部,PC3是B部;PC1和PC2可以通信,但不能和PC3通信。PC
1、PC
2、PC3都可以访问网关10.0.0.254.要求10网段主机使用静态路由访问20网段;使用动态路由访问30网段。RT2开启telnet功能,RT1使用密码模式登陆。
SW1 sys System View: return to User View with Ctrl+Z.[SW1]vlan 10 [SW1-vlan10]port e0/4/0 [SW1-vlan10]port e0/4/1 [SW1-vlan10]vlan 20 [SW1-vlan20]port e0/4/2 [SW1-vlan20]vlan 30 [SW1-vlan30]qu [SW1]int e0/4/0 [SW1-Ethernet0/4/0]port link-type hybrid [SW1-Ethernet0/4/0]port hybrid vlan 10 30 untagged Please wait...Done.
15
[SW1-Ethernet0/4/0]qu [SW1]int e0/4/1 [SW1-Ethernet0/4/1]port link-type hybrid [SW1-Ethernet0/4/1]port hybrid vlan 10 30 untagged Please wait...Done.[SW1-Ethernet0/4/1]qu [SW1]int e0/4/2 [SW1-Ethernet0/4/2]port link-type hybrid [SW1-Ethernet0/4/2]port hybrid vlan 20 30 untagged Please wait...Done.[SW1-Ethernet0/4/2]qu [SW1]int e0/4/3 [SW1-Ethernet0/4/3]port link-type trunk [SW1-Ethernet0/4/3]port trunk permit vlan 10 20 30 Please wait...Done.SW2 sys System View: return to User View with Ctrl+Z.[SW2]vlan 10 [SW2-vlan10]vlan 20 [SW2-vlan20]vlan 30 [SW2-vlan30]qu [SW2]int e0/4/3 [SW2-Ethernet0/4/3]port link-type trunk [SW2-Ethernet0/4/3]port trunk permit vlan 10 20 30 Please wait...Done.[SW2-Ethernet0/4/3]qu [SW2]vlan 30 [SW2-vlan30]port e0/4/4 [SW2-vlan30]qu [SW2]int e0/4/4 [SW2-Ethernet0/4/4]port link-type hybrid
16
[SW2-Ethernet0/4/4]port hybrid vlan 10 20 30 untagged Please wait...Done.[SW2-Ethernet0/4/4]qu [SW2] RT1 sys System View: return to User View with Ctrl+Z.[RT1]int g0/0/0 [RT1-GigabitEthernet0/0/0]ip ad 10.0.0.254 24 [RT1-GigabitEthernet0/0/0]qu [RT1]int s0/1/0 [RT1-Serial0/1/0]ip addre 12.12.12.1 24 [RT1-Serial0/1/0]int s0/1/1 [RT1-Serial0/1/1]ip addre 13.13.13.1 24 [RT1-Serial0/1/1] %Dec 2 21:12:28:984 2015 RT1 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[RT1-Serial0/1/1] %Dec 2 21:15:33:390 2015 RT1 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/1 is UP.[RT1-Serial0/1/1]displayip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/24 Direct 0 0 10.0.0.254 GE0/0/0 10.0.0.254/32 Direct 0 0 127.0.0.1 InLoop0 12.12.12.0/24 Direct 0 0 12.12.12.1 S0/1/0 12.12.12.1/32 Direct 0 0 127.0.0.1 InLoop0 12.12.12.2/32 Direct 0 0 12.12.12.2 S0/1/0 13.13.13.0/24 Direct 0 0 13.13.13.1 S0/1/1 13.13.13.1/32 Direct 0 0 127.0.0.1 InLoop0 13.13.13.2/32 Direct 0 0 13.13.13.2 S0/1/1
17
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 [RT1-Serial0/1/1]qu [RT1]ip route-static 20.0.0.0 24 12.12.12.2 [RT1]displayip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/24 Direct 0 0 10.0.0.254 GE0/0/0 10.0.0.254/32 Direct 0 0 127.0.0.1 InLoop0 12.12.12.0/24 Direct 0 0 12.12.12.1 S0/1/0 12.12.12.1/32 Direct 0 0 127.0.0.1 InLoop0 12.12.12.2/32 Direct 0 0 12.12.12.2 S0/1/0 13.13.13.0/24 Direct 0 0 13.13.13.1 S0/1/1 13.13.13.1/32 Direct 0 0 127.0.0.1 InLoop0 13.13.13.2/32 Direct 0 0 13.13.13.2 S0/1/1 20.0.0.0/24 Static 60 0 12.12.12.2 S0/1/0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 [RT1]rip [RT1-rip-1]v 2 [RT1-rip-1]u s [RT1-rip-1]network 10.0.0.0 [RT1-rip-1]network 13.13.13.1 telnet 12.12.12.1 Trying 12.12.12.1 ...Pre CTRL+K to abort Failed to connect to the remote host! telnet 12.12.12.2 Trying 12.12.12.2 ...Pre CTRL+K to abort Paword:
18
RT2 sys System View: return to User View with Ctrl+Z.[RT2]int s0/1/0 [RT2-Serial0/1/0]ip addre 12.12.12.2 24 [RT2-Serial0/1/0] %Dec 2 21:12:29:391 2015 RT2 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[RT2-Serial0/1/0]qu [RT2]int g0/0/0 [RT2-GigabitEthernet0/0/0]ip ad 20.0.0.254 24 [RT2-GigabitEthernet0/0/0]qu [RT2]ping 20.0.0.1 PING 20.0.0.1: 56 data bytes, pre CTRL_C to break Request time out Reply from 20.0.0.1: bytes=56 Sequence=2 ttl=64 time=5 ms Reply from 20.0.0.1: bytes=56 Sequence=3 ttl=64 time=4 ms Request time out Reply from 20.0.0.1: bytes=56 Sequence=5 ttl=64 time=4 ms --- 20.0.0.1 ping statistics --- 5 packet(s) transmitted 3 packet(s) received 40.00% packet lo round-trip min/avg/max = 4/4/5 ms [RT2]ip route-static 10.0.0.0 24 12.12.12.1 [RT2]displayip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/24 Static 60 0 12.12.12.1 S0/1/0 12.12.12.0/24 Direct 0 0 12.12.12.2 S0/1/0 12.12.12.1/32 Direct 0 0 12.12.12.1 S0/1/0
19
12.12.12.2/32 Direct 0 0 127.0.0.1 InLoop0 20.0.0.0/24 Direct 0 0 20.0.0.254 GE0/0/0 20.0.0.254/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 [RT2]telnet server enable % Start Telnet server [RT2]user-interface vty 0 [RT2-ui-vty0]authentication-mode paword [RT2-ui-vty0]set authentication paword simple 123 [RT2-ui-vty0]user privilege level 3 [RT2-ui-vty0] #Dec 2 21:32:35:782 2015 RT2 SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1: login from VTY %Dec 2 21:32:35:782 2015 RT2 SHELL/5/SHELL_LOGIN: VTY logged in from 12.12.12.1.RT3 sys System View: return to User View with Ctrl+Z.[RT3]int s0/1/1 [RT3-Serial0/1/1]ip addre 13.13.13.2 24 [RT3-Serial0/1/1] %Dec 2 21:15:33:312 2015 RT3 IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/1 is UP.[RT3-Serial0/1/1]qu [RT3]int g0/0/0 [RT3-GigabitEthernet0/0/0]ip addre 30.0.0.254 24 [RT3-GigabitEthernet0/0/0]qu [RT3]ping 30.0.0.1 PING 30.0.0.1: 56 data bytes, pre CTRL_C to break Reply from 30.0.0.1: bytes=56 Sequence=1 ttl=64 time=26 ms Reply from 30.0.0.1: bytes=56 Sequence=2 ttl=64 time=1 ms
20
Reply from 30.0.0.1: bytes=56 Sequence=3 ttl=64 time=4 ms Reply from 30.0.0.1: bytes=56 Sequence=4 ttl=64 time=16 ms Reply from 30.0.0.1: bytes=56 Sequence=5 ttl=64 time=26 ms --- 30.0.0.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lo round-trip min/avg/max = 1/14/26 ms [RT3]rip [RT3-rip-1]v 2 [RT3-rip-1]u s [RT3-rip-1]network 13.13.13.3 [RT3-rip-1]network 30.30.30.0
21
4.5 实验五:NAT
图4-5
NAT网络地址转换Easy Ip R1开启Telnet功能R3登录R1 RT1 sys System View: return to User View with Ctrl+Z.[RT1]sysname pc [pc]int g0/0/0 [pc-GigabitEthernet0/0/0]ip addre 192.168.0.1 24 [pc]ip route-static 0.0.0.0 0 192.168.0.254 [pc]telnet server enable % Start Telnet server [pc]user-interface vty 0 [pc-ui-vty0]authentication-mode none #Nov 30 20:33:27:264 2015 pc SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1: login from VTY %Nov 30 20:33:27:264 2015 pc SHELL/5/SHELL_LOGIN: VTY logged in from 202.100.0.2.[pc-ui-vty0]qu [pc]ping 202.100.0.2 PING 202.100.0.2: 56 data bytes, pre CTRL_C to break Reply from 202.100.0.2: bytes=56 Sequence=1 ttl=254 time=29 ms Reply from 202.100.0.2: bytes=56 Sequence=2 ttl=254 time=11 ms
22
Reply from 202.100.0.2: bytes=56 Sequence=3 ttl=254 time=4 ms Reply from 202.100.0.2: bytes=56 Sequence=4 ttl=254 time=25 ms Request time out --- 202.100.0.2 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet lo RT2 sys System View: return to User View with Ctrl+Z.[RT2]sysnamenat [nat]int g0/0/0 [nat-GigabitEthernet0/0/0]ip addre 192.168.0.254 24 [nat-GigabitEthernet0/0/0]qu [nat]int s0/1/0 [nat-Serial0/1/0]ip addre 202.100.0.1 24 %Nov 30 20:26:17:310 2015 nat IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[nat-Serial0/1/0]qu [nat]acl number 2000 [nat-acl-basic-2000]rule 1 permit source 192.168.0.0 0.0.0.255 [nat-acl-basic-2000]qu [nat]int s0/1/0 [nat-Serial0/1/0]nat outbound 2000 [nat-Serial0/1/0]qu [nat]int s0/1/0 [nat-Serial0/1/0]nat server protocol tcp global 202.100.0.10 inside 192.168.0.1 telnet RT3 sys System View: return to User View with Ctrl+Z.[RT3]sysnameisp
23
[isp]int s0/1/0 [isp-Serial0/1/0]ip addre 202.100.0.2 24 [isp-Serial0/1/0] %Nov 30 20:26:14:052 2015 isp IFNET/5/PROTOCOL_UPDOWN: Protocol PPP IPCP on the interface Serial0/1/0 is UP.[isp-Serial0/1/0] telnet 202.100.0.10
24
4.6 实验六:OSPF
图4-6 Pc1 ip 10.0.0.1 10.0.0.254 ,Pc2 ip 20.0.0.1 20.0.0.254 R1 system-view [RT1]interface g0/0/0 [RT1-GigabitEthernet0/0/0]ip addre 10.0.0.254 24 [RT1]interface s0/1/0 [RT1-Serial0/1/0]ip addre 12.12.12.1 24 [RT1]ospf [RT1-ospf-1]area 1 [RT1-ospf-1-area-0.0.0.1]network 10.0.0.0 0.0.0.255 [RT1-ospf-1-area-0.0.0.1]network 12.12.12.1 0.0.0.255 R2 system-view [RT2]interface s0/1/0 [RT2-Serial0/1/0]ip addre 12.12.12.2 24 [RT2]interface s0/1/1 [RT2-Serial0/1/1]ip addre 23.23.23.2 24
25
[RT2]ospf [RT2-ospf-1]area 1 [RT2-ospf-1-area-0.0.0.1]network 12.12.12.2 0.0.0.254 [RT2-ospf-1]area 0 [RT2-ospf-1-area-0.0.0.0]network 23.23.23.2 0.0.0.254 R3 system-view [RT3]int s0/1/1 [RT3-Serial0/1/1]ip addre 23.23.23.3 24 [RT3]int s0/1/2 [RT3-Serial0/1/2]ip addre 34.34.34.3 24 [RT3]ospf [RT3-ospf-1]area 0 [RT3-ospf-1-area-0.0.0.0]network 23.23.23.3 0.0.0.255 [RT3-ospf-1]area 2 [RT3-ospf-1-area-0.0.0.2]network 34.34.34.4 0.0.0.255 R4 system-view [RT4]interface s0/1/2 [RT4-Serial0/1/2]ip addre 34.34.34.4 24 [RT4-Serial0/1/2]int g0/0/0 [RT4-GigabitEthernet0/0/0]ip addre 20.0.0.254 24 [RT4]ospf [RT4-ospf-1]area 2 [RT4-ospf-1-area-0.0.0.2]network 0.0.0.0 0.0.0.0
26
4.7 实验七:综合实验
图4-7
需求:
1、IP地址如图所示
主机1与主机2都属于vlan 10中
其中R1--R2--R3为公网设备,服务器与R2相连地址为100.1.1.1/2,(合理的运用静态路由协议)
总部内部运行RIPv1协议互通
内网服务器采用DHCP自动获得IP地址的方式来进行IP分配 R1做NAT使得内网主机能够访问外网服务器
R3要求做NAT SERVER(NAT STATIC)使得(外网服务器)能够访问(内网服务器) 在R1与R3上搭建VPN隧道使内网所有主机直接能够访问(内网的服务器) SW1 sys System View: return to User View with Ctrl+Z.[SW1]vl 10 [SW1-vlan10]port e0/4/0 [SW1-vlan10]port e0/4/1 [SW1-vlan10]port e0/4/2
27
RT1 sys System View: return to User View with Ctrl+Z.[RT1]int g0/0/0 [RT1-GigabitEthernet0/0/0]ip add 172.16.1.1 24 [RT1-GigabitEthernet0/0/0]int s0/1/0 [RT1-Serial0/1/0]ip add 12.12.12.1 24 [RT1-GigabitEthernet0/0/0]qu [RT1]rip [RT1-rip-1]ve 2 [RT1-rip-1]un s [RT1-rip-1]net 172.16.1.0 [RT1-rip-1]qu [RT1]ip route-static 0.0.0.0 0 12.12.12.2 [RT1]acl number 2000 [RT1-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255 [RT1-acl-basic-2000]qu [RT1]int s0/1/0 [RT1-Serial0/1/0]nat outbound 2000 [RT1-Serial0/1/0]qu [RT1]disnat seion There are currently 2 NAT seions: Protocol GlobalAddr PortInsideAddr Port DestAddr Port ICMP 12.12.12.1 12292 192.168.10.1 49293 100.1.1.1 49293 status:11 TTL:00:00:10 Left:00:00:03 VPN:---
ICMP 12.12.12.1 12291 192.168.10.1 49037 100.1.1.1 49037 status:11 TTL:00:00:10 Left:00:00:01 VPN:--- [RT1]int t 0.[RT1-Tunnel0]source 12.12.12.1 [RT1-Tunnel0]destination 23.23.23.3 [RT1-Tunnel0]
28
%Dec 5 15:19:47:563 2015 RT1 IFNET/3/LINK_UPDOWN: Tunnel0 link status is UP.%Dec 5 15:19:47:563 2015 RT1 IFNET/5/LINEPROTO_UPDOWN: Line protocol on the interface Tunnel0 is UP.[RT1-Tunnel0]ip add 10.1.1.1 24 [RT1]ip route-static 192.168.20.0 24 Tunnel 0 RT2 sys System View: return to User View with Ctrl+Z.[RT2]int s0/1/0 [RT2-Serial0/1/0]ip add 12.12.12.2 24 [RT2-Serial0/1/0]int s0/1/1 [RT2-Serial0/1/1]ip add 23.23.23.2 24 [RT2-Serial0/1/1]int g0/0/0 [RT2-GigabitEthernet0/0/0]ip add 100.1.1.254 24 RT3 sys System View: return to User View with Ctrl+Z.[RT3]int s0/1/1 [RT3-Serial0/1/1]ip add 23.23.23.3 24 [RT3-Serial0/1/1]int g0/0/0 [RT3-GigabitEthernet0/0/0]ip add 192.168.20.254 24 [RT3-GigabitEthernet0/0/0]qu [RT3]dhcp enable DHCP is enabled succefully! [RT3]dhcp server ip-pool 1 [RT3-dhcp-pool-1]network 192.168.20.0 24 [RT3-dhcp-pool-1]gateway-list 192.168.20.254 [RT3-dhcp-pool-1]dns-list 8.8.8.8 [RT3-dhcp-pool-1]expired day 365 [RT3-dhcp-pool-1]qu [RT3]ip route-static 0.0.0.0 0 23.23.23.2 [RT3]int s0/1/1
29
[RT3-Serial0/1/1]nat server protocol icmp global 23.23.23.5 inside 192.168.20.1 [RT3]disnat server NAT server in private network information: There are currently 1 internal server(s) Interface: Serial0/1/1, Protocol: 1(icmp) Global: 23.23.23.5 : --- Local : 192.168.20.1 : --- [RT3]int t 0 [RT3-Tunnel0]source 23.23.23.3 [RT3-Tunnel0]destination 12.12.12.1 [RT3-Tunnel0] %Dec 5 15:21:39:563 2015 RT3 IFNET/3/LINK_UPDOWN: Tunnel0 link status is UP.%Dec 5 15:21:39:563 2015 RT3 IFNET/5/LINEPROTO_UPDOWN: Line protocol on the interface Tunnel0 is UP.[RT3-Tunnel0]ip add 10.1.1.2 24 [RT3]ip route-static 192.168.10.0 24 Tunnel 0 RT4 sys System View: return to User View with Ctrl+Z.[RT4]int g0/0/0 [RT4-GigabitEthernet0/0/0]ip add 192.168.10.254 24 [RT4-GigabitEthernet0/0/0]int g0/0/1 [RT4-GigabitEthernet0/0/1]ip add 172.16.1.4 24 [RT4-GigabitEthernet0/0/1]qu [RT4]rip [RT4-rip-1]ve 2 [RT4-rip-1]un s [RT4-rip-1]net 192.168.10.0 [RT4-rip-1]net 172.16.1.0 [RT4-rip-1]qu [RT4]ip route-static 0.0.0.0 0 172.16.1.1
30
RT5 sys System View: return to User View with Ctrl+Z.[RT5]int g0/0/0 [RT5-GigabitEthernet0/0/0]ip addre dhcp-alloc [RT5-GigabitEthernet0/0/0]disipint brief *down: administratively down (s): spoofing Interface Physical Protocol IP Addre Description GigabitEthernet0/0/0 up up 192.168.20.1 GigabitEt...GigabitEthernet0/0/1 down down unaigned GigabitEt...GigabitEthernet0/0/2 down down unaigned GigabitEt...GigabitEthernet0/0/3 down down unaigned GigabitEt...Serial0/1/0 down down unaigned Serial0/1...Serial0/1/1 down down unaigned Serial0/1...Serial0/1/2 down down unaigned Serial0/1...Serial0/1/3 down down unaigned Serial0/1...[RT5]ping 192.168.10.1 PING 192.168.10.1: 56 data bytes, pre CTRL_C to break Reply from 192.168.10.1: bytes=56 Sequence=1 ttl=61 time=70 ms Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=61 time=39 ms Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=61 time=25 ms Reply from 192.168.10.1: bytes=56 Sequence=4 ttl=61 time=34 ms Reply from 192.168.10.1: bytes=56 Sequence=5 ttl=61 time=40 ms
31
--- 192.168.10.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet lo round-trip min/avg/max = 25/41/70 ms
实训内容:VLAN接口类型:trunk、hybrid和acce (1)trunk:port link-type trunk Port trunk permit vlan 10 20 (2)hybrid: port link-type hybrid Port hybrid vlan 10 20 30 untagged 静态路由及动态路由(rip)配置
静态路由:ip route-static 目标地址 目标掩码 下一跳 动态路由:RIP:rip version 2 undo summary network 10.0.0.1 RIP有限制,最大数为15。 划分VLAN 先创建不同VLAN,再将接口划分到所需求的VLAN中,即:[vlan10]port e0/4/0 telnet远程登录
要求:保证IP可达;开启telnet功能;设置登陆方式(无验证、密码验证、用户名+密码验证)
telnet server enable user-interface vty 0 4(最多允许5个人登陆) authentication-mode none/paword/scheme(登陆方式) user privilege level 3 (权限:0 访问级/1监控级/2系统级/3管理级) OSPF动态路由协议
OSPF:无数量限制,引入区域(骨干区域0和非骨干区域)的概念;划分原则为骨干区域必须相连,非骨干区域必须和骨干区域直接相连。
[RT1]ospf area 1(区域号)
32
network 本网段 反掩码 V-LINK虚连接
是OSPF的特殊区域,是使非骨干区域变成骨干区域的延伸区域。 ospf area 1 vlink-pear 对端router-id ACL访问控制列表(包过滤防火墙) 包括NAT、QOS、路由策略 Firewall enable Acl number 2000~2999 (基本acl) 3000~3999 (高级acl) rule 1 deny/permit 协议(icmp—ping/tcp--telnet) source IP 通配符掩码 firewall packet-filter 2000 outbound/inbound(方向) NAT网络地址转换技术:基本NAT,NAPT,Easy IP,NAT Server 将私网地址转换为公网地址;出转源,入转目。
基本NAT:配置地址池(公网地址),弊端是若网络内主机过多,则地址池内IP数量不够。未实现节省IP地址。
nat addre-group 1 公网起始地址 结束地址 acl 配置命令
nat outbound 2000 addre-group 1 no-pat NAPT:基于端口的NAT转换;无 no-pat Easy IP:也是基于端口转换,但是可以用出接口的IP 作为转换后的地址 acl 命令
nat outbound 2000 NAT Server:公网的主机访问私网的Server,用静态方式添加映射列表 acl 命令
nat server 协议 global 全局地址 inside 私网地址 VPN隧道技术(GRE)
虚拟私人网络,建立一条虚拟隧道
要求:①在做隧道之前,先保证公网可达 ip router-static 0.0.0.0 0 下一跳 ②创建隧道
33
intface tunnel 1 (0~1023) source ip destination ip ③配ip地址
[RT1-tunnel1]ip addre 10.0.0.1 24 再配静态路由或rip路由
10、DHCP服务 自动分配IP地址
方法:①创建一个地址池 ②创建网关
因其设有租约期限和续租以及IP地址释放,因此不会发生分配冲突 dhcp enable dhcp server ip-pool 1 network 所分配的网段 掩码 gateway-list 网关 expird day 期限 (默认1天) ip addre dhcp-alloc
2、VRRP技术
虚拟路由冗余协议,即配一个虚拟网关,设置优先级(数越大级别越高),默认100 vrrpvrid 1 (1~255) virtual-ip 实际网关 vrrpvrid 1 priority 120 (设置优先级)
3、loopback地址
本地环回接口(或地址),亦称回送地址()。此类接口是应用最为广泛的一种虚接口,几乎在每台路由器上都会使用
intface loopback 0 ip addre 192.168.0.1 32 (掩码必须为32)
五、总结及体会
这一周的实训,我不仅巩固了学过的知识点,也学习到了很多新的知识。从刚开始的网络方案的设计到DNS和DHCP的配置,每一点都需要认真的策划与仔细的分析。实训的具体内容包括进行目的需求分析,制作网络拓扑图, 进行用户安全管理,安全策略的制
34
定,网络服务的配置,配置使用协议分析器进行协议结构分析。在这次实训当中难免会有难点和困难,但在老师和同学的帮助下,我都一一的克服并且顺利的完成了此次实训。这次实训让我认识到实践的重要性,今后还会更加努力,不仅学好书上的知识,也要在实践中获得真理
通过对设备的配置,达到了设计的需求,充分运用所学知识,实现了网站的构建与web发布以及其它设备的配置。本次任务我们从中学会了很多,通过同学之间的探讨、研究,知识上得到了巩固,加强了不足的方面,增强了团队合作能力,开拓了创新思维,本次实训将本学期所学知识联系起来,同时也包括以前所学的知识,不仅巩固了已学知识,也让我们掌握了一些新知识,丰富了我们的大脑。与此同时,使我们对已学的知识有了更深的印象最重要的是我们从中明白了一个道理,那就是“知识是基础,态度决定一切,团结就是力量”。日常维护工作要认真到位。制定合理的维护作业计划,对机房环境,供电电源,设备风扇及过滤网等定期巡检维护;同时充份利用华为设备强大的网管功能,通过对告警信息查询、性能数据查看、保护倒换检查、查询日志记录、各环境变量检查、网元时间检查、网管数据库的备份与转储等操作,对网上传输设备进行实时监控,这样才能及时发现隐患,提前处理,做好预防性维护,确保设备长期稳定地运行。
35
参考资料
[1]韩正波.《用VLAN构建小型网络的分析与设计》.武汉.软件导刊.2013 [2]张海琦.《校园网VLAN设计》.大庆师范学院学报.2012 [3]李树仁.《企业网络系统的设计与实施方案》.清华大学出版社.2014 [4]谢希仁.《计算机网络》.电子工业出版社.2012
[5]金刚善.《局域网组网案例精编》.中国水利水电出版社.2013 [6]吴功宜.《计算机网络》.清华大学出版社.2011 [7]张保通.《校园网设计方案》.清华大学出版社.2013 [8]冯登国.《网络安全原理与技术》.北京科学出版社.2011 [9]刘小辉.《网络硬件完全手册》.重庆大学出版社.2012 [10]张公忠.《现代网络技术教程.北京电子工业出版社.2013
36
