企业级网络综合集成实践:VLAN、Trunk、STP、路由协议(OSPF/RIP)、PPP、服务管理(TELNET/FTP)与安全(ACL)

发布于:2025-07-18 ⋅ 阅读:(13) ⋅ 点赞:(0)

NE综合实验4

一、实验拓扑

在这里插入图片描述

二、实验需求
  1. 按照图示配置IP地址。
  2. Sw7和sw8之间的直连链路配置链路聚合。
  3. 公司内部业务网段为vlan10和vlan20,vlan10是市场部,vlan20是技术部,要求对vlan进行命名以便区分识别;pc10属于vlan10,pc11属于vlan20,其中vlan30,vlan40,vlan50,vlan60,vlan70,vlan80,vlan90,vlan100,vlan110用于交换机之间建立rip动态路由协议及互联vlan。
  4. 所有交换机相连的端口配置为trunk,允许相关流量通过。
  5. 交换机连接pc的端口配置为边缘端口。
  6. 将sw9选举为生成树的根网桥。
  7. 在sw9上配置dhcp服务,为vlan10和20的pc动态分配IP地址、网关和dns地址,要求vlan10的网关192.168.1.254,vlan20的网关是192.168.2.254,dns为114.114.114.114,期限为一天。
  8. 按照图示分区域配置ospf协议,环回口宣告进对应区域中。
  9. 按照图示区域配置rip协议,环回口宣告进对应区域中,业务网段不允许出现协议报文。
  10. 要求实现内网全网互通。
  11. R1和R2之间通过双线连接到互联网配置ppp-mp,并配置双向chap验证。
  12. 配置easy ip只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网。
  13. R12开启telent远程登录,只允许192.168.1.0/24登录访问。
  14. R13开启ftp服务,只允许192.168.2.0/24登录访问。
三、实验步骤

  1. 按照图示配置IP地址,略

  2. Sw7和sw8之间的直连链路配置链路聚合

    [SW7]int Bridge-Aggregation 1
[SW7-Bridge-Aggregation1]qu
[SW7]int range g1/0/3 to g1/0/5
[SW7-if-range]port link-aggregation group 1
[SW7-if-range]qu

    [SW8]int Bridge-Aggregation 1
[SW8-Bridge-Aggregation1]qu
[SW8]int range g1/0/3 to g1/0/5
[SW8-if-range]port link-aggregation group 1
[SW8-if-range]qu

  3. 公司内部业务网段vlan10是市场部,vlan20是技术部,pc10属于vlan10,pc11属于vlan20

    [SW9]vlan10
[SW9-vlan10]port g1/0/3
[SW9-vlan10]name shichangbu
[SW9-vlan10]vlan 20
[SW9-vlan20]port g1/0/4
[SW9-vlan20]name jishubu

  4. 给所有相连的交换机的端口配置为 trunk ,允许相关流量通过

    [SW6]int g1/0/3
[SW6-GigabitEthernet1/0/3]port link-type trunk 
[SW6-GigabitEthernet1/0/3]port trunk pvid vlan 50
[SW6-GigabitEthernet1/0/3]port trunk permit vlan all

[SW6-GigabitEthernet1/0/3]int g1/0/4
[SW6-GigabitEthernet1/0/4]port link-type trunk 
[SW6-GigabitEthernet1/0/4]port trunk pvid vlan 60
[SW6-GigabitEthernet1/0/4]port trunk permit vlan all
[SW6-GigabitEthernet1/0/4]qu

    [SW7]int g1/0/1
[SW7-GigabitEthernet1/0/1]port link-type trunk
[SW7-GigabitEthernet1/0/1]port trunk pvid vlan 50 
[SW7-GigabitEthernet1/0/1]port trunk permit vlan all

[SW7-GigabitEthernet1/0/1]int g1/0/2 
[SW7-GigabitEthernet1/0/2]port link-type trunk
[SW7-GigabitEthernet1/0/2]port trunk pvid vlan 30
[SW7-GigabitEthernet1/0/2]port trunk permit vlan all

[SW7-GigabitEthernet1/0/2]int br 1
[SW7-Bridge-Aggregation1]port link-type trunk
[SW7-Bridge-Aggregation1]port trunk pvid vlan 110 
[SW7-Bridge-Aggregation1]port trunk permit vlan all

    [SW8]int g1/0/1 
[SW8-GigabitEthernet1/0/1]port link-type trunk 
[SW8-GigabitEthernet1/0/1]port trunk pvid vlan 60
[SW8-GigabitEthernet1/0/1]port trunk permit vlan all

[SW8]int g1/0/2 
[SW8-GigabitEthernet1/0/2]port link-type trunk 
[SW8-GigabitEthernet1/0/2]port trunk pvid vlan 40
[SW8-GigabitEthernet1/0/2]port trunk permit vlan all

[SW8]int Bridge-Aggregation 1
[SW8-Bridge-Aggregation1]port link-type trunk 
[SW8-Bridge-Aggregation1]port trunk pvid vlan 110
[SW8-Bridge-Aggregation1]port trunk permit vlan all

    [SW9]int g1/0/1
[SW9-GigabitEthernet1/0/1]port link-type trunk 
[SW9-GigabitEthernet1/0/1]port trunk pvid vlan 30
[SW9-GigabitEthernet1/0/1]port trunk permit vlan all

[SW9-GigabitEthernet1/0/1]int g1/0/2 
[SW9-GigabitEthernet1/0/2]port link-type trunk 
[SW9-GigabitEthernet1/0/2]port trunk pvid vlan 40
[SW9-GigabitEthernet1/0/2]port trunk permit vlan all

  5. 交换机连接pc的端口配置为边缘端口

    [SW9]int g1/0/3 
[SW9-GigabitEthernet1/0/3]stp edged-port 
[SW9-GigabitEthernet1/0/3]int g1/0/4 
[SW9-GigabitEthernet1/0/4]stp edged-port

  6. 将sw9选举为生成树的根网桥

    [SW9]stp priority 4096

  7. 在sw9上配置dhcp服务,为vlan10和20的pc动态分配IP地址、网关和dns地址,要求vlan10的网关192.168.1.254,vlan20的网关是192.168.2.254,dns为114.114.114.114,期限为一天

    [SW9]dhcp enable
[SW9]dhcp server ip-pool 1
[SW9-dhcp-pool-1]network 192.168.1.0 24
[SW9-dhcp-pool-1]gateway-list 192.168.1.254 
[SW9-dhcp-pool-1]dns-list 114.114.114.114
[SW9-dhcp-pool-1]expired day 1
[SW9-dhcp-pool-1]quit 

[SW9]dhcp server ip-pool 2
[SW9-dhcp-pool-2]network 192.168.2.0 24 
[SW9-dhcp-pool-2]gateway-list 192.168.2.254
[SW9-dhcp-pool-1]dns-list 114.114.114.114
[SW9-dhcp-pool-1]expired day 1
[SW9-dhcp-pool-1]quit

  8. 在PC_10和PC_11上配置DHCP

    [PC_10]int g0/0
[PC_10-GigabitEthernet0/0]ip add dhcp-alloc 
[PC_10-GigabitEthernet0/0]qu

    [PC_1]int g0/0
[PC_1-GigabitEthernet0/0]ip add dhcp-alloc 
[PC_1-GigabitEthernet0/0]qu

  9. 按照图示分区域配置ospf协议,环回口宣告进对应区域中

    [R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 172.16.2.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 172.16.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]a 1
[R2-ospf-1-area-0.0.0.1]net 172.16.5.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]qu
[R2-ospf-1]dis th
#
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.2.0 0.0.0.255
 area 0.0.0.1
  network 172.16.5.0 0.0.0.255
#
return
[R2-ospf-1]qu

    [R3]ospf 1 router-id 3.3.3.3 
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 172.16.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 172.16.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]a 2
[R3-ospf-1-area-0.0.0.2]net 172.16.7.0 0.0.0.255
[R3-ospf-1-area-0.0.0.2]qu
[R3-ospf-1]dis th
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
 area 0.0.0.1
 area 0.0.0.2
  network 172.16.7.0 0.0.0.255
#
return
[R3-ospf-1]qu

    [R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]a 0
[R4-ospf-1-area-0.0.0.0]net 172.16.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]net 172.16.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]net 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]a 1
[R4-ospf-1-area-0.0.0.1]net 172.16.6.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]qu
[R4-ospf-1]dis th
#
ospf 1 router-id 4.4.4.4
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 172.16.1.0 0.0.0.255
  network 172.16.4.0 0.0.0.255
 area 0.0.0.1
  network 172.16.6.0 0.0.0.255
#
return
[R4-ospf-1]qu

    [R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]
[R5-ospf-1]a 0
[R5-ospf-1-area-0.0.0.0]net 172.16.3.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]net 172.16.4.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]net 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]a 2
[R5-ospf-1-area-0.0.0.2]net 172.16.8.0 0.0.0.255
[R5-ospf-1-area-0.0.0.2]qu
[R5-ospf-1]dis th
#
ospf 1 router-id 5.5.5.5
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 172.16.3.0 0.0.0.255
  network 172.16.4.0 0.0.0.255
 area 0.0.0.2
  network 172.16.8.0 0.0.0.255
#
return
[R5-ospf-1]qu

    [R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]a 1
[R12-ospf-1-area-0.0.0.1]net 172.16.5.0 0.0.0.255
[R12-ospf-1-area-0.0.0.1]net 172.16.6.0 0.0.0.255
[R12-ospf-1-area-0.0.0.1]net 12.12.12.12 0.0.0.0
[R12-ospf-1-area-0.0.0.1]qu
[R12-ospf-1]dis th
#
ospf 1 router-id 12.12.12.12
 area 0.0.0.1
  network 12.12.12.12 0.0.0.0
  network 172.16.5.0 0.0.0.255
  network 172.16.6.0 0.0.0.255
#
return
[R12-ospf-1]qu

    [R13]ospf 1 router-id  13.13.13.13
[R13-ospf-1]a 2
[R13-ospf-1-area-0.0.0.2]net 172.16.7.0 0.0.0.255
[R13-ospf-1-area-0.0.0.2]net 172.16.8.0 0.0.0.255
[R13-ospf-1-area-0.0.0.2]net 13.13.13.13 0.0.0.0
[R13-ospf-1-area-0.0.0.2]qu
[R13-ospf-1]dis th
#
ospf 1 router-id 13.13.13.13
 area 0.0.0.2
  network 13.13.13.13 0.0.0.0
  network 172.16.7.0 0.0.0.255
  network 172.16.8.0 0.0.0.255
#
return
[R13-ospf-1]qu

  10. 按照图示区域配置rip协议,环回口宣告进对应区域中

    [R4]rip 1
[R4-rip-1]ver 2
[R4-rip-1]undo su
[R4-rip-1]net 10.1.1.0
[R4-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 10.0.0.0
#
return
[R4-rip-1]qu

    [R5]rip 1
[R5-rip-1]ver 2
[R5-rip-1]undo su
[R5-rip-1]net 10.1.4.0
[R5-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 10.0.0.0
#
return
[R5-rip-1]qu

    [SW6]rip 1 
[SW6-rip-1]ver 2
[SW6-rip-1]undo su 
[SW6-rip-1]network 10.0.0.0
[SW6-rip-1]network 6.6.6.6
[SW6-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 6.0.0.0
 network 10.0.0.0
#
return
[SW6-rip-1]qu

    [SW7]rip 1
[SW7-rip-1]ver 2
[SW7-rip-1]undo su
[SW7-rip-1]net 10.1.1.0
[SW7-rip-1]net 192.168.3.0
[SW7-rip-1]net 192.168.5.0
[SW7-rip-1]net 7.7.7.7
[SW7-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 7.0.0.0
 network 10.0.0.0
 network 192.168.3.0
 network 192.168.5.0
#
return
[SW7-rip-1]qu

    [SW8]rip 1
[SW8-rip-1]ver 2
[SW8-rip-1]undo su
[SW8-rip-1]net 10.1.6.0
[SW8-rip-1]net 192.168.4.0
[SW8-rip-1]net 192.168.5.0
[SW8-rip-1]net 8.8.8.8
[SW8-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 8.0.0.0
 network 10.0.0.0
 network 192.168.4.0
 network 192.168.5.0
#
return
[SW8-rip-1]qu

    [SW9]rip 1
[SW9-rip-1]ver 2
[SW9-rip-1]undo su
[SW9-rip-1]net 192.168.1.0
[SW9-rip-1]net 192.168.2.0
[SW9-rip-1]net 192.168.3.0
[SW9-rip-1]net 192.168.4.0
[SW9-rip-1]net 9.9.9.9
[SW8-rip-1]dis th
#
rip 1
 undo summary
 version 2
 network 9.0.0.0
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
#
return
[SW9-rip-1]qu

  11. 业务网段不允许出现协议报文

    [SW9]rip 1
[SW9-rip-1]silent-interface Vlan-interface 10
[SW9-rip-1]silent-interface Vlan-interface 20
[SW9-rip-1]qu

  12. OSPF和RIP双向引入

    [R4]ospf 1
[R4-ospf-1]import-route rip 1
[R4-ospf-1]import-route direct 
[R4-ospf-1]qu
[R4]rip 1
[R4-rip-1]import-route ospf 1
[R4-rip-1]import-route direct 
[R4-rip-1]qu

    [R5]ospf 1
[R5-ospf-1]import-route rip 1
[R5-ospf-1]import-route direct 
[R5-ospf-1]qu
[R5]rip 1
[R5-rip-1]import-route ospf 1
[R5-rip-1]import-route direct 
[R5-rip-1]qu

  13. R1和R2之间通过双线连接到互联网配置ppp-mp,并配置双向chap验证

    [R1]local-user wiltjer class network 
New local user added.
[R1-luser-network-wiltjer]password simple 123456
[R1-luser-network-wiltjer]service-type ppp
[R1-luser-network-wiltjer]qu
[R1]int s1/0
[R1-Serial1/0]ppp authentication-mode chap 
[R1-Serial1/0]ppp chap user wiltjer
[R1-Serial1/0]int s2/0
[R1-Serial2/0]ppp authentication-mode chap 
[R1-Serial2/0]ppp chap user wiltjer
[R1-Serial2/0]qu

    [R2]local-user wiltjer class network 
New local user added.
[R2-luser-network-wiltjer]password simple 123456
[R2-luser-network-wiltjer]service-type ppp
[R2-luser-network-wiltjer]qu
[R2]int s1/0
[R2-Serial1/0]ppp authentication-mode chap 
[R2-Serial1/0]ppp chap user wiltjer
[R2-Serial1/0]int s2/0
[R2-Serial2/0]ppp authentication-mode chap 
[R2-Serial2/0]ppp chap user wiltjer
[R2-Serial2/0]qu

  14. 配置easy ip只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网

    [R2]ip route-static 0.0.0.0 0 202.100.1.1
[R2]ospf 1
[R2-ospf-1]default-route-advertise
[R2-ospf-1]qu

[R2]acl basic 2000
[R2-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-ipv4-basic-2000]qu
[R2]int MP-group 1
[R2-MP-group1]nat outbound 2000
[R2-MP-group1]qu

    [R3]ip route-static 0.0.0.0 0 202.100.2.1
[R3]ospf 1
[R3-ospf-1]default-route-advertise
[R3-ospf-1]qu

[R3]acl basic 2000
[R3-acl-ipv4-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[R3-acl-ipv4-basic-2000]rule deny source 192.168.2.0 0.0.0.255
[R3-acl-ipv4-basic-2000]qu
[R3]int MP-group 1
[R3-MP-group1]nat outbound 2000
[R3-MP-group1]qu

  15. R12开启telent远程登录,只允许192.168.1.0/24登录访问

    [R12]telnet server enable 
[R12]local-user wiltjer class manage 
New local user added.
[R12-luser-manage-wiltjer]password simple 123456.com
[R12-luser-manage-wiltjer]service-type telnet
[R12-luser-manage-wiltjer]authorization-attribute user-role level-15
[R12-luser-manage-wiltjer]qu
[R12]user-interface vty 0 4
[R12-line-vty0-4]authentication-mode scheme 
[R12-line-vty0-4]qu

    [R12]acl advanced 3000
[R12-acl-ipv4-adv-3000]rule permit tcp source 192.168.1.0 0.0.0.255 destination-
port eq 23
[R12-acl-ipv4-adv-3000]rule deny tcp source any destination-port eq 23
[R12-acl-ipv4-adv-3000]dis th
#
acl advanced 3000
 rule 0 permit tcp source 192.168.1.0 0.0.0.255 destination-port eq telnet
 rule 5 deny tcp destination-port eq telnet
#
return
[R12-acl-ipv4-adv-3000]qu
[R12]int range g0/0 to g0/1
[R12-if-range]packet-filter 3000 inbound 
[R12-if-range]qu

  16. R13开启ftp服务,只允许192.168.2.0/24登录访问

    [R13]ftp server enable 
[R13]local-user wiltjer class manage 
New local user added.
[R13-luser-manage-wiltjer]password simple 123456.com
[R13-luser-manage-wiltjer]service-type ftp 
[R13-luser-manage-wiltjer]authorization-attribute user-role level-15
[R13-luser-manage-wiltjer]qu
[R13]user-interface vty 0 4
[R13-line-vty0-4]authentication-mode scheme 
[R13-line-vty0-4]q

    [R13]acl advanced 3000
[R13-acl-ipv4-adv-3000]rule permit tcp source 192.168.2.0 0.0.0.255 destination-
port range 20 21
[R13-acl-ipv4-adv-3000]rule deny tcp source any destination-port range 20 21
[R13-acl-ipv4-adv-3000]dis th
#
acl advanced 3000
 rule 0 permit tcp source 192.168.2.0 0.0.0.255 destination-port range ftp-data ftp
 rule 5 deny tcp destination-port range ftp-data ftp
#
return
[R13-acl-ipv4-adv-3000]qu
[R13]int range g0/0 to g0/1
[R13-if-range]packet-filter 3000 inbound 
[R13-if-range]qu

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布