18 周实训作业
注:分支要求详细配置,简化配置,期末见 <h.dayi.ink> cmd因版本过于乱,临时不再维护
版本0.9
排版比较乱,建议直接下下来,直接看running-config
文件
https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-27-15-48-28_Marten_Infatuated_Delirious.rar
周四要求和作业
要求:内网
某公司企业内网,内网当中存在四个vlan ,分别为vlan10 vlan20 vlan30 vlan100
- 财务部是vlan10,并命名为caiwu
技术部是vlan20,并命名为jishu
管理部门为vlan30,并命名为guanli
内网服务器内网HTTP-SERVER单独位于vlan100,vlan名称为fuwuqi。 - 配置基本网络:
1)财务部的网段是192.168.1.0/24,网关为192.168.1.254
2)技术部的网段为192.168.2.0/24,网关为192.168.2.254
3)管理部的网段为192.168.3.0/24,网关为192.168.3.254
4)服务器的网段为172.16.1.0/24,网关为172.16.1.254
5)R1和SW1之间互联的地址为192.168.10.0/30的地址 - 现在要求所有的网关都在内网核心交换机SW1上,使用svi接口充当网关
- 实现内网所有PC和服务器之间的互联
- 由于内网员工对于计算机的使用能力较差,因此,针对财务部,技术部和管理部的终端而言,需要通过DHCP的方式自动获取IP地址(需要排除每个网段1-100的地址作为保留使用,从101开始获取),而服务器的地址由于需要固定访问,所以通过手动静态配置IP地址。(dhcp的server位于出口路由器R1上,使用dhcp的中继完成最终地址的获取)
- 允许内网管理部门的员工通过telnet管理内网的路由器和核心交换机,其他部门不允许通过telnet管理路由器和交换机。(要配置telnet管理内网设备)
要求:公网
公网部分
- R1和R2之间采用100.1.1.0/24网段,R2和R3之间采用124.126.100.0/24网段地址,R3和R4之间采用202.96.137.0/24网段地址,R3和外网HTTP-SERVER以及公网PC之间,采用124.126.200.0/24网段地址。(外网HTTP-SERVER和公网PC的网关为124.126.200.254)
- 为了保证公网之间能够通信,R1、R2、R3之间采用ospf动态路由协议进行通信
- 公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务
- 现在有一台公网服务器HTTP-SERVER,地址为124.126.200.10/24,现在需要内网用户能够访问到该公网服务器。(R1和R2之间使用124.126.100.0/24网段)
- 有一台公网的DNS-SERVER,地址为113.100.2.56/24,网关为113.100.2.1/24,我们最终想要通过访问www.shixun.com这个域名访问到公网http-server,并且查看首页的a small page,内容显示为:welcome to study our course!
要求:分支
- 内网PC7和PC8分别位于vlan70和vlan80这两个vlan当中
- PC7和PC8的网关分别为192.168.70.254 192.168.80.254,且网关位于R4路由器上
- PC7和PC8也要能够访问外网(测试访问公网HTTP-SERVER)
拓扑图
最后的拓扑图如下:
VLAN添加和配置
要求如下:VLAN配置要求
某公司企业内网中存在四个VLAN,具体配置如下:
| VLAN ID | 名称 | 部门/用途 |
|---|---|---|
| 10 | caiwu | 财务部 |
| 20 | jishu | 技术部 |
| 30 | guanli | 管理部门 |
| 100 | fuwuqi | 内网服务器(HTTP-SERVER) |
核心交换机:建立VLAN
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname
Switch(config)#hostname core
core(config)#vlan 10
core(config-vlan)#name caiwu
core(config-vlan)#vlan 20
core(config-vlan)#name jishu
core(config-vlan)#vlan 30
core(config-vlan)#name guanli
core(config-vlan)#vlan 100
core(config-vlan)#name fuwuqi
核心交换机:配置完的VLAN信息:
core#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 caiwu active
20 jishu active
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active 核心交换机:配置VLAN分发,VTP服务器
在核心交换机上:
core(config)#vtp mode server
Device mode already VTP SERVER.
core(config)#vtp domain crazy-friday
Changing VTP domain name from NULL to crazy-friday
core(config)#vtp password crazy
Setting device VLAN database password to crazy核心交换机:配置VLAN地址
要求
2、配置基本网络:
1)财务部的网段是192.168.1.0/24,网关为192.168.1.254
2)技术部的网段为192.168.2.0/24,网关为192.168.2.254
3)管理部的网段为192.168.3.0/24,网关为192.168.3.254
4)服务器的网段为172.16.1.0/24,网关为172.16.1.254
5)R1和SW1之间互联的地址为192.168.10.0/30的地址
配置
添加4个vlan,并且配置IP地址。
core(config)#int vlan 10
core(config-if)#ip addr 192.168.1.254 255.255.255.0
core(config-if)#no shut
core(config-if)#int vlan 20
core(config-if)#ip addr 192.168.2.254 255.255.255.0
core(config-if)#no shut
core(config-if)#int vlan 30
core(config-if)#ip addr 192.168.3.254 255.255.255.0
core(config-if)#no shut
core(config-if)#int vlan 100
core(config-if)#ip addr 172.16.1.254 255.255.255.0
core(config-if)#no shut 
当前接口状态和IP配置概要
物理接口状态:
- FastEthernet0/1 到 FastEthernet0/4: 启用且运行中(up/up)
- FastEthernet0/5: 物理连接断开(down/down)
- GigabitEthernet0/1 和 GigabitEthernet0/2: 物理连接断开(down/down)
| VLAN ID | IP地址 | 状态 |
|---|---|---|
| 1 | 未分配 | 管理性关闭 |
| 10 | 192.168.1.254 | 启用但协议层关闭 |
| 20 | 192.168.2.254 | 启用但协议层关闭 |
| 30 | 192.168.3.254 | 启用但协议层关闭 |
| 100 | 172.16.1.254 | 启用但协议层关闭 |
公司内网:3、现在要求所有的网关都在内网核心交换机SW1上,使用svi接口充当网关
SW1上开启三层路由功能
core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
core(config)#ip routing公司内网:配置子交换机的VLAN同步:
财务部交换机
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#vtp domain crazy-friday
Changing VTP domain name from NULL to crazy-friday
Switch(config)#vtp password crazy
Setting device VLAN database password to crazy
Switch(config)#hostname finance-sw
finance-sw(config)#int fa0/4
finance-sw(config-if)#switchport mode trunk可以看到VLAN数据库已经成功同步
划分VLAN接口:
将全部接口划分到VLAN:
finance-sw(config-if)#int range fa0/1,fa0/2,fa0/3,fa0/5-24
finance-sw(config-if-range)#sw mode access
finance-sw(config-if-range)#sw ac vlan 10
finance-sw(config-if-range)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gig0/1, Gig0/2
10 caiwu active Fa0/1, Fa0/2, Fa0/3, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
20 jishu active
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
finance-sw(config-if-range)#
公司内网:管理部交换机
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname manage-sw
manage-sw(config)#int fa 0/1
manage-sw(config-if)#sw mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
manage-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/1
Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
manage-sw(config-if)#
manage-sw(config-if)#vtp mode client
Setting device to VTP CLIENT mode.
manage-sw(config)#vtp domain crazy-friday
Domain name already set to crazy-friday.
manage-sw(config)#vtp password crazy
Setting device VLAN database password to crazy
manage-sw(config)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/1
Gig0/2
10 caiwu active
20 jishu active
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
manage-sw(config)#
划分VLAN接口
manage-sw(config)#int range fa0/2-fa0/24
manage-sw(config-if-range)#sw mode access
manage-sw(config-if-range)#sw ac vlan 30
manage-sw(config-if-range)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gig0/1, Gig0/2
10 caiwu active
20 jishu active
30 guanli active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
manage-sw(config-if-range)#
公司内网:技术部交换机
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname tech-sw
tech-sw(config)#vtp mode client
Setting device to VTP CLIENT mode.
tech-sw(config)#vtp domain crazy-friday
Changing VTP domain name from NULL to crazy-friday
tech-sw(config)#vtp password crazy
Setting device VLAN database password to crazy
tech-sw(config)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
tech-sw(config)#int
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
% Incomplete command.
tech-sw(config)#int g0/1
tech-sw(config-if)#sw mode tr
tech-sw(config-if)#sw mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
tech-sw(config-if)#dis vlan br
tech-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
tech-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
tech-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
10 caiwu active
20 jishu active
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
tech-sw(config-if)#int range fa0/1-24
tech-sw(config-if-range)#sw mode access
tech-sw(config-if-range)#sw ac vlan 30
tech-sw(config-if-range)#sw ac vlan 20
tech-sw(config-if-range)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gig0/2
10 caiwu active
20 jishu active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
tech-sw(config-if-range)#公司内网:服务器交换机
Switch#en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname server-sw
server-sw(config)#int g0/1
server-sw(config-if)#sw mode tr
server-sw(config-if)#sw mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
server-sw(config-if)#dis vlan br
server-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
server-sw(config-if)#vtp mode client
Setting device to VTP CLIENT mode.
server-sw(config)#vtp domain crazy-friday
Domain name already set to crazy-friday.
server-sw(config)#vtp password crazy
Setting device VLAN database password to crazy
server-sw(config)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
10 caiwu active
20 jishu active
30 guanli active
100 fuwuqi active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
server-sw(config)#int g0/2
server-sw(config-if)#sw mode ac
server-sw(config-if)#sw ac vlan 100
server-sw(config-if)#do show vlan b
server-sw(config-if)#do show vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
10 caiwu active
20 jishu active
30 guanli active
100 fuwuqi active Gig0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
server-sw(config-if)#
公司内网:服务器IP配置
- IP:172.16.1.10/24
- 网关:172.16.1.254
- DNS:临时:113.100.2.56
公司内网: 2.5: 5)R1和SW1之间互联的地址为192.168.10.0/30的地址
核心交换机:
core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
core(config)#vlan 1000
core(config-vlan)#name R1-SW1-Interconnect
core(config-vlan)#interface vlan 1000
core(config-if)#
%LINK-5-CHANGED: Interface Vlan1000, changed state to up
core(config-if)#ip address 192.168.10.2 255.255.255.252
core(config-if)#no shutdown
core(config-if)#interface GigabitEthernet0/0
core(config-if)#switchport mode access
core(config-if)#switchport access vlan 1000
core(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1000, changed state to up
no shut
core(config-if)#no shut
#配置静态路由
core(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
路由器
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.252
Router(config-if)#no shutdown
#子网静态路由
Router(config-if)#ip route 192.168.0.0 255.255.0.0 192.168.10.2
公司内网:4、实现内网所有PC和服务器之间的互联
允许trunk VLANIP互通
server-sw>en
server-sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
server-sw(config)#int g0/1
server-sw(config-if)#switchport trunk allowed vlan 10,20,30,100
finance-sw>en
finance-sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
finance-sw(config)#int f0/4
finance-sw(config-if)#switchport trunk allowed vlan 10,20,30,100
manage-sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
manage-sw(config)#int fa0/1
manage-sw(config-if)#switchport trunk allowed vlan 10,20,30,100
tech-sw>en
tech-sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
tech-sw(config)#int g0/1
tech-sw(config-if)#switchport trunk allowed vlan 10,20,30,100
核心交换机:
core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
core(config)#int range g0/1,fa0/1-3
core(config-if-range)#switchport trunk allowed vlan 10,20,30,100使用服务器进行测试
ping:172.16.1.254
ping 192.168.1.254
C:\>
C:\>ping 192.168.1.254
Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.1.254:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-Cping 192.168.2.254
C:\>ping 192.168.2.254
Pinging 192.168.2.254 with 32 bytes of data:
Reply from 192.168.2.254: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.2.254:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-Cping 192.168.3.254
C:\>ping 192.168.3.254
Pinging 192.168.3.254 with 32 bytes of data:
Reply from 192.168.3.254: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.3.254:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
ping 192.168.1.10
公司内网:5、由于内网员工对于计算机的使用能力较差,DHCP服务器
出口路由器
Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.100
Router(config)#ip dhcp excluded-address 192.168.2.1 192.168.2.100
Router(config)#ip dhcp excluded-address 192.168.3.1 192.168.3.100
Router(config)#ip dhcp pool VLAN10-POOL
Router(dhcp-config)#network 192.168.1.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.1.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exit
Router(config)#ip dhcp pool VLAN20-POOL
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.2.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exit
Router(config)#ip dhcp pool VLAN30-POOL
Router(dhcp-config)#network 192.168.3.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.3.254
Router(dhcp-config)#dns-server 113.100.2.56
Router(dhcp-config)#exitDHCP中继
core(config)#int vlan 10
core(config-if)#ip helper-address 192.168.10.1
core(config-if)#int vlan 20
core(config-if)#ip helper-address 192.168.10.1
core(config-if)#int vlan 30
core(config-if)#ip helper-address 192.168.10.1测试:
公司内网:6、允许内网管理部门的员工通过telnet管理内网的路由器和核心交换机,其他部门不允许通过telnet管理路由器和交换机。(要配置telnet管理内网设备)
可能有问题目前。内网管理部门咱这里理解为内网管理部门是技术部了 ,也许是管理部
新建VLAN500用于管理,并配置ACL表
- 核心交换机: 192.168.20.10
- 路由器:192.168.10.1
核心交换机:
core#configure terminal
core(config)#vlan 500
core(config-vlan)#name tech-admin
core(config-vlan)#exit
core(config)#interface vlan 500
core(config-if)#ip address 192.168.2.1 255.255.255.0
core(config-if)#no shutdown
core(config-if)#exit
core(config)#ip access-list standard TELNET-ACL
core(config-std-nacl)#permit 192.168.2.0 0.0.0.255
core(config-std-nacl)#deny any
core(config-std-nacl)#exit
core(config)#line vty 0 4
core(config-line)#access-class TELNET-ACL in
core(config-line)#exit
core(config)#interface range g0/1-2,fa0/1-3
core(config-if-range)#switchport mode trunk
core(config-if-range)#switchport trunk allowed vlan add 500
core(config-if-range)#exit
core(config)#ip route 192.168.2.0 255.255.255.0 vlan 500
core(config)#end
core#copy running-config startup-config路由器:
Router#configure terminal
Router(config)#ip access-list standard TELNET-ACL
Router(config-std-nacl)#permit 192.168.2.0 0.0.0.255
Router(config-std-nacl)#deny any
Router(config-std-nacl)#exit
Router(config)#line vty 0 4
Router(config-line)#access-class TELNET-ACL in
Router(config-line)#exit
技术部SW:
tech-sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
tech-sw(config)#interface vlan 500
tech-sw(config-if)#
%LINK-5-CHANGED: Interface Vlan500, changed state to up
tech-sw(config-if)#ip address 192.168.20.120 255.255.255.0
tech-sw(config-if)#no shut
tech-sw(config-if)#interface g0/1
tech-sw(config-if)#switchport trunk allowed vlan add 500
tech-sw(config-if)#username KFC4 password KFC4
tech-sw(config)#line vty 0 4
tech-sw(config-line)#login local
tech-sw(config-line)#transport input telnet只有技术部可以访问:
路由:
其他部门被拒绝了。
公网部分:要求
- R1和R2之间采用100.1.1.0/24网段,R2和R3之间采用124.126.100.0/24网段地址,R3和R4之间采用202.96.137.0/24网段地址,R3和外网HTTP-SERVER以及公网PC之间,采用124.126.200.0/24网段地址。(外网HTTP-SERVER和公网PC的网关为124.126.200.254)
- 为了保证公网之间能够通信,R1、R2、R3之间采用ospf动态路由协议进行通信
- 公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务
- 现在有一台公网服务器HTTP-SERVER,地址为124.126.200.10/24,现在需要内网用户能够访问到该公网服务器。(R1和R2之间使用124.126.100.0/24网段)
- 有一台公网的DNS-SERVER,地址为113.100.2.56/24,网关为113.100.2.1/24,我们最终想要通过访问www.shixun.com这个域名访问到公网http-server,并且查看首页的a small page,内容显示为:welcome to study our course!
公网部分:1、IP配置
R1-IP:
IP地址:
| Interface | IP Address | Subnet Mask | Status |
|---|---|---|---|
| GigabitEthernet0/1 | 100.1.1.1 | 255.255.255.0 | Up |
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g0/1
Router(config-if)#ip address 100.1.1.1 255.255.255.0
Router(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
Router(config-if)#router ospf 1
Router(config-router)#network 100.1.1.0 0.0.0.255 area 0
Router(config-router)#hostname r1
r1(config)# R2-IP:
IP地址:
| Interface | IP Address | Subnet Mask | Status |
|---|---|---|---|
| GigabitEthernet0/0 | 100.1.1.2 | 255.255.255.0 | - |
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r2
r2(config)#int g0/0
r2(config-if)#ip address 100.1.1.2 255.255.255.0
r2(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
r2(config-if)#int g0/1
r2(config-if)#ip address 124.126.100.1 255.255.255.0
r2(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
#配置OSPF
r2(config-if)#router ospf 1
r2(config-router)#network 100.1.1.0 0.0.0.255 area 0
r2(config-router)#network 124.126.100.0 0.0.0.255 area 0 R3:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r3
r3(config)#int g0/0
r3(config-if)#ip address 124.126.100.2 255.255.255.0
r3(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
r3(config-if)#int g0/1
r3(config-if)#ip address 202.96.137.1 255.255.255.0
r3(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
r3(config-if)#int g0/2
r3(config-if)#ip address 124.126.200.254 255.255.255.0
r3(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
#配置OSPF
r3(config-if)#router ospf 1
r3(config-router)#network 124.126.100.0 0.0.0.255 area 0
r3(config-router)#network 202.96.137.0 0.0.0.255 area 0
r3(config-router)#network 124.126.200.0 0.0.0.255 area 0R4:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r4
r4(config)#int g0/0
r4(config-if)#ip addr 202.96.137.2 255.255.255.0
r4(config-if)#no shut当前路由表:
r1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.1.1.0/24 is directly connected, GigabitEthernet0/1
L 100.1.1.1/32 is directly connected, GigabitEthernet0/1
124.0.0.0/24 is subnetted, 2 subnets
O 124.126.100.0/24 [110/2] via 100.1.1.2, 00:13:02, GigabitEthernet0/1
O 124.126.200.0/24 [110/3] via 100.1.1.2, 00:11:52, GigabitEthernet0/1
S 192.168.0.0/16 [1/0] via 192.168.10.2
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/30 is directly connected, GigabitEthernet0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0
O 202.96.137.0/24 [110/3] via 100.1.1.2, 00:00:33, GigabitEthernet0/1
r1#公网部分:3、公网PC可以通过R1的8080端口访问到内网HTTP-SERVER的80端口的http业务
内网访问服务器(172.16.1.10/24),可以正常访问
R1配置路由
r1(config)#ip route 172.16.1.0 255.255.255.0 192.168.10.2路由可以ping通内网服务器:
配置NAT:
r1(config)#int g0/0
r1(config-if)#ip nat inside
r1(config-if)#int g0/1
r1(config-if)#ip nat outside
r1(config)#ip nat inside source static tcp 172.16.1.10 80 100.1.1.1 8080
测试访问:
公网PC:
IP地址:124.126.200.11
子网掩码:255.255.255.0
默认网关:124.126.200.254
DNS服务器:113.100.2.56
可以正常访问:
公网部分:4、现在有一台公网服务器HTTP-SERVER,地址为124.126.200.10/24,现在需要内网用户能够访问到该公网服务器。(R1和R2之间使用124.126.100.0/24网段)
(R1和R2之间使用124.126.100.0/24网段) 此句话忽略。
IP配置:
IP地址:124.126.200.10
子网掩码:255.255.255.0
默认网关:124.126.200.254
DNS服务器:113.100.2.56
r1(config)#access-list 10 permit 192.168.0.0 0.0.255.255
r1(config)#ip nat inside source list 10 interface g0/1 overload
可以正常访问啦!
公网部分:5、有一台公网的DNS-SERVER,地址为113.100.2.56/24,网关为113.100.2.1/24,我们最终想要通过访问www.shixun.com这个域名访问到公网http-server,并且查看首页的a small page,内容显示为:welcome to study our course!
R2:
r2>en
r2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r2(config)#int g0/2
r2(config-if)#
r2(config-if)#ip address 113.100.2.1 255.255.255.0
r2(config-if)#no shut
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
#配置OSPF
r2(config-if)# router ospf 1
r2(config-router)#network 113.100.2.0 0.0.0.255 area 1配置DNS服务器:
DNS服务器IP:113.100.2.56/24 via 113.100.2.1
配置域名:
www.shixun.com
测试访问:
访问成功,修改HTML
HTML内容
index.html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>首页 - 欢迎来到实训课程</title>
</head>
<body>
<div class="container">
<h1>欢迎来到实训课程首页</h1>
<p>点击下面的链接查看详细信息:</p>
<a href="a_small_page.html">进入课程页面(a_small_page)</a>
<a>疯狂星期5组奉献</a>
</div>
</body>
</html>a_small_page.html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>课程详情 - 欢迎学习我们的课程</title>
</head>
<body>
<div class="container">
<h1>欢迎学习我们的课程!</h1>
<p>Welcome to study our course!</p>
<a href="index.html">返回首页</a>
<a>疯狂星期5组奉献</a>
</div>
</body>
</html>
效果
分支:
分支:1、内网PC7和PC8分别位于vlan70和vlan80这两个vlan当中
分支:2、PC7和PC8的网关分别为192.168.70.254 192.168.80.254,且网关位于R4路由器上
Switch>
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#hostname branch
branch(config)#vlan 70
branch(config-vlan)#int vlan 70
branch(config-if)#
%LINK-5-CHANGED: Interface Vlan70, changed state to up
branch(config-if)#ip addr 192.168.70.254 255.255.255.0
branch(config-if)#vlan 80
branch(config-vlan)#int vlan 80
branch(config-if)#
%LINK-5-CHANGED: Interface Vlan80, changed state to up
branch(config-if)#ip addr 192.168.80.254 255.255.255.0
branch(config-if)#
branch(config-if)#vlan 600
branch(config-vlan)#int vlan 600
branch(config-if)#
%LINK-5-CHANGED: Interface Vlan600, changed state to up
branch(config-if)#ip addr 10.10.10.2 255.255.255.252
branch(config-if)#i
branch(config-if)#int fa0/2
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 70
branch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan70, changed state to up
branch(config-if)#no shut
branch(config-if)#
branch(config-if)#int fa0/3
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 80
branch(config-if)#
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan80, changed state to up
branch(config-if)#no shut
branch(config-if)#
branch(config-if)#int f0/1
branch(config-if)#
branch(config-if)#sw mode acc
branch(config-if)#sw acc vlan 600
branch(config-if)#no shut
branch(config-if)#
branch(config-if)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
branch(config)#ip routing
分支:3、PC7和PC8也要能够访问外网(测试访问公网HTTP-SERVER)
PC7:
IP地址:192.168.70.10
子网掩码:255.255.255.0
默认网关:192.168.70.254
DNS服务器:113.100.2.56
PC8:
IP地址:192.168.80.10
子网掩码:255.255.255.0
默认网关:192.168.80.254
DNS服务器:113.100.2.56
R4:
r4(config)#int g0/1
r4(config-if)#ip addr 10.10.10.1 255.255.255.252
r4(config-if)#no shutPC8<->PC7相互访问
配置访问:
branch(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
r4(config)#int g0/1
r4(config-if)#ip addr 10.10.10.1 255.255.255.252
r4(config-if)#no shut
r4(config)#access-list 100 permit ip 192.168.70.0 0.0.0.255 any
r4(config)#access-list 100 permit ip 192.168.80.0 0.0.0.255 any
r4(config)#int g0/1
r4(config-if)#ip nat inside
r4(config-if)#int g0/0
r4(config-if)#ip nat outside
r4(config-if)#ip nat inside source list 100 interface g0/0 overload
r4(config)#ip route 192.168.70.0 255.255.255.0 10.10.10.2
r4(config)#ip route 192.168.80.0 255.255.255.0 10.10.10.2r4(config)#do show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 202.96.137.2 YES manual up up
GigabitEthernet0/1 10.10.10.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
r4(config)#
r4(config)#router ospf 1
r4(config-router)#do show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
202.96.137.1 1 FULL/DR 00:00:30 202.96.137.1 GigabitEthernet0/0
r4(config-router)#
r4(config-router)#network 202.96.137.0 0.0.0.255 area 0
测试
PC7成功访问
PC8成功访问
文件
https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-27-15-48-28_Marten_Infatuated_Delirious.rar