分类 默认分类 下的文章
网络系统集成基础(实验学时)——实验五
网络系统集成基础(实验学时)——实验五
题目要求:
实验内容:
1、动态路由协议RIP、OSPF协议的内容和特点
2、动态路由RIP、OSPF实验,建立拓扑pc1>>R1>>R2>>R3>>pc2,使pc1与pc2能相互通信,并配置PC端静默接口。
3、熟悉配置vlan间路由技术:多层交换机虚拟接口SVI和单臂路由
4、多层交换机SVI配置实验,建立VLAN10>>交换机SW>>VLAN20,使两个VLAN之间可以相互通信,
5、对上期实验公司网络设置各部门vlan间路由,使各个部门之间可以通信
实验意义:
vlan间路由技术:通过三层设备路由,使得不同vlan间可以互相通信。但是仅仅允许单播通信。不同vlan 之间广播帧依然被隔离既没有失去vlan原来的意义。
实验报告:
要求独立完成,报告需包含模拟器配置文件
分别使用华为模拟器和思科模拟器完成
1、动态路由协议RIP、OSPF协议的内容和特点
RIP和OSPF是两种广泛使用的动态路由协议,它们能够自动发现网络拓扑变化,动态维护路由表,大大简化了网络管理。下面我从协议原理、报文格式、算法实现、配置命令、适用场景、优缺点比较等方面,对这两种路由协议的内容和特点进行详细分析。
一、RIP协议
RIP(Routing Information Protocol)是一种基于距离向量的内部网关协议。其基本思想是:每个路由器维护一张路由表,记录到达各目的网络的最佳路由及其距离(跳数);路由器之间通过RIP报文交换并更新路由信息;最终所有路由器都会知道到达每一个网络的最短路径。
RIP协议的主要内容包括:
- RIP报文格式:RIP使用UDP数据报传送路由信息,默认端口号为520。RIP-1是有类路由协议,RIP-2支持无类路由,可以携带子网掩码。每个RIP报文可以包含25个路由条目。
- 路由更新:RIP路由器周期性(默认30秒)广播自己的路由表,接收到路由更新报文后,对路由表进行增删修改。同时还会触发更新,即路由表发生变化时立即发送更新报文。
- 路由选择:RIP使用Bellman-Ford算法计算最短路径,度量值为跳数,取值范围为1~15(16表示不可达)。当收到相同目的网络的多条路由时,选择跳数最小的路由;如果跳数相等,则形成等价路由,可以实现负载均衡。
- 路由维护:RIP使用一些计时器处理路由表,如更新定时器(周期性发送更新)、失效定时器(标记失效路由)、垃圾收集定时器(删除失效路由)等,以适应网络拓扑变化。
RIP协议的配置比较简单:
Router(config)#router rip
Router(config-router)#version 2 //使用RIP-2
Router(config-router)#no auto-summary //关闭自动汇总
Router(config-router)#network 192.168.1.0 //宣告直连网络
Router(config-router)#passive-interface g0/0 //设置静默接口,抑制更新RIP协议的主要特点是:
- 实现简单,开销小,适合小型网络
- 收敛速度慢,易产生环路,跳数限制网络直径
- 频繁发送更新,消耗带宽
- 不支持验证,安全性差
二、OSPF协议
OSPF(Open Shortest Path First)是一种基于链路状态的内部网关协议。其基本思想是:每个路由器发现并维护自己的链路状态(与哪些路由器相连,链路cost等);通过泛洪方式与其他路由器同步链路状态数据库(LSDB);各路由器基于相同的LSDB,运行SPF算法,计算出到达各目的网络的最短路径,形成路由表。
OSPF协议的主要内容包括:
- OSPF报文类型:OSPF直接承载在IP数据报中,协议号为89。常用的OSPF报文有Hello、DD(Database Description)、LSR(Link State Request)、LSU(Link State Update)、LSAck(Link State Acknowledgment)等。
- 邻居发现与邻接建立:OSPF路由器周期性发送Hello报文,发现邻居,协商参数(如Hello间隔、Dead间隔、Router ID等)。相连的两台OSPF路由器通过交换DD报文,同步LSDB,最终形成完全邻接。
- 链路状态通告:OSPF路由器将自己的链路状态信息(如Router-LSA、Network-LSA等)封装在LSU报文中,向所有邻居发送,邻居验证并回复LSAck报文,再将接收到的LSA转发出去,最终所有路由器都拥有完整的LSDB。
- 最短路径计算:OSPF路由器基于LSDB,运行Dijkstra最短路径算法,计算出到达各目的网络的最短路径,并生成路由表。OSPF使用cost值作为度量,cost值越小,优先级越高。
- 区域划分:OSPF支持将自治系统划分为不同的区域(Area),每个区域内部的拓扑隐藏在区域外。区域边界路由器(ABR)负责区域间路由,主干区域(Area 0)连接所有其他区域。这种层次化结构有利于提高可扩展性和安全性。
OSPF协议的配置相对复杂:
Router(config)#router ospf 1 //启用OSPF进程,进程号为1
Router(config-router)#router-id 1.1.1.1 //设置Router ID
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0 //宣告接口所在网段属于Area 0
Router(config-router)#area 1 stub //定义Area 1为Stub区域
Router(config-router)#area 1 authentication message-digest //在Area 1内启用MD5认证OSPF协议的主要特点是:
- 收敛速度快,无环路,没有跳数限制
- 支持区域划分,利于管理和扩展
- 对带宽敏感,消耗内存资源
- 支持认证,安全性高
- 实现复杂,配置较难
三、RIP与OSPF的比较
| RIP | OSPF | |
|---|---|---|
| 类型 | 距离向量 | 链路状态 |
| 度量 | 跳数 | Cost值 |
| 报文 | Request、Response | Hello、DD、LSR、LSU、LSAck |
| 算法 | Bellman-Ford | Dijkstra |
| 收敛速度 | 慢 | 快 |
| 网络规模 | 小型 | 大型 |
| 安全性 | 差 | 高 |
| 配置 | 简单 | 复杂 |
| 区域 | 无 | 有 |
| 资源 | 节约CPU和内存,消耗带宽 | 节约带宽,消耗CPU和内存 |
RIP协议简单易行,适合小型、结构简单的网络;而OSPF协议功能强大,适合大型、结构复杂的网络。在实际应用中,需要根据网络规模、拓扑结构、设备性能、管理需求等因素,权衡利弊,选择合适的路由协议。
在某些场景下,还可以考虑将RIP和OSPF结合使用,发挥协议互补的优势。如在企业网络中,可以在局域网内运行RIP,在骨干网内运行OSPF,通过重分发实现两种协议的互通。这样既降低了配置难度,又兼顾了可扩展性。
RIP和OSPF都是成熟、可靠的动态路由协议,深入理解其工作原理和配置方法,对于优化网络性能,简化网络管理具有重要意义。作为网络工程师,我们要学会举一反三,灵活运用,为构建高速、稳定、安全的网络架构贡献自己的力量!
2、动态路由RIP、OSPF实验,建立拓扑pc1>>R1>>R2>>R3>>pc2,使pc1与pc2能相互通信,并配置PC端静默接口
IP配置
拓扑:
R1
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 192.168.1.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.1.1.1 24
[Huawei-GigabitEthernet0/0/1]R2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.2.2.2 24
[Huawei-GigabitEthernet0/0/1]R3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.2.2.3 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 192.168.2.1 24RIP
R1
[Huawei]rip 1
[Huawei-rip-1]version 2
[Huawei-rip-1]network 192.168.1.0
[Huawei-rip-1]network 10.0.0.0R2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]rip 1
[Huawei-rip-1]ver
[Huawei-rip-1]version 2
[Huawei-rip-1]netwo
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]R3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]rip 1
[Huawei-rip-1]versi
[Huawei-rip-1]version 2
[Huawei-rip-1]network 10.0.0.0
[Huawei-rip-1]netw
[Huawei-rip-1]network 192.168.2.0
[Huawei-rip-1]可以看到已经有啦
路由表:
[Huawei-rip-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet0/0/1
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.2.2.0/24 RIP 100 1 D 10.1.1.2 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.2.0/24 RIP 100 2 D 10.1.1.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[Huawei-rip-1]测试
可以正常通信
OSPF
不同协议,直接重新配置了。
划分两个区域
重新配置IP
IP重新分一下
配置协议
R1:
[Huawei-GigabitEthernet0/0/1]router id 1.1.1.1
Info: Router ID has been modified, please reset the relative protocols manually
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]R2:
[Huawei-GigabitEthernet0/0/1]router id 2.2.2.2
Info: Router ID has been modified, please reset the relative protocols manually
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]area 1
[Huawei-ospf-1-area-0.0.0.1]network 10.2.2.0 0.0.0.255R3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]router id 3.3.3.3
Info: Router ID has been modified, please reset the relative protocols manually
to update the Router ID.
[Huawei]ospf 1
[Huawei-ospf-1]area 1
[Huawei-ospf-1-area-0.0.0.1]network 10.2.2.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 192.168.2.0 0.0.0.255
查看信息
[Huawei-ospf-1-area-0.0.0.1]dis ospf retrans-queue
OSPF Process 1 with Router ID 2.2.2.2
OSPF Retransmit List
The Router's Neighbor is Router ID 1.1.1.1 Address 10.1.1.1
Interface 10.1.1.2 Area 0.0.0.0
Retransmit list:
Type LinkState ID AdvRouter Sequence Age
The Router's Neighbor is Router ID 3.3.3.3 Address 10.2.2.3
Interface 10.2.2.2 Area 0.0.0.1
Retransmit list:
Type LinkState ID AdvRouter Sequence Age
[Huawei-ospf-1-area-0.0.0.1]ovo:
[Huawei-ospf-1-area-0.0.0.1]dis ospf routing
OSPF Process 1 with Router ID 2.2.2.2
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.1.1.0/24 1 Transit 10.1.1.2 2.2.2.2 0.0.0.0
10.2.2.0/24 1 Transit 10.2.2.2 2.2.2.2 0.0.0.1
192.168.1.0/24 2 Stub 10.1.1.1 1.1.1.1 0.0.0.0
192.168.2.0/24 2 Stub 10.2.2.3 3.3.3.3 0.0.0.1
Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
[Huawei-ospf-1-area-0.0.0.1]
ping通:
静默接口
R1
[Huawei-GigabitEthernet0/0/0]ospf 1
[Huawei-ospf-1]silent-interface g0/0/0
R2:
[Huawei]ospf 1
[Huawei-ospf-1]silent-interface g0/0/1
配置
R1
[Huawei-ospf-1]dis current-configuration
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
router id 1.1.1.1
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/0
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei-ospf-1]R2
[Huawei-ospf-1-area-0.0.0.1]display current-configuration
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
router id 2.2.2.2
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.2.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
area 0.0.0.1
network 10.2.2.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei-ospf-1-area-0.0.0.1]R3
[Huawei]display current-configuration
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
router id 3.3.3.3
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.2.2.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ospf 1
silent-interface GigabitEthernet0/0/1
area 0.0.0.1
network 10.2.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]3、熟悉配置vlan间路由技术:多层交换机虚拟接口SVI和单臂路由
VLAN间路由是指不同VLAN之间的通信需要通过三层设备(如路由器、三层交换机等)来实现。常见的VLAN间路由技术有:SVI(Switch Virtual Interface)、单臂路由、路由器子接口等。本文重点介绍多层交换机SVI和单臂路由这两种技术的原理、配置和应用。
一、SVI技术
SVI是指在三层交换机上创建与VLAN对应的虚拟接口,为该VLAN内的主机提供三层网关服务。数据在VLAN内部流动时,还是二层转发;当数据需要跨VLAN时,就通过SVI进行三层路由。
SVI的工作原理如下:
- 在三层交换机上创建VLAN,并将物理接口划分到相应VLAN。
- 创建与VLAN对应的SVI,配置IP地址和子网掩码。SVI的IP地址通常作为该VLAN的网关地址。
- 主机将SVI的IP地址配置为默认网关。
- 当主机向其他VLAN内的主机发送数据时,先发送到SVI,由SVI根据目的IP地址查找路由表,决定从哪个接口转发数据。
- 数据经过三层交换,到达目的VLAN内的主机。
SVI技术的优点是:
- 配置简单,不需要额外的物理接口
- switching速度快,硬件转发
- 支持大量VLAN,扩展性强
SVI技术的缺点是:
- 每个VLAN都需要一个SVI,消耗IP地址资源
- 所有VLAN的流量都经过三层交换引擎,易成为瓶颈
- 不支持子接口,不能实现复杂的QoS、ACL等策略
以华为交换机为例,SVI的配置步骤如下:
[SW1]vlan 10 //创建VLAN 10
[SW1-vlan10]quit
[SW1]vlan 20 //创建VLAN 20
[SW1-vlan20]quit
[SW1]interface g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access //接口链路类型为access
[SW1-GigabitEthernet0/0/1]port default vlan 10 //将接口加入VLAN 10
[SW1]interface g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20 //将接口加入VLAN 20
[SW1]interface vlanif 10 //创建VLAN 10的SVI
[SW1-Vlanif10]ip address 192.168.10.1 24 //配置SVI的IP地址
[SW1]interface vlanif 20 //创建VLAN 20的SVI
[SW1-Vlanif20]ip address 192.168.20.1 24 //配置SVI的IP地址二、单臂路由
单臂路由是指利用路由器的一个物理接口,通过子接口技术,同时连接多个VLAN,实现VLAN间路由。子接口是指在物理接口上创建的逻辑接口,每个子接口对应一个VLAN,可以配置不同的IP地址。
单臂路由的工作原理如下:
- 在交换机上创建多个VLAN,并将终端主机划分到相应VLAN。
- 在交换机上配置一个Trunk口,允许多个VLAN的数据通过。
- 用Trunk线缆将交换机与路由器相连。
- 在路由器的物理接口上创建多个子接口,每个子接口encapsulation对应一个VLAN。
- 在各子接口上配置IP地址,作为该VLAN的网关。
- 主机将与其VLAN对应的路由器子接口IP配置为默认网关。
- 当主机向其他VLAN内的主机发送数据时,先发送到网关,再由路由器根据routing table决定如何转发。
- 数据从对应的子接口发送出去,到达目的VLAN内的主机。
单臂路由的优点是:
- 利用子接口复用物理接口,节省接口资源
- 子接口可以配置灵活的ACL、QoS等策略
- 支持路由协议,利于扩展
单臂路由的缺点是:
- 配置复杂,需要同时配置交换机和路由器
- 路由性能有限,吞吐量小于硬件switching
- 单臂链路是潜在的单点故障
单臂路由的配置步骤如下:
Switch(config)#vlan 10 //创建VLAN 10
Switch(config-vlan)#exit
Switch(config)#vlan 20 //创建VLAN 20
Switch(config-vlan)#exit
Switch(config)#interface g0/0
Switch(config-if)#switchport mode trunk //配置Trunk口
Switch(config-if)#switchport trunk allowed vlan 10,20 //允许VLAN 10和20通过
Router(config)#interface g0/0.1 //创建子接口g0/0.1
Router(config-subif)#encapsulation dot1Q 10 //封装VLAN 10的标记
Router(config-subif)#ip address 192.168.10.1 255.255.255.0 //配置IP地址
Router(config-subif)#exit
Router(config)#interface g0/0.2 //创建子接口g0/0.2
Router(config-subif)#encapsulation dot1Q 20 //封装VLAN 20的标记
Router(config-subif)#ip address 192.168.20.1 255.255.255.0 //配置IP地址三、两种技术的比较
| 特点 | SVI | 单臂路由 |
|---|---|---|
| 设备 | 单台三层交换机 | 交换机+路由器 |
| 接口利用率 | 高 | 低(一个物理接口) |
| 转发性能 | 高(硬件) | 较低(软件) |
| 路由协议 | 一般不支持 | 支持 |
| 配置难度 | 简单 | 复杂 |
| 灵活性 | 较差,不支持子接口 | 好,支持子接口策略 |
| 冗余备份 | 支持VSS等虚拟化技术 | 支持HSRP等热备协议 |
| 成本 | 低 | 较高 |
SVI技术适合中小型、结构扁平的局域网,配置简单,成本低,对路由功能要求不高。而单臂路由适合大型、层次化的园区网,分工明确,有利于细粒度的流量控制和安全策略,但配置相对复杂。
在实际组网中,需要根据用户需求、网络规模、设备能力、管理预算等因素,权衡利弊,选择合适的VLAN间路由技术。例如在接入层可采用SVI,在汇聚层和核心层采用单臂路由,扬长避短,优势互补。
随着硬件的升级换代和软件的功能增强,一些高端的多层交换机(如Cisco Catalyst 9000系列)集成了线速路由、Policy-Based Routing、Overlay等功能,可以同时提供SVI和三层接口,大大简化了网络部署。可以预见,未来数据中心和园区的边界会变得越来越模糊,最佳实践也将不断演进。
作为网络架构师和工程师,我们要与时俱进,既要扎实掌握传统的VLAN间通信技术,又要敏锐洞察新兴的解决方案和趋势,为客户构建高速、可靠、灵活的业务网络,持续创造价值!
4、多层交换机SVI配置实验,建立VLAN10>>交换机SW>>VLAN20,使两个VLAN之间可以相互通信,
好像跟上节课一模一样诶。
画一个拓扑图:
然后
CORE配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a
[Huawei-GigabitEthernet0/0/1]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]p t a v a
LSW1 配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 10
[Huawei-Ethernet0/0/2]int e 0/0/3
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 20
[Huawei-Ethernet0/0/3]int e 0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
LSW2配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l t
[Huawei-Ethernet0/0/1]p t a v a
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
Error: The VLAN does not exist.
[Huawei-Ethernet0/0/2]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
测试
VLAN30 -> VLAN10
VLAN30 -> VLAN20
输出
PC>
PC Simulator has not been started!
Welcome to use PC Simulator!
PC>ping 192.168.10.10
Ping 192.168.10.10: 32 data bytes, Press Ctrl_C to break
From 192.168.10.10: bytes=32 seq=1 ttl=127 time=125 ms
From 192.168.10.10: bytes=32 seq=2 ttl=127 time=78 ms
--- 192.168.10.10 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/101/125 ms
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:feac:2a54
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.30.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.30.1
Physical address..................: 54-89-98-AC-2A-54
DNS server........................:
PC>ping 192.168.20.10
Ping 192.168.20.10: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: bytes=32 seq=1 ttl=127 time=109 ms
From 192.168.20.10: bytes=32 seq=2 ttl=127 time=62 ms
From 192.168.20.10: bytes=32 seq=3 ttl=127 time=78 ms
From 192.168.20.10: bytes=32 seq=4 ttl=127 time=94 ms
--- 192.168.20.10 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 62/85/109 ms
PC>配置
core
#display current-configuration
[Huawei-GigabitEthernet0/0/3]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
#
interface Vlanif100
ip address 10.22.22.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
#
...
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei-GigabitEthernet0/0/3]
LSW
LSW1
#display current-configuration
[Huawei-Ethernet0/0/1]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
#
interface Ethernet0/0/4
#
...
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei-Ethernet0/0/1]
LSW2
[Huawei-Ethernet0/0/2]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type access
port default vlan 30
#
interface Ethernet0/0/3
#
...
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]
5、对上期实验公司网络设置各部门vlan间路由,使各个部门之间可以通信
上期已经配好啦,他们可以正常通信。
其实这样也一样滴。
☆新的拓扑图
简单模拟一下
路由器:
<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.22.22.1 24
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24 #公网IP
[Huawei]ip route-static 192.168.10.0 24 10.22.22.2
[Huawei]ip route-static 192.168.20.0 24 10.22.22.2
[Huawei]ip route-static 192.168.30.0 24 10.22.22.2三层交换机
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]undo inf
[Huawei]undo info-center en
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 100
[Huawei-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[Huawei-GigabitEthernet0/0/3]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.2
Error: The next-hop address is invalid.
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
[Huawei]
[Huawei]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a二层交换机
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]p l t #port link-type trunk
[Huawei-Ethernet0/0/3]p t a v a #port trunk allow-pass vlan all
[Huawei-Ethernet0/0/3]un sh
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 30
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
[Huawei-Ethernet0/0/2]un sh拓扑图:
内网互通
内网互通2
这里也跟第四步一模一样啦。
VLAN30 -> VLAN10
VLAN30 -> VLAN20
0XFF: 文件下载
https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-10-18-31-49_Anole_Showy_Uncomfortable.7z
网络系统集成基础(实验学时)——实验四
网络系统集成基础(实验学时)——实验四
题目要求:
实验内容:
1、熟悉路由器的配置管理(附文档路由器的介绍PPT)
2、静态路由实验,建立拓扑pc1>>R1>>R2>>R3>>pc2,使pc1与pc2能相互通信。
3、为实验二公司网络配置路由器,使内部网络可以访问Internet。
4、将内网服务器80端口映射出去,允许外网用户访问
实验报告:
要求独立完成,报告需包含模拟器配置文件
分别使用华为模拟器和思科模拟器完成
思科
1、熟悉路由器的配置管理(附文档路由器的介绍PPT)
- 路由器是连接网络的重要设备,它能将多个网络连接起来,实现不同网络之间的通信。路由器主要由硬件和软件两部分组成,硬件包括CPU、RAM、Flash等,软件如思科的IOS、华为的VRP等。
- 路由器的核心功能是根据数据包的目标IP地址,通过查找路由表,确定数据包的下一跳,并将其从相应的接口转发出去。路由表可以通过直连路由、静态路由和动态路由等方式生成。
- 配置路由器时,需要熟悉各种工作模式,如用户模式(查看信息)、特权模式(调试排错)、全局配置模式(进行全局配置)和接口配置模式(配置各接口)等。
- 常用的路由器配置命令包括:查看路由器信息(show)、配置路由器名称(hostname)、设置接口IP地址(ip address)、配置静态路由(ip route)、配置时钟频率(clock rate)等。
- 路由器支持多种线缆类型,如同轴电缆、双绞线、光纤等。选择线缆时需要考虑带宽、距离和成本等因素。
- 路由器的接口类型多样,如以太网接口、异步/同步串行接口、Console/AUX接口等。不同接口的配置和线缆要求不同。
- 路由器的存储设备包括RAM(运行时存储)、NVRAM(启动配置)、Flash(IOS镜像)和ROM(硬件自检和引导)等。
- 可通过Console口(参数为9600、8、N、1)、AUX口、Telnet(23端口)、SSH(22端口)等方式管理路由器。远程管理需要合理的安全策略。
- 了解路由器常见的问题和故障排除方法,如接口down、线缆问题、配置错误、软硬件冲突等,可通过ping、traceroute、show等命令定位问题。
- 路由器是网络的核心设备,掌握路由器的原理、组成、配置和管理,是网络工程师必备的技能。
思科是全球领先的网络设备供应商,其路由器产品以性能稳定、功能强大而闻名。下面我们重点介绍思科路由器的相关知识。思科路由器采用Cisco IOS(互联网络操作系统)软件,提供了丰富的功能和灵活的配置选项。Cisco IOS支持CLI(命令行界面)和图形化管理,适合不同的用户需求。思科路由器的型号命名遵循一定的规则,如19xx、29xx、39xx等系列,代表了不同的性能和应用场景。选择路由器型号时,需要考虑吞吐量、接口数量、可扩展性等因素。
在硬件组成方面,思科路由器typically包括CPU、RAM、Flash、NVRAM等部件,分别承担处理、存储、引导等功能。合理的硬件配置对于路由器的性能至关重要。思科路由器支持多种接口类型,如FastEthernet、Ethernet、Serial等。这些接口使用RJ45、DB60等不同的连接器和线缆。配置接口时,需要了解接口的工作模式(如DTE/DCE)和物理特性。管理思科路由器的常见方式包括Console口(通过RJ45转DB9串口线)、AUX口、Telnet和SSH等。Console口一般用于本地配置调试,AUX用于拨号,Telnet和SSH则用于远程管理。
配置思科路由器时,需要熟悉Cisco IOS的命令行界面。常用的配置命令包括enable(进入特权模式)、configure terminal(进入全局配置)、interface(进入接口配置)等。在路由配置方面,思科路由器支持静态路由和动态路由协议(如RIP、OSPF、EIGRP等)。通过ip route命令可以配置静态路由,network和router等命令用于启用动态路由。安全性是配置思科路由器需要关注的重点。可以通过设置密码(如enable secret)、配置SSH(ip ssh version 2)、启用AAA认证(aaa new-model)等措施,加强路由器的安全防护。
管理思科路由器还需要进行系统维护,如备份配置(copy running-config startup-config)、升级IOS(copy tftp flash)、查看日志(show logging)等。当思科路由器出现故障时,可以使用ping、traceroute、show等命令进行排查。通过分析接口状态、路由表、CPU利用率等指标,可以定位和解决大部分问题。思科路由器凭借其优异的性能和丰富的功能,在网络领域占据着重要的地位。深入学习和实践思科路由器的配置与管理,对于提升网络技能大有裨益。
2、静态路由实验,建立拓扑pc1>>R1>>R2>>R3>>pc2,使pc1与pc2能相互通信。
根据您提供的拓扑图,我使用10开头的IP地址重新规划:
设备IP配置:
- PC-PT (PC0): 10.1.1.2/30,网关10.1.1.1
Router0:
- Fa0/0: 10.1.1.1/30
- Se2/0: 10.1.2.1/30
Router-PT:
- Se2/0: 10.1.2.2/30
- Se3/0: 10.1.3.1/30
Router2:
- Fa0/0: 10.1.3.3/30
- Se3/0: 10.1.3.2/30
- PC-PT (PC1): 10.1.3.4/30,网关10.1.3.3
路由器IP
R0
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r0
r0(config)#int f0/0
r0(config-if)#ip addr 10.1.1.1 255.255.255.0
r0(config-if)#no shut
r0(config-if)#int s2/0
r0(config-if)#ip addr 10.1.2.1 255.255.255.0
r0(config-if)#no shutR1
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r1
r1(config)#int s2/0
r1(config-if)#ip addr 10.1.2.2 255.255.255.0
r1(config-if)#no shut
r1(config-if)#int s3/0
r1(config-if)#ip addr 10.1.3.1 255.255.255.0
r1(config-if)#no shutR2:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname r2
r2(config)#int s2/0
r2(config-if)#ip addr 10.1.3.2 255.255.255.0
r2(config-if)#no shut
r2(config-if)#int f0/0
r2(config-if)#ip addr 10.1.4.1 255.255.255.0
r2(config-if)#no shut
| 设备 | 接口 | IP地址 | 子网掩码 |
|---|---|---|---|
| PC0 | NIC | 10.1.1.10 | 255.255.255.0 |
| PC1 | NIC | 10.1.4.10 | 255.255.255.0 |
| r0 | f0/0 | 10.1.1.1 | 255.255.255.0 |
| s2/0 | 10.1.2.1 | 255.255.255.0 | |
| r1 | s2/0 | 10.1.2.2 | 255.255.255.0 |
| s3/0 | 10.1.3.1 | 255.255.255.0 | |
| r2 | s2/0 | 10.1.3.2 | 255.255.255.0 |
| f0/0 | 10.1.4.1 | 255.255.255.0 |
pc1
PC2
配置静态路由
| 设备 | 接口 | IP地址 | 子网掩码 |
|---|---|---|---|
| PC0 | NIC | 10.1.1.10 | 255.255.255.0 |
| PC1 | NIC | 10.1.4.10 | 255.255.255.0 |
| r0 | f0/0 | 10.1.1.1 | 255.255.255.0 |
| s2/0 | 10.1.2.1 | 255.255.255.0 | |
| r1 | s2/0 | 10.1.2.2 | 255.255.255.0 |
| s3/0 | 10.1.3.1 | 255.255.255.0 | |
| r2 | s2/0 | 10.1.3.2 | 255.255.255.0 |
| f0/0 | 10.1.4.1 | 255.255.255.0 |
r0(config)#ip route 10.1.3.0 255.255.255.0 10.1.2.2
r0(config)#ip route 10.1.4.0 255.255.255.0 10.1.2.2
r1(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1
r1(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.2
r2(config)#ip route 10.1.1.0 255.255.255.0 10.1.3.1
r2(config)#ip route 10.1.2.0 255.255.255.0 10.1.3.1r0(config)#do show ip route static
10.0.0.0/24 is subnetted, 4 subnets
S 10.1.3.0 [1/0] via 10.1.2.2
S 10.1.4.0 [1/0] via 10.1.2.2
r1(config)#do show ip route static
10.0.0.0/24 is subnetted, 4 subnets
S 10.1.1.0 [1/0] via 10.1.2.1
S 10.1.4.0 [1/0] via 10.1.3.2
r2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
S 10.1.1.0 [1/0] via 10.1.3.1
S 10.1.2.0 [1/0] via 10.1.3.1
C 10.1.3.0 is directly connected, Serial2/0
C 10.1.4.0 is directly connected, FastEthernet0/0
r2#
测试
PC>tracert 10.1.4.10
Tracing route to 10.1.4.10 over a maximum of 30 hops:
1 0 ms 0 ms 0 ms 10.1.1.1
2 0 ms 4 ms 0 ms 10.1.2.2
3 1 ms 0 ms 1 ms 10.1.3.2
4 * 2 ms 4 ms 10.1.4.10
Trace complete.
PC>ping 10.1.4.10
Pinging 10.1.4.10 with 32 bytes of data:
Reply from 10.1.4.10: bytes=32 time=7ms TTL=125
Ping statistics for 10.1.4.10:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 7ms, Average = 7ms
3、为实验二公司网络配置路由器,使内部网络可以访问Internet。
一个新的拓扑,当做公网
- 202.194.222.4/32
- 202.194.222.1/32
R0
r0>en
r0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r0(config)#ip route 0.0.0.0 0.0.0.0 Serial2/0
r0(config)#
r0(config)#do show ip routeR1:
r1(config)#int fa0/0
r1(config-if)#ip addr 10.1.5.1 255.255.255.0
r1(config-if)#no shut
r1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0右上角路由
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname intelnet
intelnet(config)#int fa1/0
intelnet(config-if)#ip addr 10.1.5.2 255.255.255.0
intelnet(config-if)#no shut
intelnet(config-if)#int f0/0
intelnet(config-if)#ip addr 202.194.222.1 255.255.255.0
intelnet(config-if)#no shut
intelnet(config-if)#ip route 10.1.1.0 255.255.255.0 10.1.5.1
intelnet(config)#ip route 10.1.4.0 255.255.255.0 10.1.5.1
R2
r2(config)#ip route 0.0.0.0 0.0.0.0 se2/0测试
PC>ping 202.194.222.4
Pinging 202.194.222.4 with 32 bytes of data:
Reply from 202.194.222.4: bytes=32 time=6ms TTL=125
Reply from 202.194.222.4: bytes=32 time=4ms TTL=125
Reply from 202.194.222.4: bytes=32 time=2ms TTL=125
Reply from 202.194.222.4: bytes=32 time=4ms TTL=125
Ping statistics for 202.194.222.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 6ms, Average = 4ms
PC>
4、将内网服务器80端口映射出去,
内网服务器
拓扑这样子:
intelnet(config)#access-list 1 permit 10.1.1.0 0.0.0.255
intelnet(config)#access-list 1 permit 10.1.4.0 0.0.0.255
intelnet(config)#int fa1/0
intelnet(config-if)#ip nat inside
intelnet(config-if)#exit
intelnet(config)#int fa0/0
intelnet(config-if)#ip nat outside
intelnet(config-if)#exit
intelnet(config)#ip nat inside source list 1 interface FastEthernet0/0 overload
intelnet(config)#ip nat inside source static tcp 10.1.4.250 80 202.194.222.1 8080
测试一下,打开浏览器:
http://202.194.222.1:8080
可以正常访问。
5、模拟器配置文件
r0
r0#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
r0#show run
r0#show running-config
Building configuration...
Current configuration : 758 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 10.1.2.1 255.255.255.0
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip classless
ip route 10.1.3.0 255.255.255.0 10.1.2.2
ip route 10.1.4.0 255.255.255.0 10.1.2.2
ip route 0.0.0.0 0.0.0.0 Serial2/0
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
r1
r1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
r1#show ru
r1#show running-config
Building configuration...
Current configuration : 868 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.5.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 10.1.2.2 255.255.255.0
!
interface Serial3/0
ip address 10.1.3.1 255.255.255.0
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.2.1
ip route 10.1.4.0 255.255.255.0 10.1.3.2
ip route 10.1.1.0 255.255.255.0 202.194.222.2
ip route 10.4.1.0 255.255.255.0 202.194.222.2
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
r1#r2
r2#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
r2#show ru
r2#show running-config
Building configuration...
Current configuration : 758 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname r2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.4.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 10.1.3.2 255.255.255.0
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.3.1
ip route 10.1.2.0 255.255.255.0 10.1.3.1
ip route 0.0.0.0 0.0.0.0 Serial2/0
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
r2#r3
intelnet#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
intelnet#show ru
intelnet#show running-config
Building configuration...
Current configuration : 1015 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname intelnet
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 202.194.222.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 10.1.5.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 10.1.4.250 80 202.194.222.1 8080
ip classless
ip route 10.1.1.0 255.255.255.0 10.1.5.1
ip route 10.4.1.0 255.255.255.0 10.1.5.1
ip route 10.1.4.0 255.255.255.0 10.1.5.1
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.1.4.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
intelnet#
intelnet#华为
1、熟悉路由器的配置管理(附文档路由器的介绍PPT)
华为是中国乃至全球的网络设备巨头之一,其路由器产品以性价比高、功能全面而备受青睐。下面我们就来详细了解一下华为路由器的相关知识。
华为路由器采用VRP(Versatile Routing Platform)操作系统,该系统基于Linux内核开发,提供了强大的网络功能和友好的配置管理界面。VRP支持命令行和Web界面配置,满足不同用户的需求。
华为路由器的命名方式通常以AR(Access Router)、NE(Network Engine)等字母开头,后面跟数字表示系列和型号,如AR系列、NE系列等。不同系列的路由器在性能、接口、功耗等方面有所差异,可根据实际需求选择。
从硬件结构看,华为路由器一般包括主控板(MPU)、业务板(LPU)、交换网板(SFU)、电源板(PWR)等部件。其中,MPU负责路由计算和管理,LPU提供业务接口,SFU实现数据交换,PWR供给系统电源。
华为路由器支持丰富的接口类型,如以太网接口(Ethernet)、广域网接口(WAN)、串行接口(Serial)等。不同接口使用RJ45、SFP、RS232等连接器,传输介质包括双绞线、光纤、同轴电缆等。
管理华为路由器的方式有多种,如Console口(通过Console线缆)、Telnet(23端口)、SSH(22端口)、Web(80端口)等。日常配置一般使用Console口,远程管理则用Telnet/SSH/Web,注意网络和安全设置。
配置华为路由器时,需要熟悉VRP的命令行界面。常见命令包括system-view(进入系统视图)、interface(进入接口视图)、display(查看信息)、save(保存配置)等。
华为路由器支持多种路由协议,如静态路由、RIP、OSPF、ISIS、BGP等。配置静态路由使用ip route-static命令,动态路由则在相应的路由视图下进行。
安全性是华为路由器配置的重中之重。基本措施包括设置用户名密码(aaa)、启用SSH(ssh server enable)、配置ACL(acl number)等。对于关键路由器,还需要部署防火墙、VPN等安全业务。
维护华为路由器需要掌握一些常用操作,如软件升级(upgrade)、配置备份(backup configuration)、日志查看(display current-configuration)、调试开关(debugging)等。
华为路由器出现故障时,参考以下思路排查:
- 检查物理连接,如接口线缆、模块、电源等是否正常。
- 确认接口配置,如IP地址、子网掩码、接口状态等。
- 查看路由表,分析路由协议、路由条目是否合理。
- 观察CPU、内存等资源利用率,判断是否过载。
- 使用ping、tracert等工具,测试网络连通性。
- 对比配置文件,查找配置差异或错误。
- 翻阅系统日志,获取告警、错误等重要信息。
华为路由器以其优异的性能、灵活的扩展性和极高的性价比,在企业网和运营商网广泛应用。系统学习华为路由器的原理、配置和维护,对于提高网络管理水平大有裨益。作为网络人,掌握华为路由器的"武功秘籍",定能在职场立于不败之地。
2、静态路由实验,建立拓扑pc1>>R1>>R2>>R3>>pc2,使pc1与pc2能相互通信。
它有bug,用就用最高级的那个路由器。
用这个路由器:
拓扑图:
配置命令
R1:
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 192.168.1.1 24
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]ip addr 10.1.1.1 24
[Huawei]ip route-static 192.168.2.0 24 10.1.1.2
[Huawei]dis ip routing-tableR2:
<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.2.2.2 24
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ip route-static 192.168.1.0 24 10.1.1.1
[Huawei]ip route-static 192.168.2.0 24 10.2.2.3
[Huawei]dis ip int brief
[Huawei]ping 192.168.2.1 (成功)
[Huawei]ping 192.168.1.1 (成功)R3:
<Huawei>sys
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.2.2.3 24
[Huawei-Ethernet0/0/0]int e0/0/1
[Huawei-Ethernet0/0/1]ip addr 192.168.2.1 24
[Huawei-Ethernet0/0/1]quit
[Huawei]ip route-static 192.168.1.0 24 10.2.2.2
[Huawei]dis ip int brief
Interface IP Address/Mask Physical Protocol
Ethernet0/0/0 10.2.2.3/24 up up
Ethernet0/0/1 192.168.2.1/24 up up
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
GigabitEthernet0/0/3 unassigned down down
NULL0 unassigned up up(s)
Serial0/0/0 unassigned down down
Serial0/0/1 unassigned down down
Serial0/0/2 unassigned down down
Serial0/0/3 unassigned down down 可以ping通
这个也是:
3、为实验二公司网络配置路由器,使内部网络可以访问Internet。
请直接跳转到[☆新的拓扑图]章节,蓝屏了。拓扑图重新画的。
R2
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.11.11.6
[Huawei-GigabitEthernet0/0/2]ip addr 10.11.11.2 24R6
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.11.11.6 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24目前AR2可以访问202.194.222.4(intelnet)
划分VLAN
拓扑结构:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int vlan
[Huawei]int Vlanif
[Huawei]int Vlanif 10
Error: The VLAN does not exist.
[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]vlan 30
[Huawei-vlan30]int vl
[Huawei-vlan30]int vlanif 10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vl
[Huawei-Vlanif10]int vlanif 20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif 30
[Huawei-Vlanif30]ip addr 192.168.30.1 24Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]
Jun 5 2024 10:22:42-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 5, th
e change loop count is 0, and the maximum number of records is 4095.
服务器配置IP
划分VLAN到端口
[Huawei-vlan30]int e0/0/2
[Huawei-Ethernet0/0/2]pro
[Huawei-Ethernet0/0/2]port
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]
Jun 5 2024 10:25:42-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 7, th
e change loop count is 0, and the maximum number of records is 4095.port default
vlan 10
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]
Jun 5 2024 10:25:52-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 8, th
e change loop count is 0, and the maximum number of records is 4095.port default
vlan 10
[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]int e0/0/3
Jun 5 2024 10:26:02-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 9, th
e change loop count is 0, and the maximum number of recordport default vlan 20
[Huawei-Ethernet0/0/3]
[Huawei-Ethernet0/0/3]
[Huawei-Ethernet0/0/3]port default vlan 20
[Huawei-Ethernet0/0/3]
Jun 5 2024 10:26:12-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 10, t
he change loop count is 0, and the maximum number of records is 4095.vlan划分
[Huawei]vlan 10
[Huawei-vlan10]vlan 20
[Huawei-vlan20]vlan 30
[Huawei-vlan30]
Jun 5 2024 10:23:13-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 6, th
e change loop count is 0, and the maximum number of records is 4095.
[Huawei-vlan30]
[Huawei-vlan30]
[Huawei-vlan30]int e0/0/1
[Huawei-Ethernet0/0/1]port link
[Huawei-Ethernet0/0/1]port link-t
[Huawei-Ethernet0/0/1]port link-type tr
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]por
Jun 5 2024 10:28:03-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 7, th
e change loop count is 0, and the maximum number of records is 4095.t
^
Error:Incomplete command found at '^' position.
[Huawei-Ethernet0/0/2]port link
[Huawei-Ethernet0/0/2]port link-t
[Huawei-Ethernet0/0/2]port link-type tr
[Huawei-Ethernet0/0/2]port link-type acc
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]
Jun 5 2024 10:28:13-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 8, th
e change loop count is 0, and the maximum number of records is 4095.
[Huawei-Ethernet0/0/2]
[Huawei-Ethernet0/0/2]port default vlan 30
[Huawei-Ethernet0/0/2]
Jun 5 2024 10:28:43-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 9, th
e change loop count is 0, and the maximum number of records is 4095.核心交换机
[Huawei-vlan30]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]
[Huawei-GigabitEthernet0/0/1.10]int g0/0/1.20
[Huawei-GigabitEthernet0/0/1.20]ip addr 192.168.20.1 24
[Huawei-GigabitEthernet0/0/1.20]dot1q termination vid 20
Jun 5 2024 10:55:51-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[2]:The line protocol
IP on the interface GigabitEthernet0/0/1.20 has entered the UP state.
[Huawei-GigabitEthernet0/0/1.20]int g0/0/1.30
[Huawei-GigabitEthernet0/0/1.30]ip addr 192.168.30.1 24
[Huawei-GigabitEthernet0/0/1.30]dot1q termination vid 30
后面电脑突然蓝屏重启了,没有保存文件
后面电脑突然蓝屏重启了,没有保存文件
后面电脑突然蓝屏重启了,没有保存文件
☆新的拓扑图
简单模拟一下
路由器:
<Huawei>sys
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.22.22.1 24
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 202.194.222.1 24 #公网IP
[Huawei]ip route-static 192.168.10.0 24 10.22.22.2
[Huawei]ip route-static 192.168.20.0 24 10.22.22.2
[Huawei]ip route-static 192.168.30.0 24 10.22.22.2三层交换机
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]undo inf
[Huawei]undo info-center en
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]vlan b 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]vlan b 10 20 30 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlanif10
[Huawei-Vlanif10]ip addr 192.168.10.1 24
[Huawei-Vlanif10]int vlanif20
[Huawei-Vlanif20]ip addr 192.168.20.1 24
[Huawei-Vlanif20]int vlanif30
[Huawei-Vlanif30]ip addr 192.168.30.1 24
[Huawei-Vlanif30]int vlanif100
[Huawei-Vlanif100]ip addr 10.22.22.2 24
[Huawei-Vlanif100]int g0/0/3
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 100
[Huawei-GigabitEthernet0/0/3]un sh
Info: Interface GigabitEthernet0/0/3 is not shutdown.
[Huawei-GigabitEthernet0/0/3]q
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.2
Error: The next-hop address is invalid.
[Huawei]ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
[Huawei]
[Huawei]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]p l t
[Huawei-GigabitEthernet0/0/1]p t a v a二层交换机
[Huawei]int e0/0/3
[Huawei-Ethernet0/0/3]p l t #port link-type trunk
[Huawei-Ethernet0/0/3]p t a v a #port trunk allow-pass vlan all
[Huawei-Ethernet0/0/3]un sh
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 30
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 30
[Huawei-Ethernet0/0/2]un sh拓扑图:
内网互通
内网互通2
互通WAN IP:
外网访问:
4、将内网服务器80端口映射出去,
int e0/0/1
[Huawei-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.30.250 80启动http服务器
测试:
网页可以打开。
5、模拟器配置文件
LSW2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]display current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei]
[Huawei]LSW3
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu
[Huawei]dis current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
port link-type access
port default vlan 30
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei]LSW1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu
[Huawei]dis current-configuration
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20 30 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
#
interface Vlanif100
ip address 10.22.22.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.22.22.1
#
user-interface con 0
user-interface vty 0 4
#
return
[Huawei]
[Huawei]
[Huawei]
[Huawei]
[Huawei]
[Huawei]AR1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]dis cu
[Huawei]dis current-configuration
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit source 192.168.30.250 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.22.22.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 202.194.222.1 255.255.255.0
nat server protocol tcp global current-interface www inside 192.168.30.250 www
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 192.168.10.0 255.255.255.0 10.22.22.2
ip route-static 192.168.20.0 255.255.255.0 10.22.22.2
ip route-static 192.168.30.0 255.255.255.0 10.22.22.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]
[Huawei]
[Huawei]失效:一些失效的过程
拓扑图:
PC1: 192.168.1.10/24
PC5: 192.168.2.10/24
PC2: 192.168.10.22/24
PC3: 192.168.20.22/24
PC4: 192.168.30.22/24
LSW1: 192.168.30.10/24
LSW2: 192.168.30.11/24
Server1: 192.168.30.250/24
Server2: 202.194.222.4/24路由器
| 设备 | 接口 | IP地址 | 子网掩码 |
|---|---|---|---|
| R1 | Ethernet0/0/0 | 192.168.1.1 | 255.255.255.0 |
| R1 | Ethernet0/0/1 | 10.1.1.1 | 255.255.255.0 |
| R2 | Ethernet0/0/0 | 10.1.1.2 | 255.255.255.0 |
| R2 | Ethernet0/0/1 | 10.1.2.2 | 255.255.255.0 |
| R3 | Ethernet0/0/0 | 10.1.2.3 | 255.255.255.0 |
| R3 | Ethernet0/0/1 | 10.1.5.3 | 255.255.255.0 |
| R3 | GigabitEthernet0/0/0 | 192.168.100.1 | 255.255.255.0 |
| R3 | GigabitEthernet0/0/1 | 192.168.2.1 | 255.255.255.0 |
| R4 | Ethernet0/0/0 | 10.1.5.4 | 255.255.255.0 |
| R4 | Ethernet0/0/1 | 202.194.222.1 | 255.255.255.0 |
配置IP
PC1
PC5
SERVER2
PC2:
PC3:
路由器配置IP(
R1:
<Huawei>sys
[Huawei]sysname r1
[r1]int e0/0/0
[r1-Ethernet0/0/0]ip addr 192.168.1.1 24
[r1]int e0/0/1
[r1-Ethernet0/0/1]ip addr 10.1.1.1 24R2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]int e0/0/0
[r2-Ethernet0/0/0]ip addr 10.1.1.2 24
[r2-Ethernet0/0/0]int e0/0/1
[r2-Ethernet0/0/1]ip addr 10.1.2.2 24R3:
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.1.2.3 24
[Huawei-Ethernet0/0/0]int e0/0/1
[Huawei-Ethernet0/0/1]ip addr 10.1.5.3 24
[Huawei-Ethernet0/0/1]sysname r3
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip addr 192.168.2.1 24
[r3-GigabitEthernet0/0/1]int g0/0/0
[r3-GigabitEthernet0/0/0]ip addr 192.168.100.1 24
[r3-GigabitEthernet0/0/0]dis ip int brief
Interface IP Address/Mask Physical Protocol
Ethernet0/0/0 10.1.2.3/24 up up
Ethernet0/0/1 10.1.5.3/24 up up
GigabitEthernet0/0/0 192.168.100.1/24 up up
GigabitEthernet0/0/1 192.168.2.1/24 up up
GigabitEthernet0/0/2 unassigned down down R4:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int e0/0/0
[Huawei-Ethernet0/0/0]ip addr 10.1.5.4 24
[Huawei-Ethernet0/0/0]sysname r4
[r4]int e0/0/1
[r4-Ethernet0/0/1]ip addr 202.194.222.1 24配置静态路由
[r1]ip route-static 192.168.2.0 24 10.1.1.2
[r2]ip route-static 192.168.1.0 24 10.1.1.1
[r2]ip route-static 192.168.2.0 24 10.1.2.3
[r3]ip route-static 192.168.1.0 24 10.1.3.2<PC1>ping 192.168.2.10
<PC5>ping 192.168.1.100xff:文件下载
- 华为
https://p.dabbit.net/blog/pic_bed/sharex/_pn-2024-06-05-17-31-09_Robin_Slateblue_Fair.7z
网络系统集成基础(实验学时)——实验三
网络系统集成基础(实验学时)——实验三
题目要求:
对第二次实验课提出的公司网络做出客户需求分析,对所提需求进行网络规划和技术方案设计。(本次实验课完成1、2条设计实验)
1、内网划分多个VLAN(各部门),配置trunk使互相之间可以通信。减少广播域。(VLAN地域分散,处于不同交换机)
2、设置企业财务服务器,只允许财务部门VLAN 的电脑访问
3、所有用户均为自动获取IP地址,用户网关配置在核心交换机,
4、所有设备都可以任何位置Telnet远程管理
5、配置链路汇聚与生成树协议Stp,运行RSTP模式,确保核心交换机为根桥,配置根桥保护措施,确保根桥不被抢占
实验报告:
要求独立完成,报告需包含模拟器配置文件
使用华为模拟器或思科模拟器完成
第二次实验:
1、假设你为一公司做网络系统集成工程,公司基本情况(有电脑100台,分为生产部、技术部、财务部三个部门,分散在相距不远的两个办公楼),提出你的客户需求分析。
1. 内网划分多个VLAN(各部门),配置trunk使互相之间可以通信。减少广播域。(VLAN地域分散,处于不同交换机)
规划VLAN对应的IP子网:
VLAN 10(生产部): 192.168.10.0/24
VLAN 20(技术部): 192.168.20.0/24
VLAN 30(财务部): 192.168.30.0/24
企业财务服务器:192.168.30.250/24 (只允许vlan30访问)
拓扑结构大体如下:
交换机:
- core
- s1 财务部1
- s2 生产部
- s3 技术部
- s4 财务部2
配置交换机:
cisco的直接配VTP吧,交换机多。
核心交换机:
Switch>en
Switch#cont t
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp domain ovo.com
Switch(config)#hostname core #区分
core(config)#vlan 10
core(config-vlan)#name Production
core(config-vlan)#vlan 20
core(config-vlan)#name Tech
core(config-vlan)#vlan 30
core(config-vlan)#name Finance
core(config-vlan)#int range fa0/1-fa0/4
core(config-if-range)#switchport mode trunk #无效命令,自动配置
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
core(config-if-range)#exit
core(config)#exit
core#
%SYS-5-CONFIG_I: Configured from console by console
core#copy co
core#copy ?
flash: Copy from flash: file system
ftp: Copy from ftp: file system
running-config Copy from current system configuration
startup-config Copy from startup configuration
core#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
从交换机:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s1
s1(config)#vtp mode client
Setting device to VTP CLIENT mode.
s1(config)#vtp domain ovo.com
Changing VTP domain name from NULL to ovo.com
s1(config)#int f0/1
s1(config-if)#switchport mode trunk
s1(config-if)#do show vlan brief #能同步这个表就可以
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
10 Production active
20 Tech active
30 Finance active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
s1(config-if)#
#把所有的口分给vlan30
s1(config)#int range fa0/2-fa0/24
s1(config-if-range)#switchport mode access
s1(config-if-range)#switchport access vlan 30
s1(config-if-range)#exit
s1(config)#do show vlan brief
剩下的几个交换机同理:
S2 (生产部)
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s2
s2(config)#vtp mode client
Setting device to VTP CLIENT mode.
s2(config)#vtp domain ovo.com
Changing VTP domain name from NULL to ovo.com
s2(config)#int f0/1
s2(config-if)#switchport mode trunk
s2(config)#int range fa0/2-fa0/24
s2(config-if-range)#switchport mode access
s2(config-if-range)#switchport access vlan 10
s2(config-if-range)#exit
s2(config)#do show vlan brief
S3(技术部)
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s3
s3(config)#vtp mode client
Setting device to VTP CLIENT mode.
s3(config)#vtp domain ovo.com
Changing VTP domain name from NULL to ovo.com
s3(config)#int f0/1
s3(config-if)#switchport mode trunk
s3(config)#int range fa0/2-fa0/24
s3(config-if-range)#switchport mode access
s3(config-if-range)#switchport access vlan 20
s3(config-if-range)#exit
s3(config)#do show vlan brief
S4(技术部)
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s4
s4(config)#vtp mode client
Setting device to VTP CLIENT mode.
s4(config)#vtp domain ovo.com
Changing VTP domain name from NULL to ovo.com
s4(config)#int f0/1
s4(config-if)#switchport mode trunk
s4(config)#int range fa0/2-fa0/24
s4(config-if-range)#switchport mode access
s4(config-if-range)#switchport access vlan 30
s4(config-if-range)#exit
s4(config)#do show vlan brief
这时候看下core的配置应该是这样的:
core#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 Production active
20 Tech active
30 Finance active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
core#这里的接口的F0/1-F0/4应该从vlan表里消失。
然后配置三层交换的IP
core>en
core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
core(config)#ip routing
core(config)#int vlan 10
core(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
core(config-if)#ip addr 192.168.10.1 255.255.255.0
core(config-if)#no shut
core(config-if)#int vlan 20
core(config-if)#ip addr 192.168.20.1 255.255.255.0
core(config-if)#no shut
core(config-if)#int vlan 30
core(config-if)#ip addr 192.168.30.1 255.255.255.0
core(config-if)#no shut
配置信息
core#show ip int brief
Vlan1 unassigned YES unset administratively down down
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up
Vlan30 192.168.30.1 YES manual up up2、设置企业财务服务器,只允许财务部门VLAN 的电脑访问
配置ACL表
core(config)#access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.30.250
core(config)#access-list 100 deny ip any host 192.168.30.250
core(config)#int vlan 30
core(config-if)#ip access-group 100 in
core(config-if)#exit- 允许 192.168.30.0/24 网段(VLAN 30)访问财务服务器(192.168.30.250)。
- 拒绝其他所有主机访问财务服务器。
- 将 ACL 应用在 VLAN 30 的 SVI 接口入方向上。
core#show access-lists 100
Extended IP access list 100
permit ip 192.168.30.0 0.0.0.255 host 192.168.30.250
deny ip any host 192.168.30.250
core#3、所有用户均为自动获取IP地址,用户网关配置在核心交换机,
配置DHCP
core(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.20
core(config)#ip dhcp pool VLAN10
core(dhcp-config)#network 192.168.10.0 255.255.255.0
core(dhcp-config)#default-router 192.168.10.1
core(dhcp-config)#dns-server 223.5.5.5
core(dhcp-config)#exit
core(config)#ip dhcp excluded-address 192.168.20.1 192.168.20.20
core(config)#ip dhcp pool VLAN20
core(dhcp-config)#network 192.168.20.0 255.255.255.0
core(dhcp-config)#default-router 192.168.20.1
core(dhcp-config)#dns-server 223.5.5.5
core(dhcp-config)#exit
core(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.20
core(config)#ip dhcp pool VLAN30
core(dhcp-config)#network 192.168.30.0 255.255.255.0
core(dhcp-config)#default-router 192.168.30.1
core(dhcp-config)#dns-server 223.5.5.5
core(dhcp-config)#exit
然后ACL表允许DHCP(vlan30),直接用下面的
core(config)#access-list 100 permit udp any eq 68 any eq 67
core(config)#access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.30.250
core(config)#access-list 100 deny ip any host 192.168.30.250
core(config)#interface vlan 30
core(config-if)#ip access-group 100 in
core(config-if)#exitACL表再改下:
no access-list 100
access-list 100 permit udp any eq 68 any eq 67
access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.30.250
access-list 100 deny ip any host 192.168.30.250
access-list 100 permit tcp any any eq 23
access-list 100 permit ip any any
access-list 100 deny ip host 192.168.30.1 host 192.168.30.250 #关键!调了好久好久
core(config)#access-list 100 deny ip host 192.168.30.1 host 192.168.30.250 #关键!调了好久好久
core(config)#access-list 100 deny ip host 192.168.20.1 host 192.168.30.250 #关键!调了好久好久
core(config)#access-list 100 deny ip host 192.168.10.1 host 192.168.30.250 #关键!调了好久好久
core(config)#access-list 100 deny ip host 192.168.30.1 host 192.168.30.250
core(config)#access-list 100 deny ip host 192.168.20.1 host 192.168.30.250
core(config)#access-list 100 deny ip host 192.168.10.1 host 192.168.30.250
core(config)#interface vlan 30
core(config-if)#ip access-group 100 in
core(config-if)#interface vlan 20
core(config-if)#ip access-group 100 in
core(config-if)#interface vlan 10
core(config-if)#ip access-group 100 in
core(config-if)#
这里改成dhcp
过一会可以拿到IP
这些也是啦:
VLAN30也有啦
财务部服务器分配IP
这里拿个mac地址
我这里是:0090.0C20.1EE9
然后core加上这个:
ip dhcp pool SERVERRRR
host 192.168.30.250 255.255.255.0
client-identifier 0090.0C20.1EE9
default-router 192.168.30.1
这个模拟器版本的交换机不支持这个命令,所以就直接静态分配IP了。
默认会有一个IP,给他改成static
Test
PC 0 -> Server
可以访问。
PC 4 -> PC 0
可以访问。
PC 4 -> Server
正常,无法访问
PC 2(生产部) -> PC0
可以访问。
PC2 -> Server
不可访问
PC2->PC4
可以访问
4、所有设备都可以任何位置Telnet远程管理
核心交换机:
core(config)#line vty 0 4
core(config-line)#password 114514
core(config-line)#login
core(config-line)#transport input telnet
core(config-line)#exitIP:
core : 192.168.30.1 192.168.20.1 192.168.10.1
其他交换机IP地址:
S1: 192.168.30.10 (VLAN30)
S2: 192.168.10.10 (VLAN10)
S3: 192.168.20.10 (VLAN20)
S4: 192.168.30.11 (VLAN30)
s1>en
s1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s1(config)#int vlan 30
s1(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
s1(config-if)#ip addr 192.168.30.10 255.255.255.0
s1(config-if)#line vty 0 4
s1(config-line)#password 114514
s1(config-line)#login
s1(config-line)#transport input telnet
s1(config-line)#
S2
s2>en
s2#conft
Translating "conft"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
s2#cont t
^
% Invalid input detected at '^' marker.
s2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s2(config)#int vlan 10
s2(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
s2(config-if)#ip addr 192.168.10.10 255.255.255.0
s2(config-if)#line vty 0 4
s2(config-line)#password 114514
s2(config-line)#login
s2(config-line)#trans
s2(config-line)#transport in
s2(config-line)#transport input t
s2(config-line)#transport input telnet
s2(config-line)#S3:
s3>en
s3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3(config)#int vlan 20
s3(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
s3(config-if)#ip addr 192.168.20.10 255.255.255.0
s3(config-if)#line vty 0 4
s3(config-line)#password 114514
s3(config-line)#login
s3(config-line)#transp
s3(config-line)#transport input te
s3(config-line)#transport input telnet
s3(config-line)#
S4:
s4>en
s4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s4(config)#int vlan 30
s4(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
s4(config-if)#ip addr 192.168.30.11 255.255.255.0
s4(config-if)#line vty 0 4
s4(config-line)#password 114514
s4(config-line)#login
s4(config-line)#tra
s4(config-line)#transport in
s4(config-line)#transport input t
s4(config-line)#transport input telnet
s4(config-line)#S
````
### 再添加vlanIP
> 方便一点s1(config-if)#int vlan 20
s1(config-if)#ip addr 192.168.20.11 255.255.255.0
s1(config-if)#int vlan 10
s1(config-if)#ip addr 192.168.10.11 255.255.255.0
s2(config-if)#int vlan 20
s2(config-if)#ip addr 192.168.20.12 255.255.255.0
s2(config-if)#int vlan 30
s2(config-if)#ip addr 192.168.30.12 255.255.255.0
s3(config)#int vlan 30
s3(config-if)#ip addr 192.168.30.13 255.255.255.0
s3(config-if)#int vlan 10
s3(config-if)#ip addr 192.168.10.13 255.255.255.0
s4(config-if)#int vlan 10
s4(config-if)#ip addr 192.168.10.14 255.255.255.0
s4(config-if)#int vlan 20
s4(config-if)#ip addr 192.168.20.14 255.255.255.0
### 测试,从任何机子可以访问:
#### IP地址:
| 交换机 | VLAN 30 | VLAN 20 | VLAN 10 |
|--------|----------------|----------------|----------------|
| Core | 192.168.30.1 | 192.168.20.1 | 192.168.10.1 |
| S1 | 192.168.30.10 | 192.168.20.11 | 192.168.10.11 |
| S2 | 192.168.30.12 | 192.168.20.12 | 192.168.10.10 |
| S3 | 192.168.30.13 | 192.168.20.10 | 192.168.10.13 |
| S4 | 192.168.30.11 | 192.168.20.14 | 192.168.10.14 |
#### 测试访问:
CORE:
S1:
S2:
S3:
S4:
## 5、配置链路汇聚与生成树协议Stp,运行RSTP模式,确保核心交换机为根桥,配置根桥保护措施,确保根桥不被抢占
### Core
core(config)#spanning-tree mode rapid-pvst
core(config)#spanning-tree vlan 1-4094 priority 4096
### 其他交换机
s1(config)#spanning-tree mode rapid-pvst
s1(config)#exit
s2(config)#spanning-tree mode rapid-pvst
s2(config)#exit
s3(config)#spanning-tree mode rapid-pvst
s3(config)#exit
s4(config)#spanning-tree mode rapid-pvst
s4(config)#exit
### 测试
core(config)#do show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 4097
Address 0002.4AD7.2EDD
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)
Address 0002.4AD7.2EDD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 4106
Address 0002.4AD7.2EDD
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4106 (priority 4096 sys-id-ext 10)
Address 0002.4AD7.2EDD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4116
Address 0002.4AD7.2EDD
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4116 (priority 4096 sys-id-ext 20)
Address 0002.4AD7.2EDD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
VLAN0030
Spanning tree enabled protocol rstp
Root ID Priority 4126
Address 0002.4AD7.2EDD
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4126 (priority 4096 sys-id-ext 30)
Address 0002.4AD7.2EDD
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
core(config)#
core(config)#
Root ID 和 Bridge ID 相同:对于所有 VLAN(VLAN 1, 10, 20, 30),核心交换机的地址和优先级在 Root ID 和 Bridge ID 中是一致的,这台交换机是根桥。
没问题啦。
## 保存配置文件
core#copy running-config startup-config
s1#copy running-config startup-config
s2#copy running-config startup-config
s3#copy running-config startup-config
s4#copy running-config startup-config
## 配置文件
### Core
core#show running-config
Building configuration...
Current configuration : 2370 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname core
!
!
!
!
ip dhcp excluded-address 192.168.10.1 192.168.10.20
ip dhcp excluded-address 192.168.20.1 192.168.20.20
ip dhcp excluded-address 192.168.30.1 192.168.30.20
!
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 223.5.5.5
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 223.5.5.5
ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 223.5.5.5
ip dhcp pool SERVERRRR
ip routing
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree vlan 1-4094 priority 4096
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip access-group 100 in
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip access-group 100 in
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
ip access-group 100 in
!
ip classless
!
!
access-list 100 permit udp any eq bootpc any eq bootps
access-list 100 permit udp any eq bootps any eq bootpc
access-list 100 permit tcp any any eq telnet
access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.30.250
access-list 100 deny ip host 192.168.30.1 host 192.168.30.250
access-list 100 deny ip host 192.168.20.1 host 192.168.30.250
access-list 100 deny ip host 192.168.10.1 host 192.168.30.250
access-list 100 permit ip any any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
password 114514
login
transport input telnet
!
!
!
end
core#
### S1
s1#show running-config
Building configuration...
Current configuration : 2387 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname s1
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.11 255.255.255.0
!
interface Vlan20
ip address 192.168.20.11 255.255.255.0
!
interface Vlan30
ip address 192.168.30.10 255.255.255.0
!
!
line con 0
!
line vty 0 4
password 114514
login
transport input telnet
line vty 5 15
login
!
!
end
s1#
### S2
s2#show running-config
Building configuration...
Current configuration : 2387 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname s2
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 10
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.10 255.255.255.0
!
interface Vlan20
ip address 192.168.20.12 255.255.255.0
!
interface Vlan30
ip address 192.168.30.12 255.255.255.0
!
!
line con 0
!
line vty 0 4
password 114514
login
transport input telnet
line vty 5 15
login
!
!
end
s2#
### S3s3#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
s3#show run
s3#show running-config
Building configuration...
Current configuration : 2387 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname s3
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 20
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.13 255.255.255.0
!
interface Vlan20
ip address 192.168.20.10 255.255.255.0
!
interface Vlan30
ip address 192.168.30.13 255.255.255.0
!
!
line con 0
!
line vty 0 4
password 114514
login
transport input telnet
line vty 5 15
login
!
!
end
s3#
s3#
s3#
s3#
### S4
s4#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
s4#
s4#show run
s4#show running-config
Building configuration...
Current configuration : 2387 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname s4
!
!
spanning-tree mode rapid-pvst
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.14 255.255.255.0
!
interface Vlan20
ip address 192.168.20.14 255.255.255.0
!
interface Vlan30
ip address 192.168.30.11 255.255.255.0
!
!
line con 0
!
line vty 0 4
password 114514
login
transport input telnet
line vty 5 15
login
!
!
end
s4#
s4#
s4#
## 0xff 文件下载:pkt文件下载:
该实验接近7个小时。做了3个小时之后重启后的时间
文件下载:
