Cisco packet tracer6.0下的网络工程实训
生活随笔
收集整理的這篇文章主要介紹了
Cisco packet tracer6.0下的网络工程实训
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
期末的專業實訓,在cisco6.0下配置一個簡單的局域網。主要用到了下面幾個技術:dhcp中繼、vlan的劃分、鏈路聚合、靜態nat、ospf協議、訪問控制列表。先看一下總的拓撲圖,在分步實現功能。
- 2、全網配置OSPF協議。
- 3、總部和分部分別配置NAT。
- 4、公司總部LSW1、LSW2之間配置鏈路聚合。
- 5、公司分部的Ser服務器負責vlan10、vlan20的ip地址分配。在安全上要求vlan20不允許訪問Ser上的www服務
0x01:公司分部(共四個網段10.28.4.0 10.28.5.0 10.28.6.0 10.28.7.0)
配置ser的ip,如下:
配置dhcp:
在三層交換機上配置dhcp中繼:
?
Switch#vlan database % Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult userdocumentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 100 //創建vlan VLAN 100 added:Name: VLAN0100 Switch(vlan)#vlan 10 VLAN 10 added:Name: VLAN0010 Switch(vlan)#vlan 20 VLAN 20 added:Name: VLAN0020 Switch(vlan)#exit APPLY completed. Exiting.... Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 10 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan10, changed state to up //分別為vlan綁定網段的掩碼 ip address 10.28.6.254 255.255.255.0 Switch(config-if)#ip help Switch(config-if)#ip helper-address 10.28.5.1 //為vlan配置中繼代理 Switch(config-if)#int vlan 20 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan20, changed state to up ip address 10.28.7.254 255.255.255.0 Switch(config-if)#ip help Switch(config-if)#ip helper-address 10.28.5.1 Switch(config-if)#int vlan 100 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan100, changed state to up ip address 10.28.5.254 255.255.255.0 Switch(config-if)#int f0/1 Switch(config-if)#swiyc Switch(config-if)#switc Switch(config-if)#switchport access vlan 10 Switch(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to upSwitch(config-if)#int f0/2 Switch(config-if)#switchport access vlan 20 Switch(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to upSwitch(config-if)#int f0/24 Switch(config-if)#switchport access vlan 100 Switch(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to upSwitch(config-if)#exit?
把vlan10和vlan20的IP獲取設置為dhcp模式,查看分配IP。
?在三層交換機上配置ospf,為了能夠讓vlan10、vlan20與ser互通:
Switch(config)#ip routing Switch(config)#router ospf 1 Switch(config-router)#network 10.28.4.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.5.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.6.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.7.0 0.0.0.255 area 0 Switch(config-router)#exit Switch(config)#exit?查看連通性
訪問ser的www服務
在三成交換機上配置擴展ACL,阻止vlan20訪問ser的www服務。
Switch(config)#access Switch(config)#access-list 101 deny tcp 10.28.7.0 0.0.0.255 10.28.5.0 0.0.0.255 eq www //tcp后面依次是要被阻止的網段、阻止網段的反向掩碼、ser的網段。ser的反向掩碼 Switch(config)#ac Switch(config)#access-list 101 permit ip any any Switch(config)#int vlan 100 Switch(config-if)#ip accrss Switch(config-if)#ip acce Switch(config-if)#ip access-group 101 out Switch(config-if)#用vlan20再次訪問ser的www服務,訪問失敗
?
?
0x02:公司總部 (共四個網段 10.28.10.0 10.28.20.0 10.28.30.0 10.28.40.0)
首先為pc2、pc3手動設置IP
然后依次在左邊交換機和右邊交換機生配置鏈路聚合
左邊交換機配置:
Switch(config)#host S1 S1(config)#vlan 10 S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#exit S1(config)#int range f0/10 - 11 S1(config-if-range)#switchport trunk encapsulation dot1q S1(config-if-range)#switchport mode trunk S1(config-if-range)#duplex full S1(config-if-range)#speed 100 S1(config-if-range)#channel-group 1 mode active S1(config-if-range)#exit S1(config)#int vlan 10 S1(config-if)#ip address 10.28.10.254 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip address 10.28.20.254 255.255.255.0 S1(config-if)#exit S1(config)#ip routing S1(config)#int f0/2 S1(config-if)#switch S1(config-if)#switchport access vlan 10 S1(config-if)#右邊交換機配置:
Switch(config)#host S2 S2(config)#vlan 10 S2(config-vlan)#exit S2(config)#vlan 20 S2(config-vlan)#exit S2(config)#int range f0/10 - 11 S2(config-if-range)#switchport trunk encapsulation dot1q S2(config-if-range)#switchport mode trunk S2(config-if-range)#duplex full S2(config-if-range)#speed 100 S2(config-if-range)#channel-group 1 mode passive S2(config-if-range)#exit S2(config)#int vlan 10 S2(config-if)#ip address 10.28.10.254 255.255.255.0 S2(config-if)#exit S2(config)#int vlan 20 S2(config-if)#ip address 10.28.20.254 255.255.255.0 S2(config-if)#exit S2(config)#ip routing S2(config)#int f0/2 S2(config-if)#switc S2(config-if)#switchport access vlan 20 S2(config-if)#檢測連通性,pc2 ping pc3:
?給上面路由器的f0/1、f1/0接口和兩個交換機的f0/1接口配置IP。
Router(config)#int f0/1 Router(config-if)#ip address 10.28.30.1 255.255.255.0 Router(config-if)#no shuRouter(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upRouter(config-if)#int f1/0 Router(config-if)#ip address 10.28.40.1 255.255.255.0 Router(config-if)#no shuRouter(config-if)# %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to upRouter(config-if)# S1(config)#int f0/1 S1(config-if)#no switch S1(config-if)#no switchport S1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upS1(config-if)#ip address 10.28.30.2 255.255.255.0 S1(config-if)# S2(config)#int f0/1 S2(config-if)#no switch S2(config-if)#no switchport S2(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upS2(config-if)#ip address 10.28.40.2 255.255.255.0?在兩個交換機上配置ospf
S1(config)#router ospf 1 S1(config-router)#network 10.28.10.0 0.0.0.255 area 0 S1(config-router)#network 10.28.20.0 0.0.0.255 area 0 S1(config-router)#network 10.28.30.0 0.0.0.255 area 0 S1(config-router)#network 10.28.40.0 0.0.0.255 area 0 S1(config-router)#exit S1(config)#exit?0x03:連接總部分部(兩個接口使用100.100.100.1 和 100.100.100.2)
給兩個路由器的接口配置IP和ospf
Router(config)#int f0/0 Router(config-if)#ip address 100.100.100.1 255.255.255.0 Router(config-if)#no shu Router(config)#int f0/0 Router(config-if)#ip address 100.100.100.2 255.255.255.0 Router(config-if)#no shu Router(config-router)#router ospf 1 Router(config-router)#network 10.28.30.0 0.0.0.255 area 0 Router(config-router)#network 10.28.40.0 0.0.0.255 area 0 Router(config-router)#network 100.100.100.0 0.0.0.255 area 0 Router(config-router)#exit Router(config)#exit Router(config)#router ospf 1 Router(config-router)#network 10.28.4.0 0.0.0.255 area 0 Router(config-router)#network 100.100.100.0 0.0.0.255 area 0 Router(config-router)#exit?然后用左邊的pc去ping一下右邊的服務器,檢查連通性。
0x04:在兩個路由器上配置nat。
左邊路由器配置如下:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Router(config)#int f0/1 Router(config-if)#ip nat inside Router(config-if)#int f1/0 Router(config-if)#ip nat inside Router(config-if)#int f0/0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip nat inside source static 10.28.10.1 100.100.100.3 Router(config)#ip nat inside source static 10.28.20.1 100.100.100.4 Router(config)#end Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 100.100.100.3 10.28.10.1 --- --- --- 100.100.100.4 10.28.20.1 --- ---?右邊路由器配置如下:
Router(config)#int f0/1 Router(config-if)#ip nat inside Router(config-if)#int f0/0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip nat inside source static 10.28.6.1 100.100.100.5 //static后面跟數據報來源(右邊兩臺pc)的IP和公網的IP(100.100.100.x) Router(config)#ip nat inside source static 10.28.7.1 100.100.100.6 Router(config)#end Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 100.100.100.5 10.28.6.1 --- --- --- 100.100.100.6 10.28.7.1 --- ---Router#?再次ping右邊的服務器
最后在路由器上看一下nat表,檢車地址是否轉換成功。
?(ps:本人太菜,若有錯誤的地方歡迎大佬隨時責罵。。。。xixixii)
轉載于:https://www.cnblogs.com/liangxiyang/p/10999676.html
總結
以上是生活随笔為你收集整理的Cisco packet tracer6.0下的网络工程实训的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 大道至简读书笔记02
- 下一篇: 第二章:05变量