当前位置：首页 > news >正文

企业级网络综合集成实践：VLAN、Trunk、STP、路由协议(OSPF/RIP)、PPP、服务管理(TELNET/FTP)与安全(ACL)

news 2025/7/18 6:14:52

NE综合实验4

一、实验拓扑

在这里插入图片描述

二、实验需求

按照图示配置IP地址。
Sw7和sw8之间的直连链路配置链路聚合。
公司内部业务网段为vlan10和vlan20，vlan10是市场部，vlan20是技术部，要求对vlan进行命名以便区分识别；pc10属于vlan10，pc11属于vlan20，其中vlan30，vlan40，vlan50，vlan60，vlan70，vlan80，vlan90，vlan100，vlan110用于交换机之间建立rip动态路由协议及互联vlan。
所有交换机相连的端口配置为trunk，允许相关流量通过。
交换机连接pc的端口配置为边缘端口。
将sw9选举为生成树的根网桥。
在sw9上配置dhcp服务，为vlan10和20的pc动态分配IP地址、网关和dns地址，要求vlan10的网关192.168.1.254，vlan20的网关是192.168.2.254，dns为114.114.114.114，期限为一天。
按照图示分区域配置ospf协议，环回口宣告进对应区域中。
按照图示区域配置rip协议，环回口宣告进对应区域中，业务网段不允许出现协议报文。
要求实现内网全网互通。
R1和R2之间通过双线连接到互联网配置ppp-mp，并配置双向chap验证。
配置easy ip只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网。
R12开启telent远程登录，只允许192.168.1.0/24登录访问。
R13开启ftp服务，只允许192.168.2.0/24登录访问。

三、实验步骤

按照图示配置IP地址，略

Sw7和sw8之间的直连链路配置链路聚合

[SW7]int Bridge-Aggregation 1
[SW7-Bridge-Aggregation1]qu
[SW7]int range g1/0/3 to g1/0/5
[SW7-if-range]port link-aggregation group 1
[SW7-if-range]qu

[SW8]int Bridge-Aggregation 1
[SW8-Bridge-Aggregation1]qu
[SW8]int range g1/0/3 to g1/0/5
[SW8-if-range]port link-aggregation group 1
[SW8-if-range]qu

公司内部业务网段vlan10是市场部，vlan20是技术部，pc10属于vlan10，pc11属于vlan20

[SW9]vlan10
[SW9-vlan10]port g1/0/3
[SW9-vlan10]name shichangbu
[SW9-vlan10]vlan 20
[SW9-vlan20]port g1/0/4
[SW9-vlan20]name jishubu

给所有相连的交换机的端口配置为 trunk ，允许相关流量通过

[SW6]int g1/0/3
[SW6-GigabitEthernet1/0/3]port link-type trunk 
[SW6-GigabitEthernet1/0/3]port trunk pvid vlan 50
[SW6-GigabitEthernet1/0/3]port trunk permit vlan all[SW6-GigabitEthernet1/0/3]int g1/0/4
[SW6-GigabitEthernet1/0/4]port link-type trunk 
[SW6-GigabitEthernet1/0/4]port trunk pvid vlan 60
[SW6-GigabitEthernet1/0/4]port trunk permit vlan all
[SW6-GigabitEthernet1/0/4]qu

[SW7]int g1/0/1
[SW7-GigabitEthernet1/0/1]port link-type trunk
[SW7-GigabitEthernet1/0/1]port trunk pvid vlan 50 
[SW7-GigabitEthernet1/0/1]port trunk permit vlan all[SW7-GigabitEthernet1/0/1]int g1/0/2 
[SW7-GigabitEthernet1/0/2]port link-type trunk
[SW7-GigabitEthernet1/0/2]port trunk pvid vlan 30
[SW7-GigabitEthernet1/0/2]port trunk permit vlan all[SW7-GigabitEthernet1/0/2]int br 1
[SW7-Bridge-Aggregation1]port link-type trunk
[SW7-Bridge-Aggregation1]port trunk pvid vlan 110 
[SW7-Bridge-Aggregation1]port trunk permit vlan all

[SW8]int g1/0/1 
[SW8-GigabitEthernet1/0/1]port link-type trunk 
[SW8-GigabitEthernet1/0/1]port trunk pvid vlan 60
[SW8-GigabitEthernet1/0/1]port trunk permit vlan all[SW8]int g1/0/2 
[SW8-GigabitEthernet1/0/2]port link-type trunk 
[SW8-GigabitEthernet1/0/2]port trunk pvid vlan 40
[SW8-GigabitEthernet1/0/2]port trunk permit vlan all[SW8]int Bridge-Aggregation 1
[SW8-Bridge-Aggregation1]port link-type trunk 
[SW8-Bridge-Aggregation1]port trunk pvid vlan 110
[SW8-Bridge-Aggregation1]port trunk permit vlan all

[SW9]int g1/0/1
[SW9-GigabitEthernet1/0/1]port link-type trunk 
[SW9-GigabitEthernet1/0/1]port trunk pvid vlan 30
[SW9-GigabitEthernet1/0/1]port trunk permit vlan all[SW9-GigabitEthernet1/0/1]int g1/0/2 
[SW9-GigabitEthernet1/0/2]port link-type trunk 
[SW9-GigabitEthernet1/0/2]port trunk pvid vlan 40
[SW9-GigabitEthernet1/0/2]port trunk permit vlan all

交换机连接pc的端口配置为边缘端口

[SW9]int g1/0/3 
[SW9-GigabitEthernet1/0/3]stp edged-port 
[SW9-GigabitEthernet1/0/3]int g1/0/4 
[SW9-GigabitEthernet1/0/4]stp edged-port

将sw9选举为生成树的根网桥
```
[SW9]stp priority 4096
```

在sw9上配置dhcp服务，为vlan10和20的pc动态分配IP地址、网关和dns地址，要求vlan10的网关192.168.1.254，vlan20的网关是192.168.2.254，dns为114.114.114.114，期限为一天

[SW9]dhcp enable
[SW9]dhcp server ip-pool 1
[SW9-dhcp-pool-1]network 192.168.1.0 24
[SW9-dhcp-pool-1]gateway-list 192.168.1.254 
[SW9-dhcp-pool-1]dns-list 114.114.114.114
[SW9-dhcp-pool-1]expired day 1
[SW9-dhcp-pool-1]quit [SW9]dhcp server ip-pool 2
[SW9-dhcp-pool-2]network 192.168.2.0 24 
[SW9-dhcp-pool-2]gateway-list 192.168.2.254
[SW9-dhcp-pool-1]dns-list 114.114.114.114
[SW9-dhcp-pool-1]expired day 1
[SW9-dhcp-pool-1]quit

在PC_10和PC_11上配置DHCP

[PC_10]int g0/0
[PC_10-GigabitEthernet0/0]ip add dhcp-alloc 
[PC_10-GigabitEthernet0/0]qu

[PC_1]int g0/0
[PC_1-GigabitEthernet0/0]ip add dhcp-alloc 
[PC_1-GigabitEthernet0/0]qu

按照图示分区域配置ospf协议，环回口宣告进对应区域中

[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]net 172.16.2.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 172.16.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]a 1
[R2-ospf-1-area-0.0.0.1]net 172.16.5.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]qu
[R2-ospf-1]dis th
#
ospf 1 router-id 2.2.2.2area 0.0.0.0network 2.2.2.2 0.0.0.0network 172.16.1.0 0.0.0.255network 172.16.2.0 0.0.0.255area 0.0.0.1network 172.16.5.0 0.0.0.255
#
return
[R2-ospf-1]qu

[R3]ospf 1 router-id 3.3.3.3 
[R3-ospf-1]a 0
[R3-ospf-1-area-0.0.0.0]net 172.16.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 172.16.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]a 2
[R3-ospf-1-area-0.0.0.2]net 172.16.7.0 0.0.0.255
[R3-ospf-1-area-0.0.0.2]qu
[R3-ospf-1]dis th
#
ospf 1 router-id 3.3.3.3area 0.0.0.0network 3.3.3.3 0.0.0.0network 172.16.2.0 0.0.0.255network 172.16.3.0 0.0.0.255area 0.0.0.1area 0.0.0.2network 172.16.7.0 0.0.0.255
#
return
[R3-ospf-1]qu

[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]a 0
[R4-ospf-1-area-0.0.0.0]net 172.16.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]net 172.16.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]net 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]a 1
[R4-ospf-1-area-0.0.0.1]net 172.16.6.0 0.0.0.255
[R4-ospf-1-area-0.0.0.1]qu
[R4-ospf-1]dis th
#
ospf 1 router-id 4.4.4.4area 0.0.0.0network 4.4.4.4 0.0.0.0network 172.16.1.0 0.0.0.255network 172.16.4.0 0.0.0.255area 0.0.0.1network 172.16.6.0 0.0.0.255
#
return
[R4-ospf-1]qu

[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]
[R5-ospf-1]a 0
[R5-ospf-1-area-0.0.0.0]net 172.16.3.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]net 172.16.4.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]net 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]a 2
[R5-ospf-1-area-0.0.0.2]net 172.16.8.0 0.0.0.255
[R5-ospf-1-area-0.0.0.2]qu
[R5-ospf-1]dis th
#
ospf 1 router-id 5.5.5.5area 0.0.0.0network 5.5.5.5 0.0.0.0network 172.16.3.0 0.0.0.255network 172.16.4.0 0.0.0.255area 0.0.0.2network 172.16.8.0 0.0.0.255
#
return
[R5-ospf-1]qu

[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]a 1
[R12-ospf-1-area-0.0.0.1]net 172.16.5.0 0.0.0.255
[R12-ospf-1-area-0.0.0.1]net 172.16.6.0 0.0.0.255
[R12-ospf-1-area-0.0.0.1]net 12.12.12.12 0.0.0.0
[R12-ospf-1-area-0.0.0.1]qu
[R12-ospf-1]dis th
#
ospf 1 router-id 12.12.12.12area 0.0.0.1network 12.12.12.12 0.0.0.0network 172.16.5.0 0.0.0.255network 172.16.6.0 0.0.0.255
#
return
[R12-ospf-1]qu

[R13]ospf 1 router-id  13.13.13.13
[R13-ospf-1]a 2
[R13-ospf-1-area-0.0.0.2]net 172.16.7.0 0.0.0.255
[R13-ospf-1-area-0.0.0.2]net 172.16.8.0 0.0.0.255
[R13-ospf-1-area-0.0.0.2]net 13.13.13.13 0.0.0.0
[R13-ospf-1-area-0.0.0.2]qu
[R13-ospf-1]dis th
#
ospf 1 router-id 13.13.13.13area 0.0.0.2network 13.13.13.13 0.0.0.0network 172.16.7.0 0.0.0.255network 172.16.8.0 0.0.0.255
#
return
[R13-ospf-1]qu

按照图示区域配置rip协议，环回口宣告进对应区域中

[R4]rip 1
[R4-rip-1]ver 2
[R4-rip-1]undo su
[R4-rip-1]net 10.1.1.0
[R4-rip-1]dis th
#
rip 1undo summaryversion 2network 10.0.0.0
#
return
[R4-rip-1]qu

[R5]rip 1
[R5-rip-1]ver 2
[R5-rip-1]undo su
[R5-rip-1]net 10.1.4.0
[R5-rip-1]dis th
#
rip 1undo summaryversion 2network 10.0.0.0
#
return
[R5-rip-1]qu

[SW6]rip 1 
[SW6-rip-1]ver 2
[SW6-rip-1]undo su 
[SW6-rip-1]network 10.0.0.0
[SW6-rip-1]network 6.6.6.6
[SW6-rip-1]dis th
#
rip 1undo summaryversion 2network 6.0.0.0network 10.0.0.0
#
return
[SW6-rip-1]qu

[SW7]rip 1
[SW7-rip-1]ver 2
[SW7-rip-1]undo su
[SW7-rip-1]net 10.1.1.0
[SW7-rip-1]net 192.168.3.0
[SW7-rip-1]net 192.168.5.0
[SW7-rip-1]net 7.7.7.7
[SW7-rip-1]dis th
#
rip 1undo summaryversion 2network 7.0.0.0network 10.0.0.0network 192.168.3.0network 192.168.5.0
#
return
[SW7-rip-1]qu

[SW8]rip 1
[SW8-rip-1]ver 2
[SW8-rip-1]undo su
[SW8-rip-1]net 10.1.6.0
[SW8-rip-1]net 192.168.4.0
[SW8-rip-1]net 192.168.5.0
[SW8-rip-1]net 8.8.8.8
[SW8-rip-1]dis th
#
rip 1undo summaryversion 2network 8.0.0.0network 10.0.0.0network 192.168.4.0network 192.168.5.0
#
return
[SW8-rip-1]qu

[SW9]rip 1
[SW9-rip-1]ver 2
[SW9-rip-1]undo su
[SW9-rip-1]net 192.168.1.0
[SW9-rip-1]net 192.168.2.0
[SW9-rip-1]net 192.168.3.0
[SW9-rip-1]net 192.168.4.0
[SW9-rip-1]net 9.9.9.9
[SW8-rip-1]dis th
#
rip 1undo summaryversion 2network 9.0.0.0network 192.168.1.0network 192.168.2.0network 192.168.3.0network 192.168.4.0
#
return
[SW9-rip-1]qu

业务网段不允许出现协议报文

[SW9]rip 1
[SW9-rip-1]silent-interface Vlan-interface 10
[SW9-rip-1]silent-interface Vlan-interface 20
[SW9-rip-1]qu

OSPF和RIP双向引入

[R4]ospf 1
[R4-ospf-1]import-route rip 1
[R4-ospf-1]import-route direct 
[R4-ospf-1]qu
[R4]rip 1
[R4-rip-1]import-route ospf 1
[R4-rip-1]import-route direct 
[R4-rip-1]qu

[R5]ospf 1
[R5-ospf-1]import-route rip 1
[R5-ospf-1]import-route direct 
[R5-ospf-1]qu
[R5]rip 1
[R5-rip-1]import-route ospf 1
[R5-rip-1]import-route direct 
[R5-rip-1]qu

R1和R2之间通过双线连接到互联网配置ppp-mp，并配置双向chap验证

[R1]local-user wiltjer class network 
New local user added.
[R1-luser-network-wiltjer]password simple 123456
[R1-luser-network-wiltjer]service-type ppp
[R1-luser-network-wiltjer]qu
[R1]int s1/0
[R1-Serial1/0]ppp authentication-mode chap 
[R1-Serial1/0]ppp chap user wiltjer
[R1-Serial1/0]int s2/0
[R1-Serial2/0]ppp authentication-mode chap 
[R1-Serial2/0]ppp chap user wiltjer
[R1-Serial2/0]qu

[R2]local-user wiltjer class network 
New local user added.
[R2-luser-network-wiltjer]password simple 123456
[R2-luser-network-wiltjer]service-type ppp
[R2-luser-network-wiltjer]qu
[R2]int s1/0
[R2-Serial1/0]ppp authentication-mode chap 
[R2-Serial1/0]ppp chap user wiltjer
[R2-Serial1/0]int s2/0
[R2-Serial2/0]ppp authentication-mode chap 
[R2-Serial2/0]ppp chap user wiltjer
[R2-Serial2/0]qu

配置easy ip只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网

[R2]ip route-static 0.0.0.0 0 202.100.1.1
[R2]ospf 1
[R2-ospf-1]default-route-advertise
[R2-ospf-1]qu[R2]acl basic 2000
[R2-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[R2-acl-ipv4-basic-2000]qu
[R2]int MP-group 1
[R2-MP-group1]packet-filter 2000 outbound 
[R2-MP-group1]qu

[R3]ip route-static 0.0.0.0 0 202.100.2.1
[R3]ospf 1
[R3-ospf-1]default-route-advertise
[R3-ospf-1]qu[R3]acl basic 2000
[R3-acl-ipv4-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[R3-acl-ipv4-basic-2000]rule deny source 192.168.2.0 0.0.0.255
[R3-acl-ipv4-basic-2000]qu
[R3]int MP-group 1
[R3-MP-group1]packet-filter 2000 outbound 
[R3-MP-group1]qu

R12开启telent远程登录，只允许192.168.1.0/24登录访问

[R12]telnet server enable 
[R12]local-user wiltjer class manage 
New local user added.
[R12-luser-manage-wiltjer]password simple 123456.com
[R12-luser-manage-wiltjer]service-type telnet
[R12-luser-manage-wiltjer]authorization-attribute user-role level-15
[R12-luser-manage-wiltjer]qu
[R12]user-interface vty 0 4
[R12-line-vty0-4]authentication-mode scheme 
[R12-line-vty0-4]qu

[R12]acl advanced 3000
[R12-acl-ipv4-adv-3000]rule permit tcp source 192.168.1.0 0.0.0.255 destination-
port eq 23
[R12-acl-ipv4-adv-3000]rule deny tcp source any destination-port eq 23
[R12-acl-ipv4-adv-3000]dis th
#
acl advanced 3000rule 0 permit tcp source 192.168.1.0 0.0.0.255 destination-port eq telnetrule 5 deny tcp destination-port eq telnet
#
return
[R12-acl-ipv4-adv-3000]qu
[R12]int range g0/0 to g0/1
[R12-if-range]packet-filter 3000 inbound 
[R12-if-range]qu

R13开启ftp服务，只允许192.168.2.0/24登录访问

[R13]ftp server enable 
[R13]local-user wiltjer class manage 
New local user added.
[R13-luser-manage-wiltjer]password simple 123456.com
[R13-luser-manage-wiltjer]service-type ftp 
[R13-luser-manage-wiltjer]authorization-attribute user-role level-15
[R13-luser-manage-wiltjer]qu
[R13]user-interface vty 0 4
[R13-line-vty0-4]authentication-mode scheme 
[R13-line-vty0-4]q

[R13]acl advanced 3000
[R13-acl-ipv4-adv-3000]rule permit tcp source 192.168.2.0 0.0.0.255 destination-
port range 20 21
[R13-acl-ipv4-adv-3000]rule deny tcp source any destination-port range 20 21
[R13-acl-ipv4-adv-3000]dis th
#
acl advanced 3000rule 0 permit tcp source 192.168.2.0 0.0.0.255 destination-port range ftp-data ftprule 5 deny tcp destination-port range ftp-data ftp
#
return
[R13-acl-ipv4-adv-3000]qu
[R13]int range g0/0 to g0/1
[R13-if-range]packet-filter 3000 inbound 
[R13-if-range]qu

查看全文

http://www.dtcms.com/a/283994.html