做网络平台的网站亿企邦网站建设

当前位置： 首页 > news >正文

做网络平台的网站,亿企邦网站建设,做网站的服务商,化妆品网站建设的维护实验拓扑 实验要求 1、按照图示配置IP地址 2、sw1和sw2之间的直连链路配置链路聚合 3、 公司内部业务网段为VLAN10和VLAN20; VLAN 10是市场部#xff0c;vlan20是技术部#xff0c;要求对VLAN进行命名以便识别#xff1b;PC1属于vlan10#xff0c;PC2属于vlan20#xf…实验拓扑 实验要求 1、按照图示配置IP地址 2、sw1和sw2之间的直连链路配置链路聚合 3、 公司内部业务网段为VLAN10和VLAN20; VLAN 10是市场部vlan20是技术部要求对VLAN进行命名以便识别PC1属于vlan10PC2属于vlan20vlan30用于SW1和SW2建立OSPF邻居VLAN111为SW1和R1的互联vlanvlan222为sw2和R2的互联vlan 4、所有交换机相连的端口配置为TRUNK允许相关流量通过 5、交换机连接PC的端口配置为边缘端口 6、在SW1上配置DHCP服务为vlan10和vlan20的PC动态分配IP地址网关和DNS地址要求vlan10的网关是192.168.1.252vlan20的网关是192.168.2.253 7、按图示分区域配置OSPF实现公司内部网络全网互通ABR的环回口宣告进骨干区域业务网段不允许出现协议报文 8、R1上配置默认路由指向互联网并引入到OSPF 9、R1通过双线连接到互联网配置PPP-MP并配置双向CHAP验证 10、配置EASY IP只有业务网段192.168.1.0/24和192.168.2.0/24 的数据流可以通过R1访问互联网 11、R1开启TELNET远程管理使用用户ABC登录密码ABC只允许技术部远程管理R1 实验解法 1、给PC配置IP地址 为R1配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C]int g0/1 [H3C-GigabitEthernet0/1]ip ad [H3C-GigabitEthernet0/1]ip address 10.0.0.1 30 [H3C-GigabitEthernet0/1]int g0/0 [H3C-GigabitEthernet0/0]ip ad 10.0.0.5 30 [H3C-GigabitEthernet0/0]int g0/2 [H3C-GigabitEthernet0/2]ip ad 10.0.0.14 30 [H3C-GigabitEthernet0/2]int lo0 [H3C-LoopBack0]ip ad 10.1.1.1 32 [H3C-LoopBack0]int mp-group 1 [H3C-MP-group1]ip address 202.100.1.2 30 [H3C]di ip int b *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 10.0.0.⁵⁄₃₀ – – GE0/1 up up 10.0.0.¹⁄₃₀ – – GE0/2 up up 10.0.0.¹⁴⁄₃₀ – – GE5/0 down down – – – GE5/1 down down – – – GE6/0 down down – – – GE6/1 down down – – – Loop0 up up(s) 10.1.1.¹⁄₃₂ – – MP1 down down 202.100.1.²⁄₃₀ – – Ser1/0 up up – – – Ser2/0 up up – – – Ser3/0 down down – – – Ser4/0 down down – – – [H3C] R2上配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C] [H3C]sysn [H3C]sysname r2 [r2]int g0/0 [r2-GigabitEthernet0/0]ip ad 10.0.0.9 30 [r2-GigabitEthernet0/0]int g0/2 [r2-GigabitEthernet0/2]ip ad 10.0.0.2 30 [r2-GigabitEthernet0/2]int g0/1 [r2-GigabitEthernet0/1]ip ad 10.0.0.18 30 [r2-GigabitEthernet0/1]int lo0 [r2-LoopBack0]ip ad 10.1.1.2 32 [r2-LoopBack0]qu [r2]di ip in b *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 10.0.0.⁹⁄₃₀ – – GE0/1 up up 10.0.0.¹⁸⁄₃₀ – – GE0/2 up up 10.0.0.²⁄₃₀ – – GE5/0 down down – – – GE5/1 down down – – – GE6/0 down down – – – GE6/1 down down – – – Loop0 up up(s) 10.1.1.²⁄₃₂ – – Ser1/0 down down – – – Ser2/0 down down – – – Ser3/0 down down – – – Ser4/0 down down – – – [r2] R3上配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C]sysn [H3C]sysname r3 [r3]int g0/0 [r3-GigabitEthernet0/0]ip ad 10.0.0.13 30 [r3-GigabitEthernet0/0]int g0/1 [r3-GigabitEthernet0/1]ip ad 10.0.0.17 30 [r3-GigabitEthernet0/1]int g0/2 [r3-GigabitEthernet0/2]ip ad 192.168.3.254 24 [r3-GigabitEthernet0/2]int lo0 [r3-LoopBack0]ip ad 10.1.1.3 32 [r3-LoopBack0]qu [r3]di ip int b *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 10.0.0.¹³⁄₃₀ – – GE0/1 up up 10.0.0.¹⁷⁄₃₀ – – GE0/2 up up 192.168.3.²⁵⁴⁄₂₄ – – GE5/0 down down – – – GE5/1 down down – – – GE6/0 down down – – – GE6/1 down down – – – Loop0 up up(s) 10.1.1.³⁄₃₂ – – Ser1/0 down down – – – Ser2/0 down down – – – Ser3/0 down down – – – Ser4/0 down down – – – [r3]在SW1上配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C]sysn [H3C]sysname sw1 [sw1]vlan 10 [sw1-vlan10]qu [sw1]vlan 20 [sw1-vlan20]qu [sw1]vlan 30 [sw1-vlan30]qu [sw1]vlan 111 [sw1-vlan111]po [sw1-vlan111]port g1/0/4 [sw1-vlan111]qu [sw1]int vlan 10 [sw1-Vlan-interface10]ip ad 192.168.1.252 24 [sw1-Vlan-interface10]di th # interface Vlan-interface10ip address 192.168.1.252 255.255.255.0 # return [sw1-Vlan-interface10]int vlan 20 [sw1-Vlan-interface20]ip ad 192.168.2.252 24 [sw1-Vlan-interface20]int vlan 30 [sw1-Vlan-interface30]ip ad 10.1.2.1 30 [sw1-Vlan-interface30]int vlan 111[sw1-Vlan-interface111]ip ad 10.0.0.6 30 [sw1-Vlan-interface111]int lo0 [sw1-LoopBack0]ip ad 10.1.1.11 32 [sw1-LoopBack0]在SW2上配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C]sysn [H3C]sysname sw2 [sw2]vlan 10 [sw2-vlan10]vlan 20 [sw2-vlan20]vlan 30 [sw2-vlan30]vlan 222 [sw2-vlan222]po [sw2-vlan222]port g1/0/4 [sw2-vlan222]int vlan 10 [sw2-Vlan-interface10]ipad [sw2-Vlan-interface10]ip ad 192.168.1.253 24 [sw2-Vlan-interface10]int vlan 20 [sw2-Vlan-interface20]ip ad 192.168.2.253 24 [sw2-Vlan-interface20]int vlan 30 [sw2-Vlan-interface30]ip ad 10.1.2.2 30 [sw2-Vlan-interface30]int vlan 222 [sw2-Vlan-interface222]ip ad 10.0.0.10 30 [sw2-Vlan-interface222]int lo0 [sw2-LoopBack0]ip ad 10.1.1.12 32 [sw2-LoopBack0]qu [sw2]di ip in b *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP Address Description Loop0 up up(s) 10.1.1.12 – MGE0/0/0 down down – – Vlan10 down down 192.168.1.253 – Vlan20 down down 192.168.2.253 – Vlan30 down down 10.1.2.2 – Vlan222 up up 10.0.0.10 –在 lneternet上配置IP地址 H3Csys System View: return to User View with CtrlZ. [H3C]sysn [H3C]sysname lnternet [lnternet]int mp-group 1 [lnternet-MP-group1]ip ad 202.100.1.1 30 [lnternet-MP-group1]int lo0 [lnternet-LoopBack0]ip ad 100.1.1.1 32 [lnternet-LoopBack0]qu 在SW1和SW2之间的直连链路配置链路聚合 [sw1]int Bridge-Aggregation 1 [sw1-Bridge-Aggregation1]int g1/0/1 [sw1-GigabitEthernet1/0/1]port link-aggregation group 1 [sw1-GigabitEthernet1/0/1]int g1/0/2 [sw1-GigabitEthernet1/0/2]port link-aggregation group 1[sw2]interface Bridge-Aggregation 1 [sw2-Bridge-Aggregation1]int g1/0/1 [sw2-GigabitEthernet1/0/1]port link-aggregation group 1 [sw2-GigabitEthernet1/0/1]int g1/0/2 [sw2-GigabitEthernet1/0/2]port link-aggregation group 1 [sw1]display link-aggregation verbose Loadsharing Type: Shar – Loadsharing, NonS – Non-Loadsharing Port: A – Auto Port Status: S – Selected, U – Unselected, I – Individual Flags: A – LACP_Activity, B – LACP_Timeout, C – Aggregation,D – Synchronization, E – Collecting, F – Distributing,G – Defaulted, H – ExpiredAggregate Interface: Bridge-Aggregation1 Aggregation Mode: Static Loadsharing Type: SharPort Status Priority Oper-Key ——————————————————————————–GE1/0/1 S 32768 1GE1/0/2 S 32768 1 [sw1]公司内部业务网段为VLAN10和VLAN20; VLAN 10是市场部vlan20是技术部要求对VLAN进行命名以便识别PC1属于vlan10PC2属于vlan20vlan30用于SW1和SW2建立OSPF邻居VLAN111为SW1和R1的互联vlanvlan222为sw2和R2的互联vlan vlan以及IP已经配好 [sw1]int GigabitEthernet 1/0/4 [sw1-GigabitEthernet1/0/4]di th # interface GigabitEthernet1/0/4port link-mode bridgeport access vlan 111combo enable fiber[sw2]int g1/0/4 [sw2-GigabitEthernet1/0/4]di th # interface GigabitEthernet1/0/4port link-mode bridgeport access vlan 222combo enable fiber H3Csys System View: return to User View with CtrlZ. [H3C]sysn [H3C]sysname sw3 [sw3]vlan 10 [sw3-vlan10]name scb [sw3-vlan10]vlan 20 [sw3-vlan20]name jsb [sw3-vlan20]int g1/0/3 [sw3-GigabitEthernet1/0/3]port access vlan 10 [sw3-GigabitEthernet1/0/3]int g1/0/4 [sw3-GigabitEthernet1/0/4]port access vlan 20 [sw3-GigabitEthernet1/0/4]qu将端口配置为Ttrunk允许相关的vlan通过 [sw1]int g1/0/3 [sw1-GigabitEthernet1/0/3]port link-type trunk [sw1-GigabitEthernet1/0/3]port trunk permit vlan 10 20 [sw1-GigabitEthernet1/0/3]qu [sw1]int Bridge-Aggregation 1 [sw1-Bridge-Aggregation1]port link-type trunk Configuring GigabitEthernet1/0/1 done. Configuring GigabitEthernet1/0/2 done. [sw1-Bridge-Aggregation1]port trunk permit vlan 10 20 30 Configuring GigabitEthernet1/0/1 done. Configuring GigabitEthernet1/0/2 done. [sw1-Bridge-Aggregation1]qu[sw2]int g1/0/3 [sw2-GigabitEthernet1/0/3]port link-type trunk [sw2-GigabitEthernet1/0/3]port trunk permit vlan 10 20 [sw2-GigabitEthernet1/0/3]qu [sw2]int Bridge-Aggregation 1 [sw2-Bridge-Aggregation1]port link-type trunk Configuring GigabitEthernet1/0/1 done. Configuring GigabitEthernet1/0/2 done. [sw2-Bridge-Aggregation1]port trunk permit vlan 10 20 30 Configuring GigabitEthernet1/0/1 done. Configuring GigabitEthernet1/0/2 done. [sw2-Bridge-Aggregation1]qu [sw2][sw3]int g1/0/1 [sw3-GigabitEthernet1/0/1]port link-type trunk [sw3-GigabitEthernet1/0/1]port trunk permit vlan 10 20 [sw3-GigabitEthernet1/0/1]int g1/0/2 [sw3-GigabitEthernet1/0/2]port link-type trunk [sw3-GigabitEthernet1/0/2]port trunk permit vlan 10 20 [sw3-GigabitEthernet1/0/2] [sw3-GigabitEthernet1/0/2]qu [sw3] 交换机连接PC的端口配置为边缘端口 边缘端口Edge Port 是生成树协议STP, Spanning Tree Protocol中的一个概念特指那些直接连接到终端设备如PC、服务器等的端口而不是连接到其他交换机或网桥的端口。在STP中边缘端口具有一些特殊的属性和行为以优化网络性能和避免不必要的延迟。 [sw3]int g1/0/3 [sw3-GigabitEthernet1/0/3]stp edged-port [sw3-GigabitEthernet1/0/3]int g1/0/4 [sw3-GigabitEthernet1/0/4]stp edged-port 在SW1上配置DHCP服务为vlan10和vlan20的PC动态分配IP地址网关和DNS地址要求vlan10的网关是192.168.1.252vlan20的网关是192.168.2.253 [sw1]dhcp enable [sw1]dhcp server ip-pool vlan10 [sw1-dhcp-pool-vlan10]network 192.168.1.0 mask [sw1-dhcp-pool-vlan10]network 192.168.1.0 mask 255.255.255.0 [sw1-dhcp-pool-vlan10]gateway [sw1-dhcp-pool-vlan10]gateway-list 192.168.1.252 [sw1-dhcp-pool-vlan10]dhcp server ip-pool vlan20 [sw1-dhcp-pool-vlan20]network 192.168.2.0 mask 255.255.255.0 [sw1-dhcp-pool-vlan20]gateway [sw1-dhcp-pool-vlan20]gateway-list 192.168.2.253 按图示分区域配置OSPF实现公司内部网络全网互通ABR的环回口宣告进骨干区域业务网段不允许出现协议报文 命令的大致意思是将VLAN 10的接口设置为“静默接口”silent interface。当设置为静默接口时该接口将不会发送与该路由协议相关的路由更新或Hello报文。 [sw1]ospf 1 router-id 3.3.3.3 [sw1-ospf-1]silent-interface vlan 10 [sw1-ospf-1]area 1 [sw1-ospf-1-area-0.0.0.1]ne [sw1-ospf-1-area-0.0.0.1]network 192.168.1.252 0.0.0.255 [sw1-ospf-1-area-0.0.0.1]network 192.168.2.252 0.0.0.255 [sw1-ospf-1-area-0.0.0.1]network 10.1.2.1 0.0.0.3 [sw1-ospf-1-area-0.0.0.1]network 10.0.0.6 0.0.0.3 [sw1-ospf-1-area-0.0.0.1]network 10.1.1.11 0.0.0.0 [sw1-ospf-1-area-0.0.0.1]quit [sw1-ospf-1][sw2]ospf router-id 4.4.4.4 [sw2-ospf-1]sil [sw2-ospf-1]silent-interface vlan 20 [sw2-ospf-1]area 1 [sw2-ospf-1-area-0.0.0.1]net [sw2-ospf-1-area-0.0.0.1]network 192.168.1.253 0.0.0.255 [sw2-ospf-1-area-0.0.0.1]network 192.168.2.253 0.0.0.255 [sw2-ospf-1-area-0.0.0.1]network 10.0.0.10 0.0.0.3 [sw2-ospf-1-area-0.0.0.1]network 10.1.1.12 0.0.0.0 [sw2-ospf-1-area-0.0.0.1]quit [sw2-ospf-1][r1]ospf 1 router-id 1.1.1.1 [r1-ospf-1]area [r1-ospf-1]silent-interface LoopBack 0 [r1-ospf-1]area 1 [r1-ospf-1-area-0.0.0.1]network 10.0.0.1 0.0.0.3 [r1-ospf-1-area-0.0.0.1]network 10.0.0.5 0.0.0.3 [r1-ospf-1-area-0.0.0.1]area 0 [r1-ospf-1-area-0.0.0.0]network 10.0.0.14 0.0.0.3 [r1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.3 [r1-ospf-1-area-0.0.0.0]quit [r1-ospf-1][r2]ospf 1 router-id 2.2.2.2 [r2-ospf-1]area 1 [r2-ospf-1-area-0.0.0.1]network 10.0.0.2 0.0.0.3 [r2-ospf-1-area-0.0.0.1]network 10.0.0.9 0.0.0.3 [r2-ospf-1-area-0.0.0.1]area 0 [r2-ospf-1-area-0.0.0.0]network 10.0.0.18 0.0.0.3 [r2-ospf-1-area-0.0.0.0]network 10.1.1.2 0.0.0.3 [r2-ospf-1-area-0.0.0.0][r3]ospf 1 router-id 5.5.5.5 [r3-ospf-1]silent-interface LoopBack 0 [r3-ospf-1]area 0 [r3-ospf-1-area-0.0.0.0]network 10.0.0.13 0.0.0.3 [r3-ospf-1-area-0.0.0.0]network 10.0.0.17 0.0.0.3 [r3-ospf-1-area-0.0.0.0]network 192.168.3.254 0.0.0.255 [r3-ospf-1-area-0.0.0.0]network 10.1.1.3 0.0.0.0 [r3-ospf-1-area-0.0.0.0]quR1上配置默认路由指向互联网并引入到OSPF [r1]ip route-static 0.0.0.0 0 202.100.1.1 [r1]ospf 1 [r1-ospf-1]default-route-advertise [r1-ospf-1] R1通过双线连接到互联网配置PPP-MP并配置双向CHAP验证 [r1]int mp-grou 1 [r1-MP-group1]ip ad 202.100.1.2 30 [r1-MP-group1]quit [r1]int s1/0 [r1-Serial1/0]ppp mp M-group 1 [r1-Serial1/0]ppp mp MP-group 1 [r1-Serial1/0]int s2/0 [r1-Serial2/0]ppp mp MP-group 1[lnternet]int mp-group 1 [lnternet-MP-group1]ip ad 202.100.1.1 30 [lnternet-MP-group1]quit [lnternet]int s1/0 [lnternet-Serial1/0]ppp mp MP-group 1 [lnternet-Serial1/0]int s2/0 [lnternet-Serial2/0]ppp mp MP-group 1 [lnternet-Serial2/0]qu创建用户双向验证的用户 [lnternet]local-user zhangsan class network New local user added. [lnternet-luser-network-zhangsan]pas [lnternet-luser-network-zhangsan]password sim [lnternet-luser-network-zhangsan]password simple 123456 [lnternet-luser-network-zhangsan]serv [lnternet-luser-network-zhangsan]service-type ppp [lnternet-luser-network-zhangsan]quit [lnternet][r1]local-user zhangsan class network New local user added. [r1-luser-network-zhangsan]pas [r1-luser-network-zhangsan]password sim [r1-luser-network-zhangsan]password simple 123456 [r1-luser-network-zhangsan]servic [r1-luser-network-zhangsan]service-type ppp [r1-luser-network-zhangsan]quit [r1] 选择认证方式认证 [r1]int s1/0 [r1-Serial1/0]ppp an [r1-Serial1/0]ppp au [r1-Serial1/0]ppp authentication-mode ch [r1-Serial1/0]ppp authentication-mode chap [r1-Serial1/0]ppp ch [r1-Serial1/0]ppp chap us [r1-Serial1/0]ppp chap user zhangsan [r1-Serial1/0]ppp chap pass [r1-Serial1/0]ppp chap password sim [r1-Serial1/0]ppp chap password simple 123456 [r1-Serial1/0]int s2/0 [r1-Serial2/0]ppp authentication-mode chap [r1-Serial2/0]ppp chap user zhangsan [r1-Serial2/0]ppp chap password simple 123456 [r1-Serial2/0]quit [r1] [lnternet]int s1/0 [lnternet-Serial1/0]ppp authentication-mode chap [lnternet-Serial1/0]ppp chap user zhangsan [lnternet-Serial1/0]ppp chap password simple 123456 [lnternet-Serial1/0]int s2/0 [lnternet-Serial2/0]ppp authentication-mode chap [lnternet-Serial2/0]ppp chap user zhangsan [lnternet-Serial2/0]ppp chap password simple 123456 [lnternet-Serial2/0]quit [lnternet]配置EASY IP只有业务网段192.168.1.0/24和192.168.2.0/24 的数据流可以通过R1访问互联网 [lnternet]acl basic 2000 [lnternet-acl-ipv4-basic-2000]rule 0 permit source 192.168.1.0 0.0.0.255 [lnternet-acl-ipv4-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255 [lnternet-acl-ipv4-basic-2000]quit [lnternet]int mp-group 1 [lnternet-MP-group1]nat outbound 2000 用PC ping Internet R1开启TELNET远程管理使用用户ABC登录密码ABC只允许技术部远程管理R1 [r1]telnet server enable [r1]local-user abc class manage New local user added. [r1-luser-manage-abc]password simple abc The new password is too short. It must contain at least 10 characters. [r1-luser-manage-abc]authorization-attribute user-role level-15 [r1-luser-manage-abc]quit [r1]user-interface vty 0 4 [r1-line-vty0-4]authentication-mode scheme [r1-line-vty0-4]user [r1-line-vty0-4]user-role le [r1-line-vty0-4]user-role level-15 [r1-line-vty0-4]quit [r1]acl advanced 3000 [r1-acl-ipv4-adv-3000]rule 0 permit tcp source 192.168.2.0 0.0.0.255 destination10.0.0.0 0.0.0.255 destination-port eq 23 [r1-acl-ipv4-adv-3000]rule 6 deny tcp [r1-acl-ipv4-adv-3000]quit [r1]int g0/0 [r1-GigabitEthernet0/0]packet-filter 3000 inbound [r1-GigabitEthernet0/0]int g0/1 [r1-GigabitEthernet0/1]packet-filter 3000 inbound [r1-GigabitEthernet0/1]int g0/2 [r1-GigabitEthernet0/2]packet-filter 3000 inbound [r1-GigabitEthernet0/2] [r1-GigabitEthernet0/2]int MP-group 1 [r1-MP-group1]packet-filter 3000 inbound [r1-MP-group1]quit pc2登录测试