获取中...

-

Just a minute...

Linux网络设备与管理大作业

下图为某企业网络拓扑图,接入层采用二层交换机2960,汇聚和核心层使用了一台三层交换机3560 24PS,局域网边缘采用一台路由器LanRouter用于连接到外部网络的Isp Router两台路由器型号都为2811,并且安装了WIC-1T模块。

为了提高交换机的传输带宽,并实现链路的冗余备份,2960 与3560 24PS之间使用两条链路连接。2960 在F0/11端口上连接一台PC1,PC1处于VLAN10中;在F0/12端口上连接一台PC2, PC2处于VLAN20中。3560-24PS使用具有三层特性的物理端口F0/15与LanRouter的F0/0相连,在LanRouter的S0/0/0接口上连接一台Isp Router路由器,Isp Router的F0/0接口上连接了一台Public WebServer服务器。为了实现局域网资源共享,需要PC1机和PC2能够相互访问。为了缓解公司外部网络IP地址不足的问题和一些安全性考虑,局域网vlan10和vlan20中内部的主机均使用一个内部全局地址209.165.200.1,与外部internet的通信。同时,拒绝VLAN 10中的PC1的www数据通过Lan Router的f0/0接口连接到外部的Public Web server,其他流量均可以通过。

拓扑图:

地址表:

设备名称 IP地址 子网掩码 网关
PC1 192.168.10.10 255.255.255.0 192.168.10.1
PC2 192.168.20.20 255.255.255.0 192.168.20.1
VLAN10 192.168.10.1 255.255.255.0
VLAN20 192.168.20.1 255.255.255.0
3560 f0/15 172.16.1.1 255.255.255.0
Lan Router f0/0 172.16.1.2 255.255.255.0
Lan Router s0/0/0 209.165.200.1 255.255.255.0
Isp Router f0/0 209.165.201.3 255.255.255.0
Isp Router s0/0/0 209.165.200.2 255.255.255.0
Isp Router s0/0/0 209.165.201.4 255.255.255.0 209.165.201.3

请使用Packet Tracer完成以下操作:

在配置界面中,将ISP Router路由器、Lan Router路由器、2960与3560 24PS交换机命名为自己姓名的拼音。

根据地址表配置PC1、PC2和PublicWebServer的ip地址和默认网关

PC1

ip: 192.168.10.10

gateway: 192.168.10.1

PC2

ip:192.168.20.20

gateway: 192.168.20.1

PublicWebServer

ip:209.165.201.4

gateway:209.165.201.3

配置2960与3560 24PS两条链路之间的链路聚合

配置2960

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Switch#enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
//全局模式进入端口0/1-2
Switch(config)#interface range fastEthernet 0/1-2
//创建通道设置模式为desirable
Switch(config-if-range)#channel-group 1 mode desirable
//虚拟通道从ysm2连接ysm3
Switch(config-if-range)# description ysm2-ysm3
//设置trunk允许多个vlan通过
Switch(config-if-range)#switchport mode trunk
//允许所有的vlan通过
Switch(config-if-range)#switchport trunk allowed vlan all
//激活端口
Switch(config-if-range)#no shutdown

配置3560 24PS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Switch#enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
//全局模式下进入Fa0/1-2端口
Switch(config)#interface range fastEthernet 0/1-2
//创建虚拟通道 channel-group 1 并设置模式为desirable
Switch(config-if-range)#channel-group 1 mode desirable
//描述channel-group 1虚拟通道从ysm2连接ysm3
Switch(config-if-range)#description ysm2-ysm3
//强制虚拟通道 channel-group 1使用dot1q封装数据包
Switch(config-if-range)#switchport trunk encapsulation dot1q
//设置为trunk允许多个VLAN通过
Switch(config-if-range)#switchport mode trunk
//激活端口
Switch(config-if-range)#no shutdown

检查:show etherchannel summary

在2960上划分VLAN,并把PC1与PC2分别加入到相应的VLAN10和VLAN20中

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Switch#config t                                       //进入全局模式
Switch(config)#vlan 10 //添加vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20 //添加vlan 20
Switch(config-vlan)#exit
Switch(config)#interface fastEthernet 0/11 //切换fa 0/11端口,绑定到vlan10
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/12 //切换fa 0/12端口,绑定到vlan20
Switch(config-if)#switchport access vlan 20
Switch(config-if)#end
Switch#show vlan
%SYS-5-CONFIG_I: Configured from console by console

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 VLAN0010 active Fa0/11
20 VLAN0020 active Fa0/12
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

配置3560-24PS的VLAN IP,使PC0与PC1不同VLAN之间能够相互通信和共享

创建vlan

1
2
3
4
5
6
7
8
9
Switch#enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#end
Switch(config)#ip routing //开启三层交换机功能

给vlan分配ip

1
2
3
4
5
6
7
8
9
10
11
12
13
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 10 //在三层交换机创建vlan10地址
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip address 192.168.10.1 255.255.255.0
Switch(config-if)#exit
Switch(config)#interface vlan 20 //在三层交换机创建vlan20地址
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip address 192.168.20.1 255.255.255.0
Switch(config-if)#end

三层交换机上设置trunk链路

1
2
3
4
5
Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface fastethernet 0/1
Switch(config-if)#switchport mode trunk

检测:show ip int b

根据地址表,在3560 24PS上使具有三层特性的物理端口F0/15配置ip地址

1
2
3
4
5
6
7
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface f0/15
Switch(config-if)#no switchport //开启三层交换机模式
Switch(config-if)#ip address 172.16.1.1 255.255.255.0 //设置端口ip
Switch(config-if)#no shut
Switch(config-if)#end

检测:

show ip int b

ping 172.16.1.1

根据地址表,在Lan Router配置s0/0/0和f0/0接口IP地址:在Isp Router配置s0/0/0和f0/0接口IP地址

LanRouter配置s/0/0/0和f0/0接口ip地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
ysm1#enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#hostname ysm1
ysm1(config)#int fastEthernet 0/0 //设置路由器f0/0的ip
ysm1(config-if)#ip address 172.16.1.2 255.255.255.0
ysm1(config-if)#no shut
ysm1(config-if)#exit
ysm1(config)#int serial 0/0/0 //设置路由器s0/0/0的ip
ysm1(config-if)#ip address 209.165.200.1 255.255.255.0
ysm1(config-if)#no shut
ysm1(config-if)#end
ysm1#
%SYS-5-CONFIG_I: Configured from console by console

ysm1#show ip int b //查看ip信息
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.1.2 YES manual up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 209.165.200.1 YES manual up up
Vlan1 unassigned YES unset administratively down down

Isp Router配置s0/0/0和f0/0接口IP地址。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
ysm#enable
ysm#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm(config)#hostname ysm
ysm(config)#int serial 0/0/0 //设置路由器s0/0/0的ip
ysm(config-if)#ip address 209.165.200.2 255.255.255.0
ysm(config-if)#clock rate 64000 //DCE端设置时钟频率
This command applies only to DCE interfaces
ysm(config-if)#no shut
ysm(config-if)#exit
ysm(config)#int FastEthernet 0/0 //设置路由器f0/0的ip
ysm(config-if)#ip address 209.165.201.3 255.255.255.0
ysm(config-if)#no shut
ysm(config-if)#end
ysm#
%SYS-5-CONFIG_I: Configured from console by console
ysm#show ip int b //查看ip信息
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 209.165.201.3 YES manual up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 209.165.200.2 YES manual up up
Vlan1 unassigned YES unset administratively down down

在3560 24PS、Lan Router、Isp ROUTER上使用OSPF路由协议,实现全网的互通(ospf进程号均为1,area为0)。用PING命令测试PC1与服务器Public Web Server的连通性,并截屏;在3560 24PS 三层交换机的特权模式下,用“#show ip route”查看路由表

3560 24PS配置OSPF协议

1
2
3
4
5
6
7
Switch>enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#router ospf 1 //三层交换机开启路由进程,将所有连接的网段宣称出去
Switch(config-router)#network 172.16.1.0 0.0.0.255 area 0 //宣称所连接的172.16.1.0网段
Switch(config-router)#network 192.168.10.0 0.0.0.255 area 0 //宣称所连接的192.168.10.0网段
Switch(config-router)#network 192.168.20.0 0.0.0.255 area 0 //宣称所连接的172.168.20.0网段

Lan Router配置OSPF协议

1
2
3
4
5
6
7
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1 //LAN_Router开启路由进程,将所有连接的网段宣称出去
Router(config-router)#network 172.16.1.0 0.0.0.255 area 0 //宣称所连接的172.16.1.0网段
Router(config-router)#network 209.165.200.0 0.0.0.255 area 0 //宣称所连接的209.165.200.0网段
Router(config-router)#end

isp ROUTER配置OSPF协议

1
2
3
4
5
6
7
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 1 //LAN_Router开启路由进程,将所有连接的网段宣称出去
Router(config-router)#network 209.165.201.0 0.0.0.255 area 0 //宣称所连接的209.165.201.0网段
Router(config-router)#network 209.165.200.0 0.0.0.255 area 0 //宣称所连接的209.165.200.0网段
Router(config-router)#end

PC1 ip:192.168.10.10

PC2 ip:192.168.20.20

Public Web Server ip: 209.165.201.4

局域网vlan10和vlan20中内部本地地址192.168.0.0/24,内部网络中只有一个内部全局地址209.165.200.1,这个地址配置在ISPRouter路由器的s0/0/0接口。要求正确配置地址端口转换,实现局域网与外部internet的通信。在Lan Router的特权模式下,运行#show ip nat translations查看生效的NAT设置

配置ysm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
ysm1>enable
ysm1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#
00:00:40: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.20.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

ysm1(config)#ip route 209.165.201.0 255.255.255.0 209.165.200.2
ysm1(config)#end
ysm1#
%SYS-5-CONFIG_I: Configured from console by console

ysm1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
O 192.168.10.0/24 [110/2] via 172.16.1.1, 00:00:54, FastEthernet0/0
O 192.168.20.0/24 [110/2] via 172.16.1.1, 00:00:54, FastEthernet0/0
C 209.165.200.0/24 is directly connected, Serial0/0/0
S 209.165.201.0/24 [1/0] via 209.165.200.2

R1(config)#int fa0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int s2/0
R1(config-if)#ip nat outside
R1(config-if)#exit

ysm1#enable
ysm1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#int fa0/0
ysm1(config-if)#ip nat inside
ysm1(config-if)#exit
ysm1(config)#int s0/0/0
ysm1(config-if)#ip nat outside

ysm1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
ysm1(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
ysm1(config)#access-list 1 permit ?
A.B.C.D Address to match
any Any source host
host A single host address
ysm1(config)#access-list 1 permit 172.16.1.0?
A.B.C.D
ysm1(config)#access-list 1 permit 172.16.1.0 0.0.0.255 ?
<cr>
ysm1(config)#access-list 1 permit 172.16.1.0 0.0.0.255
ysm1(config)#ip nat ?
inside Inside address translation
outside Outside address translation
pool Define pool of addresses
ysm1(config)#ip nat pool ?
WORD Pool name
ysm1(config)#ip nat pool david ?
A.B.C.D Start IP address
ysm1(config)#ip nat pool david 209.165.200.3 ?
A.B.C.D End IP address
ysm1(config)#ip nat pool david 209.165.200.3 209.165.200.3 ?
netmask Specify the network mask
ysm1(config)#ip nat pool david 209.165.200.3 209.165.200.3 netmask ?
A.B.C.D Network mask
ysm1(config)#ip nat pool david 209.165.200.3 209.165.200.3 netmask 255.255.255.0 ?
<cr>
ysm1(config)#ip nat pool david 209.165.200.3 209.165.200.3 netmask 255.255.255.0
ysm1(config)#ip nat inside ?
source Source address translation
ysm1(config)#ip nat inside source ?
list Specify access list describing local addresses
static Specify static local->global mapping
ysm1(config)#ip nat inside source list 1 ?
interface Specify interface for global address
pool Name pool of global addresses
ysm1(config)#ip nat inside source list 1 pool ?
WORD Name pool of global addresses
ysm1(config)#ip nat inside source list 1 pool david ?
overload Overload an address translation
<cr>
ysm1(config)#ip nat inside source list 1 pool david overload ?
<cr>
ysm1(config)#ip nat inside source list 1 pool david overload
ysm1(config)#end
ysm1#
%SYS-5-CONFIG_I: Configured from console by console

ysm1#show ip nat ?
statistics Translation statistics
translations Translation entries

配置ysm

1
2
3
4
5
ysm>enable
ysm#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm(config)#ip route 172.16.1.0 255.255.255.0 209.165.200.1
ysm(config)#end

在Lan Router 上进行访问控制,拒绝VLAN 10中的PC1的www数据通过Lan Router的f0/0接口连接到外部的Public Web server,其他流量均可以通过。在Lan Router的特权模式下,运行# show access-lists 查看访问控制列表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ysm1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#access-list 100 permit tcp 192.168.20.0 0.0.0.255 any eq www
ysm1(config)#access-list 100 permit tcp 192.168.20.0 0.0.0.255 any eq ftp
ysm1(config)#access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq ftp
ysm1(config)#access-list 100 deny tcp 192.168.10.0 0.0.0.255 any eq www
ysm1(config)#access-list 100 permit ip any any //允许其它所有数据通过
ysm1(config)#end

ysm1#show access-lists
Standard IP access list 1
10 permit 172.16.1.0 0.0.0.255
Extended IP access list 100
10 permit tcp 192.168.20.0 0.0.0.255 any eq www
20 permit tcp 192.168.20.0 0.0.0.255 any eq ftp
30 permit tcp 192.168.10.0 0.0.0.255 any eq ftp
40 deny tcp 192.168.10.0 0.0.0.255 any eq www
50 permit ip any any

ysm1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ysm1(config)#int f0/0 //进入f0/0
ysm1(config-if)#ip access-group 100 in //将访问控制列表绑定在F0/0端口
ysm1(config-if)#

参考

Cisco Packet Tracer的下载与安装

https://blog.csdn.net/qq_43816279/article/details/98042367

Cisco Packet Tracer如何修改设备名称

https://jingyan.baidu.com/article/3ea51489b595eb52e61bbafb.html

Cisco Packet Tracer配置主机ip

https://jingyan.baidu.com/article/870c6fc3eb6453f03fe4beaa.html

Cisco交换机端口聚合

https://blog.csdn.net/weixin_33699914/article/details/86396087

Cisco Packer Tracer划分vlan

https://www.cnblogs.com/mchina/archive/2012/07/14/2591384.html

三层交换机实现实现不同vlan通信

https://www.cnblogs.com/Diligent-Memory/p/10802027.html

三层交换机端口配置

https://wenku.baidu.com/view/53487da0f524ccbff1218453.html

路由器配置接口ip地址

https://www.kancloud.cn/limata/xiaonannote/272039

使用OSPF协议实现全网互通

https://www.jb51.net/it/714688.html

网络端口地址转换 napt 配置

https://www.cnblogs.com/mchina/archive/2012/07/24/2606821.html

相关文章
评论
分享
  • IPTABLES防火墙配置

    iptables的基本配置方法查看是否安装防火墙which iptables whereis iptables 如上图所示,iptables已经安装,如果没有安装,使用sudo apt-get install iptables安装...

    IPTABLES防火墙配置
  • 搭建email服务器

    安装Ubuntu 18.04附带了systemd-resolve,需要禁用它,因为它绑定到53端口,与Dnsmasq端口冲突。 运行以下命令以禁用已解析的服务: systemctl disable systemd-resolved s...

    搭建email服务器
  • ssh服务配置

    目的掌握linux系统中ssh服务器的配置 掌握ssh安全远程登陆的方法 掌握ssh采用公钥认证登陆 条件局域网中有两台主机ip为192.168.75.134(服务器,yangshuming)和192.168.75.132(客户端ub...

    ssh服务配置
Please check the parameter of comment in config.yml of hexo-theme-Annie!