综合实验3
实验拓扑
| 设备名称 | 接口 | IP地址 |
|---|---|---|
| R1 | Ser_1/0与Ser_2/0做捆绑MP | 202.100.1.1/24 |
| G0/0 | 202.100.2.1/24 | |
| R2 | Ser_1/0与Ser_2/0做捆绑MP | 202.100.1.2/24 |
| G0/0 | 172.16.2.1/24 | |
| G0/1 | 172.16.1.1/24 | |
| G0/2 | 172.16.5.1/24 | |
| R3 | G5/0 | 202.100.2.2/24 |
| G0/0 | 172.16.2.2/24 | |
| G0/1 | 172.16.3.1/24 | |
| G0/2 | 172.16.7.1/24 | |
| R4 | G0/0 | 172.16.1.2/24 |
| G0/1 | 172.16.4.1/24 | |
| G0/2 | 10.1.3.1/24 | |
| G5/0 | 10.1.1.1/24 | |
| G5/1 | 172.16.6.2/24 | |
| R5 | G0/0 | 172.16.4.2/24 |
| G0/1 | 172.16.3.2/24 | |
| G0/2 | 10.1.4.1/24 | |
| G5/0 | 10.1.2.1/24 | |
| G5/1 | 172.16.8.2/24 | |
| R12 | G0/0 | 172.15.5.2/24 |
| G0/1 | 172.16.6.1/24 | |
| R13 | G0/0 | 172.16.7.2/24 |
| G0/1 | 172.16.8.1/24 | |
| SW6 | G1/0/1 | Vlan100:10.1.3.2/24 |
| G1/0/2 | Vlan90:10.1.4.2/24 | |
| G1/0/3 | Vlan50:10.1.5.1/24 | |
| G1/0/4 | Vlan60:10.1.6.1/24 | |
| SW7 | G1/0/1 | Vlan50:10.1.5.2/24 |
| G1/0/2 | Vlan30:192.168.3.1/24 | |
| G1/0/6 | Vlan70:10.1.1.2/24 | |
| G1/0/3-5做聚合组为1 | Vlan110:192.168.5.1/24 | |
| SW8 | G1/0/1 | Vlan60:10.1.6.2/24 |
| G1/0/2 | Vlan40:192.168.4.1/24 | |
| G1/0/6 | Vlan80:10.1.2.2/24 | |
| G1/0/3-5做聚合组为1 | Vlan110:192.168.5.2/24 | |
| SW9 | G1/0/1 | Vlan30:192.168.3.2/24 |
| G1/0/2 | Vlan40:192.168.4.2/24 | |
| G1/0/3 | Vlan10:192.168.1.254/24 | |
| G1/0/4 | Vlan20:192.168.2.254/24 | |
| PC10 | G0/1 | IP:192.168.1.1/24 GW:192.168.1.254 |
| PC11 | G0/1 | IP:192.168.2.1/24 GW:192.168.2.254 |
实验需求
- 按照图示配置IP地址;
- sw7和sw8之间的直连链路配置链路聚合;
- 公司内部业务网段为vlan10和vlan20,vlan10是市场部,vlan20是技术部,对vlan进行命名以便区分识别;pc10属于vlan10,pc11属于vlan20,其中vlan30,vlan40,vlan50,vlan60,vlan70,vlan80,vlan90,vlan100,vlan110,vlan120,vlan130,vlan140,vlan150用于交换机之间建立rip动态路由协议及互联vlan;
- 所有交换机相连的端口配置为trunk,允许相关流量通过;
- 交换机连接pc的端口配置为边缘端口;
- 将sw9选举为生成树的根网桥;
- 在sw9上配置dhcp服务,为vlan10和vlan20的pc动态分配IP地址、网关和dns地址,vlan10的网关是192.168.1.254,vlan20的网关是192.168.2.254,dns为114.114.114.114;
- 按照图示分区域配置ospf协议,环回口宣告进对应区域中;
- 按照图示区域配置rip协议,环回口宣告进对应区域中,业务网段不允许出现协议报文;
- 要求实现内网全网互通;
- R1和R2之间通过双线连接到互联网配置ppp-mp,并配置双向chap验证;
- 配置easy ip,只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网;
- R12开启telent远程登录服务,只允许192.168.3.0/24登录访问;
- R13开启ftp文件传输服务,只允许192.168.4.0/24登录访问;
实验步骤
步骤1:
按照图示配置IP地址;
R1和R2之间通过双线连接到互联网配置ppp-mp,并配置双向chap验证;
[R1]int g0/0
[R1-GigabitEthernet0/0]ip add 202.100.2.1 24 [R1]int l0
[R1-LoopBack0]ip add 1.1.1.1 32
[R2]int g0/0
[R2-GigabitEthernet0/0]ip add 172.16.2.1 24
[R2-GigabitEthernet0/0]int g0/1
[R2-GigabitEthernet0/1]ip add 172.16.1.1 24
[R2-GigabitEthernet0/1]int g0/2
[R2-GigabitEthernet0/2]ip add 172.16.5.1 24 [R2]int l0
[R2-LoopBack0]ip add 2.2.2.2 32
[R3]int g5/0
[R3-GigabitEthernet5/0]ip add 202.100.2.2 24
[R3-GigabitEthernet5/0]int g0/0
[R3-GigabitEthernet0/0]ip add 172.16.2.2 24
[R3-GigabitEthernet0/0]int g0/1
[R3-GigabitEthernet0/1]ip add 172.16.3.1 24
[R3-GigabitEthernet0/1]int g0/2
[R3-GigabitEthernet0/2]ip add 172.16.7.1 24 [R3]int l0
[R3-LoopBack0]ip add 3.3.3.3 32
[R4]int g0/0
[R4-GigabitEthernet0/0]ip add 172.16.1.2 24
[R4-GigabitEthernet0/0]int g0/1
[R4-GigabitEthernet0/1]ip add 172.16.4.1 24
[R4-GigabitEthernet0/1]int g0/2
[R4-GigabitEthernet0/2]ip add 10.1.3.1 24
[R4-GigabitEthernet0/2]int g5/0
[R4-GigabitEthernet5/0]ip add 10.1.1.1 24
[R4-GigabitEthernet5/0]int g5/1
[R4-GigabitEthernet5/1]ip add 172.16.6.2 24 [R4]int l0
[R4-LoopBack0]ip add 4.4.4.4 32
[R5]int g0/0
[R5-GigabitEthernet0/0]ip add 172.16.4.2 24
[R5-GigabitEthernet0/2]int g0/1
[R5-GigabitEthernet0/1]ip add 172.16.3.2 24
[R5-GigabitEthernet0/1]int g0/2
[R5-GigabitEthernet0/2]ip add 10.1.4.1 24
[R5-GigabitEthernet0/2]int g5/0
[R5-GigabitEthernet5/0]ip add 10.1.2.1 24
[R5-GigabitEthernet5/0]int g5/1
[R5-GigabitEthernet5/1]ip add 172.16.8.2 24[R5]int l0
[R5-LoopBack0]ip add 5.5.5.5 32
[R12]int g0/0
[R12-GigabitEthernet0/0]ip add 172.15.5.2 24
[R12-GigabitEthernet0/0]int g0/1
[R12-GigabitEthernet0/1]ip add 172.16.6.1 24[R12]int l0
[R12-LoopBack0]ip add 12.12.12.12 32
[R13]int g0/0
[R13-GigabitEthernet0/0]ip add 172.16.7.2 24
[R13-GigabitEthernet0/0]int g0/1
[R13-GigabitEthernet0/1]ip add 172.16.8.1 24[R13]int l0
[R13-LoopBack0]ip add 13.13.13.13 32
[SW6]vlan 100
[SW6-vlan100]vlan 90
[SW6-vlan150]vlan 50
[SW6-vlan50]vlan 60[SW6-vlan90]int vlan 100
[SW6-Vlan-interface100]ip add 10.1.3.2 24
[SW6-Vlan-interface100]int vlan 90
[SW6-Vlan-interface90]ip add 10.1.4.2 24
[SW6-Vlan-interface150]int vlan 50
[SW6-Vlan-interface50]ip add 10.1.5.1 24
[SW6-Vlan-interface50]int vlan 60
[SW6-Vlan-interface60]ip add 10.1.6.1 24 [SW6]int g1/0/1
[SW6-GigabitEthernet1/0/1]port access vlan 100
[SW6-GigabitEthernet1/0/1]int g1/0/2
[SW6-GigabitEthernet1/0/2]port access vlan 90[SW6]int l0
[SW6-LoopBack0]ip add 6.6.6.6 32
[SW7]vlan 50
[SW7-vlan50]vlan 30
[SW7-vlan30]vlan 70
[SW7-vlan70]vlan 110[SW7-vlan110]int vlan 50
[SW7-Vlan-interface50]ip add 10.1.5.2 24
[SW7-Vlan-interface50]int vlan 30
[SW7-Vlan-interface30]ip add 192.168.3.1 24
[SW7-Vlan-interface30]int vlan 70
[SW7-Vlan-interface70]ip add 10.1.1.2 24
[SW7-Vlan-interface70]int vlan 110
[SW7-Vlan-interface110]ip add 192.168.5.1 24[SW7]int g1/0/6
[SW7-GigabitEthernet1/0/6]port access vlan 70[SW7]int l0
[SW7-LoopBack0]ip add 7.7.7.7 32
[SW8]vlan 60
[SW8-vlan60]vlan 40
[SW8-vlan40]vlan 80
[SW8-vlan80]vlan 110
[SW8-vlan110]int vlan 60
[SW8-Vlan-interface60]ip add 10.1.6.2 24
[SW8-Vlan-interface60]int vlan 40
[SW8-Vlan-interface40]ip add 192.168.5.1 24
[SW8-Vlan-interface40]ip add 192.168.4.1 24
[SW8-Vlan-interface40]int vlan 80
[SW8-Vlan-interface80]ip add 10.1.2.2 24
[SW8-Vlan-interface80]int vlan 110
[SW8-Vlan-interface110]ip add 192.168.5.2 24 [SW8]int g1/0/6
[SW8-GigabitEthernet1/0/6]port access vlan 80[SW8]int l0
[SW8-LoopBack0]ip add 8.8.8.8 32
[SW9]vlan 30
[SW9-vlan30]vlan 40
[SW9-vlan40]vlan 10
[SW9-vlan10]vlan 20
[SW9-vlan20]int vlan 30
[SW9-Vlan-interface30]ip add 192.168.3.2 24
[SW9-Vlan-interface30]int vlan 40
[SW9-Vlan-interface40]ip add 192.168.4.2 24
[SW9-Vlan-interface40]int vlan 10
[SW9-Vlan-interface10]ip add 192.168.1.254 24
[SW9-Vlan-interface10]int vlan 20
[SW9-Vlan-interface20]ip add 192.168.2.254 24 [SW9-GigabitEthernet1/0/2]int g1/0/3
[SW9-GigabitEthernet1/0/3]port access vlan 10
[SW9-GigabitEthernet1/0/3]int g1/0/4
[SW9-GigabitEthernet1/0/4]port access vlan 20 [SW9]int l0
[SW9-LoopBack0]ip add 9.9.9.9 32
[R1]int MP-group 1
[R1-MP-group1]ip add 202.100.1.1 24 [R1]local-user ikun class network
[R1-luser-network-ikun]password simple 123
[R1-luser-network-ikun]service-type ppp[R1]int s1/0
[R1-Serial1/0]ppp mp MP-group 1
[R1-Serial1/0]ppp authentication-mode chap
[R1-Serial1/0]ppp chap user ikun
[R1-Serial1/0]int s2/0
[R1-Serial2/0]ppp mp MP-group 1
[R1-Serial2/0]ppp authentication-mode chap
[R1-Serial2/0]ppp chap user ikun
[R2]int MP-group 1
[R2-MP-group1]ip add 202.100.1.2 24[R2]local-user ikun class network
[R2-luser-network-ikun]password simple 123
[R2-luser-network-ikun]service-type ppp[R2]int s1/0
[R2-Serial1/0]ppp mp MP-group 1
[R2-Serial1/0]ppp authentication-mode chap
[R2-Serial1/0]ppp chap user ikun
[R2-Serial1/0]int s2/0
[R2-Serial2/0]ppp mp MP-group 1
[R2-Serial2/0]ppp authentication-mode chap
[R2-Serial2/0]ppp chap user ikun
步骤2:
在sw7和sw8之间的直连链路配置链路聚合;
[SW7]int Bridge-Aggregation 1[SW7]int range g1/0/3 to g1/0/5
[SW7-if-range]port link-aggregation group 1
[SW8]int Bridge-Aggregation 1 [SW8-if-range]int range g1/0/3 to g1/0/5
[SW8-if-range]port link-aggregation group 1
步骤3:
给Vlan命名,划分Vlan;
所有交换机相连的端口配置为Trunk,放行相关Vlan;
将sw9选举为生成树的根网桥;
交换机链接PC的端口配置为边缘端口;
[SW9]vlan 10
[SW9-vlan10]name shichangbu
[SW9-vlan10]vlan 20
[SW9-vlan20]name jishubu
[SW6]int g1/0/3
[SW6-GigabitEthernet1/0/3]port link-type trunk
[SW6-GigabitEthernet1/0/3]port trunk permit vlan all
[SW6-GigabitEthernet1/0/3]port trunk pvid vlan 50[SW6-GigabitEthernet1/0/3]int g1/0/4
[SW6-GigabitEthernet1/0/4]port link-type trunk
[SW6-GigabitEthernet1/0/4]port trunk permit vlan all
[SW6-GigabitEthernet1/0/4]port trunk pvid vlan 60
[SW7]int g1/0/1
[SW7-GigabitEthernet1/0/1]port link-type trunk
[SW7-GigabitEthernet1/0/1]port trunk permit vlan all
[SW7-GigabitEthernet1/0/1]port trunk pvid vlan 50 [SW7-GigabitEthernet1/0/1]int g1/0/2
[SW7-GigabitEthernet1/0/2]port link-type trunk
[SW7-GigabitEthernet1/0/2]port trunk permit vlan all
[SW7-GigabitEthernet1/0/2]port trunk pvid vlan 30[SW7-GigabitEthernet1/0/2]int Bridge-Aggregation 1
[SW7-Bridge-Aggregation1]port link-type trunk
[SW7-Bridge-Aggregation1]port trunk permit vlan all
[SW7-Bridge-Aggregation1]port trunk pvid vlan 110
[SW8]int g1/0/1
[SW8-GigabitEthernet1/0/1]port link-type trunk
[SW8-GigabitEthernet1/0/1]port trunk permit vlan all
[SW8-GigabitEthernet1/0/1]port trunk pvid vlan 60[SW8]int g1/0/2
[SW8-GigabitEthernet1/0/2]port link-type trunk
[SW8-GigabitEthernet1/0/2]port trunk permit vlan all
[SW8-GigabitEthernet1/0/2]port trunk pvid vlan 40[SW8]int Bridge-Aggregation 1
[SW8-Bridge-Aggregation1]port link-type trunk
[SW8-Bridge-Aggregation1]port trunk permit vlan all
[SW8-Bridge-Aggregation1]port trunk pvid vlan 110
[SW9]int g1/0/1
[SW9-GigabitEthernet1/0/1]port link-type trunk
[SW9-GigabitEthernet1/0/1]port trunk permit vlan all
[SW9-GigabitEthernet1/0/1]port trunk pvid vlan 30[SW9-GigabitEthernet1/0/1]int g1/0/2
[SW9-GigabitEthernet1/0/2]port link-type trunk
[SW9-GigabitEthernet1/0/2]port trunk permit vlan all
[SW9-GigabitEthernet1/0/2]port trunk pvid vlan 40[SW9]stp priority 4096
[SW9]int g1/0/3
[SW9-GigabitEthernet1/0/3]stp edged-port
[SW9-GigabitEthernet1/0/3]int g1/0/4
[SW9-GigabitEthernet1/0/4]stp edged-port
步骤4:
按照图示分区域配置ospf协议,环回口宣告进对应区域中;
按照图示区域配置rip协议,环回口宣告进对应区域中,业务网段不允许出现协议报文;
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.5.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]area 0
[R2-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]area 2
[R3-ospf-1-area-0.0.0.2]network 172.16.7.0 0.0.0.255
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 172.16.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]area 1
[R4-ospf-1-area-0.0.0.1]network 172.16.6.0 0.0.0.255[R4-ospf-1]import-route rip
[R4-ospf-1]import-route direct [R4]rip 1
[R4-rip-1]version 2
[R4-rip-1]undo summary
[R4-rip-1]network 10.0.0.0[R4-rip-1]import-route ospf 1
[R4-rip-1]import-route direct
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 172.16.4.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]area 2
[R5-ospf-1-area-0.0.0.2]network 172.16.8.0 0.0.0.255[R5-ospf-1]import-route rip
[R5-ospf-1]import-route direct [R5]rip 1
[R5-rip-1]version 2
[R5-rip-1]undo summary
[R5-rip-1]network 10.0.0.0[R5-rip-1]import-route ospf 1
[R5-rip-1]import-route direct
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 1
[R12-ospf-1-area-0.0.0.1]network 12.12.12.12 0.0.0.0
[R12-ospf-1-area-0.0.0.1]network 172.16.5.0 0.0.0.255
[R12-ospf-1-area-0.0.0.1]network 172.16.6.0 0.0.0.255
[R13]ospf 1 router-id 13.13.13.13
[R13-ospf-1]area 2
[R13-ospf-1-area-0.0.0.2]network 13.13.13.13 0.0.0.0
[R13-ospf-1-area-0.0.0.2]network 172.16.7.0 0.0.0.255
[R13-ospf-1-area-0.0.0.2]network 172.16.8.0 0.0.0.255
步骤5:
在sw9上配置dhcp服务,为vlan10和vlan20的pc动态分配IP地址、网关和dns地址,vlan10的网关是192.168.1.254,vlan20的网关是192.168.2.254,dns为114.114.114.114;
实现内网全网互通;
[SW9]dhcp enable
[SW9]dhcp server ip-pool 1
[SW9-dhcp-pool-1]network 192.168.1.0 24
[SW9-dhcp-pool-1]gateway-list 192.168.1.254
[SW9-dhcp-pool-1]dns-list 114.114.114.114[SW9]dhcp server ip-pool 2
[SW9-dhcp-pool-2]network 192.168.2.0 24
[SW9-dhcp-pool-2]gateway-list 192.168.2.254
[SW9-dhcp-pool-2]dns-list 114.114.114.114
dhcp下发成功
测试是否实现内网全网互通
步骤6:
在R12上开启telnet远程登录服务,并做登录测试;
在R13上开启ftp文件传输服务,并做登录测试;
[R12]telnet server enable
[R12]local-user ikun23 class manage
[R12-luser-manage-ikun23]password simple 123456abcd
[R12-luser-manage-ikun23]service-type telnet
[R12-luser-manage-ikun23]authorization-attribute user-role level-15[R12]line vty 0 4
[R12-line-vty0-4]authentication-mode scheme
[R12-line-vty0-4]user-role level-15
[R13]ftp server enable
[R13]local-user ikun2021 class manage
[R13-luser-manage-ikun2021]password simple 123456abcd
[R13-luser-manage-ikun2021]service-type ftp
[R13-luser-manage-ikun2021]authorization-attribute user-role level-15[R13]line vty 0 4
[R13-line-vty0-4]authentication-mode scheme
[R13-line-vty0-4]user-role level-15
步骤7:
配置easy ip,只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网;
配置acl,只允许192.168.3.0/24网段远程登录访问R12;
配置acl,只允许192.168.4.0/24网段远程登录访问R13;
[R1]ip route-static 0.0.0.0 0 202.100.1.2
[R1]ip route-static 0.0.0.0 0 202.100.2.2
[R2]ip route-static 202.100.1.0 24 202.100.1.1
[R2]ip route-static 202.100.2.0 24 202.100.2.1[R2]ospf 1
[R2-ospf-1]import-route direct
[R2-ospf-1]import-route static [R2]acl basic 2000
[R2-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255[R2]int MP-group 1
[R2-MP-group1]nat outbound 2000
[R3]ip route-static 202.100.1.0 24 202.100.1.1
[R3]ip route-static 202.100.2.0 24 202.100.2.1[R3]ospf 1
[R3-ospf-1]import-route direct
[R3-ospf-1]import-route static [R3]acl basic 2000
[R3-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R3-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255[R3]int g5/0
[R3-GigabitEthernet5/0]packet-filter 2000 outbound
步骤8:
测试是否只有业务网段192.168.1.0/24和192.168.2.0/24的数据流可以通过R2和R3访问互联网;
测试R12是否只允许192.168.3.0/24网段远程登录访问;
测试R13是否只允许192.168.4.0/24网段远程登录访问;
![ZLMediaKit 源码分析——[3] ZLToolKit 中EventPoller之网络事件处理](http://pic.xiahunao.cn/nshx/ZLMediaKit 源码分析——[3] ZLToolKit 中EventPoller之网络事件处理)
