期末的专业实训,在cisco6.0下配置一个简单的局域网。主要用到了下面几个技术:dhcp中继、vlan的划分、链路聚合、静态nat、ospf协议、访问控制列表。先看一下总的拓扑图,在分步实现功能。
- 2、全网配置OSPF协议。
- 3、总部和分部分别配置NAT。
- 4、公司总部LSW1、LSW2之间配置链路聚合。
- 5、公司分部的Ser服务器负责vlan10、vlan20的ip地址分配。在安全上要求vlan20不允许访问Ser上的www服务
0x01:公司分部(共四个网段10.28.4.0 10.28.5.0 10.28.6.0 10.28.7.0)
配置ser的ip,如下:
配置dhcp:
在三层交换机上配置dhcp中继:
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 100 //创建vlan
VLAN 100 added:
Name: VLAN0100
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up //分别为vlan绑定网段的掩码
ip address 10.28.6.254 255.255.255.0
Switch(config-if)#ip help
Switch(config-if)#ip helper-address 10.28.5.1 //为vlan配置中继代理
Switch(config-if)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
ip address 10.28.7.254 255.255.255.0
Switch(config-if)#ip help
Switch(config-if)#ip helper-address 10.28.5.1
Switch(config-if)#int vlan 100
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan100, changed state to up
ip address 10.28.5.254 255.255.255.0
Switch(config-if)#int f0/1
Switch(config-if)#swiyc
Switch(config-if)#switc
Switch(config-if)#switchport access vlan 10
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#int f0/2
Switch(config-if)#switchport access vlan 20
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#int f0/24
Switch(config-if)#switchport access vlan 100
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
Switch(config-if)#exit
把vlan10和vlan20的IP获取设置为dhcp模式,查看分配IP。
在三层交换机上配置ospf,为了能够让vlan10、vlan20与ser互通:
Switch(config)#ip routing Switch(config)#router ospf 1 Switch(config-router)#network 10.28.4.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.5.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.6.0 0.0.0.255 area 0 Switch(config-router)#network 10.28.7.0 0.0.0.255 area 0 Switch(config-router)#exit Switch(config)#exit
查看连通性
访问ser的www服务
在三成交换机上配置扩展ACL,阻止vlan20访问ser的www服务。
Switch(config)#access Switch(config)#access-list 101 deny tcp 10.28.7.0 0.0.0.255 10.28.5.0 0.0.0.255 eq www //tcp后面依次是要被阻止的网段、阻止网段的反向掩码、ser的网段。ser的反向掩码 Switch(config)#ac Switch(config)#access-list 101 permit ip any any Switch(config)#int vlan 100 Switch(config-if)#ip accrss Switch(config-if)#ip acce Switch(config-if)#ip access-group 101 out Switch(config-if)#
用vlan20再次访问ser的www服务,访问失败
0x02:公司总部 (共四个网段 10.28.10.0 10.28.20.0 10.28.30.0 10.28.40.0)
首先为pc2、pc3手动设置IP
然后依次在左边交换机和右边交换机生配置链路聚合
左边交换机配置:
Switch(config)#host S1 S1(config)#vlan 10 S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#exit S1(config)#int range f0/10 - 11 S1(config-if-range)#switchport trunk encapsulation dot1q S1(config-if-range)#switchport mode trunk S1(config-if-range)#duplex full S1(config-if-range)#speed 100 S1(config-if-range)#channel-group 1 mode active S1(config-if-range)#exit S1(config)#int vlan 10 S1(config-if)#ip address 10.28.10.254 255.255.255.0 S1(config-if)#int vlan 20 S1(config-if)#ip address 10.28.20.254 255.255.255.0 S1(config-if)#exit S1(config)#ip routing S1(config)#int f0/2 S1(config-if)#switch S1(config-if)#switchport access vlan 10 S1(config-if)#
右边交换机配置:
Switch(config)#host S2 S2(config)#vlan 10 S2(config-vlan)#exit S2(config)#vlan 20 S2(config-vlan)#exit S2(config)#int range f0/10 - 11 S2(config-if-range)#switchport trunk encapsulation dot1q S2(config-if-range)#switchport mode trunk S2(config-if-range)#duplex full S2(config-if-range)#speed 100 S2(config-if-range)#channel-group 1 mode passive S2(config-if-range)#exit S2(config)#int vlan 10 S2(config-if)#ip address 10.28.10.254 255.255.255.0 S2(config-if)#exit S2(config)#int vlan 20 S2(config-if)#ip address 10.28.20.254 255.255.255.0 S2(config-if)#exit S2(config)#ip routing S2(config)#int f0/2 S2(config-if)#switc S2(config-if)#switchport access vlan 20 S2(config-if)#
检测连通性,pc2 ping pc3:
给上面路由器的f0/1、f1/0接口和两个交换机的f0/1接口配置IP。
Router(config)#int f0/1 Router(config-if)#ip address 10.28.30.1 255.255.255.0 Router(config-if)#no shu Router(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up Router(config-if)#int f1/0 Router(config-if)#ip address 10.28.40.1 255.255.255.0 Router(config-if)#no shu Router(config-if)# %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up Router(config-if)#
S1(config)#int f0/1 S1(config-if)#no switch S1(config-if)#no switchport S1(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up S1(config-if)#ip address 10.28.30.2 255.255.255.0 S1(config-if)#
S2(config)#int f0/1 S2(config-if)#no switch S2(config-if)#no switchport S2(config-if)# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up S2(config-if)#ip address 10.28.40.2 255.255.255.0
在两个交换机上配置ospf
S1(config)#router ospf 1 S1(config-router)#network 10.28.10.0 0.0.0.255 area 0 S1(config-router)#network 10.28.20.0 0.0.0.255 area 0 S1(config-router)#network 10.28.30.0 0.0.0.255 area 0 S1(config-router)#network 10.28.40.0 0.0.0.255 area 0 S1(config-router)#exit S1(config)#exit
0x03:连接总部分部(两个接口使用100.100.100.1 和 100.100.100.2)
给两个路由器的接口配置IP和ospf
Router(config)#int f0/0 Router(config-if)#ip address 100.100.100.1 255.255.255.0 Router(config-if)#no shu
Router(config)#int f0/0 Router(config-if)#ip address 100.100.100.2 255.255.255.0 Router(config-if)#no shu
Router(config-router)#router ospf 1 Router(config-router)#network 10.28.30.0 0.0.0.255 area 0 Router(config-router)#network 10.28.40.0 0.0.0.255 area 0 Router(config-router)#network 100.100.100.0 0.0.0.255 area 0 Router(config-router)#exit Router(config)#exit
Router(config)#router ospf 1 Router(config-router)#network 10.28.4.0 0.0.0.255 area 0 Router(config-router)#network 100.100.100.0 0.0.0.255 area 0 Router(config-router)#exit
然后用左边的pc去ping一下右边的服务器,检查连通性。
0x04:在两个路由器上配置nat。
左边路由器配置如下:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Router(config)#int f0/1 Router(config-if)#ip nat inside Router(config-if)#int f1/0 Router(config-if)#ip nat inside Router(config-if)#int f0/0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip nat inside source static 10.28.10.1 100.100.100.3 Router(config)#ip nat inside source static 10.28.20.1 100.100.100.4 Router(config)#end Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 100.100.100.3 10.28.10.1 --- --- --- 100.100.100.4 10.28.20.1 --- ---
右边路由器配置如下:
Router(config)#int f0/1 Router(config-if)#ip nat inside Router(config-if)#int f0/0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip nat inside source static 10.28.6.1 100.100.100.5 //static后面跟数据报来源(右边两台pc)的IP和公网的IP(100.100.100.x) Router(config)#ip nat inside source static 10.28.7.1 100.100.100.6 Router(config)#end Router#show ip nat trans Pro Inside global Inside local Outside local Outside global --- 100.100.100.5 10.28.6.1 --- --- --- 100.100.100.6 10.28.7.1 --- --- Router#
再次ping右边的服务器
最后在路由器上看一下nat表,检车地址是否转换成功。
(ps:本人太菜,若有错误的地方欢迎大佬随时责骂。。。。xixixii)