• 初级作业2

     拓扑需求

    交换部分:
1.将SW1-SW2间的e0/0/5、e0/0/6配置为手工方式的eth-trunk,链路编号为eth-trunk 12
2.将SW1、SW2、SW3、SW4间的所有链路配置为trunk
3.在SW1、SW2、SW3、SW4上创建vlan10、vlan20、vlan11、vlan12:
4.在SW1、SW2、SW3、SW4上开启STP协议
5.将SW1设置为所有VLAN的根交换机,将SW2设置为所有VLAN的备份根交换机
6.将PC3、PC4划入vlan10、将PC7、PC8划入vlan20:

路由部分:
1.IP地址规划如下:  
                    vlan10 ----------- 10.1.10.0/24
                    vlan20 ----------- 10.1.20.0/24
                    vlan11 ----------- 10.1.11.0/24
                    vlan12 ----------- 10.1.12.0/24
                    R1-R2 ------------ 12.1.1.0/24
                    R2-Client2 ------------ 20.1.1.0/24

2.将SW1设置为vlan10、vlan20的网关,IP地址为vlan对应网段的最后一个可用IP
3.将SW2设置为vlan10、vlan20的备份网关,IP地址为vlan对应网段的倒数第二个可用IP:
4.将SW1的e0/0/1接口划入vlan11,并为vlan11配置对应网段的第一个可用IP:
5.将SW2的e0/0/1接口划入vlan12,并为vlan12配置对应网段的第一个可用IP:
6.将R1的g0/0/0接口IP配置为10.1.11.0/24网段的最后一个可用IP:
7.将R1的g0/0/1接口IP配置为10.1.12.0/24网段的最后一个可用IP:
8.配置R1-R2相连接口的IP地址,R1配置网段第一个可用IP,R2配置网段第二个可用IP:
9.配置R2-Client2相连接口的IP地址,Client2配置网段第一个可用IP,R2配置网段最后一个可用IP
10.在SW1、SW2、R1间运行OSPF 100,将vlan10、vlan20、vlan11、vlan12对应网段宣告进area0
11.在R1上添加缺省静态路由,将下一跳指向R2
12.在R1上将缺省静态路由发布进OSPF 100
13.在R1-R2间运行OSPF 200,将R1-R2间网段以及R2-Client2间网段宣告进area0


访问控制部分:
1.在R1上配置PAT,让vlan10、vlan20内的所有主机共用12.1.1.10/24这个IP访问Client2
2.要求vlan10内的主机可以访问Client2的web服务,但不能访问Client2的ftp服务;
      vlan20内的主机可以访问Client2的ftp服务,但不能访问Client2的web服务
      其余流量不做限制:

    SW1配置

    vlan batch 10 to 12 20
stp mode stp
stp instance 0 priority 0
    
interface Vlanif10
 ip address 10.1.10.254 255.255.255.0
#
interface Vlanif11
 ip address 10.1.11.1 255.255.255.0
#
interface Vlanif20
 ip address 10.1.20.254 255.255.255.0

interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 11

interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
 eth-trunk 12
#
interface Ethernet0/0/6
 eth-trunk 12

ospf 100 router-id 1.1.1.1
 area 0.0.0.0
  network 10.1.10.0 0.0.0.255
  network 10.1.20.0 0.0.0.255
  network 10.1.11.0 0.0.0.255
#

    SW2配置

    vlan batch 10 to 12 20
    stp mode stp
stp instance 0 priority 4096    

interface Vlanif10
 ip address 10.1.10.253 255.255.255.0
#
interface Vlanif12
 ip address 10.1.12.1 255.255.255.0
#
interface Vlanif20
 ip address 10.1.20.253 255.255.255.0

interface Eth-Trunk12
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 12

interface Ethernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
 eth-trunk 12
#
interface Ethernet0/0/6
 eth-trunk 12

ospf 100 router-id 2.2.2.2
 area 0.0.0.0
  network 10.1.10.0 0.0.0.255
  network 10.1.20.0 0.0.0.255
  network 10.1.12.0 0.0.0.255

    SW3配置

    vlan batch 10 to 12 20
    stp mode stp
     interface Ethernet0/0/1 
    port link    -type access 
    port     default vlan 10 
    interface Ethernet0/0/2 
    port link    -type access 
    port     default vlan 20 
    interface Ethernet0/0/3 
    port link    -type trunk 
    port trunk allow    -pass vlan 2 to 4094

    interface Ethernet0/0/4

     port link-type trunk port 
    trunk allow    -pass vlan 2 to 4094

    SW4配置

    vlan batch 10 to 12 20
    stp mode stp
    interface Ethernet0/0/1

     port link-type access
     port     default vlan 10 
         interface Ethernet0/0/2 
    port link    -type access 
    port     default vlan 20

    interface Ethernet0/0/3

     port link-type trunk
     port trunk allow    -pass vlan 2 to 4094 
    interface Ethernet0/0/4 
    port link    -type trunk 
    port trunk allow    -pass vlan 2 to 4094

    AR1配置

    acl number 2000  
 rule 5 permit source 10.1.10.0 0.0.0.255 
 rule 10 permit source 10.1.20.0 0.0.0.255 
#
acl number 3000  
 rule 5 permit tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination
-port eq www 
 rule 10 deny tcp source 10.1.10.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq ftp 
 rule 15 permit tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destinatio
n-port eq ftp 
 rule 20 deny tcp source 10.1.20.0 0.0.0.255 destination 20.1.1.1 0 destination-
port eq www 

nat address-group 0 12.1.1.10 12.1.1.10
#
interface GigabitEthernet0/0/0
 ip address 10.1.11.254 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.1.12.254 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 12.1.1.1 255.255.255.0 
 traffic-filter outbound acl 3000
 nat outbound 2000 address-group 0 

ospf 100 router-id 3.3.3.3 
 default-route-advertise
 area 0.0.0.0 
  network 10.1.11.0 0.0.0.255 
  network 10.1.12.0 0.0.0.255 
#
ospf 200 router-id 3.3.3.3 
 area 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2

    AR2配置

    interface GigabitEthernet0/0/0
 ip address 20.1.1.254 255.255.255.0 

interface GigabitEthernet0/0/2
 ip address 12.1.1.2 255.255.255.0 

ospf 200 router-id 5.5.5.5 
 area 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
  network 20.1.1.0 0.0.0.255

    stp mod stp
  • 相关阅读:
    Inno Setup执行SQL脚本的方法
    批处理命令篇--配置免安装mysql
    nsis安装包_示例脚本语法解析
    全方位掌握nsis脚本
    dos批处理知识
    mysql alter 语句用法,添加、修改、删除字段等
    .Net WebAPI 增加Swagger
    CentOS 7 Docker
    四:Ionic Framework不支持Android4.2.2的解决方法
    二:Ionic Framework支持Android开发
  • 原文地址:https://www.cnblogs.com/liujunjun/p/13031293.html
Copyright © 2020-2023  润新知