姓名:侯堂杰
学号:069109082
班级:09级网络工程4班
指导老师:李相海
一、需求分析
组建和管理一个完整的中小企业网络,完成以下网络需求,详图见实施方案:
(1)路由器的基本配置,对路由器设置使能密码,加密使能密码,虚拟终端线密码,并且能够telnet登录;
(2)使用标准访问控制列表ACL,进行控制,让左边的主机可以访问,右边的不能访问。
(3)使用静态路由,为路由器增加静态路由命令,让路由器之间可以互相访问。
(4)对路由器配置RIP协议或者OSPF协议,在路由器上面运行rip协议或者ospf协议。
(5)对交换机进行配置(基本配置和路由器一样),划分VLAN,四个站点中选两个作为vlan1,另外两个是lan2。
(6)远程访问技术的NAT技术(PAT),通过地址转换,节省IP地址,对内网和的IP进行转换。
(7)使用的ping 命令和诊断命令show 和debug验证配置效果。
二、网络拓扑图
三、设备的属性值基本规划
1.Router 0 (cisco 1841)
| IP | 端口 | 描述 |
| 200.10.0.2/24 | s0/1/0 | Internet端口 |
| IP | 端口 | 描述 |
| 200.10.0.1/24 | s0/1/0 | 接口 |
| 192.168.0.1/24 | F0/0 | 内网接口 |
| IP | 端口 | 描述 |
| 192.168.0.2/24 | F0/1 | Vlan2 |
| 192.168.1.1/24 | F0/2 | Vlan3 |
| 192.168.2.1/24 | F0/3 | Vlan4 |
| Pc0 | 192.168.1.2/24 |
| Pc1 | 192.168.1.3/24 |
| Pc2 | 192.168.2.2/24 |
| Pc3 | 192.168.2.3/24 |
1.出口路由(Router1)
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!
Router >
Router >en
Router #config t
Router(config)#hostname Chukou
Chukou(config)#inter s0/1/0
Chukou(config-if)#ip add 200.10.0.1 255.255.255.0
Chukou(config-if)#no shut
Chukou(config-if)#inter f0/0
Chukou(config-if)#ip add 192.168.0.1 255.255.255.0
Chukou(config-if)#no shut
Chukou>
Chukou>en
Chukou#config t
Chukou(config)#router ospf 100
Chukou(config-chukou)#network 192.168.0.0 0.0.0.255 area 0
Chukou(config-chukou)#exit
Chukou(config)#ip route 0.0.0.0 0.0.0.0 s0/1/0
Chukou(config)#router ospf 100
Chukou(config-chukou)#default-information originate
Chukou(config-chukou)#exit
Chukou(config)#inter f0/0
Chukou(config-if)#ip nat inside
Chukou(config-if)#inter s0/1/0
Chukou(config-if)#ip nat outside
Chukou(config-if)#exit
Chukou(config)#access-list 1 permit 192.168.0.0 0.0.255.255
Chukou(config)#ip nat inside source list 1 interface s0/1/0 overload
Chukou(config)#end
Chukou#debug ip nat
IP NAT debugging is on
Chukou#
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[1]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[1]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[2]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[2]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[3]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[3]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[4]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[4]
Chukou#no debug ip nat
IP NAT debugging is off
Chukou#config t
Chukou(config)#enable password 123
Chukou(config)#enable secret aaa
Chukou(config)#line vty 0 4
Chukou(config-line)#password 123
Chukou(config-line)#login
Chukou(config-line)#end
Chukou#w
Building configuration...
[OK]
2.核心交换机(Multilayer Switch0)
Press RETURN to get started!
Switch>en
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#exit
Switch(config)#vlan 4
Switch(config-vlan)#exit
Switch(config)#inter vlan 2
Switch(config-if)#ip add 192.168.0.2 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#inter vlan 3
Switch(config-if)#ip add 192.168.1.1 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#inter vlan 4
Switch(config-if)#ip add 192.168.2.1 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#inter f0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#inter f0/2
Switch(config-if)#switchport access vlan 3
Switch(config-if)#inter f0/3
Switch(config-if)#switchport access vlan 4
Switch(config-if)#end
Switch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
4 VLAN0004 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
Switch# config t
Switch(config)#router ospf 100
Switch(config-router)#network 192.168.0.0 0.0.0.255 area 0
Switch(config-router)#network 192.168.1.0 0.0.0.255 area 0
Switch(config-router)#network 192.168.2.0 0.0.0.255 area 0
Switch(config-router)#end
Switch#show ip rou
Switch#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
C 192.168.0.0/24 is directly connected, Vlan2
C 192.168.1.0/24 is directly connected, Vlan3
C 192.168.2.0/24 is directly connected, Vlan4
O*E2 0.0.0.0/0 [110/1] via 192.168.0.1, 00:00:15, Vlan2
Switch#config t
Switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Switch(config)#access-list 1 deny any
Switch(config)#inter vlan 2
Switch(config-if)#ip access-group 1 out
Switch(config-if)#exit
Switch(config)#enable password 123
Switch(config)#enable secret aaa
Switch(config)#line vty 0 4
Switch(config-line)#password 123
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#exit
Switch#exit
Switch>
Switch>en
Password:
Switch#config
Configuring from terminal, memory, or network [terminal]?
Switch(config)#
Switch(config)#end
Switch#w
Building configuration...
[OK]
3.Internet路由器(Router 0)
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Router>
Router>en
Router#config t
Router(config)#inter s0/1/0
Router(config-if)#ip add 200.10.0.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#clock rate 9600
Router>en
Router#config t
Router(config)#enable password 123
Router(config)#enable secret aaa
Router(config)#line vty 0 4
Router(config-line)#password 123
Router(config-line)#login
Router(config-line)#end
Router#w
Building configuration...
[OK]
五.验证结果
1.验证ACL
PC0 :
PC>ping 200.10.0.2
Pinging 200.10.0.2 with 32 bytes of data:
Reply from 200.10.0.2: bytes=32 time=406ms TTL=253
Reply from 200.10.0.2: bytes=32 time=184ms TTL=253
Reply from 200.10.0.2: bytes=32 time=203ms TTL=253
Reply from 200.10.0.2: bytes=32 time=157ms TTL=253
Ping statistics for 200.10.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 157ms, Maximum = 406ms, Average = 237ms
PC>
PC1:
Packet Tracer PC Command Line 1.0
PC>ping 200.10.0.2
Pinging 200.10.0.2 with 32 bytes of data:
Reply from 200.10.0.2: bytes=32 time=312ms TTL=253
Reply from 200.10.0.2: bytes=32 time=250ms TTL=253
Reply from 200.10.0.2: bytes=32 time=190ms TTL=253
Reply from 200.10.0.2: bytes=32 time=187ms TTL=253
Ping statistics for 200.10.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 187ms, Maximum = 312ms, Average = 234ms
PC>
PC2:
Packet Tracer PC Command Line 1.0
PC>ping 200.10.0.2
Pinging 200.10.0.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 200.10.0.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
PC3:
Packet Tracer PC Command Line 1.0
PC>ping 200.10.0.2
Pinging 200.10.0.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 200.10.0.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
2.验证vlan信息
Switch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
4 VLAN0004 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
3.验证NAT
IP NAT debugging is on
Chukou#
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[1]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[1]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[2]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[2]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[3]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[3]
NAT: s=192.168.1.2->200.10.0.1, d=200.10.0.2[4]
NAT*: s=200.10.0.2, d=200.10.0.1->192.168.1.2[4]
Chukou#no debug ip nat
IP NAT debugging is off
Copyright © 2019-2025 51dongshi.net 版权所有
违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务
