基础网络配置与管理综合实验报告

班级:计网........

姓名:张...........

学号:20200...............

项目拓扑图:

S1S2之间运行Trunk协议使PC1PC3通信

(PC1与PC3处于同一VLAN)。

注:两台交换机之间需要配置Trunk才能实现不同交换机下的同一个VLAN互相访问。

S1:

[H3C]sysname S1
[S1]vlan 10
[S1-vlan10]port g1/0/1
[S1-vlan10]vlan 20
[S1-vlan20]port g1/0/2
[S1-vlan20]int g1/0/4
[S1-GigabitEthernet1/0/4]port link-type trunk
[S1-GigabitEthernet1/0/4]port trunk permit vlan all
[S1-GigabitEthernet1/0/4]int g1/0/3
[S1-GigabitEthernet1/0/3]port link-type trunk
[S1-GigabitEthernet1/0/3]port trunk permit vlan all
[S1-GigabitEthernet1/0/3]qu

S2:

[H3C]sysname S2
[S2]vlan 10
[S2-vlan10]port g1/0/2
[S2-vlan10]qu
[S2]int g1/0/1
[S2-GigabitEthernet1/0/1]port link-type trunk
[S2-GigabitEthernet1/0/1]port trunk permit vlan all

R1做单臂路由使PC1PC2通信。

注:单臂路由就是在路由器以太网接口下配置若干个子接口,每个子接口对应一个VLAN,这样当路由器的以太网口连接到一个划分VLAN的二层交换机时,可以通过路由器的以太网口,实现二层交换机上多个VLAN之间的互通。而三层交换机的VLAN之间互通,则不需要路由器的配合,可在三层交换机上直接配置VLAN虚接口,每个VLAN一个虚接口,并指定IP,通过VLAN虚接口实现交换机各个VLAN之间的互通。

R1:

[R1]int g0/0.1

[R1-GigabitEthernet0/0.1]vlan-type dotlq vid 10

[R1-GigabitEthernet0/0.1]ip add 192.168.10.254 24

[R1-GigabitEthernet0/0.1]qu

[R1] int g0/0.2

[R1-GigabitEthernet0/0.2]vlan-type dotlq vid 20

[R1-GigabitEthernet0/0.2]ip add 192.168.20.254 24

[R1-GigabitEthernet0/0.2]qu

测试:

R1R2之间运行PPP协议采用PAP认证;

注:PPP协议是一种点到点在串行链路上传输IP数据包的方法。MP可以增加设备之间的互联带宽,增加设备之间的链路可靠性,提高数据转发的效率。

R1:

[R1]int s1/0
[R1-Serial1/0]ip address 10.19.0.1 24
[R1-Serial1/0]local-user papr2 class network
New local user added.
[R1-luser-network-papr2]password simple 666
[R1-luser-network-papr2]service-type ppp
[R1-luser-network-papr2]qu
[R1]int s1/0
[R1-Serial1/0]ppp authentication-mode pap

 R2:

[R2]int s1/0
[R2-Serial1/0]
[R2-Serial1/0]
[R2-Serial1/0]ip add 10.19.0.2 24
[R2-Serial1/0]ppp pap local-user papr2 password simple 666
[R2-Serial1/0]dis int s1/0
Serial1/0
Current state: UP
Line protocol state: UP
Description: Serial1/0 Interface
Band 64 kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 10.19.0.2/24 (primary)
Link layer protocol: PPP
LCP: opened, IPCP: opened
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last link flapping: 0 hours 5 minutes 25 seconds
Last clearing of counters: Never
Current system time:2021-03-14 13:39:57
Last time when physical state changed to up:2021-03-14 13:34:32
Last time when physical state changed to down:2021-03-14 13:34:27

R2R3运行PPP协议采用CHAP双向认证;

R2:
[R2]local-user r3 class network
New local user added.
[R2-luser-network-r3]password simple 666
[R2-luser-network-r3]service-type ppp
[R2-luser-network-r3]qu
[R2]int s2/0
[R2-Serial2/0]ip add 10.19.1.1 24
[R2-Serial2/0]ppp authentication-mode chap
[R2-Serial2/0]ppp chap user r2
[R2-Serial2/0]

R3:

[H3C]sysname R3
[R3]local-user r2 class network
New local user added.
[R3-luser-network-r2]password simple 666
[R3-luser-network-r2]service-type ppp
[R3-luser-network-r2]qu
[R3]int s1/0
[R3-Serial1/0]ip add 10.19.1.2 24
[R3-Serial1/0]ppp chap user r3
[R3-Serial1/0]dis int s1/0
Serial1/0
Current state: UP
Line protocol state: UP
Description: Serial1/0 Interface
Band 64 kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 10.19.1.2/24 (primary)
Link layer protocol: PPP
LCP: opened, IPCP: opened
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last link flapping: 0 hours 5 minutes 36 seconds
Last clearing of counters: Never
Current system time:2021-03-14 13:53:35
Last time when physical state changed to up:2021-03-14 13:47:59
Last time when physical state changed to down:2021-03-14 13:47:54

为了加大带宽R2RTA之间采用PPP MP捆绑:

R2:

[R2]int mp-group 1

[R2-MP-group1]ip address 19.0.0.1 29

[R2-MP-group1]qu

[R2]int s3/0

[R2-Serial3/0]ppp mp mp-group 1

[R2-Serial3/0]int s4/0

[R2-Serial4/0]ppp mp mp-group 1

[R2-Serial4/0]qu

RTA:

[RTA]int mp-group 1

[RTA-MP-group1]ip add 19.0.0.2 29

[RTA-MP-group1]int s1/0

[RTA-Serial1/0]ppp mp MP-group 1

[RTA-Serial1/0]int s2/0

[RTA-Serial2/0]ppp mp mp-group 1

[RTA]dis int mp-group 1

MP-group1

Current state: UP

Line protocol state: UP

Description: MP-group1 Interface

Band 128 kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 19.0.0.2/29 (primary)

Link layer protocol: PPP

‘’’’’’’’’’’’’’’’’’’’’’’’’’’’’’略

内部网络采用RIP动态路由使内部网络互通;

注:OSPF多区域有利于改善网络的可扩展性,快速收敛。loopback地址叫回环地址,为了方便管理,会为每一台路由器创建一个loopback接口,并在该接口上单独指定一个IP地址作为管理地址,管理员使用该地址对路由器远程登录。

R1:

[R1]rip 10
[R1-rip-10]
[R1-rip-10]network 10.19.0.0 0.0.0.255
[R1-rip-10]network 192.168.10.0
[R1-rip-10]network 192.168.20.0

R2:

[R2]rip 10
[R2-rip-10]network 10.19.0.0 0.0.0.255
[R2-rip-10]network 10.19.1.0 0.0.0.255

R3:

[R3]rip 10
[R3-rip-10]network 10.19.1.0 0.0.0.255

RTARTBRTCRTD之间采用OSPF多区域路由配置loopback地址并宣告:

RTA:

<RTA>sys
System View: return to User View with Ctrl+Z.
[RTA]int g0/0
[RTA-GigabitEthernet0/0]ip add 19.0.100.1 30
[RTA-GigabitEthernet0/0]qu
[RTA]int loopback 0
[RTA-LoopBack0]ip add 1.1.1.1 32
[RTA-LoopBack0]qu
[RTA]int g0/1
[RTA-GigabitEthernet0/1]ip add 19.0.100.5 30
[RTA-GigabitEthernet0/1]qu
[RTA]

RTB:

[RTB]int g0/0
[RTB-GigabitEthernet0/0]ip add 19.0.100.2 30
[RTB-GigabitEthernet0/0]int g0/1
[RTB-GigabitEthernet0/1]ip add 19.0.200.1 30
[RTB-GigabitEthernet0/1]qu
[RTB]int loopback 0
[RTB-LoopBack0]ip add 1.1.1.2 32
[RTB-LoopBack0]qu
[RTB]

RTC:

[RTC]int g0/0
[RTC-GigabitEthernet0/0]ip add 19.0.100.6 30
[RTC-GigabitEthernet0/0]qu
[RTC]int loopback 0
[RTC-LoopBack0]ip add 1.1.1.3 32
[RTC-LoopBack0]qu

RTD:

[RTD]int g0/0
[RTD-GigabitEthernet0/0]ip add 19.0.200.2 30
[RTD-GigabitEthernet0/0]qu
[RTD]int loopback 0
[RTD-LoopBack0]ip add 1.1.1.4 32
[RTD-LoopBack0]qu
[RTD]

添加ospf:

RTA:

[RTA]ospf 100
[RTA-ospf-100]area 0
[RTA-ospf-100-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[RTA-ospf-100-area-0.0.0.0]network 19.0.100.1 0.0.0.3
[RTA-ospf-100-area-0.0.0.0]qu
[RTA-ospf-100]area 2
[RTA-ospf-100-area-0.0.0.2]network 19.0.100.5 0.0.0.3

RTB:

[RTB]ospf 100
[RTB-ospf-100]area 0
[RTB-ospf-100-area-0.0.0.0]network 1.1.1.2 0.0.0.0
[RTB-ospf-100-area-0.0.0.0]network 19.0.100.2 0.0.0.3

[RTB-ospf-100-area-0.0.0.0]qu
[RTB-ospf-100]area 1
[RTB-ospf-100-area-0.0.0.1]network 19.0.200.1 0.0.0.3
[RTB-ospf-100-area-0.0.0.1]qu

RTC:

[RTC]
[RTC]ospf 100
[RTC-ospf-100]area 2
[RTC-ospf-100-area-0.0.0.2]network 1.1.1.3 0.0.0.0
[RTC-ospf-100-area-0.0.0.2]network 19.0.100.6 0.0.0.3

RTD:

[RTD]ospf 100
[RTD-ospf-100]area 1
[RTD-ospf-100-area-0.0.0.1]network 1.1.1.4 0.0.0.0
[RTD-ospf-100-area-0.0.0.1]network 19.0.200.2 0.0.0.3
[RTD-ospf-100-area-0.0.0.1]qu

R2RTA之间运行静态路由:

RTA:

[RTA]ip route-static 10.19.0.0 255.255.0.0 19.0.0.1
[RTA]ospf 100
[RTA-ospf-100]import-route static
[RTA-ospf-100]import-route direct
[RTA-ospf-100]

R2:

[R2]ip route-static 0.0.0.0 0.0.0.0 19.0.0.2

R1:

[R1]ip route-static 0.0.0.0 0.0.0.0 10.19.0.2

R3:

[R3]ip route-static 0.0.0.0 0.0.0.0 10.19.1.1

R3上配置telnet服务不加密认证;在RTD上配置telnet服务并设置密码认证;在RTC上配置telnet服务并设置用户认证。

R3:

[R3]telnet server enable
[R3]line vty 0
[R3-line-vty0]authentication-mode none
[R3-line-vty0]

RTD:

[RTD]telnet server enable
[RTD]line vty 0
[RTD-line-vty0]authentication-mode password
[RTD-line-vty0]set authentication password simple 666
[RTD-line-vty0]user-role telnet-admin
[RTD-line-vty0]

RTC:

[RTC]telnet server enable
[RTC]line vty 0
[RTC-line-vty0]authentication-mode scheme
[RTC-line-vty0]qu
[RTC]local-user telnetrtc
New local user added.
[RTC-luser-manage-telnetrtc]password simple 666
[RTC-luser-manage-telnetrtc]service-type telnet
[RTC-luser-manage-telnetrtc]authorization-attribute user-role telnet-admin

测试:

在R2上做NAT服务使内部网络访问Internet;

注:NAT网络地址转换,实现内网的IP地址与公网的地址之间的相互转换,将大量的内网IP地址转换为一个或少量的公网IP地址,在一个局域网内,只需要一台计算机连接上Internet,就可以利用NAT共享Internet连接,使局域网内其他计算机也可以上网。使用NAT协议,局域网内的计算机可以访问Internet上的计算机,但Internet上的计算机无法访问局域网内的计算机。一方面减少对公网IP地址的占用,同时隐藏了内部网络结构,降低内部网络受到攻击的风险。

R2:

[R2]acl basic 2000
[R2-acl-ipv4-basic-2000]rule 0 permit source 192.168.0.0 0.0.255.255
[R2-acl-ipv4-basic-2000]rule 1 permit source 10.19.0.0 0.0.255.255
[R2-acl-ipv4-basic-2000]qu
[R2]nat address-group 1
[R2-address-group-1]address 19.0.0.3 19.0.0.6
[R2-address-group-1]qu
[R2]int mp-group 1
[R2-MP-group1]nat outbound 2000 address-group 1
[R2-MP-group1]qu

[R2]

R2上配置NAT Server服务使RTD能正常访问R3telnet服务:

[R2]interface mp-group 1

[R2-MP-group1]nat server protocol tcp global 19.0.200.2 telnet inside 10.19.1.3 telnet

使用ACL访问控制列表实现:

访问控制列表(ACL)是应用在路由器接口的指令列表(即规则),这些指令列表用来告诉路由器,那些数据包可以接受,那些数据包需要拒绝。ACL使用包过滤技术,在路由器上读取OSI七层模型的第3层和第4层包头中的信息。如源地址、目标地址、源端口、目标端口等,根据预先定义好的规则对包进行过滤,从而达到访问控制的目的。

[R2]acl advanced 3000

[R2-acl-ipv4-adv-3000]rule deny ip source 192.168.10.1 0.0.0.0 destination 19.0.200.2 0.0.0.0
[R2-acl-ipv4-adv-3000]no rule 0
[R2-acl-ipv4-adv-3000]rule 0 deny ip source 192.168.20.1 0.0.0.0 destination 19.0.100.6 0.0.0.0
[R2-acl-ipv4-adv-3000]rule 1 deny 23 source 10.19.0.1 0.0.0.0 destination 19.0.200.2 0.0.0.0
[R2-acl-ipv4-adv-3000]qu
[R2]int s1/0
[R2-Serial1/0]packet-filter 3000 inbound
[R2-Serial1/0]qu
[R2]

禁止PC2访问RTC的所有服务:

禁止R1访问RTDtelnet服务:

.

如有错误请大佬指正

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/BlogAlias/p/14531807.html