上個禮拜歐鵬蘭博公司的教學總監來學校教我們CCNA課程。在老師走之前,給我們佈置了一個作業,這個作業是他在教我們CCNA的6天期間所有涉及知識的總結實驗。
實驗工具:
Cisco Packet Tracer 5.3
實驗拓撲圖:
實驗要求:
1、Router0以下爲企業內部網絡,以上爲公網
2、爲此內部網絡創建VTP域
3、PC0和PC2在VLAN100中,
PC1和PC3在VLAN200中,
PC4和PC5在VLAN300中
4、Router1下爲分支機構,PC6在VLAN10中
Server0和Server1在VLAN20中
5、在內部網絡中部署EIGRP,要求所有設備都
能夠正常互相訪問
6、Server0爲一臺mail服務器,允許所有設備的
mail訪問,但拒絕其它流量
7、Server1爲一臺FTP服務器,只允許VLAN100內
的用戶使用其FTP服務,拒絕其它流量
8、PC7是一臺網絡管理員使用的設備,內網中所有
網絡設備只允許此臺設備telnet。
9、爲所有網絡設備設置特權模式密文密碼和telnet密碼
10、Router2和Router3爲ISP的路由器,在兩臺設備上
啓用OSPF協議,都在同一個區域當中
11、ISP的路由器不能和企業邊界路由器形成路由協議
的鄰居關係
12、在企業邊界路由器上做NAT,要求內部網絡中所有
地址在訪問公網時都使用此臺設備的公網IP
13、Server2是一臺公網上的web服務器,配置訪問控制
列表使得此服務器只允許www和PING的流量。
14、核心交換是所有VLAN的根橋
實驗配置:
Core:
Building configuration…
Current configuration : 2000 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
no switchport
ip address 10.1.252.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
no switchport
ip address 10.1.254.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
no switchport
ip address 10.1.253.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.10.1 255.255.255.0
!
interface Vlan100
ip address 10.1.1.1 255.255.255.0
!
interface Vlan200
ip address 10.1.2.1 255.255.255.0
!
interface Vlan300
ip address 10.1.3.1 255.255.255.0
!
router eigrp 100
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.252.0 0.0.0.255
network 10.1.253.0 0.0.0.255
network 10.1.254.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.254.1
!
!
access-list 1 permit host 10.1.253.254
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end
Gateway:
Building configuration…
Current configuration : 743 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.254.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
router eigrp 100
network 10.1.254.0 0.0.0.255
auto-summary
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.2
!
access-list 1 permit 10.1.0.0 0.0.255.255
!
no cdp run
!
line con 0
line vty 0 4
password zjicm
login
!
end
Branch:
Building configuration…
Current configuration : 900 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 10.1.252.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 10
ip address 10.1.4.1 255.255.255.0
!
interface FastEthernet0/1.2
encapsulation dot1Q 20
ip address 10.1.5.1 255.255.255.0
!
router eigrp 100
network 10.1.4.0 0.0.0.255
network 10.1.5.0 0.0.0.255
network 10.1.252.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.252.1
!
access-list 1 permit host 10.1.253.254
!
no cdp run
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end
ISP
Building configuration…
Current configuration : 552 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.2.1 255.255.255.0
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
network 200.1.2.0 0.0.0.255 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end
Switch_Core:
Building configuration…
Current configuration : 1253 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 100
!
interface FastEthernet0/2
switchport access vlan 200
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.10.2 255.255.255.0
!
ip default-gateway 10.1.10.1
!
access-list 1 permit host 10.1.253.254
line con 0
!
line vty 0 4
access-class 1 in
password zjicm
login
line vty 5 15
login
!
end
Switch_Branch
Building configuration…
Current configuration : 1220 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.20.2 255.255.255.0
!
ip default-gateway 10.1.20.1
!
line con 0
!
line vty 0 4
password zjicm
login
line vty 5 15
login
!
end
總結:
自己在老師講解之前不會的地方:
1.pc7 如何管理Branch的Switch。
2.在局域網配置ospf的時候,我把Gateway忘記配置了,導致內網終端無法ping通外網。
3.在Gateway和ISP之間聲明路由應該用再分配(redistribute)。
4.pc7 管理Core下Switch我用的是創建新的vlan然後管理,但是如果這樣的話,無法管理Branch的Switch,應該再舊有的vlan(比如vlan1)上管理。
5.一開始的時候沒有想到單臂路由。