网络综合调试.docx
- 文档编号:12569595
- 上传时间:2023-04-20
- 格式:DOCX
- 页数:13
- 大小:206.03KB
网络综合调试.docx
《网络综合调试.docx》由会员分享,可在线阅读,更多相关《网络综合调试.docx(13页珍藏版)》请在冰豆网上搜索。
网络综合调试
一、【试题案例说明】
1、设计的网络拓扑结构如下:
二、【设备配置要求】
1、按照题意给所有交换机和路由器配置hostname,例如RA,SWC。
2、根据拓扑所示连接各个设备。
3、根据拓扑给交换配置VLAN,每个接入层交换机上分别有2个不同VLAN。
SWC和SWD作为DHCPSERVER给用户分配IP地址。
4、配置MSTP实现汇聚层负载均衡
5、所有设备之间互联地址规划为10.0.0.1/24网段,为了保证设备的安全性,要求每两台设备之间的互联地址为不同网段。
6、RA、RB之间使用V.35线缆连接,并封装PPP协议,PPP采用CHAP进行认证;RA和RB的验证用户名以及密码均为digitalchina
7、汇聚层之间采用OSPF动态路由协议互联,路由器之间采用静态路由协议互联,要求内网全通
8、RA上配置NAT地址转换,内网所有用户都能上网。
并开启安全防护功能。
9、做访问控制列表,任何用户不能通过ping访问服务器。
1、各交换机和路由器的hostname,
Switch>System
Switch#systemSWC
SWC#
2、接入层所要用的相关技术及协议,VLAN、DHCP、MSTP的配置
--------------------------VLAN
SWC#vlan10
[SWC—vlan10]vlan20
[SWC—vlan20]vlan30
[SWC—vlan30]vlan40
[SWC—vlan40]quit
[SWC]inte1/0/1
[SWC-Ethernet1/0/1]portlink-typetrunk
[SWC-Ethernet1/0/1]porttrunkpermitvlan10203040
[SWC-Ethernet1/0/1]intEthernetE1/2
[SWC-Ethernet1/0/2]portlink-typetrunk
[SWC-Ethernet1/0/2]porttrunkpermitvlan10203040
[SWC-Ethernet1/0/2]intEthernetE1/3
[SWC-Ethernet1/0/3]portlike-typetrunk
[SWC-Ethernet1/0/3]porttrunkpermitvlan10203040
[SWC-Ethernet1/0/3]quit
[SWC]stpregion-configuration
[SWC-mst-region]region-nameH3C
[SWC-mst-region]instance1vlan1030
[SWC-mst-region]instance2vlan2040
[SWC]stpinstance1rootprimary
[SWC]stpinstance2rootsecondary
[SWC]stpmodemstp
[SWC]stpenable
SWD#vlan10
[SWD—vlan10]vlan20
[SWD—vlan20]vlan30
[SWD—vlan30]vlan40
[SWD—vlan40]quit
[SWD]inte1/0/1
[SWD-Ethernet1/0/1]portlink-typetrunk
[SWD-Ethernet1/0/1]porttrunkpermitvlan10203040
[SWD-Ethernet1/0/1]intEthernetE1/0/2
[SWD-Ethernet1/0/2]portlink-typetrunk
[SWD-Ethernet1/0/2]porttrunkpermitvlan10203040
[SWD-Ethernet1/0/2]intEthernetE1/0/3
[SWD-Ethernet1/0/3]portlike-typetrunk
[SWD-Ethernet1/0/3]porttrunkpermitvlan10203040
[SWD-Ethernet1/0/3]quit
[SWD]stpregion-configuration
[SWD-mst-region]region-nameH3C
[SWD-mst-region]instance1vlan1030
[SWD-mst-region]instance2vlan2040
[SWD]stpinstance2rootprimary
[SWD]stpinstance1rootsecondary
[SWD]stpmodemstp
[SWD]stpenable
SWE#vlan10
[SWE—vlan10]vlan20
[SWE—vlan20]vlan30
[SWE—vlan30]vlan40
[SWE—vlan40]quit
[SWE]inte1/0/1
[SWE-Ethernet1/0/1]portlink-typetrunk
[SWE-Ethernet1/0/1]porttrunkpermitvlan10203040
[SWE-Ethernet1/0/1]intEthernetE1/0/2
[SWE-Ethernet1/0/2]portlink-typetrunk
[SWE-Ethernet1/0/2]porttrunkpermitvlan10203040
[SWE-Ethernet]quit
[SWE]vlan10
[SWE-vlan10]portEthernet1/0/3toEthernet1/0/10
[SWE-Ethernet]quit
[SWE]vlan20
[SWE-vlan20]portEthernet1/0/11toEthernet1/0/20
[SWE-vlan20]quit
[SWE]stpregion-configuration
[SWE-mst-region]region-nameH3C
[SWE-mst-region]instance1vlan1030
[SWE-mst-region]instance2vlan2040
[SWE]stpmodemstp
[SWE]stpenable
SWF#vlan10
[SWF—vlan10]vlan20
[SWF—vlan20]vlan30
[SWF—vlan30]vlan40
[SWF—vlan40]quit
[SWF]inte1/0/1
[SWF-Ethernet1/0/1]portlink-typetrunk
[SWF-Ethernet1/0/1]porttrunkpermitvlan10203040
[SWF-Ethernet1/0/1]intEthernetE1/0/2
[SWF-Ethernet1/0/2]portlink-typetrunk
[SWF-Ethernet1/0/2]porttrunkpermitvlan10203040
[SWF-Ethernet]quit
[SWF]vlan30
[SWF-vlan30]portEthernet1/0/3toEthernet1/0/10
[SWF-Ethernet]quit
[SWF]vlan40
[SWF-vlan40]portEthernet1/0/11toEthernet1/0/20
[SWF-vlan20]quit
[SWF]stpregion-configuration
[SWF-mst-region]region-nameH3C
[SWF-mst-region]instance1vlan1030
[SWF-mst-region]instance2vlan2040
[SWF]stpmodemstp
[SWF]stpenable
-----------------------------DHCP
[SWC]intvlan10
[SWC-Vlan10]ipadd10.0.0.33255.255.255.224
[SWC-Vlan10]quit
[SWC]dhcpenable
[SWC]dhcpserverip-poolh3c
[SWC-dhcp-pool-h3c]network10.0.0.32mask255.255.255.224
[SWC-dhcp-pool-h3c]gateway-list10.0.0.33
[SWC]dhcpserverforbidden-ip10.0.0.33
[SWC]intvlan20
[SWC-Vlan20]ipadd10.0.0.65255.255.255.224
[SWC-Vlan20]quit
[SWC]dhcpenable
[SWC]dhcpserverip-poolh3c
[SWC-dhcp-pool-h3c]network10.0.0.64mask255.255.255.224
[SWC-dhcp-pool-h3c]gateway-list10.0.0.65
[SWC]dhcpserverforbidden-ip10.0.0.65
[SWC]intvlan30
[SWC-Vlan30]ipadd10.0.0.97255.255.255.224
[SWC-Vlan30]quit
[SWC]dhcpenable
[SWC]dhcpserverip-poolh3c
[SWC-dhcp-pool-h3c]network10.0.0.96mask255.255.255.224
[SWC-dhcp-pool-h3c]gateway-list10.0.0.97
[SWC]dhcpserverforbidden-ip10.0.0.97
[SWC]intvlan40
[SWC-Vlan40]ipadd10.0.0.129255.255.255.224
[SWC-Vlan40]quit
[SWC]dhcpenable
[SWC]dhcpserverip-poolh3c
[SWC-dhcp-pool-h3c]network10.0.0.128mask255.255.255.224
[SWC-dhcp-pool-h3c]gateway-list10.0.0.129
[SWC]dhcpserverforbidden-ip10.0.0.129
[SWD]intvlan10
[SWD-Vlan10]ipadd10.0.0.33255.255.255.224
[SWD-Vlan10]quit
[SWD]dhcpenable
[SWD]dhcpserverip-poolh3c
[SWD-dhcp-pool-h3c]network10.0.0.32mask255.255.255.224
[SWD-dhcp-pool-h3c]gateway-list10.0.0.33
[SWD]dhcpserverforbidden-ip10.0.0.33
[SWD]intvlan20
[SWD-Vlan20]ipadd10.0.0.65255.255.255.224
[SWD-Vlan20]quit
[SWD]dhcpenable
[SWD]dhcpserverip-poolh3c
[SWD-dhcp-pool-h3c]network10.0.0.64mask255.255.255.224
[SWD-dhcp-pool-h3c]gateway-list10.0.0.65
[SWD]dhcpserverforbidden-ip10.0.0.65
[SWD]intvlan30
[SWD-Vlan30]ipadd10.0.0.97255.255.255.224
[SWD-Vlan30]quit
[SWD]dhcpenable
[SWD]dhcpserverip-poolh3c
[SWD-dhcp-pool-h3c]network10.0.0.96mask255.255.255.224
[SWD-dhcp-pool-h3c]gateway-list10.0.0.97
[SWD]dhcpserverforbidden-ip10.0.0.97
[SWD]intvlan40
[SWD-Vlan40]ipadd10.0.0.129255.255.255.224
[SWD-Vlan40]quit
[SWD]dhcpenable
[SWD]dhcpserverip-poolh3c
[SWD-dhcp-pool-h3c]network10.0.0.128mask255.255.255.224
[SWD-dhcp-pool-h3c]gateway-list10.0.0.129
[SWD]dhcpserverforbidden-ip10.0.0.129
-------------------------OSPF
[SWC]vlan60
[SWC]vlan50
[SWC]intEthernet1/0/4
[SWC-Ethernet1/0/4]portlink-typetrunk
[SWC-Ethernet1/0/4]porttrunkpermitvlan5060
[SWC-Vlan50]portEthernet1/0/5
[SWC-Vlan50]quit
[SWC]intvlan60
[SWC-vlan60-interface]ipadd10.0.0.5255.255.255.252
[SWC]ospf
[SWC-ospf]area0
[SWC-ospf-area-0.0.0.0]network10.0.0.40.0.0.3
[SWC-ospf-area-0.0.0.0]network10.0.0.320.0.0.31
[SWC-ospf-area-0.0.0.0]network10.0.0.640.0.0.31
[SWC-ospf-area-0.0.0.0]network10.0.0.960.0.0.31
[SWC-ospf-area-0.0.0.0]network10.0.0.1280.0.0.31
[SWC-ospf-area-0.0.0.0]network10.0.0.130.0.0.3
[SWD]vlan80
[SWD-Vlan80]portEthernet1/0/4
[SWD]intvlan80
[SWD-Vlan80-interface]ipadd10.0.0.17255.255.255.252
[SWD-Vlan80-interface]quit
[SWD]ospf
[SWD-ospf]area0
[SWD-ospf-area-0.0.0.0]network10.0.0.160.0.0.3
[SWD-ospf-area-0.0.0.0]network10.0.0.320.0.0.31
[SWD-ospf-area-0.0.0.0]network10.0.0.640.0.0.31
[SWD-ospf-area-0.0.0.0]network10.0.0.960.0.0.31
[SWD-ospf-area-0.0.0.0]network10.0.0.1280.0.0.31
------RA#
[RA]intG0/0
[RA-interfaceG0/0]undoshutdown
[RA-interfaceG0/0]portlink-moderoute
[RA]intG0/0.1
[RA-interfaceG0/0.1]undoshutdown
[RA-interfaceG0/0.1]ipadd10.0.0.13255.255.255.252
[RA-interfaceG0/0.1]vlan-typedot1q..vlan50
[RA-interfaceG0/0.1]intf0/0.2
[RA-interfaceG0/0.2]undoshutdown
[RA-interfaceG0/0.2]ipadd10.0.0.6255.255.255.252
[RA-interfaceG0/0.2]vlan-typedot1q…vlan60
[RA-interfaceG0/1]undoshutdown
[RA-interfaceG0/1]ipadd10.0.0.18255.255.255.252
[RA]intS6/0
[RA-interface-S6/0]undoshutdown
[RA-interface-S6/0]ipadd202.192.168.10255.255.255.0
[RA]iprouter—static0.0.0.00.0.0.0202.192.168.11
[RA]iproute-static192.168.0.0255.255.255.0202.192.168.11
[RA]ospf
[RA-ospf]area0
[RA-SPF-area-0.0.0.0]network10.0.0.160.0.0.3
[RA-ospf-area-0.0.0.0]network10.0.0.40.0.0.31
[RA-ospf-area-0.0.0.0]network10.0.0.120.0.0.31
[RA-ospf-area-0.0.0.0]network202.192.168.00.0.0.255
[RA-ospf]import-routestatic
[RA-ospf]import-routedirect
[RA-ospf]default-route-advertise
[RA]nataddress-group1202.192.168.5202.192.168.10
//配置允许进行NAT转换的内网地址段
aclnumber2000
rule0permitsource10.0.0.00.0.0.255
rule1deny
#
interfaceS6/0
portlink-moderoute
//在出接口上进行NAT转换
natoutbound2000address-group1
//在出接口上配置内网服务器10.0.0.14的www服务
natserverprotocoltcpglobal202.192.168.5wwwinside10.0.0.14www
natserverprotocoltcpglobal202.192.168.6ftpinside10.0.0.15ftp
[RA]domainsystem//采用本地认证方式
authenticationppplocal
local-userdigitalchina//配置对端用户名和密码
passwordsimpledigitalchina
service-typeppp
interfaceSerial0/0
link-protocolppp
pppauthentication-modechap//配置验证方式为CHAP验证
pppchapuserdigitalchina//配置本端用户名和密码
pppchappasswordsimpledigitalchina
[RA]aclnumber3000
rule0denyicmpsourceanydestination10.0.0.140icmp-typeecho
rule1denyicmpsourceanydestination10.0.0.150icmp-typeecho
rule2permiticmpsourceanydestinationany
[RA]intG0/0.1
[RA-interfaceG0/0.1]packet-filteroutboundip-group3000
[RA]firewallenable
//配置防火墙缺省过滤方式为允许包通过
firewalldefaultpermit
//定义用于包过滤的访问控制的ACL
aclnumber3005
descriptiondeny_souce_ip_www
rule0denytcpsource202.192.168.100destination-porteqftp
rule5permittcpsource202.192.168.100
//对于inbound流量进行过滤
firewallpacket-filter3005inbound
iproute-static0.0.0.00.0.0.0Serial0/0
[RB]intS6/0
[RB-interface-S6/0]undoshutdown
[RB-interface-S6/0]ipadd202.192.168.11255.255.255.0
[RB]interfaceG0/0
ipaddress192.168.0.124
quit
[RB]iproute-static0.0.0.00.0.0.0202.192.168.10
[RB]iproute-static10.0.0.0255.255.255.0202.192.168.10
[RB]domainsystem//采用本地认证方式
authenticationppplocal
#
local-userdigitalchina//配置对端用户名和密码
passwordsimpledigitalchina
service-typeppp
#
interfaceSerial0/0
link-protocolppp
pppauthentication-modechap//配置验证方式为CHAP验证
pppchapuserdigitalchina//配置本端用户名和密码
pppchappasswordsimpledigitalchina
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络综合 调试