CCNP综合实验题_第1张图片
 
 
 实验题:­
  1.在图上显示的所有设备上配置Hostname,enable密文密码,所有vty密码.Hostname如图所示,密码都为     cisco.­
  2.确保交换机之间所有的端口都为Trunk.­
  3.Core1,Core2为VTP-server,SW1,SW2为VTP-client,域名为CCNP,创建VLAN10,VLAN20,VLAN30,VLAN40,­
  4.确保Core1与Core2其中一个为VLAN1-500的根桥和VLAN501-1024的备份根桥,一个为VLAN1-500备份根桥   和VLAN501-1024的根桥.­
  5.划VLAN.PC1为VLAN10,PC2为VLAN20.SW0f0/1连PC1,SW1f0/1边PC2.Gatewayf0/0为    VLAN30,,gatewayF0/1为VLAN40,­
  6.Core1与Core2两个链路做二层etherchannel,用工业标准.只要求写出配置文档,暂时不配置到生产环境    中.­
  7.VLAN10的IP网段为192.168.10.0/24,,VLAN20为192.168.20.0/24­
  配置PC1的IP为192.168.10.10/24,,网关为192.168.10.100­
     PC2的IP为192.168.20.20/24,,网关为192.168.20.200­
  8.Core1起SVI口,­
  VLAN10:192.168.10.100,  VLAN20:192.168.20.100,VLAN30:192.168.30.100,VLAN40:192.168.40.100­
  Core2起SVI口,­
  VLAN10:192.168.10.200,VLAN20:192.168.20.200,,,VLAN30:192.168.30.200,VLAN40:192.168.40.200­
  9.Gateway S0/3/0与ISP-internet s0/3/0相连,­
  GatewayIP:S0/3/0-197.68.1.1/30­
          f0/0-192.168.30.30/24­
          f0/1-192.168.40.40/24­
  10.Gateway,Core1,Core起OSPF,宣告相应的网络.使得Core1只与Gatewayf0/0建立邻居,Core1只有一个  OSPF邻居.Core2只与Gatewayf0/1建立邻居,Core2只有一个邻居.Core1与Core2之间不需要建立OSPF邻  居.Gateway的邻居表中只有两个邻居.­
  Gateway:Loopback0:3.3.3.3/32,宣告该网络,也作为ospf router-id­
  Core1:Loopback0:1.1.1.1/32,宣告该网络,也作为ospf router-id­
  Core2:Loopback0:2.2.2.2/32,宣告该网络,也作为ospf router-id­
  确保PC1,PC2能ping通gateway3.3.3.3.­
  11:SW1与SW2上只能配上192.168.1.0/24网段的管理IP,通过一定的配置,使PC能登录到这两个交换机上.­
  SW1管理IP:192.168.1.10­
  SW2管理IP:192.168.1.20­
  12.学校购买了公网地址.198.1.1.1-198.1.1.10,,28位.ISP路由器上有loopback口9.9.9.9/32­
  在Gateway上做NAT,­
  使得VLAN10里IP地址为16以下奇数的用户只能复用198.1.1.1-198.1.1.5作为源地址去访问外网9.9.9.9­
  使得VLAN20里IP地址为32以下(包括32)所有用户只能复用198.1.1.6-198.1.1.10作为源地址去访问外网    9.9.9.9­
  13.在SW1上配置.使得F0/1的端口只能接入PC1,否则自动关闭端口.­
  14.配置HSRP.只要求写出配置,(可以使用dynamips查命令)­
  core1为VLAN10的主网关,Vlan20的备份网关­
  core2为VLAN20的主网关,VLAN10的备份网关.­
  15.只要求写出配置.在gateway上建立两个帐启用用于管理,当PC用户登录到gateway时,输入不同的用户会   拥有不同的权限.­
  一个是超级用户:level:15,,,,username:admin,password:admin,,­
  一个是受限用户:level:0,,,,,username:user,password:user,,并具有查看路由表的权限.­
 
答案:
 
1、
enable
conf t
host **
no ip domain-lo
lin con 0
exec-ti 0 0
logg syn
exit
enable secret cisco
lin vty 0 *
password cisco

2、 switchport mode trunk

3、
core1:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
vtp server
vtp domain CCNP

core2:
enable
vlan database
vtp server
vtp domain CCNP

SW1/SW2:
enable
vlan database
vtp client
vtp domain CCNP

4、
core1:
spanning-tree vlan 1-500 root primary
spanning-tree vlan 501-1024 root secondary

core2:
spanning-tree vlan 1-500 root secondary  
spanning-tree vlan 501-1024 root primary

5、
switchport mode access
switchport access vlan **

6、
int range f0/2 - 3
channel-group 1 mode on
switchport mode trunk
int int port-channel 1
switchport mode trunk

7、PC直接配置

8、
core1:
interface Vlan10
ip address 192.168.10.100 255.255.255.0
interface Vlan20
ip address 192.168.20.100 255.255.255.0
interface Vlan30
ip address 192.168.30.100 255.255.255.0
interface Vlan40
ip address 192.168.40.100 255.255.255.0

core2:
interface Vlan10
ip address 192.168.10.200 255.255.255.0
interface Vlan20
ip address 192.168.20.200 255.255.255.0
interface Vlan30
ip address 192.168.30.200 255.255.255.0
interface Vlan40
ip address 192.168.40.200 255.255.255.0

9、
Gateway:
enable
conf t
int s0/3/0
ip add 197.68.1.1 255.255.255.252
no sh
int f0/0
ip add 192.168.30.30 255.255.255.0
no sh
int f0/1
ip add 192.168.40.40 255.255.255.0
no sh

10、
gateway :
router ospf 100
router-id 3.3.3.3
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 3.3.3.3 0.0.0.0 area 0

core1:
router ospf 100
router-id 1.1.1.1
redistribute connected subnets
network 192.168.30.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0

core2:
router ospf 100
router-id 2.2.2.2
redistribute connected subnets
network 192.168.40.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0

11、
core1:
int vlan 1
ip add 192.168.1.100 255.255.255.0
no sh

core2:
int vlan 1
ip add 192.168.1.200 255.255.255.0
no sh

sw1:
int vlan 1
ip add 192.168.1.10 255.255.255.0
no sh
ip default-gateway 192.168.10.100

sw2:
int vlan 1
ip add 192.168.1.20 255.255.255.0
no sh
ip default-gateway 192.168.10.200

12、
Gateway:
enable
conf t
int s0/3/0
ip nat outside
int f0/0
ip nat inside
int f0/1
ip nat inside
exit
router ospf 100
default-information originate
exit
ip route 0.0.0.0 0.0.0.0 197.68.1.2   
access-list 10 permit 192.168.10.1 0.0.0.14
access-list 20 permit 192.168.20.32 0.0.0.0
access-list 20 permit 192.168.20.0 0.0.0.31
ip nat pool VLAN10 198.1.1.1 198.1.1.5 netmask 255.255.255.240
ip nat pool VLAN20 198.1.1.6 198.1.1.10 netmask 255.255.255.240
ip nat inside source list 10 pool vlan10 overload
ip nat inside source list 20 pool vlan20 overload
end

ISP:
enable
conf t
ip route 198.1.1.0 255.255.255.0 197.68.1.1
end

13、
enable
conf t
int f0/1
switchport mode access
switchport access vlan 10
switchport port-security(开启端口安全)
switchport port-security mac-address sticky (第一个接入电脑MAC地址-常用)

switchport port-security mac-address 00E0.8FB6.D85(某PC的MAC地址)
switchport port-security maximum 1(允许最大连接数为1)
switchport port-security violation shutdown (违反立即关闭)

14、
core1(核心1):
interface vlan 10
ip address 192.168.10.100 255.255.255.0
no shutdown
standby 10 ip 192.168.10.100
standby 10 priority 150
standby 10 preempt
interface vlan 20
ip address 192.168.20.100 255.255.255.0
no shutdown
standby 20 ip 192.168.20.200
standby 20 priority 100
standby 20 preempt
end

core2(核心2):
interface vlan 10
ip address 192.168.10.200 255.255.255.0
no shutdown
standby 10 ip 192.168.10.100
standby 10 priority 100
standby 10 preempt
interface vlan 20
ip address 192.168.20.200 255.255.255.0
no shutdown
standby 20 ip 192.168.20.200
standby 20 priority 150
standby 20 preempt
end

15、
gateway:
enable
conf t
line vty 0 15
login local
exit
username admin privilege 15 password admin
username user privilege 0 password user
验证:
PC telnet 路由,查看权限
为user用户增加权限: privilege exec level 0 show ip route