二层交换,
三层转发,
静态路由、
vlan划分、
DHCP原理、
DNS原理、
web原理
客户机、服务器、二层设备、三层设备
1) 两台客户机被DHCP自动分配地址,处在不同vlan下
2) 获得ip地址后,便可以去访问网站,访问网站需要搭建DNS域名解析服务,然后再搭建httpd服务
配置思路便是由由底层往上层配置,由内网往外网配置
1.话不多说,拓扑图在此
2.内网配置
sw 2交换机:
sw2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw2(config)#no ip routing '设备是由路由器改过来的,需要取消路由转发'
sw2(config)#int f1/0
sw2(config-if)#sw mod tr '接口配置trunk'
*Mar 1 00:00:47.903: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw2(config-if)#sw tr en d 'trunk封装类型dot1q'
sw2(config)#vlan 10,20,100 '创建VLAN'
sw2(config-vlan)#exit
sw2(config)#int f1/1
sw2(config-if)#sw mod acc '接口配置access'
sw2(config-if)#sw acc vlan 10
sw2(config-if)#int f1/2
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 20
sw2(config-if)#int f1/3
sw2(config-if)#sw mod acc
sw2(config-if)#sw acc vlan 100
sw2(config-if)#do show vlan-sw b '查看vlan信息'
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/4, Fa1/5, Fa1/6, Fa1/7
Fa1/8, Fa1/9, Fa1/10, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
10 VLAN0010 active Fa1/1
20 VLAN0020 active Fa1/2
100 VLAN0100 active Fa1/3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
sw3三层交换机:
sw3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw3(config)#int f1/0
sw3(config-if)#sw mod tru
sw3(config-if)#
*Mar 1 01:24:05.283: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
sw3(config-if)#sw tru en d
sw3(config-if)#exit
sw3(config)#vlan 10,20,100
sw3(config-vlan)#int vlan 10 '配置vlan-if的ip地址'
sw3(config-if)#
*Mar 1 01:25:05.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
sw3(config-if)#ip add 192.168.10.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
'给dhcp的ip地址创建中继,帮助其跨越vlan'
sw3(config-if)#int vlan 20
*Mar 1 01:25:38.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
sw3(config-if)#ip add 192.168.20.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int vlan 100
*Mar 1 01:26:08.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
sw3(config-if)#ip add 192.168.100.1 255.255.255.0
sw3(config-if)#ip helper-address 192.168.100.100
sw3(config-if)#int f0/0
sw3(config-if)#ip add 11.0.0.11 255.255.255.0
sw3(config-if)#no shut
*Mar 1 01:32:01.439: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 01:32:02.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
sw3(config-if)#exit
sw3(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.1
sw3(config)#do show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 11.0.0.11 YES manual up up
Vlan1 unassigned YES unset up up
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up
Vlan100 192.168.100.1 YES manual up up
sw3(config)#do show ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 11.0.0.1 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
11.0.0.0/24 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, FastEthernet0/0
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 11.0.0.1
sw3(config)#
开始配置DHCP服务器
首先配置网卡
[root@localhost ~]# yum install dhcp* -y '安装'
[root@localhost ~]# rpm -q dhcp
dhcp-4.2.5-77.el7.centos.x86_64
[root@localhost ~]# hostname dhcp
[root@localhost ~]# su
[root@dhcp ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
'修改网卡'
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static" '修改为静态'
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.100.100 'ip地址'
NETMASK=255.255.255.0 '子网掩码'
GATEWAY=192.168.100.1 '网关'
[root@dhcp ~]# systemctl restart network '重启网卡'
[root@dhcp ~]# ifconfig '验证'
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255
[root@dhcp ~]# vim /etc/dhcp/dhc
'打开dhcpd.conf,会发现是空的,不过让我们去看/usr/share/doc/dhcp*/dhcpd.conf.example'
dhclient.d/ dhcpd6.conf
dhclient-exit-hooks.d/ dhcpd.conf
[root@dhcp ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf '复制到/etc/dhcp/下'
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y '覆盖'
[root@dhcp ~]# vim /etc/dhcp/dhcpd.conf '百编辑'
option domain-name "example.org"; '域名'
option domain-name-servers 12.0.0.12; '修改为dns服务器IP'
default-lease-time 600; '默认租约600s'
max-lease-time 7200; '最大租约7200s'
subnet 192.168.10.0 netmask 255.255.255.0 {
'网段 子网掩码'
range 192.168.10.10 192.168.10.100;
'范围 '
option routers 192.168.10.1;
'指定网关 '
}
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.20 192.168.20.200;
option routers 192.168.20.1;
}
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.10 192.168.100.200;
option routers 192.168.100.1;
}
[root@dhcp ~]# systemctl start dhcpd '开启dhcpd服务'
[root@dhcp ~]# systemctl stop firewalld.service '关掉防火墙'
[root@dhcp ~]# setenforce 0 '临时关闭'
[root@dhcp ~]# netstat -natp | grep dhcp '查看端口状态'
[root@dhcp ~]# netstat -naup | grep dhcp
udp 0 0 0.0.0.0:67 0.0.0.0:* 39158/dhcpd
[root@dhcp ~]#
两台客户机的配置比较简单,把获取IP地址修改为自动获取
然后在CMD命令提示符中分别输入ipconfig /release 释放当前地址,ipconfig /renew 获取新地址命令
3.内网设置完毕,接下来就开始配置外网
ISP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ISP(config)#int f0/0
ISP(config-if)#ip add 11.0.0.1 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#int f
*Mar 1 01:23:42.951: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 01:23:43.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
ISP(config)#int f0/1
ISP(config-if)#ip add 12.0.0.1 255.255.255.0
ISP(config-if)#no shut
*Mar 1 01:24:27.779: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 01:24:28.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
ISP(config-if)#exit
ISP(config)#ip route 192.168.0.0 255.255.0.0 11.0.0.11
' 网段汇总 '
ISP(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
11.0.0.0/24 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, FastEthernet0/0
S 192.168.0.0/16 [1/0] via 11.0.0.11
12.0.0.0/24 is subnetted, 1 subnets
C 12.0.0.0 is directly connected, FastEthernet0/1
ISP(config)#do show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 11.0.0.1 YES manual up up
FastEthernet0/1 12.0.0.1 YES manual up up
ISP(config)#
配置DNS和HTTPD服务器
[root@localhost ~]# yum install httpd bind -y
[root@localhost ~]# rpm -q httpd bind
httpd-2.4.6-90.el7.centos.x86_64
bind-9.11.4-9.P2.el7.x86_64
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="8d222179-116b-41b5-8b47-0076ca1aeddb"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.1
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.12 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::e2c1:c26d:afa1:a4ad prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:52:4d:89 txqueuelen 1000 (Ethernet)
RX packets 8232 bytes 10547854 (10.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3149 bytes 242681 (236.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# vim /etc/named.
named.conf named.iscdlv.key named.rfc1912.zones named.root.key
[root@localhost ~]# vim /etc/named.conf '主配置文件'
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
'区域配置文件'
zone "kgc.com" IN {
type master;
file "kgc.com.zone"; '区域数据配置文件'
allow-update { none; };
};
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone '复制模板,重命名,保留权限'
[root@localhost ~]# vim /var/named/kgc.com.zone '区域数据配置文件'
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www IN A 12.0.0.12 '增加此处'
[root@localhost ~]# systemctl stop firewalld.service
'关掉防火墙'
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl start named
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
'配置httpd'
41 Listen 12.0.0.12:80 '监听12.0.0.12的80端口'
42 #Listen 80
。。。。。。
95 ServerName www.kgc.com:80 '修改域名'
[root@localhost ~]# systemctl start httpd '启动'
[root@localhost ~]#
测试
C:\Users\GSY>nslookup www.kgc.com
DNS request timed out.
timeout was 2 seconds.
服务器: UnKnown
Address: 12.0.0.12
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
名称: www.kgc.com
Address: 12.0.0.12
root@localhost ~]# cd /var/www/html '网页'
[root@localhost html]# ls
[root@localhost html]# vim index.html '创建新文件,代表首页'
<hi> this is test web 为了馒头争口气</hi>
[root@localhost html]# systemctl restart httpd
刷新
了解每个配置文件的具体位置,如何配置,配置的格式如何写,每一条参数代表什么,这些都是需要用心记