1.拓扑图

 

说明:为了便于记忆,所有密码均设置为cisco.现实中最好不要这样。

2.实现代码

R1路由器的基本配置

Router>en
Router#config
R1(config)#hostname R1         //配置主机名
R1(config)#banner motd # this is the R1 router #  //配置标志区域-
R1(config)#interface fa0/0
R1(config-if)#description connected to S1 fa0/1       //描述端口走向
R1(config-if)#ip address 192.168.1.254 255.255.255.0       //配置端口ip地址
R1(config-if)#no shutdown       //激活端口
R1(config)#no ip domain-lookup  //禁止DNS域名递归查找
R1(config)#line console 0        //配置控制台密码
R1(config-line)#password cisco
R1(config-line)#exec-timeout 0 0    //配置超时时间 第一个0代表分钟 第二个0代表秒钟
R1(config-line)#logging synchronous    //禁止调试中断
R1(config-line)#login
R1(config-line)#exi
R1(config)#line vty 0 4         //配置telnet 密码
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exi
R1(config)#enable password cisco   // 配置加密口令
R1(config)#line console 0
R1(config-line)#exi
R1(config)#access-list 1 permit 192.168.1.1 192.168.1.100   允许1到100的用户访问,其他的拒绝
R1(config)#line vty 0 4
R1(config-line)#access-class 1 in // 配置telnet访问权限
R1#copy running-config startup-config     //保存配置

2.配置服务器的端口安全(在交换机上配置)

Switch>en
Switch#config
Switch(config)#hostname S1
S1(config)#banner motd # this is the S1 swtich #
S1(config)#interface fa0/2
S1(config-if)#description to server  连接服务器端口
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 1  允许最大端口地址为1个
S1(config-if)#switchport port-security violation shutdown  违规措施为关闭
S1(config-if)#switchport port-security mac-address sticky  绑定端口
S1(config-if)#exi
S1(config)#interface fa0/3
S1(config-if)#description to pc0
S1(config-if)#interface fa0/4
S1(config-if)#description to Laptop0
S1(config-if)#end
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exec-timeout 1 0
S1(config-line)#logging synchronous
S1(config-line)#exi
S1(config)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exi
S1(config)#access-list 2 permit 192.168.1.0 0.0.0.255 允许192.168.1.0/24的整个网段访问
S1(config)#line vty 0 15
S1(config-line)#access-class 2 in
S1#copy run start

3.配置dhcp服务器(在server-PT上配置)
 

 注意:最好为交换机配置一个管理地址,实现ip地址的连通性!

4.配置http.dns服务器的信息

http://192.168.1.253

 

 

dns:www.xioazhang.com

 

 

5.测试实验结果

显示配置 show run

客户机能够实现动态获得ip地址 

端口测试(关掉fa0/2 ,连接交换机的另外一个端口如fa0/5,则服务器的灯不会亮,所以不会获得ip地址)

下面用pc0来测试http和dns,以及telnet

 

 

 

 

 

6.显示路由器和交换机的配置show run

R1#show run
Building configuration...

Current configuration : 849 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable password cisco
!
!

no ip domain-lookup
!
!

interface FastEthernet0/0
 description connected to S1 fa0/1
 ip address 192.168.1.254 255.255.255.0
 duplex auto
 speed auto
!


interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
access-list 1 permit 0.0.0.1 192.168.1.100
!
banner motd ^C this is the R1 router ^C
!
!
!
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line vty 0 4
 access-class 1 in
 password cisco
 login
!
!
!
end

交换机

S1#show run
Building configuration...

Current configuration : 1308 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
enable password cisco
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
 description to server
 switchport port-security mac-address sticky
!
interface FastEthernet0/3
 description to pc0
!
interface FastEthernet0/4
 description to Laptop0
!
interface FastEthernet0/5
!

!
interface Vlan1
 ip address 192.168.1.252 255.255.255.0
!
banner motd ^C this is the S1 swtich ^C
!
access-list 2 permit 192.168.1.0 0.0.0.255
line con 0
 password cisco
 logging synchronous
 login
 exec-timeout 1 0
!
line vty 0 4
 access-class 2 in
 password cisco
 login
line vty 5 15
 access-class 2 in
 password cisco
 login
!
!
end
 

7.本实验其实出现了一个重大的问题:请大家相互思考一下是什么?