WAN综合实验-5

琴院专属:

WAN综合实验-5_第1张图片

WAN综合实验-5_第2张图片

2、初始化

  根据拓扑修改设备名称,特权加密密码network,本地用户信息用户名student加密密码net123,防止配置错误解析等待,线路平台超时时间10分50秒,开启光标跟踪,con口采用cisco密码登陆,vty采用本地用户信息登陆。

3、VTP

VTP域名netcisco,VTP密码123cisco。

SW2是服务器,SW3、4是客户机;SW5、6是服务器,SW7、8是客户机。

4、生成树

  SW2是vlan1、6、10、30的根桥,SW3是vlan6、30次根桥,SW4是vlan10的次根桥,采用直接指定的方式实现。

  SW5是vlan1、20、25、99的根桥,SW6是vlan1、20、25、99的次根桥,采用直接指定的方式实现。

为了用户接入后能够直接接收数据,采用接入端口快速启动模式。

5、为了底层的网络数据传输没有瓶颈,在SW3和SW4之间采用链路捆绑技术。

6、HSRP

SW5和SW6之间采用热备份技术,可以保证网络的可用性。优先级为110,采用抢占模式。虚拟的网关地址:20.1、25.1、99.254。

7、整网采用EIGRP动态路由协议,自治系统为1。为了方便内网用户访问互联网,利用动态路由协议传播默认路由。

8、为了保证数据的私密性在R1与R2、R3之间做了IPsec VPN和GRE隧道技术。参数如下(对端的方法一致):

R1-R2

第一阶段:策略为1,数据的认证方式是共享,加密方式是aes,DH采用2。传输的密钥为cisco。

第二阶段:传输的转换加密环境是esp-aes esp-sha-hmac,名字为VPN。

加密映射命名为R1-R2,应用到相应的接口。

R1-R3

第一阶段:策略为2,数据的认证方式是共享,加密方式是aes,DH采用2。传输的密钥为cisco01。

第二阶段:传输的转换加密环境是esp-aes esp-sha-hmac,名字为VPN-1。

加密映射命名为R1-R3,应用到相应的接口。

(注意兴趣流的命名与加密映射的一致,R2和R3的内网地址访问R1的0网段,在R2的书写过程中顺序为6、30、10,其他区域都是由小到达的顺序)

9、为了能够在隧道中使用动态路由协议,采用GRE隧道技术。使其通过GRE隧道传输IP流量。

10、在整网中PC采用动态获取地址的方式。不同的区域地址分配情况如下:

XSB:6段地址,从1开始分配地址,最大分配50个地址;

CWB:10段地址,从10开始分配地址,最大分配20个地址;

RSB:30段地址,从1开始分配地址,最大分配30个地址;

OFFICE-1:20段地址,从3开始分配地址,最大分配30个地址;

OFFICE-2:25段地址,从3开始分配地址,最大分配30个地址。

11、为了方便宣传公司产品以及用户访问页面更快捷,公司内部搭建了DNS服务和HTTP服务,为了节省成本放在了一台服务器上。公司域名为network.com。

12、为了内网更加的安全,用户决定在R2的区域下部署ACL过滤攻击端口,让内网的用户无法通过以下端口与外网互联:命名为anti-vrius

Tcp、udp的445和tcp、udp的3389。

13、测试连通性以及应用的服务内容。

 

注意:涉及到vtp vlan ACL 的相关配置自己配置

SW1配置:

service password-encryption

hostname SW1

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

ip routing

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

no ip domain-lookup

spanning-tree mode pvst

interface FastEthernet0/1

switchport access vlan 100

switchport mode access

spanning-tree portfast

interface FastEthernet0/2

switchport access vlan 100

switchport mode access

spanning-tree portfast

interface FastEthernet0/24

no switchport

ip address 192.168.0.1 255.255.255.0

interface Vlan99

ip address 192.168.99.1 255.255.255.0

interface Vlan100

ip address 192.168.100.254 255.255.255.0

router eigrp 1

passive-interface Vlan100

network 192.168.0.0

network 192.168.100.0

network 192.168.99.0

no auto-summary

ip default-gateway 192.168.0.254

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

end

SW2配置:

service password-encryption

hostname SW2

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

no ip domain-lookup

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

spanning-tree vlan 1,6,10,30 priority 24576

interface FastEthernet0/4

switchport mode trunk

interface FastEthernet0/5

switchport mode trunk

interface FastEthernet0/24

switchport mode trunk

interface Vlan99

ip address 192.168.99.2 255.255.255.0

ip default-gateway 192.168.99.254

line con 0

password 7 0822455D0A16

logging synchronous

login

exec-timeout 10 50

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW3配置:

service password-encryption

hostname SW3

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

no ip domain-lookup

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

spanning-tree vlan 6,30 priority 28672

interface Port-channel1

switchport mode trunk

interface FastEthernet0/1

switchport mode trunk

channel-group 1 mode on

shutdown

interface FastEthernet0/2

switchport access vlan 6

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport mode trunk

channel-group 1 mode on

shutdown

interface FastEthernet0/4

switchport access vlan 30

switchport mode access

spanning-tree portfast

interface FastEthernet0/5

switchport mode trunk

interface Vlan99

ip address 192.168.99.3 255.255.255.0

ip default-gateway 192.168.99.254

line con 0

password 7 0822455D0A16

logging synchronous

login

exec-timeout 10 50

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW4配置:

service password-encryption

hostname SW4

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

no ip domain-lookup

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

spanning-tree vlan 10 priority 28672

interface Port-channel1

switchport mode trunk

interface FastEthernet0/1

switchport mode trunk

channel-group 1 mode on

shutdown

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport mode trunk

channel-group 1 mode on

shutdown

interface FastEthernet0/4

switchport mode trunk

interface Vlan99

ip address 192.168.99.4 255.255.255.0

ip default-gateway 192.168.99.254

line con 0

password 7 0822455D0A16

logging synchronous

login

exec-timeout 10 50

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW5配置:

service password-encryption

hostname SW5

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

ip routing

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

no ip domain-lookup

spanning-tree mode pvst

spanning-tree vlan 1,20,25,99 priority 24576

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/24

no switchport

ip address 192.168.3.2 255.255.255.0

interface Vlan20

mac-address 0000.0c03.4201

ip address 192.168.20.2 255.255.255.248

ip helper-address 192.168.100.1

standby 1 ip 192.168.20.1

standby 1 priority 110

standby 1 preempt

interface Vlan25

mac-address 0000.0c03.4202

ip address 192.168.25.2 255.255.255.0

ip helper-address 192.168.100.1

standby 1 ip 192.168.25.1

standby 1 priority 110

standby 1 preempt

interface Vlan99

mac-address 0000.0c03.4203

ip address 192.168.99.253 255.255.255.0

standby 1 ip 192.168.99.254

standby 1 priority 110

standby 1 preempt

router eigrp 1

passive-interface Vlan20

passive-interface Vlan25

passive-interface Vlan99

network 192.168.3.0

network 192.168.20.0 0.0.0.7

network 192.168.25.0

network 192.168.99.0

no auto-summary

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW6配置:

service password-encryption

hostname SW6

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

ip routing

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

no ip domain-lookup

spanning-tree vlan 1,20,25,99 priority 28672

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/3

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/24

no switchport

ip address 192.168.33.2 255.255.255.0

interface GigabitEthernet0/1

interface GigabitEthernet0/2

interface Vlan1

no ip address

shutdown

interface Vlan20

mac-address 000c.cf44.6701

ip address 192.168.20.3 255.255.255.248

standby 1 ip 192.168.20.1

standby 1 preempt

interface Vlan25

mac-address 000c.cf44.6702

ip address 192.168.25.3 255.255.255.0

standby 1 ip 192.168.25.1

standby 1 preempt

interface Vlan99

mac-address 000c.cf44.6703

ip address 192.168.99.252 255.255.255.0

standby 1 ip 192.168.99.254

standby 1 preempt

router eigrp 1

passive-interface Vlan20

passive-interface Vlan25

passive-interface Vlan99

network 192.168.20.0 0.0.0.7

network 192.168.25.0

network 192.168.33.0

network 192.168.99.0

no auto-summary

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW7配置:

service password-encryption

hostname SW7

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

no ip domain-lookup

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

interface FastEthernet0/1

switchport access vlan 20

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport mode trunk

interface FastEthernet0/24

switchport mode trunk

interface Vlan99

ip address 192.168.99.7 255.255.255.0

ip default-gateway 192.168.99.254

line con 0

password 7 0822455D0A16

logging synchronous

login

exec-timeout 10 50

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

SW8配置:

service password-encryption

hostname SW8

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

no ip domain-lookup

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

interface FastEthernet0/1

switchport access vlan 25

switchport mode access

spanning-tree portfast

interface FastEthernet0/3

switchport mode trunk

interface FastEthernet0/24

switchport mode trunk

interface Vlan99

ip address 192.168.99.8 255.255.255.0

ip default-gateway 192.168.99.254

line con 0

password 7 0822455D0A16

logging synchronous

login

exec-timeout 10 50

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

R1配置:

service password-encryption

hostname R

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

!

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes

authentication pre-share

group 2

!

crypto isakmp key cisco address 100.200.1.2

crypto isakmp key cisco01 address 107.1.20.2

!

!

!

crypto ipsec transform-set VPN esp-aes esp-sha-hmac

crypto ipsec transform-set VPN-1 esp-aes esp-sha-hmac

!

crypto map R1-R2 1 ipsec-isakmp

! Incomplete

set peer 100.200.1.2

set transform-set VPN

match address R1-R2

!

!

crypto map R1-R3 1 ipsec-isakmp

! Incomplete

set peer 107.1.20.2

set transform-set VPN-1

match address R1-R3

!

!

no ip domain-lookup

!

 

interface Tunnel1

ip address 172.16.1.1 255.255.255.0

mtu 1476

tunnel source Serial0/0/0

tunnel destination 100.200.1.2

!

interface Tunnel2

ip address 10.1.1.1 255.255.255.0

mtu 1476

tunnel source Serial0/0/0

tunnel destination 107.1.20.2

!

interface FastEthernet0/0

ip address 192.168.0.254 255.255.255.0

 

interface Serial0/0/0

ip address 200.100.1.2 255.255.255.252

crypto map R1-R3

!

 

 

 

 

router eigrp 1

redistribute static

network 192.168.0.0

network 172.16.1.0 0.0.0.255

network 10.1.1.0 0.0.0.255

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

ip flow-export version 9

!

!

ip access-list extended R1-R2

ip access-list extended R1-R3

!

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

!

 

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

R2配置:

service password-encryption

hostname R2

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

!

!

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

!

crypto isakmp key cisco address 200.100.1.2

!

!

!

crypto ipsec transform-set VPN esp-3des esp-sha-hmac

!

crypto map R1-R2 1 ipsec-isakmp

! Incomplete

set peer 200.100.1.2

set transform-set VPN

!

!

crypto map R2-R1 1 ipsec-isakmp

! Incomplete

set peer 200.100.1.2

set transform-set VPN

match address R2-R1

 

no ip domain-lookup

interface Tunnel1

ip address 172.16.1.2 255.255.255.0

mtu 1476

tunnel source Serial0/0/0

tunnel destination 200.100.1.2

 

interface FastEthernet0/0.6

encapsulation dot1Q 6

ip address 192.168.6.254 255.255.255.0

ip helper-address 192.168.100.1

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.224

ip helper-address 192.168.100.1

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 192.168.30.254 255.255.255.0

ip helper-address 192.168.100.1

!

interface FastEthernet0/0.99

encapsulation dot1Q 99

ip address 192.168.99.254 255.255.255.0

 

 

interface Serial0/0/0

ip address 100.200.1.2 255.255.255.252

crypto map R2-R1

 

router eigrp 1

redistribute static

passive-interface FastEthernet0/0.6

passive-interface FastEthernet0/0.10

passive-interface FastEthernet0/0.30

passive-interface FastEthernet0/0.99

network 192.168.6.0

network 192.168.10.0 0.0.0.31

network 192.168.30.0

network 192.168.99.0

network 172.16.1.0 0.0.0.255

no auto-summary

 

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

ip access-list extended anti-vrius

ip access-list extended R2R1

ip access-list extended R2-R1

!

 

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

!

line aux 0

!

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

R3配置:

service password-encryption

hostname R3

enable secret 5 $1$mERr$h8fNeuzwQ5F8joeWZbJYw1

username student secret 5 $1$mERr$5c0qAIC.VH5k7AMxpHtlC1

 

crypto isakmp policy 2

encr aes

authentication pre-share

group 2

!

crypto isakmp key cisco01 address 200.100.1.2

!

crypto ipsec transform-set VPN-1 esp-aes esp-sha-hmac

!

crypto map R1-R3 1 ipsec-isakmp

! Incomplete

set peer 200.100.1.2

set transform-set VPN-1

!

!

crypto map R3-R1 1 ipsec-isakmp

! Incomplete

set peer 200.100.1.2

set transform-set VPN-1

match address R3-R1

 

no ip domain-lookup

 

interface Tunnel2

ip address 10.1.1.2 255.255.255.0

mtu 1476

tunnel source Serial0/0/0

tunnel destination 200.100.1.2

 

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

 

interface FastEthernet0/1

ip address 192.168.33.1 255.255.255.0

 

interface Serial0/0/0

ip address 107.1.20.2 255.255.255.252

crypto map R3-R1

 

router eigrp 1

redistribute static

network 192.168.3.0

network 192.168.33.0

network 10.1.1.0 0.0.0.255

no auto-summary

 

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

 

ip access-list extended R3-R1

 

line con 0

exec-timeout 10 50

password 7 0822455D0A16

logging synchronous

login

 

line vty 0 4

exec-timeout 10 50

logging synchronous

login local

line vty 5 15

exec-timeout 10 50

logging synchronous

login local

WAN综合实验-5_第3张图片

WAN综合实验-5_第4张图片

WAN综合实验-5_第5张图片

WAN综合实验-5_第6张图片

PC获取IP方式为:DHCP

 

 

 

 

 

 

你可能感兴趣的:(网络,运维)