CCNA综合实验

   上个礼拜欧鹏兰博公司的教学总监来学校教我们CCNA课程。在老师走之前，给我们布置了一个作业，这个作业是他在教我们CCNA的6天期间所有涉及知识的总结实验。

实验工具：

Cisco Packet Tracer 5.3

实验拓扑图：

 

实验要求：

1、Router0以下为企业内部网络，以上为公网
2、为此内部网络创建VTP域
3、PC0和PC2在VLAN100中，
PC1和PC3在VLAN200中，
PC4和PC5在VLAN300中
4、Router1下为分支机构，PC6在VLAN10中
Server0和Server1在VLAN20中
5、在内部网络中部署EIGRP，要求所有设备都
能够正常互相访问
6、Server0为一台mail服务器，允许所有设备的
mail访问，但拒绝其它流量
7、Server1为一台FTP服务器，只允许VLAN100内
的用户使用其FTP服务，拒绝其它流量
8、PC7是一台网络管理员使用的设备，内网中所有
网络设备只允许此台设备telnet。
9、为所有网络设备设置特权模式密文密码和telnet密码
10、Router2和Router3为ISP的路由器，在两台设备上
启用OSPF协议，都在同一个区域当中
11、ISP的路由器不能和企业边界路由器形成路由协议
的邻居关系
12、在企业边界路由器上做NAT，要求内部网络中所有
地址在访问公网时都使用此台设备的公网IP
13、Server2是一台公网上的web服务器，配置访问控制
列表使得此服务器只允许www和PING的流量。
14、核心交换是所有VLAN的根桥

实验配置：

Core：

Building configuration…

Current configuration : 2000 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
no switchport
ip address 10.1.252.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
no switchport
ip address 10.1.254.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
no switchport
ip address 10.1.253.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.10.1 255.255.255.0
!
interface Vlan100
ip address 10.1.1.1 255.255.255.0
!
interface Vlan200
ip address 10.1.2.1 255.255.255.0
!
interface Vlan300
ip address 10.1.3.1 255.255.255.0
!
router eigrp 100
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.252.0 0.0.0.255
network 10.1.253.0 0.0.0.255
network 10.1.254.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.254.1
!
!
access-list 1 permit host 10.1.253.254
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end

Gateway：

Building configuration…

Current configuration : 743 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.254.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
router eigrp 100
network 10.1.254.0 0.0.0.255
auto-summary
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.2
!
access-list 1 permit 10.1.0.0 0.0.255.255
!
no cdp run
!
line con 0
line vty 0 4
password zjicm
login
!
end

Branch：

Building configuration…

Current configuration : 900 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 10.1.252.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 10
ip address 10.1.4.1 255.255.255.0
!
interface FastEthernet0/1.2
encapsulation dot1Q 20
ip address 10.1.5.1 255.255.255.0
!
router eigrp 100
network 10.1.4.0 0.0.0.255
network 10.1.5.0 0.0.0.255
network 10.1.252.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.252.1
!
access-list 1 permit host 10.1.253.254
!
no cdp run
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end

ISP

Building configuration…

Current configuration : 552 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.2.1 255.255.255.0
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
network 200.1.2.0 0.0.0.255 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end

Switch_Core：

Building configuration…

Current configuration : 1253 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 100
!
interface FastEthernet0/2
switchport access vlan 200
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.10.2 255.255.255.0
!
ip default-gateway 10.1.10.1
!
access-list 1 permit host 10.1.253.254
line con 0
!
line vty 0 4
access-class 1 in
password zjicm
login
line vty 5 15
login
!
end

Switch_Branch

Building configuration…

Current configuration : 1220 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.20.2 255.255.255.0
!
ip default-gateway 10.1.20.1
!
line con 0
!
line vty 0 4
password zjicm
login
line vty 5 15
login
!
end

总结：

自己在老师讲解之前不会的地方：

1.pc7 如何管理Branch的Switch。

2.在局域网配置ospf的时候，我把Gateway忘记配置了，导致内网终端无法ping通外网。

3.在Gateway和ISP之间声明路由应该用再分配（redistribute）。

4.pc7 管理Core下Switch我用的是创建新的vlan然后管理，但是如果这样的话，无法管理Branch的Switch，应该再旧有的vlan（比如vlan1）上管理。

5.一开始的时候没有想到单臂路由。