实验要求:
某企业通过路由器R1接入Internet,R2、R3和R4模拟Internet中的网云,整个网络的拓扑如下图:
各设备的IP地址配置如下:
R1:
S0/0/0:12.1.1.1/24
Fa0/0.1:192.168.1.254/24
Fa0/0.2:192.168.2.254/24
Fa0/0.3:192.168.3.254/24
R2:
S0/0/0:12.1.1.2/24
Fa0/0:24.1.1.2/24
Fa0/1:23.1.1.2/24
R3:
Fa0/1:23.1.1.3/24
S0/0/0:34.1.1.3/24
R4:
S0/0/0: 34.1.1.4/24
Fa0/0:24.1.1.4/24
Fa0/1:218.1.1.1/24
SW1: vlan 1 :192.168.1.2/24
SW2: vlan 1 :192.168.1.3/24
PC1、PC2、PC3和PC4的IP地址均自动获取。PC1和PC3属于vlan 2 ,vlan 2:192.168.2.0/24;PC2和PC4属于vlan 3 ,vlan 3:192.168.3.0/24
Web 服务器:218.1.1.2/24
一、要求:
1、本实验拓扑如上图;
2、根据拓扑要求为每个设备配置IP地址,保证所有配置的接口状态为UP;
3、配置设备的远程登录和密码保护。配置图中的2台交换机、4台路由器,使6台设备均支持远程登录和配置,配置中出现的所有密码均使用cisco,并且不能在配置文件中明文显示;
4、配置VTP协议,在SW1为VTP Server ,SW2为VTP Client ;
5、vlan 配置。在SW1上配置VLAN ,保证SW2可以使用VTP协议从SW1上同步VLAN配置信息,配置4台PC到对应的VLAN,配置路由器R1的子接口,使其支持vlan间路由;
6、配置STP协议,配置生成树协议,使SW1为跟交换机;
7、配置DHCP。在路由器R1上配置DHCP,使4台PC都可以获取到正确的IP地址、网关和DNS,DNS服务器的地址是218.1.1.2;
8、配置路由器协议,配置R1,使其可以访问Internet,配置R2、R3和R4运行OSPF路由协议,配置完成后,4台路由器之间互相都可以访问;
9、配置PPP协议,路由器R1与R2之间封装的协议是PPP,使用CHAP验证,密码仍然是cisco;
10、配置NAT,在路由器R1上配置动态PAT,使4台PC都可以通过R1访问Internet。在路由器R1上配置静态PAT,是Internet可以通过路由器R1的TCP 2323端口Telnet登录到SW1;
11、配置ACL,配置路由器R1,拒绝vlan 2的主机访问Web 服务器的www 服务,其他服务不受影响。
二、实验配置
1、图中使用了5根交叉双绞线、5根直通双绞线、2根串行线,R1和R3是串行线的DCE端;
2、配置IP地址
l 配置
R1的配置如下,这里仅配置S0/0/0接口的IP地址,并打开F0/0接口,每个子接口IP地址的配置属于VLAN配置部分。
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#hostname R1
R1(config)#int s0/0/0
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#clock rate 56000
R1(config-if)#no shut
R1(config-if)#int fa0/0
R1(config-if)#no shut
R2的配置如下:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#hostname R2
R2(config)#int s0/0/0
R2(config-if)#ip add 12.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int fa0/0
R2(config-if)#ip add 24.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int fa0/1
R2(config-if)#ip add 23.1.1.2 255.255.255.0
R2(config-if)#no sh
R3的配置如下:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#hostname R3
R3(config)#int s0/0/0
R3(config-if)#ip add 34.1.1.3 255.255.255.0
R3(config-if)#clock rate 56000
R3(config-if)#no sh
R3(config-if)#int fa0/1
R3(config-if)#ip add 23.1.1.3 255.255.255.0
R3(config-if)#no sh
R4的配置如下:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#hostname R4
R4(config)#int s0/0/0
R4(config-if)#ip add 34.1.1.4 255.255.255.0
R4(config-if)#no sh
R4(config-if)#int fa0/0
R4(config-if)#ip add 24.1.1.4 255.255.255.0
R4(config-if)#no sh
R4(config-if)#int fa0/1
R4(config-if)#ip add 218.1.1.1 255.255.255.0
R4(config-if)#no sh
SW1的配置如下:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#no ip domain lookup
Switch(config)#hostname SW1
SW1(config)#int vlan 1
SW1(config-if)#ip add 192.168.1.2 255.255.255.0
SW1(config-if)#no sh
SW1(config-if)#exit
SW1(config)#ip default-gateway 192.168.1.1
SW2的配置如下:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#no ip domain lookup
Switch(config)#hostname SW2
SW2(config)#int vlan 1
SW2(config-if)#ip add 192.168.1.3 255.255.255.0
SW2(config-if)#no sh
SW2(config-if)#exit
SW2(config)#ip default-gateway 192.168.1.1
PC1、PC2、PC3和PC4的地址是自动获取,等配置完DHCP后再来查看。
Web 服务器的配置如下:
l 检验
IP地址配置完成后,可以使用“show ip interface brief ”命令进行检查,看所有接口IP地址的配置和接口的状态。比如路由器R2的执行和显示如下:
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 24.1.1.2 YES manual up up
FastEthernet0/1 23.1.1.2 YES manual up up
Serial0/0/0 12.1.1.2 YES manual up up
Serial0/1/0 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
Serial0/3/0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
R2#
在所有设备上ping所有直连设备与本设备接口的IP地址,测试网络的连通性:
R2#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 18/35/78 ms
R2#
3、配置设备的远程登录和密码保护
l 配置
R1的配置如下:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable secret cisco
R1(config)#service password-encryption
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#line vty 0 4
R2(config-line)#password cisco
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret cisco
R2(config)#service password-encryption
R3>en
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#exit
R3(config)#enable secret cisco
R3(config)#service password-encryption
R4>en
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#line vty 0 4
R4(config-line)#password cisco
R4(config-line)#login
R4(config-line)#exit
R4(config)#enable secret cisco
R4(config)#service password-encryption
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#line vty 0 4
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#enable secret cisco
SW1(config)#service password-encryption
SW2>en
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#line vty 0 4
SW2(config-line)#password cisco
SW2(config-line)#login
SW2(config-line)#exit
SW2(config)#enable secret cisco
SW2(config)#service password-encryption
l 检验
在路由器R2上远程登录路由器R1,操作和显示如下:
R2#telnet 12.1.1.1
Trying 12.1.1.1 ...Open
User Access Verification
Password:
R1>en
Password:
R1#
在路由器R2上使用“show running-config ”命令查看密码的显示情况,关键部分的显示如下:
R2#show running-config
Building configuration...
line vty 0 4
password 7 0822455D0A16
login
!
end
4、配置VTP协议
l 配置
SW1的配置如下:
SW1#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW1(vlan)#vtp domain CYSD
Changing VTP domain name from NULL to CYSD
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fa0/23
SW1(config-if)#switchport mode trunk
SW1(config-if)#int fa0/24
SW1(config-if)#switchport mode trunk
SW2的配置如下:
SW2#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW2(vlan)#vtp domain CYSD
Domain name already set to CYSD.
SW2(vlan)#v
SW2(vlan)#vtp client
Setting device to VTP CLIENT mode.
SW2(vlan)#exit
APPLY completed.
Exiting....
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int fa0/23
SW2(config-if)#switchport mode trunk
SW2(config-if)#int fa0/24
SW2(config-if)#switchport mode trunk
因为cisco交换机默认是VTP Server,所以SW1只要配置VTP域名就可以了。特别要注意的是,VTP信息只能在Trunk链路上传输,SW1和SW2之间的两条链路要配置成主干链路。
l 检验
配置完成后,在SW2上使用“show vtp status”命令进行查看,显示结果如下:
SW2#sh vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : CYSD
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE6 0xFE 0x11 0x67 0xCE 0xCC 0xE6 0xD4
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW2#
因为SW1上还没有配置vlan信息,SW1上VTP的配置修正号是0,所以SW2的配置修正号也是0,存在的vlan个数仍然是默认的5个。配置完成后,可以进一步检验VTP的配置。
5、vlan配置
配置vlan
在vtp Server交换机SW1上添加vlan,并把端口加入对应的vlan中,SW1的配置如下:
SW1#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW1(vlan)#vlan 2 name gouzhongxing
VLAN 2 added:
Name: gouzhongxing
SW1(vlan)#vlan 3 name lixiaomeng
VLAN 3 added:
Name: lixiaomeng
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fa0/2
SW1(config-if)#sw
SW1(config-if)#switchport m
SW1(config-if)#switchport mode a
SW1(config-if)#switchport mode access
SW1(config-if)#sw
SW1(config-if)#switchport a
SW1(config-if)#switchport access v
SW1(config-if)#switchport access vlan 2
SW1(config-if)#int fa0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 3
配置完成后,使用“show vlan”命令检查SW1上vlan的配置情况,显示如下:
SW1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Gig1/1, Gig1/2
2 gouzhongxing active Fa0/2
3 lixiaomeng active Fa0/3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
使用“show vtp status”命令检查SW1上的VTP信息,显示如下:
SW1#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : CYSD
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x78 0x1B 0xA3 0x8F 0xCD 0x13 0x17 0x88
Configuration last modified by 192.168.1.2 at 3-1-93 01:54:55
Local updater ID is 192.168.1.2 on interface Vl1 (lowest numbered VLAN interface found)
SW1#
注意到VTP的配置修正号变成了2,存在的VLAN数也变成了7,使用“show vtp status”命令检查SW2上的VTP信息,显示如下:
SW2#sh vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Client
VTP Domain Name : CYSD
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x78 0x1B 0xA3 0x8F 0xCD 0x13 0x17 0x88
Configuration last modified by 192.168.1.2 at 3-1-93 01:54:55
SW2#
从上面的输出中可以看到,SW2上的vlan配置信息与SW1的vlan配置信息同步,VTP仅能同步vlan信息,vlan中包含的端口还需要单独配置,SW2的配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int fa0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 2
SW2(config-if)#int fa0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 3
l 配置vlan间路由
这里要配置单臂路由,借助路由器R1实现vlan 1 、vlan 2 、vlan 3之间的互访。SW1和R1之间的链路要配置成主干链路,SW1配置如下:
SW1>en
Password:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fa0/1
SW1(config-if)#switchport mode trunk
路由器R1的配置如下:
R1>en
Password:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#int fa0/0.1
R1(config-subif)#encapsulation dot1Q 1
R1(config-subif)#ip add 192.168.1.1 255.255.255.0
R1(config-subif)#no sh
R1(config-subif)#int fa0/0.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#ip add 192.168.2.254 255.255.255.0
R1(config-subif)#no sh
R1(config-subif)#int fa0/0.3
R1(config-subif)#encapsulation dot1Q 3
R1(config-subif)#ip add 192.168.3.254 255.255.255.0
R1(config-subif)#no sh
6、配置STP协议。要求配置生成树协议,使SW1为根交换机。
配置前先查看STP协议的运行情况,SW1上显示如下:
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
SW1#
网络中只有两台交换机,既然SW1不是根交换机,那么根交换机是SW2。配置SW1使其成为所有vlan的根交换机,配置命令如下:
SW1(config)#spanning-tree vlan 1,2,3 priority 4096
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 4097
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 4098
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4098 (priority 4096 sys-id-ext 2)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 4099
Address 0001.6472.0D1A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4099 (priority 4096 sys-id-ext 3)
Address 0001.6472.0D1A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/23 Desg FWD 19 128.23 P2p
Fa0/24 Desg FWD 19 128.24 P2p
SW1#
注意,此时SW1已经是根交换机了。
7、配置DHCP
路由器R1的配置如下:
R1>en
Password:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip dhcp excluded-address 192.168.2.254
R1(config)#ip dhcp pool vlan2
R1(dhcp-config)#network 192.168.2.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.2.254
R1(dhcp-config)#dns-server 218.1.1.2
R1(dhcp-config)#exit
R1(config)#ip dhcp excluded-address 192.168.3.254
R1(config)#ip dhcp pool vlan3
R1(dhcp-config)#network 192.168.3.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.3.254
R1(dhcp-config)#dns-server 218.1.1.2
l 检验
使用如下图所示的方法,依次配置PC1、PC2、PC3和PC4,使用DHCP分配。
配置PC自动获取IP地址
配置完成后,在PC1的DOS窗口中查看IP地址的获取情况,显示如下:
在PC1上ping PC2的IP地址,显示如下:
PC1能成功地ping通PC2,表明前面配置的VLAN间路由正确,在PC1上ping PC3,显示如下:
PC1能成功地ping通PC3,表明前面配置的跨交换机vlan内的通信也正确。
8、配置路由协议
在路由器R1上配置默认路由,把所有未知流量都发往Internet,配置命令如下:
R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2
配置R2、R3和R4,运行OSPF路由协议
R2(config)#router ospf 1
R2(config-router)#network 24.1.1.0 0.0.0.255 area 0
R2(config-router)#network 23.1.1.0 0.0.0.255 area 0
R2(config-router)#network 12.1.1.0 0.0.0.255 area 0
R3(config)#router ospf 1
R3(config-router)#network 23.1.1.0 0.0.0.255 area 0
R3(config-router)#network 34.1.1.0 0.0.0.255 area 0
R4(config)#router ospf 1
R4(config-router)#network 24.1.1.0 0.0.0.255 area 0
R4(config-router)#network 34.1.1.0 0.0.0.255 area 0
R4(config-router)#network 218.1.1.0 0.0.0.255 area 0
l 检验
R1#ping 218.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 218.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 93/93/94 ms
R1#
路由器R2的OSPF邻居表显示如下:
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
218.1.1.1 1 FULL/BDR 00:00:36 24.1.1.4 FastEthernet0/0
34.1.1.3 1 FULL/BDR 00:00:34 23.1.1.3 FastEthernet0/1
R2#
路由器E2的路由表显示如下:
R2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, FastEthernet0/1
24.0.0.0/24 is subnetted, 1 subnets
C 24.1.1.0 is directly connected, FastEthernet0/0
34.0.0.0/24 is subnetted, 1 subnets
O 34.1.1.0 [110/782] via 23.1.1.3, 00:04:06, FastEthernet0/1
[110/782] via 24.1.1.4, 00:02:47, FastEthernet0/0
O 218.1.1.0/24 [110/2] via 24.1.1.4, 00:02:33, FastEthernet0/0
R2#
9、配置PPP协议
路由器R1的配置如下:
R1(config)#username R2 password cisco
R1(config)#int s0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
路由器R2的配置如下:
R2(config)#username R1 password cisco
R2(config)#int s0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authentication chap
测试
R1#ping 218.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 218.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 63/81/93 ms
R1#
R1可以成功ping通服务器,PPP的CHAP验证成功。
10、配置NAT
在路由器R1上配置动态PAT,使4台PC都可以通过R1访问Internet,R1的配置如下:
R1(config)#int fa0/0.2
R1(config-subif)#ip nat inside
R1(config-subif)#int fa0/0.3
R1(config-subif)#ip nat inside
R1(config-subif)#int s0/0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#access-list 1 permit 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit 192.168.3.0 0.0.0.255
R1(config)#ip nat inside source list 1 int s0/0/0 overload
R1(config)#
在路由器R1上配置静态PAT,使Internet可以通过路由器R1的TCP 2323端口Telnet登录到SW1。R1的配置如下:
R1(config)#int fa0/0.1
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#ip nat inside source static tcp 192.168.1.2 23 12.1.1.1 2323
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
测试
在PC1上ping Web服务器的IP地址,显示如下:
PC>ping 218.1.1.2
Pinging 218.1.1.2 with 32 bytes of data:
Reply from 218.1.1.2: bytes=32 time=203ms TTL=125
Reply from 218.1.1.2: bytes=32 time=125ms TTL=125
Reply from 218.1.1.2: bytes=32 time=125ms TTL=125
Reply from 218.1.1.2: bytes=32 time=156ms TTL=125
Ping statistics for 218.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 203ms, Average = 152ms
PC>
11、配置ACL 。配置路由器R1,拒绝vlan 2 的主机访问Web 服务器的WWW服务,其他服务不受影响。
配置ACL前,在PC1上访问www.cysd.com ,显示如图:
PC1浏览Web服务器成功
接下来配置ACL,路由器R1的配置如下:
R1(config)#access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 218.1.1.2 eq 80
R1(config)#access-list 100 permit ip any any
R1(config)#int fa0/0.2
R1(config-subif)#ip access-group 100 in
在PC1上访问www.cysd.com ,如图所示:
PC1浏览Web服务器失败
PC1浏览Web服务器失败,在PC1上ping Web服务器的IP地址,显示如下:
PC>ping 218.1.1.2
Pinging 218.1.1.2 with 32 bytes of data:
Reply from 218.1.1.2: bytes=32 time=125ms TTL=125
Reply from 218.1.1.2: bytes=32 time=140ms TTL=125
Reply from 218.1.1.2: bytes=32 time=156ms TTL=125
Reply from 218.1.1.2: bytes=32 time=108ms TTL=125
Ping statistics for 218.1.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 156ms, Average = 132ms
PC>
PC1仍可以成功ping通Web服务器。
至此,综合实验配置全部完成。