企业网技术
一,实验目的:
1,掌握vlan技术
2,中继口
3,DHCP技术
4,默认与静态路由
5,远程控制
6,PAT技术
7,端口映射
二,实验拓扑:
三,实验步骤:
1,划分,添加vlan和添加中继口
SW2配置(系于trunk口):
[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]quit
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 10
[SW2-Ethernet0/0/1]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 20
[SW2-Ethernet0/0/2]quit
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
SW3配置(系于hybird口):
[SW3]vlan 10
[SW3]vlan 20
[SW3-vlan20]int e0/0/3
[SW3-Ethernet0/0/3]port link-type hybrid
[SW3-Ethernet0/0/3]port hybrid pvid vlan 10
[SW3-Ethernet0/0/3]port hybrid untagged vlan 10
[SW3-Ethernet0/0/3]int e0/0/4
[SW3-Ethernet0/0/4]port link-type hybrid
[SW3-Ethernet0/0/4]port hybrid pvid vlan 20
[SW3-Ethernet0/0/4]port hybrid untagged vlan 20
[SW3-Ethernet0/0/4]int g0/0/1
[SW3-GigabitEthernet0/0/1]port hybrid tagged vlan 10 20
SW1配置:
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port hybrid tagged vlan 10 20
2,DHCP配置:
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]int vlan 10
[SW1-Vlanif10]ip add 192.168.10.1 24
[SW1-Vlanif10]undo shut
[SW1-Vlanif10]int vlan 20
[SW1-Vlanif20]ip add 192.168.20.1 24
[SW1-Vlanif20]undo shut
[SW1]dhcp enable
[SW1-Vlanif10]int vlan 10
[SW1-Vlanif10]dhcp select interface
[SW1-Vlanif10]int vlan 20
[SW1-Vlanif20]dhcp select interface
至此pc可以获取ip,任意pc能ping通
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fecf:9011
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.254
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.1
Physical address..................: 54-89-98-CF-90-11
DNS server........................:
PC>ping 192.168.20.253
Ping 192.168.20.253: 32 data bytes, Press Ctrl_C to break
From 192.168.20.253: bytes=32 seq=1 ttl=127 time=125 ms
From 192.168.20.253: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.20.253: bytes=32 seq=3 ttl=127 time=47 ms
From 192.168.20.253: bytes=32 seq=4 ttl=127 time=78 ms
From 192.168.20.253: bytes=32 seq=5 ttl=127 time=63 ms
--- 192.168.20.253 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/78/125 ms
3,三层交换机与路由器互通
SW1配置:
[SW1]vlan 5
[SW1-vlan5]description text
[SW1-Vlanif5]int vlan 5
[SW1-Vlanif5]ip add 1.1.1.1 24
[SW1-Vlanif5]undo shut
[SW1-Vlanif5]int g0/0/24
[SW1-GigabitEthernet0/0/24]port hybrid pvid vlan 5
[SW1-GigabitEthernet0/0/24]port hybrid untagged vlan 5
AR1配置:
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 1.1.1.2 24
[AR1-GigabitEthernet0/0/0]undo shut
至此SW1与AR1能ping通
[SW1-GigabitEthernet0/0/24]ping 1.1.1.2
PING 1.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.2: bytes=56 Sequence=1 ttl=255 time=260 ms
Reply from 1.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 1.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 1.1.1.2: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 1.1.1.2: bytes=56 Sequence=5 ttl=255 time=50 ms
--- 1.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/72/260 ms
4,让任意pc能ping通路由器接口
SW1配置:
[SW1]ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
AR1配置:
[AR1]ip route-static 192.168.10.0 24 1.1.1.1
[AR1]ip route-static 192.168.20.0 24 1.1.1.1
至此pc能ping通AR1
PC>ping 1.1.1.2
Ping 1.1.1.2: 32 data bytes, Press Ctrl_C to break
From 1.1.1.2: bytes=32 seq=1 ttl=254 time=63 ms
From 1.1.1.2: bytes=32 seq=2 ttl=254 time=46 ms
From 1.1.1.2: bytes=32 seq=3 ttl=254 time=47 ms
From 1.1.1.2: bytes=32 seq=4 ttl=254 time=47 ms
From 1.1.1.2: bytes=32 seq=5 ttl=254 time=47 ms
--- 1.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 46/50/63 ms
5, 使AR1能远程控制SW1
SW1配置:
[SW1]user-interface vty0 4
[SW1-ui-vty0-4]authentication-mode aaa
[SW1-ui-vty0-4]quit
[SW1-aaa]local-user text password cipher abc privilege level 3
[SW1-aaa]local-user text service-type telnet terminal
至此AR1能控制SW1了
<AR1>telnet 1.1.1.1
Press CTRL_] to quit telnet mode
Trying 1.1.1.1 ...
Connected to 1.1.1.1 ...
Login authentication
Username:text
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-10-24 19:10:52.
<SW1>
6,PAT配置
AR1配置:
[AR1]acl 2000
[AR1-acl-basic-2000]rule 5 permit source any
[AR1-acl-basic-2000]int g0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2000
至此任意pc能ping通AR2了
PC>ping 202.106.1.2
Ping 202.106.1.2: 32 data bytes, Press Ctrl_C to break
From 202.106.1.2: bytes=32 seq=1 ttl=253 time=47 ms
From 202.106.1.2: bytes=32 seq=2 ttl=253 time=78 ms
From 202.106.1.2: bytes=32 seq=3 ttl=253 time=78 ms
From 202.106.1.2: bytes=32 seq=4 ttl=253 time=78 ms
From 202.106.1.2: bytes=32 seq=5 ttl=253 time=93 ms
--- 202.106.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/74/93 ms
7,端口映射配置
AR1配置:
[AR1]ip route-static 0.0.0.0 0.0.0.0 202.106.1.2
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]nat server protocol tcp global 218.8.8.8 23 inside 1.1 .1.1 23
AR2配置:
[AR2]ip route-static 218.8.8.8 32 202.106.1.1
至此AR2能远程控制SW1了
<AR2>telnet 218.8.8.8
Press CTRL_] to quit telnet mode
Trying 218.8.8.8 ...
Connected to 218.8.8.8 ...
Login authentication
Username:text
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-10-24 19:43:11.
<SW1>
企业网技术已经差不多了,我到此结束