路由与交换实习实验报告参考.doc

1、精品文档实验报告【实验网络拓扑结构】.精品文档【实验目的】1.实现校园网网络连通1)利用静态路由实现汇聚交换机和路由器与核心路由器间连通2)利用 rip 实现内部汇聚交换机与核心路由器间连通3)利用 ospf 实现汇聚路由器与核心路由器连通4)通过设置单臂路由使教学楼1 和教学楼2 能互相连通5)对学生宿舍楼和教学楼分别划分vlan2.在核心路由器上实现nat 转换，使内部网络能访问internet3.设置标准acl 规则：禁止外部用户访问内部网络4.设置扩展acl 规则：仅允许内部用户访问数据中心的80,21 端口6.在核心路由与出口路由间运用ppp 协议配置最后要求将检测结果放入一个WOR

2、D 文档中，文件名为：学号 -大作业 .DOC 中给出网络互通的效果，将PING 截图在各网络设备上，用SHOW RUN 命令对交换机，还要求 SHOW VLAN ， show int ip switchport 对路由器，还要求 SHOW IP ROUTE对 NAT ，要求用 PING T ，及 DEBUG IP NA T对 ACL ， 要求检测相关口或VLAN的 ACL 表， SHOW IP INT端口号【实验中运用的知识点】1）静态路由2） Rip3） Ospf4） nat 转换5）标准访问控制列表规则6）扩展访问控制列表规则.精品文档7）划分 vlan8）单臂路由9）广域网协议ppp【

3、实验配置步骤】第一部分配置内部网络连通注意：配置中省略了各端口的ip 配置，相信端口ip 可以从拓扑图中反应1）接入交换机 1 配置划分 vlanSwitch(config)#int fa0/2Switch(config-if)#switchport access vlanSwitch(config-if)#switchport access vlan 2Switch(config)#int fa0/3Switch(config-if)#switchport access vlan 3Switch(config)#int fa0/1Switch(config-if)#switchport tr

4、unk encapsulation dot1q（ 2960 等交换机只支持802.1q 协议，这里忽略）Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk allowed vlan allSwitch(config-if)#exit2）汇聚路由器配置设置单臂路由Router(config)#interface fa0/0.1配置子接口这是配置单臂路由的关键，这个接口是个逻辑接口，并不是实际存在的物理接口，但是功能却和物理接口是一样的。Router(config-subif)#encapsulatio

5、n dot1q 2 为这个接口配置802.1Q 协议，最后面的2 是vlan 号，这也是关键部分Router(config-subif)#ip address 54 为该接口划分ip 地址。Router(config-subif)#exitRouter(config)#interface fa0/0.2Router(config-subif)#encapsulation dot1q 3 .Router(config-subif)#ip address 54 Router(config-subif)#

6、end设置 ospfRouter(config)#router ospf 100Router(config-router)#network 55 area 0Router(config-router)#network 55 area 0设置静态路由Router(config)#ip route 013）接入交换机2 配置创建 vlan4 vlan5Switch(config)#intvlan4Switch(config)#intvlan5.精品文档Switch(co

7、nfig)#int fa0/2Switch(config-if)#switchport access vlan 4Switch(config)#int fa0/3Switch(config-if)#switchport access vlan 54）汇聚交换机配置为 vlan4 和 vlan5 设置 sviSwitch(config)#int vlan 4Switch(config-if)#ip address 54Switch(config)#int vlan 5Switch(config-if)#ip address 54设置 trunkSwitch

8、(config)#int fa0/1Switch(config-if)#switchport mode trunk设置 ripSwitch(config)#router ripSwitch(config-router)#network 设置静态路由Router(config)#ip route 015）核心路由器配置设置静态路由Router(config)#ip route 00Router(config)#ip route 172.16

9、.4.100设置 ripRouter(config)#router ripRouter(config-router)#network Router(config-router)#network 设置 ospfRouter(config)#router ospf 100Router(config-router)#network 55 area 06）汇聚交换机2 配置设置静态路由Switch(config)#ip route 01至此，内部网络均能互相连通，接下来我们先

10、配置nat 使内网可以连通外网第二部分设置 nat 转换，使内部用户能访问外部网络核心路由器（nat ）配置Router(config)#int fa0/0Router(config-if)#ip nat inside/将该接口标记为内部接口Router(config)#int fa1/0Router(config-if)#ip nat inside/将该接口标记为内部接口Router(config)#int fa7/0/将该接口标记为内部接口Router(config-if)#ip nat inside.精品文档Router(config)#int se2/0Router(config-if

11、)#ip nat outside/将该接口标记为外部接口Router(config)#access-list 10 permit 55Router(config)#access-list 10 permit 55Router(config)#access-list 10 permit 55Router(config)#access-list 10 permit 55Router(config)#access-list 10 permit 17

12、 55Router(config)#access-list 10 permit 55Router(config)#access-list 10 permit 55/定义标准访问控制列表10 只允许定义的地址能够被转换Router(config)#ip nat pool out 0 0 netmask /定义名称为 out 的地址池。Router(config)#ip nat inside source list 10

13、pool out/将访问控制列表定义的地址和地址池关联这样就有前内部主机能够得到公网地址。第三部分设置 acl 规则首先设置出口路由器和核心路由器使外部网络与内部网络连通出口路由器配置设置静态路由Router(config)#ip route 核心路由器配置设置静态路由Router(config)#ip route 00在出口路由器上做如下配置设置标准访问控制列表规则如下：1) 禁止外部用户访问内部网络Router(config)#access-list 11 deny anyR

14、outer(config)#int fa0/0Router(config-if)#ip access-group 11 in在核心路由器上做如下配置设置扩展访问控制列表规则如下2) 仅允许内部用户访问数据中心的80,21 端口Router(config)#ip access-list extended testRouter(config-ext-nacl)#permit tcp any any eq 80Router(config-ext-nacl)#permit tcp any any eq 21Router(config-ext-nacl)#deny ip any anyRouter(co

15、nfig)#int fa7/0Router(config-if)#ip access-group test out第四部分广域网协议 ppp 设置出口路由器配置Router(config)#hostname R1R1(config)#username R2 password zglR1(config)#int se2/0.精品文档R1(config-if)#en pppR1(config-if)#ppp authentication chap核心路由器配置Router(config)#hostname R2R2(config)#username R1 password zglR2(config

16、)#interface se2/0R2(config-if)#en ppp【实验检测】网络互通测试截图如下：教学楼到汇聚路由器.精品文档教学楼到核心路由器教学楼到宿舍楼教学楼到数据中心.精品文档教学楼到外部网络宿舍楼到教学楼宿舍楼到数据中心宿舍楼到外部网络.精品文档外部网络到教学楼外部网络到宿舍楼.精品文档外部网络到数据中心Nat 转换测试：在核心路由器上debug ip nat截图如下：Acl 规则测试在核心路由器Show ip端口.精品文档、Router#show ip interface fa7/0FastEthernet7/0 is up, line protocol is up (c

17、onnected)Internet address is 01/8Broadcast address is 55Address determined by setup commandMTU is 1500Helper address is not setDirected broadcast forwarding is disabledOutgoing access list is testInboundaccess list is not setProxy ARP is enabledSecurity level is defaultSplit hor

18、izon is enabledICMP redirects are always sentICMP unreachables are always sentICMP mask replies are never sentIP fast switching is disabledIP fast switching on the same interface is disabledIP Flow switching is disabledIP Fast switching turbo vectorIP multicast fast switching is disabledIP multicast

19、 distributed fast switching is disabledRouter Discovery is disabledIP output packet accounting is disabledIP access violation accounting is disabledTCP/IP header compression is disabled.精品文档RTP/IP header compression is disabledProbe proxy name replies are disabledPolicy routing is disabledNetwork ad

20、dress translation is disabledWCCP Redirect outbound is disabledWCCP Redirect exclude is disabledBGP Policy Mapping is disabled在出口路由器Show ip端口Router#show ip interface fa0/0FastEthernet0/0 is up, line protocol is up (connected)Internet address is 00/24Broadcast address is 55A

21、ddress determined by setup commandMTU is 1500Helper address is not setDirected broadcast forwarding is disabledOutgoing access list is not setInboundaccess list is 11Proxy ARP is enabledSecurity level is defaultSplit horizon is enabledICMP redirects are always sentICMP unreachables are always sentIC

22、MP mask replies are never sentIP fast switching is disabledIP fast switching on the same interface is disabledIP Flow switching is disabledIP Fast switching turbo vectorIP multicast fast switching is disabledIP multicast distributed fast switching is disabledRouter Discovery is disabled.精品文档IP outpu

23、t packet accounting is disabledIP access violation accounting is disabledTCP/IP header compression is disabledRTP/IP header compression is disabledProbe proxy name replies are disabledPolicy routing is disabledNetwork address translation is disabledWCCP Redirect outbound is disabledWCCP Redirect exc

24、lude is disabledBGP Policy Mapping is disabled在汇聚路由及核心路由上show ospf neighbor核心路由器上show run,show ip routerR2#show runBuilding configuration.Current configuration : 1724 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!host

25、name R2!username R1 password 0 zgl!interface FastEthernet0/0ip address 01 ip nat insideduplex autospeed auto.精品文档!interface FastEthernet1/0ip address 01 ip nat insideduplex autospeed auto!interface Serial2/0ip address encapsul

26、ation pppppp authentication chap ip nat outsideclock rate 64000!interface Serial3/0no ip addressshutdown!interface FastEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!interface GigabitEthernet6/0no ip addressduplex autospeed autoshutdown!interface FastEthernet7/0ip ad

27、dress 01 ip access-group test outip nat insideduplex autospeed auto!router ospf 100log-adjacency-changesnetwork 55 area 0!router rip.精品文档network network !ip nat pool out 0 0 netmask ip nat inside source

28、list 10 pool outip classlessip route 00ip route 00ip route 00!access-list 10 permit 55access-list 10 permit 55access-list 10 permit 55access-list 10 permit 172.1

29、6.0.0 55access-list 10 permit 55access-list 10 permit 55ip access-list extended testpermit tcp any any eq wwwpermit tcp any any eq ftpdeny ip any any!no cdp run!line con 0line vty 0 4loginEndR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP,

30、 M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate defaul

31、t, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is 00 to network C/8 is directly connected, FastEthernet7/0.精品文档/24 is subnetted, 3 subnetsR 120/1 via 00, 00:00:21, FastEthernet1/0R 120/

32、1 via 00, 00:00:21, FastEthernet1/0C is directly connected, FastEthernet1/0O /24 110/2 via 00, 00:40:37, FastEthernet0/0C/24 is directly connected, FastEthernet0/0C/24 is directly connected, Serial2/0S*/0 1/0 via 001/

33、0 via 001/0 via 00在汇聚交换机1 上 show vlanSwitch#show vlanVLAN NameStatusPorts- - - -1defaultactiveFa0/3, Fa0/5, Fa0/6, Fa0/7Fa0/8, Fa0/9, Fa0/10, Fa0/11Fa0/12, Fa0/13, Fa0/14, Fa0/15Fa0/16, Fa0/17, Fa0/18, Fa0/19Fa0/20, Fa0/21, Fa0/22, Fa0/23Fa0/24, Gig0/1, Gig0/24VLAN0004activeF

34、a0/455active6VLAN0006activeFa0/21002 fddi-defaultact/unsup1003 token-ring-defaultact/unsup1004 fddinet-defaultact/unsup1005 trnet-defaultact/unsupVLAN TypeSAIDMTUParent RingNo BridgeNo StpBrdgMode Trans1 Trans2- - - - - - - - - - -1enet1000011500-004enet1000041500-005enet1000051500-006enet1000061500

35、-001002 fddi1010021500-001003 tr1010031500-001004 fdnet 1010041500-ieee -001005 trnet 1010051500-ibm-00Remote SPAN VLANs-.精品文档Primary Secondary TypePorts- - - -在汇聚路由器上show ip routerRouter#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP exte

36、rnal, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODR P - perio

37、dic downloaded static routeGateway of last resort is 01 to network C /24 is directly connected, FastEthernet0/0.1C/24 is directly connected, FastEthernet0/0.2C/24 is directly connected, FastEthernet0/1S*/0 1/0 via 01汇聚交换机2 上 show v

38、lanSwitch#show vlanVLAN NameStatusPorts- - - -1defaultactiveFa0/3, Fa0/4, Fa0/5, Fa0/6Fa0/7, Fa0/8, Fa0/9, Fa0/10Fa0/11, Fa0/12, Fa0/13, Fa0/14Fa0/15, Fa0/16, Fa0/17, Fa0/18Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24, Gig0/1, Gig0/22VLAN0002activeFa0/23VLAN0003activeFa0/11002 fddi-defaultact/unsup1

39、003 token-ring-defaultact/unsup1004 fddinet-defaultact/unsup1005 trnet-defaultact/unsupVLAN TypeSAIDMTUParent RingNo BridgeNo StpBrdgMode Trans1 Trans2- - - - - - - - - - -1enet1000011500-002enet1000021500-003enet1000031500-00.精品文档1002 fddi1010021500-001003 tr1010031500-001004 fdnet 1010041500-ieee -001005 trnet 1010051500-ibm-00Remote SPAN VLANs-Primary Secondary TypePorts- - - -出口路由器上show run 及 show ip routerR1#show runBuilding configuration.Current configuration : 840 bytes!version 12.2no service timestamps log dat