网络设备互联课程设计.doc可修改原格式下载

资源描述

1、一、实习目的与要求课程设计是网络管理技术教学活动中的一个重要环节，其目的是帮助学生全面梳理和掌握课程内容，培养学生的实际动手能力和综合实践能力，进一步提升学生的综合素质。网络管理技术课程设计的要求是：掌握交换机的基本配置、VLAN 配置等；掌握采用单臂路由、3 层交换机配置 VLAN 间的通信；掌握生成树、快速生成树基本原理与配置方法；掌握端口聚合基本原理与配置方法；熟悉路由器的主要功能、常用的路由协议、路由器的基本配置、静态路由和动态路由配置等；了解和熟悉网络安全管理方法，包括 NAT 转换、ACL 访问控制等。给定拓扑图能够使用交换机、路由器进行组网，对已组建的网络进行测试和性能分析，

2、排查相关故障，调试网络，使网络正常运行，从而提高学生分析问题和解决问题的能力。学会根据需求组建相应的网络环境，综合运用多种网络管理的方法手段对网络进行管理，提高学生的综合实践能力。二、实习内容 1. 交换机管理配置方法梳理交换机基本配置交换机端口的基本配置查看交换机的相关信息 VLAN、Trunk、RSTP 的配置 VLAN、Trunk、RSTP 配置结果的查看交换机配置错误的排除与诊断 2. 路由器管理配置方法梳理路由器的基本配置静态路由、默认路由与浮动路由的配置配置静态路由使不通网段之间互通 RIP、OSPF 协议的配置路由器角色认证 PPP、CHAP 熟悉解读路由表项

3、路由器配置错误的排除与诊断 3. 网络安全管理配置方法梳理交换机端口安全配置 ACL、NAT、SNMP的配置网络安全配置错误的排除与诊断 4. 综合实验 xx园区网络拓扑图1所示，要求全网互通。即，连接在VALN1 0、VLAN20、VLAN30、VLAN40主机互相都能够ping通，且都能够ping通100.1.1.2。VALN1 0、VALN2 0中的主机能够访问100.1.1.2的www服务，但不能访问ftp服务，VLAN30、VLAN40中的主机不能够访问100.1.1.2的www服务，但能访问ftp服务。路由器、交换机基本配置见文档的第六部分参考资料，现完成如下工作。 5. 园区

4、网络拓扑图三、具体配置1、二层交换机SwitchenableSwitch#configure terminal为二层交换机命名，划分vlan并将端口划分到vlan中Switch(config)#hostname L2-SWL2-SW(config)#vlan 10L2-SW(config-vlan)#exitL2-SW(config)#vlan 20L2-SW(config-vlan)#exitL2-SW(config)#vlan 30L2-SW(config-vlan)#exitL2-SW(config)#interface range fastethernet 0/1-5L2-SW(con

5、fig-if-range)#switchport access vlan 10L2-SW(config-if-range)#exitL2-SW(config)#interface range fastethernet 0/6-10L2-SW(config-if-range)#switchport access vlan 20L2-SW(config-if-range)#exitL2-SW(config)#interface range fastethernet 0/11-15L2-SW(config-if-range)#switchport access vlan 30L2-SW(config

6、-if-range)#exitL2-SW(config)#配置端口聚合L2-SW(config)#interface range fastethernet 0/23-24L2-SW(config-if-range)#channel-group 1 mode onL2-SW(config-if-range)#exitL2-SW(config)#将聚合端口设置为trunkL2-SW(config)#interface port-channel 1 L2-SW(config-if)#switchport mode trunkL2-SW(config-if)#exitL2-SW(config)#exi

7、t2、在三层交换机的配置SwitchenableSwitch#configure terminal在三成交换机上添加vlan，为vlan添加端口，并配置SVI端口Switch(config)#hostname L3-SWL3-SW(config)#vlan 10L3-SW(config-vlan)#exitL3-SW(config)#vlan 20L3-SW(config-vlan)#exitL3-SW(config)#vlan 30L3-SW(config-vlan)#exitL3-SW(config)#vlan 40L3-SW(config-vlan)#exitL3-SW(config)#

8、interface fastethernet 0/8L3-SW(config-if)#switchport mode accessL3-SW(config-if)#switchport access vlan 40L3-SW(config-if)#exitL3-SW(config)# interface fastethernet 0/10L3-SW(config-if)#no switchportL3-SW(config-if)#ip address 172.16.2.2 255.255.255.252L3-SW(config-if)#exitL3-SW(config)#interface v

9、lan 10L3-SW(config-if)#ip address 172.16.10.1 255.255.255.0L3-SW(config-if)#no shutdownL3-SW(config-if)#exitL3-SW(config)#interface vlan 20L3-SW(config-if)#ip address 172.16.20.1 255.255.255.0L3-SW(config-if)#no shutdownL3-SW(config-if)#exitL3-SW(config)#interface vlan 30L3-SW(config-if)#ip address

10、172.16.30.1 255.255.255.0L3-SW(config-if)#no shutdownL3-SW(config-if)#exitL3-SW(config)#interface vlan 40L3-SW(config-if)#ip address 172.16.40.1 255.255.255.0L3-SW(config-if)#no shutdownL3-SW(config-if)#exitL3-SW(config)#L3-SW(config)#exit配置端口聚合L3-SW(config)#interface range f0/23-24L3-SW(config-if-r

11、ange)#channel-group 1 mode on L3-SW(config-if-range)#exit将聚合端口设为trunkL3-SW(config)#interface port-channel 1 L3-SW(config-if)#switchport mode trunkL3-SW(config-if)#exitL3-SW(config)#配置OSPFL3-SW(config)#router ospf 1L3-SW(config-router)#network 172.16.10.0 0.0.0.255 area 0L3-SW(config-router)#network

12、172.16.20.0 0.0.0.255 area 0L3-SW(config-router)#network 172.16.30.0 0.0.0.255 area 0L3-SW(config-router)#network 172.16.40.0 0.0.0.255 area 0L3-SW(config-router)#network 172.16.2.0 0.0.0.3 area 0L3-SW(config-router)#end3、路由器的配置RouterB的配置给路由器命名，为端口配置IP地址RouterenableRouter#configure terminalRouter(co

13、nfig)#hostname RouterBRouterB(config)#interface f1/0RouterB(config-if)#ip address 172.16.2.1 255.255.255.252RouterB(config-if)#no shutdownRouterB(config-if)#exit配置PPP协议和PAP认证，RouterB为验证方，用户名为ahau，口令为passwordRouterB(config)#username ahau password 0 passwordRouterB(config)#interface s2/0RouterB(config

14、-if)#encapsulation pppRouterB(config-if)#ip address 172.16.1.2 255.255.255.252RouterB(config-if)#ppp authentication papRouterB(config-if)#no shutdownRouterB(config-if)#exit配置OSPFRouterB(config)#router ospf 1RouterB(config-router)#network 172.16.2.0 0.0.0.3 area 0RouterB(config-router)#network 172.16

15、.1.0 0.0.0.3 area 0RouterB(config-router)#exitRouterB(config)#end由于RouterB靠源地址比RouterA近，所有在RouterB上配置访问控制列表RouterB(config)#ip access-list extended access-serviceRouterB(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 host 100.1.1.2 eq wwwRouterB(config-ext-nacl)#deny tcp 172.16.40.0 0.0.0.255 host 1

16、00.1.1.2 eq wwwRouterB(config-ext-nacl)#deny tcp 172.16.10.0 0.0.0.255 host 100.1.1.2 eq ftpRouterB(config-ext-nacl)#deny tcp 172.16.20.0 0.0.0.255 host 100.1.1.2 eq ftpRouterB(config-ext-nacl)#permit ip any anyRouterB(config-ext-nacl)#exitRouterB(config)#interface f1/0RouterB(config-if)#ip access-g

17、roup access-service inRouterB(config-if)#endRouterB#RouterA的配置给路由器命名，为端口配置IP地址RouterenableRouter#configure terminalRouter(config)#hostname RouterARouterA(config)#interface f1/0RouterA(config-if)#ip address 100.1.1.1 255.255.255.240RouterA(config-if)#no shutdownRouterA(config-if)#exitRouterA(config)#

18、配置PPP协议和PAP认证，RouterA为被验证方，用户名为ahau，口令为passwordRouterA(config)#interface s2/0RouterA(config-if)#encapsulation pppRouterA(config-if)#ip address 172.16.1.1 255.255.255.252RouterA(config-if)#ppp pap sent-username ahau password 0 passwordRouterA(config-if)#no shutdownRouterA(config-if)#exit配置OSPFRouterA

19、(config)#router ospf 1RouterA(config-router)#network 172.16.1.0 0.0.0.3 area 0RouterA(config-router)#network 100.1.1.0 0.0.0.15 area 0RouterA(config-router)#end四、参考配置1、二层交换机配置查看L2-SW#show running-configBuilding configuration.Current configuration : 1799 bytes!version 12.2no service timestamps log da

20、tetime msecno service timestamps debug datetime msecno service password-encryption!hostname L2-SW!interface FastEthernet0/1 switchport access vlan 10!interface FastEthernet0/2 switchport access vlan 10!interface FastEthernet0/3 switchport access vlan 10!interface FastEthernet0/4 switchport access vl

21、an 10!interface FastEthernet0/5 switchport access vlan 10!interface FastEthernet0/6 switchport access vlan 20!interface FastEthernet0/7 switchport access vlan 20!interface FastEthernet0/8 switchport access vlan 20!interface FastEthernet0/9 switchport access vlan 20!interface FastEthernet0/10 switchp

22、ort access vlan 20s!interface FastEthernet0/11 switchport access vlan 30!interface FastEthernet0/12 switchport access vlan 30!interface FastEthernet0/13 switchport access vlan 30!interface FastEthernet0/14 switchport access vlan 30!interface FastEthernet0/15 switchport access vlan 30!interface FastE

23、thernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23 channel-group 1 mode on switchport mode trunk!interface FastEthernet0/24 channel-group 1 mode on sw

24、itchport mode trunk!interface GigabitEthernet1/1!interface GigabitEthernet1/2!interface Port-channel 1 switchport mode trunk!interface Vlan1 no ip address shutdown!line con 0!line vty 0 4 loginline vty 5 15 login!End2.三层交换机配置查看L3-SW#show running-configBuilding configuration.Current configuration : 1

25、819 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname L3-SW!ip routing!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface F

26、astEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8 switchport access vlan 40 switchport mode access!interface FastEthernet0/9!interface FastEthernet0/10 no switchport ip address 172.16.2.2 255.255.255.252 duplex auto speed auto!interface FastEthernet0/11!interface FastEthernet0/12!in

27、terface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23 chann

28、el-group 1 mode on switchport mode trunk!interface FastEthernet0/24 channel-group 1 mode on switchport mode trunk!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Port-channel 1 switchport mode trunk!interface Vlan1 no ip address shutdown!interface Vlan10 ip address 172.16.10.1 25

29、5.255.255.0!interface Vlan20 ip address 172.16.20.1 255.255.255.0!interface Vlan30 ip address 172.16.30.1 255.255.255.0!interface Vlan40 ip address 172.16.40.1 255.255.255.0!router ospf 1 log-adjacency-changes network 172.16.10.0 0.0.0.255 area 0 network 172.16.20.0 0.0.0.255 area 0 network 172.16.3

30、0.0 0.0.0.255 area 0 network 172.16.40.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.3 area 0!ip classless!line con 0line vty 0 4 login!EndL3-SW#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSP

31、F NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last

32、resort is not set 100.0.0.0/28 is subnetted, 1 subnetsO 100.1.1.0 110/783 via 172.16.2.1, 02:09:49, FastEthernet0/10 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masksO 172.16.1.0/30 110/782 via 172.16.2.1, 02:09:49, FastEthernet0/10C 172.16.2.0/30 is directly connected, FastEthernet0/10C 172.1

33、6.10.0/24 is directly connected, Vlan10C 172.16.20.0/24 is directly connected, Vlan20C 172.16.30.0/24 is directly connected, Vlan30C 172.16.40.0/24 is directly connected, Vlan403.RouterB配置查看RouterB#show running-configBuilding configuration.Current configuration : 1151 bytes!version 12.2no service ti

34、mestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname RouterB!username ahau password 0 password!interface FastEthernet0/0 no ip address duplex auto speed auto shutdown!interface FastEthernet1/0 ip address 172.16.2.1 255.255.255.252 ip access-group

35、 access-service in duplex auto speed auto!interface Serial2/0 ip address 172.16.1.2 255.255.255.252 encapsulation ppp ppp authentication pap clock rate 64000!interface Serial3/0 no ip address shutdown!interface FastEthernet4/0 no ip address shutdown!interface FastEthernet5/0 no ip address shutdown!r

36、outer ospf 1 log-adjacency-changes network 172.16.2.0 0.0.0.3 area 0 network 172.16.1.0 0.0.0.3 area 0!ip classless!ip access-list extended access-service deny tcp 172.16.30.0 0.0.0.255 host 100.1.1.2 eq www deny tcp 172.16.40.0 0.0.0.255 host 100.1.1.2 eq www deny tcp 172.16.10.0 0.0.0.255 host 100

37、.1.1.2 eq ftp deny tcp 172.16.20.0 0.0.0.255 host 100.1.1.2 eq ftp permit ip any any!line con 0line vty 0 4 login!EndRouterB#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external ty

38、pe 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not set

39、100.0.0.0/28 is subnetted, 1 subnetsO 100.1.1.0 110/782 via 172.16.1.1, 02:11:47, Serial2/0 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masksC 172.16.1.0/30 is directly connected, Serial2/0C 172.16.2.0/30 is directly connected, FastEthernet1/0O 172.16.10.0/24 110/2 via 172.16.2.2, 02:11:27, Fa

40、stEthernet1/0O 172.16.20.0/24 110/2 via 172.16.2.2, 02:11:27, FastEthernet1/0O 172.16.30.0/24 110/2 via 172.16.2.2, 02:11:27, FastEthernet1/0O 172.16.40.0/24 110/2 via 172.16.2.2, 02:11:27, FastEthernet1/04、RouterA配置查看RouterA#show running-configBuilding configuration.Current configuration : 811 byte

41、s!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname RouterA! !interface FastEthernet0/0 no ip address duplex auto speed auto shutdown!interface FastEthernet1/0 ip address 100.1.1.1 255.255.255.240 duplex auto speed aut

42、o!interface Serial2/0 ip address 172.16.1.1 255.255.255.252 encapsulation ppp ppp pap sent-username ahau password 0 password!interface Serial3/0 no ip address shutdown!interface FastEthernet4/0 no ip address shutdown!interface FastEthernet5/0 no ip address shutdown!router ospf 1 log-adjacency-change

43、s network 172.16.1.0 0.0.0.3 area 0 network 100.1.1.0 0.0.0.15 area 0!ip classless!line con 0line vty 0 4 login!EndRouterA#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type

44、 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not set 100.0.0.0/28 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet1/0 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masksC 172.16.1.0/30 is directly connected, Serial2/0O 172.16.2.0/30 110/782 via 172.16.1.2, 0

展开阅读全文