计算机网络管理员中级实做题姓名：_______ 分数：________背景介绍：分公司和总公司分别属于不同的网段，部门之间用路由器进行信息传递，为了安全起见，分公司领导要求部门主机只能访问总公司服务器的WWW服务，不能对其使用ICMP服务。

实验要求：1、、分公司出口路由器与外部路由器之间通过V.35电缆串口连接，DCE端连接在R2上，配置其时钟频率64000；主机与路由器通过交叉线连接；。

（10分）评分标准：正确配置DCE端，配置时钟频率得10分，正确配置Ip地址得4分。

2、配置PC机、服务器及路由器接口IP地址（10分）评分标准：正确配置ip地址得8分，错配或漏配0分3、在各路由器上配置静态路由协议，让PC间能互相ping通，因为只有在互通的前提下才能涉及到访问控制列表；（20分）评分标准：正确配置静态路由格式得12分，配置网络正确得8分4、在R2上配置编号的IP扩展访问控制列表；（30分）评分标准：扩展访问列表命令正确10分，能够按题目要求配置正确20分5、将扩展IP访问列表应用到接口上；（10分）评分标准：在指定端口应用4分，判断方向2分配置正确得10分6、验证主机之间的互通性。

（10分）评分标准：测试成功得10分R1:Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#int fa0/0R1(config-if)#ip add 192.168.1.1 255.255.255.0 //配置端口IP地址R1(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR1(config-if)#exitR1(config)#int fa0/1R1(config-if)#ip add 192.168.2.1 255.255.255.0 //配置端口IP地址R1(config-if)#no shutR1(config-if)#%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to upR1(config-if)#exitR1(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2 //配置default routeR1(config)#endR2:Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#int fa0/0R2(config-if)#ip add 192.168.2.2 255.255.255.0 //配置端口IP地址R2(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config-if)#exitR2(config)#int s2/0R2(config-if)#ip add 192.168.3.1 255.255.255.0 //配置端口IP地址R2(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to downR2(config-if)#clock rate 64000 //配置时钟频率R2(config-if)#%LINK-5-CHANGED: Interface Serial2/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up R2(config-if)#exitR2(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 //配置目标网段1.0的静态路由R2(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.2 //配置目标网段4.0的静态路由R2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setS 192.168.1.0/24 [1/0] via 192.168.2.1C 192.168.2.0/24 is directly connected, FastEthernet0/0C 192.168.3.0/24 is directly connected, Serial2/0S 192.168.4.0/24 [1/0] via 192.168.3.2R2#R2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#acR2(config)#access-list ?<1-99> IP standard access list<100-199> IP extended access listR2(config)#access-list 100 ?deny Specify packets to rejectpermit Specify packets to forwardremark Access list entry commentR2(config)#access-list 100 perR2(config)#access-list 100 permit ?eigrp Cisco's EIGRP routing protocolgre Cisco's GRE tunnelingicmp Internet Control Message Protocolip Any Internet Protocolospf OSPF routing protocoltcp Transmission Control Protocoludp User Datagram ProtocolR2(config)#access-list 100 permit tcp ? //web服务使用的是tcp协议A.B.C.D Source addressany Any source hosthost A single source hostR2(config)#access-list 100 permit tcp host ?A.B.C.D Source addressR2(config)#access-list 100 permit tcp host 192.168.1.2 ? //源主机地址A.B.C.D Destination addressany Any destination hosteq Match only packets on a given port numbergt Match only packets with a greater port numberhost A single destination hostlt Match only packets with a lower port numberneq Match only packets not on a given port numberrange Match only packets in the range of port numbersR2(config)#access-list 100 permit tcp host 192.168.1.2 host ?A.B.C.D Destination addressR2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 ? //目标主机地址dscp Match packets with given dscp valueeq Match only packets on a given port numberestablished establishedgt Match only packets with a greater port numberlt Match only packets with a lower port numberneq Match only packets not on a given port numberprecedence Match packets with given precedence valuerange Match only packets in the range of port numbers<cr>R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq ?<0-65535> Port numberftp File Transfer Protocol (21)pop3 Post Office Protocol v3 (110)smtp Simple Mail Transport Protocol (25)telnet Telnet (23)www World Wide Web (HTTP, 80)R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq www ? //www服务dscp Match packets with given dscp valueestablished establishedprecedence Match packets with given precedence value<cr>R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq www R2(config)#R2(config)#access-list 100 deny ?eigrp Cisco's EIGRP routing protocolgre Cisco's GRE tunnelingicmp Internet Control Message Protocolip Any Internet Protocolospf OSPF routing protocoltcp Transmission Control Protocoludp User Datagram ProtocolR2(config)#access-list 100 deny icmp ? //禁止icmp协议，也就是ping使用的协议A.B.C.D Source addressany Any source hosthost A single source hostR2(config)#access-list 100 deny icmp host ?A.B.C.D Source addressR2(config)#access-list 100 deny icmp host 192.168.1.2 ?A.B.C.D Destination addressany Any destination hosthost A single destination hostR2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 ?<0-256> type-numecho echoecho-reply echo-replyhost-unreachable host-unreachablenet-unreachable net-unreachableport-unreachable port-unreachableprotocol-unreachable protocol-unreachablettl-exceeded ttl-exceededunreachable unreachable<cr>R2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 echo ?<cr>R2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 echoR2(config)#R2(config)#int s2/0R2(config-if)#ip access-group 100 outR3:。