实验报告【实验网络拓扑结构】【实验目的】1.实现校园网网络连通1)利用静态路由实现汇聚交换机和路由器与核心路由器间连通2)利用rip实现内部汇聚交换机与核心路由器间连通3)利用ospf实现汇聚路由器与核心路由器连通4)通过设置单臂路由使教学楼1和教学楼2能互相连通5)对学生宿舍楼和教学楼分别划分vlan2.在核心路由器上实现nat转换，使内部网络能访问internet3.设置标准acl规则：禁止外部用户访问内部网络4.设置扩展acl规则：仅允许内部用户访问数据中心的80,21端口6.在核心路由与出口路由间运用ppp协议配置最后要求将检测结果放入一个WORD文档中，文件名为：学号-大作业.DOC中给出网络互通的效果，将PING截图在各网络设备上，用SHOW RUN命令对交换机，还要求SHOW VLAN， show int ip switchport对路由器，还要求SHOW IP ROUTE对NAT ，要求用PING –T ，及DEBUG IP NAT对ACL，要求检测相关口或VLAN的ACL表，SHOW IP INT 端口号【实验中运用的知识点】1）静态路由2）Rip3）Ospf4）nat转换5）标准访问控制列表规则6）扩展访问控制列表规则7）划分vlan8）单臂路由9）广域网协议ppp【实验配置步骤】第一部分配置内部网络连通注意：配置中省略了各端口的ip配置，相信端口ip可以从拓扑图中反应1）接入交换机1配置划分vlanSwitch(config)#int fa0/2Switch(config-if)#switchport access vlanSwitch(config-if)#switchport access vlan 2Switch(config)#int fa0/3Switch(config-if)#switchport access vlan 3Switch(config)#int fa0/1Switch(config-if)#switchport trunk encapsulation dot1q （2960等交换机只支持协议，这里忽略）Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk allowed vlan allSwitch(config-if)#exit2）汇聚路由器配置设置单臂路由Router(config)#interface fa0/配置子接口这是配置单臂路由的关键，这个接口是个逻辑接口，并不是实际存在的物理接口，但是功能却和物理接口是一样的。

Router(config-subif)#encapsulation dot1q 2 为这个接口配置协议，最后面的 2 是vlan 号，这也是关键部分Router(config-subif)#ip address 为该接口划分ip地址。

Router(config-subif)#exitRouter(config)#interface fa0/Router(config-subif)#encapsulation dot1q 3 .Router(config-subif)#ip addressRouter(config-subif)#end设置ospfRouter(config)#router ospf 100Router(config-router)#network 0.0.0.255 area 0Router(config-router)#network 0.0.0.255 area 0设置静态路由Router(config)#ip route 0.0.0.03）接入交换机2配置创建vlan4 vlan5Switch(config)#int vlan4Switch(config)#int vlan5Switch(config)#int fa0/2Switch(config-if)#switchport access vlan 4Switch(config)#int fa0/3Switch(config-if)#switchport access vlan 54）汇聚交换机配置为vlan4和vlan5设置sviSwitch(config)#int vlan 4Switch(config-if)#ip addressSwitch(config)#int vlan 5Switch(config-if)#ip address设置trunkSwitch(config)#int fa0/1Switch(config-if)#switchport mode trunk设置ripSwitch(config)#router ripSwitch(config-router)#network设置静态路由Router(config)#ip route 0.0.0.05）核心路由器配置设置静态路由Router(config)#ip route 0.0.0.0Router(config)#ip route 0.0.0.0设置ripRouter(config)#router ripRouter(config-router)#networkRouter(config-router)#network设置ospfRouter(config)#router ospf 100Router(config-router)#network 0.0.0.255 area 06）汇聚交换机2配置设置静态路由Switch(config)#ip route 0.0.0.0至此，内部网络均能互相连通，接下来我们先配置nat使内网可以连通外网第二部分设置nat转换，使内部用户能访问外部网络核心路由器（nat）配置Router(config)#int fa0/0Router(config-if)#ip nat inside 0.0.055Router(config)#access-list 10 permit 0.0.0.255Router(config)#access-list 10 permit 0.0.0.255Router(config)#access-list 10 permitRouter(config)#access-list 10 permitRouter(config)#access-list 10 permit 10.1.2.0 Router(config)#access-list 10 permit 10.1.1.0 0.0.0核心路由器配置设置静态路由Router(config)#ip route 0.0.0.0在出口路由器上做如下配置设置标准访问控制列表规则如下：1)禁止外部用户访问内部网络Router(config)#access-list 11 deny anyRouter(config)#int fa0/0Router(config-if)#ip access-group 11 in在核心路由器上做如下配置设置扩展访问控制列表规则如下2) 仅允许内部用户访问数据中心的80,21端口Router(config)#ip access-list extended test Router(config-ext-nacl)#permit tcp any any eq 80 Router(config-ext-nacl)#permit tcp any any eq 21 Router(config-ext-nacl)#deny ip any anyRouter(config)#int fa7/0Router(config-if)#ip access-group test out第四部分广域网协议ppp设置出口路由器配置Router(config)#hostname R1R1(config)#username R2 password zglR1(config)#int se2/0R1(config-if)#en pppR1(config-if)#ppp authentication chap核心路由器配置Router(config)#hostname R2R2(config)#username R1 password zglR2(config)#interface se2/0R2(config-if)#en ppp【实验检测】网络互通测试截图如下：教学楼到汇聚路由器教学楼到核心路由器教学楼到宿舍楼教学楼到数据中心教学楼到外部网络宿舍楼到教学楼宿舍楼到数据中心宿舍楼到外部网络外部网络到教学楼外部网络到宿舍楼外部网络到数据中心Nat转换测试：在核心路由器上debug ip nat截图如下：Acl规则测试在核心路由器Show ip 端口、Router#show ip interface fa7/0FastEthernet7/0 is up, line protocol is up (connected)Internet address is 10.1.2.101/8Broadcast address isAddress determined by setup commandMTU is 1500Helper address is not setDirected broadcast forwarding is disabledOutgoing access list is testInbound access list is not setProxy ARP is enabledSecurity level is defaultSplit horizon is enabledICMP redirects are always sentICMP unreachables are always sentICMP mask replies are never sentIP fast switching is disabledIP fast switching on the same interface is disabledIP Flow switching is disabledIP Fast switching turbo vectorIP multicast fast switching is disabledIP multicast distributed fast switching is disabledRouter Discovery is disabledIP output packet accounting is disabledIP access violation accounting is disabledTCP/IP header compression is disabledRTP/IP header compression is disabledProbe proxy name replies are disabledPolicy routing is disabledNetwork address translation is disabledWCCP Redirect outbound is disabledWCCP Redirect exclude is disabledBGP Policy Mapping is disabled在出口路由器Show ip 端口Router#show ip interface fa0/0FastEthernet0/0 is up, line protocol is up (connected) Internet address is /24Broadcast address isAddress determined by setup commandMTU is 1500Helper address is not setDirected broadcast forwarding is disabledOutgoing access list is not setInbound access list is 11Proxy ARP is enabledSecurity level is defaultSplit horizon is enabledICMP redirects are always sentICMP unreachables are always sentICMP mask replies are never sentIP fast switching is disabledIP fast switching on the same interface is disabled IP Flow switching is disabledIP Fast switching turbo vectorIP multicast fast switching is disabledIP multicast distributed fast switching is disabled Router Discovery is disabledIP output packet accounting is disabledIP access violation accounting is disabled TCP/IP header compression is disabledRTP/IP header compression is disabledProbe proxy name replies are disabledPolicy routing is disabledNetwork address translation is disabledWCCP Redirect outbound is disabledWCCP Redirect exclude is disabledBGP Policy Mapping is disabled在汇聚路由及核心路由上show ospf neighbor核心路由器上show run,show ip routerR2#show runBuilding configuration...Current configuration : 1724 bytes!versionno service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R2!username R1 password 0 zgl!interface FastEthernet0/0ip addressip nat insideduplex autospeed auto!interface FastEthernet1/0ip addressip nat insideduplex autospeed auto!interface Serial2/0ip addressencapsulation pppppp authentication chapip nat outsideclock rate 64000!interface Serial3/0no ip addressshutdown!interface FastEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!interface GigabitEthernet6/0 no ip addressduplex autospeed autoshutdown!interface FastEthernet7/0ip address 10.1.2.101ip access-group test outip nat insideduplex autospeed auto!router ospf 100log-adjacency-changesnetwork 0.0.0.255 area 0 !router ripnetworknetwork!ip nat pool out netmaskip nat inside source list 10 pool outip classlessip route 0.0.0.0ip route 0.0.0.0ip route 0.0.0.0!!access-list 10 permit 0.0.0.255access-list 10 permit 0.0.0.255access-list 10 permit 0.0.0.255access-list 10 permitaccess-list 10 permit 10.1.2.0access-list 10 permit 10.1.1.0ip access-list extended testpermit tcp any any eq wwwpermit tcp any any eq ftpdeny ip any any!no cdp run!!line con 0line vty 0 4loginEndR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is to network 0.0.0.0C 10.0.0.0/8 is directly connected, FastEthernet7/0/24 is subnetted, 3 subnetsR [120/1] via , 00:00:21, FastEthernet1/0R [120/1] via , 00:00:21, FastEthernet1/0C is directly connected, FastEthernet1/0O /24 [110/2] via , 00:40:37, FastEthernet0/0C /24 is directly connected, FastEthernet0/0C /24 is directly connected, Serial2/0S* 0.0.0.0/0 [1/0] via[1/0] via[1/0] via在汇聚交换机1上show vlanSwitch#show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/3, Fa0/5, Fa0/6, Fa0/7Fa0/8, Fa0/9, Fa0/10, Fa0/11Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gig0/1, Gig0/24 VLAN0004 active Fa0/45 5 active6 VLAN0006 active Fa0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsupVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 04 enet 100004 1500 - - - - - 0 05 enet 100005 1500 - - - - - 0 06 enet 100006 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------在汇聚路由器上show ip routerRouter#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is to network 0.0.0.0C /24 is directly connected, FastEthernet0/C /24 is directly connected, FastEthernet0/C /24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via汇聚交换机2上show vlanSwitch#show vlanVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6Fa0/7, Fa0/8, Fa0/9, Fa0/10Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig0/1, Gig0/22 VLAN0002 active Fa0/23 VLAN0003 active Fa0/11002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsupVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 02 enet 100002 1500 - - - - - 0 03 enet 100003 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0Remote SPAN VLANs------------------------------------------------------------------------------Primary Secondary Type Ports------- --------- ----------------- ----------------------出口路由器上show run及show ip routerR1#show runBuilding configuration...Current configuration : 840 bytes!versionno service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R1!username R2 password 0 zgl!!interface FastEthernet0/0ip addressip access-group 11 induplex autospeed auto!interface FastEthernet1/0ip addressduplex autospeed auto!interface Serial2/0ip addressencapsulation pppppp authentication chap!interface Serial3/0no ip addressshutdown!interface FastEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!router rip!ip classlessip route 0.0.0.0!!access-list 11 deny any!no cdp run!line con 0line vty 0 4login!EndR1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is to network 0.0.0.0C /24 is directly connected, Serial2/0C /24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via。