大型(单核心)网络综合实验.doc

实验二 大型（单核心）网络综合实验【实验名称】 大型（单核心）网络综合实验【实验原型】 某大型企业全网建设（采用设备： RG-R3662路由器、RG-S6806E多业务万兆核心路由交换机、RG-S3550-12SFP/GT全千兆三层路由交换机、RG-S2126G/50G千兆安全智能堆叠交换机）【实验目的】 在实验室环境根据具体真实网络建设搭建模拟环境进行综合应用实验，指导学员如何规划实施大型企业、校园网络建设规划【预备知识】 交换路由基础，OSPF、802.1qvlan、NAT、SNMP、ACL访问控制、安全控制等【背景描述】 为了加快并某这里的句子不通集团的信息化建设此处为方案内容，我只负责试验的验证，对于内容未敢做任何修改-富有，新的集团企业网将建设一个以集团办公自动化、电子商务、业务综合管理、多媒体视频会议、远程通讯、信息发布及查询为核心，以现代网络技术为依托，技术先进、扩展性强，将集团的各种办公室、多媒体会议室、控制中心的PC机、工作站、终端设备、控制系统用高速计算机网络连接起来，实现内、外沟通的现代化计算机网络系统。该网络系统是日后支持办公自动化、供应链管理以及各应用系统运行的基础设施，为了确保这些关键应用系统的正常运行、安全和发展，系统必须具备如下的特性：1、采用先进的网络通信技术完成集团企业网的建设，实现各分公司的信息化；2、在整个企业集团内实现所有部门的办公自动化，提高工作效率和管理服务水平；3、在整个企业集团内实现资源共享、产品信息共享、实时新闻发布；4、在整个企业集团内实现财务电算化；5、在整个企业集团内实现集中式的供应链管理系统和客户服务关系管理系统建设后的网络拓朴如下：【实现功能】 实现内部网络VLAN划分，三层路由功能，并启用OSPF路由协议；出口实现NAT地址转换，全网采用starview进行网络管理。【实验拓扑】 【实验设备】 出口设备：R2624路由器 1台；核心设备：S68系列（或S65/S35系列设备）1台，配置千兆光纤接口 2块；汇聚设备：S3550-24 2台，每台配置1块千兆光纤接口 ；接入设备：S2126G二层交换机4台： 实验PC：8台；终端用户的默认网关指向各自对应的vlan接口的ip地址，设备管理地址为192.168.0.0/24网段，其中S68为192.168.0.254/24.【实验步骤】实验配置分为：（以下配置默认在全局配置模式下进行 ）。第一步：网络设备的基本配置；第二步：ospf配置及其测试；第三步：网络连通性测试；第四步：NAT功能测试四部分第一步 基本配置(1) S2126G-A1基本配置hostname S2126G-A1vlan 1exitvlan 10！划分vlan10exitvlan 20！划分vlan10exitvlan 30！划分vlan10exitenable secret level 1 0 star设置了远程登陆,在21交换机上要给VLAN1地址,然后要写上ip default-gateway 在相关位置我已加上了！设置telnet密码enable secret level 15 0 star!设置特权模式密码interface range fastEthernet 0/1-3 switchport access vlan 10 exit ！将f0/1，f0/2和f0/3划分到vlan10里interface range fastEthernet 0/4-6 switchport access vlan 20 exit ！将f0/4,f0/5和f0/6划分到vlan20里interface range fastEthernet 0/7-9 switchport access vlan 30 exit ！将f0/7,f0/8和f0/9划分到vlan30里interface fastEthernet 0/10 switchport mode trunk exit ！将f0/10设置为trunk模式interface vlan 1ip address 192.168.0.1 255.255.255.0no shutexit!设置管理ip地址ip default-gateway 192.168.0.254新加内容富友endS2126G-A1#(2) S2126G-A2基本配置hostname S2126G-A2vlan 1exitvlan 10exitvlan 20exitvlan 30exitenable secret level 1 0 starenable secret level 15 0 star!interface range fastEthernet 0/1-3 switchport access vlan 10 exitinterface range fastEthernet 0/4-6 switchport access vlan 20 exitinterface range fastEthernet 0/7-9 switchport access vlan 30 exitinterface fastEthernet 0/20 switchport mode trunk exit！interface vlan 1ip address 192.168.0.2 255.255.255.0no shutexit!设置管理ip地址ip default-gateway 192.168.0.254新加内容解决以上问题endS2126G-A2#(3) S2126G-B1基本配置问题同S2126G-A2hostname S2126G-B1vlan 1 exitvlan 50 exitvlan 60 exitvlan 70 exitenable secret level 1 0 starenable secret level 15 0 star!interface range fastEthernet 0/1-3 switchport access vlan 50 exitinterface range fastEthernet 0/4-6 switchport access vlan 60 exitinterface range fastEthernet 0/7-9 switchport access vlan 70 exitinterface fastEthernet 0/10 switchport mode trunk exit！interface vlan 1ip address 192.168.0.3 255.255.255.0no shutexit!设置管理ip地址ip default-gateway 192.168.0.254end新增内容(4) S2126G-B2基本配置hostname S2126G-B2vlan 1 exitvlan 50 exitvlan 60 exitvlan 70 exitenable secret level 1 0 starenable secret level 15 0 star!interface range fastEthernet 0/1-3 switchport access vlan 50 exitinterface range fastEthernet 0/4-6 switchport access vlan 60 exitinterface range fastEthernet 0/7-9 switchport access vlan 70 exitinterface fastEthernet 0/20 switchport mode trunk exitinterface vlan 1ip address 192.168.0.4 255.255.255.0no shutexit!设置管理ip地址ip default-gateway 192.168.0.254新增内容end(5) S3550-24-A基本配置hostname S3550-24-Avlan 1 exitvlan 10 exitvlan 20 exitvlan 30 exitvlan 100 exitinterface FastEthernet 0/1 switchport mode trunkexit!interface FastEthernet 0/10 switchport mode trunkexit!interface FastEthernet 0/20 switchport mode trunkexit!interface Vlan 1 ip address 192.168.0.5 255.255.255.0 no shutexit!为交换机分配管理ip地址interface Vlan 10 ip address 172.16.10.1 255.255.255.0 no shutexit!为vlan10分配ip地址interface Vlan 20 ip address 172.16.20.1 255.255.255.0 no shutexit! 为vlan20分配ip地址interface Vlan 30 ip address 172.16.30.1 255.255.255.0 no shutexit! 为vlan30分配ip地址interface Vlan 100 ip address 192.168.128.44 255.255.255.248 no shutexit!ip default-gateway 192.168.0.254新增内容end! 为vlan30分配ip地址(6) S3550-24-B基本配置hostname S3550-24-Bvlan 1 exitvlan 50 exitvlan 60 exitvlan 70 exitvlan 200 exitenable secret level 1 0 starenable secret level 15 0 star!interface FastEthernet 0/1 switchport mode trunkexit!interface FastEthernet 0/10 switchport mode trunkexit!interface FastEthernet 0/20 switchport mode trunkexit!interface Vlan 1 ip address 192.168.0.6 255.255.255.0 no shutexit!interface Vlan 50 ip address 172.18.50.1 255.255.255.0 no shutexit!interface Vlan 60 ip address 172.18.60.1 255.255.255.0 no shutexit!interface Vlan 70 ip address 172.18.70.1 255.255.255.0 no shutexit!interface Vlan 200 ip address 192.168.129.44 255.255.255.248 no shutexit!ip default-gateway 192.168.0.254End(7) S6806E-A基本配置hostname S6806E-Aenable secret level 1 0 starenable secret level 15 0 star!interface GigabitEthernet 4/1switchport mode trunkexit!interface GigabitEthernet 4/2switchport mode trunkexit!interface GigabitEthernet 4/10 switchport access vlan 300exit!interface Vlan 1 ip address 192.168.0.254 255.255.255.0 no shutexit! interface Vlan 100 ip address 192.168.128.45 255.255.255.248 no shutexit!interface Vlan 200 ip address 192.168.129.45 255.255.255.248 no shutexit!interface Vlan 300 ip address 192.168.86.17 255.255.255.240 no shutexit!End(8) R2624-A基本配置hostname R2624-A!enable password star!interface FastEthernet0 ip address 192.168.86.30 255.255.255.240 no shut ip nat inside exit!interface FastEthernet1 ip address 210.96.100.85 255.255.255.252 no shut ip nat outside exit!line con 0line aux 0line vty 0 4 password star loginend第二步 ospf路由选择协议配置及测试（1）S3550-24-A ospf路由协议配置router ospf !在路由器上启动ospf进程area 0.0.0.0network 172.16.10.0 255.255.255.0 area 0此处没有问题，在路由器上配置ospf使用network时反掩码;在交换机上使用子网掩码.0.0.0这里的显示是show run里面的内容吧，OSPF配置的时候要用反掩码，虽然我们交换机上显示的是掩码，但反掩码配置时1表示忽略，0表示匹配，此后的68上的配置也是一样道理！指定参与交换ospf更新的网络以及这些网络所属的区域network 172.16.20.0 255.255.255.0 area 0.0.0.0！指定参与交换ospf更新的网络以及这些网络所属的区域network 172.16.30.0 255.255.255.0 area 0.0.0.0！指定参与交换ospf更新的网络以及这些网络所属的区域network 192.168.128.40 255.255.255.248 area 0.0.0.0！指定参与交换ospf更新的网络以及这些网络所属的区域end（2）S3550-24-B ospf路由协议配置router ospfarea 0.0.0.0network 172.18.50.0 255.255.255.0 area 0.0.0.0network 172.18.60.0 255.255.255.0 area 0.0.0.0network 172.18.70.0 255.255.255.0 area 0.0.0.0network 192.168.129.40 255.255.255.248 area 0.0.0.0end（3）S6806E ospf路由协议配置router ospfarea 0.0.0.0network 192.168.86.16 255.255.255.240 area 0.0.0.0network 192.168.128.40 255.255.255.248 area 0.0.0.0network 192.168.129.40 255.255.255.248 area 0.0.0.0end（4）R2624-A ospf路由协议配置router ospf 1 ！启动ospf进程并指定本地进程号 network 210.96.100.84 0.0.0.3 area 0.0.0.0 network 192.168.86.16 0.0.0.15 area 0.0.0.0 default-information originate always ！不管路由器是否存在缺省路由，总是向其它路由器公告缺省路由end（5）ospf验证A) S3550-24-A# show ip route ！查看S3550-24-A路由表，以下路由信息除了直连路由外，都是通过ospf学习来的 Type: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2Type Destination IP Next hop Interface Distance Metric Status- - - - - - -O E2 0.0.0.0/0 192.168.128.45 VL100 110 1 ActiveC 172.16.10.0/24 0.0.0.0 VL10 0 0 ActiveC 172.16.20.0/24 0.0.0.0 VL20 0 0 ActiveC 172.16.30.0/24 0.0.0.0 VL30 0 0 ActiveO 172.18.50.0/24 192.168.128.45 VL100 110 3 ActiveO 172.18.60.0/24 192.168.128.45 VL100 110 3 ActiveO 172.18.70.0/24 192.168.128.45 VL100 110 3 ActiveC 192.168.0.0/24 0.0.0.0 VL1 0 0 ActiveO 192.168.86.16/28 192.168.128.45 VL100 110 2 ActiveC 192.168.128.40/29 0.0.0.0 VL100 0 0 ActiveO 192.168.129.40/29 192.168.128.45 VL100 110 2 ActiveO 210.96.100.84/30 192.168.128.45 VL100 110 3 ActiveS3550-24-A# show ip ospf neighbor ！查看S3550-24-A的邻居路由器。 Neighbor ID Pri State DeadTime Address Interface- - - - - -192.168.129.45 1 full/DR 00:00:32 192.168.128.45 VL100 S3550-24-A#B) S3550-24-B# show ip route ！查看S3550-24-B路由表，以下路由信息除了直连路由外，都是通过ospf学习来的 Type: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2Type Destination IP Next hop Interface Distance Metric Status- - - - - - -O E2 0.0.0.0/0 192.168.129.45 VL200 110 1 ActiveO 172.16.10.0/24 192.168.129.45 VL200 110 3 ActiveO 172.16.20.0/24 192.168.129.45 VL200 110 3 ActiveO 172.16.30.0/24 192.168.129.45 VL200 110 3 ActiveC 172.18.50.0/24 0.0.0.0 VL50 0 0 ActiveC 172.18.60.0/24 0.0.0.0 VL60 0 0 ActiveC 172.18.70.0/24 0.0.0.0 VL70 0 0 ActiveC 192.168.0.0/24 0.0.0.0 VL1 0 0 ActiveO 192.168.86.16/28 192.168.129.45 VL200 110 2 ActiveO 192.168.128.40/29 192.168.129.45 VL200 110 2 ActiveC 192.168.129.40/29 0.0.0.0 VL200 0 0 ActiveO 210.96.100.84/30 192.168.129.45 VL200 110 3 ActiveS3550-24-B#show ip ospf neighbor ！查看S3550-24-B的邻居路由器。 Neighbor ID Pri State DeadTime Address Interface- - - - - -192.168.129.45 1 full/DR 00:00:35 192.168.129.45 VL200C) S6806E-A# show ip route ！查看S6806E-A路由表，以下路由信息除了直连路由外，都是通过ospf学习来的。 Type: C - connected, S - static, R - RIP, B - BGP, P - policy O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2Type Destination IP Next hop Interface Distance Metric Status- - - - - - -O E2 0.0.0.0/0 192.168.86.30 VL300 110 1 ActiveO 172.16.10.0/24 192.168.128.44 VL100 110 2 ActiveO 172.16.20.0/24 192.168.128.44 VL100 110 2 ActiveO 172.16.30.0/24 192.168.128.44 VL100 110 2 ActiveO 172.18.50.0/24 192.168.129.44 VL200 110 2 ActiveO 172.18.60.0/24 192.168.129.44 VL200 110 2 ActiveO 172.18.70.0/24 192.168.129.44 VL200 110 2 ActiveC 192.168.0.0/24 0.0.0.0 VL1 0 0 ActiveC 192.168.86.16/28 0.0.0.0 VL300 0 0 ActiveC 192.168.128.40/29 0.0.0.0 VL100 0 0 ActiveC 192.168.129.40/29 0.0.0.0 VL200 0 0 ActiveO 210.96.100.84/30 192.168.86.30 VL300 110 2 ActiveS6806E-A#show ip ospf neighbor ！查看S6806E-A的ospf邻居 Neighbor ID Pri State DeadTime Address Interface- - - - - -210.96.100.85 1 full/BDR 00:00:31 192.168.86.30 VL300 192.168.128.44 1 full/BDR 00:00:30 192.168.128.44 VL100 192.168.129.44 1 full/BDR 00:00:37 192.168.129.44 VL200 S6806E-A# D) R2624-A#show ip route ！查看R2624-A路由表Codes: C - connected, S - static, R - RIP O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2Gateway of last resort is 210.96.100.86 to network 0.0.0.0 192.168.86.0/28 is subnetted, 1 subnetsC 192.168.86.16 is directly connected, FastEthernet0 172.16.0.0/24 is subnetted, 3 subnetsO 172.16.30.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0O 172.16.20.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0O 172.16.10.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0 172.18.0.0/24 is subnetted, 3 subnetsO 172.18.60.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0O 172.18.50.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0O 172.18.70.0 110/3 via 192.168.86.17, 00:43:05, FastEthernet0 210.96.100.0/30 is subnetted, 1 subnetsC 210.96.100.84 is directly connected, FastEthernet1 192.168.128.0/29 is subnetted, 1 subnetsO 192.168.128.40 110/2 via 192.168.86.17, 00:43:05, FastEthernet0 192.168.129.0/29 is subnetted, 1 subnetsO 192.168.129.40 110/2 via 192.168.86.17, 00:43:05, FastEthernet0S* 0.0.0.0/0 1/0 via 210.96.100.86R2624-A#show ip ospf neighbor ！查看R2624-A的ospf邻居Neighbor ID Pri State Dead Time Address Interface192.168.129.45 1 FULL/DR 00:00:36 192.168.86.17 FastEthernet0R2624-A# 第三步 基本连通性测试。包括网络连通性测试和不同vlan间用户通信连通性测试（1）网络连通性测试在S2126G-A1的vlan10内的用户，用户主机ip地址为172.16.10.195/24，网关为172.16.10.1。D:ipconfigWindows 2000 IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 172.16.10.195 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.16.10.1！在vlan10 里，ip地址为172.16.10.195主机为测试主机D:ping 172.16.10.1Pinging 172.16.10.1 with 32 bytes of data:Reply from 172.16.10.1: bytes=32 time10ms TTL=64Reply from 172.16.10.1: bytes=32 timeping 172.16.20.1Pinging 172.16.20.1 with 32 bytes of data:Reply from 172.16.20.1: bytes=32 timeping 172.16.30.1Pinging 172.16.30.1 with 32 bytes of data:Reply from 172.16.30.1: bytes=32 timeping 192.168.128.44Pinging 192.168.128.44 with 32 bytes of data:Reply from 192.168.128.44: bytes=32 timeping 192.168.128.45Pinging 192.168.128.45 with 32 bytes of data:Reply from 192.168.128.45: bytes=32 time=2ms TTL=62！测试到S6806E-A vlan100的svi口的连通性D:ping 192.168.129.45Pinging 192.168.129.45 with 32 bytes of data:Reply from 192.168.129.45: bytes=32 time=1ms TTL=63！测试到S6806E-A vlan200的svi口的连通性D:ping 192.168.86.17Pinging 192.168.86.17 with 32 bytes of data:Reply from 192.168.86.17: bytes=32 time=1ms TTL=63！测试到S6806E-A vlan300的svi口的连通性D:ping 192.168.86.30Pinging 192.168.86.30 with 32 bytes of data:Reply from 192.168.86.30: bytes=32 timeping 172.18.50.1Pinging 172.18.50.1 with 32 bytes of data:Reply from 172.18.50.1: bytes=32 time=1ms TTL=62Reply from 172.18.50.1: bytes=32 time=2ms TTL=62！测试到S3550-24-Bvlan50的svi口的连通性D:ping 172.18.60.1Pinging 172.18.60.1 with 32 bytes of data:Reply from 172.18.60.1: bytes=32 time=1ms TTL=62！测试到S3550-24-Bvlan60的svi口的连通性D:ping 172.18.70.1Pinging 172.18.70.1 with 32 bytes of data:Reply from 172.18.70.1: bytes=32 time=1ms TTL=62！测试到S3550-24-Bvlan 70的svi口的连通性D:ping 192.168.129.44Pinging 192.168.129.44 with 32 bytes of data:Reply from 192.168.129.44: bytes=32 timeping 210.96.100.85Pinging 210.96.100.85 with 32 bytes of data:Reply from 210.96.100.85: bytes=32 time=1ms TTL=253！测试到R2624-A路由器F1口的连通性（2）vlan间通信测试。在这里我们只举例测试vlan50里用户172.18.50.195与vlan10里用户172.16.10.179通行的连通性，其中主机指向各自的网关。由于不同vlan间用户通信测试方法相同，这里我们就举例说明。D:ipconfigWindows 2000 IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 172.18.50.195 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.18.50.1