企业网技能大赛计算机技能比赛试卷.doc

2009江苏省职业学校计算机技能大赛三层交换机及路由器配置1. 配置设备三层交换机名字分别为是SA,SB, 设置telnet登录，登录用户名为yq，密码为js，密码以明文方式存储,为特权用户增加密码：js，密码以加密方式存储。2配置设备路由器名字分别为RA，RB。在路由器上名设置telnet登录，登录用户名为admin，密码为js，密码以明文方式存储,为特权用户增加密码：js，密码以加密方式存储3在三层交换机SA上划分各VLAN，并加入相应的端口。交换机端口4-10以属于VLAN10。交换机端口11-16属于VLAN20,其他的端口，放在VLAN1中。4在三层交换机SB上划分各VLAN，并加入相应的端口交换机端口4-10以属于VLAN30。交换机端口11-16属于VLAN40,其他的端口，放在VLAN1中。5在三层交换机SA上创建各VLAN三层接口并配置IP地址。Vlan-interfaceIP地址vlan-interface 1192.168.1.2/30vlan-interface 1010.1.1.254/24vlan-interface 2010.1.2.254/24Loopback101.1.1.3/326在三层交换机SB上创建各VLAN三层接口并配置IP地址。Vlan-interfaceIP地址vlan-interface 1192.168.1.6/30vlan-interface 30172.16.1.254/24vlan-interface 40172.16.2.254/24Loopback201.1.1.4/327将三层交换机SB的端口Fa0/0/1与路由器RB的Fa0/1口相连，并在路由器DCR-2626-B上配置各路由接口IP地址。接口IP地址FastEthernet0/1192.168.1.5/30Serial 0/1119.1.1.2/30Loopback201.1.1.1/32Loopback01.1.1.253/328.将三层交换机SA的端口F0/1与路由器RA的F0/1口相连，并在路由器RA上配置各路由接口IP地址。接口IP地址FastEthernet0/1192.168.1.1/30Serial 0/1119.1.1.1/30Loopback101.1.1.2/32Loopback01.1.1.254/329.将两台路由器的串口s0/1用背对背线缆连接，采用PPP封装协议，设备之间互通路SA和RA采用静态路由配置，RA和RB使用OSPF动态路由、RB和SB使用动态RIPV2路由，实现所有网段全部连通。(不允许用缺省路由)三、安全配置1. 禁止VLAN 40 PC ping 服务。2. 在RB有一个f0/3为INTERNET出口，允许VLAN30 PC 17:00-23:00 访问INTERNET.3. 在三层交换机SA端口f0/21上实施静态MAC地址与端口的绑定，MAC地址为00-08-0d-be-d8-d8；将PCA机的IP、MAC和相连端口进行绑定。4. 在交换机SB上使用pim-dm方式开启组播，让VLAN30和VLAN40之间，可以传送组播包，在三层交换机SB端口F0/21口上配置广播风暴抑制，端口允许通过广播包数3000/秒。5. 在路由器RB上配置地址转换，使得VLAN40中的主机可以通过地址转换访问Internet，内部全局地址为 58.194.23.252/24，地址池名称为yqw,允许地址复用。6. 在三层交换机SB上端口 2 启用dot1x认证，认证服务器IP 211.65.64.43密匙yuanqu基于端口认证。7. 在三层交换机SB建立DHCP Server 实现VLAN40 接入端口PC自动获得IP；172.16.2.2作为预留地址；DNS 211.65.64.65 地址租约时间：7天8. 将二台三层设备进行链路聚合，F0/24-F0/24进行TRUNK。9. 在接入设备上deny常见病毒传播和攻击使用的端口。TCP和UTP端口号为135、136、137、138、139、445、4444、593、1081、256、768等。在交换设备上连路由器接口应用。四、PC及服务器配置1.四台PC机相互之间能PING 通，网站发布服务器为D机，各PC机配置如下 PC机IP地址子网掩码网关A机172.16.2.2255.255.255.0172.16.2.254B机172.16.1.2255.255.255.0172.16.1.254C机10.1.2.2255.255.255.010.1.2.254D机10.1.1.2255.255.255.010.1.1.2542.在服务器D上安装使用虚拟机，采用桥接方式（use bridged networking），IP 为10.1.1.3，子网掩码255.255.255.0，网关为10.1.1.254。Router_config#hostname DCR-2626-ADCR-2626-A_config#interface f0/0DCR-2626-A_config_f0/0#ip address 192.168.1.1 255.255.255.252DCR-2626-A_config_f0/0#no shutdown DCR-2626-A_config_f0/0#exitDCR-2626-A_config#interface s0/1DCR-2626-A_config_s0/1#ip address 119.1.1.1 255.255.255.252DCR-2626-A_config_s0/1#physical-layer speed 64000DCR-2626-A_config_s0/1#no shutdown DCR-2626-A_config_s0/1#exitDCR-2626-A_config#router ospf 1DCR-2626-A_config_ospf_1#network 119.1.1.0 255.255.255.252 area 0DCR-2626-A_config_ospf_1#redistribute static DCR-2626-A_config_ospf_1#redistribute connect DCR-2626-A_config_ospf_1#exitDCR-2626-A_config#ip route 10.1.1.0 255.255.255.0 192.168.1.2 DCR-2626-A_config#ip route 10.1.2.0 255.255.255.0 192.168.1.2 DCR-2626-A_config#aaa authentication enable default enable DCR-2626-A_config#aaa authentication login telnet localDCR-2626-A_config#username admin password 0 jiangsuDCR-2626-A_config#aaa authentication enable default enable DCR-2626-A_config#aaa authentication login telnet localDCR-2626-A_config#enable password 0 jiangsuRouter_config#hostname DCR-2626-BDCR-2626-B_config#interface f0/0DCR-2626-B_config_f0/0#ip address 192.168.1.5 255.255.255.252DCR-2626-B_config_f0/0#no shutdown DCR-2626-B_config_f0/0#exitDCR-2626-B_config#interface s0/1DCR-2626-B_config_s0/1#ip address 119.1.1.2 255.255.255.252DCR-2626-B_config_s0/1#no shutdown DCR-2626-B_config_s0/1#exitDCR-2626-B_config#router ospf 1DCR-2626-B_config_ospf_1#network 119.1.1.0 255.255.255.252 area 0DCR-2626-B_config_ospf_1#redistribute rip DCR-2626-B_config_ospf_1#redistribute connect DCR-2626-B_config_ospf_1#exit DCR-2626-B_config#router rip DCR-2626-B_config_rip#network 192.168.1.0DCR-2626-B_config_rip#redistribute ospf 1DCR-2626-B_config_rip#redistribute connect DCR-2626-B_config_rip#exitDCR-2626-B_config#aaa authentication enable default enable DCR-2626-B_config#aaa authentication login telnet localDCR-2626-B_config#username admin password 0 jiangsuDCR-2626-B_config#aaa authentication enable default enable DCR-2626-B_config#aaa authentication login telnet localDCR-2626-B_config#enable password 0 jiangsuDCR-2626-B_config#time-range okDCR-2626-B_config_time_range#periodic daily 17:00 to 23:00DCR-2626-B_config#ip access-list extended vlan30DCR-2626-B_config_ext_nacl#permit ip 172.16.1.0 255.255.255.0 any time-range okDCR-2626-B_config_ext_nacl#deny ip 172.16.1.0 255.255.255.0 anyDCR-2626-B_config_ext_nacl#permit ip any any DCR-2626-B_config_ext_nacl#exitDCR-2626-B_config#ip nat pool yqw 58.194.23.252 58.194.23.252 255.255.255.0 rotary DCR-2626-B_config#ip nat inside source list 1 pool yqw overloadDCRS-5650-28(Config)#hostname DCRS-5650-ADCRS-5650-A(Config)#vlan 10DCRS-5650-A(Config-Vlan10)#switchport interface ethernet 0/0/4-10DCRS-5650-A(Config-Vlan10)#exitDCRS-5650-A(Config)#vlan 20DCRS-5650-A(Config-Vlan20)#switchport interface ethernet 0/0/11-16DCRS-5650-A(Config-Vlan20)#exitDCRS-5650-A(Config)#interface vlan 1DCRS-5650-A(Config-If-Vlan1)#ip address 192.168.1.2 255.255.255.252DCRS-5650-A(Config-If-Vlan1)#no shutdown DCRS-5650-A(Config-If-Vlan1)#exitDCRS-5650-A(Config)#interface vlan 10DCRS-5650-A(Config-If-Vlan10)#ip address 10.1.1.254 255.255.255.0DCRS-5650-A(Config-If-Vlan10)#no shutdown DCRS-5650-A(Config-If-Vlan10)#exit DCRS-5650-A(Config)#interface vlan 20DCRS-5650-A(Config-If-Vlan20)#ip address 10.1.2.254 255.255.255.0DCRS-5650-A(Config-If-Vlan20)#no shutdown DCRS-5650-A(Config-If-Vlan20)#exitDCRS-5650-A(Config)#ip route 172.16.1.0 255.255.255.0 192.168.1.1DCRS-5650-A(Config)#ip route 172.16.12.0 255.255.255.0 192.168.1.1DCRS-5650-A(Config)#ip route 192.168.1.4 255.255.255.252 192.168.1.1DCRS-5650-A(Config)#ip route 119.1.1.0 255.255.255.252 192.168.1.1DCRS-5650-A(Config)#telnet-user yuanqu password 0 jiangsuDCRS-5650-A(Config)#interface ethernet 0/0/21DCRS-5650-A(Config-Ethernet0/0/21)#switchport port-security DCRS-5650-A(Config-Ethernet0/0/21)#switchport port-security mac-address 00-08-0d-be-d8-d8DCRS-5650-A(Config)#interface ethernet 0/0/22-24DCRS-5650-A(Config-Port-Range)#switchport mode trunk DCRS-5650-A(Config-Port-Range)#exitDCRS-5650-A(Config)#port-group 1DCRS-5650-A(Config)#firewall enable DCRS-5650-A(Config)#ip access-list extended safeDCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 135DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 136DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 137DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 138DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 139DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 445DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 4444DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 593DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 1081DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 256DCRS-5650-A(Config-Ext-Nacl-safe)#deny tcp any-source any-destination d-port 768DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 135DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 136DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 137DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 138DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 139DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 445DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 4444DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 593DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 1081DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 256DCRS-5650-A(Config-Ext-Nacl-safe)#deny udp any-source any-destination d-port 768DCRS-5650-A(Config)#interface ethernet 0/0/1DCRS-5650-A(Config-Ethernet0/0/1)#ip access-group safe inDCRS-5650-A(Config)#exitDCRS-5650-28(Config)#hostname DCRS-5650-BDCRS-5650-B(Config)#vlan 30DCRS-5650-B(Config-Vlan30)#switchport interface ethernet 0/0/4-10DCRS-5650-B(Config-Vlan30)#exitDCRS-5650-B(Config)#vlan 40DCRS-5650-B(Config-Vlan40)#switchport interface ethernet 0/0/11-16DCRS-5650-B(Config-Vlan40)#exitDCRS-5650-B(Config)#interface vlan 1DCRS-5650-B(Config-If-Vlan1)#ip address 192.168.1.6 255.255.255.252DCRS-5650-B(Config-If-Vlan1)#no shutdown DCRS-5650-B(Config-If-Vlan1)#exitDCRS-5650-B(Config)#interface vlan 30DCRS-5650-B(Config-If-Vlan30)#ip address 172.16.1.254 255.255.255.0DCRS-5650-B(Config-If-Vlan30)#no shutdown DCRS-5650-B(Config-If-Vlan30)#exitDCRS-5650-B(Config)#interface vlan 40DCRS-5650-B(Config-If-Vlan40)#ip address 172.16.2.254 255.255.255.0DCRS-5650-B(Config-If-Vlan40)#no shutdown DCRS-5650-B(Config-If-Vlan40)#exitDCRS-5650-B(Config)#router rip DCRS-5650-B(Config-Router-Rip)#version 2DCRS-5650-B(Config-Router-Rip)#exitDCRS-5650-B(Config)#interface vlan 1DCRS-5650-B(Config-If-Vlan1)#ip rip work DCRS-5650-B(Config-If-Vlan1)#exitDCRS-5650-B(Config)#interface vlan 30DCRS-5650-B(Config-If-Vlan30)#ip rip work DCRS-5650-B(Config-If-Vlan30)#exitDCRS-5650-B(Config)#interface vlan 40DCRS-5650-B(Config-If-Vlan40)#ip rip work DCRS-5650-B(Config-If-Vlan40)#exitDCRS-5650-B(Config)#ip route 0.0.0.0 0.0.0.0 192.168.1.5DCRS-5650-B(Config)#exitDCRS-5650-B(Config)#firewall enable DCRS-5650-B(Config)#ip access-list extended vlan40DCRS-5650-B(Config-Ext-Nacl-vlan40)#deny icmp 172.16.2.0 255.255.255.0 any DCRS-5650-B(Config-Ext-Nacl-vlan40)#permit ip any anyDCRS-5650-B(Config-Ext-Nacl-vlan40)#exitDCRS-5650-B(Config)#interface ethernet 0/0/11-16DCRS-5650-B(Config-Port-Range)#ip access-group vlnan40 inDCRS-5650-B(Config)#ip igmp snooping DCRS-5650-B(Config)#interface vlan 30DCRS-5650-B(Config-If-Vlan30)#ip pim dense-mode DCRS-5650-B(Config-If-Vlan30)#exitDCRS-5650-B(Config)#interface vlan 40DCRS-5650-B(Config-If-Vlan40)#i