网络工程实习报告.doc

南京工程学院实习报告 课 程 名 称 网络工程实习 院（系、部、中心） 计算机工程学院 专 业 网络工程 班 级 网络 132 起 止 日 期 2015.4.62015.4.17 指 导 教 师 袁宗福 一、 报告摘要大二下学期的六七周，我们网络工程班在建策公司进行了首次实习，CCIE大神老师讲课很生动，在为期两周的实习期间，学到了很多。在建策，老师是以实际案例给我们讲课，从工程的角度分析客户需求，需要怎样的技术支持，总的来说，偏重于实践应用。期间，CCIE老师带我们这一组学生主要做了以下几个实验：单臂路由，静态路由和访问控制列表，分别对应地铁网或者校园网，企业的路由备份以及服务器过滤方面的知识。很实际的问题，我们对做这些实验的印象至今很深刻。除此之外，老师还给我们讲了些我们学生很关心的问题，比如学校电信宽带的PPPOE连接，无线路由没作用的原因，无线加密方式以及破解方法等等。重点介绍了他从事这行业的一些经历，网络行业现在的形势以及预测一下将来的行情。让我们对网络工程有了一定的了解，有助于我们对未来有个清晰的规划。二、 摘要翻译In the sixth and seventh week of the next semester of our sophomore year, we network engineering students went to JIANCE company for internship for the first time. The teachers lesson who has a certificate “CCIE” is very lively. During the two weeks of internship, we learned a lot.In the company, the teacher gave us a lecture on actual cases. From the perspective of the project, we analysed customers demand and what kind of technical support his need. In general, the class was focus on practical application. During the classes. The CCIE teacher took our a group of students to do mainly the following experiments: single-arm routing, static routing and access control lists, corresponding to the subway network or campus network, the companys routing backup and server filter. They are such practical problems that we have a deep impression on these experiments up to now.In addition, the teacher also told us some interesting things that our students are very concerned about, such as the PPPOE connection of campus telecom broadband, the cause of the wireless router which is invalid in school, wirelesss way of encryption and how to decode and so on. He mainly introduced some experiences when he was engaged in this industry, the present situation of network industry and he also forecasted the future market. Lets have a certain understand of network engineering which can help us have a clear plan for the future.三、 实习目的本次实习是我们作为网络工程学生的一次知识实践，其主要目的在于：1. 掌握局域网的设计组建方法，并知晓对局域网的管理和排错维护等理论知识。2. 熟练运用网络配置命令，主要掌握有单臂路由，静态路由和访问控制列表配置方法。3. 将理论和实际工程结合起来，学会需求分析，增长做工程的见闻。4. 认清社会现实，对计算机相关行业有一定的了解。四、 实习内容分析(一) 实现在不同VLAN的两台主机的相互访问。案例：某企业的需求，需要将两个部门的某两台主机能互相访问。原理：在两台主机所连的三层交换机上给同VLAN配置ip地址，作为主机的网关，交换机和三层交换机的连接接口配成trunk模式，使不同VLAN通过共享链路与其它交换机中的相同VLAN通信。实践：二层交换机：SwitchenSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#vlan 2Switch(config-vlan)#int f0/2Switch(config-if)#switch acc vlan 2Switch(config-if)#int f0/1Switch(config-if)#switch mode trunkSwitch(config-if)#endSwitch#show vlan VLAN Name Status Ports- - - -1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig1/1, Gig1/22 VLAN0002 active Fa0/21002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup 三层交换机：SwitchenSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#ip routingSwitch(config)#vlan 2Switch(config-vlan)#vlan 3Switch(config-vlan)#int f0/2Switch(config-if)#switch acc vlan 3Switch(config-if)#int vlan 2Switch(config-if)#ip add Switch(config-if)#int vlan 3Switch(config-if)#ip add Switch(config-if)#int f0/1Switch(config-if)#switch trunk en dot1q /给端口封装协议Switch(config-if)#switch mode trunkSwitch(config-if)#endSwitch#show vlanVLAN Name Status Ports- - - -1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig0/1, Gig0/22 VLAN0002 active 3 VLAN0003 active Fa0/21002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Switch#show ip int briInterface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset up up FastEthernet0/2 unassigned YES unset up up Vlan1 unassigned YES unset administratively down down Vlan2 YES manual up up Vlan3 YES manual up up验证：PC0 ping PC1注意点：三层交换机封装端口配trunk的原理Cisco设备支持ISL和802.1q（dot1Q）协议。华为只支持802.1q。DOT1Q和ISL的区别：DOT1Q是各类产品的VLAN通用协议模式，Dot1q是一种普遍使用的标准，适用所有交换机与路由设备。支持超过1024vlan,而ISL最多支持1024个vlan。ISL是CISCO设备的专用协议，适用于Cisco设备。ISL(Interior Switching Link)交换机间协议用于实现CISCO交换机间的VLAN中继。它是一个信息包标记协议，在支持ISL接口上发送的帧由一个标准以太网帧及相关的VLAN信息组成。(二) 实现某台主机只能以web的形式访问服务器。案例：出于安全考虑，地铁某台服务器只允许通过web形式访问，任何主机不能ping通它，且主机间不能相互访问。原理：通过给路由器或者三层交换机配置访问控制列表，使数据包只允许通过80端口，起到过滤的作用。实践：二层交换机Switch0：Switch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#vlan 2Switch(config-vlan)#int f0/1Switch(config-if)#switch acc vlan 2Switch(config-if)#int f0/2Switch(config-if)#switch mode trunkSwitch(config)#endSwitch#show vlanVLAN Name Status Ports- - - -1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig1/1, Gig1/22 VLAN0002 active Fa0/11002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup 二层交换机Switch1：Switch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#vlan 3Switch(config-vlan)#int f0/1Switch(config-if)#switch acc vlan 3Switch(config-if)#int f0/2Switch(config-if)#switch mode trunkSwitch(config)#endSwitch#show vlanVLAN Name Status Ports- - - -1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig1/1, Gig1/23 VLAN0003 active Fa0/11002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup三层交换机：Switch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#ip routingSwitch(config)#vlan 2Switch(config-vlan)#vlan 3Switch(config-vlan)#vlan 4Switch(config-vlan)#int vlan 2Switch(config-if)#ip add Switch(config-if)#int vlan 3Switch(config-if)#ip add Switch(config-if)#int vlan 4Switch(config-if)#ip add Switch(config-if)#int f0/3Switch(config-if)#switch acc vlan 4Switch(config-if)#int f0/4Switch(config-if)#switch acc vlan 4Switch(config-if)#int f0/1Switch(config-if)#switch trunk en dot1qSwitch(config-if)#switch mode trunkSwitch(config-if)#int f0/2Switch(config-if)#switch trunk en dot1qSwitch(config-if)#switch mode trunkSwitch#show vlanVLAN Name Status Ports- - - -1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gig0/22 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active Fa0/3, Fa0/41002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsupSwitch#show ip int briInterface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset up up FastEthernet0/2 unassigned YES unset up up FastEthernet0/3 unassigned YES unset up up FastEthernet0/4 unassigned YES unset up up Vlan1 unassigned YES unset administratively down down Vlan2 YES manual up up Vlan3 YES manual up up Vlan4 YES manual up upSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)# access-list 100 permit ip 55 55Switch(config)#int vlan 2Switch(config-if)# ip access-group 100 outSwitch(config-if)#exitSwitch(config)# access-list 101 permit ip 55 55Switch(config)#int vlan 3Switch(config-if)# ip access-group 101 outSwitch(config-if)#exitSwitch(config)# access-list 103 permit tcp any host eq 80Switch(config)# access-list 103 deny ip any host Switch(config)# access-list 103 permit ip any anySwitch(config)#int vlan 4Switch(config-if)# ip access-group 103 out/访问列表101和102实现：pc0和pc1不能相互访问，但都能访问server0/访问列表103实现：所有ip只能以web形式访问server1Switch#show access-lExtended IP access list 100 permit ip 55 55Extended IP access list 101 permit ip 55 55Extended IP access list 103 permit tcp any host eq www deny ip any host permit ip any any验证：1) PC0 无法ping通 PC12) PC0 无法ping通 server13) PC0 通过web访问 server1(三) 实现线路备份，在某条线路故障的情况下，导通另一条线路。特别说明：本次实验是在上次vlan互访实验和过滤实验的基础上进行拓展的，是个综合实验，所以之前的已经配置过的相关命令就不再赘述了。案例：某用户正常上网时通联通的网，当联通网故障时，则自动切换到移动网。原理：在中间路由器上配置默认静态路由时，多设置一个管理距离，则管理距离小的先通，大的不通。实践：三层交换机：将f0/5划入vlan5，f0/6划入vlan6，f0/23和f0/24划入vlan2。给vlan2，vlan5和vlan6分配地址，作为所在vlan主机的网关。具体配置命令如上两次实验，略过。服务器过滤采用的访问控制列表实现如上次实验，不再赘述。给端口f0/1配置IP需要注意：Switch(config)#int f0/1Switch(config-if)# no switchport /开启三层端口配置功能Switch(config-if)# ip address 静态路由Switch(config)# ip route FastEthernet0/1 /采用默认静态路由形式Switch#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is to network C /24 is directly connected, FastEthernet0/1C /24 is directly connected, Vlan2C /24 is directly connected, Vlan5C /24 is directly connected, Vlan6S* /0 is directly connected, FastEthernet0/1中间路由器Route0：给端口f0/0，f0/1，f1/0分配地址后，配置静态路由。发出方向：Router(config)# ip route FastEthernet0/1 Router(config)# ip route FastEthernet1/0 34 /改这条默认静态路由管理距离为34返回方向：Router(config)# ip route FastEthernet0/0 Router(config)# ip route FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is to network C /24 is directly connected, FastEthernet0/0S /24 is directly connected, FastEthernet0/0S /24 is directly connected, FastEthernet0/0C /24 is directly connected, FastEthernet0/1C /24 is directly connected, FastEthernet1/0S* /0 is directly connected, FastEthernet0/1路由器Router1：给端口f0/0，f0/1分配地址后，配置静态路由。Router(config)# ip route FastEthernet0/0Router(config)# ip route FastEthernet0/0Router(config)# ip route FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not setC /8 is directly connected, FastEthernet0/1S /24 is directly connected, FastEthernet0/0S /24 is directly connected, FastEthernet0/0S /24 is directly connected, FastEthernet0/0C /24 is directly connected, FastEthernet0/0路由器Router2：给端口f0/0，f0/1分配地址后，配置静态路由。Router(config)# ip route FastEthernet0/0Router(config)# ip route FastEthernet0/0Router(config)# ip route FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS int