sspulinux路由与交换大作业

1、路由与交换大作业一拓扑图11.22011R2fil/0 Z1W.2Ulo-21r ir,SW*lA1Ljr 1iVa219.220234.1.*Serve r-PT十2OAZ1 .i4iLa5WO 2U2.11.41. LU2B11R350/LL3Z. I6S SOD 1fD/O 9Z 16B. 0D L BOv/ ftlS=r*er-PTWE&l?2.ii.6.inPC4T192.166 .50.50a.PC-PT192.L&6 .0.6D3：PC-PT皿 JRto/la *I.Pi：亠 FT.10 10HOTT4PG-FT192.169200PG-PT192.U& 30/30aPC-PT1

2、92.168 rfO.40二知识点VLAN的创建和划分二层接口、TRUNK 口、路由口、SVI 口三层链路聚合冗余链路，利用两条链路接入核心交换机，提高链路带宽开启生成树，在冗余的基础上避免环路静态路由和默认路由RIPOSPF路由器间采用PPP链路协议进行通信，并且采用chap方式进 认证。用动态NAT地址转换，实现一个内网地址到外网地址的转换 设置标准访问控制列表控制内网某一网段主机对服务器的访问 三具体配置（一）路由器相关配置R1路由器配置要求：配置端口的IP地址启用OSPF,宣告内部网段与R2相连的端口采用PPP协议进行通信，通过 CHAP方式认证 动态NAT地址转换，实现一个内网地址到

3、外网地址的转换R1具体配置：in terface FastEther netO/Oip address 192.168.100.1 255.255.255.0 /配置 IP 地址ip n at in side/定义该接口连接内部网络duplex autospeed auto!in terface FastEthernet0/1ip address 192.168.200.1 255.255.255.0 /配置 IP 地址ip n at in side /定义该接口连接内部网络duplex autospeed auto!in terface Serial1/0ip address 219.220

4、.234.1 255.255.255.0ip access-group 101 out 对流出端口的流量进行过滤ip nat outside /定义该接口连接外部网络clock rate 64000 /DCE 端，设置时钟!in terface Serial1/1ip address 192.168.12.2 255.255.255.0encapsulation ppp /用 PPP协议圭寸装ppp authentication chap /CHAP 方式认证clock rate 64000 /DCE 端，设置时钟!router ospf 100 /启用OSPF,宣告内部网段log-adjac

5、e ncy-cha ngesn etwork 192.168.100.0 0.0.0.255 area 0n etwork 192.168.200.0 0.0.0.255 area 0!ip nat pool l2 219.220.234.3 219.220.234.123 netmask 255.255.255.0定义地址池范围ip n at in side source list 2 pool 2 /定义内部本地地址池调用转换地址 池地址access-list 2 permit 192.168.10.0 0.0.0.255access-list 2 permit 192.168.20.0

6、0.0.0.255access-list 2 permit 192.168.30.0 0.0.0.255access-list 2 permit 192.168.40.0 0.0.0.255定 义进行转换的内网地址静态路由实现对外网的访问ip route 202.121.241.0 255.255.255.0 219.220.234.2ip route 192.168.6.0 255.255.255.0 192.168.200.2ip route 192.168.7.0 255.255.255.0 192.168.200.2ip route 192.168.3.0 255.255.255.0

7、192.168.100.2ip route 192.168.11.0 255.255.255.0 192.168.12.1NAT:right#show ip nat translationsPro In side globalicmp 219.220.234.3:1icmp 219.220.234.3:2icmp 219.220.234.3:3icmp 219.220.234.3:4icmp 219.220.234.4:1icmp 219.220.234.4:2icmp 219.220.234.4:3icmp 219.220.234.4:4icmp 219.220.234.5:1icmp 21

8、9.220.234.5:2icmp 219.220.234.5:3icmp 219.220.234.5:4icmp 219.220.234.6:1icmp 219.220.234.6:2In side local192.168.10.10:1192.168.10.10:2192.168.10.10:3192.168.10.10:4192.168.20.20:1192.168.20.20:2192.168.20.20:3192.168.20.20:4192.168.30.30:1192.168.30.30:2192.168.30.30:3192.168.30.30:4192.168.40.40:

9、1192.168.40.40:2Outside local202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:1202.121.241.9:2Outside global202.121.241.9:1202.121.241.9:2202.121.241.9:320

10、2.121.241.9:4202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:1202.121.241.9:2202.121.241.9:3202.121.241.9:4202.121.241.9:3202.121.241.9:4icmp 219.220.23463192.168.40.40:3icmp 219.220.234.6:4192.168.40.40:4R2路由器配置要求

11、：配置端口的IP地址配置RIP协议与R1相连的端口采用PPP链路协议进行通信，并且采用chap方式进 行认证。设置默认路由使内部网络连接到外网具体配置：in terface FastEther netO/Oip address 192.168.11.1 255.255.255.0ip nat in sideduplex autospeed auto!in terface Serial1/1ip address 192.168.12.1 255.255.255.0encapsulation ppp /用 PPP协议圭寸装ppp authe nticati on chap /CHAP 方式认证!r

12、outer rip 配置 RIPvers ion 2network 192.168.11.0 ip classlessip route 0.0.0.0 0.0.0.0 192.168.12.2 / 默认路由至 U外部网络 !R3配置要求：设置端口的IP地址设置静态路由是内网连到外网具体配置：in terface FastEther net0/0ip address 202.121.241.10 255.255.255.248duplex autospeed auto!in terface Serial1/0ip address 219.220.234.2 255.255.255.0!ip cl

13、assless设置静态路由使内网连到外网ip route 192.168.100.0 255.255.255.0 219.220.234.1ip route 192.168.200.0 255.255.255.0 219.220.234.1ip route 192.168.11.0 255.255.255.0 219.220.234.1ip route 192.168.12.0 255.255.255.0 219.220.234.1(二)交换机的配置(1)局域网1内的交换机的相关配置核心交换机配置：SW7配置要求：将相应的端口设为路由口，并配置IP地址 将f/22-23聚合，配置聚合口的IP地

14、址 开启OSPF,宣告相连的网段配置默认路由连接到外网两条链路与汇聚层交换机相连，提供冗余链路具体配置：in terface FastEther netO/1no switchportip address 192.168.76.1 255.255.255.0duplex autospeed auto!in terface FastEther net0/2no switchportip address 192.168.75.1 255.255.255.0duplex autospeed autoin terface FastEther netO/3no switchportip address

15、192.1683254 255.255.255.0duplex autospeed auto!in terface FastEthernet0/22no switchportcha nn el-group 1 mode on/链路聚合no ip addressduplex autospeed auto!in terface FastEthernet0/23no switchportcha nn el-group 1 mode on/链路聚合no ip addressduplex autospeed auto in terface FastEthernet0/24no switchportip

16、address 192.168.100.2 255.255.255.0duplex autospeed auto!in terface Port-cha nnel 1/聚合口no switchportip address 192.168.125.1 255.255.255.0!router ospf 100/配置 OSPFlog-adjace ncy-cha ngesnetwork 192.168.100.0 0.0.0.255 area 0与 R1 相连的网段n etwork 192.168.125.0 0.0.0.255 area 0聚 合链路的网段network 192.168.76.0

17、 0.0.0.255 area 0与 SW6 相连的网段network 192.168.75.0 0.0.0.255 area 0与 SW5 相连的网段n etwork 192.168.3.0 0.0.0.255 area 0与 管理端相连的网段 !ip classlessip route 0.0.0.0 0.0.0.0 192.168.100.1默 认路由与外网相连SW8与SW7类似，略汇聚层交换机SW5配置要求: 设置与核心层相连的端口的IP地址 两条链路与核心层交换机相连，提供冗余链路配置OSPF,宣告相应的网段设置默认路由连到外网建立访问控制列表，控制vian40的主机对web服务器的

18、访问 开启生成树，避免环路具体配置：in terface FastEther netO/1no switchportip address 192.168.85.2 255.255.255.0duplex autospeed auto!in terface FastEther net0/2no switchportip address 192.168.75.2 255.255.255.0duplex autospeed auto!in terface Vla n30创建 SVI，设置 IP 地址ip address 192.168.30.254 255.255.255.0in terface V

19、lan40ip address 192.168.40.254 255.255.255.0ip access-group 10 out/对流入的流量进行控制!router ospf 100/配置 OSPFlog-adjace ncy-cha ngesn etwork 192.168.30.0 0.0.0.255 area 0n etwork 192.168.40.0 0.0.0.255 area 0n etwork 192.168.75.0 0.0.0.255 area 0n etwork 192.168.85.0 0.0.0.255 area 0!ip classlessip route 0.

20、0.0.0 0.0.0.0 192.168.85.1 设置默认路由至 U外网 !Switch#show access-lists /显示访问控制列表Standard IP access list 10deny 0.0.40.0 192.168.6.10/禁止 vlan40 的主机访问 web 服务器查看生成树状态：Switch#show spa nnin g-treeVLAN0030Spanning tree en abled protocol ieeeRoot ID Priority32798Address0060.2F22.C781This bridge is the rootHello

21、Time 2 sec Max Age 20 sec Forward Delay15 secIn terfaceRole Sts CostPrio.Nbr TypeFaO/13Desg FWD 19128.13 P2pFaO/14Desg FWD 19128.14 P2pBridge IDPriority32798 (priority 32768 sys-id-ext 30)AddressHello Time0060.2F22.C7812 sec Max Age 20 sec Forward Delay15 secAgi ng Time20VLAN0040Spanning tree en abl

22、ed protocol ieeeRoot ID Priority 32808Address 0060.2F22.C781This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay15 secBridge ID Priority 32808 (priority 32768 sys-id-ext 40)Address 0060.2F22.C781Hello Time 2 sec Max Age 20 sec Forward Delay15 secAgi ng Time 20In terfaceRole Sts CostP

23、rio.Nbr TypeFa0/13Desg FWD 19128.13 P2pFa0/14Desg FWD 19128.14 P2pSW5与SW6配置类似，具体配置略 接入层交换机SW1配置要求：创建VLAN，把端口加入到 VLAN 将与汇聚层相连的端口配为trunk 口 开启生成树，避免环路具体配置：switchport mode trunkin terface FastEther netO/2switchport access via n 10!查看生成树状态Switch#show spa nnin g-treeVLAN0010Spanning tree en abled protocol

24、 ieeeRoot ID Priority 32778Address 0001.9610.1D2AThis bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay15 secBridge ID Priority 32778 (priority 32768 sys-id-ext 10)Address 0001.9610.1D2AHello Time 2 sec Max Age 20 sec Forward Delay15 secAgi ng Time 20FaO/1Desg FWD 19128.1P2pP2pFa0/2Des

25、g FWD 19128.2SW2、3、4配置与SW 1类似，具体配置略 局域网2的交换机的相关配置三层交换机的配置要求：配置与R2相连的端口的IP地址创建SVI，配置IP地址配置RIP设置静态路由连到外网具体配置：in terface FastEther netO/1no switchportip address 192.168.11.2 255.255.255.0duplex autospeed auto!in terface Via n50/创建 SVI，配置 IP 地址ip address 192.168.50.254 255.255.255.0!in terface Via n60ip

26、 address 192.168.60.254 255.255.255.0router rip/配置 RIPvers ion 2n etwork 192.168.11.0n etwork 192.168.50.0n etwork 192.168.60.0!ip classless静态路由连到外网ip route 192.168.12.0 255.255.255.0 192.168.11.1ip route 219.220.234.0 255.255.255.0 192.168.11.1ip route 202.121.241.8 255.255.255.248 192.168.11.1!二层交

27、换机相关配置SW9配置要求：创建VLAN，将端口划分到VLAN将与三层交换机相连的端口配为trunk 口具体配置：in terface FastEther net0/1switchport access via n 50switchport mode trunkSW10与SW8类似，具体配置略四测试结果 局域网内不同VLAN的主机可以互通1孚l&STILLIESTTL=12STTL=12STTL=12Sfrom from fro from.Reply Reply RaplyReply(Z5% loss)Pmg statisXics for 192,168,404口：Packef： Senv =

28、 4 审 Recgived = 3r LasxRequest trained out-Reply from. 192,168.40,40: bytes = 32 time=438nis TTL=1Z5Reply from 192H168B 40, 40: hytes = 3Z tiae=3ZSias TTL=1Z5Reply fro 192,168,40,40： bytes = 3Z iBe=HZms TTL=1Z5Pingxng 192：-168- 40.40 witii 32 bytes f datra：PCpxng 13Z. 168- 40.4(3Ping statistics for

29、192.1.30.30:Packets: Sent = 4, Received = 4# Lost s 0 (Qi loss) ApproKiELace- round trip 匕 1皿总兮 m milll-seconds:MinimuHi =114. H包用im皿 -253ms. Average =179msPinam 1 吕8L30 with bytes ofPCpinCT 152B163.30H 30命令提示符号 192.168.1D.10ytytytYtL&8器CL 3019Zal&S倉0自。12U 1&8亏 192.168.20.20桌血192.163.40,4Q配置桌面命令提示符P

30、Cpinj 19Z,168,10BIDPinxnij16S., 10 B10 uith. 3 bi/tes of data.:K=ply P.ejily P.e： ly P-eplvf ronifrom19_160-丄D.IO:192 -丄 &8 丄 0 丄0二 丄 92.168.10 .丄。:：192 丄 8.10-10:r isr-g* 污七 a七 is*t Pazkets:for 192-.15. IO- LO:TTL-1Z5t ime=Z35m.s：tiELe = 312m.siti.m.e=Z49m.sTTL=1Z5TTL=1Z5TTL=1Z5Apj rox Lmmtei Min.i

31、m.uni4r Receivedround, trip time s in ml J.丄九一leuond吕二 = 159hls ManiiKUJi. = 312ks jtverageSent-Lost = 0(0% loss)rPOpinj 152.les.20.20PlngXn 19Z._JL68- 20. Z0 wlDh. 3Z fcyx.es o f nlELca.iRef lyP.ei： lvKej lyfromro:mfromErom192 -168.20.20:192.168.20.20:192 -丄20:192-160.20.20=Ping statistics for 19Z

32、-168.20. 0 :UrlIt 戶 1.w Spnl-. =4- 0iprIiT7Ari =192.168.50-50物豐 配置桌面trme=17ZiD.st i.me=ZiQ5m.strm.e=l-57iD.sTTL=1ZSTTL=1ZSTTL=1ZSTTL-12两个局域网内的主机都可对外网进行访问 L92.168.1O.10臬面命令提示符Pa亡ka亡PC Cornjuand Lin& 丄POpiiigZ02.121.Z41.3Pinging202丄Z1-Z41.932 byr of data:cimed ouc_Reply from 202.121.241. 9i fcyes32Reply froiai 202.1Z1.241.9: b竹曲巧2fteplsf from 202.丄2JL. 241夕二 hyes=32time2C5as tjjne-21SaiTTL=12