网络工程实习报告

1、南京工程学院实习报告课程名称院（系、部、中心）专业班级起止日期指导教师网络工程实习计算机工程学院 网络工程网络1322015 4 6 2015 4 17袁宗福报告摘要大二下学期的六七周，我们网络工程班在建策公司进行了首次实习，CCIE大神老师讲课很生动，在为期两周的实习期间，学到了很多。在建策，老师是以实际案例给我们讲课，从工程的角度分析客户需求，需要怎样的技术支持，总的来说，偏重于实践应用。期间， CCIE老师带我们这一组学生主要做了以下几个 实验：单臂路由，静态路由和访问控制列表，分别对应地铁网或者校园网，企业的路由备份以及服务器过滤方面的知识。很实际的问题，我们对做这些实验的印象至今很深

2、刻。除此之外，老师还给我们讲了些我们学生很关心的问题，比如学校电信宽带的PPPOE连接，无线路由没作用的原因，无线加密方式以及破解方法等等。重点介绍了他从事这行业的一些经历，网络行业现在的形势以及预测一下将来的行情。让我们对网络工程有了一定的了解，有助于我们对未来有个清晰的规划。二、摘要翻译In the sixth and seve nth week of the n ext semester of our sophomore year, wen etwork engin eeri ng stude nts went to JIANCE compa ny for intern shipfor

3、the first time.The teacher ' s less on who has a certificate“ CCIE” is veryively. During the two weeksof intern ship, we lear ned a lot.In the company, the teacher gave us a lecture on actual cases. From the perspective of the project, we an alysed cust omer ' s dema nd and what kind of tech

4、 ni calsupport his need. In general, the class was focus on practical application. During the classes. The CCIE teacher took our a group of students to do mainly the followingexperiments: single-arm routing, static routing and access control lists, corresponding tothe subway network or campus networ

5、k, the company' s routing backup and server filter.They are such practical problems that we have a deep impression on these experime nts up to now.In additi on, the teacher also told us some in teresti ng things that our stude ntss wayare very concerned about, such as the PPPOE connection of cam

6、pus telecom broadba nd, the cause of the wireless router which is in validin school, wirelessof encryption and how to decode and so on. He mainly introduced some experiences whe n he was en gaged in this in dustry, the prese nt situati on of n etwork in dustry and he also forecasted the future marke

7、t. Let's have a certain understand of network engin eeri ng which can help us have a clear pla n for the future.三、实习目的本次实习是我们作为网络工程学生的一次知识实践，其主要目的在于：1. 掌握局域网的设计组建方法，并知晓对局域网的管理和排错维护等理论知识。2. 熟练运用网络配置命令，主要掌握有单臂路由，静态路由和访问控制列表配置方法。3. 将理论和实际工程结合起来，学会需求分析，增长做工程的见闻。4. 认清社会现实，对计算机相关行业有一定的了解。四、实习内容分析（一）实现

8、在不同VLAN的两台主机的相互访问。案例：某企业的需求，需要将两个部门的某两台主机能互相访问。原理：在两台主机所连的三层交换机上给同VLAN配置ip地址，作为主机的网关，交换机相同VLAN通信。实践：ip：192 168.2 2/24ip： 192.168.3 2/24二层交换机：Switch>e nSwitch#co nf tEn ter con figurati on comma nds, one per line.End with CNTL/Z.Switch(config)#vlan 2Switch(co nfig-vla n)#i nt fO/2Switch(config-if)

9、#switch acc vlan 2Switch(co nfig-if)# int fO/1Switch(c on fig-if)#switch mode trunkSwitch(c on fig-if)#e ndSwitch#show via nVLAN NameStatusPorts1 defaultactive FaO/3, FaO/4, FaO/5, FaO/6FaO/7, Fa0/8, Fa0/9, Fa0/10FaO/11, FaO/12, Fa0/13, Fa0/14Fa0/15, Fa0/16, Fa0/17, FaO/18FaO/19, Fa0/20, Fa0/21, Fa0

10、/22Fa0/23, Fa0/24, Gig1/1, Gig1/22 VLAN0002active Fa0/21002 fddi-defaultact/un sup1003 toke n-rin g-defaultact/un sup1004 fddi net-defaultact/un sup1005 trnet-defaultact/un sup三层交换机：Switch>e nSwitch#co nf tEn ter con figurati on comma nds, one per line.Switch(c on fig)#ip rout ingSwitch(config)#v

11、lan 2Switch(c on fig-vla n) #vla n 3Switch(co nfig-vla n)#i nt f0/2End with CNTL/Z.Switch(config-if)#switch acc vian 3Switch(co nfig-if)#i nt vlan 2Switch(config-if)#ip add Switch(co nfig-if)#i nt vlan 3Switch(config-if)#ip add Switch(co nfig-if)# in

12、t f0/1Switch(config-if)#switch trunk en dot1q/ 给端口圭寸装协议Switch(c on fig-if)#switch mode trunkSwitch(c on fig-if)#e ndSwitch#show vla nVLAN NameStatus Ports1 default2 VLAN00023 VLAN00031002 fddi-defaultactive Fa0/3, Fa0/4, Fa0/5, Fa0/6Fa0/7, Fa0/8, Fa0/9, Fa0/10Fa0/11, Fa0/12, Fa0/13, Fa0/14Fa0/15, Fa

13、0/16, Fa0/17, Fa0/18Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24, Gig0/1, Gig0/2activeactive Fa0/2act/un sup1004 fddi net-defaultact/un sup1005 trnet-defaultact/un supSwitch#show ip int briIn terfaceIP-AddressOK? MethodStatusProtocolFastEthernet0/1un assig nedYES un setupupFastEthernet0/2un assig ne

14、dYES un setupupVla n1un assig nedYES un setadmi nistratively dow n dow nVla n2192.16821YES manualupupVla n3YES manualupup验证：PC0 pi ng PC1POping 192_1S_3.2Pinging with 32 byxes of data:time=Oms time=Cms time=lm3TTL=127TTL=12 7TTL=12 7Request; twined outReply from : by

15、tes=32Reply from 192.13,3.2: bytes=32Reply from 192,18.3,2: bytes=32Ping atatisties for 192.16B.3.2:Sent = 4f Rmumiv色d = 3r Loat =1loag)pApproxlmate round trip tz.msM in jnilli-MSCQiidg zMinunmn - Oms t Maxunmn - Ims r Average - Oins、，、.t- 注意点：三层交换机封装端口配trunk的原理Cisco设备支持ISL和802.1q( dotlQ )协议。华为只支持 8

16、02.1q 。DOT1Q和ISL的区别：DOT1Q是各类产品的 VLAN通用协议模式，Dotlq是一种普遍使 用的标准，适用所有交换机与路由设备。支持超过1024vlan,而ISL最多支持1024个vlan。ISL是CISCO设备的专用协议， 适用于 Cisco设备。 ISL(Interior Switching Link) 交换机 间协议用于实现 CISCO交换机间的VLAN中继。它是一个信息包标记协议，在支持ISL接口上发送的帧由一个标准以太网帧及相关的VLAN信息组成。(二) 实现某台主机只能以web的形式访问服务器。案例：出于安全考虑，地铁某台服务器只允许通过web形式访问，任何主机不

17、能 ping通它，且主机间不能相互访问。原理：通过给路由器或者三层交换机配置访问控制列表，使数据包只允许通过80端口，起到过滤的作用。实践:询可列知Q却：斫有“口能以*讪刑式访问冷”N二层交换机Switch。Switch#co nf tEnd with CNTL/Z.En ter con figurati on comma nds, one per line.Switch(config)#vlan 2Switch(co nfig-vla n)#i nt fO/1Switch(config-if)#switch acc vlan 2Switch(co nfig-if)# int fO/2Swit

18、ch(c on fig-if)#switch mode trunkSwitch(c on fig)#e ndSwitch#show via nVLAN Name1 defaultStatus Portsactive FaO/3, FaO/4, FaO/5, FaO/6FaO/7, Fa0/8, Fa0/9, Fa0/10FaO/15, FaO/16, FaO/17, FaO/18FaO/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24, Gig1/1, Gig1/22 VLAN0002active Fa0/11002 fddi-defaultact/un sup

19、1003 toke n-rin g-defaultact/un sup1004 fddi net-defaultact/un sup1005 trnet-defaultact/un sup二层交换机Switch1Switch#co nf tEn ter con figurati on comma nds, one per line.Switch(config)#vlan 3Switch(co nfig-vla n)#i nt f0/1Switch(config-if)#switch acc vlan 3Switch(co nfig-if)# int f0/2Switch(c on fig-if

20、)#switch mode trunkSwitch(c on fig)#e ndSwitch#show vla nEnd with CNTL/Z.VLAN NameStatus PortsFa0/7, Fa0/8, Fa0/9, Fa0/10Fa0/11, Fa0/12, Fa0/13, Fa0/14Fa0/15, Fa0/16, Fa0/17, Fa0/18Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24, Gig1/1, Gig1/23 VLAN00031002 fddi-default1003 toke n-rin g-default1004 fd

21、di net-default1005 trnet-defaultactive Fa0/1act/un supact/un supact/un supact/un sup三层交换机:Switch#co nf tEnd with CNTL/Z.En ter con figurati on comma nds, one per line.Switch(c on fig)#ip rout ingSwitch(config)#vlan 2Switch(c on fig-vla n) #vla n 3Switch(config-vlan)#vlan 4Switch(config-vlan)#int vla

22、n 2Switch(config-if)#ip add Switch(co nfig-if)#i nt vlan 3Switch(config-if)#ip add Switch(c on fig-if)# int vlan 4Switch(config-if)#ip add Switch(co nfig-if)# int f0/3Switch(config-if)#switch acc vlan 4Switch(co nfig-if)# int

23、 f0/4Switch(config-if)#switch acc vlan 4Switch(co nfig-if)# int f0/1Switch(c on fig-if)#switch trunk en dot1qSwitch(c on fig-if)#switch mode trunkSwitch(co nfig-if)# int f0/2Switch(c on fig-if)#switch trunk en dot1qSwitch(c on fig-if)#switch mode trunkSwitch#show vla nVLAN Name1 defaultStatus Portsa

24、ctive Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/11, Fa0/12Fa0/13, Fa0/14, Fa0/15, Fa0/16Fa0/17, Fa0/18, Fa0/19, Fa0/20GigO/1, GigO/22 VLAN00023 VLAN00034 VLAN00041002 fddi-default1003 toke n-rin g-default1004 fddi net-default1005 trnet-defaultactiveactiveactive Fa0/3, Fa0/4act/un supact/un supact

25、/un supact/un supSwitch#show ip int briIn terfaceIP-AddressOK? MethodStatusProtocolFastEthernet0/1un assig nedYES un setupupFastEthernet0/2un assig nedYES un setupupFastEthernet0/3un assig nedYES un setupupFastEthernet0/4un assig nedYES un setupupVia n1un assig nedYES un setadmi nistratively dow n d

26、ow nVia n2192.16821YES manual upupVla n3YES manual upupVla n4YES manual upupSwitch#co nf tEn ter con figurati on comma nds, one per line.End with CNTL/Z.Switch(config)# access-list 100 permit ip 55 55Switch(config)#int vlan 2Switch(c on fig

27、-if)# ip access-group 100 outSwitch(c on fig-if)#exitSwitch(config)# access-list 101 permit ip 55 55Switch(config)#int vlan 3Switch(c on fig-if)# ip access-group 101 outSwitch(c on fig-if)#exitSwitch(config)# access-list 103 permit tcp any host eq 80

28、Switch(config)# access-list 103 deny ip any host Switch(c on fig)# access-list 103 permit ip any anySwitch(c on fig)# int vlan 4server。Switch(c on fig-if)# ip access-group 103 out /访问列表101和102实现：pc0和pc1不能相互访问，但都能访问/访问列表103实现：所有ip只能以web形式访问server1Switch#show access-lExte nded IP access lis

29、t 100permit ip 55 192.16820 55Exte nded IP access list 101permit ip 55 55Exte nded IP access list 103permit tcp any host eq wwwdeny ip any host permit ip any any验证：1) PC0 无法 pi ng 通 PC1Pinging 192 _ 1S_3 _ 2 with

30、32 bytes ofReplySeply ReplyReplyf EQID. f EO3D from femU2 - 1B . 2 -1:192.1B_ 1 z Deal; ma tian192.1CB.2.1: Degtination192 亠1B.2.1; Destinationhogt hogt hogt hastUILESBCileLbls - un r e a ch able- unreachable _ unreachable 亠2) PC0 无法 pi ng 通 server1Pinging wixh 32 byt.B of data;R皀ply fro

31、m 192,168-2-1：Reply from 192_16B«2.1:Reply from 192.16B.2.1;Reply from 192.1CB.2.1:Pea it Ina tri onhost uriEea.chableUa a tin at ion boatDe号tiiiia七匚口口 hostDestination host；uile e a di abl e -un r e a ch abl e.unreachablePing Btatiflties for 192_169 _1_3iPa.cket：3 z Sent = 4# Received = 0# Lost

32、 = 4 (1001 logs) f3) PCO 通过 web 访问 serverl（三）实现线路备份，在某条线路故障的情况下，导通另一条线路。 特别说明：本次实验是在上次 vlan互访实验和过滤实验的基础上进行拓展的，是个综合实 验，所以之前的已经配置过的相关命令就不再赘述了。案例：某用户正常上网时通联通的网，当联通网故障时，则自动切换到移动网。原理：在中间路由器上配置默认静态路由时，多设置一个管理距离，则管理距离小的先通， 大的不通。实践：aJUPORTipilffi. IBB. S.S/241192.grw/iI 2311RjQUterl歳通-叫口RG-PTPC2200. 1. i.O/

33、24iib：2.2.2.£/8MultilayesenRooterflsil/0*>/24i p：l龍.163.6. 6/24、”如211Router2Srver-PTIrTPServer-PTHTTPip：1龍.168.2.100/24ipjgZ. 3BB 2. ZOO/24三层交换机: 将 fO/5 划入 vlan5 , fO/6 划入 vian6 , fO/23 和 fO/24 划入 vian2。给 vlan2 , vian5 和 vian6分配地址，作为所在vlan主机的网关。具体配置命令如上两次实验，略过。服务器过滤采用的访问控制列表实现如上次实验，

34、不再赘述。给端口 f0/1配置IP需要注意：Switch(co nfig)#i nt f0/1Switch(c on fig-if)# no switchport/开启三层端口配置功能Switch(config-if)# ip address 静态路由 Switch(config)# ip route FastEthernetO/1/采用默认静态路由形式Switch#show ip routeCodes: C - connected, S - static, I - IGRP , R - RIP , M - mo

35、bile, B - BGP D - EIGRP , EX - EIGRP external, O - OSPF, IA - OSPF in ter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - can didate default, U

36、- per-user static route, o - ODRP - periodic dow nl oaded static routeGateway of last resort is to network C/24 isdirectly conn ected, FastEthernetO/1C/24 isdirectly conn ected, Vlan2C/24 isdirectly conn ected, Vlan5C/24 isdirectly conn ecte

37、d, Vlan6S* /0 is directly conn ected, FastEthernet0/1中间路由器 Route0 :给端口 f0/0 , f0/1 , f1/0分配地址后，配置静态路由。发出方向：Router(co nfig)# ip route FastEthernet0/1Router(config)# ip route FastEthernet1/0 34/ 改这条默认静态路由管理距离为34返回方向：Router(co nfig)# ip route 255.255.2

38、55.0 FastEthernet0/0Router(co nfig)# ip route FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP , R - RIP , M - mobile, B - BGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - can didate default, U - per-user static ro

39、ute, o - ODRP - periodic dow nl oaded static routeGateway of last resort is to network C /24 is directly conn ected, FastEthernetO/OS/24is directly conn ected, FastEthernet0/0S/24is directly conn ected, FastEthernet0/0C/24 isdirectly conn ecte

40、d, FastEthernet0/1C/24 isdirectly conn ected, FastEthernet1/0S* /0 is directly conn ected, FastEthernet0/1路由器Router1 :给端口 f0/0 , f0/1分配地址后，配置静态路由。Router(config)# ip route FastEthernet0/0Router(co nfig)# ip route FastEthernet0/0Route

41、r(co nfig)# ip route FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP , R - RIP , M - mobile, B - BGPE1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - can did

42、ate default, U - per-user static route, o - ODRP - periodic dow nl oaded static routeGateway of last resort is not setC/8 is directly conn ected, FastEthernetO/1S/24is directlyconn ected,FastEthernetO/OS/24is directlyconn ected,FastEthernet0/0S/24is directlyco

43、nn ected,FastEthernet0/0C /24 is directly conn ected, FastEthernet0/0路由器Router2 :给端口 f0/0 , f0/1分配地址后，配置静态路由。Router(config)# ip route FastEthernet0/0Router(co nfig)# ip route FastEthernet0/0Router(co nfig)# ip route 255.255.255

44、.0 FastEthernet0/0Router#show ip routeCodes: C - connected, S - static, I - IGRP , R - RIP , M - mobile, B - BGPE1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - can didate default, U - per-user static route, o -

45、 ODRP - periodic dow nl oaded static routeGateway of last resort is not setC /8 is directly conn ected, FastEthernetO/1S/24is directly conn ected,FastEthernetO/OS/24is directly conn ected,FastEthernet0/0S/24is directly conn ected,FastEthernet0/0C/24 i

46、sdirectly conn ected, FastEthernet0/0验证:1. PC5 能 ping 通 PC2Pinging 2 2 2.2 盲 ith 32cf data：Request timed out,Reply from 2.2,2 ,2 :R&pl/ fcam 1Reply from Z.2.2.2zbyt&3=32 tiPie=0ms TTL=125t>ytes=32 t±iEie=0m3 TTL=12S bytes32 tj_HK"0nig TTL12SPing atatistics for PAckeZsz Sent = ir deceived = Lost = 1less)tAppre round Xrip times m mi111-seconds zMiniinuzn = 0ms j M岂盘iznum = Oma# Average = 0ms2. PC5 无法 pi ng 通 PC3PC>ping 3.3.3,3Pinging 3 _ 3 _ 3 _ 3 with 32