PT-练习861-CCNA-综合技巧练习(教师版)_第1页
PT-练习861-CCNA-综合技巧练习(教师版)_第2页
PT-练习861-CCNA-综合技巧练习(教师版)_第3页
PT-练习861-CCNA-综合技巧练习(教师版)_第4页
PT-练习861-CCNA-综合技巧练习(教师版)_第5页
已阅读5页,还剩32页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

PT练习8.6.1:CCNA综合技巧练习(教师版)拓扑图所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第1页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习HQ地址表设备接口IP地址子网掩码DLCI映射Fa0/0不适用S0/0/0.4152DLCI41到B1HQS0/0/0.4252DLCI42到B2S0/0/0.4352DLCI43到B3S0/0/15352不适用S0/1/052不适用分支路由器的地址表设备接口IP地址子网掩码Fa0/0.1010.X.10.1Fa0/0.2010.X.20.1Fa0/0.3010.X.30.1Fa0/0.8810.X.88.1BXFa0/0.9910.X.99.1S0/0/0第二个地址52BX-S1VLAN9910.X.99.21BX-S2VLAN9910.X.99.22BX-S3VLAN9910.X.99.23BX-WRSVLAN110.X.40.1.以分支路由器B1、B2或B3的编号代替"X"。.HQ的点对点PVC使用子网中的第二个地址。HQ使用第一个地址。.WRT300N路由器通过DHCP从分支路由器获得Internet地址。所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第2页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习VLAN配置和端口映射VLAN编号网络地址VLAN名称端口映射1010.X.10.0/24AdminBX-S2,Fa0/62010.X.20.0/24SalesBX-S2,Fa0/113010.X.30.0/24ProductionBX-S2,Fa0/168810.X.88.0/24WirelessBX-S3,Fa0/79910.X.99.0/24Mgmt&Native所有中继所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第3页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习学习目标.在集中星型拓扑中配置帧中继.将PPP的身份验证方式配置为CHAP和PAP.配置静态NAT和动态NAT.配置静态路由和默认路由简介在本次综合性CCNA技巧练习中,XYZ公司在WAN连接中混合使用帧中继与PPP。HQ路由器通过NAT提供对服务器群和Internet的访问。另外HQ还使用基本的防火墙ACL来过滤入站流量。每台分支路由器都配置为支持VLAN间路由和DHCP。路由过程通过EIGRP以及静态路由和默认路由完成。每个交换网络上都配置了VLAN、VTP和STP。本练习已启用端口安全功能并提供无线接入。在本次综合练习中,您的任务是充分利用您在四门Exploration课程中所学的知识,成功运用所有技术。您要负责配置HQ路由器以及分支路由器B1、B2和B3。此外,您还要负责配置每一台通过分支路由器连接到网络的设备。NewB路由器代表一台小型公司经合并后作为新分支机构的分支路由器。您不具有NewB路由器的访问权。但是,您要在HQ和NewB之间建立一条链路,使这家新的分支机构能够访问内部网络和Internet。ipaddress52frame-relayinterface-dlci41!interfaceSerial0/0/0.42point-to-pointipaddress52frame-relayinterface-dlci42!interfaceSerial0/0/0.43point-to-pointipaddress52frame-relayinterface-dlci43endwr!-----------!B1!-----------enableconfigureterminalhostB1enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress52encapsulationframe-relayframe-relaylmi-typeq933anoshutdownendwr!-----------!B2!-----------enable所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第5页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习configureterminalhostB2enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress52encapsulationframe-relayframe-relaylmi-typeq933anoshutdownendwr!-----------!B3!-----------enableconfigureterminalhostB3enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress052encapsulationframe-relayietfframe-relaylmi-typeansinoshutdownendwr步骤2.在HQ上配置LAN接口。!interfaceFastEthernet0/0descriptionServerFarmipaddressnoshutdown!步骤3.检验HQ能否ping通每台分支路由器。HQ#pingTypeescapesequencetoabort.所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第6页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=40/71/89msHQ#pingTypeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=35/60/69msHQ#ping0Typeescapesequencetoabort.Sending5,100-byteICMPEchosto0,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=23/58/87ms任务2:将PPP的身份验证方式配置为CHAP和PAP步骤1.使用PPP封装和CHAP身份验证配置从HQ到ISP的WAN链路。CHAP口令是ciscochap。usernameISPpasswordciscochapinterfaceSerial0/1/0descriptionLinktoISPipaddress52encapsulationppppppauthenticationchapnoshutdown步骤2.使用PPP封装和PAP身份验证配置从HQ到NewB的WAN链路。您需要将电缆连接到正确的接口。HQ是链路的DCE端。您需要选择时钟频率。PAP口令是ciscopap。usernameNewBpasswordciscopapinterfaceSerial0/0/1descriptionLinktoB4ipaddress5352encapsulationppppppauthenticationpapppppapsent-usernameHQpassword0ciscopapclockrate64000noshutdown步骤3.检验HQ能否ping通ISP和NewB。HQ#pingTypeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=17/30/38msHQ#ping54Typeescapesequencetoabort.所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第7页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习Sending5,100-byteICMPEchosto54,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=5/29/47ms任务3:在HQ上配置静态NAT和动态NAT步骤1.配置NAT。请遵循下列要求:.允许转换/8中的所有地址。.XYZ公司拥有40/29地址空间。XYZCORP池使用从.241到.245范围内的地址,子网掩码为/29。.位于的网站注册于IP地址为46的公共DNS系统。ipaccess-liststandardNAT_LISTpermit55!ipnatpoolXYZCORP4145netmask48ipnatinsidesourcelistNAT_LISTpoolXYZCORPoverloadipnatinsidesourcestatic46!interfacefa0/0ipnatinsideinterfaces0/0/0.41point-to-pointipnatinsideinterfaces0/0/0.42point-to-pointipnatinsideinterfaces0/0/0.43point-to-pointipnatinsideinterfaces0/0/1ipnatinsideinterfaces0/1/0ipnatoutside步骤2.使用扩展ping命令检验NAT是否在运作。使用HQLAN接口作为源地址,从HQpingISP上的serial0/0/0接口。此ping命令应该成功。HQ#pingProtocol[ip]:TargetIPaddress:Repeatcount[5]:Datagramsize[100]:Timeoutinseconds[2]:Extendedcommands[n]:ySourceaddressorinterface:Typeofservice[0]:SetDFbitinIPheader?[no]:Validatereplydata?[no]:Datapattern[0xABCD]:Loose,Strict,Record,Timestamp,Verbose[none]:Sweeprangeofsizes[n]:Typeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:Packetsentwithasourceaddressof!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=18/34/42ms所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第8页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习使用showipnattranslations命令检验NAT是否已将ping命令使用的内部地址进行了转换。HQ#showipnattranslationsProInsideglobalInsidelocalOutsidelocalOutsideglobalicmp41:35:35:35:35icmp41:36:36:36:36icmp41:37:37:37:37icmp41:38:38:38:38icmp41:39:39:39:39---46------任务4:配置静态路由和默认路由步骤1.配置HQ到达ISP的默认路由和到达NewBLAN的静态路由。请使用送出接口作为参数。iprouteSerial0/1/0iprouteSerial0/0/1步骤2.配置分支路由器到达HQ的默认路由。请使用下一跳IP地址作为参数。!B1iproute!B2iproute!B3iproute步骤3.检验ISP范围外的连通性。所有三台NewBPC以及NetAdminPC都应该能ping通Web服务器。!在NewB-PC1上PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Requesttimedout.Replyfrom34:bytes=32time=10msTTL=125Replyfrom34:bytes=32time=10msTTL=125Replyfrom34:bytes=32time=10msTTL=125Pingstatisticsfor34:Packets:Sent=4,Received=3,Lost=1(25%loss),Approximateroundtriptimesinmilli-seconds:Minimum=10ms,Maximum=10ms,Average=10msPC>!在NetAdmin上所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第9页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Replyfrom34:bytes=32time=12msTTL=126Replyfrom34:bytes=32time=188msTTL=126Replyfrom34:bytes=32time=8msTTL=126Replyfrom34:bytes=32time=8msTTL=126Pingstatisticsfor34:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=8ms,Maximum=188ms,Average=54msPC>任务5:配置VLAN间路由步骤1.配置每台分支路由器使其支持VLAN间路由。使用分支路由器的地址表配置并激活VLAN间路由的LAN接口。VLAN99为本征VLAN。!-----------------!分支路由器!-----------------!以路由器编号代替X。interfaceFastEthernet0/0noshutdown!interfaceFastEthernet0/0.10descriptionAdminVLAN10encapsulationdot1Q10ipaddress10.X.10.1!interfaceFastEthernet0/0.20descriptionSalesVLAN20encapsulationdot1Q20ipaddress10.X.20.1!interfaceFastEthernet0/0.30descriptionProductionVLAN30encapsulationdot1Q30ipaddress10.X.30.1!interfaceFastEthernet0/0.88descriptionWirelessVLAN88encapsulationdot1Q88ipaddress10.X.88.1!interfaceFastEthernet0/0.99descriptionMgmt&NativeVLAN99encapsulationdot1Q99nativeipaddress10.X.99.1!所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第10页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习步骤2.检查路由表。每台分支路由器现在都应该有六个直接相连的网络和一条静态默认路由。B1#showiproute<省略部分输出>Gatewayoflastresortistonetwork/8isvariablysubnetted,6subnets,2masksC/24isdirectlyconnected,FastEthernet0/0.10C/24isdirectlyconnected,FastEthernet0/0.20C/24isdirectlyconnected,FastEthernet0/0.30C/24isdirectlyconnected,FastEthernet0/0.88C/24isdirectlyconnected,FastEthernet0/0.99C/30isdirectlyconnected,Serial0/0/0S*/0[1/0]via任务6:配置和优化EIGRP路由步骤1.配置HQ、B1、B2和B3的EIGRP。.使用AS100。.在适当的接口上禁用EIGRP更新。.手动总结EIGRP路由,使每台分支路由器只向HQ通告10.X.0.0/16地址空间。注:PacketTracer无法准确地模拟EIGRP总结路由的优势。路由表仍将显示所有的子网,即使您已正确配置手动总结。!-----------------!HQ路由器!-----------------routereigrp100passive-interfaceFastEthernet0/0passive-interfaceSerial0/0/1passive-interfaceSerial0/1/0networknoauto-summary!!-----------------!分支路由器!-----------------!routereigrp100passive-interfaceFastEthernet0/0.10passive-interfaceFastEthernet0/0.20passive-interfaceFastEthernet0/0.30passive-interfaceFastEthernet0/0.99networknoauto-summary!!!以路由器编号代替X!所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第11页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习interfaceserial0/0/0ipsummary-addresseigrp10010.X.0.0步骤2.检查路由表和连通性。HQ路由器和分支路由器现在应该有完整的路由表。HQ#shiproute<省略部分输出>Gatewayoflastresortistonetwork/8isvariablysubnetted,21subnets,2masksC/24isdirectlyconnected,FastEthernet0/0D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43S/24isdirectlyconnected,Serial0/0/1C/30isdirectlyconnected,Serial0/0/0.41C/30isdirectlyconnected,Serial0/0/0.42C/30isdirectlyconnected,Serial0/0/0.43C52/30isdirectlyconnected,Serial0/0/1/30issubnetted,1subnetsCisdirectlyconnected,Serial0/1/0S*/0isdirectlyconnected,Serial0/1/0NetAdminPC现在应该能ping通每台分支路由器上的每个VLAN子接口。!在NetAdminPC上PacketTracerPCCommandLine1.0PC>pingPingingwith32bytesofdata:Replyfrom:bytes=32time=104msTTL=254Replyfrom:bytes=32time=104msTTL=254Replyfrom:bytes=32time=100msTTL=254Replyfrom:bytes=32time=132msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=100ms,Maximum=132ms,Average=110msPC>ping所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第12页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习Pingingwith32bytesofdata:Replyfrom:bytes=32time=83msTTL=254Replyfrom:bytes=32time=152msTTL=254Replyfrom:bytes=32time=118msTTL=254Replyfrom:bytes=32time=103msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=83ms,Maximum=152ms,Average=114msPC>pingPingingwith32bytesofdata:Replyfrom:bytes=32time=114msTTL=254Replyfrom:bytes=32time=99msTTL=254Replyfrom:bytes=32time=108msTTL=254Replyfrom:bytes=32time=153msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=99ms,Maximum=153ms,Average=118ms任务7:配置VTP、中继、VLAN接口和VLAN下列要求适用于所有三个分支。配置三台交换机中的一台。然后将这些交换机的脚本应用于其它两台交换机。步骤1.配置分支交换机的VTP。.BX-S1为VTP服务器。BX-S2和BX-S3为VTP客户端。.域名为XYZCORP。.口令为xyzvtp。步骤2.在BX-S1、BX-S2和BX-S3上配置中继。将适当的接口配置为中继模式并指定VLAN99为本征VLAN。步骤3.在BX-S1、BX-S2和BX-S3上配置VLAN接口和默认网关。步骤4.在BX-S1上创建VLAN。只在BX-S1上创建并命名"VLAN配置和端口映射"表中列出的VLAN。VTP会向BX-S1和BX-S2通告新的VLAN。!!在以下脚本中将"X"替换为分支路由器编号!!-----------!S1!-----------enableconfigureterminal所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第13页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习hostBX-S1enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeservervtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/5switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.21noshutipdefault-gateway10.X.99.1!vlan10nameAdminvlan20nameSalesvlan30nameProductionvlan88nameWirelessvlan99nameMgmt&Nativeendwr!-----------!S2!-----------enable所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第14页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习configureterminalhostBX-S2enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeclientvtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.22noshutipdefault-gateway10.X.99.1!endwr!-----------!S3!-----------enableconfigureterminalhostBX-S3enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeclient所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第15页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习vtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.23noshutipdefault-gateway10.X.99.1!endwr步骤5.检查这些VLAN是否已发送到BX-S2和BX-S3。使用适当的命令检查S2和S3是否已具有您在S1上创建的VLAN。PacketTracer模拟VTP通告可能需要花费数分钟的时间。一种强制发送VTP通告的快速方法是,将其中一台客户端交换机更改为透明模式然后再改回客户端模式。!所有交换机将拥有相似的输出。所有BX-S1交换机的VTP!工作模式都是服务器模式。B2-S2#showvtpstatusVTPVersion:2ConfigurationRevision:0MaximumVLANssupportedlocally:64NumberofexistingVLANs:10VTPOperatingMode:ClientVTPDomainName:xyzcorpVTPPruningMode:DisabledVTPV2Mode:DisabledVTPTrapsGeneration:DisabledMD5digest:0xCD0xBF0xDE0x4E0x0F0x790x7D0x3EConfigurationlastmodifiedby1at3-1-9300:43:41B2-S2#showvlanbriefVLANNameStatusPortsdefaultactiveFa0/5,Fa0/6,Fa0/7,Fa0/8Fa0/9,Fa0/10,Fa0/11,Fa0/12Fa0/13,Fa0/14,Fa0/15,Fa0/16Fa0/17,Fa0/18,Fa0/19,Fa0/20所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第16页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习Fa0/21,Fa0/22,Fa0/23,Fa0/24Gig1/1,Gig1/210Adminactive20Salesactive30Productionactive88Wirelessactive99Mgmt&Nativeactive1002fddi-defaultactive1003token-ring-defaultactive1004fddinet-defaultactive1005trnet-defaultactive任务8:分配VLAN并配置端口安全性步骤1.为接入端口分配VLAN。根据"VLAN配置和端口映射"表完成下列要求:.配置接入端口.为接入端口分配VLAN步骤2.配置端口安全性。使用下列策略在BX-S2接入端口上建立端口安全性:.仅允许一个MAC地址.将第一个学习到的MAC地址配置为"粘滞"在配置中.设置端口,使其在出现安全违规时关闭!-----------!BX-S3!-----------!interfaceFastEthernet0/7switchportaccessvlan88switchportmodeaccess!-----------!BX-S2!-----------!interfaceFastEthernet0/6switchportaccessvlan10switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown!interfaceFastEthernet0/11switchportaccessvlan20switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第17页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习!interfaceFastEthernet0/16switchportaccessvlan30switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown!步骤3.检查VLAN分配和端口安全性。使用适当的命令检查是否已正确分配接入VLAN,以及是否已启用端口安全策略。B1-S2#showvlanbriefVLANNameStatusPortsdefaultactiveFa0/5,Fa0/7,Fa0/8,Fa0/9Fa0/10,Fa0/12,Fa0/13,Fa0/14Fa0/15,Fa0/17,Fa0/18,Fa0/19Fa0/20,Fa0/21,Fa0/22,Fa0/23Fa0/24,Gig1/1,Gig1/210AdminactiveFa0/620SalesactiveFa0/1130ProductionactiveFa0/1688Wirelessactive99Mgmt&Nativeactive1002fddi-defaultactive1003token-ring-defaultactive1004fddinet-defaultactive1005trnet-defaultactiveB1-S2#showport-securityinterfacefa0/6PortSecurity:EnabledPortStatus:Secure-upViolationMode:ShutdownAgingTime:0minsAgingType:AbsoluteSecureStaticAddressAging:DisabledMaximumMACAddresses:1TotalMACAddresses:0ConfiguredMACAddresses:0StickyMACAddresses:0LastSourceAddress:Vlan:0000.0000.0000:0SecurityViolationCount:0任务9:配置STP步骤1.将BX-S1配置为根桥。将BX-S1的优先级设置为4096,使这些交换机始终成为所有VLAN的根桥。!-----------!BX-S1!-----------!spanning-treevlan1priority4096所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第18页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习spanning-treevlan10priority4096spanning-treevlan20priority4096spanning-treevlan30priority4096spanning-treevlan88priority4096spanning-treevlan99priority4096!步骤2.将BX-S3配置为备用根桥。将BX-S3的优先级设置为8192,使这些交换机始终成为所有VLAN的备用根桥。!-----------!BX-S3!-----------!spanning-treevlan1priority8192spanning-treevlan10priority8192spanning-treevlan20priority8192spanning-treevlan30priority8192spanning-treevlan88priority8192spanning-treevlan99priority8192!步骤3.检验BX-S1是否成为根桥。!对于所有交换机上的所有VLAN,输出都应当是类似的。!B1-S1#showspanning-treevlan10VLAN0010SpanningtreeenabledprotocolieeeRootIDPriority4106Address00D0.BA3D.2C94ThisbridgeistherootHelloTime2secMaxAge20secForwardDelay15secBridgeIDPriority4106(priority4116sys-id-ext10)Address00D0.BA3D.2C94AgingTime300InterfaceRoleStsCostPrio.NbrTypeFa0/3DesgFWD19128.3ShrFa0/1DesgFWD19128.3ShrFa0/2DesgFWD19128.3ShrFa0/5DesgFWD19128.3ShrFa0/4DesgFWD19128.3Shr任务10:配置DHCP步骤1.为每个VLAN配置DHCP池。在每台分支路由器上,依据下列要求为每个VLAN配置DHCP池:.对于LAN,在每个池中排除前10个IP地址。.对于无线LAN,在每个池中排除前24个IP地址。.池的名称为BX_VLAN##,其中X是路由器编号,##是VLAN编号。所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第19页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习.将连接到HQ服务器群的DNS服务器包含在内作为DHCP配置的组成部分。!-----------!B1!-----------!ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB1_VLAN10networkdefault-routerdns-serveripdhcppoolB1_VLAN20networkdefault-routerdns-serveripdhcppoolB1_VLAN30networkdefault-routerdns-serveripdhcppoolB1_VLAN88networkdefault-routerdns-server!-----------!B2!-----------!ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB2_VLAN10networkdefault-routerdns-serveripdhcppoolB2_VLAN20networkdefault-routerdns-serveripdhcppoolB2_VLAN30networkdefault-routerdns-serveripdhcppoolB2_VLAN88networkdefault-routerdns-server!-----------!B3!-----------!所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第20页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB3_VLAN10networkdefault-routerdns-serveripdhcppoolB3_VLAN20networkdefault-routerdns-serveripdhcppoolB3_VLAN30networkdefault-routerdns-serveripdhcppoolB3_VLAN88networkdefault-routerdns-server步骤2.配置PC使用DHCP。目前,这些PC配置为使用静态IP地址。请将此配置更改为DHCP。步骤3.检验PC和无线路由器是否有IP地址。步骤4.检验连通性。所有通过物理方式连接到网络中的PC都应该能ping通Web服务器。!在B1-PC1上PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Replyfrom34:bytes=32time=234msTTL=125Replyfrom34:bytes=32time=184msTTL=125Replyfrom34:bytes=32time=230msTTL=125Replyfrom34:bytes=32time=228msTTL=125Pingstatisticsfor34:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=184ms,Maximum=234ms,Average=219msPC>任务11:配置防火墙ACL步骤1.检验OutsideHost的连通性。OutsideHostPC应该能ping通位于的服务器。所有内容版权所有.1992-2007CiscoSystems,Inc.保留所有权利。本文档为Cisco公开信息。第21页(共31页)CCNAExploration接入WAN:网络故障排除PT练习8.6.1:CCNA综合技巧练习!-----------!OutsideHost!-----------!PacketTracerPCCommandLine1.0PC>pingPinging46with32bytesofdata:Replyfrom46:bytes=32time=45msTTL=126Replyfrom46:bytes=32time=115msTTL=126Replyfrom46:bytes=32time=124msTTL=126Replyfrom46:bytes=32time=101msTTL=126Pingstatisticsfor46:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=45ms,Maximum=124ms,Average=96msPC>步骤2.实施基本的防火墙ACL。由于ISP提供通往Internet的连接,因此请按照下列顺序配置名为FIREWALL的命名ACL

人人文库> 全部分类> 毕业设计 > 文献综述

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论