Professional Documents
Culture Documents
2015CCNA 200-120 實驗手冊
2015CCNA 200-120 實驗手冊
m
co
o.
ct
51
u.
ed
编 著:晁海江
http://edu.51cto.com/lecturer/user_id-532091.html
目 录
实验 1:思科设备基本配置 ...................................................................................... 1
实验 3:备份和还原配置文件 ............................................................................... 10
实验 4:交换机密码恢复........................................................................................ 12
实验 5:路由器密码恢复........................................................................................ 15
实验 6:基本配置命令综合实验训练 ................................................................... 17
m
实验 7:配置交换机管理地址和默认网关 .......................................................... 26
co
实验 8:配置 VLAN ................................................................................................ 31
实验 11:配置单臂路由 ......................................................................................... 43
ct
实验 15:配置交换机端口安全 ............................................................................. 59
ed
实验 16:交换综合实验训练 ................................................................................. 63
实验 17:配置静态路由 ......................................................................................... 67
实验 18:配置浮动静态路由 ................................................................................. 71
http://edu.51cto.com/lecturer/user_id-532091.html
1
实验 23:配置 OSPF 多区域 ................................................................................. 87
m
实验 31:配置思科 DHCP ................................................................................... 121
co
实验 32:配置思科 NAT 静态端口映射 ............................................................ 125
http://edu.51cto.com/lecturer/user_id-532091.html
2
实验 1:思科设备基本配置
实验拓扑:
实验目标:
m
1:了解 Cisco Packet Tracer 模拟器的使用方法
2:掌握思科设备通用的配置命令
co
实验步骤:
1:使用思科交换机和路由器练习通用命令
2:配置思科路由器的常用命令
o.
3:配置思科交换机的常用命令
4:总结常用的 show 命令
ct
实验总结:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
1
实验配置:
1:通用命令
Switch> # 用户模式,类似于电脑系统的来宾账户
Switch>enable # 特权模式,类似于电脑系统的管理员账户,最高权限
Switch#disable # 特权模式的返回命令,可以返回到用户模式
Switch>e? # 字母加?显示当前模式下此字母开头的所有命令,供选择
enable exit # 当前 e 开头的命令有两个
Switch>e # 命令支持简写,但是必须所敲字符已唯一,不唯一会报错
% Ambiguous command: "e" # 由于 e 开头的命令不唯一,所以系统无法识别
Switch>en # en 开头的命令已唯一,系统识别为 enable 命令
Switch# # 使用简写命令 en 成功登陆特权模式
m
Switch#configure ? # 命令加?可以显示此命令后还可以输入的命令或参数
terminal Configure from the terminal
<cr>
co
Switch#configure terminal # 进入配置模式,所有的配置均要先进入此模式
Switch(config)#hostname # 配置设备名称
% Incomplete command. # 提示命令输入不完整,说明 hostname 后还需要继续输入
o.
Switch(config)#hostname ? # 可以使用?查看输入提示
WORD This system's network name # 提示需要输入自定义的系统名称
ct
ccna(config)#hostnameee ccna
^
51
http://edu.51cto.com/lecturer/user_id-532091.html
2
<0-15> First Line number # 当前设备最大支持 16 条虚拟终端线
ccna(config)#line vty 0 8 # 对前 9 条虚拟终端线进行配置
ccna(config-line)#password ccna # 配置 vty 密码,即 telnet 密码
ccna(config-line)#login # 配置 vty 登陆验证
ccna(config-line)#exec-timeout 5 30 # 配置 vty 超时时间为 5 分钟 30 秒
ccna(config-line)#logging synchronous # 开启 vty 日志同步功能
ccna(config-line)#exit
m
ccna(config)#interface fa0/1 # 进入接口配置模式,配置某个接口
ccna(config-if)#description it,addny,qq,396898532 # 配置接口描述,方便管理
co
ccna(config-if)#speed ? # 配置端口的速率,可以用?查看当前接口支持的速率
10 Force 10 Mbps operation
100 Force 100 Mbps operation
o.
auto Enable AUTO speed configuration
ccna(config-if)#speed 100 # 配置端口的速率为 100M
ccna(config-if)#duplex ? # 配置端口双工模式,可以用?查看当前接口支持的模式
ct
auto Enable AUTO duplex configuration
full Force full duplex operation
51
ccna#reload # 重启设备
ccna#erase startup-config # 清除当前配置,但不清除保存在 Flash 中的配置
2:交换机命令
Switch>
Switch>enable
Switch#configure terminal
Switch(config)#hostname ccna
ccna(config)#interface vlan 1 # 配置 VLAN1 地址即是配置交换机的管理地址
ccna(config-if)#ip address 192.168.1.1 255.255.255.0
ccna(config-if)#no shutdown # 交换机的 VLAN1 虚拟接口需要手工开启
ccna(config-if)#exit
ccna(config)#ip default-gateway 192.168.1.254 # 配置交换机默认网关
http://edu.51cto.com/lecturer/user_id-532091.html
3
3:路由器命令
Continue with configuration dialog? [yes/no]: n # 命令 no,跳出对话配置模式
Router>
Router>enable
Router#configure terminal
Router(config)#hostname ccna
R1(config-if)#inter s0/3/0
R1(config-if)#ip address 192.168.1.3 255.255.255.0
m
% 192.168.1.0 overlaps with FastEthernet0/0 # 网段和 fa0/0 口重叠,每个端口应配置独立网段
R1(config-if)#ip address 192.168.2.2 255.255.255.0 # 重新配置地址在一个独立的网段
co
R1(config-if)#no shutdown
R1(config-if)#clock rate 64000 o. # 配置 DCE 接口时钟频率
4:常用 show 命令
ct
R1#show running-config # 查看当前配置,包括设备的默认配置
R1#show startup-config # 查看启动配置,即已经保存好的配置
51
http://edu.51cto.com/lecturer/user_id-532091.html
4
实验 2:备份和还原 IOS
实验拓扑:
m
co
o.
实验目标:
ct
1:学会通过 TFTP 服务器备份 IOS
2:学会通过 TFTP 服务器还原 IOS
51
实验步骤:
u.
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
5
实验配置一:备份和还原交换机
备份和还原交换机 IOS
1:建立交换机和 TFTP 服务器的连接
sw1(config)#hostname SW1
SW1(config)#interface vlan 1
if)#ip address 192.168.1.1 255.255.255.0
SW1(config-if)#ip
SW1(config-if)#no shutdown
配置 TFTP 服务器地址:
m
co
o.
ct
测试交换机与 TFTP 服务器之间的连接
服务器之间的连接:
SW1#ping 192.168.1.2
51
2:备份交换机的 IOS
SW1#show flash:
ed
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
64016384 bytes total (59601463 bytes free)
http://edu.51cto.com/lecturer/user_id-532091.html
6
m
co
o.
3:还原交换机的 IOS
SW1#copy tftp: flash:
Address or name of remote host []? 192.168.1.2
ct
Source filename []? c2960-text.bin
text.bin
Destination filename [c2960-text.bin]?
text.bin]?
51
Accessing tftp://192.168.1.2/c2960
tftp://192.168.1.2/c2960-text.bin...
Loading 2960-text.bin from 192.168.1.2: !!!!!!!!!! !!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!(略)
SW1#show flash:
u.
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
2 -rw- 4414921 <no date> c2960-text.bin
ed
SW1#delete flash:
Delete filename []?c2960-text.bin
text.bin
Delete flash:/c2960-text.bin?
text.bin? [confirm]
SW1#show flash:
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
64016384 bytes total (59601463 bytes free)
http://edu.51cto.com/lecturer/user_id-532091.html
7
实验配置二:备份和还原路由器 IOS
1:建立路由器和 TFTP 服务器的连接
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
TFTP 服务器地址配置 (略)
m
2:备份路由器的 IOS
R1#show flash:
System flash directory:
co
File Length Name/status
3 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin
2 28282 sigdef-category.xml
o.
1 227537 sigdef-default.xml
[51193823 bytes used, 12822561 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
ct
R1#copy flash: tftp:
51
c2800nm-advipservicesk9-mz.124-15.T1.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(略)
[OK - 50938004 bytes]
50938004 bytes copied in 0.849 secs (59997000 bytes/sec)
ed
3:还原路由器的 IOS:
R1#copy tftp: flash:
Address or name of remote host []? 192.168.1.2
Source filename []? c2800-text.bin
Destination filename [c2800-text.bin]?
Accessing tftp://192.168.1.2/c2800-text.bin...
Loading c2800-text.bin from 192.168.1.2: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(略)
[OK - 50938004 bytes]
50938004 bytes copied in 0.876 secs (4216168 bytes/sec)
%Error copying tftp://192.168.1.2/c2800-text.bin (Not enough space on device)
http://edu.51cto.com/lecturer/user_id-532091.html
8
R1#delete flash:
Delete filename []?c2800nm-advipservicesk9-mz.124-15.T1.bin
Delete flash:/c2800nm-advipservicesk9-mz.124-15.T1.bin? [confirm]
R1#show flash:
System flash directory:
m
File Length Name/status
4 50938004 c2800-text.bin
2 28282 sigdef-category.xml
co
1 227537 sigdef-default.xml
[51193823 bytes used, 12822561 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
9
实验 3:备份和还原配置文件
实验拓扑:
m
co
o.
实验目标:
ct
1:学会通过 TFTP 服务器备份配置文件
2:学会通过 TFTP 服务器还原配置文件
51
实验步骤:
1:使用 TFTP 服务器备份交换机配置文件
u.
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
10
实验配置一:备份和还原交换机的配置文件
备份和还原交换机的配置文件
一:基本配置同实验 2(略)
二:备份交换机的配置文件
SW1#copy startup-config tftp:
Address or name of remote host []? 192.168.1.2
Destination filename [SW1-confg]?
confg]?
Writing startup-config....!!
[OK - 1047 bytes]
1047 bytes copied in 3.008 secs (0 bytes/sec)
查看 TFTP 服务器文件接收情况:
m
co
o.
ct
51
u.
三:还原交换机的配置文件
SW1(config)#hostname SW123456789
ed
实验配置二:备份和还原路由器的配置文件
备份和还原路由器的配置文件(略)
配置同交换机操作,可以自行完成实验
可以自行完成实验
http://edu.51cto.com/lecturer/user_id-532091.html
11
实验 4:交换机密码恢复
实验拓扑:
实验目标:
掌握路由器密码恢复的方法
实验步骤:
1:设置特权密码
m
2:进入 switch:
3:修改配置文件
co
3:重置密码并保存
实验总结:
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
12
实验配置:
1:配置任意混乱的特权加密密码
Switch>
Switch>en
Switch(config)#hostname sw1
sw1(config)#ena sec sdfsafsdfad
sw1(config)#end
sw1#wr
2:保存配置并重启
R1#wr
Building configuration...
[OK]
m
在命令行重启前(或在插入电源前) ,按住交换机 MODE 键
R1#reload
直到交换机的端口 1 灯熄灭,此时可松开 MODE 键
3:进入 switch:修改配置文件名称
switch:
co
o.
switch: ?
? -- Present list of available commands
boot -- Load and boot an executable image
ct
cat -- Concatenate (type) file(s)
copy -- Copy a file
51
switch: flash_init
Initializing Flash...
ed
switch: load_helper
http://edu.51cto.com/lecturer/user_id-532091.html
13
5343744 bytes available (10655232 bytes used)
switch: rename flash:startup-config flash:startup-config1
switch: boot
Loading
"flash:c3550-ipservicesk9-mz.122-35.SE3.bin"...##########################################
#################################################
4:重新进入系统,加载配置文件并重置密码
Would you like to enter the initial configuration dialog? [yes/no]: n
Switch>
Switch>en
m
Switch#copy flash:startup-config system:running-config
co
sw1#
sw1#conf t
sw1(config)#no ena secret
o.
sw1(config)#end
5:保存配置重启验证
ct
sw1#wr
sw1#reload
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
14
实验 5:路由器密码恢复
实验拓扑:
实验目标:
掌握路由器密码恢复的方法
m
实验步骤:
co
1:设置特权密码
2:进入 rommon 模式
3:重置密码并保存
o.
实验总结:
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
15
实验配置:
1:配置任意混乱的特权加密密码
Router(config)#hostname R1
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#enable secret sdfsdfaswefsafdfasdf
2:保存配置并重启
R1#wr
Building configuration...
[OK]
R1#reload
Proceed with reload? [confirm]
m
(省略部分输出)
###########
(省略部分输出)
4:重新进入系统,并重置特权密码
u.
Router>enable
Router# copy running-config startup-config
R1#
R1#configure terminal
R1(config)#enable password ccna
R1(config)#config-register 0x2102
R1(config)#end
R1#wr
5:测试新密码
Router#reload
R1>en
Password:
R1#
http://edu.51cto.com/lecturer/user_id-532091.html
16
实验 6:基本配置命令综合实验训练
实验拓扑:
m
co
o.
ct
实验目标:
1:通过综合实验复习思科交换机、路由器的基本配置命令
51
2:深度挖掘 PT 模拟器的功能
实验要求:
u.
5 分钟 30 秒
3:配置所有设备的特权加密密码:ciscoccna@;console 密码:ciscoccnp#;vty(0-4)密码(SW1
除外):ciscoccie$;所有 password 密码都需要加密;并配置 R2 登陆横幅:this is R2,接口描述为:
connect R1
4:关闭连接 PC 端口的 CDP
5:确保 PC0 可以远程管理 SW1,可以使用下列用户名密码登陆:用户名 ccna,密码 ccna;用户名
ccnp,密码 ccnp;用户名 ccie,密码 ccie
6:通过 TFTP 服务器备份 R1 的启动文件,备份 SW1 的 IOS
7:PC0 可以访问 WEB 服务器,域名为 www.chaohaijiang.com
8:在 R1 上配置 LOG 服务器和 NTP 服务器
9:还原 R2 的特权密码为空
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
17
实验配置:
1:在 R1、R2 上分别添加 WIC-1T 和 WIC
WIC-2T 模块
R1 添加 WIC-1T 模块演示:
(R2 略)
m
co
o.
ct
51
u.
2:根据拓扑所示,配置设备接口地址配置设备接口地址、PC 地址和网关等
Router>en
ed
Router#conf t
Router(config)#host R2
R2(config)#inter s0/3/0
R2(config-if)#ip add 172.16.1.1 255.255.255.0
R2(config-if)#cl rate 64000
R2(config-if)#no shut
Router>en
Router#conf t
Router(config)#host R1
R1(config)#inter s0/3/0
R1(config-if)#ip
if)#ip add 172.16.1.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#inter fa0/0
http://edu.51cto.com/lecturer/user_id-532091.html
18
R1(config-if)#ip add 192.168.2.254 255.255.255.0
R1(config-if)#no shut
R1(config-if)#inter fa0/1
R1(config-if)#ip add 192.168.1.254 255.255.255.0
R1(config-if)#no shut
Switch>en
Switch#conf t
Switch(config)#host SW1
SW1(config)#inter vlan 1
SW1(config-if)#ip add 192.168.2.253 255.255.255.0
SW1(config-if)#no shut
PC 地址和网关配置略
m
3:测试所有直连网络的通信(略)
4:关闭域名解析、配置日志同步、超时时间
co
R2(config)#line con 0
R2(config-line)#logg syn
R2(config-line)#exec-t 0 0
o.
R2(config-line)#line vty 0 4
R2(config-line)#logg syn
R2(config-line)#exec-t 5 30
ct
R2(config-line)#exit
51
R1(config)#no ip domain-lo
R1(config)#line con 0
R1(config-line)#logg syn
R1(config-line)#no exec-t
u.
R1(config-line)#line vty 0 4
R1(config-line)#logg syn
R1(config-line)#exec-t 5 30
ed
SW1(config)#no ip domain-lo
SW1(config)#line con 0
SW1(config-line)#logg syn
SW1(config-line)#exec-t 0 0
SW1(config-line)#line vty 0 4
SW1(config-line)#logg syn
SW1(config-line)#exec-t 5 30
5:配置相关密码、横幅、接口描述
R2(config)#banner motd # this is R2 #
R2(config)#enable secret ciscoccna@
R2(config)#line con 0
R2(config-line)#pass ciscoccnp#
http://edu.51cto.com/lecturer/user_id-532091.html
19
R2(config-line)#login
R2(config-line)#line vty 0 4
R2(config-line)#pass ciscoccie$
R2(config-line)#login
R2(config-line)#inter s0/3/0
R2(config-if)#description connect R1
R2(config-if)#exit
R2(config)#service password-encryption
m
R1(config-line)#login
R1(config-line)#exit
R1(config)#ser pass
6:关闭设备部分接口的 CDP
R1(config)#inter fa0/1
R1(config-if)#no cdp en
u.
SW1(config)#line vty 0 4
SW1(config-line)#login local
http://edu.51cto.com/lecturer/user_id-532091.html
20
PC0 测试 telnet SW1:
8:备份 R1 的配置文件
m
R1#w
Building configuration...
[OK]
http://edu.51cto.com/lecturer/user_id-532091.html
21
9:备份 SW1 的 IOS
SW1#show flash:
Directory of flash:/
1 -rw- 4414921 <no date> c2960-lanbase-mz.122-25.FX.bin
64016384 bytes total (59601463 bytes free)
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
22
10:配置 WEB 服务器和 DNS 服务器
设置 WEB 服务器:
m
co
o.
ct
设置 DNS 服务器:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
23
设置 PC0 的 DNS:
PC0 使用浏览器访问:
m
co
o.
ct
11:配置 NTP 服务器、LOG 服务器
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
24
R1(config)#service timestamps log datetime msec
R1(config)#ntp server 192.168.2.4
R1(config)#ntp update-calendar
查看 LOG 服务器记录日志信息:
m
co
o.
ct
51
12:还原 R2 的特权密码为空
u.
http://edu.51cto.com/lecturer/user_id-532091.html
25
实验 7:配置交换机管理地址和默认网关
实验拓扑:
实验目标:
m
1:理解交换机默认 VLAN 的作用
2:理解交换机默认网关的作用
co
3:实现交换机远程管理
实验步骤:
o.
1:根据拓扑所示,配置对应的 IP 地址
2:配置 SW1 的管理地址,使其能够被 PC0 远程管理(3 种方法)
ct
(1)使用 telnet 密码登陆:密码:ccna5188$ 特权密码:ccnp@5188
(2)使用用户名密码登陆:用户名:ccna 密码:ccna5188$
51
(3)无密码登陆
3:配置 SW1 的默认网关,使其能够被 PC1 远程管理
u.
实验总结:
ed
http://edu.51cto.com/lecturer/user_id-532091.html
26
实验配置:
1:PC 配置(略)
2:配置交换机管理 IP 地址
Switch (config)#hostname SW1
SW1(config)#inter vlan 1
SW1(config-if)#ip address 192.168.1.1 255.255.255.0
SW1(config-if)#no shutdown
3:路由器基本配置
Router(config)#host R1
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shut
m
R1(config-if)#inter fa0/1
R1(config-if)#ip address 192.168.2.254 255.255.255.0
R1(config-if)#no shut
4:直连网络通信测试
PC0 测试结果:
co
o.
ct
51
u.
ed
PC1 测试结果:
http://edu.51cto.com/lecturer/user_id-532091.html
27
路由器 R1 接口状态查看:
R1#show ip inter brief
Interface IP-Address OK? Method Status Protocol
m
SW1(config-line)#exit
SW1(config)#enable secret ccnp@5188
co
6:测试远程管理
PC0 telnet SW1:
o.
ct
51
u.
ed
7:配置使用用户名密码管理 telnet
SW1(config)#username ccna password ccna5188$
SW1(config)#line vty 0 8
SW1(config-line)#login local
SW1(config-line)#exit
http://edu.51cto.com/lecturer/user_id-532091.html
28
PC0 telnet SW1
8:配置无密码 telnet 管理
m
SW1(config)#line vty 0 8
SW1(config-line)#no login
SW1(config-line)#exit
co
o.
ct
51
测试网络连通性(PC1)
10:配置交换机的默认网关,实现跨网段的远程管理
SW1(config)#ip default-gateway 192.168.1.254
http://edu.51cto.com/lecturer/user_id-532091.html
29
再次测试网络连通性(PC1)
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
30
实验 8:配置 VLAN
实验拓扑:
m
co
o.
实验目标:
ct
1:学会配置 VLAN,实现交换机广播域的隔离
2:体会 VLAN 的优缺点
51
实验步骤:
1:根据拓扑所示,在 SW1 上创建需要的 VLAN,并命名
u.
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
31
实验配置:
1:查看交换机目前的 VLAN 配置情况
Switch(config)#hostname SW1
SW1(config)#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
1002 fddi-default active
m
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
2:创建 VLAN
SW1(config)#vlan 2
co
o.
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
SW1(config-vlan)#name it
ct
SW1(config-vlan)#do show vlan bri
VLAN Name Status Ports
51
Gig1/1, Gig1/2
2 fd active
3 it active
(此处省略部分输出)
3:配置端口模式并划分端口至对应 VLAN
SW1(config)#interface range fa0/1-5
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#inter range fa0/1-2
SW1(config-if-range)#switchport access vlan 2
SW1(config-if-range)#inter range fa0/3-5
SW1(config-if-range)#switchport access vlan 3
http://edu.51cto.com/lecturer/user_id-532091.html
32
SW1(config-if-range)#do show vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
2 fd active Fa0/1, Fa0/2
3 it active Fa0/3, Fa0/4, Fa0/5
(此处省略部分输出)
m
5:测试 VLAN 内通信
VLAN2 内部通信测试(PC0):(部分)
co
o.
ct
VLAN3 内部通信测试(PC2):(部分)
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
33
实验 9: 配置 trunk
实验拓扑:
m
实验目标:
1:学会配置 trunk,实现端到端 VLAN 通信
co
o.
2:配置 trunk 流量控制
3:修改 native VLAN
ct
实验步骤:
51
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
34
实验配置:
1:配置 PC 地址(略)
Switch(config)#hostname SW2
SW2(config-line)#vlan 2
SW2(config-vlan)#name fd
SW2(config-vlan)#vlan 3
m
SW2(config-vlan)#name it
3:配置端口模式并划分端口至对应 VLAN
co
SW1(config-vlan)#interface range fa0/1-2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 2
o.
SW1(config-if-range)#interface range fa0/3-5
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 3
ct
SW1(config-if-range)#do show vlan bri
51
Gig1/2
2 fd active Fa0/1, Fa0/2
3 it active Fa0/3, Fa0/4, Fa0/5
(此处省略部分输出)
SW2(config-vlan)#interface fa0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 2
SW2(config-if)#interface fa0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 3
http://edu.51cto.com/lecturer/user_id-532091.html
35
SW2(config-if)#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig1/1, Gig1/2
2 fd active Fa0/1
3 it active Fa0/2
(此处省略部分输出)
4:配置 trunk
SW1(config)#interface gi1/1
m
SW1(config-if)#switchport mode trunk
SW2(config)#interface gi1/1
SW2(config-if)#switchport mode trunk
PC2 测试:
(部分)
6:配置中继流量控制
SW1(config)#inter gi1/1
SW1(config-if)#switchport trunk allowed vlan remove 3
SW2(config)#inter gi1/1
SW2(config-if)#switchport trunk allowed vlan remove 3
http://edu.51cto.com/lecturer/user_id-532091.html
36
SW2(config-if)#do show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gig1/1 on 802.1q trunking 1
m
SW1(config)#inter gi1/1
SW1(config-if)#switchport trunk allowed vlan add 3
co
SW2(config)#inter gi1/1
SW2(config-if)#switchport trunk allowed vlan add 3
再次测试中继两端 VLAN3 的通信(PC2)
o.
ct
51
SW1(config)#interface gi1/1
SW1(config-if)#switchport trunk native vlan 90
SW2(config)#interface gi1/1
ed
http://edu.51cto.com/lecturer/user_id-532091.html
37
实验 10:配置 DTP
实验拓扑:
m
co
o.
实验目标:
ct
1:学会配置自动 trunk
2:理解 DTP 各模式的搭配
51
实验步骤:
1:按拓扑要求配置不同的 DTP 模式
u.
2:记录并理解哪些模式搭配能够成为中继
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
38
实验配置:
1:查看交换机默认 DTP 模式(2960)
SW1#show interfaces fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
(以下省略部分输出)
2:配置拓扑一:auto + auto(默认)
SW1#show interfaces trunk
SW2#show interfaces trunk
3:配置拓扑二:desirable + desirable
m
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode dynamic desirable
SW2(config)#interface fa0/1
co
SW2(config-if)#switchport mode dynamic desirable
4:配置拓扑三:desirable + auto
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode dynamic desirable
ed
5:配置拓扑四:trunk + auto
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode trunk
http://edu.51cto.com/lecturer/user_id-532091.html
39
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
(以下省略部分输出)
6:配置拓扑四:trunk + desirable
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode trunk
SW2(config)#interface fa0/1
SW2(config-if)#switchport mode dynamic desirable
m
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
co
Fa0/1 on 802.1q trunking 1
(以下省略部分输出)
o.
SW2#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable n-802.1q trunking 1
ct
(以下省略部分输出)
51
http://edu.51cto.com/lecturer/user_id-532091.html
40
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
(以下省略部分输出)
SW2#show interfaces trunk
9:配置拓扑五:access + auto
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode access
SW1#show interfaces trunk
SW2#show interfaces trunk
10:配置拓扑五:access + desirable
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode access
m
SW2(config)#interface fa0/1
SW2(config-if)#switchport mode dynamic desirable
SW1#show interfaces trunk
co
SW2#show interfaces trunk
11:配置拓扑六:trunk + access
o.
SW1(config)#interface fa0/1
SW1(config-if)#switchport mode trunk
ct
SW2(config)#interface fa0/1
SW2(config-if)#switchport mode access
51
(以下省略部分输出)
12:关于拓扑六的讨论
http://edu.51cto.com/lecturer/user_id-532091.html
41
SW1(config)#interface fa0/2
SW1(config-if)#switchport mode access
SW2(config)#vlan 2
SW2(config-vlan)#interface range fa0/1-2
SW2(config-if-range)#switchport mode access
SW2(config-if-range)#switchport access vlan 2
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
42
实验 11:配置单臂路由
实验拓扑:
m
co
o.
ct
实验目标:
1:学会配置路由器子接口
51
实验步骤:
1:参照实验 8、9 完成交换机的基本配置
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
43
实验配置:
1:交换机的 VLAN 和 trunk 等配置(参考实验 8、9)
Switch(config)#hostname SW1
SW1(config)#vlan 2
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
SW1(config-vlan)#name it
SW1(config-vlan)#interface range fa0/1-2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 2
SW1(config-if-range)#interface range fa0/3-5
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 3
SW1(config-if-range)#do show vlan brief
m
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/7, Fa0/8, Fa0/9
co
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
o.
Fa0/22, Fa0/23, Fa0/24, Gig1/1
Gig1/2
2 fd active Fa0/1, Fa0/2
ct
3 it active Fa0/3, Fa0/4, Fa0/5
(省略部分输出)
51
SW1(config-if-range)#interface gi1/1
SW1(config-if)#switchport mode trunk
u.
SW2(config)#hostname SW2
SW2(config)#vlan 2
SW2(config-vlan)#name fd
ed
SW2(config-vlan)#vlan 3
SW2(config-vlan)#name it
SW2(config-vlan)#interface fa0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 2
SW2(config-if)#interface fa0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 3
SW2(config-if)#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
http://edu.51cto.com/lecturer/user_id-532091.html
44
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig1/2
2 fd active Fa0/1
3 it active Fa0/2
(省略部分输出)
SW2(config-if)#interface gi1/1
SW2(config-if)#switchport mode trunk
SW2(config-if)#do show interface trunk
Port Mode Encapsulation Status Native vlan
Gig1/1 on 802.1q trunking 1
(省略部分输出)
m
SW1(config)#interface fa0/24
SW1(config-if)#switchport mode trunk
co
3:配置路由器的子接口
Router(config)#hostname R1
R1(config)#interface fa0/0
o.
R1(config-if)#no shutdown
R1(config-if)#exit
ct
R1(config)#interface fa0/0.?
<0-4294967295> FastEthernet interface number
51
R1(config)#interface fa0/0.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#ip address 192.168.2.254 255.255.255.0
R1(config-subif)#interface fa0/0.3
u.
R1(config-subif)#encapsulation dot1Q 3
R1(config-subif)#ip address 192.168.3.254 255.255.255.0
ed
http://edu.51cto.com/lecturer/user_id-532091.html
45
5:测试 VLAN 间通信(部分)
PC0 测试:
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
46
实验 12:配置 3 层交换机 VLAN 间通信
实验拓扑:
m
co
o.
ct
实验目标:
1:理解并配置交换机的 SVI
51
实验步骤:
u.
1:开启三层交换机的路由功能
2:配置 SW1 上 VLAN2、VLAN3 的 SVI,并查看端口状态
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
47
实验配置:
1:SW2 的基本配置(二层交换机)
Switch(config)#hostname SW2
SW2(config)#vlan 2
SW2(config-vlan)#name fd
SW2(config-vlan)#vlan 3
SW2(config-vlan)#name it
SW2(config-vlan)#interface range fa0/1-2
SW2(config-if-range)#switchport mode access
SW2(config-if-range)#switchport access vlan 2
SW2(config-if-range)#interface fa0/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 3
SW2(config-if)#do show vlan bri
m
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
co
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
o.
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig1/1, Gig1/2
2 fd active Fa0/1, Fa0/2
ct
3 it active Fa0/3
(省略部分输出)
51
SW1(config-if)#interface gi1/1
SW1(config-if)#switchport mode trunk
u.
2:开启 3 层交换机的路由功能
Switch(config)#hostname SW1
SW1(config)#ip routing
ed
SW1(config)#vlan 2
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
SW1(config-vlan)#name it
SW1(config-vlan)#interface vlan 2
SW1(config-if)#ip address 192.168.2.254 255.255.255.0
SW1(config-if)#interface vlan 3
SW1(config-if)#ip address 192.168.3.254 255.255.255.0
http://edu.51cto.com/lecturer/user_id-532091.html
48
SW1(config-if)#do show vlan bri
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/2
2 fd active
3 it active
(省略部分输出)
m
(省略部分输出)
Vlan2 192.168.2.254 YES manual up up
co
Vlan3 192.168.3.254 YES manual up up
4:配置 PC 网关(略)
o.
VLAN2 所有 PC 网关为:192.168.2.254
VLAN2 所有 PC 网关为:192.168.3.254
ct
5:测试 VLAN 间通信(部分)
PC0 测试:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
49
实验 13:配置 STP、RSTP 以及负载均衡
实验拓扑:
m
co
o.
ct
实验目标:
1:了解 STP 的运行原理
51
实验步骤:
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
50
实验配置:
1:配置 trunk
Switch(config)#hostname SW1
SW1(config)#interface range fa0/23-24
SW1(config-if-range)#switchport mode trunk
Switch(config)#hostname SW2
SW2(config)#interface range fa0/23-24
SW2(config-if-range)#switchport mode trunk
Switch(config)#hostname SW3
SW3(config)#interface range fa0/23-24
SW3(config-if-range)#switchport mode trunk
m
SW1#show interfaces trunk (SW2、SW3 查看结果同 SW1)
Port Mode Encapsulation Status Native vlan
Fa0/23 on 802.1q trunking 1
co
Fa0/24 on 802.1q trunking 1
(以下省略部分配置)
o.
2:配置 VLAN
SW1(config)#vlan 2
SW1(config-vlan)#nam
ct
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
51
SW1(config-vlan)#name it
SW2(config)#vlan 2
SW2(config-vlan)#name
u.
SW2(config-vlan)#name fd
SW2(config-vlan)#vlan 3
SW2(config-vlan)#name it
ed
SW3(config)#vlan 2
SW3(config-vlan)#name fd
SW3(config-vlan)#vlan 3
SW3(config-vlan)#name it
3:划分接入层交换机端口至对应 VLAN
SW3(config)#interface range fa0/1-2
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#switchport access vlan 2
SW3(config-if-range)#interface range fa0/3-4
SW3(config-if-range)#switchport mode access
SW3(config-if-range)#switchport access vlan 3
http://edu.51cto.com/lecturer/user_id-532091.html
51
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gig1/1, Gig1/2
2 fd active Fa0/1, Fa0/2
3 it active Fa0/3, Fa0/4
(以下省略部分配置)
m
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.9766.27A9
co
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
o.
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0001.9766.27A9
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
ct
Aging Time 20
51
VLAN0002
Spanning tree enabled protocol ieee
ed
http://edu.51cto.com/lecturer/user_id-532091.html
52
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 0001.9766.27A9
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
m
Fa0/24 Desg FWD 19 128.24 P2p
co
5:配置思科快速 STP
SW1(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree mode rapid-pvst
o.
SW3(config)#spanning-tree mode rapid-pvst
6:配置根桥负载均衡
ct
SW1(config)#spanning-tree vlan 2 root primary
SW1(config)#spanning-tree vlan 3 root secondary
51
SW1#show running-config
(以上省略部分配置)
spanning-tree vlan 2 priority 24576
ed
SW2#show running-config
(以上省略部分配置)
spanning-tree vlan 2 priority 24576
spanning-tree vlan 3 priority 28672
(以下省略部分配置)
7:查看负载均衡
SW1#show spanning-tree vlan 2
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 24578
http://edu.51cto.com/lecturer/user_id-532091.html
53
Address 0001.9766.27A9
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
m
SW2#show spanning-tree vlan 3
VLAN0003
Spanning tree enabled protocol ieee
co
Root ID Priority 24579
Address 0003.E44D.7A96
This bridge is the root
o.
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
8:配置 PC 地址(略)
http://edu.51cto.com/lecturer/user_id-532091.html
54
实验 14:配置二层 Etherchannel
实验拓扑:
m
co
o.
实验目标:
ct
1:了解以太信道协议
2:配置以太信道
51
实验步骤:
1:根据拓扑所示配置 VLAN、trunk、PC 地址等
u.
2:配置以太信道 PAGP
3:配置以太信道 LACP
ed
4:配置以太信道负载均衡
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
55
实验配置:
1:基本配置:VLAN、trunk、PC 地址等
Switch(config)#hostname SW1
SW1(config)#vlan 2
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
SW1(config-vlan)#name it
SSW1(config-vlan)#interface fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2
SW1(config-if)#interface fa0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 3
SW1(config-if)#inter range gi1/1-2
m
SW1(config-if-range)#switchport mode trunk
Switch(config)#hostname SW2
co
SW2(config)#vlan 2
SW2(config-vlan)#name fd
SW2(config-vlan)#vlan 3
o.
SW2(config-vlan)#name it
SW2(config-vlan)#interface fa0/1
SW2(config-if)#switchport mode access
ct
SW2(config-if)#switchport access vlan 2
SW2(config-if)#interface fa0/2
51
SW2#show spanning-tree
VLAN0001
ed
(此处省略部分输出)
Gi1/1 Root FWD 4 128.25 P2p
Gi1/2 Altn BLK 4 128.26 P2p
VLAN0002
(此处省略部分输出)
Fa0/1 Desg FWD 19 128.1 P2p
Gi1/1 Root FWD 4 128.25 P2p
Gi1/2 Altn BLK 4 128.26 P2p
VLAN0003
(此处省略部分输出)
Fa0/2 Desg FWD 19 128.2 P2p
Gi1/1 Root FWD 4 128.25 P2p
Gi1/2 Altn BLK 4 128.26 P2p
http://edu.51cto.com/lecturer/user_id-532091.html
56
2:配置以太信道
SW1(config)#interface range gi1/1-2
SW1(config-if-range)#channel-protocol pagp
SW1(config-if-range)#channel-group 1 mode desirable
m
1 Po1(SU) PAgP Gig1/1(P) Gig1/2(P)
co
Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1
(此处省略部分输出)
o.
3:测试以太信道冗余性
SW1(config)#interface gi1/1
ct
SW1(config-if)#shutdown
51
u.
ed
切换时,延时增加,但并没有丢包
恢复端口:
SW1(config)#interface gi1/1
SW1(config-if)#shutdown
4:调整以太信道负载均衡方式
SW1#show etherchannel load-balance
EtherChannel Load-Balancing Operational State (src-mac):
Non-IP: Source MAC address
IPv4: Source MAC address
IPv6: Source MAC address
http://edu.51cto.com/lecturer/user_id-532091.html
57
PC0 测试 PC2:
PC1 测试 PC3:
m
co
通过模拟器的端口指示灯的状态可以看出两次测试使用不同链路通信
SW1(config)#port-channel load-balance ?
o.
dst-ip Dst IP Addr
dst-mac Dst Mac Addr
src-dst-ip Src XOR Dst IP Addr
ct
src-dst-mac Src XOR Dst Mac Addr
src-ip Src IP Addr
51
5:配置以太信道 LACP
SW1(config)#interface range gi1/1-2
u.
SW1(config-if-range)#channel-protocol lacp
SW1(config-if-range)#channel-group 1 mode active
ed
http://edu.51cto.com/lecturer/user_id-532091.html
58
实验 15:配置交换机端口安全
实验拓扑:
m
co
o.
实验目标:
理解端口安全的基本命令
ct
实验步骤:
51
实验总结:
ed
http://edu.51cto.com/lecturer/user_id-532091.html
59
实验配置:
1:配置端口 MAC 地址静态绑定
Switch(config)#hostname SW1
SW1(config)#inter fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security mac-address 0060.4736.0A87
PC0 测试 PC2:
m
2:更换 PC(相当于更换 MAC 地址):用 fa0/1 连接测试机 PC1
PC1 测试 PC2
co
o.
ct
51
3:端口安全相关检查命令
SW1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
u.
--------------------------------------------------------------------
Fa0/1 1 1 1 Shutdown
----------------------------------------------------------------------
ed
http://edu.51cto.com/lecturer/user_id-532091.html
60
SW1#show port-security interface fa0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 000C.855A.B582:1
Security Violation Count : 1
4:配置端口粘滞
m
SW1(config)#interface fa0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
co
SW1(config-if)#switchport port-security mac-address sticky
(此处省略部分输出)
5:更改端口安全默认参数
ed
SW1(config)#interface fa0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security maximum 2
SW1(config-if)#switchport port-security mac-address 00E0.F74B.AC77
SW1(config-if)#switchport port-security mac-address 00E0.F937.3980
SW1(config-if)#switchport port-security violation restrict
PC2 测试 PC0:
http://edu.51cto.com/lecturer/user_id-532091.html
61
PC3 测试 PC0:
m
PC3 测试 PC0:
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
62
实验 16:交换综合实验训练
实验拓扑:
m
co
o.
ct
51
u.
实验目标:
ed
通过综合实验复习交换机的相关配置
实验步骤:
1:根据拓扑所示配置 VLAN、中继等
2:在 SW1、SW2 之间配置 2 层以太信道
3:以太信道中继使用静态 trunk 模式,其他中继均使用 DTP 动态主动模式
4:配置所有接入端口为快速端口并保护
5:开启端口安全,端口自动粘滞 MAC 地址
6:全网配置快速 STP,并且通过控制根桥选举,实现 STP 的负载均衡
7:通过 R1 配置单臂路由实现 VLAN 间路由
8:配置 3 台接入层交换机可以互相 telnet,用户名密码皆为 ccna,特权密码为 ccnp
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
63
实验配置:
1:配置 VLAN 和 trunk
SW1(config)#vlan 2
SW1(config-vlan)#name fd
SW1(config-vlan)#vlan 3
SW1(config-vlan)#name it
SW2(config)#vlan 2
SW2(config-vlan)#name fd
m
SW2(config-vlan)#vlan 3
SW2(config-vlan)#name it
co
SW2(config)#inter range fa0/23-24
SW2(config-if-range)#swi mo tr
SW2(config-if-range)#inter fa0/21
o.
SW2(config-if)#swi mo dynamic desirable
SW3(config)#vlan 2
ct
SW3(config-vlan)#name fd
SW3(config-vlan)#vlan 3
51
SW3(config-vlan)#name it
查看命令:
show vlan bri
show inter trunk
2:配置快速端口和端口安全
SW3(config)#inter range fa0/1-3
SW3(config-if-range)#spanning-tree portfast
SW3(config-if-range)#spanning-tree bpduguard enable
http://edu.51cto.com/lecturer/user_id-532091.html
64
SW3(config)#inter range fa0/1-3
SW3(config-if-range)#switchport port-security
SW3(config-if-range)#switchport port-security mac-address sticky
查看命令:
show run inter X
show port-security
3:配置快速 STP
SW1(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree mode rapid-pvst
SW3(config)#spanning-tree mode rapid-pvst
4:配置以太信道
SW1(config)#inter range fa0/23-24
m
SW1(config-if-range)#channel-group 1 mode on
SW2(config)#inter range fa0/23-24
SW2(config-if-range)#channel-group 1 mode on
查看命令:
show eth summ
co
o.
5:配置生成树负载均衡
SW1(config)#spanning-tree vlan 2 root primary
ct
SW1(config)#spanning-tree vlan 3 root secondary
51
查看命令:
u.
show run
show span vlan X
ed
6:配置单臂路由
SW1(config)#inter gi1/1
SW1(config-if)#swi mo tr
R1(config)#inter gi0/0
R1(config-if)#no shutdown
R1(config)#inter gi0/0.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#ip add 192.168.2.254 255.255.255.0
R1(config-subif)#inter gi0/0.3
R1(config-subif)#en do 3
R1(config-subif)#ip add 192.168.3.254 255.255.255.0
查看命令:
R1#show ip inter brief
http://edu.51cto.com/lecturer/user_id-532091.html
65
7:配置 VLAN 2 PC0 和 PC1 网关为 192.168.2.254,VLAN 3 PC2 网关为 192.168.3.254,并测试 VLAN
间通信(略)
8:配置接入层交换机远程访问
SW1(config)#inter vlan 1
SW1(config-if)#ip add 192.168.1.1 255.255.255.0
SW1(config-if)#no shutdown
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#exit
SW1(config)#username ccna password ccna
SW1(config)#enable sec ccnp
SW2(config)#inter vlan 1
SW2(config-if)#ip add 192.168.1.2 255.255.255.0
m
SW2(config-if)#no shutdown
SW2(config)#line vty 0 4
SW2(config-line)#login local
co
SW2(config-line)#exit
SW2(config)#username ccna password ccna
SW2(config)#enable sec ccnp
o.
SW3(config)#inter vlan 1
SW3(config-if)#ip add 192.168.1.3 255.255.255.0
ct
SW3(config-if)#no shutdown
SW3(config)#line vty 0 4
51
SW3(config-line)#login local
SW3(config-line)#exit
SW3(config)#username ccna password ccna
SW3(config)#enable sec ccnp
u.
9:测试交换机之间的远程访问
SW3#telnet 192.168.1.1
ed
Username: ccna
Password:
SW1>en
Password:
SW1#
http://edu.51cto.com/lecturer/user_id-532091.html
66
实验 17:配置静态路由
实验拓扑:
m
co
o.
实验目标:
ct
1:学会配置静态路由协议
2:学会配置静态默认路由
51
3:理解静态路由两种写法的区别
实验步骤:
u.
1:配置静态路由
2:配置静态默认路由
ed
3:使用下一跳配置
4:使用出口配置
5:实现全网通信
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
67
实验配置:
1:根据拓扑所示,配置接口地址,PC 地址和网关等(略)
2:配置环回口模拟 PC
R2(config)#interface loopback ?
<0-2147483647> Loopback interface number
R2(config)#interface loopback 0
R2(config-if)#ip address 192.168.2.1 255.255.255.0
R2(config-if)#interface loopback 1
R2(config-if)#ip address 192.168.20.1 255.255.255.0
3:查看接口状态,测试直连网络通信(略)
4:配置静态路由
m
R1 上使用下一跳配置:
R1(config)#ip route 192.168.2.0 255.255.255.0 192.168.12.2
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.12.2
co
R1(config)#ip route 192.168.23.0 255.255.255.0 192.168.12.2
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.12.2
o.
R2 上使用出口配置:
R2(config)#ip route 172.16.1.0 255.255.255.0 fa0/0
R2(config)#ip route 172.16.2.0 255.255.255.0 fa0/1
ct
R3 上配置静态默认路由:
51
5:查看路由表
R1#show ip route
u.
http://edu.51cto.com/lecturer/user_id-532091.html
68
R2#show ip route static
172.16.0.0/24 is subnetted, 2 subnets
S 172.16.1.0 is directly connected, FastEthernet0/0
S 172.16.2.0 is directly connected, FastEthernet0/1
6:全网通信测试(略)
7:验证下一跳和出口写法关于管理距离的区别
验证下一跳和出口写法关于管理距离的区别
m
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.12.2
R1(config)#ip route 172.16.2.0 255.255.255.0 fa0/1
co
R2(config)#ip route 172.16.1.0 255.255.255.0 192.168.12.1
R2(config)#ip route 172.16.1.0 255.255.255.0 fa0/1
o.
R1#show ip route static
172.16.0.0/24 is subnetted, 2 subnets
ct
S 172.16.2.0 [1/0] via 192.168.12.2
is directly connected, FastEthernet0/1
51
http://edu.51cto.com/lecturer/user_id-532091.html
69
Internet 192.168.23.1 - 00E0.8F49.DE02 ARPA FastEthernet0/1
Internet 192.168.23.2 3 00E0.F911.E202 ARPA FastEthernet0/1
R3#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.2.1 5 0010.11D2.938A ARPA FastEthernet0/0
Internet 172.16.2.254 - 00E0.F911.E201 ARPA FastEthernet0/0
Internet 192.168.23.1 5 00E0.8F49.DE02 ARPA FastEthernet0/1
Internet 192.168.23.2 - 00E0.F911.E202 ARPA FastEthernet0/1
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
70
实验 18:配置浮动静态路由
实验拓扑:
实验目标:
1:配置静态路由管理距离
m
2:实现浮动静态路由
实验步骤:
co
1:配置主线静态路由管理距离为 50(fa0/0)
2:配置备线静态路由管理距离为 150(s0/3/0)
o.
3:实现主备线路的切换
ct
实验总结:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
71
实验配置:
1:配置路由器接口地址、环回口地址,并测试直连网络通信(略)
2:配置静态路由
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.12.2
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.120.2
m
3:修改管理距离
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.12.2 50
co
R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.120.2 150
R1(config)#inter fa0/0
R1(config-if)#shutdown
u.
R1(config)#inter fa0/0
R1(config-if)#no shutdown
http://edu.51cto.com/lecturer/user_id-532091.html
72
实验 19
19:配置 EIGRP 基本命令
实验拓扑:
m
实验目标:
1:熟悉动态路由协议的基本配置命令
熟悉动态路由协议的基本配置命令
co
2:学会配置 EIGRP 的基本命令
实验步骤:
o.
1:配置 EIGRP(关闭自动汇总)
)
2:查看邻居表、拓扑表以及路由表
拓扑表以及路由表
ct
3:查看 EIGRP 的路由条目类型(
(创造外部路由)
4:调整 K 值
51
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
73
实验配置:
1:配置设备接口地址,测试直连网络的通信(略)
2:配置 EIGRP
可以先查看本地的直连网段和接口地址
R1#show ip inter bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.12.1 YES manual up up
FastEthernet0/1 192.168.120.1 YES manual up up
Loopback0 172.16.0.1 YES manual up up
Loopback1 172.16.1.1 YES manual up up
Loopback2 172.16.2.1 YES manual up up
Loopback3 172.16.3.1 YES manual up up
Vlan1 unassigned YES unset administratively down down
m
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
co
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.120.0
R1(config-router)#net 172.16.0.0 0.0.255.255
o.
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
ct
R2(config-router)#net 192.168.12.0
R2(config-router)#net 192.168.120.0
51
R2(config-router)#net 192.168.230.0
R2(config-router)#net 192.168.23.0
R2(config-router)#net 192.168.2.0
u.
R3(config-router)#net 192.168.230.0
R3(config-router)#net 192.168.3.0
R2#show ip protocols
Routing Protocol is "eigrp 100 "
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 100
Automatic network summarization is not in effect
http://edu.51cto.com/lecturer/user_id-532091.html
74
Maximum path: 4
Routing for Networks:
192.168.12.0
192.168.120.0
192.168.230.0
192.168.23.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.12.1 90 4799507
192.168.120.1 90 4804826
192.168.23.2 90 4862681
192.168.230.2 90 4865018
Distance: internal 90 external 170
m
查看邻居关表、拓扑表、路由表:
co
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
o.
0 192.168.12.1 Fa0/0 13 00:02:04 40 1000 0 10
1 192.168.120.1 Fa0/1 11 00:01:59 40 1000 0 9
2 192.168.23.2 Fa1/0 14 00:01:01 40 1000 0 21
ct
3 192.168.230.2 Se0/3/0 11 00:00:58 40 1000 0 21
51
http://edu.51cto.com/lecturer/user_id-532091.html
75
via Connected, Serial0/3/0
P 192.168.23.0/24, 1 successors, FD is 28160
via Connected, FastEthernet1/0
P 192.168.2.0/24, 1 successors, FD is 128256
via Connected, Loopback0
P 192.168.3.0/24, 1 successors, FD is 156160
via 192.168.23.2 (156160/128256), FastEthernet1/0
via 192.168.230.2 (20640000/128256), Serial0/3/0
R2#show ip route eigrp
172.16.0.0/24 is subnetted, 4 subnets
D 172.16.0.0 [90/156160] via 192.168.12.1, 00:02:55, FastEthernet0/0
[90/156160] via 192.168.120.1, 00:02:50, FastEthernet0/1
D 172.16.1.0 [90/156160] via 192.168.12.1, 00:02:55, FastEthernet0/0
[90/156160] via 192.168.120.1, 00:02:50, FastEthernet0/1
D 172.16.2.0 [90/156160] via 192.168.12.1, 00:02:55, FastEthernet0/0
m
[90/156160] via 192.168.120.1, 00:02:50, FastEthernet0/1
D 172.16.3.0 [90/156160] via 192.168.12.1, 00:02:55, FastEthernet0/0
[90/156160] via 192.168.120.1, 00:02:50, FastEthernet0/1
co
D 192.168.3.0/24 [90/156160] via 192.168.23.2, 00:01:43, FastEthernet1/0
3:调整 K 值的命令
o.
R1(config)#router eigrp 100
R1(config-router)#metric weights 0 1 1 1 1 1
ct
4:全网通信测试(略)
51
5:创造外部路由条目
R1(config)#interface loopback 10
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#router ei 100
u.
R1(config-router)#redistribute connected
http://edu.51cto.com/lecturer/user_id-532091.html
76
实验 20:配置
配置 EIGRP 的自动汇总和手工汇总
实验拓扑:
m
实验目标:
1:理解自动汇总和手工汇总的区别
理解自动汇总和手工汇总的区别
co
2:学会配置 EIGRP 手工汇总
实验步骤:
o.
1:开启所有路由器 EIGRP 默认自动汇总
默认自动汇总,观察路由表
2:关闭所有路由器的自动汇总
ct
3:在 R1 上配置手工汇总
4:在 R1 上配置超网汇总:172.0.0.0/8
172.0.0.0/8
51
5:对比总结自动汇总和手工汇总的区别
对比总结自动汇总和手工汇总的区别
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
77
实验配置:
1:参照实验 19 完成 EIGRP 基本配置
2:开启所有路由器的自动汇总
R1(config)#router eigrp 100
R1(config-router)#auto-summary
R2(config)#router eigrp 100
R2(config-router)#auto-summary
R3(config)#router eigrp 100
R3(config-router)#auto-summary
3:查看部分路由表
R1#show ip route eigrp
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
m
D 172.16.0.0/16 is a summary, 00:01:17, Null0
D 192.168.2.0/24 [90/156160] via 192.168.120.2, 00:01:02, FastEthernet0/1
[90/156160] via 192.168.12.2, 00:01:02, FastEthernet0/0
co
D 192.168.3.0/24 [90/158720] via 192.168.12.2, 00:00:57, FastEthernet0/0
[90/158720] via 192.168.120.2, 00:00:57, FastEthernet0/1
D 192.168.23.0/24 [90/30720] via 192.168.120.2, 00:01:02, FastEthernet0/1
o.
[90/30720] via 192.168.12.2, 00:01:02, FastEthernet0/0
D 192.168.230.0/24 [90/20514560] via 192.168.120.2, 00:01:02, FastEthernet0/1
[90/20514560] via 192.168.12.2, 00:01:02, FastEthernet0/0
ct
R3#show ip route eigrp
51
4:关闭自动汇总,并在 R1 上配置手工汇总
R1(config)#router eigrp 100
ed
R1(config-router)#no auto-summary
R1(config)#inter range fa0/0-1
R1(config-if-range)#ip summary-address eigrp 100 172.16.0.0 255.255.252.0
R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R3(config)#router eigrp 100
R3(config-router)#no auto-summary
http://edu.51cto.com/lecturer/user_id-532091.html
78
5:配置超网汇总
R1(config)#inter range fa0/0-1
R1(config-if-range)#no ip summary-address eigrp 100 172.16.0.0 255.255.252.0
R1(config-if-range)#ip summary-address eigrp 100 172.0.0.0 255.0.0.0
6:扩展:自动汇总自汇总自己生成的路由条目,不汇总学到的路由条目(见视频)
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
79
实验 21:配置
配置 EIGRP 等价和不等价负载均衡
实验拓扑:
m
实验目标:
学会配置 EIGRP 不等价负载均衡
实验步骤:
1:查看并修改 serial 接口参考带宽
接口参考带宽,并修改为 1544K
co
o.
2:查看 R1、R2 之间的等价负载均衡
3:在 R2、R3 上配置不等价负载均衡
ct
实验总结:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
80
实验配置:
1:在实验 20 基础上完成本实验
2: 查看 Serial 接口默认带宽
R2#show inter s0/3/0
Serial0/3/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.230.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
(省略部分输出)
3:Serial 接口默认带宽
R2(config)#inter s0/3/0
m
R2(config-if)#bandwidth 1544
R3(config)#inter s0/3/0
R3(config-if)#bandwidth 1544
2297856÷156160≈14.7147 取大,即取值为 15
5:配置不等价负载均衡
R2(config)#router eigrp 100
u.
R2(config-router)#variance 15
R3(config)#router eigrp 100
R3(config-router)#variance 15
ed
6:查看不等价负载均衡
R2#show ip protocols
Routing Protocol is "eigrp 100 "
(省略部分输出)
EIGRP maximum hopcount 100
EIGRP maximum metric variance 15
Redistributing: eigrp 100
Automatic network summarization is in effect
Automatic address summarization:
Maximum path: 4
(省略部分输出)
http://edu.51cto.com/lecturer/user_id-532091.html
81
R2#show ip route
(省略部分输出)
D 172.0.0.0/8 [90/156160] via 192.168.120.1, 00:00:19, FastEthernet0/1
[90/156160] via 192.168.12.1, 00:00:18, FastEthernet0/0
C 192.168.2.0/24 is directly connected, Loopback0
D 192.168.3.0/24 [90/156160] via 192.168.23.2, 00:00:17, FastEthernet1/0
[90/2297856] via 192.168.230.2, 00:00:19, Serial0/3/0
C 192.168.12.0/24 is directly connected, FastEthernet0/0
C 192.168.23.0/24 is directly connected, FastEthernet1/0
C 192.168.120.0/24 is directly connected, FastEthernet0/1
C 192.168.230.0/24 is directly connected, Serial0/3/0
R3#show ip route
(省略部分输出)
D 172.0.0.0/8 [90/158720] via 192.168.23.1, 00:00:01, FastEthernet0/0
m
[90/2300416] via 192.168.230.1, 00:00:02, Serial0/3/0
D 192.168.2.0/24 [90/156160] via 192.168.23.1, 00:00:01, FastEthernet0/0
[90/2297856] via 192.168.230.1, 00:00:02, Serial0/3/0
co
C 192.168.3.0/24 is directly connected, Loopback0
D 192.168.12.0/24 [90/30720] via 192.168.23.1, 00:00:01, FastEthernet0/0
C 192.168.23.0/24 is directly connected, FastEthernet0/0
o.
D 192.168.120.0/24 [90/30720] via 192.168.23.1, 00:00:01, FastEthernet0/0
C 192.168.230.0/24 is directly connected, Serial0/3/0
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
82
实验 22:单区域 OSPF 基本配置
实验拓扑:
实验目标:
m
1:学会配置单区域 OSPF
2:学会修改 OSPF 的 RID
co
3:理解 DR、BDR 的选举
实验步骤:
o.
1:配置单区域 OSPF(区域 0)
2:手工设置 R2 的 RID 为 10.2.2.2
ct
3:配置 R3 OSPF 的进程号为 3,其他路由器为 1
4:学会配置接口成本、优先级、计时器以及 OSPF RID
51
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
83
实验配置:
1:配置接口地址,并测试直连网络的通信(略)
2:配置单区域 OSPF
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.1 0.0.0.0 area 0
R1(config-router)#network 192.168.120.0 0.0.0.255 area 0
R1(config-router)#network 172.16.0.0 0.0.255.255 area 0
R2(config)#router ospf 1
R2(config-router)#router-id 10.2.2.2
R2(config-router)#network 192.168.12.2 0.0.0.0 area 0
R2(config-router)#network 192.168.120.2 0.0.0.0 area 0
R2(config-router)#network 192.168.23.1 0.0.0.0 area 0
m
R2(config-router)#network 192.168.230.1 0.0.0.0 area 0
R2(config-router)#network 192.168.2.1 0.0.0.0 area 0
co
R3(config)#router ospf 3
R3(config-router)#network 0.0.0.0 255.255.255.255 area 0
o.
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.3.1 1 FULL/DR 00:00:36 192.168.12.1 FastEthernet0/0
ct
172.16.3.1 1 FULL/DR 00:00:36 192.168.120.1 FastEthernet0/1
192.168.3.1 0 FULL/ - 00:00:32 192.168.230.2 Serial0/3/0
51
R2#show ip protocols
Routing Protocol is "ospf 1"
u.
http://edu.51cto.com/lecturer/user_id-532091.html
84
R2#show ip ospf database
OSPF Router with ID (10.2.2.2) (Process ID 1)
m
R2#show ip ospf interface fa0/0
FastEthernet0/0 is up, line protocol is up
co
Internet address is 192.168.12.2/24, Area 0
Process ID 1, Router ID 10.2.2.2, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
o.
Designated Router (ID) 172.16.3.1, Interface address 192.168.12.1
Backup Designated Router (ID) 10.2.2.2, Interface address 192.168.12.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
ct
Hello due in 00:00:05
Index 1/1, flood queue length 0
51
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
u.
3:查看路由表,并测试通信
R1#show ip route ospf
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 192.168.120.2, 00:00:06, FastEthernet0/1
[110/2] via 192.168.12.2, 00:00:06, FastEthernet0/0
192.168.3.0/32 is subnetted, 1 subnets
O 192.168.3.1 [110/3] via 192.168.120.2, 00:00:06, FastEthernet0/1
[110/3] via 192.168.12.2, 00:00:06, FastEthernet0/0
O 192.168.23.0 [110/2] via 192.168.120.2, 00:00:06, FastEthernet0/1
[110/2] via 192.168.12.2, 00:00:06, FastEthernet0/0
O 192.168.230.0 [110/65] via 192.168.120.2, 00:00:06, FastEthernet0/1
[110/65] via 192.168.12.2, 00:00:06, FastEthernet0/0
http://edu.51cto.com/lecturer/user_id-532091.html
85
R2#show ip route ospf
172.16.0.0/32 is subnetted, 4 subnets
O 172.16.0.1 [110/2] via 192.168.120.1, 00:01:29, FastEthernet0/1
[110/2] via 192.168.12.1, 00:01:29, FastEthernet0/0
O 172.16.1.1 [110/2] via 192.168.120.1, 00:01:29, FastEthernet0/1
[110/2] via 192.168.12.1, 00:01:29, FastEthernet0/0
O 172.16.2.1 [110/2] via 192.168.120.1, 00:01:29, FastEthernet0/1
[110/2] via 192.168.12.1, 00:01:29, FastEthernet0/0
O 172.16.3.1 [110/2] via 192.168.120.1, 00:01:29, FastEthernet0/1
[110/2] via 192.168.12.1, 00:01:29, FastEthernet0/0
192.168.3.0/32 is subnetted, 1 subnets
O 192.168.3.1 [110/2] via 192.168.23.2, 00:25:10, FastEthernet1/0
m
O 172.16.0.1 [110/3] via 192.168.23.1, 00:00:45, FastEthernet0/0
O 172.16.1.1 [110/3] via 192.168.23.1, 00:00:45, FastEthernet0/0
O 172.16.2.1 [110/3] via 192.168.23.1, 00:00:45, FastEthernet0/0
co
O 172.16.3.1 [110/3] via 192.168.23.1, 00:00:45, FastEthernet0/0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.1 [110/2] via 192.168.23.1, 00:25:51, FastEthernet0/0
o.
O 192.168.12.0 [110/2] via 192.168.23.1, 00:00:45, FastEthernet0/0
O 192.168.120.0 [110/2] via 192.168.23.1, 00:00:45, FastEthernet0/0
ct
4:修改接口成本、优先级、计时器
R1(config)#interface fa0/0
51
5:修改 RID
R1(config)#router ospf 1
ed
R1(config-router)#router-id 10.1.1.1
R1(config-router)#Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#do cle ip ospf pro
Reset ALL OSPF processes? [no]: yes
http://edu.51cto.com/lecturer/user_id-532091.html
86
实验 23:配置 OSPF 多区域
实验拓扑:
m
co
实验目标:
1:了解多区域 OSPF
2:理解 ABR 的作用
o.
3:了解 OSPF 的路由条目
ct
实验步骤:
51
1:根据拓扑所示配置多区域 OSPF
2:查看 OSPF 邻居表、数据库以及路由表
2:分析 OSPF 的路由条目
3:查看 ABR(R2)的拓扑数据库
u.
实验总结:
ed
http://edu.51cto.com/lecturer/user_id-532091.html
87
实验配置:
1:配置接口地址,并测试直连网络的通信(略)
2:配置多区域 OSPF
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.1 0.0.0.0 area 0
R1(config-router)#network 192.168.120.1 0.0.0.0 area 0
R1(config-router)#net 172.16.0.0 0.0.3.255 area 1
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.2 0.0.0.0 area 0
R2(config-router)#network 192.168.120.2 0.0.0.0 area 0
R2(config-router)#network 192.168.2.1 0.0.0.0 area 0
R2(config-router)#net 192.168.23.1 0.0.0.0 area 2
m
R2(config-router)#net 192.168.230.1 0.0.0.0 area 2
R3(config)#router ospf 1
co
R3(config-router)#network 192.168.23.2 0.0.0.0 area 2
R3(config-router)#network 192.168.230.2 0.0.0.0 area 2
R3(config-router)#network 192.168.3.1 0.0.0.0 area 2
o.
3:查看邻居关系
R2#show ip ospf neighbor
ct
Neighbor ID Pri State Dead Time Address Interface
172.16.3.1 1 FULL/DR 00:00:32 192.168.12.1 FastEthernet0/0
51
4:查看路由表,观察路由条目
R1#show ip route ospf
192.168.2.0/32 is subnetted, 1 subnets
ed
http://edu.51cto.com/lecturer/user_id-532091.html
88
O IA 172.16.1.1 [110/2] via 192.168.12.1, 00:05:11, FastEthernet0/0
[110/2] via 192.168.120.1, 00:05:11, FastEthernet0/1
O IA 172.16.2.1 [110/2] via 192.168.12.1, 00:05:11, FastEthernet0/0
[110/2] via 192.168.120.1, 00:05:11, FastEthernet0/1
O IA 172.16.3.1 [110/2] via 192.168.12.1, 00:05:11, FastEthernet0/0
[110/2] via 192.168.120.1, 00:05:11, FastEthernet0/1
192.168.3.0/32 is subnetted, 1 subnets
O 192.168.3.1 [110/2] via 192.168.23.2, 00:01:40, FastEthernet1/0
m
192.168.2.0/32 is subnetted, 1 subnets
O IA 192.168.2.1 [110/2] via 192.168.23.1, 00:04:15, FastEthernet0/0
O IA 192.168.12.0 [110/2] via 192.168.23.1, 00:04:15, FastEthernet0/0
co
O IA 192.168.120.0 [110/2] via 192.168.23.1, 00:04:15, FastEthernet0/0
http://edu.51cto.com/lecturer/user_id-532091.html
89
Router Link States (Area 1)
m
OSPF Router with ID (192.168.2.1) (Process ID 1)
Link ID
192.168.2.1
ADV Router
192.168.2.1
Age
253
Seq#
http://edu.51cto.com/lecturer/user_id-532091.html
90
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 192.168.2.1 598 0x80000001 0x003d3f
192.168.120.0 192.168.2.1 598 0x80000002 0x00927c
192.168.2.1 192.168.2.1 589 0x80000003 0x009de5
172.16.2.1 192.168.2.1 197 0x8000000a 0x00c562
172.16.3.1 192.168.2.1 197 0x8000000b 0x00b86d
172.16.0.1 192.168.2.1 133 0x8000000c 0x00d750
172.16.1.1 192.168.2.1 133 0x8000000d 0x00ca5b
6:全网通信测试(略)
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
91
实验 24:配置 OSPF 验证
实验拓扑:
实验目标:
1:学会配置 OSPF 明文验证
m
2:学会配置 OSPF 加密验证
实验步骤:
1:在 R1、R2 之间配置 OSPF 明文验证
2:在 R2、R3 之间配置 OSPF 加密验证
co
o.
实验总结:
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
92
实验配置:
1:配置接口地址并启动 OSPF
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#router ospf 1
R1(config-router)#network 192.168.1.1 0.0.0.0 area 0
R2(config)#interface fa0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#inter fa0/1
R2(config-if)#ip address 192.168.2.1 255.255.255.0
R2(config-if)#no shutdown
m
R2(config-if)#router ospf 1
R2(config-router)#network 192.168.1.2 0.0.0.0 area 0
R2(config-router)#network 192.168.2.1 0.0.0.0 area 0
R3(config)#interface fa0/1
R3(config-if)#ip address 192.168.2.2 255.255.255.0
co
o.
R3(config-if)#no shutdown
R3(config-if)#router ospf 1
R3(config-router)#network 192.168.2.2 0.0.0.0 area 0
ct
2:配置明文验证
51
R1(config)#interface fa0/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key ccna
u.
R2(config)#interface fa0/0
R2(config-if)#ip ospf authentication
R3(config-if)#ip ospf authentication-key ccna
ed
3:配置 MD5 验证
R2(config)#interface fa0/1
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 ccnp
R3(config)#inter fa0/1
R3(config-if)#ip ospf authentication message-digest
R3(config-if)#ip ospf message-digest-key 1 md5 ccnp
http://edu.51cto.com/lecturer/user_id-532091.html
93
实验 25:配置 HSRP
实验拓扑:
m
co
o.
ct
51
实验目标:
u.
实验步骤:
1:根据拓扑所示配置接口地址、PC 地址等,并在路由器上运行 OSPF 路由协议
2:在 R2、R3 上配置单组 HSRP,实现 PC 网关冗余
3:在主网关上配置上行端口跟踪
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
94
实验配置:
1:配置接口地址、PC 地址等
R1(config)#interface loopback 0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface s0/3/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#interface s0/2/0
R1(config-if)#ip address 192.168.13.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface s0/3/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
m
R2(config-if)#no shutdown
R2(config-if)#interface fa0/0
R2(config-if)#ip address 192.168.1.1 255.255.255.0
co
R2(config-if)#no shutdown
R3(config)#interface s0/2/0
o.
R3(config-if)#ip address 192.168.13.2 255.255.255.0
R3(config-if)#no shutdown
R2(config-if)#interface fa0/0
ct
R3(config-if)#ip add 192.168.1.2 255.255.255.0
R3(config-if)#no shutdown
51
2:测试直连网络的通信(略)
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#network 192.168.13.0 0.0.0.255 area 0
ed
R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#passive-interface fa0/0
R3(config)#router ospf 1
R3(config-router)#network 192.168.13.0 0.0.0.255 area 0
R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2(config-router)#passive-interface fa0/0
http://edu.51cto.com/lecturer/user_id-532091.html
95
R1#show ip route ospf
O 192.168.1.0 [110/65] via 192.168.12.2, 00:00:18, Serial0/3/0
[110/65] via 192.168.13.2, 00:00:18, Serial0/2/0
R2#show ip route ospf
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.1.1.1 [110/65] via 192.168.12.1, 00:05:24, Serial0/3/0
O 192.168.13.0 [110/128] via 192.168.12.1, 00:01:02, Serial0/3/0
4:配置单组 HSRP
R2(config)#interface fa0/0
m
R2(config-if)#standby 1 ip 192.168.1.254
R2(config-if)#standby 1 priority 110
R2(config-if)#standby 1 preempt
R3(config)#interface fa0/0
R3(config-if)#standby 1 ip 192.168.1.254
co
o.
R2(config-if)#standby 1 priority 105
R3(config-if)#standby 1 preempt
ct
R2#show standby brief
P indicates configured to preempt.
51
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 110 P Active local 192.168.1.2 192.168.1.254
u.
6:测试网络冗余性
PC0 测试目标地址 10.1.1.1
http://edu.51cto.com/lecturer/user_id-532091.html
96
断开 HSRP 主路由器接口,观察网关切换过程:
R2(config)#interface fa0/0
R2(config-if)#shutdown
m
co
o.
R3#show standby brief
P indicates configured to preempt.
|
ct
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 105 P Active local unknown 192.168.1.254
51
恢复主路由接口:
R2(config)#interface fa0/0
R2(config-if)#no shutdown
u.
7:配置端口追踪
非 HSRP 端口故障导致的问题:
ed
R2(config)#interface s0/3/0
R2(config-if)#shutdown
配置端口跟踪:
R2(config)#interface fa0/0
R2(config-if)#standby 1 track s0/3/0
http://edu.51cto.com/lecturer/user_id-532091.html
97
再次关闭端口,并查看 PC 测试状态:
R2(config)#inter s0/3/0
R2(config-if)#no shutdown
R2(config-if)#shutdown
m
co
HSRP 组的状态也已经切换成功:
R2#show standby brief
P indicates configured to preempt.
o.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Standby 192.168.1.2 local 192.168.1.254
ct
R3#show standby brief
51
恢复接口:
R2(config)#interface s0/3/0
ed
R2(config-if)#shutdown
8:loopback 接口的妙用(扩展)
R2(config)#interface loopback 10
R2(config-if)#ip address 10.2.2.2 255.255.255.0
R3(config)#interface loopback 10
R3(config-if)#ip address 10.2.2.2 255.255.255.0
此方法可以模拟两台路由器同时到达一个目标地址
http://edu.51cto.com/lecturer/user_id-532091.html
98
PC0 测试目标地址 10.1.1.1
断开 HSRP 主路由器接口,观察网关切换过程:
R2(config)#interface fa0/0
R2(config-if)#shutdown
m
恢复主路由接口:
co
o.
R2(config)#interface fa0/0
R2(config-if)#no shutdown
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
99
实验 26:路由综合实验训练
实验拓扑:
m
co
o.
ct
实验目标:
51
通过综合实验复习路由部分的配置
实验步骤:
u.
1:配置相关地址,确保直连网络的通信
2:配置所有 Serial 接口时钟频率为 64000,参考带宽为 1544K
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
100
实验配置:
1:配置相关地址,测试直连网络的通信(略)
R1(config)#inter s0/2/0
R1(config-if)#clock rate 64000
R6(config)#inter s0/3/0
m
R6(config-if)#clock rate 64000
co
R1(config)#inter s0/2/0
R1(config-if)#bandwidth 1544
o.
R3(config)#inter s0/2/0
R3(config-if)#band 1544
ct
R6(config)#inter s0/3/0
R6(config-if)#band 1544
51
R7(config)#inter s0/3/0
R7(config-if)#band 1544
u.
R1(config-router)#net 192.168.12.0
R1(config-router)#net 192.168.13.0
R1(config-router)#net 192.168.14.0
R2(config)#router ei 100
R2(config-router)#no auto
R2(config-router)#net 192.168.12.0
R2(config-router)#net 192.168.1.0
R2(config-router)#net 192.168.23.0
R2(config-router)#passive-interface fa0/1
R3(config)#router ei 100
R3(config-router)#no au
R3(config-router)#net 192.168.1.0
http://edu.51cto.com/lecturer/user_id-532091.html
101
R3(config-router)#net 192.168.13.0
R3(config-router)#net 192.168.23.0
R3(config-router)#pass fa0/1
R4(config)#router ei 100
R4(config-router)#no aut
R4(config-router)#net 192.168.45.0
R4(config-router)#net 192.168.14.0
R4(config-router)#net 172.16.0.0 0.0.3.255
R4(config-router)#pass fa0/0
检查路由表:
R1#show ip route eigrp
172.16.0.0/24 is subnetted, 4 subnets
D 172.16.0.0 [90/156160] via 192.168.14.2, 00:00:25, FastEthernet0/1
m
D 172.16.1.0 [90/156160] via 192.168.14.2, 00:00:25, FastEthernet0/1
D 172.16.2.0 [90/156160] via 192.168.14.2, 00:00:25, FastEthernet0/1
D 172.16.3.0 [90/156160] via 192.168.14.2, 00:00:25, FastEthernet0/1
co
D 192.168.1.0/24 [90/30720] via 192.168.12.2, 00:01:06, FastEthernet0/0
D 192.168.45.0/24 [90/30720] via 192.168.14.2, 00:00:33, FastEthernet0/1
o.
R4#show ip route eigrp
172.16.0.0/24 is subnetted, 4 subnets
D 192.168.1.0/24 [90/33280] via 192.168.14.1, 00:00:18, FastEthernet0/1
ct
D 192.168.12.0/24 [90/30720] via 192.168.14.1, 00:00:18, FastEthernet0/1
D 192.168.13.0/24 [90/2172416] via 192.168.14.1, 00:00:18, FastEthernet0/1
51
检查路由表更新
ed
R1#sho ip ro ei
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/156160] via 192.168.14.2, 00:00:34, FastEthernet0/1
D 192.168.1.0/24 [90/30720] via 192.168.12.2, 00:05:01, FastEthernet0/0
D 192.168.45.0/24 [90/30720] via 192.168.14.2, 00:00:34, FastEthernet0/1
http://edu.51cto.com/lecturer/user_id-532091.html
102
6:配置 EIGRP 非等价负载均衡
R1#show ip ei topology
IP-EIGRP Topology Table for AS 100
m
via Connected, FastEthernet0/1
P 192.168.45.0/24, 1 successors, FD is 30720
via 192.168.14.2 (30720/28160), FastEthernet0/1
co
P 172.16.0.0/22, 1 successors, FD is 156160
via 192.168.14.2 (156160/128256), FastEthernet0/1
o.
2172416÷30720 = 70.716 取值 71
R1(config)#router ei 100
ct
R1(config-router)#variance 71
51
R1#show ip ro ei
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/156160] via 192.168.14.2, 00:00:36, FastEthernet0/1
D 192.168.1.0/24 [90/30720] via 192.168.12.2, 00:00:38, FastEthernet0/0
u.
R6(config)#router ospf 1
R6(config-router)#net 192.168.56.0 0.0.0.255 area 0
R6(config-router)#net 192.168.67.0 0.0.0.255 area 1
R7(config)#router ospf 1
R7(config-router)#net 192.168.67.0 0.0.0.255 area 1
R7(config-router)#net 192.168.7.0 0.0.0.255 area 1
R7(config-router)#net 192.168.8.0 0.0.0.255 area 1
http://edu.51cto.com/lecturer/user_id-532091.html
103
R5#show ip route ospf
192.168.7.0/32 is subnetted, 1 subnets
O IA 192.168.7.1 [110/66] via 192.168.56.2, 00:00:09, FastEthernet0/1
192.168.8.0/32 is subnetted, 1 subnets
O IA 192.168.8.1 [110/66] via 192.168.56.2, 00:00:09, FastEthernet0/1
O IA 192.168.67.0 [110/65] via 192.168.56.2, 00:00:49, FastEthernet0/1
m
配置静态默认路由,并用产生 EIGRP 默认路由,向内容通告:
R4(config)#ip route 0.0.0.0 0.0.0.0 45.1.1.2
R4(config)#ip default-network 192.168.45.0
查看路由表变化:
R4#show ip ro
co
o.
(此处省略部分输出)
C 192.168.14.0/24 is directly connected, FastEthernet0/1
C* 192.168.45.0/24 is directly connected, FastEthernet0/0
ct
S* 0.0.0.0/0 [1/0] via 192.168.45.2
51
R1#show ip ro ei
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/156160] via 192.168.14.2, 00:03:13, FastEthernet0/1
D 192.168.1.0/24 [90/30720] via 192.168.12.2, 00:03:13, FastEthernet0/0
u.
R2#show ip ro ei
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/158720] via 192.168.12.1, 00:01:20, FastEthernet0/0
D 192.168.13.0/24 [90/2172416] via 192.168.12.1, 00:01:20, FastEthernet0/0
D 192.168.14.0/24 [90/30720] via 192.168.12.1, 00:01:20, FastEthernet0/0
D* 192.168.45.0/24 [90/33280] via 192.168.12.1, 00:00:46, FastEthernet0/0
R3#show ip ro ei
172.16.0.0/22 is subnetted, 1 subnets
D 172.16.0.0 [90/2300416] via 192.168.13.1, 00:07:40, Serial0/2/0
D 192.168.12.0/24 [90/2172416] via 192.168.13.1, 00:07:40, Serial0/2/0
D 192.168.14.0/24 [90/2172416] via 192.168.13.1, 00:07:40, Serial0/2/0
D* 192.168.45.0/24 [90/2174976] via 192.168.13.1, 00:01:24, Serial0/2/0
http://edu.51cto.com/lecturer/user_id-532091.html
104
9:配置 OSPF 的 MD5 验证
R6(config)#inter s0/3/0
R6(config-if)#ip ospf authentication message-digest
R6(config-if)#ip ospf message-digest-key 1 md5 ccna
R7(config)#inter s0/3/0
R7(config-if)#ip ospf authentication message-digest
R7(config-if)#ip ospf me 1 md ccna
10:配置 R5 成为 DR
R5(config)#inter fa0/1
R5(config-if)#ip ospf priority 2
R5#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
m
R5#show ip ospf inter fa0/1
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.56.1/24, Area 0
co
Process ID 1, Router ID 192.168.56.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 2
Designated Router (ID) 192.168.56.1, Interface address 192.168.56.1
o.
Backup Designated Router (ID) 192.168.67.1, Interface address 192.168.56.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
(以下省略部分输出)
ct
R6#show ip ospf neighbor
51
R5(config-router)#default-information originate
R7#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/14 ms
http://edu.51cto.com/lecturer/user_id-532091.html
105
12:配置 HSRP
R2(config)#inter fa0/1
R2(config-if)#standby 1 ip 192.168.1.254
R2(config-if)#standby 1 priority 110
R2(config-if)#standby 1 preempt
R2(config-if)#standby 1 track
R2(config-if)#standby 1 track fa0/0
R3(config)#inter fa0/1
R3(config-if)#standby 1 ip 192.168.1.254
R3(config-if)#standby 1 priority 105
R3(config-if)#standby 1 preempt
m
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/1 1 110 P Active local 192.168.1.2 192.168.1.254
co
o.
14:测试 PC0 到 OSPF 区域的通信,并追踪流量路径
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
106
15:验证 HSRP 切换过程
R2(config)#inter fa0/0
R2(config-if)#shutdown
R4#cle ip ro *
m
再次在 PC0 上追踪流量路径
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
107
实验 27:配置 PPP 和验证
实验拓扑:
实验目标:
1:理解 PPP 的优点
m
2:学会配置 PPP 验证
实验步骤:
co
1:配置所有 serial 接口协议为 PPP
2:配置 R1、R2 之间采用 PAP 验证(单向和双向)
o.
3:配置 R2、R3 之间采用 CHAP 验证(单向和双向)
ct
实验总结:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
108
实验配置:
1:查看思科 serial 接口默认协议
R1#show interface s0/0/0
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.12.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
(以下省略部分输出)
R1#ping 192.168.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
m
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/18 ms
co
2:验证 HDCP 和 PPP 之间的兼容性
R1(config)#interface s0/0/0
R1(config-if)#encapsulation ppp
o.
R1#ping 192.168.12.2
Type escape sequence to abort.
ct
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
.....
51
R1(config)#interface s0/0/0
ed
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication pap
R2(config)#interface s0/0/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp pap sent-username ccna password ccna
R2#ping 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/6 ms
http://edu.51cto.com/lecturer/user_id-532091.html
109
4:配置 PAP 双向验证
R2(config)#username ccna2 password ccna2
R2(config)#interface s0/0/0
R2(config-if)#ppp authentication pap
R1(config)#interface s0/0/0
R1(config-if)#ppp pap sent-username ccna2 password ccna2
R1#ping 192.168.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/18 ms
m
R2(config)#username R3 password cisco
R2(config)#interface s0/0/1
R2(config-if)#encapsulation ppp
co
R2(config-if)#ppp authentication chap
http://edu.51cto.com/lecturer/user_id-532091.html
110
实验 28:配置标准 ACL
实验拓扑:
m
co
o.
实验目标:
1:学会配置编号标准 ACL
ct
2:学会配置命名标准 ACL
3:理解命名 ACL 的优点
51
实验步骤:
1:配置全网 OSPF 路由协议,实现全网通信
u.
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
111
实验配置:
1:配置 OSPF
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.254 0.0.0.0 area 0
R1(config-router)#network 192.168.2.254 0.0.0.0 area 0
R1(config-router)#network 192.168.12.1 0.0.0.0 area 0
R2(config)#router ospf 1
R2(config-router)#network 172.16.1.254 0.0.0.0 area 0
R2(config-router)#network 192.168.12.2 0.0.0.0 area 0
PC0 测试全网通信
m
co
o.
ct
51
2:配置标准 ACL(使用编号)
R2(config)#access-list 1 deny host 192.168.1.1
R2(config)#access-list 1 permit any
u.
R2(config)#interface fa0/0
R2(config-if)#ip access-group 1 out
PC0 测试全网通信
ed
http://edu.51cto.com/lecturer/user_id-532091.html
112
R2#show ip interface fa0/0
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 172.16.1.254/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 1
Inbound access list is not set
(以下省略部分输出)
R2#show access-lists
Standard IP access list 1
deny host 192.168.1.1 (2 match(es))
m
permit any
co
删除语句问题:
R1(config)#access-list 10 permit host 10.1.1.1
R1(config)#access-list 10 permit host 10.1.1.2
o.
R1(config)#access-list 10 permit host 10.1.1.3
R1(config)#access-list 10 permit host 10.1.1.4
ct
R1(config)#do show access-list 10
Standard IP access list 10
51
插入语句问题:
R1(config)#access-list 11 permit 10.1.1.0 0.0.0.255
R1(config)#access-list 11 permit 10.1.2.0 0.0.0.255
R1(config)#access-list 11 permit 10.1.3.0 0.0.0.255
R1(config)#do show access-list 11
Standard IP access list 11
permit 10.1.1.0 0.0.0.255
permit 10.1.2.0 0.0.0.255
permit 10.1.3.0 0.0.0.255
http://edu.51cto.com/lecturer/user_id-532091.html
113
R1(config)#do show access-list 11
Standard IP access list 11
permit 10.1.1.0 0.0.0.255
permit 10.1.2.0 0.0.0.255
permit 10.1.3.0 0.0.0.255
deny host 10.1.1.1
deny host 10.1.1.2
4:配置命名标准 ACL
R2(config)#no access-list 1
R2(config)#interface fa0/0
R2(config-if)#no ip access-group 1 out
m
R2(config-std-nacl)#permit any
R2(config-std-nacl)#interface fa0/0
R2(config-if)#ip access-group ccna out
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
114
实验 29:配置扩展 ACL
实验拓扑:
m
co
o.
实验目标:
ct
1:学会配置编号扩展 ACL
2:学会配置命名扩展 ACL
51
实验步骤:
u.
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
115
实验配置:
1:拓扑一的基本配置
R1(config)#enable secret ccna
R1(config)#line vty 0 4
R1(config-line)#password ccna
R1(config-line)#login
2:配置拓扑一的 ACL
R1(config)#access-list 100 deny icmp host 192.168.1.1 host 192.168.1.254 echo
R1(config)#access-list 100 permit ip any any
R1(config)#interface fa0/0
R1(config-if)#ip access-group 100 in
m
R1#ping 192.168.1.1
Type escape sequence to abort.
co
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/8/33 ms
o.
PC0 测试 R1
ct
51
u.
3:拓扑二的基本配置
R2(config)#enable secret ccna
R2(config)#line vty 0 10
R2(config-line)#login
R2(config-line)#password ccna
http://edu.51cto.com/lecturer/user_id-532091.html
116
4:配置拓扑二的 ACL(命名扩展)
R2(config)#ip access-list extended ccna
R2(config-ext-nacl)#permit tcp host 192.168.1.1 host 192.168.1.254 eq 23
R2(config-ext-nacl)#deny tcp any host 192.168.1.254 eq 23
R2(config-ext-nacl)#permit ip any any
R2(config-ext-nacl)#interface fa0/0
R2(config-if)#ip access-group ccna in
m
co
o.
ct
PC3 telnet R1 测试,并用 ping 测试其他流量是否正常:
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
117
实验 30:ACL 综合实验训练
实验拓扑:
m
co
o.
实验目标:
ct
通过综合实验复习 ACL 配置
51
实验步骤:
1:实现 PC0 不可以 telnet R1,但是可以 ping R1,其它流量也正常
2:实现 PC1 可以 telnet R1,但是不可以 ping R1,其它流量也正常
u.
5:除以上声明流量外,其它所有流量应能够正常通信
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
118
实验配置:
1:基本配置,测试所有流量正常
R1(config)#enable secret ccna
R1(config)#line vty 0 4
R1(config-line)#password ccna
R1(config-line)#login
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
119
4:配置 ACL
R1(config)#access-list 100 deny tcp host 192.168.1.1 host 192.168.1.254 eq 23
R1(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.1.254 echo
R1(config)#access-list 100 permit icmp host 192.168.1.3 host 192.168.1.254
R1(config)#access-list 100 permit tcp host 192.168.1.3 host 192.168.1.254 eq 23
R1(config)#access-list 100 deny ip host 192.168.1.3 host 192.168.1.254
R1(config)#access-list 100 permit ip any any
R1(config)#inter fa0/0
R1(config-if)#ip access-group 100 in
m
R1(config-if)#inter fa0/1
R1(config-if)#ip access-group 110 out
5:测试(略)
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
120
实验 31:配置思科 DHCP
实验拓扑:
m
co
o.
ct
实验目标:
51
实验步骤:
1:配置 OSPF 路由协议
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
121
实验配置:
1:配置 R1 为 DHCP 服务器,为本地网段分配地址
为本地网段分配地址
R1(config)#ip dhcp pool ccna
config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#network
R1(dhcp-config)#default-router
router 192.168.1.254
R1(dhcp-config)#dns-server
server 61.177.7.1
R1(config)#ip dhcp excluded-address
address 192.168.1.1 192.168.1.9
R1(config)#ip dhcp excluded-address
address 192.168.1.251 192.168.1.254
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
122
2:配置 OSPF 协议
m
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
co
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#network 192.178.2.0 0.0.0.255 area 0
o.
3:为 PC3 配置 DHCP 地址池
R1(config)#ip dhcp pool ccnp
ct
R1(dhcp-config)#network
config)#network 192.168.2.0 255.255.255.0
R1(dhcp-config)#default-router
router 192.168.2.254
51
R1(dhcp-config)#dns-server
server 61.177.7.1
R1(dhcp-config)#exit
address 192.168.2.1 192.168.2.9
R1(config)#ip dhcp excluded-address
R1(config)#ip dhcp excluded-address
address 192.168.2.251 192.168.2.254
u.
address 192.168.12.1
R2(config-if)#ip helper-address
http://edu.51cto.com/lecturer/user_id-532091.html
123
R1#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.10 0003.E42C.40A2 -- Automatic
192.168.1.11 0060.3E9C.46A3 -- Automatic
192.168.1.12 0010.1194.D062 -- Automatic
192.168.2.10 000A.418A.2D91 -- Automatic
5:全网通信测试(略)
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
124
实验 32:配置思科 NAT 静态端口映射
实验拓扑:
m
co
o.
ct
51
实验目标:
u.
实验步骤:
1:配置 R1 静态默认路由,模拟内网
2:配置动态 NAT,使得内网可以用端口 S0/3/0 访问外部网络
3:配置静态 NAT,实现 PC1 可以访问 S0 的 web 服务和 FTP 服务,FTP 用户名密码均为默认
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
125
实验配置:
1:配置内网边界默认路由
R1(config)#ip route 0.0.0.0 0.0.0.0 s0/3/0
2:配置内网动态 NAT,实现内网访问外网
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface s0/3/0 overload
R1(config)#interface fa0/0
R1(config-if)#ip nat inside
R1(config-if)#interface s0/3/0
R1(config-if)#ip nat outside
m
co
o.
ct
51
u.
ed
查看 NAT 转换表
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 12.1.1.1:2 192.168.1.1:2 192.168.2.1:2 192.168.2.1:2
icmp 12.1.1.1:3 192.168.1.1:3 192.168.2.1:3 192.168.2.1:3
icmp 12.1.1.1:4 192.168.1.1:4 192.168.2.1:4 192.168.2.1:4
icmp 12.1.1.1:1024 192.168.1.2:1 192.168.2.1:1 192.168.2.1:1024
icmp 12.1.1.1:1025 192.168.1.2:2 192.168.2.1:2 192.168.2.1:1025
icmp 12.1.1.1:1026 192.168.1.2:3 192.168.2.1:3 192.168.2.1:1026
icmp 12.1.1.1:1027 192.168.1.2:4 192.168.2.1:4 192.168.2.1:1027
http://edu.51cto.com/lecturer/user_id-532091.html
126
3:配置静态 NAT,实现外网访问内网部分资源
实现外网访问内网部分资源
R1(config)#ip nat inside source stati
static tcp 192.168.1.2 80 12.1.1.1 80
R1(config)#ip nat inside source static tcp 192.168.1.2 80 12.1.1.1 20
R1(config)#ip nat inside source static tcp 192.168.1.2 80 12.1.1.1 21
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
127
实验 34:配置 IPV6 地址
实验拓扑:
实验目标:
学会配置 ipv6 地址的方法
m
实验步骤:
1:静态配置 fa0/0 接口的 ipv6 地址,并同时配置 2 个不同网段的地址
co
2:使用 EUI 配置 fa0/1 接口的 ipv6 地址
3:配置 PC 的 ipv6 地址,并测试路由器
4:配置 PC 自动获取地址
o.
实验总结:
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
128
实验配置:
1:开启路由器的 IPV6 路由功能
R1(config)#ipv6 unicast-routing
2:静态配置 ipv6 地址
R1(config)#interface fa0/0
R1(config-if)#no shutdown
R1(config-if)#ipv6
if)#ipv6 address 2001:1:1:1:1:1:1:1/64
R1(config-if)#ipv6
if)#ipv6 address 2002::1/64
R1(config-if)#do
if)#do show ipv6 interface brief
FastEthernet0/0 [administratively down/down]
FE80::290:2BFF:FE5E:9C01
2001:1:1:1:1:1:1:1
2002::1
m
FastEthernet0/1 [administratively down/down]
Vlan1 [administratively down/down]
co
3:使用 EUI 配置接口地址
R1(config)#interface fa0/1
R1(config-if)#no shutdown
o.
if)#ipv6 address 2003:1:1:1::/64 eui
R1(config-if)#ipv6 eui-64
R1(config-if)#do show ipv66 interface brief
FastEthernet0/0 [administratively down/down]
ct
FE80::290:2BFF:FE5E:9C01
2001:1:1:1:1:1:1:1
51
2002::1
FastEthernet0/1 [administratively down/down]
FE80::290:2BFF:FE5E:9C02
2003:1:1:1:290:2BFF:FE5E:9C02
u.
http://edu.51cto.com/lecturer/user_id-532091.html
129
更换地址,再次测试:
m
co
o.
ct
51
u.
5:配置 PC 自动获取地址
ed
http://edu.51cto.com/lecturer/user_id-532091.html
130
实验 35:配置 IPV6 路由协议-静态路由
实验拓扑:
m
实验目标:
学会配置 ipv6 环境下的静态路由
co
o.
实验步骤:
ct
1:在 R1 使用出口的配置方法
2:在 R2 上使用下一跳的配置方法,并分别使用全局地址和本地链路地址
51
3:在 R3 上配置默认路由
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
131
实验配置:
1:配置 ipv6 地址,并测试直连网络通信(略)
2:配置静态路由
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 route 2023::/64 2012::2
R1(config)#ipv6 route 2003:1:1:1::/64 2012::2
R1(config)#ipv6 route 2003:1:1:2::/64 2012::2
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 route 2001:1:1:1::/64 2012::1
R2(config)#ipv6 route 2003:1:1:1::/64 fa0/1 FE80::2D0:BAFF:FE60:4E02
R2(config)#ipv6 route 2003:1:1:2::/64 fa0/1 FE80::2D0:BAFF:FE60:4E02
m
获得对方 link-local 地址的方法:
R3#show ipv6 interface fastEthernet 0/1
FastEthernet0/1 is up, line protocol is up
co
IPv6 is enabled, link-local address is FE80::2D0:BAFF:FE60:4E02
No Virtual link-local address(es):
Global unicast address(es):
o.
2023::2, subnet is 2023::/64
(以下省略部分输出)
ct
R1(config)#ipv6 unicast-routing
R3(config)#ipv6 route ::/0 fa0/1 FE80::20C:85FF:FEE0:4602
51
3:查看路由表
R1# show ipv6 route
(省略部分输出)
u.
C 2001:1:1:1::/64 [0/0]
via ::, FastEthernet0/1
L 2001:1:1:1::2/128 [0/0]
ed
http://edu.51cto.com/lecturer/user_id-532091.html
132
R2#show ipv6 route
(省略部分输出)
S 2001:1:1:1::/64 [1/0]
via 2012::1
S 2003:1:1:1::/64 [1/0]
via FE80::2D0:BAFF:FE60:4E02, FastEthernet0/1
S 2003:1:1:2::/64 [1/0]
via FE80::2D0:BAFF:FE60:4E02, FastEthernet0/1
C 2012::/64 [0/0]
via ::, FastEthernet0/0
L 2012::2/128 [0/0]
via ::, FastEthernet0/0
C 2023::/64 [0/0]
via ::, FastEthernet0/1
L 2023::1/128 [0/0]
m
via ::, FastEthernet0/1
L FF00::/8 [0/0]
via ::, Null0
L 2023::2/128 [0/0]
via ::, FastEthernet0/1
L FF00::/8 [0/0]
via ::, Null0
4:全网通信测试(部分)
http://edu.51cto.com/lecturer/user_id-532091.html
133
实验 36:配置 IPV6 路由协议-EIGRP
实验拓扑:
m
实验目标:
学会配置 ipv6 环境下的 EIGRP
co
o.
实验步骤:
ct
1:启动 ipv6 单播转发功能
2:启动 ipv6 EIGRP 进程,并手工设置 RID
51
3:配置 EIGRP
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
134
实验配置:
1:配置 ipv6 地址,并测试直连网络通信(略)
2:配置 EIGRP
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router eigrp 100
R1(config-rtr)#router-id 10.1.1.1
R1(config-rtr)#no shutdown
R1(config-rtr)#exit
R1(config)#interface fa0/0
R1(config-if)#ipv6 eigrp 100
R1(config-if)#interface fa0/1
R1(config-if)#ipv6 eigrp 100
m
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 router eigrp 100
R2(config-rtr)#router-id 10.2.2.2
co
R2(config-rtr)#no shutdown
R2(config-rtr)# interface fa0/0
R2(config-if)#ipv6 eigrp 100
o.
R2(config-if)#interface fa0/1
R2(config-if)#ipv6 eigrp 100
ct
R3(config)#ipv6 unicast-routing
R3(config)#ipv6 router eigrp 100
51
R3(config-rtr)#router-id 10.3.3.3
R2(config-rtr)#no shutdown
R3(config-rtr)#interface fa0/1
R3(config-if)#ipv6 eigrp 100
u.
R3(config-if)#interface loopback 0
R3(config-if)#ipv6 eigrp 100
R3(config-if)#interface loopback 1
ed
http://edu.51cto.com/lecturer/user_id-532091.html
135
R2#show ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS 100/ID(10.2.2.2)
m
via FE80::2D0:BAFF:FE60:4E02 (156160/128256), FastEthernet0/1
co
(省略部分输出)
D 2001:1:1:1::/64 [90/30720]
via FE80::20D:BDFF:FEBB:3B01, FastEthernet0/0
o.
D 2003:1:1:1::/64 [90/156160]
via FE80::2D0:BAFF:FE60:4E02, FastEthernet0/1
D 2003:1:1:2::/64 [90/156160]
ct
via FE80::2D0:BAFF:FE60:4E02, FastEthernet0/1
C 2012::/64 [0/0]
51
L FF00::/8 [0/0]
via ::, Null0
4:全网通信测试(部分)
http://edu.51cto.com/lecturer/user_id-532091.html
136
实验 37:配置 IPV6 路由协议-OSPFv3
实验拓扑:
m
实验目标:
学会配置 ipv6 环境下的 OSPF
co
o.
实验步骤:
ct
1:启动 ipv6 单播转发功能
2:启动 OSPFv3 进程,并手工设置 RID
51
3:配置 OSPFv3
实验总结:
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
137
实验配置:
1:配置 ipv6 地址,并测试直连网络通信(略)
2:配置 OSPFv3
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 10.1.1.1
R1(config-rtr)#interface fa0/0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#interface fa0/1
R1(config-if)#ipv6 ospf 1 area 0
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 router ospf 1
m
R2(config-rtr)#router-id 10.2.2.2
R2(config-rtr)#interface fa0/0
R2(config-if)#ipv6 ospf 1 area 0
co
R2(config-if)#interface fa0/1
R2(config-if)#ipv6 ospf 1 area 0
o.
R3(config)#ipv6 unicast-routing
R3(config)#ipv6 router ospf 1
R3(config-rtr)#router-id 10.3.3.3
ct
R3(config-if)#interface fa0/1
R3(config-if)#ipv6 ospf 1 area 0
51
R3(config-if)#interface loopback 0
R3(config-if)#ipv6 ospf 1 area 0
R3(config-if)#interface loopback 1
R3(config-if)#ipv6 ospf 1 area 0
u.
http://edu.51cto.com/lecturer/user_id-532091.html
138
Net Link States (Area 0)
ADV Router Age Seq# Link ID (DR) Rtr count
10.1.1.1 132 0x80000001 1 2
10.2.2.2 33 0x80000001 2 2
m
10.2.2.2 129 0x80000003 2 0x2001 0
10.1.1.1 132 0x80000004 2 0x2001 0
10.3.3.3 55 0x80000003 2 0x2001 0
co
10.2.2.2 33 0x80000004 1 0x2002 2
O 2003:1:1:2::1/128 [110/1]
via FE80::2D0:BAFF:FE60:4E02, FastEthernet0/1
4:全网通信测试(部分)
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
139
实验 38:配置 VPN—GRE 隧道
实验拓扑:
m
co
o.
ct
实验目标:
51
实验步骤:
1:确保两个分公司能够访问 Internet
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
140
实验配置:
1:配置相关地址,测试直连网络通信(略)
2:配置分公司边界路由,保证接入 Internet
R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2
R3(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.1
测试分公司公网接口之间的通信:
R1#ping 23.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/10/19 ms
m
测试分公司内网之间的通信(PC0 测试)
:
co
o.
ct
51
3:配置 GRE 隧道
R1(config)#interface tunnel 0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#tunnel source s0/0/0
u.
R3(config)#interface tunnel 1
ed
测试隧道连通性
R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/10/38 ms
http://edu.51cto.com/lecturer/user_id-532091.html
141
查看隧道接口:
R1#show interfaces tunnel 0
Tunnel0 is up, line protocol is up (connected)
Hardware is Tunnel
Internet address is 10.1.1.1/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 12.1.1.1 (Serial0/0/0), destination 23.1.1.2
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
(以下省略部分输出)
m
4:配置隧道路由
R1(config)#ip route 172.16.1.0 255.255.255.0 10.1.1.2
co
R3(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.1
5:测试分公司内网之间的通信
o.
PC0 测试:
ct
51
u.
PC1 测试:
ed
http://edu.51cto.com/lecturer/user_id-532091.html
142
实验 39:CCNA 综合实验训练 1
实验拓扑:
m
co
o.
ct
实验目标:
51
检验 CCNA 学习成果
u.
实验步骤:
1:按要求配置二层交换机区域,实现快速 STP、负载均衡、单臂路由通信
ed
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
143
实验配置:
1:二层交换区域基本配置(VLAN、trunk)
Switch>en
Switch(config)#host SW1
SW1(config)#no ip domain-lo
SW1(config)#line con 0
SW1(config-line)#logg syn
SW1(config-line)#exec-t 0 0
SW1(config-line)#inter range fa0/22-24
SW1(config-if-range)#swi mo tr
SW1(config-if-range)#swi none
SW1(config-if-range)#vlan 2
SW1(config-vlan)#name ad
SW1(config-vlan)#vlan 3
m
SW1(config-vlan)#name fd
Switch>en
co
Switch#conf t
Switch(config)#host SW2
SW2(config)#no ip domain-lo
o.
SW2(config)#line con 0
SW2(config-line)#logg syn
SW2(config-line)#exec-t 0 0
ct
SW2(config-line)#inter range fa0/22-23
SW2(config-if-range)#swi mo tr
51
SW2(config-if-range)#swi none
SW2(config-if-range)#vlan 2
SW2(config-vlan)#name ad
SW2(config-vlan)#vlan 3
u.
SW2(config-vlan)#name fd
SW2(config-vlan)#inter fa0/1
SW2(config-if)#swi mo acc
ed
Switch>en
Switch#conf t
Switch(config)#host SW3
SW3(config)#no ip domain-lo
SW3(config)#line con 0
SW3(config-line)#logg syn
SW3(config-line)#exec-t 00
SW3(config-line)#inter range fa0/22-23
SW3(config-if-range)#swi mo tr
http://edu.51cto.com/lecturer/user_id-532091.html
144
SW3(config-if-range)#swi none
SW3(config-if-range)#vlan 2
SW3(config-vlan)#name ad
SW3(config-vlan)#vlan 3
SW3(config-vlan)#name fd
SW3(config-vlan)#inter fa0/1
SW3(config-if)#swi mo acc
SW3(config-if)#swi acc vlan 2
SW3(config-if)#inter fa0/2
SW3(config-if)#swi mo acc
SW3(config-if)#swi acc vlan 3
使用的检查命令:
show vlan bri
show inter trunk
m
2:配置快速生成树
SW1(config)#span m r
co
SW2(config)#span m r
SW3(config)#span m r
o.
使用的检查命令:
show spanning-tree
ct
3:配置 STP 负载均衡
SW2(config)#spanning-tree vlan 2 root primary
51
使用的检查命令:
show spanning-tree
ed
http://edu.51cto.com/lecturer/user_id-532091.html
145
R1(config-line)#inter fa0/0
R1(config-if)#no shut
R1(config-if)#inter fa0/0.2
R1(config-subif)#en do 2
subif)#ip add 192.168.2.254 255.255.255.0
R1(config-subif)#ip
R1(config-subif)#inter fa0/0.3
R1(config-subif)#en do 3
R1(config-subif)#ip
subif)#ip add 192.168.3.254 255.255.255.0
使用的检查命令:
show ip inter bri
测试 VLAN 间通信: (略)
m
co
o.
ct
51
u.
http://edu.51cto.com/lecturer/user_id-532091.html
146
8:打开 PC 无线网卡,搜索 SSID,并连接对应的设备
并连接对应的设备
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
147
9:配置无线路由器的 SSID 和加密方式
和加密方式,使 PC5、PC6 连接至无线路由器
m
co
o.
在 PC5、PC6 上搜索无线信息,并连接至无线路由器
并连接至无线路由器(方法同 PC4)
:略
ct
10:关闭无线路由器的 DHCP 功能,由
由 3560 交换机提供 DHCP 服务
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
148
点击保存:
11:配置三层交换区域(VLAN、SVI、 、DHCP)
Switch>en
Switch#conf t
Switch(config)#host SW4
SW4(config)#no ip domain-lo
SW4(config)#line con 0
SW4(config-line)#logg syn
SW4(config-line)#exec-t 00
SW4(config-line)#vlan 2
m
SW4(config-vlan)#vlan 3
SW4(config-line)#inter vlan 1
co
if)#ip add 192.168.10.1 255.255.255.0
SW4(config-if)#ip
SW4(config-if)#no shut
SW4(config-if)#inter vlan 2
o.
if)#ip add 192.168.20.1 255.255.255.0
SW4(config-if)#ip
SW4(config-if)#no shut
SW4(config-if)#inter vlan 3
ct
if)#ip add 192.168.30.1 255.255.255.0
SW4(config-if)#ip
SW4(config-if)#no shut
51
SW4(config-vlan)#exit
SW4(dhcp-config)#defa
config)#defa 192.168.10.1
SW4(dhcp-config)#dns 192.168.10.1
SW4(dhcp-config)#ip
config)#ip dhcp ex 192.168.10.1 192.168.10.9
ed
http://edu.51cto.com/lecturer/user_id-532091.html
149
SW4(config)#inter fa0/2
SW4(config-if)#swi mo acc
SW4(config-if)#swi acc vlan 2
SW4(config-if)#inter fa0/3
SW4(config-if)#swi mo acc
SW4(config-if)#swi acc vlan 3
12:开启三层交换机路由功能
SW4(config)#ip routing
14:配置 PPP 验证
R1(config)#username R2 pass cisco
m
R1(config)#inter s0/3/0
R1(config-if)#ip add 192.168.12.1 255.255.255.0
co
R1(config-if)#no shut
R1(config-if)#en ppp
R1(config-if)#ppp aut chap
o.
Router>en
Router#conf t
ct
Router(config)#host R2
R2(config)#no ip domain-lo
51
R2(config)#line con 0
R2(config-line)#logg syn
R2(config-line)#exec-t 00
R2(config-line)#ena sec ccna
u.
R2(config)#line vty 0 4
R2(config-line)#pass ccna
R2(config-line)#login
ed
R2(config-line)#exit
http://edu.51cto.com/lecturer/user_id-532091.html
150
15:配置 OSPF(手工 RID、优先级、MD5 验证)
R1(config)#router ospf 1
R1(config-router)#router-id 10.1.1.1
R1(config-router)#net 192.168.2.0 0.0.0.255 area 0
R1(config-router)#net 192.168.3.0 0.0.0.255 area 0
R1(config-router)#net 192.168.12.0 0.0.0.255 area 0
R2(config)#inter fa0/0
R2(config-if)#ip add 192.168.23.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#ip ospf pri 2
R2(config)#router ospf 1
R2(config-router)#router-id 10.2.2.2
R2(config-router)#net 192.168.12.0 0.0.0.255 area 0
m
R2(config-router)#net 192.168.23.0 0.0.0.255 area 0
R2(config-router)#inter fa0/0
co
R2(config-if)#ip ospf authentication me
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
o.
SW4(config)#inter fa0/24
SW4(config-if)#no swi
SW4(config-if)#ip add 192.168.23.2 255.255.255.0
ct
SW4(config-if)#no shut
SW4(config-if)#ip ospf authentication me
51
SW4(config-if)#router ospf 1
SW4(config-router)#router-id 10.3.3.3
u.
16:全网通信测试(略)
telnet 控制测试(略)
http://edu.51cto.com/lecturer/user_id-532091.html
151
实验 40:CCNA 综合实验训练 2
实验拓扑:
m
co
o.
ct
51
u.
实验目标:
检验 CCNA 学习成果
ed
实验步骤:
1:根据拓扑所示,配置接口地址、终端地址(单臂路由地址除外)
2:根据部门划分接入层交换机的 VLAN,配置快速生成树,接入端口配置端口安全,最多允许学
习一个 MAC 地址,违规动作为默认
3:配置 SW1、SW2 之间的以太信道,要求使用思科 PAGP 动态协商
4:配置 2 层交换机的管理地址,实现可远程管理,并只允许开发部终端进行远程访问
5:配置单臂路由,网关分别部署在 R0 和 R2 上,实现 VLAN 间访问
6:全网配置 OSPF 路由协议,并实现传递边界 R3 的静态默认路由
7:配置 FR 区域,实现企业和 ISP 之间的专线模拟,LMI 的类型为 ANSI。
8:配置企业边界 NAT,实现企业访问外部
实验总结:
http://edu.51cto.com/lecturer/user_id-532091.html
152
实验配置:
1:配置接口地址、终端地址(单臂路由地址除外)略
2:创建 VLAN,配置端口安全
SW1(config)#vlan 10
SW1(config-vlan)#name sale
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name rdc
SW1(config-vlan)#name RDC
SW1(config-vlan)#inter fa0/1
SW1(config-if)#swi mo acc
SW1(config-if)#swi acc vlan 10
SW1(config-if)#swi port
SW1(config-if)#inter fa0/2
m
SW1(config-if)#swi mo acc
SW1(config-if)#swi acc vlan 20
SW1(config-if)#swi port-security
SW2(config)#vlan 10
SW2(config-vlan)#name sale
co
o.
SW2(config-vlan)#vlan 20
SW2(config-vlan)#name RDC
SW2(config-vlan)#inter fa0/1
ct
SW2(config-if)#swi mo acc
SW2(config-if)#swi acc vlan 10
51
SW2(config-if)#swi port
SW2(config-if)#inter fa0/2
SW2(config-if)#swi mo acc
SW2(config-if)#swi acc vlan 20
u.
SW2(config-if)#swi port-s
使用的检查命令:
ed
3:配置 trunk
SW1(config)#inter range fa0/11-12,fa0/24
SW1(config-if-range)#swi mo tr
使用的检查命令:
show inter trunk
http://edu.51cto.com/lecturer/user_id-532091.html
153
4:配置快速生成树
SW1(config)#sp m r
SW2(config)#sp m r
使用的检查命令:
show span
6:配置以太信道
SW1(config)#inter range fa0/11-12
SW1(config-if-range)#channel-g 1 mo de
m
使用的检查命令:
show etherchannel summary
7:配置二层交换机的管理地址,并按要求控制远程访问
SW1(config)#inter vlan 20
co
o.
SW1(config-if)#ip add 192.168.20.100 255.255.255.0
SW1(config-if)#no shut
SW1(config-if)#exit
ct
SW1(config)#ena sec ccna
51
SW1(config-line)#login
SW1(config-line)#access-class 1 in
SW1(config-line)#exit
ed
SW2(config)#inter vlan 20
SW2(config-if)#ip add 192.168.20.200 255.255.255.0
SW2(config-if)#no shut
SW2(config-if)#exit
http://edu.51cto.com/lecturer/user_id-532091.html
154
8:配置单臂路由
R0(config)#inter fa0/1
R0(config-if)#no shut
R0(config-if)#inter fa0/1.10
R0(config-subif)#en do 10
R0(config-subif)#ip add 192.168.10.254 255.255.255.0
R2(config)#inter fa0/0
R2(config-if)#no shut
R2(config-if)#inter fa0/0.20
R2(config-subif)#en do 20
R2(config-subif)#ip add 192.168.20.254 255.255.255.0
m
VLAN 间通信测试(略):由于网关在不同的路由器上,所以部分终端之间不通
co
R3(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2
R3(config)#router ospf 1
o.
R3(config-router)#net 192.168.3.0 0.0.0.255 area 0
R3(config-router)#net 192.168.23.0 0.0.0.255 area 0
R3(config-router)#default-information originate
ct
R0(config)#router ospf 1
51
R1(config)#router ospf 1
R1(config-router)#net 192.168.0.0 0.0.0.255 area 0
R1(config-router)#net 192.168.12.0 0.0.0.255 area 0
ed
R2(config)#router ospf 1
R2(config-router)#net 192.168.23.0 0.0.0.255 area 0
R2(config-router)#net 192.168.12.0 0.0.0.255 area 0
R2(config-router)#net 192.168.20.0 0.0.0.255 area 0
使用的检查命令:
show ip route
内网全网通信测试(略)
http://edu.51cto.com/lecturer/user_id-532091.html
155
10:配置帧中继
R3(config)#inter s0/2/0
R3(config-if)#encapsulation
if)#encapsulation frame
frame-relay
R3(config-if)#frame-relay lmi-type
type ansi
R4(config)#inter s0/2/0
R4(config-if)#en fr
R4(config-if)#fr lm an
m
co
o.
ct
51
u.
ed
http://edu.51cto.com/lecturer/user_id-532091.html
156
m
co
o.
ct
FR 专线测试:
R3#ping 200.1.1.2
51
11:配置 NAT
R3(config)#access-list
list 10 permit 192.168.10.0 0.0.0.255
ed
R3(config)#access-list
list 10 permit 192.168.20.0 0.0.0.2
0.0.0.255
使用的检查命令:
show ip nat translations
内外网通信测试(略)
http://edu.51cto.com/lecturer/user_id-532091.html
157