路由与交换实习实验报告参考
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
路由与交换实习实验报告参考
————————————————————————————————作者:————————————————————————————————日期:
实验报告【实验网络拓扑结构】
【实验目的】
1.实现校园网网络连通
1)利用静态路由实现汇聚交换机和路由器与核心路由器间连通
2)利用rip实现内部汇聚交换机与核心路由器间连通
3)利用ospf实现汇聚路由器与核心路由器连通
4)通过设置单臂路由使教学楼1和教学楼2能互相连通
5)对学生宿舍楼和教学楼分别划分vlan
2.在核心路由器上实现nat转换,使内部网络能访问internet
3.设置标准acl规则:禁止外部用户访问内部网络
4.设置扩展acl规则:仅允许内部用户访问数据中心的80,21端口
6.在核心路由与出口路由间运用ppp协议配置
最后要求将检测结果放入一个WORD文档中,文件名为:学号-大作业.DOC中给出网络互通的效果,将PING截图
在各网络设备上,用SHOW RUN命令
对交换机,还要求SHOW VLAN,show int ipswitchport
对路由器,还要求SHOW IP ROUTE
对NA T,要求用PING–T,及DEBUG IP NA T
对ACL,要求检测相关口或VLAN的ACL表,SHOW IP INT端口号【实验中运用的知识点】
1)静态路由
2)Rip
3)Ospf
4)nat转换
5)标准访问控制列表规则
6)扩展访问控制列表规则
7)划分vlan
8)单臂路由
9)广域网协议ppp
【实验配置步骤】
第一部分配置内部网络连通
注意:配置中省略了各端口的ip配置,相信端口ip可以从拓扑图中反应
1)接入交换机1配置
划分vlan
Switch(config)#int fa0/2
Switch(config-if)#switchport accessvlan
Switch(config-if)#switchportaccess vlan 2
Switch(config)#int fa0/3
Switch(config-if)#switchport accessvlan3
Switch(config)#intfa0/1
Switch(config-if)#switchport trunk encapsulation dot1q (2960等交换机只支持802.1q协议,这里忽略)
Switch(config-if)#switchport modetrunk
Switch(config-if)#switchport trunkallowed vlan all
Switch(config-if)#exit
2)汇聚路由器配置
设置单臂路由
Router(config)#interfacefa0/0.1配置子接口这是配置单臂路由的关键,这个接口是个逻辑接口,并不是实际存在的物理接口,但是功能却和物理接口是一样的。
R outer(config-subif)#encapsulation dot1q 2为这个接口配置802.1Q协议,最后面的2是vlan 号,这也是关键部分
Router(config-subif)#ip address 192.168.2.254 255.255.255.0为该接口划分ip地址。
Router(config-subif)#exit
Router(config)#interfacefa0/0.2
Router(config-subif)#encapsulationdot1q3.
Router(config-subif)#ip address 192.168.3.254 255.255.255.0
Router(config-subif)#end
设置ospf
Router(config)#router ospf 100
Router(config-router)#network 192.168.3.0 0.0.0.255 area0
Router(config-router)#network 192.168.4.0 0.0.0.255 area0
设置静态路由
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.4.101
3)接入交换机2配置
创建vlan4vlan5
Switch(config)#intvlan4
Switch(config)#intvlan5
Switch(config)#intfa0/2
Switch(config-if)#switchport access vlan4
Switch(config)#int fa0/3
Switch(config-if)#switchport access vlan 5
4)汇聚交换机配置
为vlan4和vlan5设置svi
Switch(config)#intvlan4
Switch(config-if)#ip address172.16.2.254
Switch(config)#intvlan5
Switch(config-if)#ip address 172.16.3.254
设置trunk
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
设置rip
Switch(config)#router rip
Switch(config-router)#network 172.16.0.0
设置静态路由
Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.4.101 5)核心路由器配置
设置静态路由
Router(config)#iproute0.0.0.00.0.0.0192.168.4.100
Router(config)#iproute0.0.0.0 0.0.0.0172.16.4.100
设置rip
Router(config)#router rip
Router(config-router)#network192.168.4.0
Router(config-router)#network 172.16.0.0
设置ospf
Router(config)#router ospf 100
Router(config-router)#network192.168.4.0 0.0.0.255 area 0
6)汇聚交换机2配置
设置静态路由
Switch(config)#ip route0.0.0.0 0.0.0.0 10.1.2.101
至此,内部网络均能互相连通,接下来我们先配置nat使内网可以连通外网
第二部分设置nat转换,使内部用户能访问外部网络
核心路由器(nat)配置
Router(config)#int fa0/0
Router(config-if)#ip nat inside//将该接口标记为内部接口
Router(config)#int fa1/0
Router(config-if)#ip nat inside //将该接口标记为内部接口
Router(config)#int fa7/0//将该接口标记为内部接口
Router(config-if)#ip nat inside
Router(config)#intse2/0
Router(config-if)#ip nat outside//将该接口标记为外部接口
Router(config)#access-list 10permit 192.168.4.0 0.0.0.255
Router(config)#access-list 10permit 192.168.2.0 0.0.0.255
Router(config)#access-list10 permit192.168.3.0 0.0.0.255
Router(config)#access-list10 permit 172.16.0.00.0.255.255
Router(config)#access-list10 permit172.16.0.00.0.255.255
Router(config)#access-list10 permit10.1.2.0 0.0.0.255
Router(config)#access-list 10 permit 10.1.1.00.0.0.255
//定义标准访问控制列表10只允许定义的地址能够被转换
Router(config)#ip nat poolout202.121.241.10202.121.241.20 netmask 255.255.255.0
//定义名称为out的地址池。
Router(config)#ip nat inside sourcelist10 pool out
//将访问控制列表定义的地址和地址池关联这样就有前内部主机能够得到公网地址。
第三部分设置acl规则
首先设置出口路由器和核心路由器使外部网络与内部网络连通
出口路由器配置
设置静态路由
Router(config)#ip route 0.0.0.00.0.0.0 202.121.241.8
核心路由器配置
设置静态路由
Router(config)#ip route0.0.0.00.0.0.0202.121.241.100
在出口路由器上做如下配置
设置标准访问控制列表规则如下:
1)禁止外部用户访问内部网络
Router(config)#access-list 11 deny any
Router(config)#int fa0/0
Router(config-if)#ip access-group11 in
在核心路由器上做如下配置
设置扩展访问控制列表规则如下
2) 仅允许内部用户访问数据中心的80,21端口
Router(config)#ip access-listextended test
Router(config-ext-nacl)#permit tcp anyany eq 80
Router(config-ext-nacl)#permit tcp anyany eq21
Router(config-ext-nacl)#deny ip anyany
Router(config)#int fa7/0
Router(config-if)#ipaccess-group test out
第四部分广域网协议ppp设置
出口路由器配置
Router(config)#hostname R1
R1(config)#username R2password zgl
R1(config)#int se2/0
R1(config-if)#en ppp
R1(config-if)#ppp authentication chap核心路由器配置
Router(config)#hostnameR2
R2(config)#username R1passwordzgl R2(config)#interface se2/0
R2(config-if)#en ppp
【实验检测】
网络互通测试截图如下:
教学楼到汇聚路由器
教学楼到核心路由器
教学楼到宿舍楼
教学楼到数据中心
教学楼到外部网络
宿舍楼到教学楼
宿舍楼到数据中心
宿舍楼到外部网络
外部网络到教学楼
外部网络到宿舍楼
外部网络到数据中心
Nat转换测试:
在核心路由器上debug ip nat截图如下:
Acl规则测试
在核心路由器Showip端口
、Router#show ip interface fa7/0
FastEthernet7/0 isup, line protocolis up(connected)
Internetaddressis 10.1.2.101/8
Broadcast addressis 255.255.255.255
Addressdetermined bysetup command
MTU is 1500
Helper address isnotset
Directedbroadcastforwardingis disabled
Outgoing access listis test
Inbound access list is not set
Proxy ARP is enabled
Securitylevelis default
Split horizonis enabled
ICMP redirectsarealwayssent
ICMPunreachablesare alwayssent
ICMP mask replies are never sent
IP fast switching is disabled
IP fastswitchingon thesame interface is disabled IP Flow switchingis disabled
IP Fastswitching turbo vector
IP multicast fast switching isdisabled
IP multicastdistributed fast switchingis disabled RouterDiscoveryis disabled
IP output packet accounting is disabled
IPaccess violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxyname replies aredisabled
Policyrouting is disabled
Networkaddresstranslation is disabled
WCCP Redirect outbound is disabled
WCCP Redirect exclude isdisabled
BGPPolicy Mapping is disabled
在出口路由器Show ip 端口
Router#showip interface fa0/0
FastEthernet0/0is up,line protocol is up (connected) Internet address is219.220.240.100/24
Broadcast addressis 255.255.255.255
Addressdetermined by setup command
MTUis 1500
Helperaddressis not set
Directed broadcast forwardingis disabled
Outgoingaccess listis notset
Inboundaccess list is 11
Proxy ARP is enabled
Securitylevel isdefault
Splithorizon isenabled
ICMPredirects are always sent
ICMP unreachables arealwayssent
ICMP maskreplies arenever sent
IP fastswitching is disabled
IP fastswitching on thesame interfaceisdisabled IPFlow switchingis disabled
IP Fast switching turbo vector
IPmulticast fast switching is disabled
IP multicastdistributedfast switching is disabled
RouterDiscoveryis disabled
IP output packetaccounting is disabled
IP accessviolation accounting isdisabled
TCP/IP header compression is disabled
RTP/IPheader compression isdisabled
Probeproxy namerepliesare disabled
Policy routing isdisabled
Network addresstranslationis disabled
WCCP Redirect outbound isdisabled
WCCPRedirect exclude isdisabled
BGP Policy Mapping isdisabled
在汇聚路由及核心路由上show ospf neighbor
核心路由器上showrun,show ip router
R2#showrun
Building configuration...
Current configuration :1724 bytes
!
version 12.2
no servicetimestamps log datetimemsec no servicetimestampsdebugdatetime msec
noservice password-encryption
!
hostname R2
!
usernameR1 password 0 zgl
!
interfaceFastEthernet0/0
ip address 192.168.4.101255.255.255.0ip nat inside
duplexauto
speed auto
!
interface FastEthernet1/0
ip address172.16.4.101 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial2/0
ip address 202.121.241.8 255.255.255.0
encapsulation ppp
pppauthenticationchap
ip nat outside
clockrate64000
!
interface Serial3/0
noip address
shutdown
!
interfaceFastEthernet4/0
noip address
shutdown
!
interface FastEthernet5/0
noip address
shutdown
!
interface GigabitEthernet6/0
no ipaddress
duplex auto
speed auto
shutdown
!
interface FastEthernet7/0
ipaddress 10.1.2.101 255.0.0.0
ipaccess-group test out
ip natinside
duplex auto
speedauto
!
router ospf100
log-adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
!
router rip
network172.16.0.0
network 192.168.4.0
!
ip nat poolout202.121.241.10202.121.241.20netmask 255.255.255.0 ip nat insidesource list10 pool out
ip classless
iproute 0.0.0.00.0.0.0 192.168.4.100
ip route 0.0.0.00.0.0.0 172.16.4.100
iproute0.0.0.00.0.0.0 202.121.241.100
!
!
access-list 10 permit192.168.4.00.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10permit192.168.3.00.0.0.255
access-list10 permit 172.16.0.0 0.0.255.255
access-list10permit 10.1.2.00.0.0.255
access-list 10permit10.1.1.0 0.0.0.255
ip access-list extended test
permittcp anyany eq www
permit tcp any anyeq ftp
deny ipanyany
!
no cdprun
!
!
line con 0
line vty 0 4
login
End
R2#showip route
Codes:C- connected, S -static,I-IGRP,R - RIP, M - mobile, B - BGP
D-EIGRP,EX- EIGRPexternal, O -OSPF,IA - OSPF inte rarea
N1 -OSPF NSSA external type 1,N2 - OSPF NSSA externaltype 2
E1- OSPF external type1, E2-OSPF external type2,E - EG P
i-IS-IS,L1- IS-IS level-1,L2 - IS-IS level-2, ia-IS-ISint er area
* -candidate default,U -per-user static route,o- ODR
P -periodic downloaded staticroute
Gateway of last resort is 172.16.4.100 to network 0.0.0.0
C 10.0.0.0/8 is directly connected,FastEthernet7/0
172.16.0.0/24 issubnetted,3subnets
R 172.16.2.0[120/1] via 172.16.4.100, 00:00:21,FastEthernet1/0 R 172.16.3.0[120/1]via 172.16.4.100, 00:00:21, FastEthernet1/0 C 172.16.4.0is directly connected, FastEthernet1/0
O192.168.3.0/24 [110/2] via 192.168.4.100, 00:40:37,FastEthernet0/0
C192.168.4.0/24is directlyconnected, FastEthernet0/0
C202.121.241.0/24is directly connected,Serial2/0
S* 0.0.0.0/0 [1/0]via172.16.4.100
[1/0] via192.168.4.100
[1/0] via202.121.241.100
在汇聚交换机1上show vlan
Switch#showvlan
VLANName Status Ports
--------------------------------------------- -------------------------------
1 default active Fa0/3,Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10,Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16,Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21,Fa0/22,Fa0/23
Fa0/24, Gig0/1, Gig0/2
4 VLAN0004active Fa0/4
55active
6 VLAN0006 active Fa0/2
1002 fddi-defaultact/unsup
1003 token-ring-defaultact/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAIDMTUParent RingNoBridgeNo StpBrdgMode Trans1 Trans2
---- -------------------------- ------------------ -------- ------ ------
1enet 1000011500 -- - -- 00
4enet 1000041500 - - - - -0 0
5 enet100005 1500 - -- - -00
6 enet1000061500-- - - - 0 0
1002 fddi1010021500---- - 00
1003tr101003 1500--- - - 0 0
1004 fdnet1010041500 -- - ieee- 0 0
1005 trnet 101005 1500- - - ibm- 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary TypePorts
------- -------------------------- ------------------------------------------
在汇聚路由器上show ip router
Router#show iproute
Codes:C-connected, S- static,I - IGRP, R -RIP,M- mobile, B -BGP
D - EIGRP, EX -EIGRP external, O -OSPF,IA - OSPF intera rea
N1- OSPF NSSA external type1,N2-OSPF NSSA external type2
E1 - OSPF external type1, E2 - OSPFexternaltype2,E- EGP
i-IS-IS, L1 - IS-ISlevel-1,L2 -IS-IS level-2,ia -IS-IS inter area
* - candidatedefault,U-per-userstaticroute, o- ODR
P-periodicdownloaded staticroute
Gateway oflastresort is192.168.4.101 to network 0.0.0.0
C192.168.2.0/24 is directly connected, FastEthernet0/0.1
C 192.168.3.0/24is directly connected,FastEthernet0/0.2
C 192.168.4.0/24isdirectly connected, FastEthernet0/1
S*0.0.0.0/0[1/0] via192.168.4.101
汇聚交换机2上show vlan
Switch#show vlan
VLANName Status Ports
--------------------------------------------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7,Fa0/8, Fa0/9, Fa0/10
Fa0/11,Fa0/12,Fa0/13,Fa0/14
Fa0/15,Fa0/16,F a0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa 0/22
Fa0/23,Fa0/24,Gig0/1,Gig0/2
2 VLAN0002activeFa0/2
3 VLAN0003activeFa0/1
1002 fddi-defaultact/unsup
1003 token-ring-default act/unsup
1004fddinet-default act/unsup
1005trnet-defaultact/unsup
VLAN Type SAID MTU Parent RingNo BridgeNoStp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------------------------ --------------------
1enet100001 1500--- - -0 0
2enet1000021500 - - - - - 0 0
3 enet 1000031500- - - - -0 0
1002 fddi 1010021500--- --0 0
1003tr 1010031500- --- - 00
1004fdnet101004 1500 --- ieee-00
1005 trnet 101005 1500- - -ibm- 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary SecondaryType Ports
------- --------- ----------------- ----------------------
出口路由器上showrun及show ip router
R1#showrun
Buildingconfiguration...
Current configuration :840bytes
!
version12.2
no service timestamps log datetimemsec
no servicetimestamps debug datetimemsec
no service password-encryption
!
hostname R1
!
username R2password 0 zgl
!
!
interfaceFastEthernet0/0
ip address 219.220.240.100 255.255.255.0 ipaccess-group11in
duplexauto
speed auto
!
interfaceFastEthernet1/0
ipaddress202.121.240.100255.255.255.0 duplex auto
speed auto
!
interface Serial2/0
ip address202.121.241.100 255.255.255.0
encapsulation ppp
ppp authentication chap
!
interface Serial3/0
no ipaddress
shutdown
!
interfaceFastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
routerrip
!
ip classless
iproute0.0.0.0 0.0.0.0202.121.241.8 !
!
access-list 11 deny any
!
no cdprun
!
linecon 0
line vty 04
login
!
End
R1#show iproute
Codes:C- connected, S-static, I-IGRP, R- RIP,M -mobile, B - BGP
D -EIGRP,EX - EIGRPexternal,O- OSPF,IA-OSPF interarea
N1- OSPFNSSA external type 1,N2 -OSPF NSSAexternal type 2
E1- OSPF external type1,E2 - OSPF external type 2, E -EGP
i - IS-IS,L1- IS-IS level-1, L2 - IS-ISlevel-2, ia -IS-ISinterarea
* -candidatedefault, U -per-user staticroute,o- ODR
P- periodic downloaded static route
Gateway of last resortis202.121.241.8 to network 0.0.0.0
C 202.121.241.0/24 is directlyconnected, Serial2/0
C 219.220.240.0/24isdirectly connected, FastEthernet0/0
S*0.0.0.0/0[1/0]via202.121.241.8。