上个礼拜欧鹏兰博公司的教学总监来学校教我们CCNA课程。在老师走之前,给我们布置了一个作业,这个作业是他在教我们CCNA的6天期间所有涉及知识的总结实验。

实验工具:

Cisco Packet Tracer 5.3

实验拓扑图:

 


实验要求:

1、Router0以下为企业内部网络,以上为公网
2、为此内部网络创建VTP域
3、PC0和PC2在VLAN100中,
PC1和PC3在VLAN200中,
PC4和PC5在VLAN300中
4、Router1下为分支机构,PC6在VLAN10中
Server0和Server1在VLAN20中
5、在内部网络中部署EIGRP,要求所有设备都
能够正常互相访问
6、Server0为一台mail服务器,允许所有设备的
mail访问,但拒绝其它流量
7、Server1为一台FTP服务器,只允许VLAN100内
的用户使用其FTP服务,拒绝其它流量
8、PC7是一台网络管理员使用的设备,内网中所有
网络设备只允许此台设备telnet。
9、为所有网络设备设置特权模式密文密码和telnet密码
10、Router2和Router3为ISP的路由器,在两台设备上
启用OSPF协议,都在同一个区域当中
11、ISP的路由器不能和企业边界路由器形成路由协议
的邻居关系
12、在企业边界路由器上做NAT,要求内部网络中所有
地址在访问公网时都使用此台设备的公网IP
13、Server2是一台公网上的web服务器,配置访问控制
列表使得此服务器只允许www和PING的流量。
14、核心交换是所有VLAN的根桥

实验配置:

Core:

Building configuration…

Current configuration : 2000 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
no switchport
ip address 10.1.252.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
no switchport
ip address 10.1.254.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
no switchport
ip address 10.1.253.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.1.10.1 255.255.255.0
!
interface Vlan100
ip address 10.1.1.1 255.255.255.0
!
interface Vlan200
ip address 10.1.2.1 255.255.255.0
!
interface Vlan300
ip address 10.1.3.1 255.255.255.0
!
router eigrp 100
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
network 10.1.252.0 0.0.0.255
network 10.1.253.0 0.0.0.255
network 10.1.254.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.254.1
!
!
access-list 1 permit host 10.1.253.254
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end

Gateway:

Building configuration…

Current configuration : 743 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.254.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
router eigrp 100
network 10.1.254.0 0.0.0.255
auto-summary
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.2
!
access-list 1 permit 10.1.0.0 0.0.255.255
!
no cdp run
!
line con 0
line vty 0 4
password zjicm
login
!
end

Branch:

Building configuration…

Current configuration : 900 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/0
ip address 10.1.252.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 10
ip address 10.1.4.1 255.255.255.0
!
interface FastEthernet0/1.2
encapsulation dot1Q 20
ip address 10.1.5.1 255.255.255.0
!
router eigrp 100
network 10.1.4.0 0.0.0.255
network 10.1.5.0 0.0.0.255
network 10.1.252.0 0.0.0.255
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.252.1
!
access-list 1 permit host 10.1.253.254
!
no cdp run
!
line con 0
line vty 0 4
access-class 1 in
password zjicm
login
!
end

ISP

Building configuration…

Current configuration : 552 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.2.1 255.255.255.0
duplex auto
speed auto
!
router ospf 100
log-adjacency-changes
redistribute connected subnets
network 200.1.2.0 0.0.0.255 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end

Switch_Core:

Building configuration…

Current configuration : 1253 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 100
!
interface FastEthernet0/2
switchport access vlan 200
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.10.2 255.255.255.0
!
ip default-gateway 10.1.10.1
!
access-list 1 permit host 10.1.253.254
line con 0
!
line vty 0 4
access-class 1 in
password zjicm
login
line vty 5 15
login
!
end

Switch_Branch

Building configuration…

Current configuration : 1220 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$mERr$.CqTY7EzvjMOKXECmpiOZ0
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.20.2 255.255.255.0
!
ip default-gateway 10.1.20.1
!
line con 0
!
line vty 0 4
password zjicm
login
line vty 5 15
login
!
end

总结:

自己在老师讲解之前不会的地方:

1.pc7 如何管理Branch的Switch。

2.在局域网配置ospf的时候,我把Gateway忘记配置了,导致内网终端无法ping通外网。

3.在Gateway和ISP之间声明路由应该用再分配(redistribute)。

4.pc7 管理Core下Switch我用的是创建新的vlan然后管理,但是如果这样的话,无法管理Branch的Switch,应该再旧有的vlan(比如vlan1)上管理。

5.一开始的时候没有想到单臂路由。