模拟环境概述:
局域网分两层,接入层和汇聚层。接入层配置vlan,其接入的计算机有汇聚层核心交换机提供的dhcp服务,为接入不同vlan的计算机提供dhcp服务。同时汇聚交换机又提供NAT服务,将内网ip映射到全局地址池,再通过路由器访问外网。实验要求内网pc能访问外网www和dns服务器(219.149.194.55),vlan间能互相通信,pc能自动获取ip。本实验只是模拟企业网络的模型。很多配置和网络拓扑设计还不完整。但已是综合性很强的实验了。拓扑是自己假设的,和有些企业网络有些接近了。实验我用了一个晚上来完成,为了大家都看明白,拓扑图标得很仔细。不足之处请提出高贵意见。我们共同探讨。下面我们来开始实验。
拓扑图如下:
S1交换机配置
基本配置
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname s1
s1(config)#line console 0
s1(config-line)#logging synchronous
s1(config-line)#exec-timeout 0 0
s1(config-line)#exit
s1(config)#vlan 10
s1(config-vlan)#name caiwu
s1(config-vlan)#exit
s1(config)#vlan 20
s1(config-vlan)#name renshi
s1(config-vlan)#exit
分配vlan
s1(config)#interface f0/1
s1(config-if)#switchport mode access
s1(config-if)#switchport access vlan 20
s1(config-if)#no shutdown
s1(config-if)#exit
s1(config)#interface f0/2
s1(config-if)#switchport mode access
s1(config-if)#switchport access vlan 10
s1(config-if)#no shutdown
s1(config-if)#exit
s1(config)#interface g1/1
s1(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
s1(config-if)#no shutdown
s1(config-if)#exit
s1(config)#
s2配置
基本配置
Switch>enable
Switch#configure t
Switch(config)#hostname s2
s2(config)#line console 0
s2(config-line)#logging synchronous
s2(config-line)#exec-timeout 0 0
s2(config-line)#exit
s2(config)#vlan 10
s2(config-vlan)#name caiwu
s2(config-vlan)#exit
s2(config)#vlan 20
s2(config-vlan)#name renshi
s2(config-vlan)#exit
分配vlan
s2(config)#interface f0/2
s2(config-if)#switchport mode access
s2(config-if)#switchport access vlan 10
s2(config-if)#no shutdown
s2(config-if)#exit
s2(config)#interface f0/1
s2(config-if)#switchport mode access
s2(config-if)#switchport access vlan 20
s2(config-if)#no shutdown
s2(config-if)#exit
s2(config)#interface g1/1
s2(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
s2(config-if)#
s2(config-if)#no shutdown
s2(config-if)#exit
s2(config)#
核心交换机配置
基本配置
Switch>enable
Switch#configure terminal
Switch(config)#hostname huiju
huiju(config)#line console 0
huiju(config-line)#logging synchronous
huiju(config-line)#exec-timeout 0 0
huiju(config-line)#exit
huiju(config)#ip routing
huiju(config)#interface g0/1
huiju(config-if)#switchport mode trunk
huiju(config-if)#no shutdown
huiju(config-if)#exit
huiju(config)#interface g0/2
huiju(config-if)#switchport mode trunk
huiju(config-if)#no shutdown
huiju(config-if)#exit
huiju(config)#interface f0/1
huiju(config-if)#no switchport
huiju(config-if)#ip address 200.200.200.1 255.255.255.0
huiju(config-if)#no shutdown
huiju(config-if)#
创建vlan
huiju(config)#vlan 10
huiju(config-vlan)#name caiwu
huiju(config-vlan)#exit
huiju(config)#vlan 20
huiju(config-vlan)#name renshi
huiju(config-vlan)#exit
huiju(config)#interface vlan 10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to uphuiju(config-if)#
huiju(config-if)#ip address 192.168.1.254 255.255.255.0
huiju(config-if)#no shutdown
huiju(config-if)#exit
huiju(config)#interface vlan 20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to uphuiju(config-if)#
huiju(config-if)#ip address 192.168.2.254 255.255.255.0
huiju(config-if)#no shutdown
huiju(config-if)#
开启dhcp服务
huiju(config)#ip dhcp pool caiwu
huiju(dhcp-config)#network 192.168.1.0 255.255.255.0
huiju(dhcp-config)#default-router 192.168.1.254
huiju(dhcp-config)#dns-server 219.149.194.55
huiju(dhcp-config)#exit
huiju(config)#ip dhcp pool renshi
huiju(dhcp-config)#network 192.168.2.0 255.255.255.0
huiju(dhcp-config)#default-router 192.168.2.254
huiju(dhcp-config)#dns-server 219.149.194.55
huiju(dhcp-config)#exit
huiju(config)#
huiju(config)#ip dhcp excluded-address 192.168.1.254
huiju(config)#ip dhcp excluded-address 192.168.2.254
验证各vlan间pc能通讯
默认路由 huiju(config)#ip route huiju(config)#access-list 1 permit 192.168.1.0.255 huiju(config)#access-list 2 permit 192.168.2.0.255 huiju(config)#ip nat inside source list 1 interface f0/1 huiju(config)#ip nat pool globle_renshi 200.200.200.3 200.200.200.5 netmask 255.255.255.0 huiju(config)#ip nat inside source list 2 pool globle_renshi overload //端口复用nat<span style="font-size: 10pt; color: red; font-family: 宋体; mso-ascii-font-family: "Times New Roman'; mso-hansi-font-family: Verdana">,命令格式:
huiju(config)#interface vlan 10
huiju(config-if)#ip nat inside
huiju(config-if)#exit
huiju(config)#interface vlan 20
huiju(config-if)#ip nat inside
huiju(config-if)#exit
huiju(config)#interface f0/1
huiju(config-if)#ip nat outside
huiju(config-if)#end
huiju#
显示配置结果
huiju#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: FastEthernet0/1
Inside Interfaces: Vlan10 , Vlan20
Hits: 10 Misses: 12
Expired translations: 12
Dynamic mappings:
-- Inside Source
access-list 2 pool globle_renshi refCount 0
pool globle_renshi: netmask 255.255.255.0
start 200.200.200.3 end 200.200.200.5
type generic, total addresses 3 , allocated 0 (0%), misses 0
huiju#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 200.200.200.1:21 192.168.1.1:21 200.200.200.2:21 200.200.200.2:21
icmp 200.200.200.1:22 192.168.1.1:22 200.200.200.2:22 200.200.200.2:22
icmp 200.200.200.1:23 192.168.1.1:23 200.200.200.2:23 200.200.200.2:23
icmp 200.200.200.1:24 192.168.1.1:24 200.200.200.2:24 200.200.200.2:24
Pro Inside global Inside local Outside local Outside global
icmp 200.200.200.3:1 192.168.2.1:1 200.200.200.2:1 200.200.200.2:1
icmp 200.200.200.3:2 192.168.2.1:2 200.200.200.2:2 200.200.200.2:2
icmp 200.200.200.3:3 192.168.2.1:3 200.200.200.2:3 200.200.200.2:3
icmp 200.200.200.3:4 192.168.2.1:4 200.200.200.2:4 200.200.200.2:4
Pro Inside global Inside local Outside local Outside global
icmp 200.200.200.1:1 192.168.1.2:1 200.200.200.2:1 200.200.200.2:1
icmp 200.200.200.1:2 192.168.1.2:2 200.200.200.2:2 200.200.200.2:2
icmp 200.200.200.1:3 192.168.1.2:3 200.200.200.2:3 200.200.200.2:3
icmp 200.200.200.1:4 192.168.1.2:4 200.200.200.2:4 200.200.200.2:4
icmp 200.200.200.3:2 192.168.2.1:2 200.200.200.2:2 200.200.200.2:2
icmp 200.200.200.3:3 192.168.2.1:3 200.200.200.2:3 200.200.200.2:3
icmp 200.200.200.3:4 192.168.2.1:4 200.200.200.2:4 200.200.200.2:4
huiju#
ISP路由器配置
Router>enable
Router#configure terminal
Router(config)#hostname ISP
ISP(config)#line console 0
ISP(config-line)#logging synchronous
ISP(config-line)#exec-timeout 0 0
ISP(config-line)#exit
ISP(config)#interface s0/1/0
ISP(config-if)#ip address 219.149.2.3 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface f0/1
ISP(config-if)#ip address 219.149.194.1 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface f0/0
ISP(config-if)#ip address 219.149.200.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#
本地路由器配置
bendi_router>enable
bendi_router#configure terminal
bendi_router(config)#line console 0
bendi_router(config-line)#logging syn
bendi_router(config-line)#exec-timeout 0 0
bendi_router(config-line)#exit
bendi_router(config)#
bendi_router(config)#interface f0/0
bendi_router(config-if)#ip address 200.200.200.2 255.255.255.0
bendi_router(config-if)#no shutdown
bendi_router(config)#
bendi_router(config)#interface s0/2/0
bendi_router(config-if)#clock rate 64000
bendi_router(config-if)#ip address 219.149.2.2 255.255.255.0
bendi_router(config-if)#no shutdown
到现在我们已经配置好内部局域网,现在对路由器进一步配置,让内网可访问dns和www服务器
ISP路由器配置静态路由
ISP(config)#ip route 200.200.200.0 255.255.255.0 219.149.2.2
本地路由器配置静态路由
bendi_router(config)#ip route 219.149.194.0 255.255.255.0 219.149.2.3
bendi_router(config)#ip route 219.149.200.0 255.255.255.0 219.149.2.3
至此完成实验。我们来验证结果
