CCNA综合实验-2011.5.15版本
1、实验要求:
1)SW1规划vlan 2 3
验证:show vlan-switch
2)SW1和SW2之间配置trunk
验证:show int trunk
3)SW2通过VTP学习VLAN 2 3
验证:sh vtp stutus
4)STP要求vlan 2走上,VLAN3 走下
验证:sh spanning-tree
5)R1做VLAN 间路由,实现VLAN 1 2 3之间通信
验证:R2能ping通R3
6)R2 R3模拟PC,通过DHCP从R1获取IP
验证:sh ip int brief
7)R4是分公司,R1和R4之间使用FR,要求使用静态映射
验证:sh frame-relay map
8)R1 R4使用动态路由OSPF
验证:R1#SH IP ROUTE
9)R1和internet之间使用PPP连接,并且启用CHAP认证
验证:启用认证,接口能up
10)R4只能被4.4.4.4网管telnet
验证:R4#telnet 10.1.1.1 /source-interface loopback 0
11)内部私有IP通过NAT转换成202.1.1.1上网
192.168.2.0
192.168.3.0
4.4.4.0
10.1.1.0
验证:R2 R3 R4都能ping通202.1.1.5
12)R1 要有0.0.0.0,将0/0发布到OSPF中去
R1(config)#router ospf 1
R1(config-router)#net 10.1.1.0 0.0.0.255 a 0
R1(config-router)#default-information originate
R1(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.3
验证:R4#sh ip route
2、实验设备
SW1 SW2是交换机
R1 R4 internet是router
FR是路由器模拟FRSW
R2 R3是路由器模拟PC
3、实验步骤和验证
--------------------------------------------------------------------------------
实验的配置:
-------------------------------------R1-----------------------------------------------------
hostname R1
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 //除开地址池不能分配的IP地址
ip dhcp excluded-address 192.168.3.1
ip dhcp pool YB //定义DHCP池YB,网段是192.168.2.0
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1 //初始的IP地址是192.168.1.1
ip dhcp pool HT //定义DHCP池HT,网段是192.168.3.0
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
no ip domain lookup
username Internet password 0 ccna //建立本地数据库,实现chap认证
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0.2 //定义子接口
encapsulation dot1Q 2 //封装的类型为dot1Q,而且打上了VLAN2的标签
ip address 192.168.2.1 255.255.255.0
ip access-group 1 in
ip nat inside //nat转换inside的方向,也就是内部局部地址的方向
ip virtual-reassembly
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip access-group 1 in
ip nat inside
ip virtual-reassembly
interface Serial2/0
ip address 10.1.1.1 255.255.255.0
ip access-group 100 in //绑定扩展ACL100,实现只能由4.4.4.4网管R1
ip nat inside
ip virtual-reassembly
encapsulation frame-relay //接口开启FR
serial restart-delay 0
frame-relay map ip 10.1.1.4 104 broadcast //静态写map表,在ospf环境下记得在后面加上broadcast
interface Serial2/1
ip address 202.1.1.1 255.255.255.0
ip nat outside //nat转换outside的方向,也就是内部全局地址方向
ip virtual-reassembly
encapsulation ppp //封装的类型为ppp
serial restart-delay 0
ppp authentication chap //使用chap认证
router ospf 1 //启动ospf路由协议
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0 //把所有的网段都通告出去
neighbor 10.1.1.4 //在帧中继NON_BROADCAST网络环境下,要使用neighbor进行单播建立邻接关系
default-information originate //R1把这条默认路由注入到OSPF AS里面
ip route 0.0.0.0 0.0.0.0 202.1.1.5 //注入缺省路由
ip nat pool ccna 202.1.1.1 202.1.1.1 prefix-length 24 //定义PAT的内部全局地址池,即公网IP地址
ip nat inside source list 1 pool ccna overload //把ACL和NAT地址池绑定,并且overload命令实现PAT的功能
access-list 1 permit 192.168.2.0 0.0.0.255 //标准ACL,只允许192.168.2.0网段的地址转换
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 permit tcp host 4.4.4.4 host 10.1.1.1 //扩展ACL,实现对telnet的限制
access-list 100 permit ospf any any
access-list 100 permit icmp any any
line con 0
exec-timeout 0 0
logging synchronous
login
line vty 0 4
no login
end
----------------------------------------R2-PC----------------------------------------
hostname R2
no ip routing //关闭路由的功能,模拟PC
no ip domain lookup
interface FastEthernet0/0
ip address dhcp
ip default-gateway 192.168.2.1 //PC一般是要写上默认网关的
line con 0
exec-timeout 0 0
logging synchronous
end
---------------------------------------R3-PC-----------------------------------------
hostname R3
no ip routing
no ip domain lookup
interface FastEthernet0/0
ip address dhcp
ip default-gateway 192.168.3.1
line con 0
exec-timeout 0 0
logging synchronous
--------------------------------------R4--------------------------------------------
hostname R4
no ip domain lookup
interface Loopback0
ip address 4.4.4.4 255.255.255.0
interface Serial2/0
ip address 10.1.1.4 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 10.1.1.1 401 broadcast
no shut
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
no login
end
--------------------------------------Internet-------------------------------------
hostname Internet
no ip domain lookup
username R1 password 0 ccna //建立本地数据库,实现chap的验证
interface Serial2/1
ip address 202.1.1.5 255.255.255.0
encapsulation ppp
serial restart-delay 0
clock rate 64000
ppp authentication chap
line con 0
exec-timeout 0 0
logging synchronous
----------------------------------------FR------------------------------------------
hostname FR
no ip domain lookup
frame-relay switching //模拟FR交换机
interface Serial2/0
no ip address
encapsulation frame-relay //开启FR
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce //强制把接口定义为dce,不管物理接口是什么类型
frame-relay route 104 interface Serial2/1 401 //建立PVC
interface Serial2/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 401 interface Serial2/0 104
line con 0
exec-timeout 0 0
logging synchronous
end
----------------------SW1---------------------------------------
hostname SW1
no ip domain lookup
interface FastEthernet1/0
switchport mode trunk //开启trunk
interface FastEthernet1/13
switchport mode trunk
interface FastEthernet1/14
switchport mode trunk
spanning-tree vlan 3 cost 10 //实现负载均衡
line con 0
exec-timeout 0 0
logging synchronous
end
--------------------------------SW2-----------------------------------
hostname SW2
no ip domain lookup
spanning-tree vlan 3 priority 8192 //修改优先级,指定根网桥
interface FastEthernet1/0
switchport access vlan 3 //把接口分配给vlan3
interface FastEthernet1/13
switchport mode trunk
interface FastEthernet1/14
switchport mode trunk
=====================================================================
实验的调试:
1)SW1规划vlan 2 3 :
SW1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/2, Fa1/3, Fa1/4, Fa1/5
Fa1/6, Fa1/7, Fa1/8, Fa1/9
Fa1/10, Fa1/11, Fa1/12, Fa1/15
2 VLAN0002 active Fa1/1
3 VLAN0003 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
2)SW1和SW2之间配置trunk:
SW1#show int trunk
Port Mode Encapsulation Status Native vlan
Fa1/0 on 802.1q trunking 1
Fa1/13 on 802.1q trunking 1
Fa1/14 on 802.1q trunking 1
SW2#show int trunk
Port Mode Encapsulation Status Native vlan
Fa1/13 on 802.1q trunking 1
Fa1/14 on 802.1q trunking 1
3)SW2通过VTP学习VLAN 2 3 :
SW2#show vtp status
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 36
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : Yb
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xAB 0x77 0x16 0x24 0x47 0xA1 0xAE 0xB7
Configuration last modified by 0.0.0.0 at 3-1-02 00:29:53
Local updater ID is 0.0.0.0 (no valid interface found)
*通过SW1 VTP域名的配置,可以实现同步。
4)STP要求vlan 2走上,VLAN3 走下 :
SW2#show spanning-tree vlan 2
VLAN2 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address c201.0a3c.0001
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address c200.0a3c.0001
Root port is 54 (FastEthernet1/13), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 03:28:52 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 54 (FastEthernet1/13) of VLAN2 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.54.
Designated root has priority 32768, address c200.0a3c.0001
Designated bridge has priority 32768, address c200.0a3c.0001
Designated port id is 128.54, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 0, received 6237
Port 55 (FastEthernet1/14) of VLAN2 is blocking
Port path cost 19, Port priority 128, Port Identifier 128.55.
SW1#show spanning-tree vlan 2
VLAN2 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address c200.0a3c.0001
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 2 last change occurred 03:18:59 ago
from FastEthernet1/0
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 41 (FastEthernet1/0) of VLAN2 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.41.
Designated root has priority 32768, address c200.0a3c.0001
Designated bridge has priority 32768, address c200.0a3c.0001
Designated port id is 128.41, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 5975, received 0
Port 42 (FastEthernet1/1) of VLAN2 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.42.
5)R1做VLAN 间路由,实现VLAN 1 2 3之间通信 :
R2#ping 192.168.3.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/172/216 ms
R3#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 140/176/200 ms
6)R2 R3模拟PC,通过DHCP从R1获取IP
R2#show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.2.2 YES DHCP up up
R3#show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.3.2 YES DHCP up up
7)R4是分公司,R1和R4之间使用FR,要求使用静态映射
FR#show frame-relay route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial2/0 104 Serial2/1 401 active
Serial2/1 401 Serial2/0 104 active
8)R1 R4使用动态路由OSPF
R1#show ip route
Gateway of last resort is 202.1.1.5 to network 0.0.0.0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 10.1.1.4, 02:07:47, Serial2/0
202.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 202.1.1.0/24 is directly connected, Serial2/1
C 202.1.1.5/32 is directly connected, Serial2/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial2/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/0.3
S* 0.0.0.0/0 [1/0] via 202.1.1.5
R4#show ip route
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
O 202.1.1.0/24 [110/128] via 10.1.1.1, 02:08:29, Serial2/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial2/0
O 192.168.2.0/24 [110/74] via 10.1.1.1, 02:08:29, Serial2/0
O 192.168.3.0/24 [110/74] via 10.1.1.1, 02:08:29, Serial2/0
O*E2 0.0.0.0/0 [110/1] via 10.1.1.1, 01:21:48, Serial2/0
9)R1和internet之间使用PPP连接,并且启用CHAP认证
*Mar 1 04:08:29.978: Se2/1 PPP: Using default call direction
*Mar 1 04:08:29.982: Se2/1 PPP: Treating connection as a dedicated line
*Mar 1 04:08:29.986: Se2/1 PPP: Session handle[4000012] Session id[54]
*Mar 1 04:08:29.986: Se2/1 PPP: Authorization required
*Mar 1 04:08:30.134: Se2/1 CHAP: O CHALLENGE id 53 len 23 from "R1"
*Mar 1 04:08:30.198: Se2/1 CHAP: I CHALLENGE id 29 len 29 from "Internet"
*Mar 1 04:08:30.222: Se2/1 CHAP: Using hostname from unknown source
*Mar 1 04:08:30.222: Se2/1 CHAP: Using password from AAA
*Mar 1 04:08:30.226: Se2/1 CHAP: O RESPONSE id 29 len 23 from "R1"
*Mar 1 04:08:30.242: Se2/1 CHAP: I RESPONSE id 53 len 29 from "Internet"
*Mar 1 04:08:30.258: Se2/1 PPP: Sent CHAP LOGIN Request
*Mar 1 04:08:30.270: Se2/1 PPP: Received LOGIN Response PASS
*Mar 1 04:08:30.278: Se2/1 PPP: Sent LCP AUTHOR Request
*Mar 1 04:08:30.282: Se2/1 PPP: Sent IPCP AUTHOR Request
*Mar 1 04:08:30.282: Se2/1 CHAP: I SUCCESS id 29 len 4 //chap认证成功
*Mar 1 04:08:30.294: Se2/1 LCP: Received AAA AUTHOR Response PASS
*Mar 1 04:08:30.298: Se2/1 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 04:08:30.302: Se2/1 CHAP: O SUCCESS id 53 len 4
*Mar 1 04:08:30.310: Se2/1 PPP: Sent CDPCP AUTHOR Request
*Mar 1 04:08:30.322: Se2/1 CDPCP: Received AAA AUTHOR Response PASS
*Mar 1 04:08:30.414: Se2/1 PPP: Sent IPCP AUTHOR Request
10)R1只能被4.4.4.4网管telnet
R4#telnet 10.1.1.1
Trying 10.1.1.1 ...
% Destination unreachable; gateway or host down
R4#telnet 10.1.1.1 /source-interface loo 0
Trying 10.1.1.1 ... Open
R1>
11)内部私有IP通过NAT转换成202.1.1.1上网
192.168.2.0
192.168.3.0
10.1.1.0
R4#ping 202.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 188/233/272
R2#ping 202.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/176/216 ms
R3#ping 202.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/180/216 ms
12)R1 要有0.0.0.0,将0/0发布到OSPF中去
R4#show ip route
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 10.1.1.1, 00:04:13, Serial2/0
--------------------------------------------------------------------------------------------------
实验的总结:
明确每个实验的目的。
注意细节的问题,比如R1的F1/0是要开启TRUNK的。
注意OSPf在帧中继环境下的不同网络类型的配置。
