网络综合调试.docx

资源描述

网络综合调试.docx

《网络综合调试.docx》由会员分享，可在线阅读，更多相关《网络综合调试.docx（13页珍藏版）》请在冰点文库上搜索。

网络综合调试.docx

网络综合调试

一、【试题案例说明】

1、设计的网络拓扑结构如下：

二、【设备配置要求】

1、按照题意给所有交换机和路由器配置hostname，例如RA，SWC。

2、根据拓扑所示连接各个设备。

3、根据拓扑给交换配置VLAN，每个接入层交换机上分别有2个不同VLAN。

SWC和SWD作为DHCPSERVER给用户分配IP地址。

4、配置MSTP实现汇聚层负载均衡

5、所有设备之间互联地址规划为10.0.0.1/24网段，为了保证设备的安全性，要求每两台设备之间的互联地址为不同网段。

6、RA、RB之间使用V.35线缆连接，并封装PPP协议，PPP采用CHAP进行认证；RA和RB的验证用户名以及密码均为digitalchina

7、汇聚层之间采用OSPF动态路由协议互联，路由器之间采用静态路由协议互联，要求内网全通

8、RA上配置NAT地址转换，内网所有用户都能上网。

并开启安全防护功能。

9、做访问控制列表，任何用户不能通过ping访问服务器。

1、各交换机和路由器的hostname,

Switch>System

Switch#systemSWC

SWC#

2、接入层所要用的相关技术及协议，VLAN、DHCP、MSTP的配置

--------------------------VLAN

SWC#vlan10

[SWC—vlan10]vlan20

[SWC—vlan20]vlan30

[SWC—vlan30]vlan40

[SWC—vlan40]quit

[SWC]inte1/0/1

[SWC-Ethernet1/0/1]portlink-typetrunk

[SWC-Ethernet1/0/1]porttrunkpermitvlan10203040

[SWC-Ethernet1/0/1]intEthernetE1/2

[SWC-Ethernet1/0/2]portlink-typetrunk

[SWC-Ethernet1/0/2]porttrunkpermitvlan10203040

[SWC-Ethernet1/0/2]intEthernetE1/3

[SWC-Ethernet1/0/3]portlike-typetrunk

[SWC-Ethernet1/0/3]porttrunkpermitvlan10203040

[SWC-Ethernet1/0/3]quit

[SWC]stpregion-configuration

[SWC-mst-region]region-nameH3C

[SWC-mst-region]instance1vlan1030

[SWC-mst-region]instance2vlan2040

[SWC]stpinstance1rootprimary

[SWC]stpinstance2rootsecondary

[SWC]stpmodemstp

[SWC]stpenable

SWD#vlan10

[SWD—vlan10]vlan20

[SWD—vlan20]vlan30

[SWD—vlan30]vlan40

[SWD—vlan40]quit

[SWD]inte1/0/1

[SWD-Ethernet1/0/1]portlink-typetrunk

[SWD-Ethernet1/0/1]porttrunkpermitvlan10203040

[SWD-Ethernet1/0/1]intEthernetE1/0/2

[SWD-Ethernet1/0/2]portlink-typetrunk

[SWD-Ethernet1/0/2]porttrunkpermitvlan10203040

[SWD-Ethernet1/0/2]intEthernetE1/0/3

[SWD-Ethernet1/0/3]portlike-typetrunk

[SWD-Ethernet1/0/3]porttrunkpermitvlan10203040

[SWD-Ethernet1/0/3]quit

[SWD]stpregion-configuration

[SWD-mst-region]region-nameH3C

[SWD-mst-region]instance1vlan1030

[SWD-mst-region]instance2vlan2040

[SWD]stpinstance2rootprimary

[SWD]stpinstance1rootsecondary

[SWD]stpmodemstp

[SWD]stpenable

SWE#vlan10

[SWE—vlan10]vlan20

[SWE—vlan20]vlan30

[SWE—vlan30]vlan40

[SWE—vlan40]quit

[SWE]inte1/0/1

[SWE-Ethernet1/0/1]portlink-typetrunk

[SWE-Ethernet1/0/1]porttrunkpermitvlan10203040

[SWE-Ethernet1/0/1]intEthernetE1/0/2

[SWE-Ethernet1/0/2]portlink-typetrunk

[SWE-Ethernet1/0/2]porttrunkpermitvlan10203040

[SWE-Ethernet]quit

[SWE]vlan10

[SWE-vlan10]portEthernet1/0/3toEthernet1/0/10

[SWE-Ethernet]quit

[SWE]vlan20

[SWE-vlan20]portEthernet1/0/11toEthernet1/0/20

[SWE-vlan20]quit

[SWE]stpregion-configuration

[SWE-mst-region]region-nameH3C

[SWE-mst-region]instance1vlan1030

[SWE-mst-region]instance2vlan2040

[SWE]stpmodemstp

[SWE]stpenable

SWF#vlan10

[SWF—vlan10]vlan20

[SWF—vlan20]vlan30

[SWF—vlan30]vlan40

[SWF—vlan40]quit

[SWF]inte1/0/1

[SWF-Ethernet1/0/1]portlink-typetrunk

[SWF-Ethernet1/0/1]porttrunkpermitvlan10203040

[SWF-Ethernet1/0/1]intEthernetE1/0/2

[SWF-Ethernet1/0/2]portlink-typetrunk

[SWF-Ethernet1/0/2]porttrunkpermitvlan10203040

[SWF-Ethernet]quit

[SWF]vlan30

[SWF-vlan30]portEthernet1/0/3toEthernet1/0/10

[SWF-Ethernet]quit

[SWF]vlan40

[SWF-vlan40]portEthernet1/0/11toEthernet1/0/20

[SWF-vlan20]quit

[SWF]stpregion-configuration

[SWF-mst-region]region-nameH3C

[SWF-mst-region]instance1vlan1030

[SWF-mst-region]instance2vlan2040

[SWF]stpmodemstp

[SWF]stpenable

-----------------------------DHCP

[SWC]intvlan10

[SWC-Vlan10]ipadd10.0.0.33255.255.255.224

[SWC-Vlan10]quit

[SWC]dhcpenable

[SWC]dhcpserverip-poolh3c

[SWC-dhcp-pool-h3c]network10.0.0.32mask255.255.255.224

[SWC-dhcp-pool-h3c]gateway-list10.0.0.33

[SWC]dhcpserverforbidden-ip10.0.0.33

[SWC]intvlan20

[SWC-Vlan20]ipadd10.0.0.65255.255.255.224

[SWC-Vlan20]quit

[SWC]dhcpenable

[SWC]dhcpserverip-poolh3c

[SWC-dhcp-pool-h3c]network10.0.0.64mask255.255.255.224

[SWC-dhcp-pool-h3c]gateway-list10.0.0.65

[SWC]dhcpserverforbidden-ip10.0.0.65

[SWC]intvlan30

[SWC-Vlan30]ipadd10.0.0.97255.255.255.224

[SWC-Vlan30]quit

[SWC]dhcpenable

[SWC]dhcpserverip-poolh3c

[SWC-dhcp-pool-h3c]network10.0.0.96mask255.255.255.224

[SWC-dhcp-pool-h3c]gateway-list10.0.0.97

[SWC]dhcpserverforbidden-ip10.0.0.97

[SWC]intvlan40

[SWC-Vlan40]ipadd10.0.0.129255.255.255.224

[SWC-Vlan40]quit

[SWC]dhcpenable

[SWC]dhcpserverip-poolh3c

[SWC-dhcp-pool-h3c]network10.0.0.128mask255.255.255.224

[SWC-dhcp-pool-h3c]gateway-list10.0.0.129

[SWC]dhcpserverforbidden-ip10.0.0.129

[SWD]intvlan10

[SWD-Vlan10]ipadd10.0.0.33255.255.255.224

[SWD-Vlan10]quit

[SWD]dhcpenable

[SWD]dhcpserverip-poolh3c

[SWD-dhcp-pool-h3c]network10.0.0.32mask255.255.255.224

[SWD-dhcp-pool-h3c]gateway-list10.0.0.33

[SWD]dhcpserverforbidden-ip10.0.0.33

[SWD]intvlan20

[SWD-Vlan20]ipadd10.0.0.65255.255.255.224

[SWD-Vlan20]quit

[SWD]dhcpenable

[SWD]dhcpserverip-poolh3c

[SWD-dhcp-pool-h3c]network10.0.0.64mask255.255.255.224

[SWD-dhcp-pool-h3c]gateway-list10.0.0.65

[SWD]dhcpserverforbidden-ip10.0.0.65

[SWD]intvlan30

[SWD-Vlan30]ipadd10.0.0.97255.255.255.224

[SWD-Vlan30]quit

[SWD]dhcpenable

[SWD]dhcpserverip-poolh3c

[SWD-dhcp-pool-h3c]network10.0.0.96mask255.255.255.224

[SWD-dhcp-pool-h3c]gateway-list10.0.0.97

[SWD]dhcpserverforbidden-ip10.0.0.97

[SWD]intvlan40

[SWD-Vlan40]ipadd10.0.0.129255.255.255.224

[SWD-Vlan40]quit

[SWD]dhcpenable

[SWD]dhcpserverip-poolh3c

[SWD-dhcp-pool-h3c]network10.0.0.128mask255.255.255.224

[SWD-dhcp-pool-h3c]gateway-list10.0.0.129

[SWD]dhcpserverforbidden-ip10.0.0.129

-------------------------OSPF

[SWC]vlan60

[SWC]vlan50

[SWC]intEthernet1/0/4

[SWC-Ethernet1/0/4]portlink-typetrunk

[SWC-Ethernet1/0/4]porttrunkpermitvlan5060

[SWC-Vlan50]portEthernet1/0/5

[SWC-Vlan50]quit

[SWC]intvlan60

[SWC-vlan60-interface]ipadd10.0.0.5255.255.255.252

[SWC]ospf

[SWC-ospf]area0

[SWC-ospf-area-0.0.0.0]network10.0.0.40.0.0.3

[SWC-ospf-area-0.0.0.0]network10.0.0.320.0.0.31

[SWC-ospf-area-0.0.0.0]network10.0.0.640.0.0.31

[SWC-ospf-area-0.0.0.0]network10.0.0.960.0.0.31

[SWC-ospf-area-0.0.0.0]network10.0.0.1280.0.0.31

[SWC-ospf-area-0.0.0.0]network10.0.0.130.0.0.3

[SWD]vlan80

[SWD-Vlan80]portEthernet1/0/4

[SWD]intvlan80

[SWD-Vlan80-interface]ipadd10.0.0.17255.255.255.252

[SWD-Vlan80-interface]quit

[SWD]ospf

[SWD-ospf]area0

[SWD-ospf-area-0.0.0.0]network10.0.0.160.0.0.3

[SWD-ospf-area-0.0.0.0]network10.0.0.320.0.0.31

[SWD-ospf-area-0.0.0.0]network10.0.0.640.0.0.31

[SWD-ospf-area-0.0.0.0]network10.0.0.960.0.0.31

[SWD-ospf-area-0.0.0.0]network10.0.0.1280.0.0.31

------RA#

[RA]intG0/0

[RA-interfaceG0/0]undoshutdown

[RA-interfaceG0/0]portlink-moderoute

[RA]intG0/0.1

[RA-interfaceG0/0.1]undoshutdown

[RA-interfaceG0/0.1]ipadd10.0.0.13255.255.255.252

[RA-interfaceG0/0.1]vlan-typedot1q..vlan50

[RA-interfaceG0/0.1]intf0/0.2

[RA-interfaceG0/0.2]undoshutdown

[RA-interfaceG0/0.2]ipadd10.0.0.6255.255.255.252

[RA-interfaceG0/0.2]vlan-typedot1q…vlan60

[RA-interfaceG0/1]undoshutdown

[RA-interfaceG0/1]ipadd10.0.0.18255.255.255.252

[RA]intS6/0

[RA-interface-S6/0]undoshutdown

[RA-interface-S6/0]ipadd202.192.168.10255.255.255.0

[RA]iprouter—static0.0.0.00.0.0.0202.192.168.11

[RA]iproute-static192.168.0.0255.255.255.0202.192.168.11

[RA]ospf

[RA-ospf]area0

[RA-SPF-area-0.0.0.0]network10.0.0.160.0.0.3

[RA-ospf-area-0.0.0.0]network10.0.0.40.0.0.31

[RA-ospf-area-0.0.0.0]network10.0.0.120.0.0.31

[RA-ospf-area-0.0.0.0]network202.192.168.00.0.0.255

[RA-ospf]import-routestatic

[RA-ospf]import-routedirect

[RA-ospf]default-route-advertise

[RA]nataddress-group1202.192.168.5202.192.168.10

//配置允许进行NAT转换的内网地址段

aclnumber2000

rule0permitsource10.0.0.00.0.0.255

rule1deny

interfaceS6/0

portlink-moderoute

//在出接口上进行NAT转换

natoutbound2000address-group1

//在出接口上配置内网服务器10.0.0.14的www服务

natserverprotocoltcpglobal202.192.168.5wwwinside10.0.0.14www

natserverprotocoltcpglobal202.192.168.6ftpinside10.0.0.15ftp

[RA]domainsystem//采用本地认证方式

authenticationppplocal

local-userdigitalchina//配置对端用户名和密码

passwordsimpledigitalchina

service-typeppp

interfaceSerial0/0

link-protocolppp

pppauthentication-modechap//配置验证方式为CHAP验证

pppchapuserdigitalchina//配置本端用户名和密码

pppchappasswordsimpledigitalchina

[RA]aclnumber3000

rule0denyicmpsourceanydestination10.0.0.140icmp-typeecho

rule1denyicmpsourceanydestination10.0.0.150icmp-typeecho

rule2permiticmpsourceanydestinationany

[RA]intG0/0.1

[RA-interfaceG0/0.1]packet-filteroutboundip-group3000

[RA]firewallenable

//配置防火墙缺省过滤方式为允许包通过

firewalldefaultpermit

//定义用于包过滤的访问控制的ACL

aclnumber3005

descriptiondeny_souce_ip_www

rule0denytcpsource202.192.168.100destination-porteqftp

rule5permittcpsource202.192.168.100

//对于inbound流量进行过滤

firewallpacket-filter3005inbound

iproute-static0.0.0.00.0.0.0Serial0/0

[RB]intS6/0

[RB-interface-S6/0]undoshutdown

[RB-interface-S6/0]ipadd202.192.168.11255.255.255.0

[RB]interfaceG0/0

ipaddress192.168.0.124

quit

[RB]iproute-static0.0.0.00.0.0.0202.192.168.10

[RB]iproute-static10.0.0.0255.255.255.0202.192.168.10

[RB]domainsystem//采用本地认证方式

authenticationppplocal

local-userdigitalchina//配置对端用户名和密码

passwordsimpledigitalchina

service-typeppp

interfaceSerial0/0

link-protocolppp

pppauthentication-modechap//配置验证方式为CHAP验证

pppchapuserdigitalchina//配置本端用户名和密码

pppchappasswordsimpledigitalchina

展开阅读全文