网络自测试
项目:小试牛刀
完成以下测试
#######完成训练################################################
要求:
1 相同VLAN之间要互通,不同VLAN之间也要互通;
2 蓝色(深蓝 上边)背景区域为外网,青色(淡蓝,下边)背景区域为内网;
3 外网使用HSRP配置加浮动路由,内网自己规划;
4 各VLAN使用的地址段:*.0,其中的*号为VLAN号码;
5 各VLAN的网关地址为*.254,如果是使用HSRP,网关为*.250;
6 各VLAN的根交换机要求:
Core-1:VLAN/10.20的根;
Core-2:VLAN60的根;
Core-3:VLAN30.40的根
Core-4:VLAN50的根
6 各VLAN的主网关:
Core-1:VLAN10.20的网关;
Core-2:VLAN60的网关;
Core-3:VLAN30.40的网关;
Core-4:VLAN50的网关。
7 有两条链路 配制成以太网通道。
8 各终端使用DHCP服务器自动配置IP。
9 服务器的IP手动配置为192.168.50.253/24和192.168.50.254/24 #没错你没看错~
10 实现在家(外网11.11.11.11/24)做饭的IT男用自己的苹~果~笔记本 telnet 远程控制内网核心交换机Core-1
11 外网不能ping通 内网
内网通公网 IP 100.10.10.1/24
确定划分vlan IP为192.168.*.0/24
帮助命令
debug ip icmp #危险操作仅限测试用,现实网络慎敲
undebug ip icmp #解除上面的命令
show cdp neighbors #查看直连端口信息
reload #重启
write #保存配置
erase startup-config #删除保存的配置
配置思路:
1配置终端主机
2 交换网络互通
3 路由网络互通
4 内外网互通
详细操作:
0.准备
enable
configure terminal
no ip domain lookup #关闭主机查询
#password secret cisco #特权密码
#line vty 0 4
#password CCIE #or# no login #远程密码
#exit
hostname Building- #命名
hostname Core-
1.
所有配置
Core1 - 4 X 4
enable
configure terminal
no ip domain lookup
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50
vlan 60
hostname Core-
SW-Building X 5
enable
configure terminal
no ip domain lookup
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50
vlan 60
hostname Building-
3.
PC终端加入对应VLAN
B1
interface fastEthernet 0/3
switchport mode access
switchport access vlan 10
interface fastEthernet 0/4
switchport mode access
switchport access vlan 20
B2
interface fastEthernet 0/3
switchport mode access
switchport access vlan 10
interface fastEthernet 0/4
switchport mode access
switchport access vlan 30
B3
interface fastEthernet 0/3
switchport mode access
switchport access vlan 40
interface fastEthernet 0/4
switchport mode access
switchport access vlan 20
B4
interface fastEthernet 0/3
switchport mode access
switchport access vlan 10
interface fastEthernet 0/4
switchport mode access
switchport access vlan 40
B5
interface fastEthernet 0/3
switchport mode access
switchport access vlan 30
interface fastEthernet 0/4
switchport mode access
switchport access vlan 20
SERVER
enable
configure terminal
interface range fastEthernet 0/4 - 5
switchport mode access
switchport access vlan 50
DHCP
enable
configure terminal
interface fastEthernet 0/3
switchport mode access
switchport access vlan 60
4.
设置根交换
C1
spanning-tree vlan 10 root primary
spanning-tree vlan 20 root primary
C2
spanning-tree vlan 60 root primary
C3
spanning-tree vlan 30 root primary
spanning-tree vlan 40 root primary
C4
spanning-tree vlan 50 root primary
5.
建立Ether-channel链路及Trunk链路
C1
enable
configure terminal
interface range fastEthernet 0/1 - 8
switchport trunk encapsulation dot1q
switchport mode trunk
C2
enable
configure terminal
interface range fastEthernet 0/1 - 5
switchport trunk encapsulation dot1q
switchport mode trunk
C3
enable
configure terminal
interface range fastEthernet 0/1 - 8
switchport trunk encapsulation dot1q
switchport mode trunk
C4
enable
configure terminal
interface range fastEthernet 0/1 - 4
switchport trunk encapsulation dot1q
switchport mode trunk
interface range fastEthernet 0/5 - 6
channel-group 1 mode on
exit
interface port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
exit
SW-DHCP
enable
configure terminal
interface range fastethernet 0/1 - 2
switchport mode trunk
SW-SERVER
enable
configure terminal
interface fastEthernet 0/1
switchport mode trunk
interface range fastEthernet 0/2 - 3
channel-group 1 mode on
exit
interface port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
exit
6.
建立各 vlan 间的互联
C1
enable
configure terminal
ip routing
interface vlan 10
ip address 192.168.10.251 255.255.255.0
standby 1 ip 192.168.10.250
standby 1 preempt
standby 1 priority 105 #(200)
interface vlan 20
ip address 192.168.20.251 255.255.255.0
standby 2 ip 192.168.20.250
standby 2 preempt
standby 2 priority 105 #(200)
interface vlan 30
ip address 192.168.30.251 255.255.255.0
standby 3 ip 192.168.30.250
standby 3 preempt
interface vlan 40
ip address 192.168.40.251 255.255.255.0
standby 4 ip 192.168.40.250
standby 4 preempt
interface vlan 50
ip address 192.168.50.251 255.255.255.0
interface vlan 60
ip address 192.168.60.251 255.255.255.0
C2
enable
configure terminal
ip routing
interface vlan 10
ip address 192.168.10.252 255.255.255.0
interface vlan 20
ip address 192.168.20.252 255.255.255.0
interface vlan 30
ip address 192.168.30.252 255.255.255.0
interface vlan 40
ip address 192.168.40.252 255.255.255.0
interface vlan 50
ip address 192.168.50.252 255.255.255.0
standby 5 ip 192.168.50.250
standby 5 preempt
interface vlan 60
ip address 192.168.60.252 255.255.255.0
standby 6 ip 192.168.60.250
standby 6 preempt
standby 6 priority 105 #(200)
C3
enable
configure terminal
ip routing
interface vlan 10
ip address 192.168.10.253 255.255.255.0
standby 1 ip 192.168.10.250
standby 1 preempt
interface vlan 20
ip address 192.168.20.253 255.255.255.0
standby 2 ip 192.168.20.250
standby 2 preempt
interface vlan 30
ip address 192.168.30.253 255.255.255.0
standby 3 ip 192.168.30.250
standby 3 preempt
standby 3 priority 105 #(200)
interface vlan 40
ip address 192.168.40.253 255.255.255.0
standby 4 ip 192.168.40.250
standby 4 preempt
standby 4 priority 105 #(200)
interface vlan 50
ip address 192.168.50.253 255.255.255.0
interface vlan 60
ip address 192.168.60.253 255.255.255.0
C4
enable
configure terminal
ip routing
interface vlan 10
ip address 192.168.10.254 255.255.255.0
interface vlan 20
ip address 192.168.20.254 255.255.255.0
interface vlan 30
ip address 192.168.30.254 255.255.255.0
interface vlan 40
ip address 192.168.40.254 255.255.255.0
interface vlan 50
ip address 192.168.50.254 255.255.255.0
standby 5 ip 192.168.50.250
standby 5 preempt
standby 5 priority 105 #(200)
interface vlan 60
ip address 192.168.60.254 255.255.255.0
standby 6 ip 192.168.60.250
standby 6 preempt
7.
配置DHCP中继
C2
enable
configure terminal
interface vlan 10
ip helper-address 192.168.60.1
interface vlan 20
ip helper-address 192.168.60.1
interface vlan 30
ip helper-address 192.168.60.1
interface vlan 40
ip helper-address 192.168.60.1
C4
enable
configure terminal
interface vlan 10
ip helper-address 192.168.60.1
interface vlan 20
ip helper-address 192.168.60.1
interface vlan 30
ip helper-address 192.168.60.1
interface vlan 40
ip helper-address 192.168.60.1
SERVER
192.168.50.253 255.255.255.0 192.168.50.250 # ~
192.168.50.254 255.255.255.0 192.168.50.250 # 嗯哼~
8.
配置内网路由器
C1
enable
configure terminal
interface fastethernet 0/9
no switchport
no shutdown
ip address 192.168.100.2 255.255.255.0
end
show ip interface brief
C2
enable
configure terminal
interface fastethernet 0/6
no switchport
no shutdown
ip address 192.168.200.2 255.255.255.0
end
show ip interface brief
NR1
enable
configure terminal
no ip domain lookup
hostname NR1
interface gig 0/0
no shutdown
ip address 192.168.100.1 255.255.255.0
interface gig 0/1
no shutdown
ip address 192.168.200.1 255.255.255.0
interface gig 0/2
no shutdown
ip address 100.10.10.1 255.255.255.0
end
show ip interface brief
9.
配置DHCP服务器
DHCPServer
enable
configure terminal
hostname DHCPServer
no ip domain lookup
service dhcp
ip route 0.0.0.0 0.0.0.0 192.168.60.250 ##or## ip default-gateway 192.168.60.250
interface gigabitEthernet 0/0
no shutdown
ip address 192.168.60.1 255.255.255.0
exit
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.250
dns-server 10.10.10.10
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.250
dns-server 20.20.20.20
ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.250
dns-server 30.30.30.30
ip dhcp pool VLAN40
network 192.168.40.0 255.255.255.0
default-router 192.168.40.250
dns-server 40.40.40.40
exit
ip dhcp excluded-address 192.168.10.250 192.168.10.254 #排除服务器地址
ip dhcp excluded-address 192.168.20.250 192.168.20.254 #排除服务器地址
ip dhcp excluded-address 192.168.30.250 192.168.30.254 #排除服务器地址
ip dhcp excluded-address 192.168.40.250 192.168.40.254 #排除服务器地址
10.
开启动态路由
C1
enable
configure terminal
router rip
version 2
no auto-summary
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
network 192.168.60.0
network 192.168.100.0
end
show ip route
C2
enable
configure terminal
router rip
version 2
no auto-summary
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
network 192.168.60.0
network 192.168.200.0
end
show ip route
C3
enable
configure terminal
router rip
version 2
no auto-summary
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
network 192.168.60.0
end
show ip route
C4
enable
configure terminal
router rip
version 2
no auto-summary
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.40.0
network 192.168.50.0
network 192.168.60.0
end
show ip route
NR1
enable
configure terminal
ip route 0.0.0.0 0.0.0.0 100.10.10.2
router rip
version 2
no auto-summary
network 192.168.100.0
network 192.168.200.0
redistribute static
end
show ip route
donfigure terminal
interface range GigabitEthernet0/0 - 1 ##PAT
ip nat inside ##PAT
interface GigabitEthernet0/2 ##PAT
ip nat outside ##PAT
access-list 1 permit 192.168.0.0 0.0.255.255 ##PAT
ip nat inside source list 1 interface gigabitEthernet 0/2 ##PAT
end
show ip nat statistics #查看NAT配置信息
show ip nat translation #查看NAT转换表条目内容
11.
外网
WR1
enable
configure terminal
no ip domain lookup
hostname WR1
interface gig 0/0
no shutdown
ip address 100.10.10.2 255.255.255.0
interface gig 0/1
no shutdown
ip address 12.1.1.1 255.255.255.0
interface gig 0/2
no shutdown
ip address 13.1.1.1 255.255.255.0
end
show ip interface brief
WR2
enable
configure terminal
no ip domain lookup
hostname WR2
interface gig 0/0
no shutdown
ip address 12.1.1.2 255.255.255.0
interface gig 0/1
no shutdown
ip address 11.11.11.253 255.255.255.0
standby 1 ip 11.11.11.250
standby 1 preempt
standby 1 priority 105 #(200)
standby 1 track gigabitEthernet 0/0 #standby 1 track gigabitEthernet 0/0 [ priority 150 ] #如gi0/0故障则本机优先级降150
end
show ip interface brief
show standby
WR3
enable
configure terminal
no ip domain lookup
hostname WR3
interface gig 0/0
no shutdown
ip address 13.1.1.2 255.255.255.0
interface gig 0/1
no shutdown
ip address 11.11.11.254 255.255.255.0
standby 1 ip 11.11.11.250
standby 1 preempt
end
show ip interface brief
show standby
12.
外网路由
WR1
enable
configure terminal
ip route 0.0.0.0 0.0.0.0 100.10.10.1
ip route 11.11.11.0 255.255.255.0 12.1.1.2 ##浮动静态路由
ip route 11.11.11.0 255.255.255.0 13.1.1.2 88 ##浮动静态路由
router rip
version 2
no auto-summary
network 12.11.11.0
network 13.11.11.0
redistribute static
end
show ip route
WR2
enable
configure terminal
router rip
version 2
no auto-summary
network 11.11.11.0
network 12.11.11.0
end
show ip route
WR3
enable
configure terminal
router rip
version 2
no auto-summary
network 11.11.11.0
network 13.11.11.0
end
show ip route
#########################################################################
实现在家(外网11.11.11.11/24) telnet 远程核心交换机Core-1
NR1
enable
configure terminal
ip nat inside source static tcp 192.168.100.2 23 100.10.10.1 8888 #NAT
exit
ip access-list extended Denyicmp #创建ACL 外网不能ping通 内网
deny icmp any any
permit ip any any
interface gig0/2
ip access-group Denyicmp in #调用ACL
end
show ip access-list #查看ACL信息
show ip interface gig0/2 #查看ACL配置信息
C1
enable
configure terminal
enable secret cisco
line vty 0 4
password teacherxu
优化
STP优化
所有连接PC终端的交换机接口下
B1
spanning-tree interface fastethernet 0/3 portfast ##连接 状态直接变为转发
spanning-tree interface fastethernet 0/4 portfast
其 他-------------------------------> 略~~~
针对trunk链路优化主备快速切换
在blocking交换机上添加命令
enable
configure terminal
spanning-tree uplinkfast ##优先级必须是32768 默认值
end
show spanning-tree summary
转载于:https://blog.51cto.com/45545613/1976611
扫一扫
2011
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
