很多的网友,现在已经掌握或者了解Cisco 路由,交换技术。平时也可能做了比较多的分解实验,但是从NA到NP以及到IE,发现自己的水平见长的不快,很多的知识点学完过一段就忘了,知识点关联不起来。这时可想办法,搭建综合实验环境,模拟真实网络的故障,锻炼自己的排错能力,以快速把所学的知识点联系起来。
实际上本实验也是真实的项目案例,在实验环境下,完全模拟出来,这仅仅不是一次综合实验!
近日刚讲完NA的课程,给学生们留一个NA综合实验,今天也发布到网上,希望那些想学的新手,好好练习一下。
如下,综合实验拓扑和实验要求
本篇博文发表于5月30日,当时我只留了需求,目的是让更多的网友参与其中,自行搭建拓扑环境来模拟此案例。截止6月1日,有很多朋友参与了讨论。特别是网友“拿贝马凡”,能把自己的实验过程,贴到评论区和大家相互交流,很欣赏该网友的学习精神。加油,你一定会成功的。
如今,现在提供完整的解法。欢迎大家来讨论。
为了让很多的网友学习这个实验,我在实验过程使用了路由器来模拟PC,如需要关闭路由功能,并指定PC的网关地址,PC的网关地址实际上就是对应的子接口的IP地址。
------------------------- PC1---------------------------------
PC1(config)#no ip routing
PC1(config)#int f0/0
PC1(config-if)#ip add 192.168.1.10 255.255.255.0
PC1(config-if)#no sh
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.1.254
PC1(config)#end
PC1#
---------------------------PC2------------------------------
Router(config-line)#host PC2
PC2(config)#no ip routing
PC2(config)#ip default-gateway 192.168.2.254
PC2(config)#int f0/0
PC2(config-if)#ip add 192.168.2.10 255.255.255.0
PC2(config-if)#no sh
--------------------------Sw1----------------------------------
PC1(config)#int f0/0
PC1(config-if)#ip add 192.168.1.10 255.255.255.0
PC1(config-if)#no sh
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.1.254
PC1(config)#end
PC1#
---------------------------PC2------------------------------
Router(config-line)#host PC2
PC2(config)#no ip routing
PC2(config)#ip default-gateway 192.168.2.254
PC2(config)#int f0/0
PC2(config-if)#ip add 192.168.2.10 255.255.255.0
PC2(config-if)#no sh
--------------------------Sw1----------------------------------
Sw1#conf t
Sw1(config)#int f0/2
Sw1(config-if)#switchport trunk encapsulation dot1q
Sw1(config-if)#switchport mode trunk
Sw1#vlan database
Sw1(vlan)#vlan 10 name caiwubo
VLAN 10 added:
Name: xiaoshoubo
Sw1(vlan)#vlan 20 name xiaoshoubo
VLAN 20 added:
Name: renshibo
Sw1(vlan)#exit
APPLY completed.
Exiting....
Sw1#conf t
Sw1(config)#int f0/2
Sw1(config-if)#switchport trunk encapsulation dot1q
Sw1(config-if)#switchport mode trunk
Sw1#vlan database
Sw1(vlan)#vlan 10 name caiwubo
VLAN 10 added:
Name: xiaoshoubo
Sw1(vlan)#vlan 20 name xiaoshoubo
VLAN 20 added:
Name: renshibo
Sw1(vlan)#exit
APPLY completed.
Exiting....
Sw1#conf t
Sw1(config)#int f0/0
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 10
Sw1(config-if)#spanning-tree portfast
Sw1(config-if)#int f0/1
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 20
Sw1(config-if)#spanning-tree portfast
Sw1(config-if)#end
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 10
Sw1(config-if)#spanning-tree portfast
Sw1(config-if)#int f0/1
Sw1(config-if)#switchport mode access
Sw1(config-if)#switchport access vlan 20
Sw1(config-if)#spanning-tree portfast
Sw1(config-if)#end
Sw1#sh vlan-s
VLAN Name Status Ports
---- -------------------------------- --------- ---
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15
10 xiaoshoubo active Fa0/0
20 renshibo active Fa0/1
---- -------------------------------- --------- ---
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15
10 xiaoshoubo active Fa0/0
20 renshibo active Fa0/1
------------------------------R2------------------------------
Router(config-line)#host R2
R2(config)#int e0/0
R2(config-if)#ip add 200.1.1.1 255.255.255.0
R2(config-if)#duplex full
R2(config-if)#no sh
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#int e0/2
R2(config-if)#duplex full
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#int e0/2.10
R2(config-subif)#encapsulation dot1q 10
R2(config-subif)#ip add 192.168.1.254 255.255.255.0
R2(config-subif)#ip nat inside
R2(config-subif)#ip access-group 150 in
R2(config-subif)#exit
R2(config)#int e0/2.20
R2(config-subif)#encapsulation dot1q 20
R2(config-subif)#ip add 192.168.2.254 255.255.255.0
R2(config-subif)#ip nat inside
R2(config-subif)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.3
R2(config)#int e0/0
R2(config-if)#ip add 200.1.1.1 255.255.255.0
R2(config-if)#duplex full
R2(config-if)#no sh
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#int e0/2
R2(config-if)#duplex full
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#int e0/2.10
R2(config-subif)#encapsulation dot1q 10
R2(config-subif)#ip add 192.168.1.254 255.255.255.0
R2(config-subif)#ip nat inside
R2(config-subif)#ip access-group 150 in
R2(config-subif)#exit
R2(config)#int e0/2.20
R2(config-subif)#encapsulation dot1q 20
R2(config-subif)#ip add 192.168.2.254 255.255.255.0
R2(config-subif)#ip nat inside
R2(config-subif)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.3
//定义需要NAT转换的流量,列表为100
R2(config)#acc 100 permit ip 192.168.1.0 0.0.0.255 any
R2(config)#acc 100 permit ip 192.168.2.0 0.0.0.255 any
R2(config)#ip nat inside source list 100 int e0/0 overload
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 192.168.1.254
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.254
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 200.1.1.1
R2(config)#acc 150 permit ip any any
R2(config)#acc 100 permit ip 192.168.1.0 0.0.0.255 any
R2(config)#acc 100 permit ip 192.168.2.0 0.0.0.255 any
R2(config)#ip nat inside source list 100 int e0/0 overload
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 192.168.1.254
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.254
R2(config)#acc 150 deny tcp 192.168.1.0 0.0.0.255 host 200.1.1.1
R2(config)#acc 150 permit ip any any
R2(config)#line vty 0 4
R2(config-line)#password P@ssw0rd
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret P@ssw0rd
------------------------------R3--------------------------------
R3#conf t
R3(config)#int e0/0
R3(config-if)#ip add 200.1.1.3 255.255.255.0
R3(config-if)#duplex full
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#ip http server
R3(config)#line vty 0 4
R3(config-line)#no login
R3(config-line)#privilege level 15
R3(config-line)#exit
R3(config)#int lo0
R3(config-if)#ip add 222.222.222.222 255.255.255.0
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.1
R2(config-line)#password P@ssw0rd
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret P@ssw0rd
------------------------------R3--------------------------------
R3#conf t
R3(config)#int e0/0
R3(config-if)#ip add 200.1.1.3 255.255.255.0
R3(config-if)#duplex full
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#ip http server
R3(config)#line vty 0 4
R3(config-line)#no login
R3(config-line)#privilege level 15
R3(config-line)#exit
R3(config)#int lo0
R3(config-if)#ip add 222.222.222.222 255.255.255.0
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.1
--------------------PC1上测试telnet到R2的结果--------------
PC1#telnet 200.1.1.1
Trying 200.1.1.1 ...
% Destination unreachable; gateway or host down
PC1#telnet 200.1.1.1
Trying 200.1.1.1 ...
% Destination unreachable; gateway or host down
PC1#telnet 192.168.2.254
Trying 192.168.2.254 ...
% Destination unreachable; gateway or host down
Trying 192.168.2.254 ...
% Destination unreachable; gateway or host down
PC1#telnet 192.168.1.254
Trying 192.168.1.254 ...
% Destination unreachable; gateway or host down
Trying 192.168.1.254 ...
% Destination unreachable; gateway or host down
----------------------PC2上测试Telnet 到R2的结果--------
PC2#telnet 192.168.1.254
Trying 192.168.1.254 ... Open
Trying 192.168.1.254 ... Open
User Access Verification
Password:
PC2#telnet 192.168.2.254
Trying 192.168.2.254 ... Open
PC2#telnet 192.168.2.254
Trying 192.168.2.254 ... Open
User Access Verification
Password:
PC2#telnet 200.1.1.1
Trying 200.1.1.1 ... Open
PC2#telnet 200.1.1.1
Trying 200.1.1.1 ... Open
User Access Verification
Password:
PC2#
PC2#
PC1#telnet 222.222.222.222
Trying 222.222.222.222 ... Open
Trying 222.222.222.222 ... Open
R3#sh users
Line User Host(s) Idle Location
0 con 0 idle 00:08:38
*130 vty 0 idle 00:00:00 200.1.1.1
Line User Host(s) Idle Location
0 con 0 idle 00:08:38
*130 vty 0 idle 00:00:00 200.1.1.1
Interface User Mode Idle Peer Address
R3#
当PC2能成功telnet到222.222.222.222,会在R2触发ACL100,进行NAT转换
当 192.168.2.10去telnet 222.222.222.222
被转换为200.1.1.1去telnet 222.222.222.222
R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 200.1.1.1:11007 192.168.1.10:11007 222.222.222.222:23 222.222.222.222:23
tcp 200.1.1.1:11005 192.168.2.10:11005 222.222.222.222:23 222.222.222.222:23
R2#
当 192.168.2.10去telnet 222.222.222.222
被转换为200.1.1.1去telnet 222.222.222.222
R2#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 200.1.1.1:11007 192.168.1.10:11007 222.222.222.222:23 222.222.222.222:23
tcp 200.1.1.1:11005 192.168.2.10:11005 222.222.222.222:23 222.222.222.222:23
R2#
转载于:https://blog.51cto.com/hackerjx/323790
180
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
