前提的基础知识:两台PC能互相ping通的前提
-
第一种情况没有划分子网
只需要两台PC的IP地址在同一网段,网关不需要输入,两台PC也能通信
-
第二种情况划分了子网
划分了子网,子网掩码变了,必须设置网关,且网关地址跟划分了几个子网有关系,设置完网关,配置交换机的vlanif地址,两台pc就能通信
-
划分了子网:
需要根据划分了几个网段来选择网关
即网关地址范围是:
例如:划分了4个子网,第一个子网连着一台pc,则这个pc的网关地址在第一个子网范围内,任意的一个IP地址;若超出这个范围,则两台pc不能通信
例如:子网掩码:255.255.255.192
划分了2的2次方=4个子网,主机数是:2的6次方-2=62台
【总结】:
划分了四个子网,每个子网62台主机,注意.1和广播地址不能作为网关使用
第一个字网范围:1~62 65是广播地址
第二个子网范围:64~126 127是广播地址
第三个子网范围:129~190 128网络地址
第四个子网范围:193~254 192网络地址
26位网络号,下表中“网络地址”是不能划分到子网中去的 | ||
网络地址 | 可用IP地址范围 | 广播地址 |
.0 | .1~.62 | .63 |
.64 | .65~.126 | .127 |
.128 | .129~190 | .191 |
.192 | .193~.254 | .255 |
题目要求:
1.绘制网络拓扑结构图
在 eNSP 模拟器中,按照样图绘制网络拓扑结构图,不需要添加注释(绿色 背景部分)。其中路由器使用 Router 设备,交换机使用 S5700 设备,终端使用
PC 设备
(1)按照下表中的要求在交换机中完成 VLAN 的配置。
设备 | VLAN 编号 | 端口 |
---|---|---|
SW3A | 20 | G0/0/1 |
100 | G0/0/2~G0/0/5 | |
200 | G0/0/6~G0/0/10 | |
SW3B | 30 | G0/0/1 |
300 | G0/0/2~G0/0/5 | |
400 | G0/0/6~G0/0/8 |
(2)按照样图中给出的网络地址配置所有设备接口及 VLAN 的 IP 地址。
(3)使用三层交换机实现 VLAN 间的三层通信。
(4)使用动态路由协议 RIP 或 OSPF 配置实现全网连通。
(5)在交换机 LSW1 上使用 ACL 禁止 vlan100 到 vlan300 的连通。
代码:
SW3A:
基础配置:
[SW3A]vlan batch 20 100 200
[SW3A]port-group 1
[SW3A-port-group-1]group-member g0/0/2 to g0/0/5
[SW3A-port-group-1]port link-type access
[SW3A-GigabitEthernet0/0/2]port link-type access
[SW3A-GigabitEthernet0/0/3]port link-type access
[SW3A-GigabitEthernet0/0/4]port link-type access
[SW3A-GigabitEthernet0/0/5]port link-type access
[SW3A-port-group-1]port default vlan 100
[SW3A-GigabitEthernet0/0/2]port default vlan 100
[SW3A-GigabitEthernet0/0/3]port default vlan 100
[SW3A-GigabitEthernet0/0/4]port default vlan 100
[SW3A-GigabitEthernet0/0/5]port default vlan 100
[SW3A]port-group 2
[SW3A-port-group-2]group-member g0/0/6 to g0/0/10
[SW3A-port-group-2]port link-type access
[SW3A-GigabitEthernet0/0/6]port link-type access
[SW3A-GigabitEthernet0/0/7]port link-type access
[SW3A-GigabitEthernet0/0/8]port link-type access
[SW3A-GigabitEthernet0/0/9]port link-type access
[SW3A-GigabitEthernet0/0/10]port link-type access
[SW3A-port-group-2]port default vlan 200
[SW3A-GigabitEthernet0/0/6]port default vlan 200
[SW3A-GigabitEthernet0/0/7]port default vlan 200
[SW3A-GigabitEthernet0/0/8]port default vlan 200
[SW3A-GigabitEthernet0/0/9]port default vlan 200
[SW3A-GigabitEthernet0/0/10]port default vlan 200
[SW3A]int g0/0/1
[SW3A-GigabitEthernet0/0/1]port link-type trunk
[SW3A-GigabitEthernet0/0/1]port trunk allow-pass vlan all
配置vlan if地址:【先划分子网】!!!!!!!!!!!!!!!!!!!!!!
[SW3A]int vlanif100
[SW3A-Vlanif100]ip ad 192.168.2.2 26
[SW3A]int vlanif200
[SW3A-Vlanif200]ip ad 192.168.2.66 26
[SW3A]int vlanif20
[SW3A-Vlanif20]ip ad 192.168.1.5 30
在SW3A上配置RIP,实现全网互通:
[SW3A]rip
[SW3A-rip-1]version 2
[SW3A-rip-1]network 192.168.1.0 //通告直连网段
[SW3A-rip-1]network 192.168.2.0 //通告直连网段
用display ip routing-table 查看RIP的配置是否成功:
[SW3A]display ip routing-table
目的地址/掩码 协议 优先级 花费 标志 下一跳 接口
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/30 RIP 100 1 D 192.168.1.6 Vlanif20
192.168.1.4/30 Direct 0 0 D 192.168.1.5 Vlanif20
192.168.1.5/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.1.8/30 RIP 100 2 D 192.168.1.6 Vlanif20
192.168.2.0/26 Direct 0 0 D 192.168.2.2 Vlanif100
192.168.2.2/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.168.2.64/26 Direct 0 0 D 192.168.2.66 Vlanif200
192.168.2.66/32 Direct 0 0 D 127.0.0.1 Vlanif200
192.168.2.128/26 RIP 100 3 D 192.168.1.6 Vlanif20 //非直连网段自动学习到了RIP
192.168.2.192/26 RIP 100 3 D 192.168.1.6 Vlanif20 //非直连网段自动学习到了RIP
在SW3A的g0/0/1应用acl实现pc1禁止访问pc3:
[SW3A]acl 2000
[SW3A-acl-basic-2000]rule 5 den
[SW3A-acl-basic-2000]rule 5 deny s
[SW3A-acl-basic-2000]rule 5 deny source 192.168.2.1 0.0.0.63 //禁止pc1访问pc3
[SW3A]int g0/0/1
[SW3A-GigabitEthernet0/0/1]traffic-filter outbound acl 2000 //将acl应用到接口上
用display acl all,查看acl的配置情况:
[SW3A]dis acl all
Total nonempty ACL number is 1
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 deny source 192.168.2.0 0.0.0.63
Advanced ACL 3000, 0 rule
Acl's step is 5
SW3B:
基础配置:
[SW3B]vlan batch 30 300 400
[SW3B]port-group 1
[SW3B-port-group-1]group-member g0/0/2 to g0/0/5
[SW3B-port-group-1]port link-type access
[SW3B-GigabitEthernet0/0/2]port link-type access
[SW3B-GigabitEthernet0/0/3]port link-type access
[SW3B-GigabitEthernet0/0/4]port link-type access
[SW3B-GigabitEthernet0/0/5]port link-type access
[SW3B-port-group-1]port default vlan 300
[SW3B-GigabitEthernet0/0/2]port default vlan 300
[SW3B-GigabitEthernet0/0/3]port default vlan 300
[SW3B-GigabitEthernet0/0/4]port default vlan 300
[SW3B-GigabitEthernet0/0/5]port default vlan 300
[SW3B]port-group 2
[SW3B-port-group-2]group-member g0/0/6 to g0/0/10
[SW3B-port-group-2]port link-type access
[SW3B-GigabitEthernet0/0/6]port link-type access
[SW3B-GigabitEthernet0/0/7]port link-type access
[SW3B-GigabitEthernet0/0/8]port link-type access
[SW3B-GigabitEthernet0/0/9]port link-type access
[SW3B-GigabitEthernet0/0/10]port link-type access
[SW3B-port-group-2]port default vlan 400
[SW3B-GigabitEthernet0/0/6]port default vlan 400
[SW3B-GigabitEthernet0/0/7]port default vlan 400
[SW3B-GigabitEthernet0/0/8]port default vlan 400
[SW3B-GigabitEthernet0/0/9]port default vlan 400
[SW3B-GigabitEthernet0/0/10]port default vlan 400
[SW3B]int g0/0/1
[SW3B-GigabitEthernet0/0/1]port link-type trunk
[SW3B-GigabitEthernet0/0/1]port trunk allow-pass vlan all
配置vlan if地址:【先划分子网】!!!!!!!!!!!!!!!!!!!!!!
[SW3B]int vlanif300
[SW3B-Vlanif300]ip ad 192.168.2.130 26
[SW3B]int vlanif400
[SW3B-Vlanif400]ip ad 192.168.2.194 26
[SW3B]int vlanif30
[SW3B-Vlanif30]ip ad 192.168.1.10 30
在SW3B上配置RIP,实现全网互通:
[SW3B]rip
[SW3B-rip-1]version 2
[SW3B-rip-1]network 192.168.1.0 //通告直连网段
[SW3B-rip-1]network 192.168.2.0 //通告直连网段
用display ip routing-table 查看RIP的配置是否成功:
[SW3B]display ip routing-table
目的地址/掩码 协议 优先级 花费 标志 下一跳 接口
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/30 RIP 100 1 D 192.168.1.9 Vlanif30 //非直连网段自动学习到了RIP
192.168.1.4/30 RIP 100 2 D 192.168.1.9 Vlanif30 //非直连网段自动学习到了RIP
192.168.1.8/30 Direct 0 0 D 192.168.1.10 Vlanif30
192.168.1.10/32 Direct 0 0 D 127.0.0.1 Vlanif30
192.168.2.0/26 RIP 100 3 D 192.168.1.9 Vlanif30 //非直连网段自动学习到了RIP
192.168.2.64/26 RIP 100 3 D 192.168.1.9 Vlanif30 //非直连网段自动学习到了RIP
192.168.2.128/26 Direct 0 0 D 192.168.2.130 Vlanif300
192.168.2.130/32 Direct 0 0 D 127.0.0.1 Vlanif300
192.168.2.192/26 Direct 0 0 D 192.168.2.194 Vlanif400
192.168.2.194/32 Direct 0 0 D 127.0.0.1 Vlanif400
RA:
基本配置:
[RA]int g0/0/0
[RA-GigabitEthernet0/0/0]ip ad 192.168.1.1 30
[RA]int g0/0/1
[RA-GigabitEthernet0/0/1]ip ad 192.168.1.6 30
在RA上配置RIP,实现全网互通:
[RA]rip
[RA-rip-1]version 2
[RA-rip-1]network 192.168.1.0 //通告直连网段
用display ip routing-table 查看RIP的配置是否成功:
RA-rip-1]display ip routing-table
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/30 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.4/30 Direct 0 0 D 192.168.1.6 GigabitEthernet
0/0/1
192.168.1.6/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.0/26 RIP 100 1 D 192.168.1.5 GigabitEthernet //非直连网段自动学习到了RIP
0/0/1
192.168.2.64/26 RIP 100 1 D 192.168.1.5 GigabitEthernet //非直连网段自动学习到了RIP
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
RB:
基本配置: [RB]int g0/0/0
[RB-GigabitEthernet0/0/0]ip ad 192.168.1.2 30
[RB]int g0/0/1
[RB-GigabitEthernet0/0/1]ip ad 192.168.1.9 30
在RB上配置RIP,实现全网互通:
[RB]rip
[RB-rip-1]version 2
[RB-rip-1]network 192.168.1.0 //通告直连网段
用display ip routing-table 查看RIP的配置是否成功:
[RB]display ip routing-table
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/30 Direct 0 0 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.4/30 RIP 100 1 D 192.168.1.1 GigabitEthernet //非直连网段自动学习到了RIP
0/0/0
192.168.1.8/30 Direct 0 0 D 192.168.1.9 GigabitEthernet
0/0/1
192.168.1.9/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.0/26 RIP 100 2 D 192.168.1.1 GigabitEthernet //非直连网段自动学习到了RIP
0/0/0
192.168.2.64/26 RIP 100 2 D 192.168.1.1 GigabitEthernet //非直连网段自动学习到了RIP
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0