见习网工之综合实验

---

需求一：信息中心配置Eth-trunk实现链路冗余
SW1：

interface Eth-Trunk1
mode lacp-static
least active-linknumber 1
trunkport GigabitEthernet 0/0/2 0/0/5

SW8:

interface Eth-Trunk1
mode lacp-static
least active-linknumber 1
trunkport GigabitEthernet 0/0/1 0/0/2

---

需求二：企业内网划分多个vlan ，减小广播域大小，提高网络稳定性
SW1:

vlan batch 10 20 30 40 200 800
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet 0/0/24
port link-type access
port default vlan 800
port-group group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/3 GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan all

SW2:

vlan batch 10 20
port-group group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/2 GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan all

SW3:
vlan batch 30
port-group group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all

SW4:

vlan batch 40
port-group group-member GigabitEthernet 0/0/1 GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan all

SW5:
vlan batch 10
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
port-group group-member Ethernet 0/0/2 Ethernet 0/0/3
port link-type access
port default vlan 10

SW6:

vlan batch 20
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet 0/0/1
port link-type access
port default vlan 20

SW7:
vlan batch 30
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
port-group group-member Ethernet 0/0/1 Ethernet 0/0/2
port link-type access
port default vlan 30

SW8:
vlan batch 200
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan all
port-group group-member Ethernet 0/0/2 Ethernet 0/0/3
port link-type access
port default vlan 200

SW9:
vlan batch 40
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface Ethernet 0/0/2
port link-type access
port default vlan 40

---

需求三：核心交换机作为用户网关实现vlan间路由

SW1:
vlan batch 10 20 30 40 200 800
interface Vlanif 10
ip address 192.168.10.1 24
interface Vlanif 20
ip address 192.168.20.1 24
interface Vlanif 30
ip address 192.168.30.1 24
interface Vlanif 40
ip address 192.168.40.1 24
interface Vlanif 200
ip address 192.168.200.1 24
interface Vlanif 800
ip address 192.168.254.2 30

---

需求四：所有用户均为自动获取ip地址

dhcp enable
ip pool vlan10
network 192.168.10.0 mask 24
gateway-list 192.168.10.1
dns-list 114.114.114.114 8.8.8.8
ip pool vlan20
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
dns-list 114.114.114.114 8.8.8.8
ip pool vlan30
network 192.168.30.0 mask 24
gateway-list 192.168.30.1
dns-list 114.114.114.114 8.8.8.8
ip pool vlan40
network 192.168.40.0 mask 24
gateway-list 192.168.40.1
dns-list 114.114.114.114 8.8.8.8
interface Vlanif 10
dhcp select global
interface Vlanif 20
dhcp select global
interface Vlanif 30
dhcp select global
interface Vlanif 40
dhcp select global

---

需求五：出口配置NAT实现地址转换
SW1：
ip route-s 0.0.0.0 0 192.168.254.1
R1:
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
interface GigabitEthernet 4/0/0
ip address 192.168.254.1 30
interface GigabitEthernet 3/0/0
ip address 12.1.1.1 29
nat outbound 2000
interface GigabitEthernet 0/0/1
ip address 13.1.1.1 29
nat outbound 2000
ip route-s 0.0.0.0 0 12.1.1.6
ip route-s 0.0.0.0 0 13.1.1.6
（一般还需要在该设备上写回包路由，但我用Ospf就不需这些命令了
ip route-s 192.168.10.0 255.255.255.0 192.168.254.2
ip route-s 192.168.20.0 255.255.255.0 192.168.254.2
ip route-s 192.168.30.0 255.255.255.0 192.168.254.2
ip route-s 192.168.40.0 255.255.255.0 192.168.254.2
ip route-s 192.168.200.0 255.255.255.0 192.168.254.2）

---

需求六：Ospf技术宣告路由

SW1：
ospf 1 router-id 1.1.1.1
area 0
network 192.168.10.1 0.0.0.0
network 192.168.20.1 0.0.0.0
network 192.168.30.1 0.0.0.0
network 192.168.40.1 0.0.0.0
network 192.168.200.1 0.0.0.0
network 192.168.254.2 0.0.0.0

R1:

interface GigabitEthernet 1/0/0
ip address 192.168.104.1 30
interface GigabitEthernet 2/0/0
ip address 192.168.105.1 30
ospf 1 router-id 2.2.2.2
area 0
network 192.168.254.1 0.0.0.0
network 192.168.104.1 0.0.0.0
network 192.168.105.1 0.0.0.0

R2:

interface Ethernet 0/0/0
ip address 12.1.1.6 29
int loopback 0
ip address 9.9.9.2 29
int Ethernet 0/0/1
ip address 7.7.7.2 29

R3:

interface Ethernet 0/0/0
ip address 13.1.1.6 29
int loopback 0
ip address 9.9.9.2 29

R4:

interface Ethernet 0/0/1
ip address 192.168.104.2 30
interface Ethernet 0/0/0
ip address 192.168.100.1 30
ospf 1 router-id 4.4.4.4
area 0
network 192.168.104.2 0.0.0.0
network 192.168.100.1 0.0.0.0

R5:

interface Ethernet 0/0/0
ip address 192.168.105.2 30
interface Ethernet 0/0/1
ip address 192.168.150.1 30
ospf 1 router-id 5.5.5.5
area 0
network 192.168.105.2 0.0.0.0
network 192.168.150.1 0.0.0.0

---

需求七：在企业出口将内网服务器的80端口映射出去，允许外网用户访问
R1:
int gi3/0/0
nat static protocol tcp global 12.1.1.3 www inside 192.168.200.20 www

---

需求八：所有设备都可以被telnet远程管理

SW1:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.1 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
SW2:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.2 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW3:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.3 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW4:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.4 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW5:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.5 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW6:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.6 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW7:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.7 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW8:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.8 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

SW9:

vlan batch 900
interface Vlanif 900
ip address 192.168.255.9 24
aaa
local-user test privilege level 3 password cipher 123123
local-user test service-type telnet
user-interface vty 0 4
authentication-mode aaa
ip route-s 0.0.0.0 0 192.168.255.1

---

需求九：所有校区之间可以互访且出口实现冗余

R1:

ip route-s 0.0.0.0 0.0.0.0 12.1.1.6 preference 10
ip route-s 0.0.0.0 0.0.0.0 13.1.1.6

---

需求十：企业财务服务器，只允许（vlan 40）的员工访问。

SW1:

acl number 3000
rule 5 permit ip source 192.168.40.0 0.0.0.255 destination 192.168.200.20 0.0.0.0
rule 10 deny ip source any destination 192.168.200.20 0.0.0.0
int Eth-Trunk 1
traffic-filter outbound acl 3000

---

需求十一：禁止vlan 20 员工访问外网

R1:

acl number 3001
rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 5 deny ip source 192.168.10.0 0.0.0.255 destination any
interface GigabitEthernet 4/0/0
traffic-filter inbound acl 3001