中小型网络系统综合实验
实验要求
- 网络中有三个不同部门,均可自动获取地址
- 各部门之间可以互相访问,同时也可以访问内网服务器172.16.100.1
- PC1可以访问互联网,PC2和PC3可以访问互联网
- 内网服务器对外发布的地址为64.1.1.3,Internet用户可以访问这台服务器
- 内网服务器的域名为www.jya.net,各PC可以通过域名访问
拓扑图
实验步骤
1.S1和S2为二层交换机,S3为三层交换机。首先实现各部门自动寻址,在S2上创建vlan20、30,在相对应的接口上分配vlan以及连接类型
[S2]vlan batch 20 30
[S2]int e0/0/2
[S2-Ethernet0/0/2]port link-type access
[S2-Ethernet0/0/2]port default vlan 20
[S2-Ethernet0/0/2]int e0/0/3
[S2-Ethernet0/0/3]port link-type access
[S2-Ethernet0/0/3]port default vlan 30
[S2-Ethernet0/0/3]dis th
#
interface Ethernet0/0/3
port link-type access
port default vlan 30
#
return
[S2-Ethernet0/0/3]int e0/0/1
[S2-Ethernet0/0/1]port link-type trunk
[S2-Ethernet0/0/1]port trunk allow-pass vlan all 2.在S3上同样先创建vlan 10 20 30 40,其中Vlan 40为服务器单独划分的vlan。
[S3]vlan batch 10 20 30 403.为各个vlan添加网关
[S3]int vlan 20
[S3-Vlanif20]ip add 192.168.20.254 24
[S3-Vlanif20]int vlan 10
[S3-Vlanif10]ip add 192.168.10.254 24
[S3-Vlanif10]int vlan 30
[S3-Vlanif30]ip add 192.168.30.254 24
[S3-Vlanif30]int vlan 40
[S3-Vlanif40]ip add 172.16.100.254 244.打开DHCP,在每个vlan下添加dns-list
[S3]dhcp enable
[S3]int vlan 10
[S3-Vlanif10]dhcp select interface //在vlanif10 下选择打开dhcp
[S3-Vlanif10]dhcp server dns-list 172.16.100.1 //添加dns
[S3-Vlanif10]dis th
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
dhcp server dns-list 172.16.100.1
#
return
[S3-Vlanif10]int vlan 20
[S3-Vlanif20]dhcp select interface
[S3-Vlanif20] dhcp server dns-list 172.16.100.1
[S3-Vlanif20]dis th
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select interface
dhcp server dns-list 172.16.100.1
#
return
[S3-Vlanif20]int vlan 30
[S3-Vlanif30]dhcp select interface
[S3-Vlanif30] dhcp server dns-list 172.16.100.1
[S3-Vlanif30]dis th
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
dhcp select interface
dhcp server dns-list 172.16.100.1
#
return
[S3-Vlanif30]q
[S3]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.10.254/24 up up
Vlanif20 192.168.20.254/24 down down
Vlanif30 192.168.30.254/24 down down
Vlanif40 172.16.100.254/24 down down
[S3]5.接口配置vlan
[S3]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type access
[S3-GigabitEthernet0/0/2]port default vlan 10
[S3]int g0/0/3
[S3-GigabitEthernet0/0/3]port link-type trunk
[S3-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S3-GigabitEthernet0/0/3]int g0/0/4
[S3-GigabitEthernet0/0/4]port link-type access
[S3-GigabitEthernet0/0/4]port default vlan 406.配置DNS服务器
7.现在查看ipconfig可以看到已经自动获取地址,且可以通过域名访问dns服务器
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fea6:918
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.253
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-A6-09-18
DNS server........................: 172.16.100.1
PC>ping 172.16.100.1
Ping 172.16.100.1: 32 data bytes, Press Ctrl_C to break
From 172.16.100.1: bytes=32 seq=1 ttl=254 time=46 ms
From 172.16.100.1: bytes=32 seq=2 ttl=254 time=63 ms
From 172.16.100.1: bytes=32 seq=3 ttl=254 time=47 ms
From 172.16.100.1: bytes=32 seq=4 ttl=254 time=47 ms
From 172.16.100.1: bytes=32 seq=5 ttl=254 time=31 ms
--- 172.16.100.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/46/63 ms
PC>ping www.jya.net
Ping www.jya.net [172.16.100.1]: 32 data bytes, Press Ctrl_C to break
From 172.16.100.1: bytes=32 seq=1 ttl=254 time=47 ms
From 172.16.100.1: bytes=32 seq=2 ttl=254 time=32 ms
From 172.16.100.1: bytes=32 seq=3 ttl=254 time=62 ms
From 172.16.100.1: bytes=32 seq=4 ttl=254 time=31 ms
From 172.16.100.1: bytes=32 seq=5 ttl=254 time=47 ms
--- 172.16.100.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/43/62 ms
PC>8.到这一步为止内网的配置就已经完成
9.给核心交换机S3和路由器R1之间的接口配上IP地址10.10.10.和10.10.10.2,实现互通
//先给R1的g0/0/0接口配置地址
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.10.10.1 24
//给S3的g0/0/1接口配上地址,注意交换机接口不能直接配置IP地址,会报错。所以先创建一个vlan 100,在valn里配置地址
[S3]vlan 100
[S3-vlan100]q
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]port link-type access
[S3-GigabitEthernet0/0/1]port default vlan 100
[S3-GigabitEthernet0/0/1]q
[S3]int vlan 10
[S3-Vlanif100]ip add 10.10.10.2 24
[S3-Vlanif100]dis th
#
interface Vlanif100
ip address 10.10.10.2 255.255.255.0
#
return10.完成上面的配置后,核心交换机和R1之间实现互通
[S3]ping 10.10.10.1
PING 10.10.10.1: 56 data bytes, press CTRL_C to break
Reply from 10.10.10.1: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 10.10.10.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.10.10.1: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 10.10.10.1: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 10.10.10.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.10.10.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/36/110 ms
[S3]11.给路由器配上外网地址
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 64.1.1.1 2412.在S3上配置一条去外网的路由
[S3]ip route-static 0.0.0.0 0.0.0.0 10.10.10.113.在R1上配置路由
[R1]ip route-static 0.0.0.0 0.0.0.0 64.1.1.10
[R1]ip route-static 192.168.0.0 255.255.0.0 10.10.10.2
[R1]ip route-static 172.16.100.0 255.255.255.0 10.10.10.214.配置内网访问外网的NAT,创建ACL 2000,规则允许源地址为192.168.0.0网段
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.25515.创建nat地址池
[R1]nat address-group 1 64.1.1.5 64.1.1.5
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1//这个时候内网三个部门的PC均可访问外网的地址
PC>ping 8.8.8.8
Ping 8.8.8.8: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
From 8.8.8.8: bytes=32 seq=3 ttl=252 time=78 ms
From 8.8.8.8: bytes=32 seq=4 ttl=252 time=47 ms
From 8.8.8.8: bytes=32 seq=5 ttl=252 time=62 ms
--- 8.8.8.8 ping statistics ---
5 packet(s) transmitted
3 packet(s) received
40.00% packet loss
round-trip min/avg/max = 0/62/78 ms
16.创建acl2001,阻止PC1访问互联网
[R1]acl 2001
[R1-acl-basic-2001]rule deny source 192.168.10.0 0.0.0.255
[R1-acl-basic-2001]rule permit source any
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 2001//PC1无法访问互联网
17.配置静态NAT给服务器绑定公网ip
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]nat static enable
[R1-GigabitEthernet0/0/1]nat static global 64.1.1.3 inside 172.16.100.1x现在外网的PC就可以访问内网的服务器
PC>ping 64.1.1.3
Ping 64.1.1.3: 32 data bytes, Press Ctrl_C to break
From 64.1.1.3: bytes=32 seq=1 ttl=252 time=62 ms
From 64.1.1.3: bytes=32 seq=2 ttl=252 time=32 ms
From 64.1.1.3: bytes=32 seq=3 ttl=252 time=31 ms
From 64.1.1.3: bytes=32 seq=4 ttl=252 time=47 ms
From 64.1.1.3: bytes=32 seq=5 ttl=252 time=15 ms
--- 64.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/37/62 ms