实验二 大型(单核心)网络综合实验

实验二大型(单核心)网络综合实验

目录

实验介绍 (2)

第一步基本配置 (4)

1.1、R2624-A基本配置 (4)

1.2、S6806E-A基本配置 (5)

1.3、S3550-24-A基本配置 (6)

1.4、S3550-24-B基本配置 (7)

1.5、S2126G-A1基本配置 (9)

1.6、S2126G-A2基本配置 (10)

1.7、S2126G-B1基本配置 (11)

1.8、S2126G-B2基本配置 (12)

第二步 ospf路由选择协议配置及测试 (13)

2.1、R2624-A ospf路由协议配置 (13)

2.2、S6806E ospf路由协议配置 (13)

2.3、S3550-24-A ospf路由协议配置 (13)

2.4、S3550-24-B ospf路由协议配置 (14)

2.5、ospf验证 (14)

2.5.1、R2624-A ospf验证 (14)

2.5.2、S6806E-A ospf验证 (15)

2.5.3、S3550-24-A ospf验证 (16)

2.5.4、S3550-24-B ospf验证 (17)

第三步基本连通性测试。 (18)

3.1、网络连通性测试 (18)

3.2、vlan间通信测试。 (21)

第四步 NAT功能配置及测试。 (22)

4.1、NAT功能是通过在R2624-A上实现的。 (22)

4.1.1、在R2624-A上配置NAT功能 (22)

4.1.2、测试nat功能。 (22)

4.2、【参考配置】 (23)

4.2.1、R2624-A参考配置 (24)

4.2.2、S6806E-A参考配置 (26)

4.2.3、S3550-24-B参考配置 (27)

4.2.4、S3550-24-A参考配置 (29)

4.2.5、S2126G-B1参考配置 (31)

4.2.6、S2126G-B2参考配置 (33)

4.2.7、S2126G-A1参考配置 (34)

实验介绍

【实验名称】

大型(单核心)网络综合实验。

【实验原型】

某大型企业全网建设(采用设备: RG-R3662路由器、RG-S6806E多业务万兆核心路由交换机、RG-S3550-12SFP/GT全千兆三层路由交换机、RG-S2126G/50G千兆安全智能堆叠交换机)。

【实验目的】

在实验室环境根据具体真实网络建设搭建模拟环境进行综合应用实验,指导学员如何规划实施大型企业、校园网络建设规划。【预备知识】

交换路由基础,OSPF、802.1qvlan、NAT、SNMP、ACL访问控制、安全控制等。

【背景描述】

为了加快并某集团的信息化建设,新的集团企业网将建设一个以集团办公自动化、电子商务、业务综合管理、多媒体视频会议、远程通讯、信息发布及查询为核心,以现代网络技术为依托,技术先进、扩展性强,将集团的各种办公室、多媒体会议室、控制中心的PC机、工作站、终端设备、控制系统用高速计算机网络连接起来,实现内、外沟通的现代化计算机网络系统。该网络系统是日后支持办公自动化、供应链管理以及各应用系统运行的基础设施,为了确保这些关键应用系统的正常运行、安全和发展,系统必须具备如下的特性:

1、采用先进的网络通信技术完成集团企业网的建设,实现各分公司的信息化;

2、在整个企业集团内实现所有部门的办公自动化,提高工作效率和管理服务水平;

3、在整个企业集团内实现资源共享、产品信息共享、实时新闻发布;

4、在整个企业集团内实现财务电算化;

5、在整个企业集团内实现集中式的供应链管理系统和客户服务关系管理系统

建设后的网络拓朴如下:

实验二 大型(单核心)网络综合实验

【实现功能】

实现内部网络VLAN划分,三层路由功能,并启用OSPF路由协议;病毒攻击防护、出口实现NAT地址转换,全网采用starview 进行网络管理。

【实验拓扑】

实验二 大型(单核心)网络综合实验

【实验设备】

出口设备:R2624路由器 1台;核心设备:S68系列(或S65/S35系列设备)1台,配置千兆光纤接口 2块;汇聚设备:S3550-24 2台,每台配置1块千兆光纤接口;接入设备:S2126G二层交换机4台:实验PC:8台;终端用户的默认网关指向各自对应的vlan接口的ip地址。

【实验步骤】

第一步:网络设备的基本配置;

第二步:ospf配置及其测试;

第三步:网络连通性测试;

第四步:NAT功能测试四部分

第一步基本配置

1.1、R2624-A基本配置

hostname R2624-A

!

enable password star

!

interface FastEthernet0

ip address 192.168.86.30 255.255.255.240 no shut

ip nat inside

exit

!

interface FastEthernet1

ip address 210.96.100.85 255.255.255.252 no shut

ip nat outside

exit

!

line con 0

line aux 0

line vty 0 4

password star

login

end

1.2、S6806E-A基本配置

hostname S6806E-A

enable secret level 1 0 star

enable secret level 15 0 star

!

interface GigabitEthernet 4/1

switchport mode trunk

exit

!

interface GigabitEthernet 4/2

switchport mode trunk

exit

!

interface GigabitEthernet 4/10

switchport access vlan 300

exit

!

interface Vlan 1

ip address 192.168.0.3 255.255.255.0

no shut

exit

!

interface Vlan 100

ip address 192.168.128.45 255.255.255.248 no shut

exit

!

interface Vlan 200

ip address 192.168.129.45 255.255.255.248 no shut

!

interface Vlan 300

ip address 192.168.86.17 255.255.255.240 no shut

exit

!

End

1.3、S3550-24-A基本配置

hostname S3550-24-A

vlan 1

exit

vlan 10

exit

vlan 20

exit

vlan 30

exit

vlan 100

exit

interface FastEthernet 0/1

switchport mode trunk

exit

!

interface FastEthernet 0/10

switchport mode trunk

exit

!

interface FastEthernet 0/20

switchport mode trunk

interface Vlan 1

ip address 192.168.0.1 255.255.255.0

no shut

exit

!为交换机分配管理ip地址

interface Vlan 10

ip address 172.16.10.1 255.255.255.0

no shut

exit

!为vlan10分配ip地址

interface Vlan 20

ip address 172.16.20.1 255.255.255.0

no shut

exit

! 为vlan20分配ip地址

interface Vlan 30

ip address 172.16.30.1 255.255.255.0

no shut

exit

! 为vlan30分配ip地址

interface Vlan 100

ip address 192.168.128.44 255.255.255.248 no shut

exit

! 为vlan30分配ip地址

1.4、S3550-24-B基本配置

hostname S3550-24-B

vlan 1

exit

vlan 60

exit

vlan 70

exit

vlan 200

exit

enable secret level 1 0 star

enable secret level 15 0 star

!

interface FastEthernet 0/1

switchport mode trunk

exit

!

interface FastEthernet 0/10

switchport mode trunk

exit

!

interface FastEthernet 0/20

switchport mode trunk

exit

!

interface Vlan 1

ip address 192.168.0.2 255.255.255.0 no shut

exit

!

interface Vlan 50

ip address 172.18.50.1 255.255.255.0 no shut

exit

!

ip address 172.18.60.1 255.255.255.0

no shut

exit

!

interface Vlan 70

ip address 172.18.70.1 255.255.255.0

no shut

exit

!

interface Vlan 200

ip address 192.168.129.44 255.255.255.248 no shut

exit

!

End

1.5、S2126G-A1基本配置

hostname S2126G-A1

vlan 1

exit

vlan 10

!划分vlan10

exit

vlan 20

!划分vlan20

exit

vlan 30

!划分vlan30

exit

!设置telnet密码

enable secret level 15 0 star

!设置特权模式密码

interface range fastEthernet 0/1-3

switchport access vlan 10

exit

!将f0/1,f0/2和f0/3划分到vlan10里interface range fastEthernet 0/4-6

switchport access vlan 20

exit

!将f0/4,f0/5和f0/6划分到vlan20里interface range fastEthernet 0/7-9

switchport access vlan 30

exit

!将f0/7,f0/8和f0/9划分到vlan30里interface fastEthernet 0/10

switchport mode trunk

exit

!将f0/10设置为trunk模式

end

S2126G-A1#

1.6、S2126G-A2基本配置

hostname S2126G-A2

vlan 1

exit

vlan 10

exit

vlan 20

exit

enable secret level 1 0 star enable secret level 15 0 star

!

interface range fastEthernet 0/1-3 switchport access vlan 10

exit

interface range fastEthernet 0/4-6 switchport access vlan 20

exit

interface range fastEthernet 0/7-9 switchport access vlan 30

exit

interface fastEthernet 0/20

switchport mode trunk

exit

end

S2126G-A2#

1.7、S2126G-B1基本配置

hostname S2126G-B1

vlan 1

exit

vlan 50

exit

vlan 60

exit

vlan 70

exit

enable secret level 1 0 star enable secret level 15 0 star

interface range fastEthernet 0/4-6 switchport access vlan 60

exit

interface range fastEthernet 0/7-9 switchport access vlan 70

exit

interface fastEthernet 0/10

switchport mode trunk

exit

1.8、S2126G-B2基本配置

hostname S2126G-B2

vlan 1

exit

vlan 50

exit

vlan 60

exit

vlan 70

exit

enable secret level 1 0 star enable secret level 15 0 star

!

interface range fastEthernet 0/1-3 switchport access vlan 50

exit

interface range fastEthernet 0/4-6 switchport access vlan 60

interface fastEthernet 0/20

switchport mode trunk

exit

A2#

第二步 ospf路由选择协议配置及测试

2.1、R2624-A ospf路由协议配置

router ospf 1

!启动ospf进程并指定本地进程号

network 210.96.100.84 0.0.0.3 area 0.0.0.0

network 192.168.86.16 0.0.0.15 area 0.0.0.0

default-information originate always

!不管路由器是否存在缺省路由,总是向其它路由器公告缺省路由end

2.2、S6806E ospf路由协议配置

router ospf

area 0.0.0.0

network 192.168.86.16 255.255.255.240 area 0.0.0.0 network 192.168.128.40 255.255.255.248 area 0.0.0.0 network 192.168.129.40 255.255.255.248 area 0.0.0.0

end

2.3、S3550-24-A ospf路由协议配置

router ospf

network 172.16.10.0 255.255.255.0 area 0.0.0.0

!指定参与交换ospf更新的网络以及这些网络所属的区域

network 172.16.20.0 255.255.255.0 area 0.0.0.0

!指定参与交换ospf更新的网络以及这些网络所属的区域

network 172.16.30.0 255.255.255.0 area 0.0.0.0

!指定参与交换ospf更新的网络以及这些网络所属的区域

network 192.168.128.40 255.255.255.248 area 0.0.0.0

!指定参与交换ospf更新的网络以及这些网络所属的区域

end

2.4、S3550-24-B ospf路由协议配置

router ospf

area 0.0.0.0

network 172.18.50.0 255.255.255.0 area 0.0.0.0

network 172.18.60.0 255.255.255.0 area 0.0.0.0

network 172.18.70.0 255.255.255.0 area 0.0.0.0

network 192.168.129.40 255.255.255.248 area 0.0.0.0

end

2.5、ospf验证

2.5.1、R2624-A ospf验证

D) R2624-A#show ip route

!查看R2624-A路由表

Codes: C - connected, S - static, R - RIP

O - OSPF, IA - OSPF inter area

E1 - OSPF external type 1, E2 - OSPF external type 2 Gateway of last resort is 210.96.100.86 to network 0.0.0.0 192.168.86.0/28 is subnetted, 1 subnets

C 192.168.86.16 is directly connected, FastEthernet0

O 172.16.20.0 [110/3] via 192.168.86.17, 00:43:05, FastEthernet0

O 172.16.10.0 [110/3] via 192.168.86.17, 00:43:05, FastEthernet0

172.18.0.0/24 is subnetted, 3 subnets

O 172.18.60.0 [110/3] via 192.168.86.17, 00:43:05, FastEthernet0

O 172.18.50.0 [110/3] via 192.168.86.17, 00:43:05, FastEthernet0

O 172.18.70.0 [110/3] via 192.168.86.17, 00:43:05, FastEthernet0

210.96.100.0/30 is subnetted, 1 subnets

C 210.96.100.84 is directly connected, FastEthernet1

192.168.128.0/29 is subnetted, 1 subnets

O 192.168.128.40 [110/2] via 192.168.86.17, 00:43:05, FastEthernet0

192.168.129.0/29 is subnetted, 1 subnets

O 192.168.129.40 [110/2] via 192.168.86.17, 00:43:05, FastEthernet0

S* 0.0.0.0/0 [1/0] via 210.96.100.86

R2624-A#show ip ospf neighbor

!查看R2624-A的ospf邻居

Neighbor ID Pri State Dead Time Address Interface 192.168.129.45 1 FULL/DR 00:00:36 192.168.86.17 FastEthernet0 R2624-A#

2.5.2、S6806E-A ospf验证

C) S6806E-A# show ip route

!查看S6806E-A路由表,以下路由信息除了直连路由外,都是通过ospf学习来的。Type: C - connected, S - static, R - RIP, B - BGP, P - policy

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

Type Destination IP Next hop Interface Distance Metric Status

---- ------------------ --------------- --------- -------- -------- --------

O E2 0.0.0.0/0 192.168.86.30 VL300 110 1 Active

O 172.16.10.0/24 192.168.128.44 VL100 110 2 Active

O 172.16.30.0/24 192.168.128.44 VL100 110 2 Active

O 172.18.50.0/24 192.168.129.44 VL200 110 2 Active

O 172.18.60.0/24 192.168.129.44 VL200 110 2 Active

O 172.18.70.0/24 192.168.129.44 VL200 110 2 Active

C 192.168.0.0/24 0.0.0.0 VL1 0 0 Active

C 192.168.86.16/28 0.0.0.0 VL300 0 0 Active

C 192.168.128.40/29 0.0.0.0 VL100 0 0 Active

C 192.168.129.40/29 0.0.0.0 VL200 0 0 Active

O 210.96.100.84/30 192.168.86.30 VL300 110 2 Active

S6806E-A#show ip ospf neighbor

!查看S6806E-A的ospf邻居

Neighbor ID Pri State DeadTime Address Interface

--------------- --- ---------------- -------- --------------- ---------- 210.96.100.85 1 full/BDR 00:00:31 192.168.86.30 VL300 192.168.128.44 1 full/BDR 00:00:30 192.168.128.44 VL100 192.168.129.44 1 full/BDR 00:00:37 192.168.129.44 VL200

S6806E-A#

2.5.3、S3550-24-A ospf验证

S3550-24-A#show ip route

!查看S3550-24-A路由表,以下路由信息除了直连路由外,都是通过ospf学习来的Type: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

Type Destination IP Next hop Interface Distance Metric Status ---- ------------------ --------------- --------- -------- -------- -------- O E2 0.0.0.0/0 192.168.128.45 VL100 110 1 Active

C 172.16.10.0/24 0.0.0.0 VL10 0 0 Active

C 172.16.30.0/24 0.0.0.0 VL30 0 0 Active

O 172.18.50.0/24 192.168.128.45 VL100 110 3 Active

O 172.18.60.0/24 192.168.128.45 VL100 110 3 Active

O 172.18.70.0/24 192.168.128.45 VL100 110 3 Active

C 192.168.0.0/24 0.0.0.0 VL1 0 0 Active

O 192.168.86.16/28 192.168.128.45 VL100 110 2 Active

C 192.168.128.40/29 0.0.0.0 VL100 0 0 Active

O 192.168.129.40/29 192.168.128.45 VL100 110 2 Active

O 210.96.100.84/30 192.168.128.45 VL100 110 3 Active

S3550-24-A# show ip ospf neighbor

!查看S3550-24-A的邻居路由器。

Neighbor ID Pri State DeadTime Address Interface

--------------- --- ---------------- -------- --------------- ---------- 192.168.129.45 1 full/DR 00:00:32 192.168.128.45 VL100

S3550-24-A#

2.5.4、S3550-24-B ospf验证

B) S3550-24-B# show ip route

!查看S3550-24-B路由表,以下路由信息除了直连路由外,都是通过ospf学习来的Type: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

Type Destination IP Next hop Interface Distance Metric Status ---- ------------------ --------------- --------- -------- -------- -------- O E2 0.0.0.0/0 192.168.129.45 VL200 110 1 Active

O 172.16.10.0/24 192.168.129.45 VL200 110 3 Active

O 172.16.20.0/24 192.168.129.45 VL200 110 3 Active

O 172.16.30.0/24 192.168.129.45 VL200 110 3 Active

C 172.18.50.0/24 0.0.0.0 VL50 0 0 Active

C 172.18.60.0/24 0.0.0.0 VL60 0 0 Active

O 192.168.86.16/28 192.168.129.45 VL200 110 2 Active

O 192.168.128.40/29 192.168.129.45 VL200 110 2 Active

C 192.168.129.40/29 0.0.0.0 VL200 0 0 Active

O 210.96.100.84/30 192.168.129.45 VL200 110 3 Active

S3550-24-B#show ip ospf neighbor

!查看S3550-24-B的邻居路由器。

Neighbor ID Pri State DeadTime Address Interface

--------------- --- ---------------- -------- --------------- ----------

192.168.129.45 1 full/DR 00:00:35 192.168.129.45 VL200

第三步基本连通性测试。

包括网络连通性测试和不同vlan间用户通信连通性测试

3.1、网络连通性测试

在S2126G-A1的vlan10内的用户,用户主机ip地址为172.16.10.195/24,网关为172.16.10.1。D:\>ipconfig

Windows 2000 IP Configuration

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.10.195

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.10.1

!在vlan10 里,ip地址为172.16.10.195主机为测试主机

D:\>ping 172.16.10.1

Pinging 172.16.10.1 with 32 bytes of data:

Reply from 172.16.10.1: bytes=32 time<10ms TTL=64

Reply from 172.16.10.1: bytes=32 time<10ms TTL=64

!测试到网关的连通性

D:\>ping 172.16.20.1

Pinging 172.16.20.1 with 32 bytes of data:

Reply from 172.16.20.1: bytes=32 time<10ms TTL=64

!测试到S3550-24-A vlan20svi口的连通性

D:\>ping 172.16.30.1

Pinging 172.16.30.1 with 32 bytes of data:

Reply from 172.16.30.1: bytes=32 time<10ms TTL=64

!测试到S3550-24-A vlan30svi口的连通性

D:\>ping 192.168.128.44

Pinging 192.168.128.44 with 32 bytes of data:

Reply from 192.168.128.44: bytes=32 time<10ms TTL=64 !测试到S3550-24-A vlan100svi口的连通性

D:\>ping 192.168.128.45

Pinging 192.168.128.45 with 32 bytes of data:

Reply from 192.168.128.45: bytes=32 time=2ms TTL=62 !测试到S6806E-A vlan100的svi口的连通性

D:\>ping 192.168.129.45

Pinging 192.168.129.45 with 32 bytes of data:

Reply from 192.168.129.45: bytes=32 time=1ms TTL=63 !测试到S6806E-A vlan200的svi口的连通性

D:\>ping 192.168.86.17

Pinging 192.168.86.17 with 32 bytes of data:

Reply from 192.168.86.17: bytes=32 time=1ms TTL=63

!测试到S6806E-A vlan300的svi口的连通性

相关推荐
相关主题
热门推荐