Required documents
The comprehensive training of "Comprehensive Practice of Enterprise Projects" (1) document
Password: c9sb
Background introduction:
Simulate an enterprise's office LAN to access resources on the Internet WEB server, and realize the interconnection of the entire network. Divide the VLAN in the local area network, the client PC can remotely control the switches and routers of the entire network by telnet, and prohibit 192.168.1.0/24 from accessing the WEB service of the server.
The address plan is shown in the following figure. The gateway address of 192.168.1.0/24 is 192.168.1.1, and the gateway address of 192.168.2.0/24 is 192.168.2.1. Client 1 and Client 3 are in VLAN 2, and Client 2 and Client 4 are in VLAN 3.
experiment apparatus:
Two routers (each can provide at least two Ethernet ports, excluding WAN V35 cable), one layer 3 switch, three layer 2 switches, 4 ordinary computers, 1 server, and 10 direct network cables. One crimping pliers, one flat-nose pliers, one line measuring instrument, several network cables, several crystal heads, several label papers (12 labels).
Window 2003 Server has been installed on the server, and a home page file (file name index.htm).
Experimental requirements:
1. As shown in the figure, select the provided equipment and interconnect it. Make the missing cable yourself and label the equipment; (10 points)
2. Configure the Web server so that it can be accessed through the IP address. Verification: enable the web server to access its homepage (index.htm) through http://127.0.0.1; (10 points)
3. Configure RouterA. Configure the host name as RouterA; set the password; configure the interface address; configure the dynamic routing RIP protocol; configure the access control list to prohibit 192.168.1.0/24 from accessing the server's WEB service; configure NAT so that the internal network 192.168.1.0/24 and 192.168. The 2.0 / 24 network segment can access the external network, and the source address to access the external network is 100.0.0.1; capture the text and save it as RouterA.txt; (20 points)
4. Configure RouerB. Configure the host name as RouterB; set the password; configure the interface address; configure the dynamic routing RIP protocol. Capture the text and save it as RouterB.txt; (10 points)
5. Configure SwitchA. Configure the host name as SwitchA; set the password; the upstream port F0 / 24 enables the Layer 3 routing function, configure the IP address 192.168.3.2/24; set the vlan1 management IP: 192.168.0.2/24; configure the link aggregation, set F0 / 1 and F0 / 2 is the aggregation port 1, configure the aggregation port, F0 / 3, F0 / 4 as the trunk interface; create VLAN2, VLAN3 and configure the corresponding switching virtual interface (SVI) address on the switch, where VLAN2 is 192.168. 1.1 / 24, VLAN3 is 192.168.2.1/24; configure dynamic routing RIP protocol. Capture text and save as SwitchA.txt; (15 points)
6. Configure SwitchB, configure the host name as SwitchB; set vlan1 management IP: 192.168.0.3/24 and password. Create VLAN2 and VLAN3 on the switch; set F0 / 1 and F0 / 2 to aggregate port 1; set the aggregate port to trunk interface, and configure the downstream interface to the corresponding VLAN. Capture the text and save it as SwitchB.txt. (10 points)
7. Configure SwitchC and SwitchD, the host names are SwitchC and SwitchD; set vlan1 management IP and password respectively, where SwitchC management IP is 192.168.0.4/24, SwitchD management IP is 192.168.0.5/24; the device is upstream The interface is configured as a trunk interface, and the downstream interface is configured into the corresponding VLAN. Capture text and save as SwitchC.txt, SwitchD.txt. (10 points)
8. Verification: Client 2 and Client 4 can access the homepage of 200.0.0.100; (5 points)
9. Verification: Client 1 can remotely control the switches and routers of the entire network by telnet; )
10. Verification: Any link between switchA and switchB is disconnected, and client 1 can still ping the gateway; (5 points)
Note:
The sequence of experimental steps can be planned by yourself, but the verification steps in each small step are completed. After the teacher's confirmation is required;
2. All passwords are unified as 888888;
Open the "Comprehensive Practice of Enterprise Projects" comprehensive training (1)-topic (unconfigured) file for configuration
SwitchB switch
Switch#en //以下命令包含简写、未补全。
Switch#conf ter
Switch(config)#hostname SwitchB
SwitchB(config)#vlan 2
SwitchB(config-vlan)#vlan 3
SwitchB(config-vlan)#ex
SwitchB(config)#int f0/1
SwitchB(config-if)#sw ac vlan 2
SwitchB(config-if)#int f0/2
SwitchB(config-if)#sw ac vlan 3
SwitchB(config-if)#ex
SwitchB(config)#int range f0/23
SwitchB(config-if-range)#ex
SwitchB(config)#int range f0/23-24
SwitchB(config-if-range)#channel-group 1 mode auto
SwitchB(config-if-range)#ex
SwitchB(config)#int port-channel 1
SwitchB(config-if)#sw mo tr
SwitchB(config-if)#ex
SwitchB(config)#int vlan 1
SwitchB(config-if)#ip address 192.168.0.3 255.255.255.0
SwitchB(config-if)#no shutdown
SwitchB(config-if)#ex
SwitchB(config)#enable password 888888
SwitchB(config)#line vty 0 4
SwitchB(config-line)#password 888888
SwitchB(config-line)#login
SwitchB(config-line)#ex
SwitchB(config)#ip default-gateway 192.168.0.2
Switch 0 (SwitchC)
Switch>en
Switch#conf ter
Switch(config)#vlan 2
Switch(config-vlan)#ex
Switch(config)#hostname SwitchC
SwitchC(config)#int f0/24
SwitchC(config-if)#sw mo tr
SwitchC(config-if)#int f0/2
SwitchC(config-if)#sw acc vlan 2
SwitchC(config-if)#ex
SwitchC(config)#ip default-gateway 192.168.0.2
SwitchC(config)#enable password 888888
SwitchC(config)#line vty 0 4
SwitchC(config-line)#password 888888
SwitchC(config-line)#login
SwitchC(config-line)#exit
SwitchC(config)#
SwitchC(config)#int vlan 1
SwitchC(config-if)#ip add 192.168.0.4 255.255.255.0
SwitchC(config-if)#no shut
Switch 1 (SwitchD)
Switch#conf ter
Switch(config)#hostname SwitchD
SwitchD(config)#vlan 3
SwitchD(config-vlan)#ex
SwitchD(config)#int f0/24
SwitchD(config-if)#sw mo tr
SwitchD(config-if)#int f0/2
SwitchD(config-if)#sw acc vlan 3
SwitchD(config-if)#ex
SwitchD(config)#int vlan 1
SwitchD(config-if)#ip add 192.168.0.5 255.255.255.0
SwitchD(config-if)#no shut
SwitchD(config-if)#ex
SwitchD(config)#enable password 888888
SwitchD(config)#line vty 0 4
SwitchD(config-line)#password 888888
SwitchD(config-line)#login
SwitchD(config-line)#ex
SwitchD(config)#ip default-gateway 192.168.0.2
Multilayer SwitchA (three-layer switch)
Switch>en
Switch#conf ter
Switch(config)#hostname SwitchA
SwitchA(config)#int range f0/1-2
SwitchA(config-if-range)#channel-group 1 mode auto
SwitchA(config-if-range)#ex
SwitchA(config)#int port-channel 1
SwitchA(config-if)#sw trunk encapsulation dot1q
SwitchA(config-if)#sw mo tr
SwitchA(config-if)#int range f0/3-4
SwitchA(config-if-range)#sw trunk encapsulation dot1q
SwitchA(config-if-range)#sw mo tr
SwitchA(config-if-range)#int f0/24
SwitchA(config-if)#no shutdown
SwitchA(config-if)#ip add 192.168.3.2 255.255.255.0
SwitchA(config-if)#no shutdown
SwitchA(config-if)#int vlan 2
SwitchA(config-if)#ip add 192.168.1.1 255.255.255.0
SwitchA(config-if)#no shutdown
SwitchA(config-if)#int vlan 3
SwitchA(config-if)#ip add 192.168.2.1 255.255.255.0
SwitchA(config-if)#no shut
SwitchA(config-if)#int vlan 1
SwitchA(config-if)#ip add 192.168.0.2 255.255.255.0
SwitchA(config-if)#no shutd
SwitchA(config-if)#ex
SwitchA(config)#router rip
SwitchA(config-router)#version 2
SwitchA(config-router)#network 192.168.0.0
SwitchA(config-router)#network 192.168.1.0
SwitchA(config-router)#network 192.168.2.0
SwitchA(config-router)#no auto-summary
SwitchA(config-router)#ex
SwitchA(config)#enable password 888888
SwitchA(config)#line vty 0 4
SwitchA(config-line)#password 888888
SwitchA(config-line)#login
SwitchA(config-line)#ex
SwitchA(config)#ip route 0.0.0.0 0.0.0.0 192.168.3.1
SwitchA(config)#router rip
SwitchA(config-router)#network 192.168.3.0
router
Router>en
Router#conf ter
Router(config)#hostname RouterA
RouterA(config)#int f0/0
RouterA(config-if)#ip add 192.168.3.1 255.255.255.0
RouterA(config-if)#no shutd
RouterA(config-if)#int f0/1
RouterA(config-if)#ip add 100.0.0.1 255.255.255.0
RouterA(config-if)#no shutd
RouterA(config-if)#exit
RouterA(config)#router rip
RouterA(config-router)#version 2
RouterA(config-router)#network 192.168.3.0
RouterA(config-router)#no auto
RouterA(config-router)#ex
RouterA(config)#ip route 0.0.0.0 0.0.0.0 100.0.0.2
RouterA(config)#enable password 888888
RouterA(config)#line vty 0 4
RouterA(config-line)#password 888888
RouterA(config-line)#login
RouterA(config-line)#exit
RouterA#conf ter
RouterA(config)#access-list 1 permit 192.168.1.0 0.0.0.255
RouterA(config)#access-list 1 permit 192.168.2.0 0.0.0.255
RouterA(config)#ip nat pool abc 100.0.0.1 100.0.0.1 netmask 255.255.255.0
RouterA(config)#ip nat inside source list 1 pool abc overload
RouterA(config)#int f0/0
RouterA(config-if)#ip nat inside
RouterA(config-if)#int f0/1
RouterA(config-if)#ip nat outside
RouterA#conf ter
RouterA(config)#access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 200.0.0.2 eq www
RouterA(config)#access-list 100 permit ip any any
RouterA(config)#int f0/0
RouterA(config-if)#ip access-group 100 in
RouterB
Router>en
Router#conf ter
Router(config)#hostname RouterB
RouterB(config)#int f0/0
RouterB(config-if)#ip add 100.0.0.2 255.255.255.0
RouterB(config-if)#no shutd
RouterB(config-if)#int f0/1
RouterB(config-if)#ip add 200.0.0.1 255.255.255.0
RouterB(config-if)#no shutd
RouterB(config-if)#exit
RouterB(config)#router rip
RouterB(config-router)#version 2
RouterB(config-router)#network 200.0.0.0
RouterB(config-router)#no auto-summary
RouterB(config-router)#exit
RouterB(config)#enable password 888888
RouterB(config)#line vty 0 4
RouterB(config-line)#password 888888
RouterB(config-line)#login
RouterB(config-line)#exit
RouterB(config)#
