Basic simulation exploration experiment on Cisco Packet Tracer

Directly connect two PCs to construct a LAN

Connect two PCs directly to form a network, and ping each other.
First, set the network configuration of the two hosts, and then ping

Build a LAN with a switch

1. Can PC0 ping PC1, PC2, PC3?

Can ping pc1, but cannot ping pc2, pc3.

2. Can PC3 ping PC0, PC1, and PC2? why?

pc3 can ping pc2, but cannot ping pc0 and pc1, because pc0 and pc1 are not in the same subnet as pc2 and pc3.

3. Change the masks of the 4 PCs to 255.255.0.0, can they ping each other? why?

You can ping each other because the tower gate 3 belongs to the same subnet at this time.

4. Does the network connected with the Layer 2 switch need to be configured with a gateway? why?
Yes, because a gateway is a device that connects two network segments that use different transmission protocols. The gateway is generally used as the entry and exit point of the network, because all data must pass through or communicate with the gateway before routing.

Switch interface address list

The Layer 2 switch is a plug-and-play multi-interface device. It has three processing methods for received frames: broadcast, forward, and discard (please figure out when and what operation). Then, to successfully forward, there must be an interface address list or MAC table in the switch, which is automatically obtained by the switch through learning!
Still build the topological structure of the above figure, and configure the IP of each computer in the same subnet, use the magnifying glass in the toolbar to click on a switch such as Switch3 on the left, select MAC Table, you can see that the MAC table of the initial switch is empty , That is, it does not know how to forward the frame (so how will it be processed?), after accessing (ping) PC1 with PC0, check the MAC table of the switch. Now there are corresponding records. Please think about how to get it. With the increase of network communication, each switch will generate its own complete MAC table. At this time, the switching speed of the switch is the fastest!


When a switch receives a data frame, it will check its own MAC table. If there is no source MAC and destination MAC of the data frame in the MAC table, it will register the forwarding table and broadcast the data frame.

Spanning Tree Protocol

The switch needs to broadcast when the destination address is unknown or when the broadcast frame is received. If there are loops/loops between switches, broadcast loop storms will occur, which will seriously affect network performance.

The STP protocol running in the switch can avoid broadcast loop storms between switches.

This is the initial state. We can see that there is a loop between the switches, which will cause broadcast frames to be transmitted cyclically, that is, a broadcast storm, which seriously affects network performance.

After a period of time, after the spanning tree is successfully constructed by the STP protocol, the orange part is connected, but the logical

uplink is not available. During the network operation, suppose there is a problem with the physical connection between Switch4 and Switch5 at some point, cut a line , The spanning tree will automatically change.

Preliminary router configuration

The simulation of the connection between Chongqing Jiaotong University and Chongqing University is as follows.


Looking at the connection port, it can be found that Fa0/0 is the WAN interface and Fa0/1 Ethernet interface. So


far, the basic configuration of the router has been completed.

1. Static routing

1. Explanation: Static routing is a non-adaptive routing protocol, which is manually configured by network managers and cannot be changed according to changes in network topology. Therefore, static routing is simple and efficient, and is suitable for networks with very simple structures.

2. Perform static routing configuration.

Jiaotong University router static routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2   // 告诉交通大学路由器到 192.168.3.0 这个网络的下一跳是 192.168.2.2
Router(config)#exit   //退到特权模式
Router#show ip route    //查看路由表

Chongqing University router static routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1   // 告诉重庆大学路由器到 192.168.1.0 这个网络的下一跳是 192.168.2.1
Router(config)#exit   //退到特权模式
Router#show ip route    //查看路由表

3. Check the routing table after configuration:

Check the routing table and you can see a route marked as S, where S stands for Static.

2. Dynamic routing RIP

1. Explanation: The dynamic routing protocol uses an adaptive routing algorithm, which can re-route the computer optimally according to changes in the network topology.
2. Clear the static routing configuration: My approach here is to delete the router and create a new one, and re-enter the basic network configuration.
3. Configure RIP routing for two routers. RIP routing configuration of
Jiaotong University router:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router rip   // 启用 RIP 路由协议，注意是 router 命令
Router(config-router)#network 192.168.1.0   // 网络 192.168.1.0 与我直连
Router(config-router)#network 192.168.2.0   // 网络 192.168.2.0 与我直连
Router(config-router)#^z   //直接退到特权模式
Router#show ip route    //查看路由表

Chongqing University router RIP routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router rip   // 启用RIP路由协议，注意是 router 命令
Router(config-router)#network 192.168.3.0   // 网络 192.168.3.0 与我直连
Router(config-router)#network 192.168.2.0   // 网络 192.168.2.0 与我直连
Router(config-router)#^z   //直接退到特权模式
Router#show ip route    //查看路由表

4. Check the routing table after configuration:

Check the routing table and you can see a route marked R, where R stands for RIP.

3. Dynamic routing OSPF

1. Explanation: OSPF (Open Shortest Path First) is an interior gateway protocol (Interior Gateway Protocol, IGP), which is used to make routing decisions in a single autonomous system (Autonomous System, AS). OSPF has better performance than RIP and is a routing protocol widely used for intra-domain routing.
2. Clear the previous configuration.
3. The OSPF routing configuration of the Jiaotong University router:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router ospf 1   // 启用 OSPF 路由协议，进程号为1（可暂不理会进程号概念）
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0   // 自治域0中的属于 192.168.1.0/24 网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#network 192.168.2.0 0.0.0.255 area 0   // 自治域0中的属于 192.168.2.0/24 网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#^z   //直接退到特权模式
Router#show ip route    //查看路由表

Chongqing University router OSPF routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router ospf 1   // 启用 OSPF 路由协议，进程号为1
Router(config-router)#network 192.168.3.0 0.0.0.255 area 0   // 自治域0中的属于 192.168.3.0/24 网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#network 192.168.2.0 0.0.0.255 area 0   // 自治域0中的属于 192.168.2.0/24 网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#^z   //直接退到特权模式
Router#show ip route    //查看路由表

4. Check the routing table after configuration:

Check the routing table and you can see a route marked as O, where O means OSPF.

4. Port-based network address translation PAT

1. We still use the topologies of Chongqing Jiaotong University and Chongqing University for PAT experiments
. The configuration data of each PC in the

topology diagram is as follows: The configuration data of each interface of the router in the topology diagram is as follows:

Jiaotong University router OSPF routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router ospf 1   // 启用 OSPF 路由协议，进程号为1（可暂不理会进程号概念）
Router(config-router)#network 192.168.1.0 0.0.0.255 area 0   // 自治域0中的属于192.168.1.0/24网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#network 202.202.240.0 0.0.0.255 area 0   // 自治域0中的属于202.202.240.0/24网络的所有主机（反向掩码）参与 OSPF

Chongqing University router OSPF routing configuration:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#router ospf 1   // 启用 OSPF 路由协议，进程号为1
Router(config-router)#network 202.202.240.0 0.0.0.255 area 0   // 自治域0中的属于202.202.240.0/24网络的所有主机（反向掩码）参与 OSPF
Router(config-router)#network 8.8.8.0 0.0.0.255 area 0   // 自治域0中的属于8.8.8.0/24网络的所有主机（反向掩码）参与 OSPF

At this point, PC8 can definitely ping PC11.

2. Next, we will look at the routers of Chongqing University at the backbone routers in the Internet. Then these routers will not forward packets with internal/private IP addresses (discard them directly). We simulate this packet loss process by implementing an access control ACL on the router of Chongqing University, that is, discarding packets from Jiaotong University (private IP address).
The configuration of Chongqing University router packet loss:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#access-list 1 deny 192.168.1.0 0.0.0.255  // 创建 ACL 1，丢弃/不转发来自 192.168.1.0/24 网络的所有包
Router(config)#access-list 1 permit any  // 添加 ACL 1 的规则，转发其它所有网络的包
Router(config)#int s0/0   // 配置广域网口
Router(config-if)#ip access-group 1 in  // 在广域网口上对进来的包实施 ACL 1 中的规则，实际就是广域网口如果收到来自 192.168.1.0/24 IP的包即丢弃

Note: When the WAN port is configured above, there may be a problem of not being able to jump to config-if. The prompt is an invalid type and number. My solution is to change the command to

Router(config)#int Fa0/0   // 配置广域网口

At this time, the ping fails, and it shows that the destination host is unreachable.
3. Next, we will start to implement PAT. That is: we will convert the internal/private IP address to the external/public IP at the exit of the Jiaotong University router, so that the source IP of the packet will not be discarded by the Chongqing University router, so the network is connected.

PAT configuration of Jiaotong University router:

Router>en   // 从普通模式进入特权模式
Router#conf t   // 进入全局配置模式
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255  // 创建 ACL 1，允许来自 192.168.1.0/24 网络的所有包
Router(config)#ip nat inside source list 1 interface s0/0 overload  // 来自于 ACL 中的 IP 将在广域网口实施 PAT
Router(config)#int f0/0   // 配置以太网口
Router(config-if)#ip nat inside   // 配置以太网口为 PAT 的内部
Router(config)#int s0/0   // 配置广域网口
Router(config-if)#ip nat outside   // 配置广域网口为 PAT 的外部

You can ping

Virtual Local Area Network VLAN

1. Explanation: VLAN (Virtual Local Area Network) is a virtual local area network. By dividing VLAN, we can divide a physical network into multiple logical network segments, that is, multiple subnets.
2. Construct the corresponding topology diagram:

3. Below we divide the 24 100M interfaces of the switch into 3 parts, which are divided into 3 different VLANs, the id numbers are set to 10, 20, 30, and the alias (computer , Communication, electronic) to facilitate differentiation and management.

Switch VLAN configuration:

Switch>en
Switch#conf t
Switch(config)#vlan 10    // 创建 id 为 10 的 VLAN（缺省的，交换机所有接口都属于VLAN 1，不能使用）
Switch(config-vlan)#name computer    // 设置 VLAN 的别名
Switch(config-vlan)#exit
Switch(config)#int vlan 10    // 该 VLAN 为一个子网，设置其 IP，作为该子网网关
Switch(config-if)#ip address 192.168.0.1 255.255.255.0
Switch(config-if)#exit
Switch(config)#vlan 20    // 创建 id 为 20 的 VLAN
Switch(config-vlan)#name communication    //设置别名
Switch(config-vlan)#exit
Switch(config)#int vlan 20
Switch(config-if)#ip addr 192.168.1.1 255.255.255.0
Switch(config-if)#exit
Switch(config)#vlan 30    // 创建 id 为 20 的 VLAN
Switch(config-vlan)#name electronic    // 设置别名
Switch(config-vlan)#exit
Switch(config)#int vlan 30
Switch(config-if)#ip add 192.168.2.1 255.255.255.0
Switch(config-if)#exit
Switch(config)#int range f0/1-8    // 成组配置接口（1-8）
Switch(config-if-range)#switchport mode access    // 设置为存取模式
Switch(config-if-range)#switchport access vlan 10    // 划归到 VLAN 10 中
Switch(config-if-range)#exit
Switch(config)#int range f0/9-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#int range f0/17-24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#^Z
Switch#show vlan // 查看 VLAN 的划分情况

The network configuration of the PC under each VLAN and the connected switch interface are as follows:

4. The ping command test

found that only PCs in the same VLAN can communicate, and the broadcast is also limited to this VLAN.

Virtual LAN Management VTP

1. Explanation: VTP (VLAN Trunk Protocol) is the VLAN trunk protocol. VTP maintains the uniformity of VLAN configuration through ISL frames or Cisco proprietary DTP frames (refer to related materials for understanding). It is also known as virtual local area network trunk protocol, which is a Cisco proprietary protocol. VTP uniformly manages, adds, deletes, and adjusts VLANs, and automatically broadcasts information to other switches in the network.
2. Construct the corresponding topology diagram as follows:

3. We will perform the following work on the core switch 3560:

1), set to server mode, the VTP domain is cqjtu
2), create a new VLAN 2, network number 192.168.1.0/24, gateway 192.168.1.1
3), create a new VLAN 3, network number 192.168.2.0/24, gateway 192.168.2.1
Setting command:
3560 VTP Server configuration:

Switch>en
Switch#conf t
Switch(config)#hostname 3560    // 更改交换机名称（可选）
3560(config)#vtp domain cqjtu   // 设置 VTP 域名称为 cqjtu
3560(config)#vtp mode server    // 设置其为 VTP 服务器模式
3560(config)#vlan 2             // 新建VLAN 2
3560(config-vlan)#name computer // 设置 VLAN 2 的别名（可选）
3560(config-vlan)#exit
3560(config)#vlan 3             // 再建 VLAN 3
3560(config-vlan)#name communication    //设置 VLAN 2 的别名（可选）
3560(config-vlan)#exit
3560(config)#int vlan 2    // 配置接口 VLAN 2，它将是该子网（左边）的网关
3560(config-if)#ip address 192.168.1.1 255.255.255.0
3560(config-if)#exit
3560(config)#int vlan 3    // 配置接口 VLAN 3，它将是该子网（右边）的网关
3560(config-if)#ip address 192.168.2.1 255.255.255.0

We will perform the following work on the left switch 2960A:

1), join the VTP domain named cqjtu
2), configure the gigabit interface g0/1 connected to the core switch 3560 as trunk mode
3), divide the interface f0/1 into VLAN 2
4), divide the interface f0/2 Divided into VLAN 3
Setting command:
2960A (left) VTP Client configuration:

Switch>en
Switch#conf t
Switch(config)#hostname 2960A    // 更改交换机名称（可选）
2960A(config)#vtp domain cqjtu   // 加入名为 cqjtu 的 VTP 域
2960A(config)#vtp mode client    // 设置模式为 VTP 客户
2960A(config)#int g0/1    // 配置与核心交换机 3560 连接的 g0/1 千兆接口
2960A(config-if)#switchport mode trunk    // 设置该接口为中继（trunk）模式
2960A(config-if)#switchport trunk allowed vlan all  // 允许为所有的 VLAN 中继
2960A(config-if)#exit
2960A(config)#int f0/1    // 配置接口 1
2960A(config-if)#switchport mode access    // 设置该接口为正常访问模式
2960A(config-if)#switchport access vlan 2  // 将接口划分到 VLAN 2
2960A(config-if)#exit
2960A(config)#int f0/2    // 配置接口 2
2960A(config-if)#switchport mode access    // 设置该接口为正常访问模式
2960A(config-if)#switchport access vlan 3  // 将接口划分到 VLAN 3

We will do the same work on the right switch 2960B:

1), join the domain named cqjtu VTP
2), configure the gigabit interface g0/1 connected to the core switch 3560 as trunk mode
3), divide the interface f0/1 into VLAN 2
4), divide the interface f0/2 To
2960B (right side) in VLAN 3 VTP Client configuration:

Switch>en
Switch#conf t
Switch(config)#hostname 2960B    // 更改交换机名称（可选）
2960B(config)#vtp domain cqjtu   // 加入名为 cqjtu 的 VTP 域
2960B(config)#vtp mode client    // 设置模式为 VTP 客户
2960B(config)#int g0/1    // 配置与核心交换机 3560 连接的 g0/1 千兆接口
2960B(config-if)#switchport mode trunk    // 设置该接口为中继（trunk）模式
2960B(config-if)#switchport trunk allowed vlan all  // 允许为所有的 VLAN 中继
2960B(config-if)#exit
2960B(config)#int f0/1    // 配置接口 1
2960B(config-if)#switchport mode access    // 设置该接口为正常访问模式
2960B(config-if)#switchport access vlan 2  // 将接口划分到 VLAN 2
2960B(config-if)#exit
2960B(config)#int f0/2    // 配置接口 2
2960B(config-if)#switchport mode access    // 设置该接口为正常访问模式
2960B(config-if)#switchport access vlan 3  // 将接口划分到 VLAN 3

The switches, interfaces and network configurations connected to each PC are as follows:

4. The ping command test

does not ping through

Communication between VLANs

1. Explanation: VTP only provides convenience for us to divide and manage VLANs. According to the above test, we still cannot communicate between VLANs at present.
Because by default, communication between VLANs is not allowed. At this time, we need a so-called one-armed router to forward it between VLANs!
2. 3560 switch configuration:

3560>en
3560#conf t
3560(config)#int g0/1    // 配置连接左边 2960A 交换机的接口
3560(config-if)#switchport trunk encapsulation dot1q    // 封装 VLAN 协议
3560(config-if)#switchport mode trunk     // 设置为中继模式
3560(config-if)#switchport trunk allowed vlan all     // 在所有 VLAN 间转发
3560(config-if)#exit
3560(config)#int g0/2    // 配置连接右边 2960B 交换机的接口
3560(config-if)#switchport trunk encapsulation dot1q    //封装 VLAN 协议
3560(config-if)#switchport mode trunk     // 设置为中继模式
3560(config-if)#switchport trunk allowed vlan all     // 在所有 VLAN 间转发
3560(config-if)#exit
3560(config)#ip routing    // 启用路由转发功能

3. Ping command test