Network Engineering Networking Comprehensive Experiment - Campus Network Construction (Link Aggregation, PAT, Extended ACL, Dynamic Routing)

Network Topology

 

1. Device IP address planning

device name	management address	subnet mask	Belonging VLAN
Administration Building Aggregation Switch	172.16.1.250	255.255.255.0	VLAN 1
Access switch on the 1st floor of the administrative building	172.16.1.1	255.255.255.0	VLAN 1
Access switch on the 2nd floor of the administrative building	172.16.1.2	255.255.255.0	VLAN 1
Teaching building aggregation switch	172.16.1.251	255.255.255.0	VLAN 1
Access switch on the 1st floor of the teaching building	172.16.1.3	255.255.255.0	VLAN 1
Access switch on the 2nd floor of the teaching building	172.16.1.4	255.255.255.0	VLAN 1
Student Dormitory Aggregation Switch	172.16.1.252	255.255.255.0	VLAN 1
Access switch on the 1st floor of the student dormitory	172.16.1.5	255.255.255.0	VLAN 1
Access switch on the 2nd floor of the student dormitory	172.16.1.6	255.255.255.0	VLAN 1
Server Aggregation Switch	172.16.1.253	255.255.255.0	VLAN 1
Campus network core switch	172.16.1.254	255.255.255.0	VLAN 1

2. Terminal access IP address planning

area	IP address segment	subnet mask	gateway
Administration Building Area 1	192.168.10.0/24	255.255.255.0	192.168.10.254
Administration Building Area 2	192.168.20.0/24	255.255.255.0	192.168.20.254
teaching building	192.168.30.0/24	255.255.255.0	192.168.30.254
Student Dormitory 1	192.168.40.0/24	255.255.255.0	192.168.40.254
Student Dormitory 2	192.168.50.0/24	255.255.255.0	192.168.50.254
Computer room server	192.168.200.0/24	255.255.255.0	192.168.200.254

3. VLAN division

network segment name	VLAN name	VLAN ID	address range	gateway
Administrative building area 1 network segment	VLAN10	VLAN 10	192.168.10.0/24	192.168.10.254
Administrative building area 2 network segment	VLAN20	VLAN 20	192.168.20.0/24	192.168.20.254
Teaching building network segment	VLAN30	VLAN 30	192.168.30.0/24	192.168.30.254
Student dormitory 1 network segment	VLAN40	VLAN 40	192.168.40.0/24	192.168.40.254
Student dormitory 2 network segment	VLAN50	VLAN 50	192.168.50.0/24	192.168.50.254
Computer room server network segment	VLAN200	VLAN 200	192.168.200.0/24	192.168.200.254

4. Access layer configuration

(1) The 1st and 2nd floors of the administrative building are divided into area 1 and area 2, so the switch on each floor needs to be divided into two VLANs, namely VLAN 10 and VLAN 20, and f 0/1~ f 0/12 is assigned to VLAN 10, and f 0/13~f 0/24 are assigned to VLAN 20. The port connected to the aggregation switch on each floor switch needs to be set to tag mode.

(2) All terminals in the teaching building need to be assigned to the same VLAN, that is, VLAN 30, so f 0/1~f 0/24 of the switches on the 1st and 2nd floors are all assigned to VLAN 30. The port connected to the aggregation switch on each floor switch needs to be set to Tag (trunk) mode.

(3) A VLAN is set up on each floor of the student dormitory (the first floor and the second floor use VLAN40 and VLAN50 respectively), and the access switch of each floor is placed in the corresponding VLAN. The port connected to the aggregation switch on each floor switch needs to be set to tag mode.

(4) All servers in the network management room need to be assigned to the same VLAN, that is, VLAN 200. Three servers are connected, that is, the DNS server is connected to gig 9/1 port, the FTP server is connected to gig 8/1 port, and the WWW server Connect to the gig 7/1 port.

5. Convergence layer configuration

(1) Configuration of the aggregation switch in the administrative building: VLANs are divided on the access switches on the first and second floors of the administrative building, and the uplink port of the access switch has been set to Tag mode, so the corresponding downlink port of the aggregation switch in the administrative building needs to be Ports gig 9/1 and gig 8/1 are configured as tag ports. At the same time, to ensure link backup, configure the gig 7/1 port and gig 6/1 port of the uplink port and the gig 1/0/2 port and gig 1/0/3 port of the "campus network core switch" as tag ports , and set the two as a link aggregation port port-channel 4. It is also necessary to create corresponding VLANs on the aggregation switch of the administrative building, that is, VLAN 10 and VLAN 20

(2) Configuration of the aggregation switch in the teaching building: Configure the corresponding downlink ports gig 8/1 and gig 9/1 of the aggregation switch in the teaching building as Tag ports. At the same time, since the teaching building needs video surveillance for teaching supervision, the required channel is relatively wide, so the gig 1/0/ 4. Configure gig 1/0/5 and gig 1/0/6 ports as Tag ports, and set the three as a link aggregation aggregation port port-channel 1. In addition, in the teaching building

Create VLAN 30 on the aggregation switch.

(3) Configuration of the aggregation switch in the student dormitory: Configure the corresponding downlink ports gig 0/1 and gig 1/1 of the aggregation switch in the student dormitory as Tag ports. Due to the large number of users in the student dormitory, the large number of services, and the large traffic, the channels need to be wide. Configure gig 1/0/8 and gig 1/0/9 as tag ports, and set them as a link aggregation port port-channel 2. In addition, VLAN 40 and VLAN 50 must be created on the aggregation switch of the teaching building.

(4) Switch configuration in the network management computer room: the switch in the network management computer room does not have an aggregation switch, and is directly connected to the core switch of the campus network through the access switch. Configure the uplink ports gig 5/1 and gig 6/1 of the server access switch in the network management room and the ports of gig 1/0/10 and gig 1/0/11 of the "campus network core switch" as Tag ports, and set the three Or set it to a link aggregation port port-channel 3. In addition, VLAN 200 must be created on the server access switch in the network management computer room.

6. Core layer configuration

(1) Link aggregation of the campus core switch: 4 groups of aggregation ports need to be set on the "campus network core switch", that is, gig1/0/2 and gig1/0/3 are combined into an aggregation port 4 corresponding to the "administrative building aggregation switch" ", gig1/0/4, gig1/0/5, and gig1/0/6 are combined into an aggregation port 1 corresponding to the "teaching building aggregation switch", and gig1/0/7, gig1/0/8, and gig1/0/9 Combining aggregation port 2 corresponds to the "student dormitory aggregation switch", and combining gig1/0/10 and gig1/0/11 into aggregation port 3 corresponds to the "network management computer room server aggregation switch".

(2) VLAN and routing functions of the campus network core switch: According to the VLAN setting of the front access layer switch, the corresponding VLAN 10, VLAN 20, VLAN 30, VLAN 40, and VLAN 50 need to be set and opened on the "campus network core switch" , VLAN 200. And configure the corresponding virtual port IP address and subnet mask to provide a gateway for the access terminal, and finally open the routing function of the "campus network core switch" to provide the routing capability of the entire campus network. Use ip routing to enable the routing function.

(3) Configure its DHCP function on the core switch of the campus network so that it can provide DHCP services for each subnet in the campus network except the server area. Note that the first few IP addresses of each subnet are excluded for use.

(4) Experimental verification results: each PC of the terminal can ping each other.

6. Core layer configuration

(1) Link aggregation of the campus core switch: 4 groups of aggregation ports need to be set on the "campus network core switch", that is, gig1/0/2 and gig1/0/3 are combined into an aggregation port 4 corresponding to the "administrative building aggregation switch" ", gig1/0/4, gig1/0/5, and gig1/0/6 are combined into an aggregation port 1 corresponding to the "teaching building aggregation switch", and gig1/0/7, gig1/0/8, and gig1/0/9 Combining aggregation port 2 corresponds to the "student dormitory aggregation switch", and combining gig1/0/10 and gig1/0/11 into aggregation port 3 corresponds to the "network management computer room server aggregation switch".

(2) VLAN and routing functions of the campus network core switch: According to the VLAN setting of the front access layer switch, the corresponding VLAN 10, VLAN 20, VLAN 30, VLAN 40, and VLAN 50 need to be set and opened on the "campus network core switch" , VLAN 200. And configure the corresponding virtual port IP address and subnet mask to provide a gateway for the access terminal, and finally open the routing function of the "campus network core switch" to provide the routing capability of the entire campus network. Use ip routing to enable the routing function.

(3) Configure its DHCP function on the core switch of the campus network so that it can provide DHCP services for each subnet in the campus network except the server area. Note that the first few IP addresses of each subnet are excluded for use.

(4) Experimental verification results: each PC of the terminal can ping each other.

 

 

7. Campus network egress router configuration

(1) According to the aforementioned IP address planning, it is assumed that the school has leased two IP addresses (210.28.180.100 and 210.28.180.200) in the 210.28.180.0/24 subnet from the Internet service provider ISP.

(2) The g0/1 port of the campus network exit router uses 210.28.180.10/24, while the external network router g0/0 port uses 210.28.180.20/24. For related IP address configuration, refer to the configuration in the topology diagram.

(3) Configure dynamic routing protocols: configure dynamic routing protocols on core switches; configure dynamic routing protocols on campus network egress routers; configure dynamic routing protocols on external network routers.

[The effect picture is as follows]:

PC23 on the first floor of the intranet administration can access the web server of the external network

 

8. The overall configuration of the campus network

Carry out automatic configuration of dynamic network parameters of terminals in the campus network, switch spanning tree configuration, exit router NAT configuration, and configuration of WWW server and DNS server, so as to realize the normal operation of the campus network and achieve proper isolation from the external network.

1. PAT configuration of the exit router: The PAT configuration of the exit router of the campus network is mainly to complete the establishment of the exit address pool, so that the internal terminal application can use the 210.28.180.100 and 210.28.180.200 addresses that are assumed to be rented from the ISP, and all intranet addresses are converted to The external network address of 210.28.180.100 maps the port 80 of the web server of the campus network to the port 80 of the external address 210.28.180.200 through port mapping, so that the server of the campus network can be accessed by the external network.

[The effect picture is as follows]:

pc23ping external network server on the first floor of administration

 

Mapping occurs on the campus network egress router

Teaching building pc6ping external network server

Intranet web server pings external network web server

And the intranet web server can access the extranet web server

The external network can ping the intranet server, but cannot access the intranet web server

After configuring PAT, the external network can access the intranet server through 210.28.180.200

The intranet can also access the web server of the external network, and map its own IP to 210.28.180.200:80 to ensure certain security

1. Use the extended IP ACL on the core switch to prohibit student dormitory 1 from accessing the FTP server on the campus network, and prohibit student dormitory 2 from accessing the web server on the campus network.

[The effect picture is as follows]:

Before configuration:

Student dormitory 1 (pc8) can access the FTP server, and student dormitory 2 (pc10) can access the campus network web server

 

 

After configuration:

Student dormitory 1 (pc8) cannot access the FTP server, but can ping; student dormitory 2 (pc10, pc11) cannot access the campus network web server, but can also ping

Moreover, pc8 and pc10 can normally access the web server and FTP server respectively.

1. Campus network spanning tree protocol configuration: In practical applications, in order to prevent loops, it is necessary to enable the spanning tree protocol on each switch. Convert STP protocol to RSTP protocol.

 

9. Specific configuration

The privileged user mode passwords of routers, Layer 3 switches, and Layer 2 switches are uniformly set to 11111

Configure the power-on password:

xz1>en

xz1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

xz1(config)#line c

xz1(config)#line console 0

xz1(config-line)#pas

xz1(config-line)#password 111111

xz1(config-line)#login

xz1(config-line)#exit

Configure the remote login password:

xz1(config)#

xz1(config)#line vty 0 4

xz1(config-line)#pas

xz1(config-line)#password 111111

xz1(config-line)#login

xz1(config-line)#end

xz1#

Configure the privileged mode password:

(Set the plaintext password to 111111)

xz1(config)#en

xz1(config)#ena

xz1(config)#enable pass

xz1(config)#enable password 111111

1. The VLAN configuration on the access switch on the first floor of the administrative building is as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname xz1

xz1(config)#int vlan 10

xz1(config-if)#ip add 192.168.10.254 255.255.255.0

xz1(config-if)#no shut

xz1(config-if)#exit

xz1(config)#int vlan 20

xz1(config-if)#ip add 192.168.20.254 255.255.255.0

xz1(config-if)#no shut

xz1(config-if)#exit

xz1(config)#int f0/1

xz1(config-if)#sw mo acc

xz1(config-if)#sw acc vlan 10

xz1(config-if)#exit

xz1(config)#int f0/13

xz1(config-if)#sw mo acc

xz1(config-if)#sw acc vlan 20

xz1(config-if)#exit

xz1(config)#int g0/1

xz1(config-if)#sw mo tr

xz1(config-if)#sw mo trunk

xz1(config-if)#end

1. The VLAN configuration on the access switch on the second floor of the administrative building is as follows

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname xz2

xz2(config)#int vlan 10

xz2(config-if)#ip add 192.168.10.254 255.255.255.0

xz2(config-if)#no shut

xz2(config-if)#exit

xz2(config)#int vlan 20

xz2(config-if)#ip add 192.168.20.254 255.255.255.0

xz2(config-if)#no shut

xz2(config-if)#exit

xz2(config)#int f0/1

xz2(config-if)#sw mo acc

xz2(config-if)#sw acc vlan 10

xz2(config-if)#exit

xz2(config)#int f0/13

xz2(config-if)#sw mo acc

xz2(config-if)#sw acc vlan 20

xz2(config-if)#exit

xz2(config)#int g0/1

xz2(config-if)#sw mo tr

xz2(config-if)#sw mo trunk

xz2(config-if)#end

1. The VLAN configuration on the access switch on the first floor of the teaching building is as follows

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname jx1

jx1(config)#int vlan 30

jx1(config-if)#ip add 192.168.30.254 255.255.255.0

jx1(config-if)#no shut

jx1(config-if)#exit

jx1(config)#int range f0/1-2

jx1(config-if-range)#sw mo acc

jx1(config-if-range)#sw acc vlan 30

jx1(config-if-range)#exit

jx1(config)#int g0/1

jx1(config-if)#sw mo tr

jx1(config-if)#sw mo trunk

jx1(config-if)#end

jx1#

1. The VLAN configuration on the access switch on the 2nd floor of the teaching building is as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname jx2

jx2(config)#int vlan 30

jx2(config-if)#ip add 192.168.30.254 255.255.255.0

jx2(config-if)#no shut

jx2(config-if)#exit

jx2(config)#int range f0/1-2

jx2(config-if-range)#sw mo acc

jx2(config-if-range)#sw acc vlan 30

jx2(config-if-range)#exit

jx2(config)#int g0/1

jx2(config-if)#sw mo tr

jx2(config-if)#end

jx2#

1. The VLAN configuration on the access switch on the first floor of the student dormitory building is as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname ss1

ss1(config)#int vlan 40

ss1(config-if)#ip add 192.168.40.254 255.255.255.0

ss1(config-if)#no shut

ss1(config-if)#exit

ss1(config)#int range f0/1-2

ss1(config-if-range)#sw mo acc

ss1(config-if-range)#sw acc vlan 40

ss1(config-if-range)#exit

ss1(config)#int g0/1

ss1(config-if)#sw mo tr

ss1(config-if)#sw mo trunk

ss1(config-if)#end

ss1#

1. The VLAN configuration on the access switch on the second floor of the student dormitory building is as follows

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname ss2

ss2(config)#int vlan 50

ss2(config-if)#ip add 192.168.50.254 255.255.255.0

ss2(config-if)#no shut

ss2(config-if)#exit

ss2(config)#int range f0/1-2

ss2(config-if-range)#sw mo acc

ss2(config-if-range)#sw acc vlan 50

ss2(config-if-range)#exit

ss2(config)#int g0/1

ss2(config-if)#sw mo trunk

ss2(config-if)#end

ss2#

1. The VLAN configuration of the server in the network management room connected to the switch is as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname jifang

jifang(config)#int vlan 200

jifang(config-if)#ip add 192.168.200.254 255.255.255.0

jifang(config-if)#no shut

jifang(config-if)#exit

jifang(config)#int range g9/1,g8/1,g7/1

jifang(config-if-range)#sw mo acc

jifang(config-if-range)#sw acc vlan 200

jifang(config-if-range)#exit

1. The VLAN settings and link aggregation of the aggregation switch in the administrative building are as follows

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname xzhj

xzhj(config)#int vlan 10

xzhj(config-if)#ip add 192.168.10.254 255.255.255.0

xzhj(config-if)#no shut

xzhj(config-if)#exit

xzhj(config)#int vlan 20

xzhj(config-if)#ip add 192.168.20.254 255.255.255.0

xzhj(config-if)#no shut

xzhj(config-if)#exit

xzhj(config)#int range g9/1,g8/1

xzhj(config-if-range)#sw mo tr

xzhj(config-if-range)#sw mo trunk

xzhj(config-if-range)#exit

xzhj(config)#int range g6/1,g7/1

xzhj(config-if-range)#sw mo trunk

xzhj(config-if-range)#channel-g

xzhj(config-if-range)#channel-group 4 mode on

xzhj(config-if-range)#end

xzhj#

1. The VLAN settings and link aggregation of the aggregation switch in the teaching building are as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname jxhj

jxhj(config)#int vlan 30

jxhj(config-if)#ip add 192.168.30.254 255.255.255.0

jxhj(config-if)#no shut

jxhj(config-if)#exit

jxhj(config)#int range g8/1,g9/1

jxhj(config-if-range)#sw mo tr

jxhj(config-if-range)#sw mo trunk

jxhj(config-if-range)#exit

jxhj(config)#int range g5/1,g6/1,g7/1

jxhj(config-if-range)#sw mo tr

jxhj(config-if-range)#sw mo trunk

jxhj(config-if-range)#channel-g

jxhj(config-if-range)#channel-group 1 mode on

jxhj(config-if-range)#end

jxhj#

1. The VLAN settings and link aggregation of the aggregation switch in the student dormitory are as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname sshj

sshj(config)#int vlan 40

sshj(config-if)#ip add 192.168.40.254 255.255.255.0

sshj(config-if)#no shut

sshj(config-if)#exit

sshj(config)#int vlan 50

sshj(config-if)#ip add 192.168.50.254 255.255.255.0

sshj(config-if)#no shut

sshj(config-if)#exit

sshj(config)#int range g8/1,g9/1

sshj(config-if-range)#sw mo tr

sshj(config-if-range)#sw mo trunk

sshj(config-if-range)#exit

sshj(config)#int range g5/1,g6/1,g7/1

sshj(config-if-range)#sw mo trunk

sshj(config-if-range)#channel-g

sshj(config-if-range)#channel-group 2 mode on

sshj(config-if-range)#end

sshj#

1. The VLAN settings and link aggregation of the server access switch in the network management room are as follows

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname jifang

jifang(config)#int vlan 200

jifang(config-if)#ip add 192.168.200.254 255.255.255.0

jifang(config-if)#no shut

jifang(config-if)#exit

jifang(config)#int range g9/1,g8/1,g7/1

jifang(config-if-range)#sw mo acc

jifang(config-if-range)#sw acc vlan 200

jifang(config-if-range)#exit

jifang(config)#int range g5/1,g6/1

jifang(config-if-range)#sw mo trunk

jifang(config-if-range)#channel-g

jifang(config-if-range)#channel-group 3 mode on

jifang(config-if-range)#end

jifang#

1. The campus network core switch link aggregation configuration is as follows

Switch(config)#

Switch(config)#int range g1/0/4,g1/0/5,g1/0/6

Switch(config-if-range)#channel-g

Switch(config-if-range)#channel-group 1 mode on

Switch(config-if-range)#exit

Switch(config)#int range g1/0/7,g1/0/8,g1/0/9

Switch(config-if-range)#channel-group 2 mode on

Switch(config-if-range)#exit

Switch(config)#int range g1/0/10,g1/0/11

Switch(config-if-range)#channel-group 3 mode on

Switch(config-if-range)#exit

Switch(config)#int range g1/0/2,g1/0/3

Switch(config-if-range)#channel-group 4 mode on

Switch(config-if-range)#exit

Switch(config)#end

Switch#

1. The VLAN and routing functions of the campus network core switch are configured as follows

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int vlan 10

Switch(config-if)#ip add 192.168.10.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#ip add 192.168.20.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 30

Switch(config-if)#ip add 192.168.30.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 40

Switch(config-if)#ip add 192.168.40.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 50

Switch(config-if)#ip add 192.168.50.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 200

Switch(config-if)#ip add 192.168.200.254 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#int vlan 300

Switch(config-if)#ip add 192.168.1.1 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#ip routing

Switch(config)#

1. The DHCP configuration of the campus network core switch is as follows

Switch#

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#service dhcp

Switch(config)#ip dhcp pool vlan10

Switch(dhcp-config)#network 192.168.10.0 255.255.255.0

Switch(dhcp-config)#dns

Switch(dhcp-config)#dns-server 192.168.200.11

Switch(dhcp-config)#def

Switch(dhcp-config)#default-router 192.168.10.254

Switch(dhcp-config)#exit

Switch(config)#ip dhcp pool vlan20

Switch(dhcp-config)#ipinetwork 192.168.20.0 255.255.255.0

Switch(dhcp-config)#dn

Switch(dhcp-config)#dns-server 192.168.200.11

Switch(dhcp-config)#de

Switch(dhcp-config)#default-router 192.168.20.254

Switch(dhcp-config)#exit

Switch(config)#ip dhcp pool vlan30

Switch(dhcp-config)#network 192.168.30.0 255.255.255.0

Switch(dhcp-config)#dns

Switch(dhcp-config)#dns-server 192.168.200.11

Switch(dhcp-config)#def

Switch(dhcp-config)#default-router 192.168.30.254

Switch(dhcp-config)#exit

Switch(config)#ip dhcp pool vlan40

Switch(dhcp-config)#network 192.168.40.0 255.255.255.0

Switch(dhcp-config)#dns

Switch(dhcp-config)#dns-server 192.168.200.11

Switch(dhcp-config)#def

Switch(dhcp-config)#default-router 192.168.40.254

Switch(dhcp-config)#exit

Switch(config)#ip dhcp pool vlan50

Switch(dhcp-config)#network 192.168.50.0 255.255.255.0

Switch(dhcp-config)#dns

Switch(dhcp-config)#dns-server 192.168.200.11

Switch(dhcp-config)#def

Switch(dhcp-config)#default-router 192.168.50.254

Switch(dhcp-config)#exit

Switch(config)#ip dhcp e

Switch(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10

Switch(config)#ip dhcp excluded-address 192.168.10.254 192.168.10.254

Switch(config)#ip dhcp excluded-address 192.168.20.1 192.168.20.21

Switch(config)#ip dhcp excluded-address 192.168.20.254 192.168.20.254

Switch(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.32

Switch(config)#ip dhcp excluded-address 192.168.30.254 192.168.30.254

Switch(config)#ip dhcp excluded-address 192.168.40.1 192.168.40.43

Switch(config)#ip dhcp excluded-address 192.168.40.254 192.168.40.254

Switch(config)#ip dhcp excluded-address 192.168.50.1 192.168.50.54

Switch(config)#ip dhcp excluded-address 192.168.50.254 192.168.50.254

Switch(config)#end

Switch#

1. The campus network egress router interface configuration is as follows

Router>

Router>and

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname out

out(config)#int g0/0

out(config-if)#ip add 192.168.1.2 255.255.255.0

out(config-if)#no shut

out(config-if)#exit

out(config)#int g0/1

out(config-if)#ip add 210.28.180.10 255.255.255.0

out(config-if)#no shut

out(config-if)#exit

out(config)#

out#

1. The external network router interface configuration is as follows

Router>

Router>and

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname outside

outside(config)#int g0/0

outside(config-if)#ip add 210.28.180.20 255.255.255.0

outside(config-if)#no shut

outside(config-if)#exit

outside(config)#int g0/1

outside(config-if)#ip add 10.10.10.1 255.255.255.0

outside(config-if)#no shut

outside(config-if)#exit

outside(config)#

1. Configure a dynamic routing protocol on the core switch of the campus network

Switch>

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#router rip

Switch(config-router)#v 2

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#network 192.168.40.0

Switch(config-router)#network 192.168.50.0

Switch(config-router)#network 192.168.200.0

Switch(config-router)#network 192.168.1.0

Switch(config-router)#network 210.28.180.0

Switch(config-router)#network 10.10.10.0

Switch(config-router)#end

Switch#

1. Configure a dynamic routing protocol on the egress router of the campus network

out#

out#conf t

Enter configuration commands, one per line. End with CNTL/Z.

out(config)#router rip

out(config-router)#v 2

out(config-router)#network 192.168.1.0

out(config-router)#network 210.28.180.0

out(config-router)#end

out#

1. Configuring Dynamic Routing Protocols on Extranet Routers

outside(config)#

outside(config)#router rip

outside(config-router)#v 2

outside(config-router)#network 210.28.180.0

outside(config-router)#network 10.10.10.0

outside(config-router)#end

outside#

1. Configure PAT on the egress router of the campus network

out#

out#en

out#conf t

Enter configuration commands, one per line. End with CNTL/Z.

out(config)#int g0/0

out(config-if)#ip nat inside

out(config-if)#exit

out(config)#int g0/1

out(config-if)#ip nat outside

out(config-if)#exit

out(config)#ip nat pool test 210.28.180.100 210.28.180.100 netmask 255.255.255.0

out(config)#ip nat in

out(config)#ip nat inside source list 10 pool test overload

out(config)#access-list 10 permit 192.168.10.0 0.0.0.255

out(config)#ip nat inside source list 20 pool test overload

out(config)#access-list 20 permit 192.168.20.0 0.0.0.255

out(config)#ip nat inside source list 30 pool test overload

out(config)#access-list 30 permit 192.168.30.0 0.0.0.255

out(config)#ip nat inside source list 40 pool test overload

out(config)#access-list 40 permit 192.168.40.0 0.0.0.255

out(config)#ip nat inside source list 50 pool test overload

out(config)#access-list 50 permit 192.168.50.0 0.0.0.255

// Configure the external network to only access the campus network web server through 210.28.180.200

out(config)#ip nat inside source static tcp 192.168.200.33 80 210.28.180.200 80

out(config)#end

out#

1. Configure the ACL of the extended IP on the core switch

Switch#

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#access-list 110 deny tcp 192.168.40.0 0.0.0.255 host 192.168.200.22 eq 20

Switch(config)#access-list 110 deny tcp 192.168.40.0 0.0.0.255 host 192.168.200.22 eq 21

Switch(config)#access-list 110 deny tcp 192.168.50.0 0.0.0.255 host 192.168.200.33 eq 80

Switch(config)#access-list 110 deny tcp 192.168.50.0 0.0.0.255 host 192.168.200.33 eq 443

Switch(config)#access-list 110 permit ip any any

Switch(config)#int vlan 200

Switch(config-if)#ip access-group 110 out

Switch(config-if)#end

Switch#

1. The spanning tree protocol configuration of all switches is as follows

A. Open the rapid spanning tree protocol on the access switch on the first floor of the administrative building

xz1(config)#sp

xz1(config)#spanning-tree mode ra

xz1(config)#spanning-tree mode rapid-pvst

xz1(config)#end

xz1#

B. Open the rapid spanning tree protocol on the access switch on the second floor of the administrative building

xz2(config)#spa

xz2(config)#spanning-tree mode ra

xz2(config)#spanning-tree mode rapid-pvst

xz2(config)#end

xz2#

C. Open the rapid spanning tree protocol on the aggregation switch of the administrative building

xzhj(config)#sp

xzhj(config)#spanning-tree mode ra

xzhj(config)#spanning-tree mode rapid-pvst

xzhj(config)#end

xzhj#

D. Open the rapid spanning tree protocol on the access switch on the first floor of the teaching building

jx1(config)#sp

jx1(config)#spanning-tree mode ra

jx1(config)#spanning-tree mode rapid-pvst

jx1(config)#end

jx1#

E. Open the rapid spanning tree protocol on the access switch on the 2nd floor of the teaching building

jx2(config)#sp

jx2(config)#spanning-tree mode ra

jx2(config)#spanning-tree mode rapid-pvst

jx2(config)#end

jx2#

F. Open the rapid spanning tree protocol on the aggregation switch of the teaching building

jxhj(config)#sp

jxhj(config)#spanning-tree mode ra

jxhj(config)#spanning-tree mode rapid-pvst

jxhj(config)#end

jxhj#

G. Open the rapid spanning tree protocol on the access switch on the first floor of the student dormitory

ss1(config)#sp

ss1(config)#spanning-tree mode ra

ss1(config)#spanning-tree mode rapid-pvst

ss1(config)#end

ss1#

H. Open the rapid spanning tree protocol on the access switch on the 2nd floor of the student dormitory

ss2(config)#sp

ss2(config)#spanning-tree mode ra

ss2(config)#spanning-tree mode rapid-pvst

ss2(config)#end

ss2#

I. Turn on the rapid spanning tree protocol on the aggregation switch of the student dormitory

sshj(config)#sp

sshj(config)#spanning-tree mode ra

sshj(config)#spanning-tree mode rapid-pvst

sshj(config)#end

sshj#

J. Open the rapid spanning tree protocol when the server in the network management room is connected to the switch

jifang(config)#sp

jifang(config)#spanning-tree mode ra

jifang(config)#spanning-tree mode rapid-pvst

jifang(config)#end

jifang#

write memory