Computer Network Course Design Content
Experimental requirements:
1. The two interfaces where the ISP is located are public IP addresses within the public network range; 1.1.1.0/24 represents the entire Internet
2. The public network is a private LAN, and the IP address uses a private IP address, which is customized
3. PC1-PC3 obtains IP addresses through DHCP; PC1 and HTTP are in VLAN2, PC2 and PC3 are in VLAN3
4. The ISP router can only configure the IP address, and no other configurations can be performed afterwards
5. Only PC3 in the whole network can log in to the AR2 router with TELNET
6. PC1-PC3 can access PC4 in the Internet; PC4 can access the http server through the domain name www.waishi.com
Project work title: Efficient Campus Network Design and Implementation
1. Design purpose
Through the design and scheme design of a large-scale campus network, students will be able to independently complete network topology design, network equipment commissioning, installation and optimization after the internship. After completing the project, students can achieve the following goals:
1. Master the process design and document writing of engineering projects.
2. Master the operation methods of network equipment and tools, and be familiar with the use of routing and switching equipment.
3. Master the basic commands of network engineering and how to use common controls.
4. Master the methods of connecting, accessing, and operating remote protocols.
5. Familiar with the principles and methods of network security and enterprise network security technology.
6. Understand the design-planning-needs analysis-network design-completion process of project development, and master the technology of project analysis, design and development. To enable each student to participate in the practical exercises of the project, so as to cultivate students' ability to work independently, so that students can get comprehensive training and improvement.
2. The meaning of topic selection
With the growth of school teaching and online applications of students in a certain university, the campus network has connected nearly 70 buildings in the whole school with optical fibers, covering 90% of teaching office spaces and 75% of student dormitories. There are more than 20,000 network ports in total, of which more than 12,000 wiring ports are connected to network devices, and more than 6,000 computers are connected to it, and there are about 6,000 fixed registered users. The original network equipment can no longer meet the network applications in the new environment, so the school decided to re-plan the construction of the campus network, and put forward the following requirements:
to adapt to the school's network characteristics: a large number of users, complex network applications, cannot To limit the behavior of network users, network problems can only be solved on network equipment;
to be able to meet the requirements of light load: low load, high bandwidth, the simplest and most effective;
to have advanced technology: support wire-speed forwarding, with high-density 10 Gigabit ports, the core equipment supports backplane design above T level, and the hardware realizes ACL, QoS, multicast and other functions; it
must be stable and reliable: ensure the stability and reliability of the physical layer, link layer, network layer, and virus environment;
Robust security: Virus and attack protection, user access control, and routing protocol security are implemented without sacrificing network performance; easy management:
network topology discovery, centralized management of network devices, performance monitoring and early warning, The ability to classify and view management events;
to achieve elastic expansion: including backplane bandwidth, switching capacity, forwarding capability, port density, and service capability scalability.
3. Design Description
1. Display of network topology design structure
2. Device topology decomposition, device command display
(1) Switch LSW1 configuration
<Huawei>sys
[Huawei]sysname sw1
[sw1]undo info center en
[sw1]vlan batch 2 to 3
//e0/0/1 is set as the access interface
[sw1]interface e0/0/1
[sw1-Ethernet0/0/1]port link-type access
[sw1-Ethernet0/0/1]port default vlan 2
[sw1-Ethernet0/0/1]quit
//e0/0/2 is set as access interface
[sw1]interface e0/0/2
[sw1-Ethernet0/0/2]port link-type access
[sw1-Ethernet0/0/2]port default vlan 3
[sw1-Ethernet0/0/2]quit
//e0/0/3 is set as the trunk interface
[sw1]interface e0/0/3
[sw1-Ethernet0/0/3]port link-type trunk
[sw1-Ethernet0/0/3]port trunk allow-pass vlan all
[sw1-Ethernet0/0/3]quit
(2) Switch LSW2 configuration
[Huawei]sysname sw2
[sw2]vlan batch 2 to 3
//e0/0/1 is set as the access interface
[sw2]interface e0/0/1
[sw2-Ethernet0/0/1]port link-type access
[sw2-Ethernet0/0/1]port default vlan 2
[sw2-Ethernet0/0/1]quit
//e0/0/2 is set as access interface
[sw2]interface e0/0/2
[sw2-Ethernet0/0/2]port link-type access
[sw2-Ethernet0/0/2]port default vlan 3
[sw2-Ethernet0/0/2]quit
//e0/0/3 is set as the trunk interface
[sw2]interface e0/0/3
[sw2-Ethernet0/0/3]port link-type trunk
[sw2-Ethernet0/0/3]port trunk allow-pass vlan all
[sw2-Ethernet0/0/3]quit
(3) Router AR1 configuration
<Huawei>sys
[Huawei]sysname r1
[r1]interface g0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[r1-GigabitEthernet0/0/1]quit
[r1]interface g0/0/2
[r1-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[r1-GigabitEthernet0/0/2]quit
[r1]dhcp enable //Enable DHCP service
// configure subinterface
[r1]interface g0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global //Huawei dhcp service also needs to be enabled on each interface
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2 //Define management vlan
[r1-GigabitEthernet0/0/0.1]ip address 192.168.6.1 24
[r1-GigabitEthernet0/0/0.1]arp broadcast enable //The default Huawei sub-interface does not have the arp function, which needs to be enabled
[r1-GigabitEthernet0/0/0.1]quit
[r1]interface g0/0/0.2
[r1-GigabitEthernet0/0/0.2]dhcp select global //Huawei dhcp service also needs to be enabled on each interface
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3 //Define management vlan
[r1-GigabitEthernet0/0/0.2]ip address 192.168.7.1 24
[r1-GigabitEthernet0/0/0.2]arp broadcast enable //The default Huawei sub-interface does not have the arp function, which needs to be enabled
[r1-GigabitEthernet0/0/0.2]quit
//create pond
[r1]ip pool a
[r1-ip-pool-a]network 192.168.6.0 mask 24
[r1-ip-pool-a]gateway-list 192.168.6.1
[r1-ip-pool-a]dns-list 1.1.1.10
[r1-ip-pool-a]quit
[r1]ip pool b
[r1-ip-pool-b]network 192.168.7.0 mask 24
[r1-ip-pool-b]gateway-list 192.168.7.1
[r1-ip-pool-b]dns-list 1.1.1.10
[r1-ip-pool-b]quit
//Configure the routing table
[r1]ip route-static 192.168.8.0 24 192.168.5.2
[r1]ip route-static 192.168.9.0 24 192.168.5.2
[r1]ip route-static 192.168.3.0 24 192.168.5.2
[r1]ip route-static 12.1.1.0 24 192.168.5.2
[r1]ip route-static 192.168.2.0 24 192.168.4.2
[r1]ip route-static 0.0.0.0 0 192.168.4.2
(4) Router AR2 configuration
<Huawei>sys
[Huawei]sysname r2
//configuration interface
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[r2-GigabitEthernet0/0/0]quit
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.2.1 24
[r2-GigabitEthernet0/0/1]quit
//Set telnet service
[r2]aaa
[r2-aaa]local-user lzx privilege level 15 password cipher 123456//account lzx password 1223456
[r2-aaa]local-user lzx service-type telnet
[r2-aaa]q
[r2]user-interface vty 0 4
[r2-ui-vty0-4]authentication-mode aaa
[r2-ui-vty0-4]quit
//Configure the routing table
[r2]ip route-static 192.168.6.0 24 192.168.4.1
[r2]ip route-static 192.168.7.0 24 192.168.4.1
[r2]ip route-static 192.168.8.0 24 192.168.4.1
[r2]ip route-static 192.168.9.0 24 192.168.4.1
[r2]ip route-static 192.168.5.0 24 192.168.4.1
[r2]ip route-static 192.168.3.0 24 192.168.2.2
[r2]ip route-static 12.1.1.0 24 192.168.2.2
[r2]ip route-static 0.0.0.0 0 192.168.2.2
//Configure to only allow PC3 to access the telnet service of AR2
[r2]acl 3000 //reject tcp as advanced control, so start from 3000
[r2-acl-adv-3000]rule permit tcp source 192.168.7.254 0 destination 192.168.4.2 //destination represents the destination address
[r2-acl-adv-3000]rule permit tcp source 192.168.7.254 0 destination 192.168.2.1 //destination represents the destination address
[r2-acl-adv-3000]rule deny tcp
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000 //Apply acl to the interface
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 //Apply acl to the interface
(5) Router AR3 configuration
<Huawei>sys
[Huawei]sysname r3
[r3]dhcp enable
// e0/0/0 configures the ip address
[r3]interface eth0/0/0
[r3-Ethernet0/0/0]ip address 192.168.5.2 255.255.255.0
// e0/0/1 configures the ip address
[r3]interface eth0/0/1
[r3-Ethernet0/0/0]ip address 192.168.3.1 255.255.255.0
// e0/0/2.1 configures the sub-interface ip address
[r3]interface e0/0/2.1
[r3-Ethernet0/0/1.1]dhcp select global
[r3-Ethernet0/0/1.1]dot1q termination vid 2
[r3-Ethernet0/0/1.1]ip address 192.168.8.1 255.255.255.0
[r3-Ethernet0/0/1.1]arp broadcast enable
[r3-Ethernet0/0/1.1]quit
// e0/0/2.2 configure subinterface ip address
[r3]interface e0/0/2.2
[r3-Ethernet0/0/1.2]dhcp select global
[r3-Ethernet0/0/1.2]dot1q termination vid 3
[r3-Ethernet0/0/1.2]ip address 192.168.9.1 255.255.255.0
[r3-Ethernet0/0/1.2]arp broadcast enable
[r3-Ethernet0/0/1.2]quit
//create pond c
[r3]ip pool c
[r3-ip-pool-c]network 192.168.8.0 mask 24
[r3-ip-pool-c]gateway-list 192.168.8.1
[r3-ip-pool-c]dns-list 1.1.1.10
[r3-ip-pool-c]quit
//create pond d
[r3]ip pool d
[r3-ip-pool-d]network 192.168.9.0 mask 24
[r3-ip-pool-d]gateway-list 192.168.9.1
[r3-ip-pool-d]dns-list 1.1.1.10
[r3-ip-pool-d]quit
//Configure the routing table
[r3]ip route-static 192.168.4.0 255.255.255.0 192.168.5.1
[r3]ip route-static 192.168.6.0 255.255.255.0 192.168.5.1
[r3]ip route-static 192.168.7.0 255.255.255.0 192.168.5.1
[r3]ip route-static 192.168.2.0 255.255.255.0 192.168.3.2
[r3]ip route-static 12.1.1.0 255.255.255.0 192.168.3.2
[r3]ip route-static 0.0.0.0 0 192.168.3.2
(6) Router AR4 configuration
<Huawei>sys
[Huawei]sysname r4
//configuration interface
[r4]interface g0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[r4-GigabitEthernet0/0/0]quit
[r4]interface g0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.3.2 24
[r4-GigabitEthernet0/0/1]quit
[r4]interface g0/0/2
[r4-GigabitEthernet0/0/2]ip address 12.1.1.1 24
[r4-GigabitEthernet0/0/2]quit
//Configure the routing table
[r4]ip route-static 192.168.4.0 24 192.168.2.1
[r4]ip route-static 192.168.6.0 24 192.168.2.1
[r4]ip route-static 192.168.7.0 24 192.168.2.1
[r4]ip route-static 192.168.6.0 24 192.168.3.1
[r4]ip route-static 192.168.7.0 24 192.168.3.1
[r4]ip route-static 192.168.5.0 24 192.168.3.1
[r4]ip route-static 192.168.8.0 24 192.168.3.1
[r4]ip route-static 192.168.9.0 24 192.168.3.1
[r4]ip route-static 0.0.0.0 0 12.1.1.1
//Internet connection settings
[r4]acl 2000
[r4-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255
[r4-acl-basic-2000]quit
[r4]interface g0/0/2
[r4-GigabitEthernet0/0/2]nat outbound 2000
[r4-GigabitEthernet0/0/2]nat static global 12.1.1.3 inside 192.168.6.254
(7) Router ISP configuration
<Huawei>sys
[Huawei]sysname ISP
[ISP]interface g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[ISP-GigabitEthernet0/0/0]quit
[ISP]interface g0/0/1
[ISP-GigabitEthernet0/0/1]ip address 1.1.1.1 24
3. Screenshot of test phenomenon
(1) Screenshot of the IP obtained on the PC side
PC1
PC2
PC3
PC4
(2) Screenshot of network device communication test
PC1 pings AR2 and AR4
PC2 ping ISP
PC3 pings AR1 and AR3
AR1 pings AR3 , ISP , and PC4
(3) Screenshot of network control phenomenon
Since Huawei's PC cannot directly telnet to AR2, a router AR8 is replaced and configured with the same ip address to simulate PC3's access to AR2's telnet service. The figure below is the simulation result.
AR1 that is not in the allowed list cannot access the telnet service of AR2.
(4) Display according to customer needs
Requirement 1: PC1-PC3 obtains ip address through DHCP; PC1 and http are in VLAN2, PC2 and PC3 are in VLAN3
VLAN settings can be decomposed in the device topology and reflected in the switch configuration in the device command display.
Requirement 2: PC1-PC3 can access PC4 in the Internet; PC4 can access the http server through the domain name www.waishi.com
PC3
Due to Huawei's restrictions, use Client1 instead of PC4 to access the http server through the domain name www.waishi.com.
Other requirements can be reflected in the screenshots of router and switch configuration and network control phenomena.
Four. Summary
After a semester of studying the course "Computer Network Principles", it is no stranger to me. First of all, as for the course arrangement, it feels very compact, and almost no knowledge points are missed. Theory is always before experiments and computer tests, which is beneficial for our students to accept new knowledge and use the theory freely.
After a semester of theoretical classes, we conducted experiments that lasted for half a month. The experimental teacher is Mr. Pan, who has experience in corporate work. He never forgets to set aside some time for us to think about why we need to configure this way and what principles are used. Secondly, for teaching, I feel that the teacher's teaching ideas are very clear. Using the blackboard + ENSP simulator directly is very general, and the focus is "sharp to the point", which is easy for us to grasp the priority of knowledge. Following the teacher's teaching steps, we slowly grasped the knowledge in the textbook. The teacher's occasional images and humorous metaphors are easy to understand and accept, and we don't feel that the classroom is boring. Before the experiment, the teacher always gives us enough time to preview.
This experiment mainly describes the connection method between routers, the working principle of the router, etc.; the working principle, switching technology and VLAN function of the switch; ACL configuration access control list to control traffic; Assign IP; configure DNS, HTTP server; network address translation NAT and so on.
During the experiment, I encountered the problem that the PC end could not connect to the whole network. The essential reason was that the overall idea was not clear, and I did not note each routing interface and the IP allocation of the PC interface from the topology first, which resulted in the configuration process. In the network, the IP number is often assigned incorrectly, so that the Internet cannot be connected. After many times of tossing, after summing up the experience, in the process of configuring the full Netcom many times in the future, it will be configured quickly and smoothly, so the summary is very important. I have also encountered that the understanding of ACL is not deep, and I often make mistakes when choosing a router to configure ACL. The principle of ACL access control is to deny or allow actions after matching traffic on the inbound and outbound interfaces of the router. The rules of ACL are in order of. The principle of ACL is to be as close as possible to the target address, so that the bandwidth can be utilized most efficiently. One of them, I forgot to apply the ACL rules on the router gateway. Later, I asked the teacher for advice and realized that the rules were not enabled. This also emphasized the importance of cooperation. It is also beneficial to do it and ask others for advice.
At the same time, the teacher also taught the method of writing a resume. By writing a resume, listing the skills, honorary certificates and skill certificates that you can master is also a summary of yourself, and you can clearly see your position and master the knowledge degree. Taking copper as a guide, one can correct one's clothes; taking people as a guide, one can know the gains and losses; taking history as a guide, one can know the ups and downs. Only by constantly improving your own shortcomings through evaluation can you achieve a better self.
In this training, we not only know how to operate, but also understand that everyone on the university campus should master seven learnings: learning the way of self-study, basic knowledge, practice penetration, interest cultivation, being proactive, controlling time, and dealing with others . We not only learned a lot of knowledge that we didn't know before, but also greatly enhanced and improved our hands-on ability.
The success of every experiment can make me feel a sense of accomplishment and excitement that I have not seen for a long time. Some time after the training ended, I occasionally felt that "computer network" taught me not only professional knowledge, but I think I have gained more real things. Of course, there are more and the most professional gains. The sense of haste in the past has become a mature point of view. , I feel that I have not learned enough, and I am not careful. The bottom line of all this is: the foundation will still become a solid foundation stone for the future. In the days to come, we must continue to work hard, work hard, and experience work and life with a speculative heart.
"The heart is ideal and the world is wide", I have planted the seeds of ideals, but I still have to wait for the harvest with my heart. I am eager to have the most mature results, so I have to work hard and understand carefully. In short, what I feel most deeply is the following:
First, practical training is a test of everyone's comprehensive ability. In order to do anything well, in addition to having a certain foundation, we also need a certain amount of practical ability and operational ability; second, this training, I deeply understand the importance of accumulating knowledge. As the saying goes: "If you want to add more fire to your career, you have to add a bundle of materials", I am deeply touched by this saying; finally, "What is done on paper is always shallow, and I know that this matter must be done in practice! "During the short internship process, I deeply felt the lack of professional knowledge in practical application. In the first period of time, I felt helpless and at a loss for some work, which made me feel very sad. I always thought that I learned well in school, but once I was exposed to reality, I realized how little I knew, and only then did I truly understand the meaning of "knowledge is endless".
Through this training, we have a deeper understanding of computer networks. To be a modern person in the 21st century, one must not only have solid theoretical knowledge, good psychological quality and healthy physique, but also have super computer operation ability. As the saying goes, "a scholar can know the world without going out." As a computer science and technology student, you must have a wider social circle and broad knowledge, so you must focus on the foundation of the computer network or the entire computer system!
The competition in the society is fierce. I think we should grasp the time of university study, enrich and improve ourselves, and develop in an all-round way. At the same time, you must have a positive and proactive attitude towards life. University is the last opportunity for everyone to learn, cultivate and train how to get along with others in a relatively relaxed environment. In the future, people's ability to get along with others in society and at work will become more and more important, even surpassing the work itself. Therefore, we must seize the opportunity and cultivate our communication awareness and team spirit. Victor Frankel once said: "In any given environment, people still have a final freedom, which is to choose their own attitude." In the future, I will strive to be an outstanding modern person!
Because the experiment is relatively long, I also uninstalled ENSP, and I put all the topo packages of the experiment here, you can refer to it.
链接:https://pan.baidu.com/s/1AROH5I0BzaH9w07rf22bAw?pwd=db45
提取码:db45