网络互联实训报告
院 系 XXXXXX 班 级 XXXXXXX 姓 名 XXX
系 主 任 XXX 教研室主任 XXX 指导教师 XXXXXXXXXX
五、实习(实训)报告内容(有指导书的可省略) 苏州市职业大学计算机工程系实习(实训)报告 计算机工系部名称 专业 计算机网络 地点 XXXXX 程系 学生姓名 XXX 班级 XXXXXXX 学号 指导教师 XXXXXXX XXXXXX 实习(实训) 2010 年 12 月 27 日 时间 实习(实训)项目:路由与交换 实习(实训)目的: 学生通过本实训,能够掌握网络的基本配置和管理,熟悉常用的交换和路由设备的特点和性能,能具备网络管理员及网络工程师的基本素质。 实习(实训)内容: 项目一、交换机基本配置、交换机的远程登陆 项目二、三层交换机实现不同VLAN之间互通 项目三、链路聚合与生成树协议 项目四、网络安全及ACL 项目五、局域网和互联网之间的互连(NAT和NAPT) 实验六、综合实验(选做) 实习(实训)设备、器材和仪表: 四台交换机:D1-------------R2620-1 D2-------------R2620-2 D3-------------R2624-1 D4-------------R2624-2 四台路由器:D5-------------S2126G-1 D6-------------S2126G-2 D7-------------S3550-1 D8-------------S3550-2 成绩评定: 教师签字: 时间:2011年1月6日 实习(实训)步骤和内容: 项目一、交换机基本配置、交换机的远程登陆 1. 交换机基本配置 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchA 2. 交换机的远程登陆 SwitchA(config)#line console 0 SwitchA(config-line)#line vty 0 4 SwitchA(config-line)#enable secret tcy SwitchA(config)#enable password tcy 项目二、三层交换机实现不同VLAN之间互通 3. 交换机VLAN的划分 SwitchA(config)# SwitchA# %SYS-5-CONFIG_I: Configured from console by console SwitchA#conf t Enter configuration commands, one per line. End with CNTL/Z. SwitchA(config)#exit SwitchA#conf t SwitchA(config)#vlan 10 SwitchA(config-vlan)#exit SwitchA(config)#vlan 20 SwitchA(config-vlan)#exit SwitchA(config)#vlan 30 SwitchA(config-vlan)#exit SwitchA(config)#vlan 40 SwitchA(config-vlan)#exit SwitchA(config)#interface range fastethernet 0/1-5 SwitchA(config-if-range)#switchport access vlan 10 SwitchA(config-if-range)#exit SwitchA(config)#interface range fastethernet 0/6-10 SwitchA(config-if-range)#switchport access vlan 20 SwitchA(config-if-range)#exit SwitchA(config)#interface range fastethernet 0/11-15 SwitchA(config-if-range)#switchport access vlan 30 SwitchA(config-if-range)#exit SwitchA(config)#interface range fastethernet 0/16-20 SwitchA(config-if-range)#switchport access vlan 40 SwitchA(config-if-range)#exit SwitchA(config)#interface vlan 10 SwitchA(config-if)# %LINK-5-CHANGED: Interface Vlan10, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up SwitchA(config-if)#ip address 10.10.10.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)#interface vlan 20 SwitchA(config-if)#ip address 10.10.20.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)#interface vlan 30 SwitchA(config-if)#ip address 10.10.30.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)#interface vlan 40 SwitchA(config-if)#ip address 10.10.40.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)# %SYS-5-CONFIG_I: Configured from console by consoleSwitchA# 4. 跨交换机实现相同VLAN的互通 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchB SwitchB(config)#vlan 10 SwitchB(config-vlan)#exit SwitchB(config)#vlan 20 SwitchB(config-vlan)#exit SwitchB(config)#interface range fastethernet 0/1-5 SwitchB(config-if-range)#switchport access vlan 10 SwitchB(config-if-range)#exit SwitchB(config)#interface range fastethernet 0/6-10 SwitchB(config-if-range)#switchport access vlan 20 SwitchB(config-if-range)#exit SwitchB(config)#interface vlan 10 SwitchB(config-if)# %LINK-5-CHANGED: Interface Vlan10, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up SwitchB(config-if)#ip address 192.168.10.2 % Incomplete command. SwitchB(config-if)#exit SwitchB(config)#interface vlan 30 SwitchB(config-if)#interface vlan 20 %LINK-5-CHANGED: Interface Vlan20, changed state to upSwitchB(config-if)# SwitchB(config-if)#ip address 192.168.20.2 % Incomplete command. SwitchB(config-if)#exit SwitchB(config)#exit 三层VLAN之间的通信 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchA SwitchA(config)#vlan 10 SwitchA(config-vlan)#exit SwitchA(config)#interface vlan 10 %LINK-5-CHANGED: Interface Vlan10, changed state to upSwitchA(config-if)#ip address 192.168.10.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)#vlan 20 SwitchA(config-vlan)#exit SwitchA(config)#interface vlan 20 %LINK-5-CHANGED: Interface Vlan20, changed state to upSwitchA(config-if)#ip address 192.168.20.1 255.255.255.0 SwitchA(config-if)#exit SwitchA(config)#interface range fastethernet 0/1-5 SwitchA(config-if-range)#switchport access vlan 10 %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to upSwitchA(config-if-range)#exit SwitchA(config)#interface range fastethernet 0/6-10 SwitchA(config-if-range)#switchport access vlan 20 SwitchA(config-if-range)#exit SwitchA(config)#interface vlan 10 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)#interface vlan 20 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)#ip routing SwitchA(config)#interface fastethernet 0/2 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)#interface fastethernet 0/4 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)#interface fastethernet 0/6 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)#interface fastethernet 0/8 SwitchA(config-if)#no shut SwitchA(config-if)#exit SwitchA(config)# SwitchA# %SYS-5-CONFIG_I: Configured from console by console 项目三、链路聚合与生成树协议 5. 链路聚合aggregeteport (1)交换机A的配置 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchA SwitchA(config)#vlan 10 SwitchA(config-vlan)#name sales SwitchA(config-vlan)#exit SwitchA(config)#interface fastethernet 0/5 SwitchA(config-if)#switchport access vlan 10 SwitchA(config-if)#exit SwitchA(config)#interface range fa 0/1-2 SwitchA(config-if-range)#channel-group 1 mode on %LINK-5-CHANGED: Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to upSwitchA(config-if-range)#? cdp Global CDP configuration subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PAgP) description Interface specific description switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit SwitchA(config-if-range)#end SwitchA(config)# (2)交换机B的配置 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchB SwitchB(config)#vlan 10 SwitchB(config-vlan)#name sales SwitchB(config-vlan)#exit SwitchB(config)#interface fastethernet 0/5 SwitchB(config-if)#switchport access vlan 10 SwitchB(config-if)#exit SwitchB(config)#interface range fa 0/1-2 SwitchB(config-if-range)#channel-group 1 mode on %LINK-5-CHANGED: Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to upSwitchB(config-if-range)#? cdp Global CDP configuration subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PAgP) description Interface specific description switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit SwitchB(config-if-range)#end SwitchB(config)# 6. 生成树协议(STP、RSTP) (1)交换机A的配置 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchA SwitchA(config)#vlan 10 SwitchA(config-vlan)#name sales SwitchA(config-vlan)#exit SwitchA(config)#interface fastethernet 0/5 SwitchA(config-if)#switchport access vlan 10 SwitchA(config-if)#exit SwitchA(config)#interface range fa 0/1-2 SwitchB(config-if-range)#channel-group 1 mode on %LINK-5-CHANGED: Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to upSwitchB(config-if-range)#? Cdp Global CDP configuration subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PagP) description Interface specific description switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit SwitchA(config-if-range)#end SwitchA(config)# (2)交换机B的配置 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#host SwitchB SwitchB(config)#vlan 10 SwitchB(config-vlan)#name sales SwitchB(config-vlan)#exit SwitchB(config)#interface fastethernet 0/5 SwitchB(config-if)#switchport access vlan 10 SwitchB(config-if)#exit SwitchB(config)#interface range fa 0/1-2 SwitchB(config-if-range)#channel-group 1 mode on %LINK-5-CHANGED: Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel 1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to upSwitchB(config-if-range)#? cdp Global CDP configuration subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PAgP) description Interface specific description switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit SwitchB(config-if-range)#end SwitchB(config)# 项目四、网络安全及ACL 7. 路由器基本配置、路由器的远程登陆 Red-Giant>en Red-Giant#conf t Enter configuration commands, one per line. End with CNTL/Z. Red-Giant(config)#host RouterA RouterA(config)#enable secret tcy1 RouterA(config)#enable password tcy2 RouterA(config)#line console 0 RouterA(config-line)#password tcy RouterA(config-line)#login RouterA(config-line)#exit RouterA(config)#line vty 0 4 RouterA(config-line)#password tcy RouterA(config-line)#login RouterA(config-line)#end RouterA# 8. 路由器的静态路由 RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#interface serial 0 RouterA(config-if)#exit RouterA(config)#interface serial 0 RouterA(config-if)#ip address 10.0.0.1 255.255.255.0 RouterA(config-if)#clock rate 64000 RouterA(config-if)#no shutdown RouterA(config-if)#exit RouterA(config)#interface fastethernet 0 RouterA(config-if)#ip address 172.18.45.64 255.255.255.0 RouterA(config-if)#no shutdown RouterA(config-if)#exit RouterA(config)#ip route 172.18.45.63 255.255.255.0 10.0.0.1 %Inconsistent address and mask RouterA(config)#exit RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#ip route 0.0.0.0 0.0.0.0 serial 0 RouterA(config)#exit RouterA# 9. 网络安全(交换机的端口安全) (1)配置交换机端口的最大连接数限制 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface range fastethernet 0/1-23 Switch(config-if-range)#switchport port-security Command rejected: FastEthernet0/1 is a dynamic port. Command rejected: FastEthernet0/2 is a dynamic port. Command rejected: FastEthernet0/3 is a dynamic port. Command rejected: FastEthernet0/4 is a dynamic port. Command rejected: FastEthernet0/5 is a dynamic port. Command rejected: FastEthernet0/6 is a dynamic port. Command rejected: FastEthernet0/7 is a dynamic port. Command rejected: FastEthernet0/8 is a dynamic port. Command rejected: FastEthernet0/9 is a dynamic port. Command rejected: FastEthernet0/10 is a dynamic port. Command rejected: FastEthernet0/11 is a dynamic port. Command rejected: FastEthernet0/12 is a dynamic port. Command rejected: FastEthernet0/13 is a dynamic port. Command rejected: FastEthernet0/14 is a dynamic port. Command rejected: FastEthernet0/15 is a dynamic port. Command rejected: FastEthernet0/16 is a dynamic port. Command rejected: FastEthernet0/17 is a dynamic port. Command rejected: FastEthernet0/18 is a dynamic port. Command rejected: FastEthernet0/19 is a dynamic port. Command rejected: FastEthernet0/20 is a dynamic port. Command rejected: FastEthernet0/21 is a dynamic port. Command rejected: FastEthernet0/22 is a dynamic port. Command rejected: FastEthernet0/23 is a dynamic port. Switch(config-if-range)#switchport port-security maximum 1 Switch(config-if-range)#switchport port-security violation shutdown Switch(config-if-range)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show port-security (2)配置交换机端口的地址绑定. Switch# Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface fastethernet 0/3 Switch(config-if)#switchport port-security Command rejected: FastEthernet0/3 is a dynamic port. Switch(config-if)#switchport port-security mac-address 10. 访问控制列表 RouterA>en RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#interface fastethernet 0 RouterA(config-if)#ip address 192.168.0.1 255.255.255.0 RouterA(config-if)#no shut RouterA(config-if)#exit RouterA(config)#interface fastethernet 1 RouterA(config-if)#ip address 192.168.1.1 255.255.255.0 RouterA(config-if)#no shut RouterA(config-if)#exit RouterA(config)# 项目五、局域网和互联网之间的互连(NAT和NAPT) 11. 网络地址转换NAT RouterA(config)#interface fastethernet 0 RouterA(config-if)#ip address 192.168.10.1 255.255.255.0 RouterA(config-if)#ip nat outside RouterA(config-if)#no shutdown RouterA(config)#interface fastethernet 0 RouterA(config-if)#ip address 192.168.10.1 255.255.255.0 RouterA(config-if)#ip nat outside RouterA(config-if)#no shutdown RouterA(config-if)#exit RouterA(config)#interface serial 0 RouterA(config-if)#ip address 202.100.100.1 255.255.255.0 RouterA(config-if)#clock rate 64000 RouterA(config-if)#ip nat outside RouterA(config-if)#no shutdown RouterA(config-if)#exit RouterA(config)#ip nat inside source static 192.168.10.10 202.100.100.1 RouterA(config)#ip nat inside source static 192.168.10.20 202.100.100.2 RouterA(config)#exit RouterA#conf t RouterA(config)#interface serial 1 RouterA(config-if)#ip address 202.100.100.2 255.255.255.0. RouterA(config-if)#no shutdown RouterA(config-if)#exit RouterA(config)# 12. 网络地址NAPT Red-Giant(config)#host RouterA RouterA(config)#interface fastethernet 0 RouterA(config-if)#exit RouterA(config)#access-list 1 permit 192.168.1.0 0.0.0.255 RouterA(config)#ip nat inside source list 1 interface fastethernet 0 RouterA(config)#ip nat inside source list 1 interface serial 0 RouterA(config)#interface fa 0 RouterA(config-if)#ip address 192.168.1.1 255.255.255.0 RouterA(config-if)#ip nat inside RouterA(config-if)#no shut RouterA(config-if)#exit RouterA(config)# %UPDOWN: Line protocol on Interface FastEthernet0, changed state to up %UPDOWN: Interface FastEthernet0, changed state to up %UPDOWN: Line protocol on Interface FastEthernet0, changed state to down RouterA(config)#interface s0 RouterA(config-if)#ip address 202.98.38.1 255.255.255.0 RouterA(config-if)#ip nat %UPDOWN: Interface Serial0, changed state to down % Incomplete command. RouterA(config-if)#ip nat outside RouterA(config-if)#no shut RouterA(config-if)#end RouterA# RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#access-list 1 permit host 192.168.0.11 RouterA(config)#access-list 1 deny any RouterA(config)#interface fastethernet 0 RouterA(config-if)#ip access-group 1 out RouterA(config-if)#end RouterA#show access-list 1 Standard IP access list 1 permit 192.168.0.11 permit 192.168.1.0, wildcard bits 0.0.0.255 deny any RouterA#conft RouterA(config)#access-list 2 permit host 192.168.0.11 RouterA(config)#access-list 2 deny 192.168.0.0 0.0.0.255 RouterA(config)#access-list 2 permit 192.168.1.0 0.0.0.255 RouterA(config)#interface fastethernet 0 RouterA(config-if)#exit 实验六、综合实验 模拟某学校网络拓扑结构.在该学校网络接入层采用S2126,接入层交换机划分了办公网VLAN2和学生网VLAN4,VLAN2和VLAN4通过汇聚层交换机S3550与路由器A相连,另3550上有一个VLAN3存放一台网管机。路由器A与B通过路由协议获取路由信息后,办公网可以访问B路由器后的FTPserver 。为了防止学生网内的主机访问重要的FTPserver,A路由器采用了访问控制列表的技术作为控制手段。 networkadmin=192.168.3.12/24 VLAN3 FTPserver S0 F0 A S0 B F0 Web server=65.154.12.8/24 VLAN1 S3550 F0/5 F0/5 F0/6 F0/6 S2126 RA: S0=202.99.1.1/30 F0=192.168.1.1/24; VLAN2 VLAN4 S2126 :VLAN1=192.168.1.3/24 S3550: VLAN1=192.168.1.2/24 S3550 : VLAN2=192.168.20.1/24 VLAN3=192.168.30.1/24 VLAN4=192.168.40.1/24 实验要求: 1、 根据拓朴图分别在S2126和S3550创建相应VLAN,并在S2126上将F0/10-15加入VLAN2,将F0/16-20加入VLAN4,在S3550上将F0/10-12加入VLAN3 2、 在两台交换机之间配置实现冗余链路,解决环路问题 3、 S3550通过SVI方式和RA互连 4、 S3550配置实现VLAN间互连 5、 RA和RB之间采用PPP链路,采用PAP方式进行验证提高链路的安全性。 6、 在全网运应RIPV2实现全网互连。 7、 通过访问列表控制所有人可以正常访问服务器,只有VLAN4不可以访问FTP服务。 8、 通过相关命令显示相关配置结果,并进行验证
因篇幅问题不能全部显示,请点此查看更多更全内容