以上这道CCNA综合实验题来自于2010年湖南省计算机应用网络管理员的一道操作题,看上去很容易,但对于基础知识掌握不牢固且对Packet tracer 这个cisco模拟器不熟悉的人在规定的时间内要全都配置好还是有一定的困难的,下面我就这道综合题来一一解答:
首先我们得先看明白本实验的需求(我总结了一下,一共有十一点):
1,internet是ospf区域,不能通过OSPF边缘路由器来增加到各企业网络
的静态路由,通告所有的本地直连的网络。
2,R1-R3 FR-DLCI任意。
3,分公司和总部都需NAT转换上网
4,SW1-SW2两交换机间实现跨交换机互通,并通过端口聚合增加带宽,
5,总部与分部都通过一条默认路由通达INTERNET。
6,分部出口路由器与INTERNET之间是PPP封装,
7,R1与R2之间PPP,PAP认证。
8,vlan 10只能ping通vlan 20 的www服务
9,W3交换机为了局域网安全需要做相应的端口安全设置,并绑定相应的
网与IP
10,因为vlan 10需要PC62台,vlan 20需要280多台PC,需要对172.16.0.0/16
进行VLSM划分,以最省IP地址的形式划分VLAN。
11,server 0 充当DNS与web 服务器,并且总部与分部都能访问web资源。
那么我们可以从以上需求看出需要做的配置大概有这几个:端口聚合,VLSM划分,ACL访问控制,NAT网络地址转换,PPP封装,PPP PAP认证,frame-relay帧中继,端口安全,IP与MAC绑定,OSPF路由,VLAN划分,DNS WEB配置,VTPvlan 中继协议。既然分析了这些需求,那么我们现在就可以用packet tracer去配置本实验了。
我们分步进行,顺序依次是总部-----INTERNET-----分部,
总部配置如下:
SW1:
Building configuration...
hostname Switch
ip routing
!
interface FastEthernet0/1
no switchport
ip address 202.103.100.1 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
!i
interface Port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.16.0.254 255.255.254.0
ip access-group 101 in
ip nat inside
!
interface Vlan20
ip address 172.16.2.254 255.255.254.0
ip access-group 101 out
ip nat inside
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.103.100.2
!
access-list 100 permit ip 172.16.0.0 0.0.1.255 any
access-list 100 permit ip 172.16.2.0 0.0.0.127 any
access-list 101 permit tcp 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127 eq www
access-list 101 deny ip 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127
access-list 101 permit ip any any
!
line con 0
line vty 0 4
login
!
end
SW2:Building configuration...
hostname Switch
!
interface FastEthernet0/1
!
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface Port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
line con 0
line vty 0 4
login
end
-------------------------------------------------------------------------分部----------------------》》》
SW3:
Building configuration...
hostname Switch
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 100
switchport mode access
switchport port-security
!
interface FastEthernet0/3
switchport access vlan 200
switchport mode access
switchport port-security
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end
router 3:
Building configuration...
-encryption
!
hostname Router
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.2.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 202.103.100.18 255.255.255.252
ip nat outside
!
interface Serial1/1
no ip address
shutdown
!
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 100 interface Serial1/0 overload
ip nat inside source static tcp 192.168.1.2 80 202.103.100.18 80
ip nat inside source static udp 192.168.1.2 53 202.103.100.18 53
ip classless
ip route 0.0.0.0 0.0.0.0 202.103.100.17
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
!
line con 0
line vty 0 4
login
!
end
_________________________________________________internet配置_____________________
R3:
Building configuration...
hostname Router
!
interface Serial1/0
ip address 202.103.100.14 255.255.255.252
encapsulation frame-relay
frame-relay interface-dlci 301
!
interface Serial1/1
ip address 202.103.100.6 255.255.255.252
!
interface Serial1/2
ip address 202.103.100.17 255.255.255.252
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.16 0.0.0.3 area 0
network 202.103.100.12 0.0.0.3 area 0
network 202.103.100.4 0.0.0.3 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end
R2:
Building configuration...
hostname Router
!
interface FastEthernet0/0
ip address 202.103.100.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 202.103.100.9 255.255.255.252
clock rate 64000
!
interface Serial1/1
ip address 202.103.100.5 255.255.255.252
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.8 0.0.0.3 area 0
network 202.103.100.4 0.0.0.3 area 0
network 202.103.100.0 0.0.0.3 area 0
!
ip classless
!
line con 0
line vty 0 4
login
!
end
R1:
Building configuration...
hostname Router
!
interface Serial1/0
ip address 202.103.100.10 255.255.255.252
!
interface Serial1/1
ip address 202.103.100.13 255.255.255.252
encapsulation frame-relay
frame-relay interface-dlci 103
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.12 0.0.0.3 area 0
network 202.103.100.8 0.0.0.3 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end
-------------------------------应用服务器的配置就不去写了-----------
接下来就来看一下测试结果吧,
1,测试总部与INTERNET连通性:
2,测试分部与INTERNE连通性:
3,测试总部与分部是否能够访问WEB服务器:
4,测试NAT是否生效:
测试语句:
结果:
。。。好吧,剩下的我也就不再赘述了,希望能够通过此实验让各位都能强化一下网络基础知识,为掌握更好的网络技术而努力!
(:>>.........
v v v ...
by zenfei
本文转自 Bruce_F5 51CTO博客,原文链接:http://blog.51cto.com/zenfei/415846
