Packet-Tracer经典案例-第2章-搭建交换式企业网课件.pptx_163文库

资源描述

1、第二章搭建交换式企业网学习目标 1 交换技术 2路由技术 3安全管理 4服务配置 5WAN技术网络拓扑Network topology 交换分支配置示例1 1在路由器DS-1上配置HSRP（以VLAN10为例）DS-1(config)#interface vlan 10DS-1(config-if)#standby 10 ip 10.1.10.254DS-1(config-if)#standby 10 priority 105DS-1(config-if)#standby 10 preempt在路由器DS-2上配置HSRP（以VLAN10为例）DS-2(config)#interface v

2、lan 10DS-2(config-if)#standby 10 ip 10.1.10.254DS-2(config-if)#standby 10 preempt在路由器DS-2上查看HSRP的相关信息DS-2#show standby brief P indicates configured to preempt.|Interface Grp Pri P State Active Standby Virtual IPVl10 10 100 P Standby 10.1.10.253 local 10.1.10.254Vl20 20 105 P Active local 10.2.20.253

3、 10.2.20.254Vl30 30 100 P Standby 10.3.30.253 local 10.3.30.254Vl40 40 105 P Active local 10.4.40.253 10.4.40.254Vl101 101 100 P Standby 10.0.101.253 local 10.0.101.254 交换分支配置示例1 1在交换机AS-4上配置PVSTAS-4(config)#spanning-tree mode pvstAS-4(config)#spanning-tree vlan 4,5 root primaryAS-4(config)#spanning

4、-tree vlan 6,7 root secondary在交换机AS-5上配置PVSTAS-5(config)#spanning-tree mode pvstAS-5(config)#spanning-tree vlan 4,5 root secondaryAS-5(config)#spanning-tree vlan 6,7 root primary 交换分支配置示例1 1在AS-1交换机上配置VTP服务器 AS-1(config-if-range)#vlan 10 AS-1(config-vlan)#name BM1 AS-1(config)#vtp domain 17net1.ytvc

5、AS-1(config)#vtp version 2AS-1(config)#vtp mode serverAS-1(config)#vtp password 17net1 在路由器AS-2上配置VTP客户端AS-2(config)#vtp domain 17net1.ytvcAS-2(config)#vtp version 2AS-2(config)#vtp mode clientAS-2(config)#vtp password 17net1 在二层交换机AS-1上查看VTP服务器端状态信息AS-1#show vtp status VTP Version :2Configuration R

6、evision :11Maximum VLANs supported locally :255Number of existing VLANs :10VTP Operating Mode :ServerVTP Domain Name :17net1.ytvcVTP Pruning Mode :DisabledVTP V2 Mode :EnabledVTP Traps Generation :DisabledMD5 digest :0 x9F 0 xF7 0 x15 0 xF2 0 x67 0 x62 0 x4F 0 x4A Configuration last modified by 0.0.

7、0.0 at 3-1-93 01:16:57 路由分支配置示例1 2在路由器Router-Edge上配置静态路由Router-Edge(config)#ip route 10.0.0.0 255.248.0.0 10.0.13.1 Router-Edge(config)#ip route 10.0.0.0 255.248.0.0 10.0.23.2Router-Edge(config)#ip route 0.0.0.0 0.0.0.0 serial 0/2/0在路由器DS-1上配置静态默认路由DS-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.13.3在路由器

8、DS-2上配置静态默认路由DS-2(config)#ip route 0.0.0.0 0.0.0.0 10.0.23.3在路由器WJ-R上配置静态默认路由WJ-R(config)#ip route 0.0.0.0 0.0.0.0 218.12.8.2 安全管理配置示例1 3PC11访问FTP服务器C:ftp 10.6.200.252Trying to connect.10.6.200.252%Error opening ftp:/10.6.200.252/(Timed out)(Disconnecting from ftp server)C:FTP服务器安全Router-Edge(config

9、)#ip access-list extended denyFTPRouter-Edge(config-ext-nacl)#deny ip 10.1.10.0 0.0.0.255 host 10.6.200.252Router-Edge(config-ext-nacl)#deny ip 10.2.20.0 0.0.0.255 host 10.6.200.252Router-Edge(config-ext-nacl)#permit ip any anyRouter-Edge(config)#interface vlan 200Router-Edge(config-if)#ip access-gr

10、oup denyFTP outPC31访问FTP服务器,并下载文件C:ftp 10.6.200.252Trying to connect.10.6.200.252Connected to 10.6.200.252220-Welcome to PT Ftp serverUsername:cisco331-Username ok,need passwordPassword:230-Logged in(passive mode On)ftpftpget vlan.dat-AS1Reading file vlan.dat-AS1 from 10.6.200.252:File transfer in p

11、rogress.Transfer complete-856 bytes856 bytes copied in 0 secs 安全管理配置示例1 3DS-1设备VTY访问限制DS-1(config)#access-list 1 permit 10.4.40.0 0.0.0.255DS-1(config)#line vty 0 2DS-1(config-line)#access-class 1 inPC11远程登录DS-1设备C:telnet 10.1.1.1Trying 10.1.1.1.Open Connection to 10.1.1.1 closed by foreign hostC:PC

12、41远程登录DS-1C:telnet 10.1.1.1Trying 10.1.1.1.Open User Access Verification Username:srkPassword:DS-1 服务配置示例1 4在路由器DS-1上配置DHCP服务 DS-1(config)#ip dhcp excluded-address 10.1.10.101 10.1.10.254 DS-1(config)#ip dhcp pool VLAN10DS-1(dhcp-config)#network 10.1.10.0 255.255.255.0DS-1(dhcp-config)#default-route

13、r 10.1.10.254DS-1(dhcp-config)#dns-server 10.5.100.252在三层交换机WJ-R上配置DHCP中继（中继DHCP服务器地址池）WJ-R(config)#interface GigabitEthernet 0/0.5WJ-R(config-subif)#ip helper-address 10.8.7.253WJ-R(config-subif)#interface GigabitEthernet 0/0.6WJ-R(config-subif)#ip helper-address 10.8.7.253 服务配置示例1 4在交换机AS-1上创建用户名、

14、密码AS-1enablePassword:AS-1#configure terminalAS-1(config)#ip ftp username ciscoAS-1(config)#ip ftp password cisco在交换机AS-1上将文件备份到FTP服务器AS-1#copy startup-config ftpAddress or name of remote host?10.6.200.252Destination filename AS-1-confg?Writing startup-config.OK-1996 bytes1996 bytes copied in 0.023 s

15、ecs(86000 bytes/sec)WAN技术配置示例1 5 在WJ-R路由器上配置NAT及静态地址映射WJ-R(config)#access-list 88 permit 10.8.0.0 0.0.255.255WJ-R(config)#ip nat inside source list 88 interface GigabitEthernet 0/0/0 overloadWJ-R(config)#interface GigabitEthernet 0/0/0WJ-R(config-if)#ip nat outsideWJ-R(config-if)#interface GigabitEt

16、hernet 0/0.4WJ-R(config-subif)#ip nat insideWJ-R(config-subif)#interface GigabitEthernet 0/0.5WJ-R(config-subif)#ip nat insideWJ-R(config-subif)#interface GigabitEthernet 0/0.6WJ-R(config-subif)#ip nat insideWJ-R(config-subif)#interface GigabitEthernet 0/0.7WJ-R(config-subif)#ip nat inside WAN技术配置示例

17、1 5在路由器Router-Edge上配置PPP协议Router-Edge(config)#username ISP-1 password ciscoRouter-Edge(config)#interface Serial0/2/0Router-Edge(config-if)#encapsulation pppRouter-Edge(config-if)#ppp authentication chap在路由器ISP-1上配置PPP协议ISP-1(config)#username Router-Edge password ciscoISP-1(config)#interface Serial0/

18、0/0ISP-1(config-if)#encapsulation pppISP-1(config-if)#ppp authentication chap WAN技术配置示例1 5在路由器Router-Edge配置Tunnel隧道Router-Edge(config)#interface Tunnel0Router-Edge(config-if)#ip address 10.10.10.1 255.255.255.252Router-Edge(config-if)#tunnel source Serial0/2/0Router-Edge(config-if)#tunnel destinatio

19、n 218.12.18.1在路由器Router-Edge配置静态路由Router-Edge(config)#ip route 10.8.4.0 255.255.255.0 10.10.10.2Router-Edge(config)#ip route 10.8.5.0 255.255.255.0 10.10.10.2Router-Edge(config)#ip route 10.8.6.0 255.255.255.0 10.10.10.2Router-Edge(config)#ip route 10.8.7.0 255.255.255.0 10.10.10.2在路由器WJ-R上配置Tunnel隧道WJ-R(config)#interface Tunnel0WJ-R(config-if)#ip address 10.10.10.2 255.255.255.252WJ-R(config-if)#tunnel source GigabitEthernet0/0/0WJ-R(config-if)#tunnel destination 218.12.17.1在路由器WJ-R上配置静态路由WJ-R(config)#ip route 10.0.0.0 255.248.0.0 10.10.10.1 Thanks！

展开阅读全文