CCNA綜合實驗

時間 2019-11-11

標籤 ccna 綜合實驗简体版

原文原文鏈接

以上這道CCNA綜合實驗題來自於2010年湖南省計算機應用網絡管理員的一道操做題，看上去很容易，但對於基礎知識掌握不牢固且對Packet tracer 這個cisco模擬器不熟悉的人在規定的時間內要全都配置好仍是有必定的困難的，下面我就這道綜合題來一一解答：web

首先咱們得先看明白本實驗的需求（我總結了一下，一共有十一點）：安全

1，internet是ospf區域，不能經過OSPF邊緣路由器來增長到各企業網絡
   的靜態路由，通告全部的本地直連的網絡。
2，R1-R3 FR-DLCI任意。
3，分公司和總部都需NAT轉換上網
4，SW1-SW2兩交換機間實現跨交換機互通，並經過端口聚合增長帶寬，
5，總部與分部都經過一條默認路由通達INTERNET。
6，分部出口路由器與INTERNET之間是PPP封裝，
7，R1與R2之間PPP，PAP認證。
8，vlan 10只能ping通vlan 20 的www服務
9，W3交換機爲了局域網安全須要作相應的端口安全設置，並綁定相應的
   網與IP
10,由於vlan 10須要PC62臺，vlan 20須要280多臺PC，須要對172.16.0.0/16
   進行VLSM劃分，以最省IP地址的形式劃分VLAN。
11，server 0 充當DNS與web 服務器，而且總部與分部都能訪問web資源。
          那麼咱們能夠從以上需求看出須要作的配置大概有這幾個：端口聚合，VLSM劃分，ACL訪問控制，NAT網絡地址轉換，PPP封裝，PPP PAP認證，frame-relay幀中繼，端口安全，IP與MAC綁定，OSPF路由，VLAN劃分，DNS WEB配置，VTPvlan 中繼協議。既然分析了這些需求，那麼咱們如今就能夠用packet tracer去配置本實驗了。服務器

咱們分步進行，順序依次是總部-----INTERNET-----分部，網絡

總部配置以下：less

SW1：tcp

Building configuration...ide

hostname Switch
ip routing
!
interface FastEthernet0/1
no switchport
ip address 202.103.100.1 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
!i
interface Port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 172.16.0.254 255.255.254.0
ip access-group 101 in
ip nat inside
!
interface Vlan20
ip address 172.16.2.254 255.255.254.0
ip access-group 101 out
ip nat inside
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.103.100.2
!
access-list 100 permit ip 172.16.0.0 0.0.1.255 any
access-list 100 permit ip 172.16.2.0 0.0.0.127 any
access-list 101 permit tcp 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127 eq www
access-list 101 deny ip 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127
access-list 101 permit ip any any測試

!
line con 0
line vty 0 4
login
!
endui

SW2：Building configuration...spa

hostname Switch
!
interface FastEthernet0/1
!
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface Port-channel 1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
line con 0
line vty 0 4
login

end

-------------------------------------------------------------------------分部----------------------》》》
SW3：

Building configuration...

hostname Switch
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 100
switchport mode access
switchport port-security
!
interface FastEthernet0/3
switchport access vlan 200
switchport mode access
switchport port-security
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end

router 3:

Building configuration...

-encryption
!
hostname Router
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.2.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 202.103.100.18 255.255.255.252
ip nat outside
!
interface Serial1/1
no ip address
shutdown
!
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 100 interface Serial1/0 overload
ip nat inside source static tcp 192.168.1.2 80 202.103.100.18 80
ip nat inside source static udp 192.168.1.2 53 202.103.100.18 53
ip classless
ip route 0.0.0.0 0.0.0.0 202.103.100.17
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
!
line con 0
line vty 0 4
login
!
end

_________________________________________________internet配置_____________________

R3:

Building configuration...

hostname Router
!
interface Serial1/0
ip address 202.103.100.14 255.255.255.252
encapsulation frame-relay
frame-relay interface-dlci 301
!
interface Serial1/1
ip address 202.103.100.6 255.255.255.252
!
interface Serial1/2
ip address 202.103.100.17 255.255.255.252
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.16 0.0.0.3 area 0
network 202.103.100.12 0.0.0.3 area 0
network 202.103.100.4 0.0.0.3 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end

R2:

Building configuration...

hostname Router
!
interface FastEthernet0/0
ip address 202.103.100.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 202.103.100.9 255.255.255.252
clock rate 64000
!
interface Serial1/1
ip address 202.103.100.5 255.255.255.252
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.8 0.0.0.3 area 0
network 202.103.100.4 0.0.0.3 area 0
network 202.103.100.0 0.0.0.3 area 0
!
ip classless
!
line con 0
line vty 0 4
login
!
end

R1:

Building configuration...

hostname Router
!
interface Serial1/0
ip address 202.103.100.10 255.255.255.252
!
interface Serial1/1
ip address 202.103.100.13 255.255.255.252
encapsulation frame-relay
frame-relay interface-dlci 103
clock rate 64000
!
router ospf 100
log-adjacency-changes
network 202.103.100.12 0.0.0.3 area 0
network 202.103.100.8 0.0.0.3 area 0
!
ip classless
!
no cdp run
!
line con 0
line vty 0 4
login
!
end
-------------------------------應用服務器的配置就不去寫了-----------