思科配置HSRPospfripNATACL以及定时ACL配置和路由重分发大型网络综合实验题Word格式.docx
《思科配置HSRPospfripNATACL以及定时ACL配置和路由重分发大型网络综合实验题Word格式.docx》由会员分享,可在线阅读,更多相关《思科配置HSRPospfripNATACL以及定时ACL配置和路由重分发大型网络综合实验题Word格式.docx(13页珍藏版)》请在冰豆网上搜索。
另外R4可以telnet到Server上
8.配置ACL要求在周一到周五的8:
30到17:
30之禁止工去登设设设设设设设设QQ,除此以外在所有设
设设设设设设设设设设设设设设设段要求保工能正常的去外网的WWW,FTP,SMTP,TELNET设设设设些服,禁
止工去其他的服。
设设设设设设设设设设设
我先用GNS3搭建起来的拓扑设
注意,明:
实实实实实
本文中的所有命令都是写的,因思科的命令都是支持写的实实实实实实实实实实实实实实实实实实先敲所有网的配命令先实实实实实实实实实
En
Configt
Enablepassword1234
Noipdomain-lo
Linecon0
Password1234
Noexec-t
Loggingsyn
配置地址
R1
Interf0/0
Ipadd10.255.0.5255.255.255.252Noshut
Interf1/0
Ipadd10.255.0.9255.255.255.252Noshut
Interf2/0
Ipadd10.255.0.1255.255.255.252Noshut
Interf3/0
Ipadd202.1.10.1255.255.255.252Noshut
R2
Ipadd10.255.0.2255.255.255.252
Noshut
R3
Ipadd10.255.0.13255.255.255.252Noshut
Interlo0
Ipadd10.100.0.3255.255.255.0Noshut
Interlo1
Ipadd10.100.1.3255.255.255.0Noshut
Interlo2
Ipadd10.100.2.3255.255.255.0Noshut
Interlo3
Ipadd10.100.3.3255.255.255.0Noshut
Interlo4
Ipadd10.100.4.3255.255.255.0Noshut
Interlo5
Ipadd10.100.5.3255.255.255.0Noshut
Interlo6
Ipadd10.100.6.3255.255.255.0Noshut
Interlo7
Ipadd10.100.7.3255.255.255.0Noshut
R4
Ipadd202.1.10.2255.255.255.252Noshut
Ipadd200.1.20.1255.255.255.255Exit
Sw1
Iprouting(三交机启路由功能实实实实实实实实实实)
Noswitchport(实实实实实实启三路由功能)
Ipadd10.255.0.6255.255.255.252Noshut
Interf0/10
Ipadd10.255.0.14255.255.255.252Noshut
Interrangef0/14-15,做以太通道,
Swmotr(接口做实trunk模式)
Interrangef0/1-2
Swmotr
Exit
Sw2
Iprouting
Nosw
Interrangef0/14-15
Sw3
Interrangef0/0-1
Sw4
在SW1、SW2、SW3、SW4上配置VTP,SW1和SW2是server模式,SW3和SW4是客设
机模式。
域名设benet,密设设cisco。
添加VLAN10、VLAN50、VLAN80、VLAN90设4个
VLAN
并按照要求配置vlan地址
Vlanda
Vtpdomainbenet
Vtppasswordcisco
Vlan10namevlan10
Vlan50namevlan50
Vlan80namevlan80
Vlan90namevlan90
Intervlan10
Ipadd10.255.10.1255.255.255.0Noshut
Intervlan50
Ipadd10.255.50.1255.255.255.0Noshut
Intervlan80
Ipadd10.255.80.1255.255.255.0Noshut
Intervlan90
Ipadd10.255.90.1255.255.255.0Noshut
Ipadd10.255.10.2255.255.255.0Noshut
Ipadd10.255.50.2255.255.255.0
Ipadd10.255.80.2255.255.255.0
Ipadd10.255.90.2255.255.255.0
Vtpclient
SW1和SW2上配置HSRP,要求SW1是VLAN10和VLAN50的活路由器,设设设设设SW2是
VLAN80和VLAN90的活路由器设设设设
Standby1ip10.255.10.254Standby1priority150Standby1preempt
Standby1trackf0/0100Intervlan50
Standby5ip10.255.50.254Standby5priority150Standby5preempt
Standby5trackf0/0100Intervlan80
Standby8ip10.255.80.254Standby8pri100
Standby8pree
Standby9ip10.255.90.254Standby9pri100
Standby9pree
exit
Standby8ip10.255.80.254Standby8priority150
Standby8preempt
Standby8trackf0/0100Intervlan90
Standby9ip10.255.90.254Standby9priority150
Standby9preempt
Standby9trackf0/0100Intervlan10
Standby1ip10.255.10.254Standby1pri100
Standby1pree
Standby5ip10.255.50.254Standby5pri100
Standby5pree
配置PVST设设设设设设设设设设流量的均衡,在配置PVST设设注意与HSRP设设Sw1
Spanning-treevlan10priority4096Spanning-treevlan50priority4096Sw2
Spanning-treevlan80priority4096Spanning-treevlan90priority4096
Interf0/2
Switchportmodeaccess
Swaccessvlan10
Interf0/3
Swaccvlan50
Swaccvlan80
Swaccvlan90
Pc1
Noiprouting(因是路由器模的设设设设设设设设PC所以需要路由功能,后面的都一设设设设设设设设设设设设设)Interf0/0
Ipadd10.255.10.10255.255.255.0Noshut
Ipdefault-ga10.255.10.254Pc2
Noiprouting
Ipadd10.255.50.50255.255.255.0Noshut
Ipdefault-g10.255.50.254Server
Ipadd10.255.80.80255.255.255.0Noshut
Ipdefault-g10.255.80.254Linevty04
Login
Pc3
Ipadd10.255.90.90255.255.255.0Noshut
Ipdefault-ga10.255.90.254R1和R2之属于设设设area8,R1和SW1,SW2之属于设设设area0,SW1和SW2上所有VLAN
接口属于area10.SW1和R3之是属于设设设设RIP区域的。
要求配置RIP和OSPF设设设设设网之
能通信。
把设设设设设Area8配置完全末梢区域
Iproute0.0.0.00.0.0.0202.1.10.2
Routerospf1
Router-id1.1.1.1
Network10.255.0.00.0.0.3area8Network10.255.0.40.0.0.3area0Network10.255.0.80.0.0.3area0area8stubno-summary
default-informationoriginateexit
r2
routerospf1
router-id2.2.2.2
network10.255.0.00.0.0.3area8area8stubno-summary
r3
routerrip
version2
noauto-summ
network10.100.0.0
network10.100.1.0
network10.100.2.0
network10.100.3.0
network10.100.4.0
network10.100.5.0
network10.100.6.0
network10.100.7.0
network10.255.0.12
sw1
router-id3.3.3.3
network10.255.0.40.0.0.3area0network10.255.10.00.0.0.255area10network10.255.50.00.0.0.255area10network10.255.80.00.0.0.255area10network10.255.90.00.0.0.255area10redistributeripmetric200subnetssummary-address10.100.0.0255.255.248.0exit
network10.255.0.12
redistributeospf1metric3exit
sw2
router-id4.4.4.4
network10.255.0.80.0.0.3area0network10.255.10.00.0.0.255area10network10.255.50.00.0.0.255area10network10.255.80.00.0.0.255area10
network10.255.90.00.0.0.255area10exit
r4
iproute0.0.0.00.0.0.0202.1.10.1exit
实实,用PC机或者server机Ping实实R1或者R4上的地址
在R1上配置PAT设设内网的所有PC能去设设设设200.1.20.1设设设个地址。
R1:
Access-list1permitany
Ipnatpoolyang200.1.10.1200.1.10.1netmask255.255.255.0
Ipnatinsidesourcelist1poolyangoverload
Ipnatoutside
Ipnatinside
用命令debugipnat实实实实是否
配置ACL要求在周一到周五的8:
30之禁止工去登设设设设设设设设QQ,除此以外在所有设设
段要求保工能正常的去外网的设设设设设设设设设设设设设设WWW,FTP,SMTP,TELNET设设设设设设些服,禁止
工去其他的服。
设设设设设设设设
r1(config)#Time-rangeyangjun
r1(config-time-range)#Periodicweekdays8:
30to17:
30r1(config-time-range)#Exit
r1(config)#Ipaccess-listextendedtian
r1(config-ext-nacl)#Denyudpanyanyeq4000time-rangeyangjunr1(config-ext-nacl)#Denyudpanyanyeq8000time-rangeyangjunr1(config-ext-nacl)#Permittcpanyanyeq80r1(config-ext-nacl)#Permittcpanyanyeq25r1(config-ext-nacl)#Permittcpanyanyeq21r1(config-ext-nacl)#Permittcpanyanyeq23r1(config-ext-nacl)#Interf3/0
r1(config-if)#Ipaccess-grouptianout
升级会员 