1、5、 配置动态路由协议OSPF6、 配置NAT,其公网的地址池为99.1.1.0/287、 在所有接入层交换机的接口上配置端口安全,最大数为3,违规则关闭接口8、 在VLAN10中有两台服务,分别WEB和FTP服务器,需要发布到互联网上,其公网地址为99.1.1.9和99.1.1.109、 财务部不能访问互联网,而客房部只能访问互联的WEB和MAIL服务,其它的不受限制实验拓扑:编址规划:客房部:网络号:192.168.1.0 /24网关:192.168.1.1 /24实验用址:192.168.1.10 /24技术部:192.168.2.0 /24192.168.2.1 /24192.168.
2、2.10 /24管理部:192.168.3.0 /24192.168.3.1 /24192.168.3.10 /24服务部:192.168.4.0 /24192.168.4.1 /24192.168.4.10 /24财务部:192.168.5.0 /24192.168.5.1 /24192.168.5.10 /24服务器:192.168.6.0 /24192.168.6.1 /24WEB服务器用址:192.168.6.10 /24FTP服务器用址:192.168.6.20 /24osfp域地址:MSW0 f0/1接口:172.16.1.2 /24MSW1 f0/1接口:172.16.2.2 /
3、24RA f0/0接口:172.16.1.1 /24RA f0/1接口:172.16.2.1 /24实验设备:Cisco 2811 Router x2Cisco 3560-24PS Switch x2Cisco 2960-24TT Switch x2PC x5Server服务器 x2实施步骤MSW0spanning-tree mode rapid-pvstspanning-tree vlan 13-15 priority 4096spanning-tree vlan 10-12 priority 8192interface FastEthernet0/1 no switchport ip ad
4、dress 172.16.1.2 255.255.255.0 duplex auto speed autointerface FastEthernet0/9 switchport mode trunkinterface FastEthernet0/10interface FastEthernet0/11 channel-group 1 mode oninterface FastEthernet0/12interface Port-channel 1interface Vlan1 no ip address shutdowninterface Vlan10 ip address 192.168.
5、6.1 255.255.255.0interface Vlan11 ip address 192.168.1.1 255.255.255.0interface Vlan12 ip address 192.168.2.1 255.255.255.0interface Vlan13 ip address 192.168.3.2 255.255.255.0interface Vlan14 ip address 192.168.4.2 255.255.255.0interface Vlan15 ip address 192.168.5.2 255.255.255.0ip access-group 10
6、0 outrouter ospf 1 log-adjacency-changes network 192.168.1.0 0.0.0.255 area 0network 192.168.2.0 0.0.0.255 area 0network 192.168.3.0 0.0.0.255 area 0 network 192.168.4.0 0.0.0.255 area 0network 192.168.5.0 0.0.0.255 area 0network 192.168.6.0 0.0.0.255 area 0network 172.16.1.0 0.0.0.255 area 0access-
7、list 100 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255MSW1spanning-tree vlan 10-12 priority 4096spanning-tree vlan 13-15 priority 8192 ip address 172.16.2.2 255.255.255.0 ip address 192.168.6.2 255.255.255.0 ip address 192.168.
8、1.2 255.255.255.0 ip address 192.168.2.2 255.255.255.0 ip address 192.168.3.1 255.255.255.0 ip address 192.168.4.1 255.255.255.0 ip address 192.168.5.1 255.255.255.0network 172.16.2.0 0.0.0.255 area 0RAinterface FastEthernet0/0 ip address 172.16.1.1 255.255.255.0 ip nat inside ip address 172.16.2.1
9、255.255.255.0interface Serial0/0/0 ip address 99.1.1.2 255.255.255.0 encapsulation ppp ppp authentication chap ip access-group 100 out ip nat outside network 172.16.1.0 0.0.0.255 area 0 network 99.1.1.0 0.0.0.15 area 0ip nat pool 1 99.1.1.3 99.1.1.14 netmask 255.255.255.240ip nat inside source list
10、10 pool 1 overloadip nat inside source static 192.168.6.10 99.1.1.9 ip nat inside source static 192.168.6.20 99.1.1.10 access-list 10 permit 192.168.1.0 0.0.0.255access-list 10 permit 192.168.2.0 0.0.0.255access-list 10 permit 192.168.3.0 0.0.0.255access-list 10 permit 192.168.4.0 0.0.0.255access-list 10 permit 192.168.5.0 0.0.0.255access-list 10 permit 172.16.1.0 0.0.0.255access-list 10 permit 172.16.2.0 0.0.0.255access-list 100 deny ip 192.168.5.0 0.0.0.255 anyaccess-li
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1