網(wǎng)絡(luò)集成技術(shù)課程綜合實驗實驗報告

1、實驗名稱：網(wǎng)絡(luò)集成技術(shù)課程綜合實驗實驗?zāi)康模和ㄟ^實驗掌握基本的局域網(wǎng)集成技術(shù)的方法實驗環(huán)境：packet tracer 4.1實驗說明：1、x+y.x.y.16中，x代表班別，y代表學號最后兩位，比如網(wǎng)絡(luò)051班，學號為的同學，則他的ip地址為6, 2、router0右邊連接的網(wǎng)絡(luò)稱為內(nèi)部域網(wǎng)，左邊連接的網(wǎng)絡(luò)為外部網(wǎng)絡(luò)。實驗拓撲圖如下：實驗步驟：1 局域網(wǎng)基本規(guī)劃與配置：a、按圖所示內(nèi)部網(wǎng)絡(luò)劃分出4個VLAN，并且vlan的信息只能夠在switch0上編輯，通過配置vtp協(xié)議，統(tǒng)一網(wǎng)絡(luò)中vlan的配置信息；內(nèi)部網(wǎng)絡(luò)6個交換機，組成一個管理域，其中switch0為server

2、模式，其余5個交換機為client模式，管理域的名稱為cisco，認證密碼為123。配置代碼如下：Sever模式的配置：SwitchenSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)# vtp domain cisco ；配置管理域名稱Switch(config)#vtp password 123 ；配置管理域認證密碼Switch(config)#vtp mode server ；配置管理域模式Client模式的配置：SwitchenSwitch#conf tEnte

3、r configuration commands, one per line. End with CNTL/Z.Switch(config)# vtp domain ciscoSwitch(config)#vtp password 123Switch(config)#vtp mode client依次在6個交換機上把所有的級連端口配置為trunk模式，以下端口f0/1的配置代碼，其它端口依次類推：SwitchenSwitch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#inte

4、rface f0/1Switch(config-if)# switchport mode trunkb、給所有計算機設(shè)置正確的ip地址，網(wǎng)關(guān)；VLAN10的網(wǎng)絡(luò)地址：6/28，網(wǎng)關(guān)：0，可用ip范圍79VLAN20的網(wǎng)絡(luò)地址：2/28，網(wǎng)關(guān)：6，可用ip范圍35VLAN30的網(wǎng)絡(luò)地址：8/28，網(wǎng)關(guān)：2，可用ip范圍91VLAN40的網(wǎng)絡(luò)地址：66.51.1

5、5.64/28，網(wǎng)關(guān)：8，可用ip范圍57每個vlan的計算機，分別使用各自vlan的ip地址，網(wǎng)關(guān)。c、用router0實現(xiàn)VLAN間相互通信。要實現(xiàn)vlan間的通信，每一個vlan必須有一個網(wǎng)關(guān)。通過使用路由器的虛擬接口作為vlan的網(wǎng)關(guān)，這樣不同的vlan間的路由器就可以實現(xiàn)了，配置代碼如下：RouterenRouter#conf tRouter(config)#int f0/1Router(config-if)#ip add 54 ；設(shè)置外部網(wǎng)絡(luò)的網(wǎng)關(guān)Router(config-if)#

6、no shuRouter(config-if)#exitRouter(config)#int f0/0Router(config-if)#ip add 4 40 ；設(shè)置交換機的網(wǎng)關(guān)Router(config-if)#no shuRouter(config-if)#exitRouter(config)#int f0/0.10 ；進入子接口f0/0.10Router(config-subif)# encapsulation dot1Q 10 ；把子接口封裝上vlan 10的標記Router(config-subif)#ip add

7、0 40 ；設(shè)置子接口的ip地址，作為vlan 10的網(wǎng)關(guān)Router(config-subif)#no shu ；激活子接口Router(config-subif)#exitRouter(config)#int f0/0.20Router(config-subif)# encapsulation dot1Q 20Router(config-subif)#ip add 6 40Router(config-subif)#no shuRouter(config-subif)#exitRouter(config)#int f0/

8、0.30Router(config-subif)# encapsulation dot1Q 30Router(config-subif)#ip add 2 40Router(config-subif)#no shuRouter(config-subif)#exitRouter(config)#int f0/0.40Router(config-subif)# encapsulation dot1Q 40Router(config-subif)#ip add 8 40Router(config-subif)

9、#no shuRouter(config-subif)#endRouter#在管理域中服務(wù)器模式的交換機switch0上，添加vlan的數(shù)據(jù)信息，配置代碼如下：SwitchenSwitch#vlan databaseSwitch(vlan)#vlan 10Switch(vlan)#vlan 20Switch(vlan)#vlan 30Switch(vlan)#vlan 40Switch(vlan)#exitSwitch#把各個vlan中的計算機連接交換機的端口劃入對應(yīng)的vlan，配置代碼如下：SwitchenSwitch#conf tSwitch(config)#interface f0/5

10、Switch(config-if)#switchport access vlan 10Switch(config-if)#endSwitch#以上代碼是把交換機的f0/5端口劃入vlan 10，其它端口依次類推。2、網(wǎng)絡(luò)管理配置：a、配置交換機的ip，網(wǎng)關(guān)，要求內(nèi)部所有交換機只能允許pc2遠程管理。配置交換機的默認管理vlan 1的ip地址，并且設(shè)置vlan1的網(wǎng)關(guān)地址；要實現(xiàn)pc遠程管理交換機，則必須配置交換機的虛擬終端和enable密碼，配置代碼如下：VLAN1的網(wǎng)絡(luò)地址：0/28，網(wǎng)關(guān)：4，可用ip范圍3以

11、switch0為例，其它交換機依次類推:SwitchenSwitch#conf tSwitch(config)#enable password 123Switch(config)#line vty 0 15Switch(config-line)#password 456Switch(config-line)#loginSwitch(config-line)#exitSwitch(config)#ip default-gateway 4Switch(config)#interface vlan 1Switch(config-if)#ip add 1 255

12、.255.255.240Switch(config-if)#no shutdown Switch(config-if)#endSwitch#4、網(wǎng)絡(luò)安全配置（ACL）：a、內(nèi)部網(wǎng)絡(luò)中只有VLAN40可以訪問Server1的HTTP協(xié)議；access-list 101 permit tcp 4 5 host 8 eq 80access-list 101 permit tcp 55 host 8 eq 80access-list 101 deny tcp any host 66.5

13、1.15.18 eq 80access-list 101 permit ip any anyint f0/0.10 out ；應(yīng)用在f0/0.10端口的out方向上b、內(nèi)部網(wǎng)絡(luò)中只有vlan30訪問Server2的FTP協(xié)議；access-list 102 permit tcp 8 5 host 9 eq 20access-list 102 permit tcp 8 5 host 9 eq 21access-list 102 permit tcp 0.255.255

14、.255 host 9 eq 20access-list 102 permit tcp 55 host 9 eq 21access-list 102 deny tcp any host 9 eq 20access-list 102 deny tcp any host 9 eq 20access-list 102 permit ip any anyint f0/0.10 outc、VLAN20只允許來自PC2的訪問,拒絕任何其他訪問；access-list 1 permit

15、 host 7int f0/0.20 outd、內(nèi)部網(wǎng)絡(luò)只能訪問外部網(wǎng)絡(luò)的server0，外部網(wǎng)絡(luò)的pc只能訪問內(nèi)部網(wǎng)絡(luò)的server1和server2。access-list 103 permit ip host anyaccess-list 103 permit ip any host 8access-list 103 permit ip any host 9int f0/1 in綜合以上步驟，配置代碼如下在路由器router0上：RouterenRouter#conf tRouter(config)#acc

16、ess-list 101 permit tcp 4 5 host 8 eq 80Router(config)#access-list 101 permit tcp 8 5 host 9 eq 20Router(config)#access-list 101 permit tcp 8 5 host 9 eq 21Router(config)#access-list 101 permit tcp 0.255.255.

17、255 host 8 eq 80Router(config)#access-list 101 permit tcp 55 host 9 eq 20Router(config)#access-list 101 permit tcp 55 host 9 eq 21Router(config)#access-list 101 deny tcp any host 8 eq 80Router(config)#access-list 101

18、 deny tcp any host 9 eq 20Router(config)#access-list 101 deny tcp any host 9 eq 21Router(config)#access-list 101 permit ip any anyRouter(config)#int f0/0.10Router(config-subif)#ip access-group 101 outRouter(config-subif)#exitRouter(config)#access-list 1 permit host 7Rou

19、ter(config)#int f0/0.20Router(config-subif)#ip access-group 1 outRouter(config-subif)#exitRouter(config)#access-list 103 permit ip host anyRouter(config)#access-list 103 permit ip any host 8Router(config)#access-list 103 permit ip any host 9Router(config)#int f0/1Route

20、r(config-if)#ip access-group 103 inRouter(config-if)#endRouter#5、網(wǎng)絡(luò)優(yōu)化：用生成樹協(xié)議讓圖中三個交換機連接所出現(xiàn)的環(huán)中的所有端口都處于轉(zhuǎn)發(fā)狀態(tài)，具體如下：a、switch1和switch0的鏈路不允許vlan30的數(shù)據(jù)通過；Switch(config)#spanning-tree vlan 30 priority 4096(在switch2上)b、switch2和switch0的鏈路不允許vlan40的數(shù)據(jù)通過；Switch(config)#spanning-tree vlan 40 priority 4096(在switch1

21、上)c、switch1和switch2的鏈路不允許vlan10，20的數(shù)據(jù)通過。Switch(config)#spanning-tree vlan 1 priority 4096(在switch0上)Switch(config)#spanning-tree vlan 20 priority 4096(在switch0上)Switch(config)#spanning-tree vlan 10 priority 4096(在switch0上)實驗結(jié)束后，按照實驗報告的格式以電子稿的方式完成實驗報告，必須有以下內(nèi)容：1、實驗拓撲圖，整個網(wǎng)絡(luò)的ip分配表。2、每一個實驗步驟的主要配置過程。3、每個網(wǎng)

22、絡(luò)設(shè)備的running-config。（以附錄的形式）4、交換機的vtp，stp信息。（以附錄的形式）附錄Switch0running-config：Switch#show runBuilding configuration.Current configuration : 1303 bytes!version 12.1no service password-encryption!hostname Switch!enable password 123!spanning-tree vlan 1 priority 4096spanning-tree vlan 10 priority 4096span

23、ning-tree vlan 20 priority 4096!interface FastEthernet0/1 switchport mode trunk!interface FastEthernet0/2 switchport mode trunk!interface FastEthernet0/3!interface FastEthernet0/4 switchport mode trunk!interface FastEthernet0/5 switchport mode trunk!interface FastEthernet0/6!interface FastEthernet0/

24、7 switchport access vlan 10!interface FastEthernet0/8 switchport access vlan 10!interface FastEthernet0/9 switchport access vlan 10!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interf

25、ace FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24!interface GigabitEthernet1/1!interface GigabitEthernet1/2!inter

26、face Vlan1 ip address 1 40!ip default-gateway 4!line con 0!line vty 0 4 password 456 loginline vty 5 15 password 456 login!EndVtp：Switch#show vtp status VTP Version : 2Configuration Revision : 4Maximum VLANs supported locally : 64Number of existing VLANs : 9VTP Opera

27、ting Mode : ServerVTP Domain Name : ciscoVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x5F 0x0F 0xE3 0xB1 0xEE 0xF3 0x11 0x48 Configuration last modified by 1 at 3-1-93 00:03:59Local updater ID is 1 on interface Vl1 (lowest numbered

28、 VLAN interface found)Stp:Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000C.85B1.433E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address 000C.85B1.433E Aging

29、 Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Desg FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/4 Desg FWD 19 128.3 ShrFa0/5 Desg FWD 19 128.3 ShrVLAN0010 Spanning tree enabled protocol ieee Root ID Priority 4106 Address 000C.85B1.433E This bridge is the root Hello Time 2 sec Max

30、Age 20 sec Forward Delay 15 sec Bridge ID Priority 4106 (priority 4096 sys-id-ext 10) Address 000C.85B1.433E Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Desg FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/4 Desg FWD 19 128.3 ShrFa0/5 Desg FWD 19 128.3 ShrFa0/7 Desg FWD 19 128

31、.3 ShrFa0/8 Desg FWD 19 128.3 ShrFa0/9 Desg FWD 19 128.3 ShrVLAN0020 Spanning tree enabled protocol ieee Root ID Priority 4116 Address 000C.85B1.433E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4116 (priority 4096 sys-id-ext 20) Address 000C.85B1.4

32、33E Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Desg FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/4 Desg FWD 19 128.3 ShrFa0/5 Desg FWD 19 128.3 ShrVLAN0030 Spanning tree enabled protocol ieee Root ID Priority 4126 Address 0050.0FC5.4C8A Hello Time 2 sec Max Age 20 sec Forw

33、ard Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 000C.85B1.433E Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Desg FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/4 Root FWD 19 128.3 ShrFa0/5 Desg FWD 19 128.3 ShrVLAN0040 Spanning tree enabled pro

34、tocol ieee Root ID Priority 4136 Address 00D0.BAC0.C687 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32808 (priority 32768 sys-id-ext 40) Address 000C.85B1.433E Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3

35、 ShrFa0/4 Desg FWD 19 128.3 ShrFa0/5 Desg FWD 19 128.3 ShrSwitch1：Switch#show runBuilding configuration.Current configuration : 1128 bytes!version 12.2no service password-encryption!hostname Switch!enable password 123!spanning-tree vlan 40 priority 4096!interface FastEthernet0/1 switchport mode trun

36、k!interface FastEthernet0/2 switchport mode trunk!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6 switchport mode trunk!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEther

37、net0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet

38、0/22!interface FastEthernet0/23!interface FastEthernet0/24!interface GigabitEthernet1/1!interface GigabitEthernet1/2!interface Vlan1 ip address 2 40!ip default-gateway 4!line con 0!line vty 0 4 password 456 loginline vty 5 15 password 456 login!endVtp：Switch#show vtp

39、 status VTP Version : 2Configuration Revision : 4Maximum VLANs supported locally : 64Number of existing VLANs : 9VTP Operating Mode : ClientVTP Domain Name : ciscoVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x5F 0x0F 0xE3 0xB1 0xEE 0xF3 0x11 0x48 Conf

40、iguration last modified by 1 at 3-1-93 00:03:59Stp:Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address 000C.85B1.433E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00D0.BA

41、C0.C687 Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/6 Altn BLK 19 128.3 ShrVLAN0010 Spanning tree enabled protocol ieee Root ID Priority 4106 Address 000C.85B1.433E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge

42、 ID Priority 32778 (priority 32768 sys-id-ext 10) Address 00D0.BAC0.C687 Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/6 Altn BLK 19 128.3 ShrVLAN0020 Spanning tree enabled protocol ieee Root ID Priority 4116 Address 000C.85B1

43、.433E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 00D0.BAC0.C687 Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/6 Altn BLK 19 128.3 ShrVLAN0030 Spanning t

44、ree enabled protocol ieee Root ID Priority 4126 Address 0050.0FC5.4C8A Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 00D0.BAC0.C687 Aging Time 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Altn BLK 19 128.3 ShrFa0/2 De

45、sg FWD 19 128.3 ShrFa0/6 Root FWD 19 128.3 ShrVLAN0040 Spanning tree enabled protocol ieee Root ID Priority 4136 Address 00D0.BAC0.C687 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4136 (priority 4096 sys-id-ext 40) Address 00D0.BAC0.C687 Aging Time

46、 300Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Desg FWD 19 128.3 ShrFa0/2 Desg FWD 19 128.3 ShrFa0/6 Desg FWD 19 128.3 ShrSwitch2：Switch#show runBuilding configuration.Current configuration : 1128 bytes!version 12.2no service password-encryption!hostname Switch!enable password 123!spanning-tree vlan 30 priority 4096!interface FastEthernet0/1 switchport mode trunk!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4 switchport mode trunk!interface FastEthernet0/5!interface FastEthe