如需注册 @ccie.engineer、@ccde.engineer、@ccar.engineer、@hcie.engineer、@rhce.engineer 和 @cissp.engineer 邮箱,请点击这里。 |
(IP 地址、接口等有删改,原始题目请见:《典型网络设计与配置CCNA》期末试题A.doc)
实验环境:
操作系统:Windows 10(1607,14393.726,当时最新测试版),模拟器:GNS3 IOU for Windows 1.5.3(当时最新正式版)
- DNS、ISP、R1 和 R2 用的 IOU 镜像是:i86bi_linux-adventerprisek9-ms.155-2.T.bin
- SW1、SW2、SW3 和 SW4 用的 IOU 镜像是:i86bi_linux_l2-adventerprise-ms.nov11-2013-team_track(注意!这里不能使用这个 IOU 镜像:i86bi_linux_l2-advipservicesk9-ms.nov3_2015_high_iron,因为有 bug,PC1/2/3/4 会 ping 不通 R1 和 DNS)

实验要求和实验步骤:
某公司因业务发展需要,需组建公司的办公网络,并且由中国联通运营商提供上网服务,联通分配给公司的外网网络号为 113.59.115.192/28,联通的网关 IP 地址为 113.59.115.193/28,现公司业务需求和要求如下,请根据所学知识完成配置。
1、公司有总部和分部,总部有 4 个部门,财务部(vlan5)、技术部(vlan4)、后勤部(vlan3)、经理办(vlan2),为了提高公司宣传力度,需要配置一台 web 服务器。服务器所属的 vlan 为 vlan100,公司分部有销售部(vlan6)和采购部(vlan7),总部和分部之间采用专线相连。
2、公司总部的所有 vlan 和 vlan 网关都配置在核心交换机上(SW1),接入层交换机(SW2,SW3)采用 VTP 客户端自动学习,VTP 的域名为:hnkjedu,密码:123,采用 VTP 第 2 个版本。由于各个部门的主机数比较多,所以接入层交换 SW2 的 E0/1 – E0/3 属于 vlan2,接入层交换 SW2 的 E1/1 – E1/3 属于 vlan3,接入层交换 SW3 的 E0/1 – E0/3 属于 vlan4,接入层交换 SW3 的 E1/1 – E1/3 属于 vlan5 。
先配置 DNS、ISP 和 R1 的 IP 地址,接着配置 SW1/2/3 之间的 VTP,再配置 SW1 的 SVI 接口,最后配置 SW2/3 的接口划分:
DNS:
conf t int e 0/1 ip default-gateway 221.11.32.1 |
ISP:
conf t int e 0/1 |
R1:
conf t int e 0/3 |
SW1:
conf t int range e 0/0-1 int e 0/2 vtp domain hnkjedu vlan 2-5,100 int vlan 2 int vlan 3 int vlan 4 int vlan 5 int vlan 100 |
SW2:
conf t int e 0/0 vtp domain hnkjedu int range e 0/1-3 int range e 1/1-3 |
SW3:
conf t int e 0/0 vtp domain hnkjedu int range e 0/1-3 int range e 1/1-3 |
3、总部的 4 个部门的 PC 为了方便上网,采用自动获取 IP 地址的方式,DHCP 服务器放在核心交换机上(SW1),DHCP 服务器分配的 DNS 用公网的 DNS 服务器的 IP 地址,由于财务部有内部的服务器需要固定 IP 地址,所以财务部门网段需要在设置 DHCP 时排除,排除 IP 为这个网络最前面可用的 10 个 IP 地址,同时,要求所有 DHCP 地址池的名称采用 vlan + 编号的组成,如:vlan2 等。
在 SW1 上配置 DHCP Server:
SW1: ip dhcp pool vlan2 network 192.168.2.0 255.255.255.0 default-router 192.168.2.254 dns-server 221.11.32.2 ip dhcp pool vlan3 network 192.168.3.0 255.255.255.0 default-router 192.168.3.254 dns-server 221.11.32.2 ip dhcp pool vlan4 network 192.168.4.0 255.255.255.0 default-router 192.168.4.254 dns-server 221.11.32.2 ip dhcp pool vlan5 network 192.168.5.0 255.255.255.0 default-router 192.168.5.254 dns-server 221.11.32.2 exit ip dhcp excluded-address 192.168.5.1 192.168.5.10
然后在 PC1/2/3/4 上尝试通过 DHCP 来获得 IP 地址:
PC1> ip dhcp -r
DDORA IP 192.168.2.1/24 GW 192.168.2.254
PC2> ip dhcp -r
DDORA IP 192.168.3.1/24 GW 192.168.3.254
PC3> ip dhcp -r
DDORA IP 192.168.4.1/24 GW 192.168.4.254
PC4> ip dhcp -r
DDORA IP 192.168.5.11/24 GW 192.168.5.254
没问题,现在 PC1/2/3/4 都可以得到相应网段的 IP 地址了,而且 PC4(财务部)得到的第一个 IP 地址是 192.168.5.11,前 10 个 IP 地址都没有分配出去。
同时也可以看到网关和 DNS 服务器也设置成功了:
PC4> sh ip
NAME : PC4[1]
IP/MASK : 192.168.5.11/24
GATEWAY : 192.168.5.254
DNS : 221.11.32.2
DHCP SERVER : 192.168.5.254
DHCP LEASE : 85835, 86400/43200/75600
MAC : 00:50:79:66:68:03
LPORT : 10003
RHOST:PORT : 192.168.69.128:10017
MTU: : 1500

4、由于公司分部设备限制,又有两个部门,所以分部采用单臂路由实现 vlan 之间的通信,销售部(vlan6)的网关在 R2 路由器 E0/0 的第 6 个子接口上,采购部(vlan7)的网关在 R2 路由器 E0/0 的第 7 个子接口上,接入层交换机 SW4 按图接的端口分配 vlan 。
在 R2 和 SW4 上配置单臂路由:
R2:
conf t int e 0/0 |
SW4:
conf t vlan 6,7 int e 0/0 int e 0/1 int e 0/2 |
5、公司分部由于路由器功能限制,不可以配置 DCHP 服务,所以采用手动分配 IP 地址,具体地址参见拓扑图。
在 PC5 和 PC6 上手动设置 IP 地址,同时看它们能不能分别 ping 通自己的网关:
PC5> ip 192.168.6.1/24 192.168.6.254 Checking for duplicate address... PC1 : 192.168.6.1 255.255.255.0 gateway 192.168.6.254 PC5> ping 192.168.6.254 192.168.6.254 icmp_seq=1 timeout 84 bytes from 192.168.6.254 icmp_seq=2 ttl=255 time=1.000 ms 84 bytes from 192.168.6.254 icmp_seq=3 ttl=255 time=1.000 ms 84 bytes from 192.168.6.254 icmp_seq=4 ttl=255 time=0.000 ms 84 bytes from 192.168.6.254 icmp_seq=5 ttl=255 time=0.000 ms
PC6> ip 192.168.7.1/24 192.168.7.254 Checking for duplicate address... PC1 : 192.168.7.1 255.255.255.0 gateway 192.168.7.254 PC6> ping 192.168.7.254 84 bytes from 192.168.7.254 icmp_seq=1 ttl=255 time=0.000 ms 84 bytes from 192.168.7.254 icmp_seq=2 ttl=255 time=0.000 ms 84 bytes from 192.168.7.254 icmp_seq=3 ttl=255 time=0.000 ms 84 bytes from 192.168.7.254 icmp_seq=4 ttl=255 time=709.774 ms 84 bytes from 192.168.7.254 icmp_seq=5 ttl=255 time=0.501 ms
没有问题。
6、公司总部和分部三层设备间采用 RIPv2 动态路由,并且关闭自动汇总功能。在出口路由器 R1 上做默认路由指向中国联通运营商,核心交换机 SW1 和分部路由器 R2 通过 RIP 学习默认路由。
在 R1、R2 和 SW1 上配置 RIP 路由协议:
R1:
int s 2/0 ip route 0.0.0.0 0.0.0.0 113.59.115.193 router rip |
R2:
int s 2/0 router rip |
SW1: router rip version 2 no auto-summary network 192.168.1.0 network 192.168.2.0 network 192.168.3.0 network 192.168.4.0 network 192.168.5.0 network 192.168.100.0
可以看到 R2 上收到了从 R1 发过来的默认路由:
R2#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.5 to network 0.0.0.0
R* 0.0.0.0/0 [120/1] via 192.168.1.5, 00:00:14, Serial2/0
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
R 192.168.1.0/30 [120/1] via 192.168.1.5, 00:00:14, Serial2/0
C 192.168.1.4/30 is directly connected, Serial2/0
L 192.168.1.6/32 is directly connected, Serial2/0
R 192.168.2.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R 192.168.3.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R 192.168.4.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R 192.168.5.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly connected, Ethernet0/0.6
L 192.168.6.254/32 is directly connected, Ethernet0/0.6
192.168.7.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly connected, Ethernet0/0.7
L 192.168.7.254/32 is directly connected, Ethernet0/0.7
R 192.168.100.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
SW1 上也收到了从 R1 发过来的默认路由:
SW1#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
R* 0.0.0.0/0 [120/1] via 192.168.1.2, 00:00:03, Ethernet0/3
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Ethernet0/3
L 192.168.1.1/32 is directly connected, Ethernet0/3
R 192.168.1.4/30 [120/1] via 192.168.1.2, 00:00:03, Ethernet0/3
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Vlan2
L 192.168.2.254/32 is directly connected, Vlan2
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Vlan3
L 192.168.3.254/32 is directly connected, Vlan3
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly connected, Vlan4
L 192.168.4.254/32 is directly connected, Vlan4
192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly connected, Vlan5
L 192.168.5.254/32 is directly connected, Vlan5
R 192.168.6.0/24 [120/2] via 192.168.1.2, 00:00:03, Ethernet0/3
R 192.168.7.0/24 [120/2] via 192.168.1.2, 00:00:03, Ethernet0/3
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.254/32 is directly connected, Vlan100

7、公司内部服务器在出口路由器上做相应的内网和外网静态映射,其对应的公网 IP 地址为113.59.115.195/28。同时,公司申请了一个名为 abc.com 的域名,在公网 DNS 服务器上开启 DNS 服务并添加解析,使整个网络的任何一台计算机都可以通过 www.abc.com 打开网站访问服务器。
8、公司总部和分部的所有 PC 机都通过 R1 连接外网,采用动态映射的方式实现。其 NAT 地址池名称为 lt (联通拼音的第一个字母),可用公网 IP 地址范围为剩下的所有外网 IP 地址。其内网转换列表编号 1。
先配置公司内部服务器在出口路由器上的 NAT 静态映射,再配置所有 PC 在出口路由器上的 NAT 动态映射,最后配置 DNS 服务器:
R1: ip nat inside source static 192.168.100.1 113.59.115.195 int e 0/0 ip nat outside int e 0/3 ip nat inside int s 2/0 ip nat inside access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255 access-list 1 permit 192.168.5.0 0.0.0.255 access-list 1 permit 192.168.6.0 0.0.0.255 access-list 1 permit 192.168.7.0 0.0.0.255 ip nat pool It 113.59.115.196 113.59.115.206 prefix-length 28 ip nat inside source list 1 pool It overload
现在所有 PC 和公司内部服务器都可以 ping 通 DNS 服务器了:
PC1> ping 221.11.32.2
221.11.32.2 icmp_seq=1 timeout
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=2.526 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.199 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.850 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=1.925 ms
PC2> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.740 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.830 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.094 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.904 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.470 ms
PC3> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=2.928 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=2.022 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.578 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=2.002 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.061 ms
PC4> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.546 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.636 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=1.987 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=2.677 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.029 ms
PC5> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=13.017 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=10.482 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=12.894 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=13.017 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=12.913 ms
PC6> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=12.884 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=10.430 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=10.530 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=10.399 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=31.575 ms
Server> ip 192.168.100.1/24 192.168.100.254
Checking for duplicate address...
PC1 : 192.168.100.1 255.255.255.0 gateway 192.168.100.254
Server> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.992 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.682 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=1.555 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.442 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=1.428 ms
再配置 DNS 服务器:
ip dns server ip domain-lookup ip name-server 221.11.32.2 ip host www.abc.com 113.59.115.195
现在所有 PC 都可以通过 www.abc.com 域名来访问公司内部服务器了:
PC1> ping www.abc.com www.abc.com resolved to 192.168.100.1 www.abc.com icmp_seq=1 timeout www.abc.com icmp_seq=2 timeout 84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.018 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.015 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.027 ms PC2> ping www.abc.com www.abc.com resolved to 192.168.100.1 84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.863 ms 84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.051 ms 84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.146 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.040 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=0.985 ms PC3> ping www.abc.com www.abc.com resolved to 192.168.100.1 84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.705 ms 84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.138 ms 84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=0.993 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.070 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.122 ms PC4> ping www.abc.com www.abc.com resolved to 192.168.100.1 84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.747 ms 84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.015 ms 84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.060 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=0.932 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.072 ms PC5> ip dns 221.11.32.2 PC5> ping www.abc.com www.abc.com resolved to 192.168.100.1 84 bytes from 192.168.100.1 icmp_seq=1 ttl=61 time=9.931 ms 84 bytes from 192.168.100.1 icmp_seq=2 ttl=61 time=10.400 ms 84 bytes from 192.168.100.1 icmp_seq=3 ttl=61 time=31.880 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=61 time=31.416 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=61 time=31.554 ms PC6> ip dns 221.11.32.2 PC6> ping www.abc.com www.abc.com resolved to 192.168.100.1 www.abc.com icmp_seq=1 timeout www.abc.com icmp_seq=2 timeout 84 bytes from 192.168.100.1 icmp_seq=3 ttl=61 time=10.013 ms 84 bytes from 192.168.100.1 icmp_seq=4 ttl=61 time=9.971 ms 84 bytes from 192.168.100.1 icmp_seq=5 ttl=61 time=10.007 ms
9、按照图上所标的要求,更改所有设备的主机名称。(忽略,因为 GNS3 IOU 默认已经改好所有设备的主机名称)
10、为了保证公司总部和分部之间的数据通信安全,在相应的接口上启用 PPP 协议,并且采用双向 chap 认证,认证密码为 123。
R1:
username R2 password 123 int s 2/0 |
R2:
username R1 password 123 int s 2/0 |

11、为了保证公司财务部门的数据安全,公司分部所有 PC 机不允许任何基于 IP 协议的数据访问财务部的任何 PC 机,其访问控制列表的编号为 100,但是与其它部门数据交换不受影响。
先看看 PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)是否能 ping 通 PC4(公司总部的财务部):
PC1> ping 192.168.5.11 192.168.5.11 icmp_seq=1 timeout 192.168.5.11 icmp_seq=2 timeout 84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.433 ms 84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.272 ms 84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.361 ms PC2> ping 192.168.5.11 192.168.5.11 icmp_seq=1 timeout 84 bytes from 192.168.5.11 icmp_seq=2 ttl=63 time=1.185 ms 84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.407 ms 84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.252 ms 84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.241 ms PC3> ping 192.168.5.11 192.168.5.11 icmp_seq=1 timeout 84 bytes from 192.168.5.11 icmp_seq=2 ttl=63 time=1.509 ms 84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.189 ms 84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.227 ms 84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.324 ms PC5> ping 192.168.5.11 84 bytes from 192.168.5.11 icmp_seq=1 ttl=61 time=10.422 ms 84 bytes from 192.168.5.11 icmp_seq=2 ttl=61 time=10.404 ms 84 bytes from 192.168.5.11 icmp_seq=3 ttl=61 time=10.457 ms 84 bytes from 192.168.5.11 icmp_seq=4 ttl=61 time=10.512 ms 84 bytes from 192.168.5.11 icmp_seq=5 ttl=61 time=31.630 ms PC6> ping 192.168.5.11 84 bytes from 192.168.5.11 icmp_seq=1 ttl=61 time=31.819 ms 84 bytes from 192.168.5.11 icmp_seq=2 ttl=61 time=31.761 ms 84 bytes from 192.168.5.11 icmp_seq=3 ttl=61 time=16.003 ms 84 bytes from 192.168.5.11 icmp_seq=4 ttl=61 time=14.302 ms 84 bytes from 192.168.5.11 icmp_seq=5 ttl=61 time=12.788 ms
可以 ping 通。
再在 SW1 上对公司分部来的流量做过滤:
SW1: access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 permit ip any any int e 0/3 ip access-group 100 in int vlan 2 ip access-group 100 in int vlan 3 ip access-group 100 in int vlan 4 ip access-group 100 in
PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)再 ping 一次 PC4(公司总部的财务部):
PC1> ping 192.168.5.11 *192.168.2.254 icmp_seq=1 ttl=255 time=0.599 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.2.254 icmp_seq=2 ttl=255 time=0.830 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.2.254 icmp_seq=3 ttl=255 time=0.766 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.2.254 icmp_seq=4 ttl=255 time=0.777 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.2.254 icmp_seq=5 ttl=255 time=0.746 ms (ICMP type:3, code:13, Communication administratively prohibited) PC2> ping 192.168.5.11 *192.168.3.254 icmp_seq=1 ttl=255 time=0.711 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.3.254 icmp_seq=2 ttl=255 time=0.789 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.3.254 icmp_seq=3 ttl=255 time=1.787 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.3.254 icmp_seq=4 ttl=255 time=0.836 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.3.254 icmp_seq=5 ttl=255 time=0.848 ms (ICMP type:3, code:13, Communication administratively prohibited) PC3> ping 192.168.5.11 *192.168.4.254 icmp_seq=1 ttl=255 time=0.691 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.4.254 icmp_seq=2 ttl=255 time=0.822 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.4.254 icmp_seq=3 ttl=255 time=0.783 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.4.254 icmp_seq=4 ttl=255 time=0.830 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.4.254 icmp_seq=5 ttl=255 time=0.867 ms (ICMP type:3, code:13, Communication administratively prohibited) PC5> ping 192.168.5.11 *192.168.1.1 icmp_seq=1 ttl=253 time=10.418 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=2 ttl=253 time=10.014 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=3 ttl=253 time=38.153 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=4 ttl=253 time=7.402 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=5 ttl=253 time=7.395 ms (ICMP type:3, code:13, Communication administratively prohibited) PC6> ping 192.168.5.11 *192.168.1.1 icmp_seq=1 ttl=253 time=31.730 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=2 ttl=253 time=5.449 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=3 ttl=253 time=5.429 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=4 ttl=253 time=10.423 ms (ICMP type:3, code:13, Communication administratively prohibited) *192.168.1.1 icmp_seq=5 ttl=253 time=10.481 ms (ICMP type:3, code:13, Communication administratively prohibited)
显然,通信已经被禁止(即无法通信)。
但 PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)之间还是可以正常通信的,以 PC1、PC5 和 PC6 为例:
PC1> ping 192.168.3.1 84 bytes from 192.168.3.1 icmp_seq=1 ttl=63 time=1.180 ms 84 bytes from 192.168.3.1 icmp_seq=2 ttl=63 time=1.305 ms 84 bytes from 192.168.3.1 icmp_seq=3 ttl=63 time=1.322 ms 84 bytes from 192.168.3.1 icmp_seq=4 ttl=63 time=1.256 ms 84 bytes from 192.168.3.1 icmp_seq=5 ttl=63 time=1.329 ms PC1> ping 192.168.4.1 84 bytes from 192.168.4.1 icmp_seq=1 ttl=63 time=2.950 ms 84 bytes from 192.168.4.1 icmp_seq=2 ttl=63 time=1.313 ms 84 bytes from 192.168.4.1 icmp_seq=3 ttl=63 time=1.257 ms 84 bytes from 192.168.4.1 icmp_seq=4 ttl=63 time=1.210 ms 84 bytes from 192.168.4.1 icmp_seq=5 ttl=63 time=1.251 ms PC1> ping 192.168.6.1 84 bytes from 192.168.6.1 icmp_seq=1 ttl=61 time=10.676 ms 84 bytes from 192.168.6.1 icmp_seq=2 ttl=61 time=10.678 ms 84 bytes from 192.168.6.1 icmp_seq=3 ttl=61 time=11.069 ms 84 bytes from 192.168.6.1 icmp_seq=4 ttl=61 time=10.700 ms 84 bytes from 192.168.6.1 icmp_seq=5 ttl=61 time=10.679 ms PC1> ping 192.168.7.1 84 bytes from 192.168.7.1 icmp_seq=1 ttl=61 time=10.607 ms 84 bytes from 192.168.7.1 icmp_seq=2 ttl=61 time=31.757 ms 84 bytes from 192.168.7.1 icmp_seq=3 ttl=61 time=10.889 ms 84 bytes from 192.168.7.1 icmp_seq=4 ttl=61 time=10.886 ms 84 bytes from 192.168.7.1 icmp_seq=5 ttl=61 time=11.249 ms PC5> ping 192.168.2.1 84 bytes from 192.168.2.1 icmp_seq=1 ttl=61 time=10.403 ms 84 bytes from 192.168.2.1 icmp_seq=2 ttl=61 time=10.409 ms 84 bytes from 192.168.2.1 icmp_seq=3 ttl=61 time=10.501 ms 84 bytes from 192.168.2.1 icmp_seq=4 ttl=61 time=38.611 ms 84 bytes from 192.168.2.1 icmp_seq=5 ttl=61 time=22.086 ms PC5> ping 192.168.3.1 192.168.3.1 icmp_seq=1 timeout 192.168.3.1 icmp_seq=2 timeout 84 bytes from 192.168.3.1 icmp_seq=3 ttl=61 time=10.513 ms 84 bytes from 192.168.3.1 icmp_seq=4 ttl=61 time=10.511 ms 84 bytes from 192.168.3.1 icmp_seq=5 ttl=61 time=10.391 ms PC5> ping 192.168.4.1 192.168.4.1 icmp_seq=1 timeout 192.168.4.1 icmp_seq=2 timeout 84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=10.917 ms 84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=31.866 ms 84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=38.274 ms PC5> ping 192.168.7.1 192.168.7.1 icmp_seq=1 timeout 192.168.7.1 icmp_seq=2 timeout 84 bytes from 192.168.7.1 icmp_seq=3 ttl=63 time=1.380 ms 84 bytes from 192.168.7.1 icmp_seq=4 ttl=63 time=1.198 ms 84 bytes from 192.168.7.1 icmp_seq=5 ttl=63 time=1.213 ms PC6> ping 192.168.2.1 84 bytes from 192.168.2.1 icmp_seq=1 ttl=61 time=10.847 ms 84 bytes from 192.168.2.1 icmp_seq=2 ttl=61 time=10.427 ms 84 bytes from 192.168.2.1 icmp_seq=3 ttl=61 time=10.769 ms 84 bytes from 192.168.2.1 icmp_seq=4 ttl=61 time=10.490 ms 84 bytes from 192.168.2.1 icmp_seq=5 ttl=61 time=10.406 ms PC6> ping 192.168.3.1 84 bytes from 192.168.3.1 icmp_seq=1 ttl=61 time=10.387 ms 84 bytes from 192.168.3.1 icmp_seq=2 ttl=61 time=10.410 ms 84 bytes from 192.168.3.1 icmp_seq=3 ttl=61 time=10.420 ms 84 bytes from 192.168.3.1 icmp_seq=4 ttl=61 time=31.710 ms 84 bytes from 192.168.3.1 icmp_seq=5 ttl=61 time=38.459 ms PC6> ping 192.168.4.1 84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=13.160 ms 84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=10.456 ms 84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=11.971 ms 84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=8.468 ms 84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=10.583 ms PC6> ping 192.168.6.1 84 bytes from 192.168.6.1 icmp_seq=1 ttl=63 time=1.491 ms 84 bytes from 192.168.6.1 icmp_seq=2 ttl=63 time=1.118 ms 84 bytes from 192.168.6.1 icmp_seq=3 ttl=63 time=1.380 ms 84 bytes from 192.168.6.1 icmp_seq=4 ttl=63 time=1.559 ms 84 bytes from 192.168.6.1 icmp_seq=5 ttl=63 time=2.652 ms
12、各个三层设备之间的网络已经在拓扑图中有标明。在相应的串行接口上配置时钟频率,其数值为 9600。
R1:
int s 2/0 |
R2:
int s 2/0 |
注意:IOU 没有这条命令:clock rate 9600,只有这一条:clock rate threshold 9600 。
本文完。如有疑问,欢迎在下方留言;如本文有什么错误,欢迎在下方留言指正,谢谢。
给力,对照自己做的实验可以很快的发现自己的不足在哪里。很少网站有累死的综合实验如此详细的流程介绍..博主加油!
谢谢 ~