【综合实验】海南科技职业学院 2016 – 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

如需注册 @ccie.engineer、@ccde.engineer、@ccar.engineer、@hcie.engineer、@rhce.engineer 和 @cissp.engineer 邮箱,请点击这里

【综合实验】海南科技职业学院 2016 - 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

(IP 地址、接口等有删改,原始题目请见:《典型网络设计与配置CCNA》期末试题A.doc

实验环境:

操作系统:Windows 10(1607,14393.726,当时最新测试版),模拟器:GNS3 IOU for Windows 1.5.3(当时最新正式版)

【综合实验】海南科技职业学院 2016 - 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)
【综合实验】海南科技职业学院 2016 – 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

实验要求和实验步骤:

某公司因业务发展需要,需组建公司的办公网络,并且由中国联通运营商提供上网服务,联通分配给公司的外网网络号为 113.59.115.192/28,联通的网关 IP 地址为 113.59.115.193/28,现公司业务需求和要求如下,请根据所学知识完成配置。

1、公司有总部和分部,总部有 4 个部门,财务部(vlan5)、技术部(vlan4)、后勤部(vlan3)、经理办(vlan2),为了提高公司宣传力度,需要配置一台 web 服务器。服务器所属的 vlan 为 vlan100,公司分部有销售部(vlan6)和采购部(vlan7),总部和分部之间采用专线相连。

2、公司总部的所有 vlan 和 vlan 网关都配置在核心交换机上(SW1),接入层交换机(SW2,SW3)采用 VTP 客户端自动学习,VTP 的域名为:hnkjedu,密码:123,采用 VTP 第 2 个版本。由于各个部门的主机数比较多,所以接入层交换 SW2 的 E0/1 – E0/3 属于 vlan2,接入层交换 SW2 的 E1/1 – E1/3 属于 vlan3,接入层交换 SW3 的 E0/1 – E0/3 属于 vlan4,接入层交换 SW3 的 E1/1 – E1/3 属于 vlan5 。

先配置 DNS、ISP 和 R1 的 IP 地址,接着配置 SW1/2/3 之间的 VTP,再配置 SW1 的 SVI 接口,最后配置 SW2/3 的接口划分:

DNS:

conf t
no ip routing

int e 0/1
ip add 221.11.32.2 255.255.255.252
no sh

ip default-gateway 221.11.32.1

ISP:

conf t
int e 0/0
ip add 113.59.115.193 255.255.255.240
no sh

int e 0/1
ip add 221.11.32.1 255.255.255.252
no sh

R1:

conf t
int e 0/0
ip add 113.59.115.194 255.255.255.240
no sh

int e 0/3
ip add 192.168.1.2 255.255.255.252
no sh

SW1:

conf t
int e 0/3
no switchport
ip add 192.168.1.1 255.255.255.252
no sh

int range e 0/0-1
switchport trunk encapsulation dot1q
switchport mode trunk
no sh

int e 0/2
switchport mode access
switchport access vlan 100
no sh

vtp domain hnkjedu
vtp version 2
vtp mode server
vtp password 123

vlan 2-5,100

int vlan 2
ip add 192.168.2.254 255.255.255.0
no sh

int vlan 3
ip add 192.168.3.254 255.255.255.0
no sh

int vlan 4
ip add 192.168.4.254 255.255.255.0
no sh

int vlan 5
ip add 192.168.5.254 255.255.255.0
no sh

int vlan 100
ip add 192.168.100.254 255.255.255.0
no sh

SW2:

conf t
no ip routing

int e 0/0
switchport trunk encapsulation dot1q
switchport mode trunk
no sh

vtp domain hnkjedu
vtp version 2
vtp mode client
vtp password 123

int range e 0/1-3
switchport mode access
switchport access vlan 2

int range e 1/1-3
switchport mode access
switchport access vlan 3

SW3:

conf t
no ip routing

int e 0/0
switchport trunk encapsulation dot1q
switchport mode trunk
no sh

vtp domain hnkjedu
vtp version 2
vtp mode client
vtp password 123

int range e 0/1-3
switchport mode access
switchport access vlan 4

int range e 1/1-3
switchport mode access
switchport access vlan 5

3、总部的 4 个部门的 PC 为了方便上网,采用自动获取 IP 地址的方式,DHCP 服务器放在核心交换机上(SW1),DHCP 服务器分配的 DNS 用公网的 DNS 服务器的 IP 地址,由于财务部有内部的服务器需要固定 IP 地址,所以财务部门网段需要在设置 DHCP 时排除,排除 IP 为这个网络最前面可用的 10 个 IP 地址,同时,要求所有 DHCP 地址池的名称采用 vlan + 编号的组成,如:vlan2 等。

在 SW1 上配置 DHCP Server:

SW1:

ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 221.11.32.2

ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
dns-server 221.11.32.2

ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
default-router 192.168.4.254
dns-server 221.11.32.2

ip dhcp pool vlan5
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
dns-server 221.11.32.2
exit

ip dhcp excluded-address 192.168.5.1 192.168.5.10

然后在 PC1/2/3/4 上尝试通过 DHCP 来获得 IP 地址:

PC1> ip dhcp -r
DDORA IP 192.168.2.1/24 GW 192.168.2.254

PC2> ip dhcp -r
DDORA IP 192.168.3.1/24 GW 192.168.3.254

PC3> ip dhcp -r
DDORA IP 192.168.4.1/24 GW 192.168.4.254

PC4> ip dhcp -r
DDORA IP 192.168.5.11/24 GW 192.168.5.254

没问题,现在 PC1/2/3/4 都可以得到相应网段的 IP 地址了,而且 PC4(财务部)得到的第一个 IP 地址是 192.168.5.11,前 10 个 IP 地址都没有分配出去。

同时也可以看到网关和 DNS 服务器也设置成功了:

PC4> sh ip 

NAME : PC4[1]
IP/MASK : 192.168.5.11/24
GATEWAY : 192.168.5.254
DNS : 221.11.32.2 
DHCP SERVER : 192.168.5.254
DHCP LEASE : 85835, 86400/43200/75600
MAC : 00:50:79:66:68:03
LPORT : 10003
RHOST:PORT : 192.168.69.128:10017
MTU: : 1500
【综合实验】海南科技职业学院 2016 - 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)
【综合实验】海南科技职业学院 2016 – 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

4、由于公司分部设备限制,又有两个部门,所以分部采用单臂路由实现 vlan 之间的通信,销售部(vlan6)的网关在 R2 路由器 E0/0 的第 6 个子接口上,采购部(vlan7)的网关在 R2 路由器 E0/0 的第 7 个子接口上,接入层交换机 SW4 按图接的端口分配 vlan 。

在 R2 和 SW4 上配置单臂路由:

R2:

conf t

int e 0/0
no sh
int e 0/0.6
encapsulation dot1Q 6
ip add 192.168.6.254 255.255.255.0
int e 0/0.7
encapsulation dot1Q 7
ip add 192.168.7.254 255.255.255.0

SW4:

conf t
no ip routing

vlan 6,7

int e 0/0
switchport trunk encapsulation dot1q
switchport mode trunk
no sh

int e 0/1
switchport mode access
switchport access vlan 6
no sh

int e 0/2
switchport mode access
switchport access vlan 7
no sh

5、公司分部由于路由器功能限制,不可以配置 DCHP 服务,所以采用手动分配 IP 地址,具体地址参见拓扑图。

在 PC5 和 PC6 上手动设置 IP 地址,同时看它们能不能分别 ping 通自己的网关:

PC5> ip 192.168.6.1/24 192.168.6.254
Checking for duplicate address...
PC1 : 192.168.6.1 255.255.255.0 gateway 192.168.6.254

PC5> ping 192.168.6.254
192.168.6.254 icmp_seq=1 timeout
84 bytes from 192.168.6.254 icmp_seq=2 ttl=255 time=1.000 ms
84 bytes from 192.168.6.254 icmp_seq=3 ttl=255 time=1.000 ms
84 bytes from 192.168.6.254 icmp_seq=4 ttl=255 time=0.000 ms
84 bytes from 192.168.6.254 icmp_seq=5 ttl=255 time=0.000 ms
PC6> ip 192.168.7.1/24 192.168.7.254
Checking for duplicate address...
PC1 : 192.168.7.1 255.255.255.0 gateway 192.168.7.254

PC6> ping 192.168.7.254
84 bytes from 192.168.7.254 icmp_seq=1 ttl=255 time=0.000 ms
84 bytes from 192.168.7.254 icmp_seq=2 ttl=255 time=0.000 ms
84 bytes from 192.168.7.254 icmp_seq=3 ttl=255 time=0.000 ms
84 bytes from 192.168.7.254 icmp_seq=4 ttl=255 time=709.774 ms
84 bytes from 192.168.7.254 icmp_seq=5 ttl=255 time=0.501 ms

没有问题。

6、公司总部和分部三层设备间采用 RIPv2 动态路由,并且关闭自动汇总功能。在出口路由器 R1 上做默认路由指向中国联通运营商,核心交换机 SW1 和分部路由器 R2 通过 RIP 学习默认路由。

在 R1、R2 和 SW1 上配置 RIP 路由协议:

R1:

int s 2/0
ip add 192.168.1.5 255.255.255.252
no sh

ip route 0.0.0.0 0.0.0.0 113.59.115.193

router rip
version 2
no auto-summary
network 192.168.1.0
default-information originate

R2:

int s 2/0
ip add 192.168.1.6 255.255.255.252
no sh

router rip
version 2
no auto-summary
network 192.168.1.0
network 192.168.6.0
network 192.168.7.0

SW1:

router rip
 version 2
 no auto-summary
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
 network 192.168.5.0
 network 192.168.100.0

可以看到 R2 上收到了从 R1 发过来的默认路由:

R2#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.1.5 to network 0.0.0.0

R*    0.0.0.0/0 [120/1] via 192.168.1.5, 00:00:14, Serial2/0
      192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
R        192.168.1.0/30 [120/1] via 192.168.1.5, 00:00:14, Serial2/0
C        192.168.1.4/30 is directly connected, Serial2/0
L        192.168.1.6/32 is directly connected, Serial2/0
R     192.168.2.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R     192.168.3.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R     192.168.4.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
R     192.168.5.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0
      192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.6.0/24 is directly connected, Ethernet0/0.6
L        192.168.6.254/32 is directly connected, Ethernet0/0.6
      192.168.7.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.7.0/24 is directly connected, Ethernet0/0.7
L        192.168.7.254/32 is directly connected, Ethernet0/0.7
R     192.168.100.0/24 [120/2] via 192.168.1.5, 00:00:14, Serial2/0

SW1 上也收到了从 R1 发过来的默认路由:

SW1#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

R*    0.0.0.0/0 [120/1] via 192.168.1.2, 00:00:03, Ethernet0/3
      192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
C        192.168.1.0/30 is directly connected, Ethernet0/3
L        192.168.1.1/32 is directly connected, Ethernet0/3
R        192.168.1.4/30 [120/1] via 192.168.1.2, 00:00:03, Ethernet0/3
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, Vlan2
L        192.168.2.254/32 is directly connected, Vlan2
      192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.3.0/24 is directly connected, Vlan3
L        192.168.3.254/32 is directly connected, Vlan3
      192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.4.0/24 is directly connected, Vlan4
L        192.168.4.254/32 is directly connected, Vlan4
      192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.5.0/24 is directly connected, Vlan5
L        192.168.5.254/32 is directly connected, Vlan5
R     192.168.6.0/24 [120/2] via 192.168.1.2, 00:00:03, Ethernet0/3
R     192.168.7.0/24 [120/2] via 192.168.1.2, 00:00:03, Ethernet0/3
      192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.100.0/24 is directly connected, Vlan100
L        192.168.100.254/32 is directly connected, Vlan100
【综合实验】海南科技职业学院 2016 - 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)
【综合实验】海南科技职业学院 2016 – 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

7、公司内部服务器在出口路由器上做相应的内网和外网静态映射,其对应的公网 IP 地址为113.59.115.195/28。同时,公司申请了一个名为 abc.com 的域名,在公网 DNS 服务器上开启 DNS 服务并添加解析,使整个网络的任何一台计算机都可以通过 www.abc.com 打开网站访问服务器。

8、公司总部和分部的所有 PC 机都通过 R1 连接外网,采用动态映射的方式实现。其 NAT 地址池名称为 lt (联通拼音的第一个字母),可用公网 IP 地址范围为剩下的所有外网 IP 地址。其内网转换列表编号 1。

先配置公司内部服务器在出口路由器上的 NAT 静态映射,再配置所有 PC 在出口路由器上的 NAT 动态映射,最后配置 DNS 服务器:

R1:

ip nat inside source static 192.168.100.1 113.59.115.195

int e 0/0
ip nat outside

int e 0/3
ip nat inside

int s 2/0
ip nat inside

access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255

ip nat pool It 113.59.115.196 113.59.115.206 prefix-length 28

ip nat inside source list 1 pool It overload

现在所有 PC 和公司内部服务器都可以 ping 通 DNS 服务器了:

PC1> ping 221.11.32.2 
221.11.32.2 icmp_seq=1 timeout
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=2.526 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.199 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.850 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=1.925 ms

PC2> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.740 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.830 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.094 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.904 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.470 ms

PC3> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=2.928 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=2.022 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=2.578 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=2.002 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.061 ms

PC4> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.546 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.636 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=1.987 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=2.677 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=2.029 ms

PC5> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=13.017 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=10.482 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=12.894 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=13.017 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=12.913 ms

PC6> ping 221.11.32.2
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=12.884 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=10.430 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=10.530 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=10.399 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=31.575 ms

Server> ip 192.168.100.1/24 192.168.100.254
Checking for duplicate address...
PC1 : 192.168.100.1 255.255.255.0 gateway 192.168.100.254

Server> ping 221.11.32.2 
84 bytes from 221.11.32.2 icmp_seq=1 ttl=252 time=1.992 ms
84 bytes from 221.11.32.2 icmp_seq=2 ttl=252 time=1.682 ms
84 bytes from 221.11.32.2 icmp_seq=3 ttl=252 time=1.555 ms
84 bytes from 221.11.32.2 icmp_seq=4 ttl=252 time=1.442 ms
84 bytes from 221.11.32.2 icmp_seq=5 ttl=252 time=1.428 ms

再配置 DNS 服务器:

ip dns server
ip domain-lookup
ip name-server 221.11.32.2
ip host www.abc.com 113.59.115.195

现在所有 PC 都可以通过 www.abc.com 域名来访问公司内部服务器了:

PC1> ping www.abc.com
www.abc.com resolved to 192.168.100.1
www.abc.com icmp_seq=1 timeout
www.abc.com icmp_seq=2 timeout
84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.018 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.015 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.027 ms

PC2> ping www.abc.com
www.abc.com resolved to 192.168.100.1
84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.863 ms
84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.051 ms
84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.146 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.040 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=0.985 ms

PC3> ping www.abc.com
www.abc.com resolved to 192.168.100.1
84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.705 ms
84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.138 ms
84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=0.993 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=1.070 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.122 ms

PC4> ping www.abc.com
www.abc.com resolved to 192.168.100.1
84 bytes from 192.168.100.1 icmp_seq=1 ttl=63 time=0.747 ms
84 bytes from 192.168.100.1 icmp_seq=2 ttl=63 time=1.015 ms
84 bytes from 192.168.100.1 icmp_seq=3 ttl=63 time=1.060 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=63 time=0.932 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=63 time=1.072 ms

PC5> ip dns 221.11.32.2

PC5> ping www.abc.com 
www.abc.com resolved to 192.168.100.1
84 bytes from 192.168.100.1 icmp_seq=1 ttl=61 time=9.931 ms
84 bytes from 192.168.100.1 icmp_seq=2 ttl=61 time=10.400 ms
84 bytes from 192.168.100.1 icmp_seq=3 ttl=61 time=31.880 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=61 time=31.416 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=61 time=31.554 ms

PC6> ip dns 221.11.32.2

PC6> ping www.abc.com 
www.abc.com resolved to 192.168.100.1
www.abc.com icmp_seq=1 timeout
www.abc.com icmp_seq=2 timeout
84 bytes from 192.168.100.1 icmp_seq=3 ttl=61 time=10.013 ms
84 bytes from 192.168.100.1 icmp_seq=4 ttl=61 time=9.971 ms
84 bytes from 192.168.100.1 icmp_seq=5 ttl=61 time=10.007 ms

9、按照图上所标的要求,更改所有设备的主机名称。(忽略,因为 GNS3 IOU 默认已经改好所有设备的主机名称)

10、为了保证公司总部和分部之间的数据通信安全,在相应的接口上启用 PPP 协议,并且采用双向 chap 认证,认证密码为 123。

R1:

username R2 password 123

int s 2/0
encapsulation ppp
ppp authentication chap

R2:

username R1 password 123

int s 2/0
encapsulation ppp
ppp authentication chap

【综合实验】海南科技职业学院 2016 - 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)
【综合实验】海南科技职业学院 2016 – 2017 学年第一学期期末考试 典型网络设计与配置 CCNA 试卷(A)

11、为了保证公司财务部门的数据安全,公司分部所有 PC 机不允许任何基于 IP 协议的数据访问财务部的任何 PC 机,其访问控制列表的编号为 100,但是与其它部门数据交换不受影响。

先看看 PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)是否能 ping 通 PC4(公司总部的财务部):

PC1> ping 192.168.5.11
192.168.5.11 icmp_seq=1 timeout
192.168.5.11 icmp_seq=2 timeout
84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.433 ms
84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.272 ms
84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.361 ms

PC2> ping 192.168.5.11
192.168.5.11 icmp_seq=1 timeout
84 bytes from 192.168.5.11 icmp_seq=2 ttl=63 time=1.185 ms
84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.407 ms
84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.252 ms
84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.241 ms

PC3> ping 192.168.5.11
192.168.5.11 icmp_seq=1 timeout
84 bytes from 192.168.5.11 icmp_seq=2 ttl=63 time=1.509 ms
84 bytes from 192.168.5.11 icmp_seq=3 ttl=63 time=1.189 ms
84 bytes from 192.168.5.11 icmp_seq=4 ttl=63 time=1.227 ms
84 bytes from 192.168.5.11 icmp_seq=5 ttl=63 time=1.324 ms

PC5> ping 192.168.5.11
84 bytes from 192.168.5.11 icmp_seq=1 ttl=61 time=10.422 ms
84 bytes from 192.168.5.11 icmp_seq=2 ttl=61 time=10.404 ms
84 bytes from 192.168.5.11 icmp_seq=3 ttl=61 time=10.457 ms
84 bytes from 192.168.5.11 icmp_seq=4 ttl=61 time=10.512 ms
84 bytes from 192.168.5.11 icmp_seq=5 ttl=61 time=31.630 ms

PC6> ping 192.168.5.11
84 bytes from 192.168.5.11 icmp_seq=1 ttl=61 time=31.819 ms
84 bytes from 192.168.5.11 icmp_seq=2 ttl=61 time=31.761 ms
84 bytes from 192.168.5.11 icmp_seq=3 ttl=61 time=16.003 ms
84 bytes from 192.168.5.11 icmp_seq=4 ttl=61 time=14.302 ms
84 bytes from 192.168.5.11 icmp_seq=5 ttl=61 time=12.788 ms

可以 ping 通。

再在 SW1 上对公司分部来的流量做过滤:

SW1:

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 100 permit ip any any

int e 0/3
ip access-group 100 in

int vlan 2
ip access-group 100 in

int vlan 3
ip access-group 100 in

int vlan 4
ip access-group 100 in

PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)再 ping 一次 PC4(公司总部的财务部):

PC1> ping 192.168.5.11
*192.168.2.254 icmp_seq=1 ttl=255 time=0.599 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.2.254 icmp_seq=2 ttl=255 time=0.830 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.2.254 icmp_seq=3 ttl=255 time=0.766 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.2.254 icmp_seq=4 ttl=255 time=0.777 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.2.254 icmp_seq=5 ttl=255 time=0.746 ms (ICMP type:3, code:13, Communication administratively prohibited)

PC2> ping 192.168.5.11
*192.168.3.254 icmp_seq=1 ttl=255 time=0.711 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.254 icmp_seq=2 ttl=255 time=0.789 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.254 icmp_seq=3 ttl=255 time=1.787 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.254 icmp_seq=4 ttl=255 time=0.836 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.3.254 icmp_seq=5 ttl=255 time=0.848 ms (ICMP type:3, code:13, Communication administratively prohibited)

PC3> ping 192.168.5.11
*192.168.4.254 icmp_seq=1 ttl=255 time=0.691 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.4.254 icmp_seq=2 ttl=255 time=0.822 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.4.254 icmp_seq=3 ttl=255 time=0.783 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.4.254 icmp_seq=4 ttl=255 time=0.830 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.4.254 icmp_seq=5 ttl=255 time=0.867 ms (ICMP type:3, code:13, Communication administratively prohibited)

PC5> ping 192.168.5.11
*192.168.1.1 icmp_seq=1 ttl=253 time=10.418 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=2 ttl=253 time=10.014 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=3 ttl=253 time=38.153 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=4 ttl=253 time=7.402 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=5 ttl=253 time=7.395 ms (ICMP type:3, code:13, Communication administratively prohibited)

PC6> ping 192.168.5.11
*192.168.1.1 icmp_seq=1 ttl=253 time=31.730 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=2 ttl=253 time=5.449 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=3 ttl=253 time=5.429 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=4 ttl=253 time=10.423 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=5 ttl=253 time=10.481 ms (ICMP type:3, code:13, Communication administratively prohibited)

显然,通信已经被禁止(即无法通信)。

但 PC1(公司总部的经理办)、PC2(公司总部的后勤部)、PC3(公司总部的技术部)、PC5(公司分部的销售部)和 PC6(公司分部的采购部)之间还是可以正常通信的,以 PC1、PC5 和 PC6 为例:

PC1> ping 192.168.3.1
84 bytes from 192.168.3.1 icmp_seq=1 ttl=63 time=1.180 ms
84 bytes from 192.168.3.1 icmp_seq=2 ttl=63 time=1.305 ms
84 bytes from 192.168.3.1 icmp_seq=3 ttl=63 time=1.322 ms
84 bytes from 192.168.3.1 icmp_seq=4 ttl=63 time=1.256 ms
84 bytes from 192.168.3.1 icmp_seq=5 ttl=63 time=1.329 ms

PC1> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=63 time=2.950 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=63 time=1.313 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=63 time=1.257 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=63 time=1.210 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=63 time=1.251 ms

PC1> ping 192.168.6.1
84 bytes from 192.168.6.1 icmp_seq=1 ttl=61 time=10.676 ms
84 bytes from 192.168.6.1 icmp_seq=2 ttl=61 time=10.678 ms
84 bytes from 192.168.6.1 icmp_seq=3 ttl=61 time=11.069 ms
84 bytes from 192.168.6.1 icmp_seq=4 ttl=61 time=10.700 ms
84 bytes from 192.168.6.1 icmp_seq=5 ttl=61 time=10.679 ms

PC1> ping 192.168.7.1
84 bytes from 192.168.7.1 icmp_seq=1 ttl=61 time=10.607 ms
84 bytes from 192.168.7.1 icmp_seq=2 ttl=61 time=31.757 ms
84 bytes from 192.168.7.1 icmp_seq=3 ttl=61 time=10.889 ms
84 bytes from 192.168.7.1 icmp_seq=4 ttl=61 time=10.886 ms
84 bytes from 192.168.7.1 icmp_seq=5 ttl=61 time=11.249 ms

PC5> ping 192.168.2.1
84 bytes from 192.168.2.1 icmp_seq=1 ttl=61 time=10.403 ms
84 bytes from 192.168.2.1 icmp_seq=2 ttl=61 time=10.409 ms
84 bytes from 192.168.2.1 icmp_seq=3 ttl=61 time=10.501 ms
84 bytes from 192.168.2.1 icmp_seq=4 ttl=61 time=38.611 ms
84 bytes from 192.168.2.1 icmp_seq=5 ttl=61 time=22.086 ms

PC5> ping 192.168.3.1
192.168.3.1 icmp_seq=1 timeout
192.168.3.1 icmp_seq=2 timeout
84 bytes from 192.168.3.1 icmp_seq=3 ttl=61 time=10.513 ms
84 bytes from 192.168.3.1 icmp_seq=4 ttl=61 time=10.511 ms
84 bytes from 192.168.3.1 icmp_seq=5 ttl=61 time=10.391 ms

PC5> ping 192.168.4.1
192.168.4.1 icmp_seq=1 timeout
192.168.4.1 icmp_seq=2 timeout
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=10.917 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=31.866 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=38.274 ms

PC5> ping 192.168.7.1
192.168.7.1 icmp_seq=1 timeout
192.168.7.1 icmp_seq=2 timeout
84 bytes from 192.168.7.1 icmp_seq=3 ttl=63 time=1.380 ms
84 bytes from 192.168.7.1 icmp_seq=4 ttl=63 time=1.198 ms
84 bytes from 192.168.7.1 icmp_seq=5 ttl=63 time=1.213 ms

PC6> ping 192.168.2.1
84 bytes from 192.168.2.1 icmp_seq=1 ttl=61 time=10.847 ms
84 bytes from 192.168.2.1 icmp_seq=2 ttl=61 time=10.427 ms
84 bytes from 192.168.2.1 icmp_seq=3 ttl=61 time=10.769 ms
84 bytes from 192.168.2.1 icmp_seq=4 ttl=61 time=10.490 ms
84 bytes from 192.168.2.1 icmp_seq=5 ttl=61 time=10.406 ms

PC6> ping 192.168.3.1
84 bytes from 192.168.3.1 icmp_seq=1 ttl=61 time=10.387 ms
84 bytes from 192.168.3.1 icmp_seq=2 ttl=61 time=10.410 ms
84 bytes from 192.168.3.1 icmp_seq=3 ttl=61 time=10.420 ms
84 bytes from 192.168.3.1 icmp_seq=4 ttl=61 time=31.710 ms
84 bytes from 192.168.3.1 icmp_seq=5 ttl=61 time=38.459 ms

PC6> ping 192.168.4.1
84 bytes from 192.168.4.1 icmp_seq=1 ttl=61 time=13.160 ms
84 bytes from 192.168.4.1 icmp_seq=2 ttl=61 time=10.456 ms
84 bytes from 192.168.4.1 icmp_seq=3 ttl=61 time=11.971 ms
84 bytes from 192.168.4.1 icmp_seq=4 ttl=61 time=8.468 ms
84 bytes from 192.168.4.1 icmp_seq=5 ttl=61 time=10.583 ms

PC6> ping 192.168.6.1
84 bytes from 192.168.6.1 icmp_seq=1 ttl=63 time=1.491 ms
84 bytes from 192.168.6.1 icmp_seq=2 ttl=63 time=1.118 ms
84 bytes from 192.168.6.1 icmp_seq=3 ttl=63 time=1.380 ms
84 bytes from 192.168.6.1 icmp_seq=4 ttl=63 time=1.559 ms
84 bytes from 192.168.6.1 icmp_seq=5 ttl=63 time=2.652 ms

12、各个三层设备之间的网络已经在拓扑图中有标明。在相应的串行接口上配置时钟频率,其数值为 9600。

R1:

int s 2/0
clock rate threshold 9600

R2:

int s 2/0
clock rate threshold 9600

注意:IOU 没有这条命令:clock rate 9600,只有这一条:clock rate threshold 9600 。

 

本文完。如有疑问,欢迎在下方留言;如本文有什么错误,欢迎在下方留言指正,谢谢。

打赏作者
这里是 “ CCIE 工程师社区 ” 官方的捐款通道,您是否可以考虑请我们喝杯咖啡呢?

您的支持将鼓励我们继续创作!

[微信] 扫描二维码打赏

[支付宝] 扫描二维码打赏

Article Attachments

Was this article helpful?

Related Articles

2 Comments

  1. leonlawson

    给力,对照自己做的实验可以很快的发现自己的不足在哪里。很少网站有累死的综合实验如此详细的流程介绍..博主加油!

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.