实验三 综合性训练（搭建中小企业园区网）

实验三  综合性训练（搭建中小企业园区网）

  一、实验目的： 

1.通过对网络设备的连通和对拓扑的分析，加深对常见典型局域网拓扑的理解； 

2.通过路由建立起网络之间的连接，了解网络路由的设计与配置；

3.进一步熟悉交换机、路由器的基本操作命令。

二、项目背景：

以企业为计划建设自己的企业园区网络，希望对通过新建的网络提供一个安全可靠可扩展性以及高效的网络环境，将两个办公地点连接在一起，使企业内能够实现方便快捷的网络资源共享。 企业有两个办公地点A和B，且相距较远。A办公地点具有较多的部门，综合部、财务部、业务部，为主要的办公场所，因此这部分的交换网络对可用性和可靠性要求较高。现有其中三个部门的连通方式以及网络连通的验证。

三、实验设备：

计算机、二层交换机、路由器、外网服务器

四、实验拓扑图：

五、实验过程：

1在4台交换机上创建vlan10/20/30

Switch>en

Switch#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#

Switch(config)#vlan 10

switch(config-vlan)#name 1

Switch(config-vlan)#exit

Switch(config)#vlan 20

switch(config-vlan)#name 2

Switch(config-vlan)#exit

Switch(config)#vlan 20

Switch(config-vlan)#exit

switch(config)#vlan 30

switch(config-vlan)#name 3

Switch(config-vlan)#exit

Switch(config)#

2在交换机s2_01,s2_02（二层交换机）上分别将6-10端口，11-15端口，16-20端口分别划分到vlan10，20，30中

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int range fa0/6-10

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 10

Switch(config-if-range)#exit

Switch(config)#int range fa0/11-15

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 20

Switch(config-if-range)#exit

Switch(config)#int range fa0/16-20

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport access vlan 30

Switch(config-if-range)#exit

Switch(config)#

3把s2_01,s2_02连s3_01,s3_02的端口设置都为Trunk模式

Switch>enable

Switch#conf t

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#interface FastEthernet0/1

Switch(config-if)#switchport mode trunk

Switch(config-if)#

LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Switch(config-if)#exit

Switch(config)#interface FastEthernet0/2

Switch(config-if)#switchport mode trunk

Switch(config-if)#

LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

Switch(config-if)#

4将两台三层交换机之间的fa0/3,fa0/4端口配置为聚合端口 两台三层交换机

Switch>enable

switch#int range fa0/1-2

%Invalid input detected at '^' marker.

switch#conf t

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#int range fa0/1-2

Switch(config-if-range)#channel-group 1 mode on

Switch(config-if-range)#

Creating a port-channel interface Port-channel 1

LINK-5-CHANGED: Interface Port-channell, changed state to up

LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channell, changed state to up

Switch(config-if-range)#exit

Switch(config)#int port-channel 1

Switch(config-if)#switchport mode trunk

Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to"trunk" mode.

switch(config-if)#exit

5在四台交换机上配置RSTP

Switch>en

switch#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#spanning-tree mode pvst

Switch(config)#

Switch#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#spanning-tree mode pvst

Switch(config)#spanning-tree vlan 10,20,30 priority 16384

Switch(config)#show spanning-tree

Invalid input detected at '^' marker.

Switch(config)#spanning-tree mode pvst

Switch(config)#spanning-tree vlan 10,20,30 priority 16384

Switch(config)#exit

Switch#

SYS-5-CONFIG_I: Configured from console by console

Switch#show spanning-tree

验证配置结果

6在接入交换机的access链路上实现端口安全

Switch>en

Switch#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#

Switch(config)#int range fa0/6-20

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport port-security

Switch(config-if-range)#switchport port-security maximum 4

Switch(config-if-range)#switchport port-security violation shutdown

Switch(config-if-range)#

7在三层交换机上配置SVI实现vlan间的路由

左边

Switch>en

Switch#conf

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int vlan 10

Switch(config-if)#

LINK-5-CHANGED: Interface Vlan10, changed state to up

LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

switch(config-if)#ip address 192.168.10.1255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#

LINK-5-CHANGED: Interface Vlan20, changed state to up

LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

switch(config-if)#ip address 192.168.20.1  255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#int vlan 30

Switch(config-if)#

LINK-5-CHANGED: Interface Vlan30, changed state to up

LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to upip address

192.168.30.1 255.255.255.0

switch(config-if)#ip address 192.168.30.1  255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#

右边

Switch>en

Switch#conf t

Enter configuration commands, one per line.End with CNTL/Z.

Switch(config)#int vlan 10

Switch(config-if)#

LINK-5-CHANGED: Interface Vlan10,changed state to up

SLINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

switch(config-if)#ip address 192.168.10.2  255.255.255.0

Switch(config-if)tno shutdown

Switch(config-if)#exit

Switch(config)#int vlan 20

Switch(config-if)#

LINK-5-CHANGED: Interface Vlan20,changed state to up

LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

Switch(config-if)#ip address 192.168.20.2  255.255.255.0

Switch(config-if)tno shutdown

Switch(config-if)#exit

Switch(config)#int vlan 30

switch(config-if)#

LINK-5-CHANGED: Interface Vlan30, changed state to up

LINEPROTO-5-UPDOWN:Line protocol on Interface Vlan30,changed state to up

Switch(config-if)#ip address 192.168.30.2  255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit

Switch(config)#

8在三层交换机的路由端口，R0和R1及模拟Internet的路由上配置接口IP地址

左边

Switch(config)#int fa0/24

Switch(config-if)#no switchport

Switch(config-if)#ip address 10.1.1.2 255.255.255.0

Switch(config-if)#no shutdown

右边

Switch(config)#int fa0/24

Switch(config-if)#no switchport

Switch(config-if)#ip address 20.2.2.2 255.255.255.0

Switch(config-if)#no shutdown

R0路由器

Router(config)#int fa0/0

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Router(config-if)#clock rate 64000

Router(config)#interface FastEthernet1/0

Router(config-if)#ip address 20.2.2.1 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up

Router(config)#interface Serial2/0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#no shutdown

R1路由器

Router>enable

Router#

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface Serial2/0

Router(config-if)#ip address 192.168.1.2 255.255.255.0

Router(config-if)#ip address 192.168.1.2 255.255.255.0

Router(config-if)#clock rate 64000

This command applies only to DCE interfaces

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface Serial2/0, changed state to up

Router(config-if)#exit

Router(config)#interface FastEthernet0/0

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

ip address 201.10.8.1 255.255.255.0

Router(config-if)#ip address 201.10.8.1 255.255.255.0

Router(config-if)#no shutdown

Rs路由器

Router>enable

Router#

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#interface loopback 0

Router(config-if)#

%LINK-5-CHANGED: Interface Loopback0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

Router(config-if)#ip address 201.1.1.1 255.255.255.0

Router(config-if)#no shutdown

9在R0和R1上配置广域网链路，启用PPP协议和配置PAP认证 

R0路由器

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

Router(config-if)#ppp pap sent-username Ra password 0 123

Router(config-if)#exit

R1路由器

Router(config)#username Ra password 0 123

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

Router(config-if)#ppp authentication pap

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

Router(config-if)#exit

10运用RIPv2路由协议，在企业内网实现全网路由互通，用静态路由实现企业内网到互联网的访问 两台三层交换机（上面）和两台路由器 

左边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 10.1.1.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

右边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 20.2.2.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 20.2.2.1

R0

Router(config)#route rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#network 10.1.1.0

Router(config-router)#network 20.2.2.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 10.0.0.0/8 [120/7] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 10.1.1.0/24 is directly connected, FastEthernet0/0

20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 20.0.0.0/8 [120/6] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 20.2.2.0/24 is directly connected, FastEthernet1/0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, Serial2/0

C 192.168.1.2/32 is directly connected, Serial2/0

R 192.168.10.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

[120/1] via 20.2.2.2, 00:00:03, FastEthernet1/0

R 192.168.20.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

--More--

R1

Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 201.10.8.2

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 201.10.8.2 to network 0.0.0.0

192.168.1.0/32 is subnetted, 1 subnets

C 192.168.1.1 is directly connected, Serial2/0

C 201.10.8.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 201.10.8.2

11在路由器R1上做NAT实现内网对外网的访问

R1

Router(config)#interface Serial2/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#

Router(config-if)#exit

Router(config)#interface FastEthernet0/0

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.20.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.30.0 0.0.0.255

Router(config)#ip nat pool internet 201.10.8.3 201.10.8.10 netmask 255.255.255.0

Router(config)#ip nat inside source list 1 pool internet

Router(config)#exit

12为了控制内网对互联网的访问，在路由器R1上做访问控制列表 一台路由器

R1

Router(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 any

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 21

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 20

Router(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 any

Router(config)#access-list 101 deny tcp 192.168.30.0 0.0.0.255 any

Router(config)#access-list 101 permit ip any any

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#ip access-group 101 in

Router(config-if)#exit

Router#show access-lists

Standard IP access list 1

10 permit 192.168.10.0 0.0.0.255

20 permit 192.168.20.0 0.0.0.255

30 permit 192.168.30.0 0.0.0.255

Extended IP access list 101

10 deny ip 192.168.20.0 0.0.0.255 any

20 permit tcp 192.168.10.0 0.0.0.255 any eq www

30 permit tcp 192.168.30.0 0.0.0.255 any eq www

40 permit tcp 192.168.10.0 0.0.0.255 any eq ftp

50 permit tcp 192.168.10.0 0.0.0.255 any eq 20

60 deny tcp 192.168.10.0 0.0.0.255 any

70 deny tcp 192.168.30.0 0.0.0.255 any

80 permit ip any any

13验证是否连通

业务部可以访问ftp

财务部不能访问Internet，如下所示：

综合部能访问www服务，但不能访问ftp服务，如下所示：

六、实验总结：

在实验中，我们通过实际操作学习了如何配置动态路由协议，使得路由器可以自动适应网络变化。同时，我们也掌握了更多的路由器配置命令，可以更灵活地处理网络路由设置。通过本次实验的学习，我们进一步提升了网络路由的设计和配置技能，可以更好地应对现实网络环境的需求。通过对网络设备连通和拓扑的分析，加深了对常见局域网拓扑的理解。

本栏目推荐文章
• 综合练习5
• 微软企业库Unity学习笔记(一)
• 微软企业库Unity学习笔记(二)
• 数据可视化是如何帮助大型企业提高效率的？
• 数据驱动未来：公司运营数据分析大屏引领企业变革
• 软件构造大作业 综合信息管理系统
• 保护企业信息防止数据泄露是每个人的义务和责任！
• 人工智能应用的“繁花时代”，各大企业何以破局AI模型挑战
• 解锁电子元器件企业管理新境界：SAP Business One一体化解决方案揭秘
• Invicti v24.1.0 for Windows - 企业应用安全测试

综合性 园区 中小企业 中小 企业综合性 园区 中小企业 中小 园区企业 中小企业 喜讯 中小企业 年度 中小 工况 园区企业 园区 化工 中小企业 中小 企业 中小企业 模型 中小 数字 能带 中小企业 中小 企业 系统 中小企业 中小 企业 人数 中小 企业erp