网络系统集成大作业.doc_三一办公31ppt.com

资源描述

《网络系统集成大作业.doc》由会员分享，可在线阅读，更多相关《网络系统集成大作业.doc（28页珍藏版）》请在三一办公上搜索。

1、重庆科技学院网络系统集成大作业学号： 2014 2015学年第 1 学期网络系统集成大作业报告题目：企业网系统集成专业：计算机科学与技术班级：姓名：成绩：电气与信息工程学院2015 年1 月15 日目录1 题目内容12 拓扑图33 各设备配置文档43.1 交换机SW43.2 路由器RT143.2.1 端口基本配置43.2.2 单臂路由配置43.2.3 帧中继配置53.2.4 OSPF配置53.2.5 野蛮IPSec和GRE -Over-IPSec配置63.3 路由器RT273.3.1 端口基本配置73.3.2 帧中继配置73.3.3 OSPF配置83.3.4 野蛮IP

2、Sec和GRE -Over-IPSec配置83.4 路由器RT393.4.1 端口基本配置93.4.2 帧中继配置93.4.3 OSPF配置93.4.3 野蛮IPSec和GRE -Over-IPSec配置1035 IPV6隧道配置103.6 分支2的语音网关配置113.7总部的语音网关配置114 结果与分析124.1单臂路由124.2支部分别与总部通信134.3 ipv6验证144.4 web服务器144.5邮件服务器的搭建155 按题目要求回答问题206 总结与体会231 题目内容请根据网络拓扑和大作业具体要求搭建平台，配置调试相关设备和服务，并完成结果分析题。一、网络拓扑：二、题目要求

3、：1. 企业网利用私有专用地址进行内部网络的组织，因为这些地址在实际的生活中对internet是无效的IP，所以您不能利用路由协议让其与外部的子网进行路由学习。2. 总部有两个VLAN要求在E126交换机上正确的规划和实现，并在R1上对这两个VLAN进行单臂路由。3. 企业网VLAN之间能够互相访问。4. 以上TOP为一个企业网但是被分隔在三个不同的地理位置，要求总部使用帧中继与分支企业相接，而分支企业使用物理接口的帧中继与总部相接。5. 企业网分支2里面有两个子网利用环回地址来模拟实现。6. 要求整个企业网启动OSPF的路由。7. 确保路由学习的正确性。8. 企业网分支1有一个WEB和一个D

4、NS服务器，要求实现WEB和DNS服务（可在Windows2003Server中实现）。总部有一个邮件服务器，要求能实现用户之间的邮件收发。9. 在VLAN3的主机上PING：r3. 要求由202.202.1.2应答。10. 您的私有专用网络的主机能访问internet上的WEB（）11. 总部和分支1、分支2之间可以进行IP电话互通。12. 分支1和分支2通过野蛮IPSec的方式连接到中心，采用GRE -Over-IPSec的方式，在tunnel上运行OSPF协议来实现总部和分部之间的互通。13. 将R2和R3的E0/0互联，在E0/0口上配置IPV4的地址，在R2和R3的E0/1上配置IP

5、V6地址，利用自动隧道技术，让R2和R3的E0/1口的下连电脑互通。2 拓扑图3 各设备配置文档3.1 交换机SW交换机SW的配置文档，里面主要配置的是划分两个VLAN，分别为VLAN2、VLAN3，代码如下：sysSystem View: return to User View with Ctrl+Z.H3Csysname SWSWvlan 2 SW-vlan2port Ethernet 1/0/11SW-vlan2vlan 3SW-vlan3port Ethernet 1/0/12SW-vlan3quitSWinterface Ethernet 1/0/19SW-Ethernet1/0/1

6、9port link-type trunk SW-Ethernet1/0/19port trunk permit vlan all Please wait. Done.SW-Ethernet1/0/19quit3.2 路由器RT1 3.2.1 端口基本配置sysSystem View: return to User View with Ctrl+Z.H3Csysname RT1RT1interface Serial 1/0RT1-Serial1/0ip add 202.202.1.1 24RT1-Serial1/0quitRT1interface Serial 2/0RT1-Serial2/0

7、ip add 202.202.2.1 24 3.2.2 单臂路由配置RT1interface Ethernet 0/0.1RT1-Ethernet0/0.1ip add 192.168.2.1 24RT1-Ethernet0/0.1vlan-type dot1q vid 2RT1-Ethernet0/0.2ip add 192.168.3.1 24RT1-Ethernet0/0.2vlan-type dot1q vid 3 3.2.3 帧中继配置 (1)RT1与RT2之间的帧中继配置RT1-Serial2/0link-protocol fr/选择帧中继协议RT1-Serial1/0%Jan 1

8、1 09:51:46:779 2015 RT1 IFNET/4/LINK UPDOWN: Serial1/0: link status is DOWN %Jan 11 09:51:46:780 2015 RT1 IFNET/4/UPDOWN: Line protocol on the interface Serial1/0 is DOWN RT1-Serial2/0fr interface-type dte/选择帧中继端口类型为 dte (dte为：终端设备;dce为：数据通信设备) RT1-Serial2/0fr dlci 103/为帧中继接口配置 103 号虚电路RT1-fr-dlci-S

9、erial2/0-103quitRT1-Serial2/0fr map ip 202.202.2.2 103 （2）R1与R3之间的帧中继配置RT1-Serial1/0link-protocol frRT1-Serial1/0fr interface-type dte RT1-Serial1/0fr dlci 102RT1-fr-dlci-Serial1/0-102quitRT1-Serial1/0fr map ip 202.202.1.2 102 3.2.4 OSPF配置（1）RT1和RT2间隧道之间的OSPF配置RT1interface Tunnel 0RT1-Tunnel0ip add

10、 100.10.1.1 24 /为隧道分配IP地址RT1-Tunnel0source 202.202.2.1 RT1-Tunnel0destination 202.202.2.2RT1-Tunnel0%Jan 11 10:02:23:416 2015 RT1 IFNET/4/LINK UPDOWN: Tunnel0: link status is UP %Jan 11 10:02:23:416 2015 RT1 IFNET/4/UPDOWN: Line protocol on the interface Tunnel0 is UP RT1-Tunnel0keepalive RT1-Tunnel

11、0quitRT1ospf 1 router-id 1.1.1.1RT1-ospf-1area 0RT1-ospf-1-area-0.0.0.0network 192.168.1.0 0.0.0.255RT1-ospf-1-area-0.0.0.0network 192.168.2.0 0.0.0.255RT1-ospf-1-area-0.0.0.0network 192.168.3.0 0.0.0.255RT1-ospf-1-area-0.0.0.0network 100.10.1.0 0.0.0.255RT1-ospf-1-area-0.0.0.0quitRT1-ospf-1quitRT1

12、（2）RT1和RT3间隧道之间的OSPF配置RT1interface Tunnel 1RT1-Tunnel1ip add 200.10.1.1 24 RT1-Tunnel1source 202.202.1.1 RT1-Tunnel1destination 202.202.1.2 RT1-Tunnel1keepalive RT1-Tunnel1quitRT1ospfRT1-ospf-1area 0RT1-ospf-1-area-0.0.0.0network 200.10.1.0 0.0.0.255RT1-ospf-1-area-0.0.0.0quitRT1-ospf-1quit 3.2.5 野蛮

13、IPSec和GRE -Over-IPSec配置（1）RT1和RT2之间的配置RT1aclRT1acl number 3000 RT1-acl-adv-3000rule permit ip source 202.202.2.0 0.0.0.255 destination 202.202.2.0 0.0.0.255RT1-acl-adv-3000rule 1 deny ip RT1-acl-adv-3000quitRT1ipsec proposal tran1 RT1-ipsec-proposal-tran1esp encryption-algorithm des RT1-ipsec-propo

14、sal-tran1esp authentication-algorithm sha1 RT1-ipsec-proposal-tran1quitRT1ike local-name rt1RT1ike peer rt2 /配置到rt2的 IKE PEERRT1-ike-peer-rt2exchange-mode aggressive/设置IPSec为野蛮模式 RT1-ike-peer-rt2pre-shared-key abc /共享密钥为abcRT1-ike-peer-rt2id-type name/选择名字作为Ike协商过程中使用的idRT1-ike-peer-rt2remote-name r

15、t2 RT1-ike-peer-rt2quitRT1ipsec policy policy1 10 isakmp /进入安全策略，并进入安全策略视图RT1-ipsec-policy-isakmp-policy1-10security acl 3000RT1-ipsec-policy-isakmp-policy1-10proposal tran1 /配置安全策略所引用的安全提议RT1-ipsec-policy-isakmp-policy1-10ike-peer rt2 RT1-ipsec-policy-isakmp-policy1-10quitRT1interface Serial 2/0RT2

16、-Serial2/0ipsec policy policy1 /在接口上应用安全策略组（2）RT1和RT3之间的配置RT1aclRT1acl number 3001RT1-acl-adv-3001rule permit ip source 202.202.1.0 0.0.0.255 destination 202.202.1.0 0.0.0.255RT1-acl-adv-3001rule deny ipRT1-acl-adv-3001quitRT1ike peer rt3RT1-ike-peer-rt3exchange-mode aggressive RT1-ike-peer-rt3pre-

17、shared-key abcdRT1-ike-peer-rt3id-type name RT1-ike-peer-rt3remote-name rt3RT1-ike-peer-rt3quit RT1ipsec policy policy2 10 isakmp RT1-ipsec-policy-isakmp-policy2-10security acl 3001 RT1-ipsec-policy-isakmp-policy2-10ike-peer rt3RT1-ipsec-policy-isakmp-policy2-10proposal tran1RT1-ipsec-policy-isakmp-

18、policy2-10quitRT1interface Serial 1/0RT1-Serial1/0ipsec policy policy23.3 路由器RT2 3.3.1 端口基本配置RT2interface Serial 1/0RT2-Serial1/0ip add 202.202.2.2 24RT2-Serial1/0quitRT2interface Ethernet 0/0RT2-Ethernet0/0ip add 88.88.88.88 24RT2-Ethernet0/0quit 3.3.2 帧中继配置RT2interface Serial 1/0RT2-Serial1/0link-

19、protocol fr%Jan 11 09:29:38:737 2015 RT2 IFNET/4/UPDOWN: Line protocol on the interface Serial1/0 is DOWN RT2-Serial1/0%Jan 11 09:29:40:126 2015 RT2 IFNET/4/LINK UPDOWN: Serial1/0: link status is UP RT2-Serial1/0fr interface-type dceRT2-Serial1/0fr dlci 100RT2-fr-dlci-Serial1/0-100quitRT2-Serial1/0f

20、r map ip 202.202.2.1 100 3.3.3 OSPF配置RT2interface Tunnel 0RT2-Tunnel0ip add 100.10.1.2 24RT2-Tunnel0source 202.202.2.2 RT2-Tunnel0destination 202.202.2.1 RT2-Tunnel0keepalive RT2-Tunnel0quit%Jan 11 09:42:02:579 2015 RT2 IFNET/4/LINK UPDOWN: Tunnel0: link status is UP %Jan 11 09:42:02:579 2015 RT2 IF

21、NET/4/UPDOWN: Line protocol on the interface Tunnel0 is UP itRT2ospfRT2ospf 1 router-id 2.2.2.2RT2-ospf-1area 0RT2-ospf-1-area-0.0.0.0network 100.10.1.0 0.0.0.255RT2-ospf-1-area-0.0.0.0network 88.88.88.0 0.0.0.255RT2-ospf-1-area-0.0.0.0%Jan 11 09:43:54:592 2015 RT2 RM/3/RMLOG:OSPF-NBRCHANGE: Process

22、 1, Neighbor 100.10.1.1(Tunnel0) from Loading to Full3.3.4 野蛮IPSec和GRE -Over-IPSec配置RT2aclRT2acl number 3000RT2-acl-adv-3000rule permit ip source 202.202.2.0 0.0.0.255 destination 202.202.2.0 0.0.0.255RT2-acl-adv-3000rule deny ip RT2-acl-adv-3000quitRT2ipsec proposal tran1 RT2-ipsec-proposal-tran1es

23、p authentication-algorithm sha1 RT2-ipsec-proposal-tran1esp encryption-algorithm des RT2-ipsec-proposal-tran1quitRT2ike local-name rt2RT2ike peer rt1RT2-ike-peer-rt1exchange-mode aggressive RT2-ike-peer-rt1pre-shared-key abcRT2-ike-peer-rt1id-type name RT2-ike-peer-rt1remote-name rt1RT2-ike-peer-rt1

24、remote-address 202.202.2.1RT2-ike-peer-rt1quit RT2ipsec policy policy3 10 isakmp RT2-ipsec-policy-isakmp-policy3-10security acl 3000RT2-ipsec-policy-isakmp-policy3-10ike-peer rt1RT2-ipsec-policy-isakmp-policy3-10proposal tran1RT2-ipsec-policy-isakmp-policy3-10quitRT2interface Serial 1/0RT2-Serial1/0

25、ipsec policy policy3 3.4 路由器RT3 3.4.1 端口基本配置RT3interface Serial 2/0RT3-Serial2/0ip add 202.202.2.2 24RT3-Serial2/0quitRT3interface Ethernet 0/1RT3-Ethernet0/1ip add 77.77.77.77 24 3.4.2 帧中继配置RT3interface Serial 2/0RT3-Serial2/0link-protocol fr RT3-Serial2/0fr interface-type dce RT2-Serial2/0fr dlci

26、50RT2-fr-dlci-Serial2/0-50quitRT3-Serial2/0fr map ip 202.202.1.1 50 3.4.3 OSPF配置RT3interface Tunnel 1RT3-Tunnel1ip add 200.10.1.2 24RT3-Tunnel1source 202.202.1.2RT3-Tunnel1destination 202.202.1.1RT3-Tunnel1keepalive RT3interface LoopBack 0RT3-LoopBack0ip add 202.202.100.1 32RT3-LoopBack0interface Lo

27、opBack 1 RT3-LoopBack1ip add 202.202.101.1 32RT3-LoopBack1quitRT3ospfRT3ospf 1 router-id 3.3.3.3Warning: OSPF 1 The new router id will be activated only after Reset Ospf ProcessRT3-ospf-1area 0RT3-ospf-1-area-0.0.0.0network 202.202.100.0 0.0.0.0RT3-ospf-1-area-0.0.0.0network 202.202.101.0 0.0.0.0RT3

28、-ospf-1-area-0.0.0.0network 200.10.1.0 0.0.0.255 RT3-ospf-1-area-0.0.0.0%Jan 11 09:53:20:124 2015 RT3 RM/3/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbor 200.10.1.1(Tunnel1) from Loading to FullRT3-ospf-1-area-0.0.0.0network 77.77.77.0 0.0.0.255RT3-ospf-1-area-0.0.0.0quitRT3-ospf-1quit 3.4.3 野蛮IPSec和GRE

29、-Over-IPSec配置RT3aclRT3acl number 3000RT3-acl-adv-3000rule permit ip source 202.202.1.0 0.0.0.255 destination 202.202.1.0 0.0.0.255RT3-acl-adv-3000rule deny ipRT3-acl-adv-3000quitRT3ike local-name rt3RT3ike peer rt1RT3-ike-peer-rt1exchange-mode aggressive RT3-ike-peer-rt1pre-shared-key abcdRT3-ike-pe

30、er-rt1id-type name RT3-ike-peer-rt1remote-name rt1 RT3-ike-peer-rt1remote-address 202.202.1.1 /指定对端安全网关的IP地址RT3-ike-peer-rt1quit RT3ipsec proposal tran1 RT3-ipsec-proposal-tran1esp authentication-algorithm sha1 RT3-ipsec-proposal-tran1esp encryption-algorithm des RT3-ipsec-proposal-tran1quitRT3ipsec

31、 policy policy4 10 isakmp RT3-ipsec-policy-isakmp-policy4-10security acl 3000RT3-ipsec-policy-isakmp-policy4-10ike-peer rt1RT3-ipsec-policy-isakmp-policy4-10proposal tran1RT3-ipsec-policy-isakmp-policy4-10quitRT3interface Serial 2/0RT3-Serial2/0ipsec policy policy4 35 IPV6隧道配置RT2上的IPV6隧道配置：RT2interf

32、ace eRT2interface Ethernet 0/1 RT2-Ethernet0/1ipv6 address 2002:caca:0202:2:1 64RT2interface Tunnel 200RT2-Tunnel200ipv6 address 2002:caca:0202:3:1 64RT2-Tunnel200source Serial 1/0RT2-Tunnel200tunnel-protocol ipv6-ipv4 6to4 RT2ip route-static 202.202.1.0 24 202.202.2.1RT3上的IPV6隧道配置：RT3ipv6RT3interfa

33、ce Ethernet 0/0RT3-Ethernet0/0ipv6 address 2002:caca:0102:2:1 64 RT3interface Tunnel 200RT3-Tunnel200ipv6 address 2002:caca:0102:3:1 64RT3-Tunnel200source Serial 2/0RT3-Tunnel200tunnel-protocol ipv6-ipv4 6to4 RT3ip route-static 202.202.2.0 24 202.202.1.13.6 分支2的语音网关配置VGsysname VG1VG1int e1VG1-Ethern

34、et1ip add 77.77.77.100 24VG1-Ethernet1quitVG1ip route 0.0.0.0 0 77.77.77.77VG1voiceVG1-voicedialVG1-voice-dialentity 650 voip The voice entitys type is VoIPVG1-voice-dial-entity650match-template 650.VG1-voice-dial-entity650add ip 192.168.1.10 VG1-voice-dialentity 550 pots The voice entitys type is P

35、OTSVG1-voice-dial-entity1match-template 202550 VG1-voice-dial-entity1line 0VG1-voice-dial-entity1quitVG1-voice-dialquit3.7总部的语音网关配置VG2int e1VG2-Ethernet1ip add 192.168.1.10 24VG2-Ethernet1quitVG2ip route 0.0.0.0 0 192.168.1.1 VG2voice VG2-voicedialVG2-voice-dialentity 202 voip The voice entitys type

36、 is VoIPVG2-voice-dial-entity202match-template 202. VG2-voice-dial-entity202address ip 77.77.77.100 VG2-voice-dialentity 201 pots The voice entitys type is POTSVG2-voice-dial-entity1match-template 650201 VG2-voice-dial-entity1line 0 VG2-voice-dial-entity1quitVG2-voice-dialquitVG2-voicequit4 结果与分析4.1

37、单臂路由图4.1实现公司内部通信4.2支部分别与总部通信图4.2 pc3 ping pc1图 4.3 pc5 ping pc24.3 ipv6验证图4.4 pc4 ping pc54.4 web服务器在pc5上搭建虚拟机完成在VLAN3的主机上PING：r3. 要求由202.202.1.2应答。到目录C:WINDOWSsystem32driversetc下，找到这个文件hosts，在该文件里面添加一行202.202.1.2 修改后保存即可。图 4.5创建图4.6 访问4.5邮件服务器的搭建实现总部分部之间邮件收发。（在虚拟机上，搭建Web服务器和MALL服务器，其中web是利用到DNS和IS-

38、IS，而邮件搭建的话是用到POP3实现的。）4.5 IPSec查看RT1dis ipsec sa=Interface: Serial1/0 path MTU: 1500= - IPsec policy name: policy1 sequence number: 10 mode: isakmp - connection id: 3 encapsulation mode: tunnel perfect forward secrecy: None tunnel: local address: 202.202.1.1 remote address: 202.202.1.2 Flow : sour a

39、ddr: 202.202.1.0/255.255.255.0 port: 0 protocol: IP dest addr: 202.202.1.0/255.255.255.0 port: 0 protocol: IP inbound ESP SAs spi: 2453217257 (0x92391fe9) proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1 sa duration (kilobytes/sec): 1843200/3600 sa remaining duration (kilobytes/sec): 1843198/3501 max receive

40、d sequence-number: 28 anti-replay check enable: Y anti-replay window size: 32 udp encapsulation used for nat traversal: N outbound ESP SAs spi: 1206351289 (0x47e775b9) proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1 sa duration (kilobytes/sec): 1843200/3600 sa remaining duration (kilobytes/sec): 1843198/350

41、1 max sent sequence-number: 30 udp encapsulation used for nat traversal: N=Interface: Serial2/0 path MTU: 1500= - IPsec policy name: policy3 sequence number: 10 mode: isakmp - connection id: 4 encapsulation mode: tunnel perfect forward secrecy: None tunnel: local address: 202.202.2.1 remote address:

42、 202.202.2.2 Flow : sour addr: 202.202.2.0/255.255.255.0 port: 0 protocol: IP dest addr: 202.202.2.0/255.255.255.0 port: 0 protocol: IP inbound ESP SAs spi: 3299900844 (0xc4b07dac) proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1 sa duration (kilobytes/sec): 1843200/3600 sa remaining duration (kilobytes/sec): 1843074/441 max received se

展开阅读全文