实验报告：hcna综合实验.docx

资源描述

《实验报告：hcna综合实验.docx》由会员分享，可在线阅读，更多相关《实验报告：hcna综合实验.docx（16页珍藏版）》请在三一办公上搜索。

1、瘩HCNA实验手册组名：一班一组班级：网络安全一班目录实验一： HCNA综合实验2实验目的：2技术原理：3实验拓扑：3操作步骤：4要求一：内部客户端A属于VLAN 10,内部客户端B属于VLAN 20； .4要求二：内部三台交换机之间的双链路使用以太通道将链路聚合； 6要求三：内部三台交换机使用GVRP协议同步VLAN数据，内部三层交换机为SERVER角色；9要求五：边界两台路由器实现网关冗余，要求默认流量从边界路由器A向外传输；10 要求六：内部路由使用OSPF协10要求七：分别映射两台WEB服务器的TCP 80端口至两台边界路由器的外部端口； .11 要求八：不允许内部客户端A访问W

2、EB服务器A；不允许内部客户端B访问WEB服务器的 TCP 80 端口。12基本配置九：ip地址的配置和一些vlan13步骤七：测试15注意事项16实验： HCNA综合实验实验目的：1掌握hcna所学的所有技术的原理2掌握HCNA所学的所有技术的命令配置1所使用的技术：vlan acl 三层技术 nat gvrpvrrpstpip技术原理:1 vlan :虚拟局域网2 acl：访问控制列表3三层技术：实验vlan间互通4 nat :网络地址转换5 gvrp： vlan注册技术6 vrrp :虚拟路由冗余协议7 stp :生成树8 ip :网际协议：实验拓扑：T：r JAP_ U4-h A.

3、 F或r r PJ *：-. IH M i- Hh5.阳基内卸二巳交奈tfL伊上面向内部空换+S.也界两台珏由密#观网关丘金，7.内部宜由陡月DWF旃地B.分网映射两台膈努器的KP E0端口:二不免评内部舂户蜀占忻问E用落富的； #111 -灿9.224a. ua内稀昵操作步骤：要求一：内部客户端A属于VLAN 10,内部客户端B属于 VLAN 20；1.内部客户端A属于VLAN 10二层交换机SysSYSname 2SWA1.2SWA创建vlanvlan batch 10interface Ethernet0/0/5 port link-type access port default vl

4、an 10interface Eth-Trunkport link-type trunkport trunk allow-pass vlan 2 to 40942内部客户端B属于VLAN 20；二层交换机SysSysname 2SWB创建vlan 202. 2SWBvlan batch 20interface Ethernet0/0/5 port link-type access port default vlan 203interface Eth-Trunkport link-type trunkport trunk allow-pass vlan 2 to 40941 display vl

5、anThetotal number o vlans: 2kjiDp;口； Down;Vlan-mapping;ProtocolTransparent-vlan;TG: Ta gged;UT(Jnt agg d;ST: Vlan-3tacking;*; Management=vlan;VIEPorts1commonUT?EthO/0/3(D EthO/O/8(D EthOZO/12(D) Eth0/0/16(D) EthQ/O/20(D) Eth-Trunk2(uEthO/O/3 (D)Eth0/0/9(D)EthO/O/13(D)Eth0/0/17(D)EthO/O/21(D)EthO/0/6

6、(D)Eth0/0/10(D)Eth0/0/14(D)EthO/O/ia(D)EthO/0/22(D)EthO/0/?(DEthO/O/11(D)EthO/O/15(D)EthO/O/19(DjEth-runk3ru20commonUT;Eth&/0/5(E)TG：Eth-Trunk3(U)VIDStatusPropertyMAC-LRN StfltiatiajDescription120enableenabledefaultenable disabledefaultenable disableVLAM 0001VLAN 00203.3SWA#interface Eth-Trunklport

7、link-type trunkport trunk allow-pass vlan 2 to 4094#interface Eth-Trunk3port link-type trunkport trunk allow-pass vlan 2 to 4094要求二：内部三台交换机之间的双链路使用以太通道将链路聚合；创建链路聚合（1通道和3通道）三层交换机3SWA#1interface Eth-Trunkport link-type trunkport trunk allow-pass vlan 2 to 4094gvrp#3interface Eth-Trunkport link-type t

8、runkport trunk allow-pass vlan 2 to 4094gvrpinterface GigabitEthernet0/0/5 eth-trunk 1#interface GigabitEthernet0/0/6eth-trunk 1#interface GigabitEthernet0/0/7 eth-trunk 3#interface GigabitEthernet0/0/8 eth-trunk 32SWA :创建链路聚合（1通道和2通道）#1interface Eth-Trunkport link-type trunkport trunk allow-pass vl

9、an 2 to 4094#interface GigabitEthernet0/0/1eth-trunk 1#interface GigabitEthernet0/0/2eth-trunk 12#interface Ethernet0/0/1eth-trunk 2#interface Ethernet0/0/2eth-trunk 22swAXiisplay etn-txunkEth-Trunkl a atate information is;WorkingMode a NORMALHash arithmeticr According to S1P-XOR-DIPLeast Active-1in

10、knumber: 1 Max Bandwidth-affeeted-linknumbei: 8Operate atstuo: upNumber Of Up Port In Trunks 2FortNameStatusWe ight-Gigab i t Ethe rn&t 0/0/1Up1Gi gab i tEthe rnet 0/0/2Up1Eth-Trunk2 11 s atate intormation is :WorkingMode : NORMALHash arithmetic: According to SIE-XOR-DIPLeast Active-1inknumber: 1 Ma

11、x Bandwidth-affected-linknuinber: 8Operate status; upNumber Of Up Port In Trunk: 2PortNameStatusWeightEthernet0/0/1Up1EthernetO/O/2Up13 SWB创建链路聚合（1通道和2通道）2 interface Eth-Trunk3interface Eth-Trunkport link-type trunkport trunk allow-pass vlan 2 to 4094#interface Ethernet0/0/1eth-trunk 2#interface Eth

12、ernet0/0/2eth-trunk 2#interface GigabitEthernet0/0/1 eth-trunk 3#interface GigabitEthernet0/0/2 eth-trunk 32 s wB s pla yeth-trunkEthrurnk3 ,p a -state Inf ormatlon:Workiri-grMocie-; NORMALIla.9bi a.ri.t hme-1 ic：; Accor-dlinqi to SIP-XORLeseint: Aciz i. vca 1 inknuimbiax-:!1 Mi3.M Bandwidth-a f f a

13、ctcd2 inknumiber z B日c：匚点f mpraiAiTcr Qf Up Fort In Tzrunk 2-DIPPortNameStatusWelqmtGlgaDitEthernet0/0/1Up1 i t E t h e rnc t 0 /s0 / 2.L3p1Eth-Trunk2 * a atote mf oruiatlonWo tk: IJORHALHa#h? :toSTP-Least Act 1 ve- llnknuimloer t 1 Ma.x EB.ndwldth-a tected- J. 1 nknunfiiLier j Ope r-e tea t aEulls

14、: LipWumlDerOf Up PortTn Trunk i 2PortNannisStatiasiwJrt；EtnernetO/O/lUp1Ethe xntt 10/0/3Up1XOR-DTP要求三：内部三台交换机使用GVRP协议同步VLAN数据，内部三层交换机为SERVER角色；1三层交换机3SWAgvrp#interface Eth-Trunk1port link-type trunkport trunk allow-pass vlan 2 to 4094gvrp#interface Eth-Trunk3port link-type trunkport trunk allow-pas

15、s vlan 2 to 4094gvrp要求四：阻塞内部二层交换机B上面向内部交换机A的两个端口;三层交换机3SWA设置生成树的优先级为主优先stp instance 0 root primary2swA设置生成树的优先级为次优先stp instance 0 root secondarydi5play stp briefMSTIDPortRoleSTP StateProtection0EthernetO/O/5DE3IFORWARDINGKONE0Eth-TrunklROOTFORWARDINGKONE04JEth-Trunk2DESIFORWARDINGNONE2SWBMSTIDPortRo

16、leSTP StateProtection0Ethernet0/0/5DESIFORWARDINGNONE0_Eth-Trnnk2 0Eth-Trunk3etn-trunk 2 廿FORWARDINGNONE堵塞担了堵塞成功要求五：边界两台路由器实现网关冗余，要求默认流量从边界路由器A向外传输；边界路由器BRAinterface GigabitEthernet0/0/1ip address 192.168.0.129 255.255.255.224vrrp vrid 1 virtual-ip 192.168.0.131vrrp vrid 1 priority 200di3play vrrp

17、briefTot al:1Master:1 Backup:0 Konact ive:0vrid StateInterfaceTypevirtual IP1MasterGEO/O/1Normal192.166.0,131BRBinterface GigabitEthernet0/0/1ip address 192.168.0.130 255.255.255.224vrrp vrid 1 virtual-ip 192.168.0.131splay vrrp briefTotal:1 Master:0 Backup:1Non-act ive:0VRIDInterfaceType Virtual IP

18、1 BackupGE0/0/1Normal 192.168 b. 0 -131要求六：内部路由使用OSPF协议;边界路由器BRA ospf 1default-route-advertisearea 0.0.0.0network 192.168.0.129 0.0.0.0BRBospf 1default-route-advertisearea 0.0.0.0network 192.168.0.130 0.0.0.0三层交换机3SWAospf 1area 0.0.0.0network 192.168.0.161 0.0.0.0network 192.168.0.193 0.0.0.0network

19、 192.168.0.34 0.0.0.0network 192.168.0.66 0.0.0.0内部路由器RAospf 1area 0.0.0.0network 192.168.0.2 0.0.0.0network 192.168.0.225 0.0.0.0RBospf 1area 0.0.0.0network 192.168.0.98 0.0.0.0network 192.168.0.226 0.0.0.0要求七：分别映射两台WEB服务器的TCP 80端口至两台边界路由器的外部端口；边界路由器bRainterface Serial1/0/0link-protocol pppip addr

20、ess 202.102.24.98 255.255.255.252nat static global 202.102.24.96 inside 192.168.0.1 netmask 255.255.255.255 acl 3000display natstatic acl 3000Static Nat Information:Interface : Serial1/0/0Global IP/Port:202 * 102,24.96/Inside IP/Port:192.168.0.1/Protocol :VPN instance-name :Acl number:3000Netmask :

21、255.255.255.255Description : Total :1BRBinterface Serial1/0/0 link-protocol pppip address 102.202.249.194 255.255.255.252 nat static global 102.202.249.192 inside 192.168.0.97 netmask 255.255.255.255 acl 3001BRB|display nat stat ic acl ?INTEGER Apply basic or advanced ACLBRBdisplay nat static acl 30

22、01Static Nat Information:Interface : GiqabitEthernet0/0/1Global IP/Portr 102 *202 * 249.192/Inaide IP/Port:192.168,0,97/Protocol :VPN irL3tarLC&-name :Acl number:30G1Netmask : 255 255.255.255Description :Total :1BRBFBRB要求八：不允许内部客户端A访问WEB服务器A；不允许内部客户端B访问WEB服务器的TCP 80端口。RAacl number 2000rule 1 deny s

23、ource 192.168.0.32 0 interface GigabitEthernet0/0/0ip address 192.168.0.225 255.255.255.224traffic-filter inbound acl 2000display acl 2 000Basic ACL 2000, 1 ruleAcl1s step is 5rule 1 deny source 192.168*0.32 0RBacl number 3002rule 1 deny tcp source 192.168.0.64 0 destination-port eq www interface Gi

24、gabitEthernet0/0/0ip address 192.168.0.226 255.255.255.224 traffic-filter inbound acl 3002基本配置九：ip地址的配置和一些vlanISPinterface Serial1/0/0link-protocol ppp ip address 202.102.24.97 255.255.255.252interface Serial1/0/1link-protocol ppp ip address 102.202.249.193 255.255.255.252BRAinterface Serial1/0/0lin

25、k-protocol pppip address 202.102.24.98 255.255.255.252 interface GigabitEthernet0/0/1ip address 192.168.0.129 255.255.255.224BRBinterface Serial1/0/0link-protocol pppip address 102.202.249.194 255.255.255.252interface GigabitEthernet0/0/1ip address 192.168.0.130 255.255.255.224RAinterface GigabitEth

26、ernet0/0/0ip address 192.168.0.225 255.255.255.224#interface GigabitEthernet0/0/1ip address 192.168.0.2 255.255.255.224RBinterface GigabitEthernet0/0/0ip address 192.168.0.226 255.255.255.224#interface GigabitEthernet0/0/1ip address 192.168.0.98 255.255.255.2243SWAinterface GigabitEthernet0/0/1port

27、link-type accessport default vlan 30#interface GigabitEthernet0/0/2port link-type accessport default vlan 30#interface GigabitEthernet0/0/3port link-type accessport default vlan 100#interface GigabitEthernet0/0/4port link-type accessport default vlan 100interface Vlanif10ip address 192.168.0.34 255.255.255.224#interface Vlanif20ip address 192.168.0.66 255.255.255.224#interface Vlanif30ip address 192.168.0.161 255.255.255.224#interface Vlanif100ip address 192.168.0.193 255.255.255.224步骤七：测试注意事项1 公网地址的使用2 Ip地址的规划3 应用nat的时候端口一定不要映射错误（比如nat映射在了内网接口中

展开阅读全文