组网实训实现

小型单元网络实现

IP划分：

外网:172.1.1.0/24

172.1.2.0/24

内网：基于192.168.3.0/24的子网划分

综合办公楼：192.168.3.00 000000 /26（192.168.3.0-192.168.3.63）

综合一楼：192.168.3.0000 0000 /28（.0-.15） vlan10

综合二楼：192.168.3.0001 0000 /28（.16-.31） vlan20

综合三楼：192.168.3.0010 0000 /28（.32-.47） vlan30

综合楼预留地址：192.168.3.0011 0000 /28（.48-.63）

女生公寓： 192.168.3.01 000000 /26（192.168.3.64-192.168.3.127）

女生一楼： 192.168.3.01 000 000 /29（.64-.71） vlan 40

女生二楼： 192.168.3.01 001 000 /29（.72-.79） vlan 50

女生三楼： 192.168.3.01 010 000 /29（.80-.87） vlan 60

女生四楼： 192.168.3.01 011 000 /29（.88-.95） vlan 70

女生五楼： 192.168.3.01 100 000 /29（.96-.103） vlan 80

女生六楼： 192.168.3.01 101 000 /29（.104-.111）vlan 90

女生公寓预留地址：192.168.3.0111 0 000 /29（.112-.127）

男生公寓： 192.168.3.10 000000 /26（192.168.3.128-192.168.3.191）

男生一楼：192.168.3.10 000 000 /29（.128-.135） vlan 100

男生二楼：192.168.3.10 001 000 /29（.136-.143） vlan 110

男生三楼：192.168.3.10 010 000 /29（.144-.151） vlan 120

男生四楼：192.168.3.10 011 000 /29（.152-.159） vlan 130

男生五楼：192.168.3.10 100 000 /29（.160-.167） vlan 140

男生六楼：192.168.3.10 101 000 /29（.168-.175） vlan 150

男生公寓预留地址：192.168.3.10 11 0 000 /28（.176-.191）

业务管理： 192.168.3.110 00000 /27（192.168.3.192-192.168.3.223）

HTTP管理一：192.168.3.110 00 000 /29（.192-.199） vlan 300

FTP 管理二：192.168.3.110 01 000 /29（.200-.207） vlan 310

DNS 管理三：192.168.3.110 10 000 /29（.208-.215） vlan 320

管理预留地址：192.168.3.110 11 000 /29（.216-.223）

vlanif200： 192.168.3.1110 0000/28（.224-.239）

vlanif210： 192.168.3.11110 000/29（.240-.247）

内网总预留地址： 192.168.3.11111 000/29（.248-.255）

undo info-center enable // 关闭自动弹出的信息

LSW2：

2. LSW1，LSW2之间链路做聚合

LSW1interface Eth-Trunk 1

LSW1-Eth-Trunk1mode manual load-balance

LSW1-Eth-Trunk1trunkport GigabitEthernet 0/0/2 0/0/22

LSW2interface Eth-Trunk 1

LSW2-Eth-Trunk1mode manual load-balance

LSW2-Eth-Trunk1trunkport GigabitEthernet 0/0/2 0/0/22

综合办公楼：

LSW5：

LSW5vlan 10

LSW5-vlan10q

LSW5interface GigabitEthernet 0/0/1

LSW5-GigabitEthernet0/0/1port link-type access

LSW5-GigabitEthernet0/0/1port default vlan 10

LSW5-GigabitEthernet0/0/1q

LSW5interface GigabitEthernet 0/0/5

LSW5-GigabitEthernet0/0/5port link-type trunk

LSW5-GigabitEthernet0/0/5port trunk allow-pass vlan all

LSW6：

LSW6vlan 20

LSW6-vlan20q

LSW6interface GigabitEthernet 0/0/1

LSW6-GigabitEthernet0/0/1port link-type access

LSW6-GigabitEthernet0/0/1port default vlan 20

LSW6-GigabitEthernet0/0/1q

LSW6interface GigabitEthernet 0/0/6

LSW6-GigabitEthernet0/0/6port link-type trunk

LSW6-GigabitEthernet0/0/6port trunk allow-pass vlan all

LSW7：

LSW7vlan 30

LSW7-vlan20q

LSW7interface GigabitEthernet 0/0/1

LSW7-GigabitEthernet0/0/1port link-type access

LSW7-GigabitEthernet0/0/1port default vlan 30

LSW7-GigabitEthernet0/0/1q

LSW7interface GigabitEthernet 0/0/7

LSW7-GigabitEthernet0/0/6port link-type trunk

LSW7-GigabitEthernet0/0/6port trunk allow-pass vlan all

LSW2：

LSW2vlan batch 10 20 30 200

LSW2interface Vlanif200

LSW2-Vlanif200ip address 192.168.3.225 255.255.255.240

LSW2interface GigabitEthernet 0/0/5

LSW2-GigabitEthernet0/0/5port link-type trunk

LSW2-GigabitEthernet0/0/5port trunk allow-pass vlan all

LSW2-GigabitEthernet0/0/5int vlanif 10

LSW2-Vlanif10ip address 192.168.3.14 28

LSW2-Vlanif10q

LSW2interface GigabitEthernet 0/0/6

LSW2-GigabitEthernet0/0/6port link-type trunk

LSW2-GigabitEthernet0/0/6port trunk allow-pass vlan all

LSW2-GigabitEthernet0/0/6int vlanif 20

LSW2-Vlanif20ip address 192.168.3.30 28

LSW2-Vlanif20q

LSW2interface GigabitEthernet 0/0/7

LSW2-GigabitEthernet0/0/7port link-type trunk

LSW2-GigabitEthernet0/0/7port trunk allow-pass vlan all

LSW2-GigabitEthernet0/0/7int vlanif 30

LSW2-Vlanif30ip address 192.168.3.46 28

LSW2interface GigabitEthernet 0/0/2

LSW2-GigabitEthernet0/0/2port link-type trunk

LSW2-GigabitEthernet0/0/2port trunk allow-pass vlan all

LSW2-GigabitEthernet0/0/2q

LSW2interface GigabitEthernet 0/0/22

LSW2-GigabitEthernet0/0/22port link-type trunk

LSW2-GigabitEthernet0/0/22port trunk allow-pass vlan all

LSW2-GigabitEthernet0/0/22q

LSW2ip route-static 0.0.0.0 0.0.0.0 192.168.3.238

测试：

LSW1核心交换机：

LSW1vlan batch 10 20 30 200 210

LSW1dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

LSW1int vlanif 10

LSW1-Vlanif10ip address 192.168.3.14 28

LSW1-Vlanif10dhcp select interface

LSW1-Vlanif10dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1int vlanif 20

LSW1-Vlanif20ip address 192.168.3.30 28

LSW1-Vlanif20dhcp select interface

LSW1-Vlanif20dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif20q

LSW1int vlanif 30

LSW1-Vlanif30ip address 192.168.3.46 28

LSW1-Vlanif30dhcp select interface

LSW1-Vlanif30dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif30q

LSW1int vlanif 200

LSW1-Vlanif200ip address 192.168.3.238 28

LSW1-Vlanif200q

LSW1interface GigabitEthernet 0/0/2

LSW1-GigabitEthernet0/0/2port link-type trunk

LSW1-GigabitEthernet0/0/2port trunk allow-pass vlan all

LSW1-GigabitEthernet0/0/2q

LSW1interface GigabitEthernet 0/0/22

LSW1-GigabitEthernet0/0/22port link-type trunk

LSW1-GigabitEthernet0/0/22port trunk allow-pass vlan all

LSW1-GigabitEthernet0/0/22q

LSW1interface GigabitEthernet 0/0/1

LSW1-GigabitEthernet0/0/1port link-type access

LSW1-GigabitEthernet0/0/1port default vlan 210

LSW1-GigabitEthernet0/0/1q

LSW1int vlanif 210

LSW1-Vlanif210ip address 192.168.3.246 28

LSW1ip route-static 0.0.0.0 0.0.0.0 192.168.3.241

R1出口路由的配置：

R1interface GigabitEthernet0/0/0

R1-GigabitEthernet0/0/0ip address 192.168.3.241 29

R1ip route-static 192.168.3.14 255.255.255.240 192.168.3.246

R1ip route-static 192.168.3.30 255.255.255.240 192.168.3.246

R1ip route-static 192.168.3.46 255.255.255.240 192.168.3.246

R1ip route-static 192.168.3.238 255.255.255.240 192.168.3.246

测试：

nat：

R1-acl-basic-2000rule permit source 192.168.3.0 0.0.0.255

R1-acl-basic-2000q

R1interface GigabitEthernet0/0/1

R1-GigabitEthernet0/0/1ip address 172.1.1.1 24

R1-GigabitEthernet0/0/1nat address-group 1 172.1.1.5 172.1.1.10

R1-GigabitEthernet0/0/1nat outbound 2000 address-group 1 no-pat

测试：

地址静态绑定，打印机场景。

LSW1dhcp snooping en

LSW1vlan 10

LSW1-vlan10dhcp snooping enable

LSW1-vlan10ip source check user-bind en

测试：

女生公寓部分：

LSW8：

LSW8vlan 40

LSW8-vlan40q

LSW8interface GigabitEthernet 0/0/1

LSW8-GigabitEthernet0/0/1port link-type access

LSW8-GigabitEthernet0/0/1port default vlan 40

LSW8-GigabitEthernet0/0/1q

LSW8interface GigabitEthernet 0/0/8

LSW8-GigabitEthernet0/0/8port link-type trunk

LSW8-GigabitEthernet0/0/8port trunk allow-pass vlan all

LSW9：

LSW9vlan 50

LSW9-vlan50q

LSW9interface GigabitEthernet 0/0/1

LSW9-GigabitEthernet0/0/1port link-type access

LSW9-GigabitEthernet0/0/1port default vlan 50

LSW9-GigabitEthernet0/0/1q

LSW9interface GigabitEthernet 0/0/9

LSW9-GigabitEthernet0/0/9port link-type trunk

LSW9-GigabitEthernet0/0/9port trunk allow-pass vlan all

LSW10:

LSW10vlan 60

LSW10-vlan60q

LSW10interface GigabitEthernet 0/0/1

LSW10-GigabitEthernet0/0/1port link-type access

LSW10-GigabitEthernet0/0/1port default vlan 60

LSW10-GigabitEthernet0/0/1q

LSW10interface GigabitEthernet 0/0/10

LSW10-GigabitEthernet0/0/10port link-type trunk

LSW10-GigabitEthernet0/0/10port trunk allow-pass vlan all

LSW11:

LSW11vlan 70

LSW11-vlan70q

LSW11interface GigabitEthernet 0/0/1

LSW11-GigabitEthernet0/0/1port link-type access

LSW11-GigabitEthernet0/0/1port default vlan 70

LSW11-GigabitEthernet0/0/1q

LSW11interface GigabitEthernet 0/0/11

LSW11-GigabitEthernet0/0/11port link-type trunk

LSW11-GigabitEthernet0/0/11port trunk allow-pass vlan all

LSW12:

LSW12vlan 80

LSW12-vlan80q

LSW12interface GigabitEthernet 0/0/1

LSW12-GigabitEthernet0/0/1port link-type access

LSW12-GigabitEthernet0/0/1port default vlan 80

LSW12-GigabitEthernet0/0/1q

LSW12interface GigabitEthernet 0/0/12

LSW12-GigabitEthernet0/0/12port link-type trunk

LSW12-GigabitEthernet0/0/12port trunk allow-pass vlan all

LSW13:

LSW13vlan 90

LSW13-vlan90q

LSW13interface GigabitEthernet 0/0/1

LSW13-GigabitEthernet0/0/1port link-type access

LSW13-GigabitEthernet0/0/1port default vlan 90

LSW13-GigabitEthernet0/0/1q

LSW13interface GigabitEthernet 0/0/13

LSW13-GigabitEthernet0/0/13port link-type trunk

LSW13-GigabitEthernet0/0/13port trunk allow-pass vlan all

LSW3:

LSW3vlan batch 40 50 60 70 80 90 200

LSW3-Vlanif200ip address 192.168.3.226 28

LSW3-Vlanif200q

LSW3int g 0/0/8

LSW3-GigabitEthernet0/0/8port link-type trunk

LSW3-GigabitEthernet0/0/8port trunk allow-pass vlan

LSW3-GigabitEthernet0/0/8port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/8int vlanif40

LSW3-Vlanif40ip address 192.168.3.70 29

LSW3int g 0/0/9

LSW3-GigabitEthernet0/0/9port link-type trunk

LSW3-GigabitEthernet0/0/9port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/9int vlanif50

LSW3-Vlanif50ip address 192.168.3.78 29

LSW3interface GigabitEthernet 0/0/10

LSW3-GigabitEthernet0/0/10port link-type trunk

LSW3-GigabitEthernet0/0/10port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/10int vlanif60

LSW3-Vlanif60ip address 192.168.3.86 29

LSW3-Vlanif60q

LSW3interface GigabitEthernet 0/0/11

LSW3-GigabitEthernet0/0/11port link-type trunk

LSW3-GigabitEthernet0/0/11port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/11int vlanif 70

LSW3-Vlanif70ip address 192.168.3.94 29

LSW3-Vlanif70q

LSW3interface GigabitEthernet 0/0/12

LSW3-GigabitEthernet0/0/12port link-type trunk

LSW3-GigabitEthernet0/0/12port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/12int vlanif 80

LSW3-Vlanif80ip address 192.168.3.102 29

LSW3-Vlanif80q

LSW3interface GigabitEthernet 0/0/13

LSW3-GigabitEthernet0/0/13port link-type trunk

LSW3-GigabitEthernet0/0/13port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/13int vlanif 90

LSW3-Vlanif90ip address 192.168.3.110 29

LSW3-Vlanif90q

LSW3interface GigabitEthernet 0/0/3

LSW3-GigabitEthernet0/0/3port link-type trunk

LSW3-GigabitEthernet0/0/3port trunk allow-pass vlan all

LSW3-GigabitEthernet0/0/3q

LSW3interface GigabitEthernet 0/0/23

LSW3-GigabitEthernet0/0/23port link-type trunk

LSW3-GigabitEthernet0/0/23port trunk allow-pass vlan all

LSW3ip route-static 0.0.0.0 0.0.0.0 192.168.3.238

测试：

LSW1核心交换机：

LSW1vlan batch 40 50 60 70 80 90

interface Vlanif40

ip address 192.168.3.70 255.255.255.248

LSW1-Vlanif40dhcp select interface

LSW1-Vlanif40dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif40q

LSW1int vlanif 50

interface Vlanif50

ip address 192.168.3.78 255.255.255.248

LSW1-Vlanif50dhcp select interface

LSW1-Vlanif50dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif50q

LSW1int vlanif 60

LSW1-Vlanif60ip address 192.168.3.86 29

LSW1-Vlanif60dhcp select interface

LSW1-Vlanif60dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif60q

LSW1int vlanif 70

LSW1-Vlanif70ip address 192.168.3.94 29

LSW1-Vlanif70dhcp select interface

LSW1-Vlanif70dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif70q

LSW1int vlanif 80

LSW1-Vlanif80ip address 192.168.3.102 29

LSW1-Vlanif80dhcp select interface

LSW1-Vlanif80dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif80q

LSW1int vlanif 90

LSW1-Vlanif90ip address 192.168.3.110 29

LSW1-Vlanif90dhcp select interface

LSW1-Vlanif90dhcp server dns-list 114.114.114.114 8.8.8.8

LSW1-Vlanif90q

LSW1interface GigabitEthernet 0/0/3

LSW1-GigabitEthernet0/0/3port link-type trunk

LSW1-GigabitEthernet0/0/3port trunk allow-pass vlan all

LSW1-GigabitEthernet0/0/3q

LSW1interface GigabitEthernet 0/0/23

LSW1-GigabitEthernet0/0/23port link-type trunk

LSW1-GigabitEthernet0/0/23port trunk allow-pass vlan all

R1出口路由的配置：

AR1ip route-static 192.168.3.70 255.255.255.248 192.168.3.246

AR1ip route-static 192.168.3.78 255.255.255.248 192.168.3.246

AR1ip route-static 192.168.3.86 255.255.255.248 192.168.3.246

AR1ip route-static 192.168.3.94 255.255.255.248 192.168.3.246

AR1ip route-static 192.168.3.102 255.255.255.248 192.168.3.246

AR1ip route-static 192.168.3.110 255.255.255.248 192.168.3.246

测试：

ospf:

AR1：

AR1ospf 1

AR1-ospf-1area 0

AR1-ospf-1-area-0.0.0.0network 172.1.1.0 0.0.0.255

AR2：

AR2-GigabitEthernet0/0/0ip address 172.1.2.1 24

AR2-GigabitEthernet0/0/0q

AR2ospf 1

AR2-ospf-1area 0

AR2-ospf-1-area-0.0.0.0network 172.1.1.0 0.0.0.255

AR2-ospf-1-area-0.0.0.0network 172.1.2.0 0.0.0.255

http，ftp，dns服务器部分：

LSW20：

LSW20vlan batch 300 310 320

LSW20int

LSW20interface g

LSW20interface GigabitEthernet 0/0/1

LSW20-GigabitEthernet0/0/1port link-type access

LSW20-GigabitEthernet0/0/1port default vlan 300

LSW20-GigabitEthernet0/0/1int g 0/0/2

LSW20-GigabitEthernet0/0/2port link-type access

LSW20-GigabitEthernet0/0/2port default vlan 310

LSW20-GigabitEthernet0/0/2int g 0/0/3

LSW20-GigabitEthernet0/0/3port link-type access

LSW20-GigabitEthernet0/0/3port default vlan 320

LSW20-GigabitEthernet0/0/3q

LSW20int g 0/0/10

LSW20-GigabitEthernet0/0/10port link-type trunk

LSW20-GigabitEthernet0/0/10port trunk allow-pass vlan all

LSW20-GigabitEthernet0/0/10int g 0/0/20

LSW20-GigabitEthernet0/0/20port link-type trunk

LSW20-GigabitEthernet0/0/20port trunk allow-pass vlan all

LSW1：

LSW1int g 0/0/10

LSW1-GigabitEthernet0/0/10port link-type trunk

LSW1-GigabitEthernet0/0/10port trunk allow-pass vlan all

LSW1-GigabitEthernet0/0/10int g 0/0/20

LSW1-GigabitEthernet0/0/20port link-type trunk

LSW1-GigabitEthernet0/0/20port trunk allow-pass vlan all

LSW1vlan batch 300 310 320

LSW1-Vlanif320int vlanif 300

LSW1-Vlanif300ip address 192.168.3.198 29

LSW1-Vlanif300int vlanif 310

LSW1-Vlanif310ip address 192.168.3.206 29

LSW1-Vlanif310int vlanif 320

LSW1-Vlanif320ip address 192.168.3.214 29

dns：

http：

ftp:

用Client3测试：

http：

ftp:

telnet:

AR1user-interface vty 0 4

AR1-ui-vty0-4authentication-mode aaa

AR1aaa

AR1-aaalocal-user xiao privilege level 15 password cipher 22060503

AR1-aaalocal-user xiao service-type telnet

AR1-acl-adv-3000rule deny tcp source 192.168.3.64 0.0.0.192 destination 192.16

8.3.241 0.0.0.0 destination-port eq 23

AR1int GigabitEthernet 0/0/1

AR1-GigabitEthernet0/0/1traffic-filter inbound acl 3000

测试：