<a target="_blank" href="http://blog.51cto.com/attachment/201011/125054523.jpg"></a>
以上這道CCNA綜合實驗題來自于2010年湖南省計算機應用網絡管理者的一道操作題,看上去很容易,但對于基礎知識掌握不牢固且對Packet tracer 這個cisco模拟器不熟悉的人在規定的時間内要全都配置好還是有一定的困難的,下面我就這道綜合題來一一解答:
首先我們得先看明白本實驗的需求(我總結了一下,一共有十一點):
1,internet是ospf區域,不能通過OSPF邊緣路由器來增加到各企業網絡
的靜态路由,通告所有的本地直連的網絡。
2,R1-R3 FR-DLCI任意。
3,分公司和總部都需NAT轉換上網
4,SW1-SW2兩交換機間實作跨交換機互通,并通過端口聚合增加帶寬,
5,總部與分部都通過一條預設路由通達INTERNET。
6,分部出口路由器與INTERNET之間是PPP封裝,
7,R1與R2之間PPP,PAP認證。
8,vlan 10隻能ping通vlan 20 的www服務
9,W3交換機為了區域網路安全需要做相應的端口安全設定,并綁定相應的
網與IP
10,因為vlan 10需要PC62台,vlan 20需要280多台PC,需要對172.16.0.0/16
進行VLSM劃分,以最省IP位址的形式劃分VLAN。
11,server 0 充當DNS與web 伺服器,并且總部與分部都能通路web資源。
那麼我們可以從以上需求看出需要做的配置大概有這幾個:端口聚合,VLSM劃分,ACL通路控制,NAT網絡位址轉換,PPP封裝,PPP PAP認證,frame-relay幀中繼,端口安全,IP與MAC綁定,OSPF路由,VLAN劃分,DNS WEB配置,VTPvlan 中繼協定。既然分析了這些需求,那麼我們現在就可以用packet tracer去配置本實驗了。
我們分步進行,順序依次是總部-----INTERNET-----分部,
總部配置如下:
SW1:
Building configuration...
hostname Switch
ip routing
!
interface FastEthernet0/1
no switchport
ip address 202.103.100.1 255.255.255.252
ip nat outside
duplex auto
speed auto
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/3
interface FastEthernet0/4
switchport access vlan 10
interface FastEthernet0/5
!i
interface Port-channel 1
interface Vlan1
no ip address
shutdown
interface Vlan10
ip address 172.16.0.254 255.255.254.0
ip access-group 101 in
ip nat inside
interface Vlan20
ip address 172.16.2.254 255.255.254.0
ip access-group 101 out
ip nat inside source list 100 interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.103.100.2
access-list 100 permit ip 172.16.0.0 0.0.1.255 any
access-list 100 permit ip 172.16.2.0 0.0.0.127 any
access-list 101 permit tcp 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127 eq www
access-list 101 deny ip 172.16.0.0 0.0.1.255 172.16.2.0 0.0.0.127
access-list 101 permit ip any any
line con 0
line vty 0 4
login
end
SW2:Building configuration...
switchport access vlan 20
switchport mode access
interface FastEthernet0/6
-------------------------------------------------------------------------分部----------------------》》》
SW3:
switchport access vlan 100
switchport port-security
switchport access vlan 200
line vty 5 15
router 3:
-encryption
hostname Router
interface FastEthernet0/0
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.254 255.255.255.0
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.2.254 255.255.255.0
interface Serial1/0
ip address 202.103.100.18 255.255.255.252
interface Serial1/1
ip nat inside source list 100 interface Serial1/0 overload
ip nat inside source static tcp 192.168.1.2 80 202.103.100.18 80
ip nat inside source static udp 192.168.1.2 53 202.103.100.18 53
ip route 0.0.0.0 0.0.0.0 202.103.100.17
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
_________________________________________________internet配置_____________________
R3:
ip address 202.103.100.14 255.255.255.252
encapsulation frame-relay
frame-relay interface-dlci 301
ip address 202.103.100.6 255.255.255.252
interface Serial1/2
ip address 202.103.100.17 255.255.255.252
clock rate 64000
router ospf 100
log-adjacency-changes
network 202.103.100.16 0.0.0.3 area 0
network 202.103.100.12 0.0.0.3 area 0
network 202.103.100.4 0.0.0.3 area 0
no cdp run
R2:
ip address 202.103.100.2 255.255.255.252
ip address 202.103.100.9 255.255.255.252
ip address 202.103.100.5 255.255.255.252
network 202.103.100.8 0.0.0.3 area 0
network 202.103.100.0 0.0.0.3 area 0
R1:
ip address 202.103.100.10 255.255.255.252
ip address 202.103.100.13 255.255.255.252
frame-relay interface-dlci 103
-------------------------------應用伺服器的配置就不去寫了-----------
接下來就來看一下測試結果吧,
1,測試總部與INTERNET連通性:
2,測試分部與INTERNE連通性:
3,測試總部與分部是否能夠通路WEB伺服器:
<a target="_blank" href="http://blog.51cto.com/attachment/201011/132759766.jpg"></a>
4,測試NAT是否生效:
測試語句:
結果:
<a target="_blank" href="http://blog.51cto.com/attachment/201011/133029727.jpg"></a>
。。。好吧,剩下的我也就不再贅述了,希望能夠通過此實驗讓各位都能強化一下網絡基礎知識,為掌握更好的網絡技術而努力!
(:>>.........
v v v ...
by zenfei
本文轉自 Bruce_F5 51CTO部落格,原文連結:http://blog.51cto.com/zenfei/415846
![圖解HTTP八:确認通路使用者身份的認證[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)