您的当前位置：首页网络实验必备配置- 所有实验的命令

网络实验必备配置- 所有实验的命令

来源：画鸵萌宠网

实验一：交换综合实验 1、S26上的配置： S26(con)#vlan 20 S26(con)#vlan 30

S26(con)#int range fa 0/1-5

S26(con-if)#switchport access vlan 20 S26(con)#int range fa 0/11-15

S26(con-if)#switchport access vlan 30 S26(con)#int range fa 0/23-24

S26(con-if)#switchport mode trunk 配置生成树协议

S26(con)#spanning-tree

S26(con)#spanning-tree mode stp S26(con)#spanning-tree priority 4096 2、S35上的配置： S35(con)#vlan 20 S35(con)#vlan 30

S35(con)#int range fa 0/1-5

S35(con-if)#switchport access vlan 20 S35(con)#int range fa 0/11-15

S35(con-if)#switchport access vlan 30 S35(con)#int range fa 0/23-24

S35(con-if)#switchport mode trunk S35(con)#int vlan 20 S35(con-if)#ip address 192.168.20.1 255.255.255.0

S35(con-if)#no shutdown S35(con)#int vlan 30 S35(con-if)#ip address 192.168.30.1 255.255.255.0

S35(con-if)#no shutdown 配置生成树协议

S35(con)#spanning-tree

S35(con)#spanning-tree mode stp S35上开启路由协议 S35(con)#int f0/10

S35(con-if)#no switchport ***开启三层端口，关闭交换端口 S35(con-if)#ip address 192.168.10.2 255.255.255.0

S35(con-if)#no shutdown S35(con)#router rip

S35(con-route)#network 192.168.20.0 S35(con-route)#network 192.168.30.0 S35(con-route)#network 192.168.10.0 3、路由器上的配置 R2624的配置： R2624(con)#int s1

R2624(con-if)#clock rate 000 R2624(con)#ip address 192.168.2.2 255.255.255.0

R2624(con)#no shutdown R2624(con)#int f0 R2624(con)#ip address 192.168.10.1 255.255.255.0

R2624(con)#no shutdown R2624(con)#int loopback 2

R2624(con)#ip address 2.2.2.2 255.255.255.0 R2624(con)#router rip

R2624(con-route)#network 192.168.2.0 R2624(con-route)#network 2.2.2.0

R2624(con-route)#network 192.168.10.0 R2620的配置： R2624(con)#int s0 R2624(con)#ip address 192.168.2.1 255.255.255.0

R2624(con)#no shutdown R2624(con)#int f0 R2624(con)#ip address 192.168.100.1 255.255.255.0

R2624(con)#no shutdown R2624(con)#int loopback 1

R2624(con)#ip address 1.1.1.1 255.255.255.0 R2624(con)#router rip

R2624(con-route)#network 192.168.2.0 R2624(con-route)#network 1.1.1.0

R2624(con-route)#network 192.168.100.0 4、验证命令交换机上 sh vlan

sh running-config sh spanning-tree

sh spanning-tree interface f0/23 路由器上 sh ip int b sh run sh route

实验二ospf综合 1.S3550-1配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-1 S3550-1(con)#vlan 5

S3550-1(config-vlan)#exit S3550-1(con)#vlan 6

S3550-1(config-vlan)#exit

S3550-1(con)#int range fa 0/1-5

S3550-1(con-if)#switchport access vlan 5 S3550-1(con-if)#exit

S3550-1(con)#int range fa 0/6-10

S3550-1(con-if)#switchport access vlan 6 S3550-1(con-if)#exit S3550-1(con)#int vlan 5

S3550-1(con-if)#ip address 192.168.5.1 255.255.255.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

S3550-1(con)#int vlan 6 //用6号端口连接一台电脑，以方便做测试

S3550-1(con-if)#ip address 192.168.6.1 255.255.255.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

S3550-1#show vlan //验证一下自己的配置

配置ospf路由协议： S3550-1(con)#router ospf S3550-1(con-route)#network 192.168.5.0 0.0.0.255 area 0

S3550-1(con-route)#network 192.168.6.0 0.0.0.255 area 0 验证命令:

S3550-1#Show ip ospf

S3550-1#Show ip ospf border-routers S3550-1#Show ip ospf interface S3550-1#Show ip ospf neighbor S3550-1#Show ip route 2.S3550-2配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-2 S3550-2(con)#vlan 10 S3550-2(config-vlan)#exit S3550-2(con)#vlan 11 S3550-2(config-vlan)#exit

S3550-2(con)#int range fa 0/1-10

S3550-2(con-if)#switchport access vlan 10 S3550-2(con-if)#exit

S3550-2(con)#int range fa 0/11-20

S3550-2(con-if)#switchport access vlan 11 S3550-2(con-if)#exit S3550-2(con)#int vlan 10

S3550-2(con-if)#ip address 192.168.10.1 255.255.255.0

S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

S3550-2(con)#int vlan 11 //用11号端口连接一台电脑，以方便做测试

S3550-2(con-if)#ip address 192.168.11.1 255.255.255.0

S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

S3550-2#show vlan //验证一下自己的配置

配置ospf路由协议： S3550-2(con)#router ospf S3550-2(con-route)#network 192.168.10.0 0.0.0.255 area 0

S3550-2(con-route)#network 192.168.11.0 0.0.0.255 area 0 验证命令:

S3550-2#Show ip ospf

S3550-2#Show ip ospf border-routers S3550-2#Show ip ospf interface S3550-2#Show ip ospf neighbor S3550-2#Show ip route

3.R2624-2配置： Red-Giant>en 14

Red-Giant#configure terminal

Red-Giant(config)#hostname R2624-2 R2624-2(con)#int s0

R2624-2(con-if)#ip address 192.168.14.2 255.255.255.0

R2624-2(con-if)#encapsulation ppp R2624-2(con-if)#no shutdown R2624-2(config-if)# exit R2624-2(con)#int f1

R2624-2(con-if)#ip address 192.168.10.2 255.255.255.0

R2624-2(con-if)#no shutdown R2624-2(con-if)# exit R2624-2(con)#int f0

R2624-2(con-if)#ip address 192.168.5.2 255.255.255.0

R2624-2(con-if)#no shutdown R2624-2(config-if)# exit R2624-2(con)#int loopback 2

R2624-2(con-if)#ip address 192.168.2.1 255.255.255.0

R2624-2(config-if)# exit

R2624-2(con)#router ospf 100

R2624-2(con-route)#network 192.168.14.0 0.0.0.255 area 0

R2624-2(con-route)#network 192.168.10.0 0.0.0.255 area 0

R2624-2(con-route)#network 192.168.5.0 0.0.0.255 area 0

R2624-2(con-route)#network 192.168.2.0 0.0.0.255 area 0 验证命令:

R2624-2#Show ip ospf

R2624-2#Show ip ospf border-routers R2624-2#Show ip ospf interface R2624-2#Show ip ospf neighbor R2624-2#Show ip route

4.R2624-1配置： Red-Giant>en 14

Red-Giant#configure terminal

Red-Giant(config)#hostname R2624-1 R2624-1(con)#int s0

R2624-1(con-if)#ip address 192.168.12.1 255.255.255.0

R2624-1(con-if)#encapsulation ppp R2624-1(con-if)#no shutdown R2624-1(config-if)# exit R2624-1(con)#int s1

R2624-1(con-if)#ip address 192.168.13.1 255.255.255.0

R2624-1(con-if)#clock rate 000 R2624-1(con-if)#encapsulation ppp R2624-1(con-if)#no shutdown R2624-1(con-if)# exit R2624-1(con)#int s2

R2624-1(con-if)#ip address 192.168.14.1 255.255.255.0

R2624-1(con-if)#clock rate 000 R2624-1(con-if)#encapsulation ppp R2624-1(con-if)#no shutdown R2624-1(config-if)# exit R2624-1(con)#int loopback 1

R2624-1(con-if)#ip address 192.168.1.1 255.255.255.0

R2624-1(config-if)# exit

R2624-1(config)# router ospf 100 R2624-1(config-router)# network 192.168.14.0 0.0.0.255 area 0 R2624-1(config-router)# network 192.168.13.0 0.0.0.255 area 2 R2624-1(config-router)# network 192.168.12.0 0.0.0.255 area 1

R2624-1(config-router)# network 192.168.1.0 0.0.0.255 area 0

R2624-1(config-router)#area 2 virtual-link 192.168.4.1

R2624-1(config-router)# exit

验证命令:

R2620-1#Show ip ospf

R2620-1#Show ip ospf border-routers R2620-1#Show ip ospf interface R2620-1#Show ip ospf neighbor

R2620-1#Show ip route

5.R2620-1配置： Red-Giant>en 14

Red-Giant#configure terminal

Red-Giant(config)#hostname R2620-1 R2620-1(con)#int s1

R2620-1(con-if)#ip address 192.168.12.2 255.255.255.0

R2620-1(con-if)#clock rate 000 R2620-1(con-if)#encapsulation ppp R2620-1(con-if)#no shutdown R2620-1(config-if)# exit R2620-1(con)#int loopback 3

R2620-1(con-if)#ip address 192.168.3.1 255.255.255.0

R2620-1(config-if)# exit

R2620-1(config)# router ospf 100 R2620-1(config-router)# network 192.168.12.0 0.0.0.255 area 1

R2620-1(config-router)# network 192.168.3.0 0.0.0.255 area 1

R2620-1(config-router)# exit

验证命令:

R2620-1#Show ip ospf

R2620-1#Show ip ospf border-routers R2620-1#Show ip ospf interface R2620-1#Show ip ospf neighbor R2620-1#Show ip route

6.R2620-2配置： Red-Giant>en 14

Red-Giant#configure terminal

Red-Giant(config)#hostname R2620-2 R2620-2(config)# interface loopback 4

R2620-2(config-if)# ip address 192.168.4.1 255.255.255.0

R2620-2(config-if)# exit

R2620-2(config)# interface s0

R2620-2(config-if)# encapsulation ppp

R2620-2(config-if)# ip address 192.168.13.2 255.255.255.0 R2620-2(config-if)# no shut R2620-2(config-if)#exit

R2620-2(config)# router ospf 100 R2620-2(config-router)# network 192.168.13.0 0.0.0.255 area 2

R2620-2(config-router)# network 192.168.4.0 0.0.0.255 area 2

R2620-2(config-router)# network 10.1.1.1 0.0.0.255 area 3

R2620-2(config-router)#area 2 virtual-link 192.168.1.1

R2620-2(config-router)# exit

验证命令:

R2620-2#Show ip ospf

R2620-2#Show ip ospf border-routers R2620-2#Show ip ospf interface R2620-2#Show ip ospf neighbor R2620-2#Show ip route

说明：

1.各路由的端口上牵涉到了哪个是DTE，哪个是DCE

2.牵涉到了ppp协议的封装

3.各路由器上的回环接口，应该是可以用来做测试的

4.为方便做测试，两个三层交换机上分别接了一台电脑

S3550－1的6号端口上 ip：192.168.6.2

掩码：255.255.255.0 网关：192.168.6.1

S3550－2的11端口上 ip：192.168.11.2 掩码：255.255.255.0 网关：192.168.11.1

5.验证命令是老师给的5个，可能在不同设备上用的命令不同，有待验证

实验三：vrrp 1.S2126-1配置： switch>en 14

switch# configure terminal

switch(config)#hostname S2126-1 S2126-1(con)#vlan 10 S2126-1(config-vlan)#exit S2126-1(con)#vlan 20 S2126-1(config-vlan)#exit

S2126-1(con)#int range fa 0/1-10

S2126-1(con-if)#switchport access vlan 10 S2126-1(con-if)#exit

S2126-1(con)#int range fa 0/11-20

S2126-1(con-if)#switchport access vlan 20 S2126-1(con-if)#exit

S2126-1(con)#int range fa 0/23-24

S2126-1(con-if)#switchport mode trunk

连接两台电脑，一台属于vlan10（1－10），一台属于vlan20（11－20） 23用于连接S3550－1（23），24用于连接S3550－2（24）

电脑1：

ip：192.168.10.3

子网掩码：255.255.255.0 网关：192.168.10.1

电脑2：

ip：192.168.20.3

子网掩码：255.255.255.0 网关：192.168.20.2

用tracert命令做测试

2.S3550－1配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-1 S3550-1(con)#vlan 10 S3550-1(config-vlan)#exit S3550-1(con)#vlan 20 S3550-1(config-vlan)#exit

S3550-1(con)#int range fa 0/1-10 S3550-1(con-if)#switchport access vlan 10 S3550-1(con-if)#exit

S3550-1(con)#int range fa 0/11-20

S3550-1(con-if)#switchport access vlan 20 S3550-1(con-if)#exit

S3550-1(con)#int range fa 0/23-24

S3550-1(con-if)#switchport mode trunk S3550-1(con-if)#exit S3550-1(con)#int vlan 10

S3550-1(con-if)#ip address 192.168.10.1 255.255.255.0

S3550-1(config-if)#standby 1 ip 192.168.10.1 S3550-1(config-if)#standby 1 priority 10 S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

S3550-1(con)#int vlan 20

S3550-1(con-if)#ip address 192.168.20.1 255.255.255.0

S3550-1(config-if)#standby 2 ip 192.168.20.2 S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

配置ospf路由协议： S3550-1(con)#router ospf S3550-1(con-route)#network 192.168.10.0 0.0.0.255 area 0

S3550-1(con-route)#network 192.168.20.0 0.0.0.255 area 0

用该设备的（1－10）端口连接R2624－2的F1

3.S3550-2配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-2 S3550-2(con)#vlan 10 S3550-2(config-vlan)#exit S3550-2(con)#vlan 20 S3550-2(config-vlan)#exit

S3550-2(con)#int range fa 0/1-10

S3550-2(con-if)#switchport access vlan 10 S3550-2(con-if)#exit

S3550-2(con)#int range fa 0/11-20

S3550-2(con-if)#switchport access vlan 20 S3550-2(con-if)#exit

S3550-2(con)#int range fa 0/23-24

S3550-2(con-if)#switchport mode trunk S3550-2(con-if)#exit S3550-2(con)#int vlan 10

S3550-2(con-if)#ip address 192.168.10.2 255.255.255.0

S3550-2(config-if)#standby 1 ip 192.168.10.1 S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

S3550-2(con)#int vlan 20

S3550-2(con-if)#ip address 192.168.20.2 255.255.255.0

S3550-2(config-if)#standby 2 ip 192.168.20.2 S3550-2(config-if)#standby 2 priority 120 S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

配置ospf路由协议： S3550-2(con)#router ospf S3550-2(con-route)#network 192.168.10.0 0.0.0.255 area 0

S3550-2(con-route)#network 192.168.20.0 0.0.0.255 area 0

用该设备的（11－20）端口连接R2624－2的F0

4.R2624-2配置： Red-Giant>en 14

Red-Giant#configure terminal

Red-Giant(config)#hostname R2624-2 R2624-2(con)#int f0

R2624-2(con-if)#ip address 192.168.20.4 255.255.255.0

R2624-2(con-if)#no shutdown R2624-2(con-if)# exit R2624-2(con)#int f1

R2624-2(con-if)#ip address 192.168.10.4 255.255.255.0

R2624-2(con-if)#no shutdown R2624-2(config-if)# exit R2624-2(con)#int loopback 2 R2624-2(con-if)#ip address 10.10.10.10 255.255.255.0

R2624-2(config-if)# exit

R2624-2(con)#router ospf 100

R2624-2(con-route)#network 192.168.10.0 0.0.0.255 area 0

R2624-2(con-route)#network 192.168.20.0 0.0.0.255 area 0

R2624-2(con-route)#network 10.10.10.0 0.0.0.255 area 0

实验四：mstp&gvrp 1.S3550-1配置 switch>en 14

switch# configure terminal

switch(config)#hostname S3550－1 S3550－1(con)#vlan 10 S3550－1(config-vlan)#exit S3550－1(con)#vlan 20 S3550－1(config-vlan)#exit S3550－1(con)#vlan 30 S3550－1(config-vlan)#exit

S3550－1(con)#int range fa 0/1-5

S3550－1(con-if)#switchport access vlan 10 S3550－1(con-if)#exit

S3550－1(con)#int range fa 0/6-10

S3550－1(con-if)#switchport access vlan 20 S3550－1(con-if)#exit

S3550－1(con)#int range fa 0/11-15

S3550－1(con-if)#switchport access vlan 30 S3550－1(con-if)#exit

S3550－1(con)#int range fa 0/21-24

S3550－1(con-if)#switchport mode trunk S3550－1(con-if)#exit

1.开启生成树协议

S3550－1(config)#spanning-tree

S3550－1(config)#spanning-tree mode mstp

2、配置MSTP域

S3550－1(config)#spanning-tree mst configure

S3550－1(config-mst)#instance 1 vlan 10

S2126-1(config)#spanning-tree mode mstp S3550－1(config-mst)#instance 2 vlan 20

S3550－1(config-mst)#instance 3 vlan 30

S3550－1(config-mst)#name abc 2、配置MSTP域

S3550－1(config-mst)# revision 1

S3550－1(config)#spanning-tree mst 1

priority 4096 S3550－1(config)#spanning-tree mst 2

priority 32768 S3550－1(config)#spanning-tree mst 3

priority 61440 show spanning-tree show spanning-tree mst mst-number(1/2/3) show spanning-tree interface 端口编号

(21/22) 连通性测试完成后手工拔掉某条链路，然后

查看丢包情况和恢复收包的情况

2.S2126-1配置 switch>en 14 switch# configure terminal switch(config)#hostname S2126-1 S2126-1(con)#vlan 10 S2126-1(config-vlan)#exit S2126-1(con)#vlan 20 S2126-1(config-vlan)#exit S2126-1(con)#vlan 30 S2126-1(config-vlan)#exit S2126-1(con)#int range fa 0/1-5 S2126-1(con-if)#switchport access vlan 10 S2126-1(con-if)#exit S2126-1(con)#int range fa 0/6-10 S2126-1(con-if)#switchport access vlan 20 S2126-1(con-if)#exit S2126-1(con)#int range fa 0/11-15 S2126-1(con-if)#switchport access vlan 30 S2126-1(con-if)#exit S2126-1(con)#int range fa 0/21-24 S2126-1(con-if)#switchport mode trunk S2126-1(con-if)#exit 1.开启生成树协议

S2126-1(config)#spanning-tree S2126-1(config)#spanning-tree mst configure S2126-1(config-mst)#instance 1 vlan 10 S2126-1(config-mst)#instance 2 vlan 20

S2126-1(config-mst)#instance 3 vlan 30 S2126-1 (config-mst)#name abc

S2126-1 (config-mst)# revision 1 S2126-1(config)#spanning-tree mst 1 priority 61440 S2126-1(config)#spanning-tree mst 2 priority 4096 S2126-1(config)#spanning-tree mst 3 priority 32768

show spanning-tree

show spanning-tree mst mst-number(1/2/3) show spanning-tree interface 端口编号(21/23) 连通性测试完成后手工拔掉某条链路，然后查看丢包情况和恢复收包的情况 3.S2126-2配置 switch>en 14 switch# configure terminal switch(config)#hostname S2126-2 S2126-2(con)#vlan 10 S2126-2(config-vlan)#exit S2126-2(con)#vlan 20 S2126-2(config-vlan)#exit S2126-2(con)#vlan 30 S2126-2(config-vlan)#exit S2126-2(con)#int range fa 0/1-5 S2126-2(con-if)#switchport access vlan 10 S2126-2(con-if)#exit S2126-2(con)#int range fa 0/6-10 S2126-2(con-if)#switchport access vlan 20 S2126-2(con-if)#exit S2126-2(con)#int range fa 0/11-15 S2126-2(con-if)#switchport access vlan 30 S2126-2(con-if)#exit

S2126-2(con)#int range fa 0/21-24 S2126-2(con-if)#switchport mode trunk

S2126-2(con-if)#exit

1.开启生成树协议

S2126-2(config)#spanning-tree

S2126-2(config)#spanning-tree mode mstp

2、配置MSTP域

S2126-2(config)#spanning-tree mst configuration

S2126-2(config-mst)#instance 1 vlan 10 S2126-2(config-mst)#instance 2 vlan 20 S2126-2(config-mst)#instance 3 vlan 30

S2126-2 (config-mst)#name abc S2126-2 (config-mst)# revision 1

S2126-2(config)#spanning-tree mst 1 priority 32768

S2126-2(config)#spanning-tree mst 2 priority 61440

S2126-2(config)#spanning-tree mst 3 priority 4096

show spanning-tree show spanning-tree mst 1 mst-number(1/2/3)

show spanning-tree interface 端口编号(22/23)

连通性测试完成后手工拔掉某条链路，然后查看丢包情况和恢复收包的情况。

在配置VLAN 前，必须注意以下事项：一个链接两端的交换机都应启动GVRP，GVRP 信息只在Trunk 上传播，端口状态为forwarding 的端口才会参与GVRP 的运行。

所有由GVRP 添加的VLAN Port 都是Tagged Port。

所有由GVRP 动态学习的VLAN 信息都未保存在系统中，当交换机复位时，这些信息全部丢失。由GVRP 创建的动态VLAN 的参数不能修改。

网络中所有需要交换GVRP 信息的设备的GVRP Timers（Join，Leave，Leaveall）必须保持一致。全局状态下启动GVRP Switch # configure

Switch(config)# gvrp enable 控制动态VLAN 的创建 Switch # configure

Switch(config)# gvrp dymanic-vlan-creation enable

配置端口的登记模式 Switch # configure

Switch(config)# interface fastetherenet 0/1 Switch(config-if)#gvrp registration mode {normal | disable}

配置端口的通告模式 Switch # configure

Switch(config)# interface fastethernet 0/1

Switch(config-if)# gvrp applicant state {normal | no-applicant}

配置计时器

Switch#configure terminal

Switch(config)#gvrp timer {join|leave|leaveall} time_value

配置有效粒度 10ms 默认配置

Join timer 200ms Leave timer 600ms Leaveall timer 1000ms

查看GVRP的配置信息

Switch#show gvrp configuration

查看GVRP的运行状态 switch#show gvrp status

查看GVRP的端口统计信息

Switch#show gvrp statistics { interface-id | all}

GVRP实验把23－23线拔掉

1.S2126－1

Switch # configure terminal Switch(config)# gvrp enable Switch # configure terminal

Switch(config)# interface fastetherenet 0/21 Switch(config-if)#gvrp registration mode normal

Switch(config-if)# gvrp applicant state normal Switch(config-if)# switchport trunk allowed vlan add 10,20,30

Switch#show gvrp configuration switch#show gvrp status

Switch#show gvrp statistics 21

2.S3550-2

Switch # configure terminal Switch(config)# gvrp enable Switch # configure terminal

Switch(config)# interface fastetherenet 0/21 Switch(config-if)#gvrp registration mode normal

Switch(config-if)# gvrp applicant state normal Switch(config-if)# switchport trunk allowed vlan add 10,20,30

Switch(config-if)# exit

Switch(config)# interface fastetherenet 0/22 Switch(config-if)#gvrp registration mode normal

Switch(config-if)# gvrp applicant state normal

Switch#show gvrp configuration switch#show gvrp status

Switch#show gvrp statistics 21/22

3.S2126-2

Switch # configure terminal Switch(config)# gvrp enable Switch # configure terminal

Switch(config)# interface fastetherenet 0/22 Switch(config-if)#gvrp registration mode normal

Switch(config-if)# gvrp applicant state normal Switch#show gvrp configuration switch#show gvrp status

Switch#show gvrp statistics 22

-----------------------------------------------------------------

Step 4

switchport trunk allowed vlan {add | all | except | remove} vlan-list

(可选) 配置trunk允许的VLAN.

使用add, all, except, remove关健字

(config-if)#switchport trunk allowed vlan add 5,8,10

回到允许所有VLAN通过时, 可用no switchport trunk allowed vlan 端口配置命令.

举例如下:

Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport trunk allowed vlan remove 2

Switch(config-if)# end

实验五：ACL

IP ACL实验一编号的标准访问控制列表 1.R2624-1配置： Red-Giant>enable

Red-Giant#configure terminal

Red-Giant(config)#hostname R2624-1 R2624-1(con)#int f0

R2624-1(con-if)#ip address 192.168.10.1 255.255.255.0

R2624-1(con-if)#no shutdown R2624-1(config-if)# exit R2624-1(con)#int f1

R2624-1(con-if)#ip address 192.168.20.1 255.255.255.0

R2624-1(con-if)#no shutdown R2624-1(con-if)# exit

R2624-1(con)#int f2

R2624-1(con-if)#ip address 192.168.30.1 255.255.255.0

R2624-1(con-if)#no shutdown R2624-1(config-if)# exit R2624-1(con)#int loopback 1

R2624-1(con-if)#ip address 192.168.1.1 255.255.255.0

R2624-1(config-if)# exit

R2624-1(config)# router ospf 100 R2624-1(config-router)# network 192.168.10.0 0.0.0.255 area 0 R2624-1(config-router)# network 192.168.20.0 0.0.0.255 area 0 R2624-1(config-router)# network 192.168.30.0 0.0.0.255 area 0

R2624-1(config-router)# network 192.168.1.0 0.0.0.255 area 0

R2624-1(config-router)# exit

R2624-1(con)#access-list 1 permit 192.168.10.0 0.0.0.255

R2624-1(con)#access-list 1 deny 192.168.20.0 0.0.0.255

R2624-1(con)#int f2

R2624-1(config-if)#ip access-group 1 out

验证：

显示全部的访问列表 Router#show access-lists 显示指定的访问列表

Router#show access-lists <1-199> 显示接口的访问列表应用

Router#show ip interface <接口名称> <接口编号>

IP ACL实验二编号的扩展访问控制列表 1.S3550-1配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-1 S3550-1(con)#vlan 5 S3550-1(config-vlan)#exit S3550-1(con)#vlan 6

S3550-1(config-vlan)#exit

S3550-1(con)#int range fa 0/1-5

S3550-1(con-if)#switchport access vlan 5 S3550-1(con-if)#exit

S3550-1(con)#int range fa 0/6-10

S3550-1(con-if)#switchport access vlan 6 S3550-1(con-if)#exit S3550-1(con)#int vlan 5

S3550-1(con-if)#ip address 192.168.1.1 255.255.0.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

S3550-1(con)#int vlan 6

S3550-1(con-if)#ip address 172.16.10.1 255.255.255.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

配置ospf路由协议： S3550-1(con)#router ospf S3550-1(con-route)#network 172.16.10.0 0.0.0.255 area 0

S3550-1(con-route)#network 192.168.0.0 0.0.255.255 area 0 S3550-1(con-if)#exit

S3550-1(con)#access-list 101 permit tcp 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255 eq ftp

S3550-1(con-if)#exit S3550-1(con)#int vlan 5

S3550-1(con-if)#ip access-group 101 in

验证：

显示全部的访问列表 Router#show access-lists 显示指定的访问列表

Router#show access-lists <1-199> 显示接口的访问列表应用

Router#show ip interface <接口名称> <接口编号>

IP ACL实验三命名的标准访问控制列表 1.S3550-2配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-2 S3550-2(con)#vlan 10 S3550-2(config-vlan)#exit S3550-2(con)#vlan 20 S3550-2(config-vlan)#exit S3550-2(con)#vlan 30 S3550-2(config-vlan)#exit

S3550-2(con)#int range fa 0/1-5

S3550-2(con-if)#switchport access vlan 10 S3550-2(con-if)#exit

S3550-2(con)#int range fa 0/6-10

S3550-2(con-if)#switchport access vlan 20 S3550-2(con-if)#exit

S3550-2(con)#int range fa 0/11-15

S3550-2(con-if)#switchport access vlan 30 S3550-2(con-if)#exit S3550-2(con)#int vlan 10

S3550-2(con-if)#ip address 192.168.10.1 255.255.255.0

S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

S3550-2(con)#int vlan 20

S3550-2(con-if)#ip address 192.168.20.1 255.255.255.0

S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

S3550-2(con)#int vlan 30

S3550-2(con-if)#ip address 192.168.30.1 255.255.255.0

S3550-2(con-if)#no shutdown S3550-2(con-if)#exit

配置ospf路由协议： S3550-2(con)#router ospf S3550-2(con-route)#network 192.168.10.0 0.0.0.255 area 0

S3550-2(con-route)#network 192.168.20.0 0.0.0.255 area 0 S3550-2(con-route)#network 192.168.30.0 0.0.0.255 area 0

S3550-2(con)#ip access-list standard test1 ............#permit 192.168.10.0 0.0.0.255

S3550-2(con)#ip access-list standard test2 ............#deny 192.168.10.0 0.0.0.255 ............#permit ip any any

S3550-2(con)#int vlan 30

S3550-2(con-if)#ip access-group test1 out S3550-2(con)#int vlan 20

S3550-2(con-if)#ip access-group test2 out

验证：

显示全部的访问列表 Router#show access-lists 显示指定的访问列表

Router#show access-lists <1-199> 显示接口的访问列表应用

Router#show ip interface <接口名称> <接口编号>

IP ACL实验四命名的扩展访问控制列表 1.S3550-1配置： switch>en 14

switch# configure terminal

switch(config)#hostname S3550-1 S3550-1(con)#vlan 5

S3550-1(config-vlan)#exit S3550-1(con)#vlan 6

S3550-1(config-vlan)#exit

S3550-1(con)#int range fa 0/1-5

S3550-1(con-if)#switchport access vlan 5 S3550-1(con-if)#exit

S3550-1(con)#int range fa 0/6-10

S3550-1(con-if)#switchport access vlan 6 S3550-1(con-if)#exit S3550-1(con)#int vlan 5

S3550-1(con-if)#ip address 192.168.1.1 255.255.0.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

S3550-1(con)#int vlan 6

S3550-1(con-if)#ip address 172.16.10.1 255.255.255.0

S3550-1(con-if)#no shutdown S3550-1(con-if)#exit

配置ospf路由协议： S3550-1(con)#router ospf S3550-1(con-route)#network 172.16.10.0 0.0.0.255 area 0

S3550-1(con-route)#network 192.168.0.0 0.0.255.255 area 0 S3550-1(con-if)#exit

S3550-1(con)#ip access-list extended test S3550-1(con)#permit tcp 192.168.0.0 0.0.255.255 172.16.10.0 0.0.0.255 eq ftp S3550-1(con-if)#exit S3550-1(con)#int vlan 5

S3550-1(con-if)#ip access-group test in

验证：

显示全部的访问列表 Router#show access-lists 显示指定的访问列表

Router#show access-lists <1-199> 显示接口的访问列表应用

Router#show ip interface <接口名称> <接口编号>

实验六：NAT Nat实验一：

1． R2620-1的配置： router>en

router#hostname R2620-1 R2620-1#conf ter R2620-1(conf)#int s1

R2620-1(conf-if)#ip address 192.168.10.2 255.255.255.0

R2620-1(conf-if)#clock rate 000 R2620-1(conf-if)#no shutdown R2620-1(conf-if)#exit R2620-1(conf)#loopback 2 R2620-1(conf-if)#ip address 20.20.20.20 255.255.255.0

R2620-1(conf)#exit

R2620-1(conf)#router rip

R2620-1(conf-router)#network 192.168.10.0 R2620-1(conf-router)#network 20.20.20.0 R2620-1(conf-router)#version 2

2. R2624-1的配置 Router>en router#conf ter

router(conf)#hostname R2624-1

R2624-1(conf)#int s0

R2624-1(conf-if)#ip address 192.168.10.1 255.255.255.0

R2624-1(conf-if)#no shutdown R2624-1(conf-if)#ip nat outside R2624-1(conf-if)#exit

R2624-1(conf)#int f0

R2624-1(conf-if)#ip address 192.168.100.1 255.255.255.0

R2624-1(conf-if)#no shutdown R2624-1(conf-if)#ip nat inside R2624-1(conf-if)#exit

R2624-1(conf)#loopback 1

R2624-1(conf-if)#ip address 10.10.10.10 255.255.255.0

R2624-1(conf-if)#exit

R2624-1(conf)#ip nat pool net1 200.168.10.1 200.168.10.30 netmask 255.255.255.0 R2624-1(conf)#access-list 1 permit 192.168.100.0 0.0.0.255

R2624-1(conf)#ip nat inside sourcelist 1 pool net1

R2624-1(conf)#router rip

R2624-1(conf-router)#network 192.168.100.0 255.255.255.0

R2624-1(conf-router)#network 192.168.10.0

255.255.255.0

R2624-1(conf-router)#network 10.10.10.0 255.255.255.0

R2624-1(conf-router)#version 2

Nat实验二：

1.R2620-1的配置： router>en

router#hostname R2620-1 R2620-1#conf ter

R2620-1(conf)#int s1

R2620-1(conf-if)#ip address 192.168.10.2 255.255.255.0

R2620-1(conf-if)#clock rate 000 R2620-1(conf-if)#no shutdown R2620-1(conf-if)#exit R2620-1(conf)#loopback 2

R2620-1(conf-if)#ip address 20.20.20.20 255.255.255.0

R2620-1(conf)#exit R2620-1(conf)#int f0 R2620-1(conf-if)#ip address 222.1.1.0 255.255.255.0

R2620-1(conf-if)#no shutdown R2620-1(conf-if)#exit

R2620-1(conf)#router rip

R2620-1(conf-router)#network 192.168.10.0 R2620-1(conf-router)#network 222.1.1.0 R2620-1(conf-router)#network 20.20.20.0 R2620-1(conf-router)#version 2

2. R2624-1的配置 Router>en router#conf ter

router(conf)#hostname R2624-1

R2624-1(conf)#int s0

R2624-1(conf-if)#ip address 192.168.10.1 255.255.255.0

R2624-1(conf-if)#no shutdown R2624-1(conf-if)#ip nat outside R2624-1(conf-if)#exit

R2624-1(conf)#int f0 R2624-1(conf-if)#ip address 10.1.1.2 255.255.255.0

R2624-1(conf-if)#no shutdown R2624-1(conf-if)#ip nat inside R2624-1(conf-if)#exit

R2624-1(conf)#loopback 1

R2624-1(conf-if)#ip address 10.10.10.10 255.255.255.0

R2624-1(conf-if)#exit

R2624-1(conf)#ip nat pool net1 200.168.10.1 200.168.10.1 netmask 255.255.255.0

R2624-1(conf)#ip nat pool net2 11.1.1.1 11.1.1.1 netmask 255.255.255.0

R2624-1(conf)#access-list 1 permit 222.1.1.0 0.0.0.255

R2624-1(conf)#access-list 2 permit 10.1.1.0 0.0.0.255

R2624-1(conf)#ip nat outside sourcelist 1 pool net1

R2624-1(conf)#ip nat inside sourcelist 2 pool net2

R2624-1(conf)#router rip

R2624-1(conf-router)#network 10.1.1.0

R2624-1(conf-router)#network 192.168.10.0 R2624-1(conf-router)#network 10.10.10.0 R2624-1(conf-router)#version 2

Nat实验三：

1. R2620—1的配置： router>en

router#hostname R2620-1 R2620-1#conf ter

R2620-1(conf)#int s0

R2620-1(conf-if)#ip address 192.168.10.2 255.255.255.0

R2620-1(conf-if)#no shutdown R2620-1(conf-if)#exit

R2620-1(conf)#int f0

R2620-1(conf-if)#ip address 192.168.30.1 255.255.255.0

R2620-1(conf-if)#no shutdown R2620-1(conf-if)#exit

R2620-1(conf)#ip route 192.168.20.0 255.255.255.0 192.168.10.1

2. R2624—2的配置： Router>en router#conf ter

router(conf)#hostname R2624-2

R2624-2(conf)#int s1

R2624-2(conf-if)#ip address 192.168.10.1 255.255.255.0

R2624-2(conf-if)#clock rate 000 R2624-2(conf-if)#no shutdown R2624-2(conf-if)#ip nat outside R2624-2(conf-if)#exit

R2624-2conf)#int f0

R2624-2(conf-if)#ip address 192.168.20.1 255.255.255.0

R2624-2(conf-if)#no shutdown R2624-2(conf-if)#ip nat inside R2624-2(conf-if)#exit

R2624-2(conf)#ip nat pool net1 192.168.20.3 192.168.20.4 netmask 255.255.255.0 type rotary

R2624-2(conf)#access-list 1 permit 192.168.20.2 0.0.0.255

R2624-2(conf)#ip nat inside source list 1 pool net1

R2624-2(conf)#ip route 192.168.30.0 255.255.255.0 192.168.10.2

拓扑图：实验六：

拓扑图：实验一：

实验四：

实验二：

实验五：

实验三：

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文