计网实验通关教程

发表于 2025-06-16 分类于计网实验阅读次数：评论：阅读次数：本文字数： 5.2k 阅读时长 ≈ 9 分钟

老师我想要110分/doge

Router 0单臂路由

配置Router 0

enable
configure terminal
interface Fa0/0.1
encapsulation dot 344
ip address 172.16.44.254 255.255.255.0

interface Fa0/0.2
encapsulation dot 343
ip address 172.16.43.254 255.255.255.0
interface Fa0/0


no shutdown

配置L2-Switch0

enable
configure terminal
vlan 343
name VLAN343
vlan 344
name VLAN344
exit
interface range f0/1-2
switchport mode access
switchport access vlan 343
interface range f0/4
switchport mode access
switchport access vlan 344
end
interface range f0/3
switchport mode trunk
show vlan brief

出口路由Router 2单臂路由

配置Router 2

en
conf t
int Fa0/0.1 
encapsulation dot 349
ip address 172.16.48.254 255.255.255.0
int Fa0/0.2
encapsulation dot 350
ip address 172.16.49.254 255.255.255.0

no shutdown

配置L2-Switch1

enable
configure terminal
vlan 349
name VLAN349
vlan 350
name VLAN350
exit
interface range f0/2
switchport mode access
switchport access vlan 349
interface range f0/3
switchport mode access
switchport access vlan 350
interface range f0/1
switchport mode trunk
end
show vlan brief

路由链路打通

路由Router 0

en
conf t
int Fa0/1 
ip address 172.16.48.253 255.255.255.0

三层交换机L3-Switch 0

en
configure terminal
vlan 345
exit
vlan 346
exit
interface fastEthernet 0/2
switchport trunk encapsulation dot1q
switchport mode trunk
interface vlan 345
ip address 172.16.45.254 255.255.255.0
no shutdown
exit
interface vlan 346
ip address 172.16.46.254 255.255.255.0
no shutdown
exit

!创建虚拟接口
vlan 347
exit
vlan 348
exit
interface vlan 347
ip address 172.16.49.253 255.255.255.0
no shutdown
interface vlan 348
ip address 172.16.50.254 255.255.255.0
no shutdown
exit

interface fastEthernet 0/1
switchport mode access
switchport access vlan 347
exit
interface fastEthernet 0/3
switchport mode access
switchport access vlan 348
exit
ip routing

链路聚合

en
configure terminal
interface port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all
no shutdown
exit
interface fastEthernet 0/4
channel-group 1 mode on
exit
interface fastEthernet 0/5
channel-group 1 mode on
exit
end
show etherchannel summary

配置L2-Switch2

en
configure terminal
interface port-channel 1
switchport mode trunk 
switchport trunk allowed vlan all
no shutdown 
exit
interface fastEthernet 0/4
channel-group 1 mode on
exit
interface fastEthernet 0/5
channel-group 1 mode on
exit

int Fa0/1
switchport mode access
switchport access vlan 345
exit
int Fa0/2
switchport mode access
switchport access vlan 346
exit

路由Router 1

en
conf t
int Fa0/0 
ip address 172.16.50.253 255.255.255.0
int Fa0/1 
ip address 172.16.47.254 255.255.255.0

配置路由协议

静态路由配置

手动配置

RIP区域

路由Router1

enable
configure terminal
router rip
no auto-summary
version 2
network 172.16.47.0 netmask 255.255.255.0
network 172.16.50.0 netmask 255.255.255.0

三层交换机

enable
configure terminal
router rip
no auto-summary
version 2
network 172.16.45.0
network 172.16.46.0
network 172.16.49.0
network 172.16.50.0

出口路由Router2

enable
configure terminal
router rip
no auto-summary
version 2
network 172.16.49.0

OSPF区域

出口路由Router2

enable
configure terminal
router ospf 1
network 172.16.48.0 0.0.0.255 area 0

router rip
version 2
no auto-summary
redistribute ospf 1 metric 10
exit

路由Router0

enable
configure terminal
router ospf 1
network 172.16.43.0 0.0.0.255 area 0
network 172.16.44.0 0.0.0.255 area 0
network 172.16.48.0 0.0.0.255 area 0

DHCP服务器

设置Pool

!设置地址池

service dhcp 
ip dhcp pool pool343
network 172.16.43.0 255.255.255.0 
default-router 172.16.43.254
dns-server 172.16.47.201 !注意修改

中继配置

设置直接相连的服务器

三层交换机

en
conf t
int vlan346
ip helper-address 172.16.47.201
ex

路由器Router0

en
conf t
int Fa0/0.1
ip helper-address 172.16.47.201
ex
int Fa0/0.2
ip helper-address 172.16.47.201

设置外网

出口路由Router2

en
conf t
int Se1/0
ip address 40.40.43.254 255.255.255.0

公网路由Router3

en
conf t
int Se1/0
ip address 40.40.43.253 255.255.255.0
int Fa0/1
ip address 40.40.44.254 255.255.255.0

设置外网路由OSPF

出口路由Router2

en
configure terminal
router ospf 2
network 40.40.43.0 0.0.0.255 area 0

公网路由Router3

en
configure terminal
router ospf 2
network 40.40.43.0 0.0.0.255 area 0
network 40.40.44.0 0.0.0.255 area 0

NAPT

configure terminal
interface Fa0/0.1
ip nat inside
interface Fa0/0.2
ip nat inside
interface se1/0
ip nat outside
exit
ip nat pool napt-pool 40.40.43.1 40.40.43.100 netmask 255.255.255.0

access-list 1 permit 172.16.43.0 0.0.0.255
access-list 1 permit 172.16.44.0 0.0.0.255
access-list 1 permit 172.16.45.0 0.0.0.255
access-list 1 permit 172.16.46.0 0.0.0.255
access-list 1 permit 172.16.47.0 0.0.0.255

ip nat inside source list 1 pool napt-pool overload
exit

show ip nat translations

NAT

1
2
3

configure terminal
ip nat inside source static 172.16.47.201  40.40.43.101
end

ACL

access-list 100 deny tcp 192.168.0.0 0.0.0.255 host 192.168.1.2 eq 80 !拒绝网络内所有主机访问web服务
access-list 100 deny tcp host 192.168.0.1 host 192.168.1.2 eq 20 
access-list 100 deny tcp host 192.168.0.1 host 192.168.1.2 eq 21 
！拒绝部门 A 的 PC0（192.168.0.1）访问部门 B Server0 的 FTP 服务（20、21）
access-list 100 deny ip host 192.168.0.2 host 192.168.1.1 ！拒绝部门 A 的 PC1（192.168.0.2）与部门 B 的 PC2（192.168.1.1）通信

access-list 100 deny icmp 192.168.0.0 0.0.0.255 host 10.0.0.2 ！拒绝部门 A（192.168.0.0/24）PING 路由器 Router1（假设 Router1 被 PING 的接口 IP 为 10.0.0.2 ）
access-list 100 permit ip any any ！允许所有其他流量通过
——————————————————————————————————————————————————————————————————————

configure terminal

access-list 100 deny tcp host 172.16.43.1 host 40.40.43.200 eq 80 !
interface Se1/0
ip access-group 100 in
end

show access-lists

telnet

对Router3和交换机配置如下

enable password 123
line vty 0 4
login
password 123456

在主机命令行中验证是否配置成功

1 2	telnet 172.16.49.254 !出口路由接口 123456