做网站是什么鬼,网站 刷流量,网站建设要提供营业执照,抚州网络推广三、实验一相关知识点
1#xff0c;实验#xff1a;NAT 综合实验
2#xff0c;拓扑#xff1a; 3#xff0c;需求:
1#xff09;#xff0c;实现VLAN20 的除了20这台主机以外所有主机上网访问外网 2#xff09;#xff0c;实现VLAN30 的主机为奇数电脑上网 3#…三、实验一相关知识点
1实验NAT 综合实验
2拓扑 3需求:
1实现VLAN20 的除了20这台主机以外所有主机上网访问外网 2实现VLAN30 的主机为奇数电脑上网 3实现内网VLAN10 的内网服务器 可以被外网client1 访问,公有地址为200.1.1.10 4访问外网要求使用最节省IP地址的方案
4, 配置思路
1配置终端信息
2配置二层交换
-创建VLAN
-配置access
3配置路由器
-配置基本IP地址
-配置路由-静态路由
4配置NAT 设备
-实现内网访问外网
-easyIP
-实现外网访问内网
-nat server 200.1.1.10
5验证测试
5配置步骤
[sw1]vlan batch 10 20 30 100
[sw1]dis vlan
[sw1]interface g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 10
[sw1-GigabitEthernet0/0/1]q
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access
[sw1-GigabitEthernet0/0/4]port default vlan 20
[sw1-GigabitEthernet0/0/4]q
[sw1]int g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1-GigabitEthernet0/0/2]port default vlan 30
[sw1-GigabitEthernet0/0/2]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link-type access
[sw1-GigabitEthernet0/0/3]port default vlan 100
[sw1-GigabitEthernet0/0/3]q
[sw1]interface Vlanif 10
[sw1-Vlanif10]ip add 192.168.10.254 24
[sw1-Vlanif10]q
[sw1]interface Vlanif 20
[sw1-Vlanif20]ip add 192.168.20.254 24
[sw1-Vlanif20]q
[sw1]int Vlanif 30
[sw1-Vlanif30]ip add 192.168.30.254 24
[sw1-Vlanif30]q
[sw1]int Vlanif 100
[sw1-Vlanif100]ip add 192.168.100.2 24
[sw1-Vlanif100]q
[sw1]dis ip int brief [sw1]ip route-static 0.0.0.0 0 192.168.100.1
[NAT]ip route-static 0.0.0.0 0 200.1.1.2
[NAT]ip route-static 192.168.10.0 24 192.168.100.2
[NAT]ip route-static 192.168.20.0 24 192.168.100.2
[NAT]ip route-static 192.168.30.0 24 192.168.100.2
通配符 0表示严格检查、匹配
1表示任意匹配忽略检查
192.168.30.0 段 匹配奇数 —最后一位为1 指的是主机位我只检查最后 一位即可最有一位用0匹配。前面几位用1匹配 192.168.30.1 192.168.30. 0000000 1
192.168.30.3 192.168.30. 0000001 1 192.168.30.5 192.168.30.0000010 1
192.168.30.7 192.168. 30.0000011 1
192.168.30.9 192.168.30 .0000100 1 0.0.0.11111110 0.0.0.254
192.168.30.1 0.0.0.254
[NAT]acl 2000
[NAT-acl-basic-2000]rule deny source 192.168.20.20 0.0.0.0
[NAT-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[NAT-acl-basic-2000]rule permit source 192.168.30.1 0.0.0.254
[NAT-acl-basic-2000]rule permit source any //不可以配置否则偶数也放行啦
[NAT]int g0/0/1
[NAT-GigabitEthernet0/0/1]nat outbound 2000
[NAT]acl 2000
[NAT-acl-basic-2000]rule deny source any
[NAT-acl-basic-2000]dis th
rule 5 deny source 192.168.20.20 0
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.30.1 0.0.0.254
rule 20 permit
rule 25 deny
[NAT-acl-basic-2000]undo rule 20
[NAT-acl-basic-2000]dis th
rule 5 deny source 192.168.20.20 0
rule 10 permit source 192.168.20.0 0.0.0.255
rule 15 permit source 192.168.30.1 0.0.0.254
rule 25 deny
验证 在客户端 更改 奇数偶数地址 进行验证。 实验一阶段最终测试VLAN 三层交换链路聚合MSTPACLNAT静态路由DHCPTelnet
1需求
1实现VLAN20 的除了20这台主机以外所有主机上网访问外网 2实现VLAN30 的主机为奇数电脑上网 3实现内网VLAN10 的内网服务器 可以被外网client1 访问,公有地址为200.1.1.10 4访问外网要求使用最节省IP地址的方案 5在SW1和SW2 完成增强带宽的操作 同时在SW3和SW1上 也完成增强链路带宽的操作尽量节省成本 6实现内网的终端在进行数据通信的时候要求走最优的路径 7内网各个网段的主机通过DHCP服务器自动获取IP地址信息将保留的地址进行排除 8, 在ISP 上实现远程登录内网SW1 的Telnet服务
2拓扑
3配置思路
1配置终端信息 10
2配置二层交换 10
-创建VLAN
-配置access
-配置trunk
-配置链路聚合 10
-配置MSTP 10
3配置路由器 10
-配置基本IP地址
-配置路由-静态路由
4配置NAT 设备
-实现内网访问外网 10
-easyIP
-实现外网访问内网
-nat server 200.1.1.10
WEB 10
TELNET 10
5配置DHCP服务器 20
6验证测试
4配置步骤
1创建VLAN
[SW1]vlan batch 10 20 30 100
[SW2]vlan batch 10 20 30 100
[sw3]vlan batch 10 20 30 100
2配置access
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 100
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 10
[sw3]int g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access
[sw3-GigabitEthernet0/0/1]port default vlan 20
[sw3-GigabitEthernet0/0/1]q
[sw3]int g0/0/4
[sw3-GigabitEthernet0/0/4]port link-type access
[sw3-GigabitEthernet0/0/4]port default vlan 30
3配置链路聚合trunk
[SW1]interface Eth-Trunk 1
[SW1-Eth-Trunk1]mode lacp-static
[SW1-Eth-Trunk1]trunkport g0/0/1
[SW1-Eth-Trunk1]trunkport g0/0/5
[SW1-Eth-Trunk1]port link-type trunk
[SW1-Eth-Trunk1]port trunk allow-pass vlan all
[SW1-Eth-Trunk1]q
[SW1]interface Eth-Trunk 2
[SW1-Eth-Trunk2]mode lacp-static
[SW1-Eth-Trunk2]trunkport g0/0/2
[SW1-Eth-Trunk2]trunkport g0/0/6
[SW1-Eth-Trunk2]p l t
[SW1-Eth-Trunk2]p t a v a
[SW2]int Eth-Trunk 1
[SW2-Eth-Trunk1]mode lacp-static
[SW2-Eth-Trunk1]trunkport g0/0/1
[SW2-Eth-Trunk1]trunkport g0/0/5
[SW2-Eth-Trunk1]port l t
[SW2-Eth-Trunk1]p t a v a
[SW2-Eth-Trunk1]q
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]p l t
[SW2-GigabitEthernet0/0/3]p t a v a
[sw3]int Eth-Trunk 2
[sw3-Eth-Trunk2]mode lacp-static
[sw3-Eth-Trunk2]trunkport g0/0/2
[sw3-Eth-Trunk2]trunkport g0/0/6
[sw3-Eth-Trunk2]p l t
[sw3-Eth-Trunk2]p t a v a
[sw3-Eth-Trunk2]q
[sw3]int g0/0/3
[sw3-GigabitEthernet0/0/3]p l t
[sw3-GigabitEthernet0/0/3]p t a v a
4配置MSTP SW1/SW2/SW3
stp region-configuration
region-name HCIP
instance 1 vlan 10
instance 2 vlan 20 30
active region-configuration
[SW2]stp instance 1 priority 4096
[sw3]stp instance 2 priority 4096
5配置路由器IP地址 、静态路由
[SW1]interface Vlanif 10
[SW1-Vlanif10]ip add 192.168.10.254 24
[SW1-Vlanif10]q
[SW1]interface Vlanif 20
[SW1-Vlanif20]ip add 192.168.20.254 24
[SW1-Vlanif20]q
[SW1]int Vlanif 30
[SW1-Vlanif30]ip add 192.168.30.254 24
[SW1-Vlanif30]q
[SW1]int Vlanif 100
[SW1-Vlanif100]ip add 192.168.100.2 24
[SW1-Vlanif100]q
[SW1]ip route-static 0.0.0.0 0 192.168.100.1
[NAT]int g0/0/0
[NAT-GigabitEthernet0/0/0]ip add 192.168.100.1 24
[NAT-GigabitEthernet0/0/0]q
[NAT]int g0/0/1
[NAT-GigabitEthernet0/0/1]ip add 200.1.1.1 24
[NAT-GigabitEthernet0/0/1]q
[NAT]ip route-static 0.0.0.0 0 200.1.1.2
[NAT]ip route-static 192.168.10.0 24 192.168.100.2
[NAT]ip route-static 192.168.20.0 24 192.168.100.2
[NAT]ip route-static 192.168.30.0 24 192.168.100.2
6配置easyIP
[NAT]acl 2000
[NAT-acl-basic-2000]rule deny source 192.168.20.20 0
[NAT-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255
[NAT-acl-basic-2000]rule permit source 192.168.30.1 0.0.0.254
[NAT-acl-basic-2000]q
[NAT]int g0/0/1
[NAT-GigabitEthernet0/0/1]nat outbound 2000
7)配置NAT SERVER
[SW1]telnet server enable
[SW1]user-interface vty 0 4
[SW1-ui-vty0-4]authentication-mode aaa
[SW1-ui-vty0-4]protocol inbound all
[SW1-ui-vty0-4]q
[SW1]aaa
[SW1-aaa]local-user wy password cipher suibian
[SW1-aaa]local-user wy service-type telnet
[SW1-aaa]local-user wy privilege level 15
[NAT]int g0/0/1
[NAT-GigabitEthernet0/0/1]nat outbound 2000
[NAT-GigabitEthernet0/0/1]nat server protocol tcp global 200.1.1.10 80 inside 192.168.10.1 80
[NAT-GigabitEthernet0/0/1]nat server protocol tcp global 200.1.1.10 23 inside 192.168.100.2 23
8配置DHCP服务器
[SW1]dhcp enable
[SW1]ip pool vlan10
[SW1-ip-pool-vlan10]network 192.168.10.0 mask 24
[SW1-ip-pool-vlan10]gateway-list 192.168.10.254
[SW1-ip-pool-vlan10]dns-list 1.1.1.1
[SW1-ip-pool-vlan10]lease day 10
[SW1-ip-pool-vlan10]q
[SW1]interface Vlanif 10
[SW1-Vlanif10]dhcp select global
[SW1-Vlanif10]q
[SW1]ip pool vlan20
[SW1-ip-pool-vlan20]network 192.168.20.0 mask 24
[SW1-ip-pool-vlan20]gateway-list 192.168.20.254
[SW1-ip-pool-vlan20]dns-list 2.2.2.2
[SW1-ip-pool-vlan20]excluded-ip-address 192.168.20.20
[SW1-ip-pool-vlan20]lease day 0 hour 6
[SW1-ip-pool-vlan20]q
[SW1]interface Vlanif 20
[SW1-Vlanif20]dhcp select global
[SW1-Vlanif20]q
[SW1]ip pool vlan30
[SW1-ip-pool-vlan30]network 192.168.30.0 mask 24
[SW1-ip-pool-vlan30]gateway-list 192.168.30.254
[SW1-ip-pool-vlan30]dns-list 6.6.6.6
[SW1-ip-pool-vlan30]q
[SW1]int Vlanif 30
[SW1-Vlanif30]dhcp select global 更多资源------黑凤梨 (zhangwujistudy) - Gitee.com
