首页
归档
留言板
bilibili追番
爱心箱
友情链接
关于
Search
1
typecho博客追番插件Mo66CnBilifan发布
9,384 阅读
2
华为系统降级
7,825 阅读
3
荣欣路由器刷老毛子固件
6,629 阅读
4
ic卡校园卡改造
5,952 阅读
5
VLAN基础
5,946 阅读
默认分类
Linux
Python
网络&安全
折腾记
PHP
随笔记
项目
登录
Search
标签搜索
网络
玩客云
Windows
H3CIE
比赛
Docker
路由器
考试心得
星际蜗牛
nas
网心云
风陌个人博客
累计撰写
55
篇文章
累计收到
320
条评论
首页
栏目
默认分类
Linux
Python
网络&安全
折腾记
PHP
随笔记
项目
页面
归档
留言板
bilibili追番
爱心箱
友情链接
关于
搜索到
1
篇与
比赛
的结果
2022-08-14
校园ICT技能节比赛题目【2022.5】
介绍:本次实验拓扑以及需求都是根据真实项目进行修改而来;考虑到同学们的学习层次以及进度,对其中部分未涉及的地方进行删减和修改;项目: xxx规划【由于涉及到一些图片隐私的问题,本文此处进行了删减】实验拓扑:比赛要求:IP地址已经规划好,无需考虑IP地址配错问题;打开拓扑文件中的配置文件 rs.net 即可打开拓扑开始考试;在比赛时间内完成实验需求,并且写出实验文档,要求如下:命名规范19网安1-xxx 19云2-张三 19云3-李四格式以word文档的方式提交,按照每个实验要求,在每个要求下面写下自己的配置命令。拓扑介绍:PC7 , PC10属于技术部vlan10,PC8 , PC9属于财务部vlan20;SW1,SW2为接入层设备,负责局域网通讯,并且使用高可靠的方式互联;SW3为Vlan10和Vlan20的网关设备;SW3,R4,R5运行OSPF单域,并且R4,R5分别为联通电信的出口,保证网络的可靠性;其中R6为Inernet互联网设备。实验要求:局域网中存在 Vlan10和Vlan20 两个业务 VLAN,Vlan10 和 Vlan20IP 网段分别对应 192.168.1.0/24 和 192.168.2.0/24,请按需求划分Vlan。[SW1]vlan 10 [SW1‐vlan10] [[SW1‐vlan10]qu [SW1]vlan 20 [SW1‐vlan20]qu [SW1]interface GigabitEthernet 1/0/4 [SW1‐GigabitEthernet1/0/4]port link‐type access [SW1‐GigabitEthernet1/0/4]port access vlan 10 [SW1‐GigabitEthernet1/0/4]qu [SW1]interface GigabitEthernet 1/0/5 [SW1‐GigabitEthernet1/0/5]port link‐type access [SW1‐GigabitEthernet1/0/5]port access vlan 20[SW2]vlan 10 [SW2‐vlan10]qu [SW2]vlan 20 [SW2‐vlan20]qu [SW2]interface GigabitEthernet 1/0/4 [SW2‐GigabitEthernet1/0/4]port link‐type access [SW2‐GigabitEthernet1/0/4]port access vlan 20 [SW2‐GigabitEthernet1/0/4]qu [SW2]interface GigabitEthernet 1/0/5 [SW2‐GigabitEthernet1/0/5]port link‐type access [SW2‐GigabitEthernet1/0/5]port access vlan 10SW1 和 SW2 之间的直连链路上配置静态链路聚合实现链路冗余,提高链路带宽。[SW1]interface Bridge‐Aggregation 1 [SW1‐Bridge‐Aggregation1]qu [SW1]interface GigabitEthernet 1/0/2 [SW1‐GigabitEthernet1/0/2]port link‐aggregation group 1 [SW1‐GigabitEthernet1/0/2]qu [SW1]interface GigabitEthernet 1/0/3 [SW1‐GigabitEthernet1/0/3]port link‐aggregation group 1[SW2]interface Bridge‐Aggregation 1 [SW2‐Bridge‐Aggregation1]qu [SW2]interface GigabitEthernet 1/0/2 [SW2‐GigabitEthernet1/0/2]port link‐aggregation group 1 [SW2‐GigabitEthernet1/0/2]qu [SW2]interface GigabitEthernet 1/0/3 [SW2‐GigabitEthernet1/0/3]port link‐aggregation group 1所有交换机相连的端口配置为 Trunk,允许相关流量通过[SW1]interface Bridge‐Aggregation 1 [SW1‐Bridge‐Aggregation1]port link‐type trunk [SW1‐Bridge‐Aggregation1]port trunk permit vlan 10 20 [SW1‐Bridge‐Aggregation1]qu [SW1]interface GigabitEthernet 1/0/1 [SW1‐GigabitEthernet1/0/1]port link‐type trunk [SW1‐GigabitEthernet1/0/1]port trunk permit vlan 10 20[SW2]interface Bridge‐Aggregation 1 [SW2‐Bridge‐Aggregation1]port link‐type trunk [SW2‐Bridge‐Aggregation1]port trunk permit vlan 10 20 [SW2‐Bridge‐Aggregation1]qu [SW2]interface GigabitEthernet 1/0/1 [SW2‐GigabitEthernet1/0/1]port link‐type trunk [SW2‐GigabitEthernet1/0/1]port trunk permit vlan 10 20[SW3]interface GigabitEthernet 1/0/1 [SW3‐GigabitEthernet1/0/1]port link‐type trunk [SW3‐GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW3‐GigabitEthernet1/0/1]qu [SW3]interface GigabitEthernet 1/0/2 [SW3‐GigabitEthernet1/0/2]port link‐type trunk [SW3‐GigabitEthernet1/0/2]port trunk permit vlan 10 20SW1,SW2 和 SW3 运行的生成树版本为STP,并修改cost值,使阻塞端口在SW2的g0/1口上。[SW1]stp mode stp [SW1]display stp brief MST ID Port Role STP State Protection 0 Bridge‐Aggregation1 DESI FORWARDING NONE 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARDING NONE[SW2]stp mode stp [SW2]display stp brief MST ID Port Role STP State Protection 0 Bridge‐Aggregation1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARDING NONE[SW3]stp mode stp [SW3]display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 ALTE DISCARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE//阻塞端口不符合要求,修改阻塞端口 [SW3]stp priority 0 [SW2]interface GigabitEthernet 1/0/1 [SW2‐GigabitEthernet1/0/1]stp cost 400按图在R4,R5和SW3 上配置OSPF单域,宣告业务网段使全网互通;其中SW3的Vlan100 和 Vlan200 分别是和R4, R5来建立OSPF邻居用的(15分)//划分端口,让三层接口UP [SW3]interface GigabitEthernet 1/0/3 [SW3‐GigabitEthernet1/0/3]port link‐type access [SW3‐GigabitEthernet1/0/3]port access vlan 100 [SW3‐GigabitEthernet1/0/3]qu [SW3]interface GigabitEthernet 1/0/4 [SW3‐GigabitEthernet1/0/4]port link‐type access [SW3‐GigabitEthernet1/0/4]port access vlan 200 //配置OSPF [SW3]ospf [SW3‐ospf‐1]area 0 [SW3‐ospf‐1‐area‐0.0.0.0]network 3.3.3.3 0.0.0.0 [SW3‐ospf‐1‐area‐0.0.0.0]network 100.0.11.0 0.0.0.3 [SW3‐ospf‐1‐area‐0.0.0.0]network 100.0.11.4 0.0.0.3 [SW3‐ospf‐1‐area‐0.0.0.0]network 192.168.1.0 0.0.0.255 [SW3‐ospf‐1‐area‐0.0.0.0]network 192.168.2.0 0.0.0.255[R4]ospf [R4‐ospf‐1]area 0 [R4‐ospf‐1‐area‐0.0.0.0]network 4.4.4.4 0.0.0.0 [R4‐ospf‐1‐area‐0.0.0.0]network 100.0.11.0 0.0.0.3 [R4‐ospf‐1‐area‐0.0.0.0]network 100.0.11.8 0.0.0.3[R5]ospf [R5‐ospf‐1]area 0 [R5‐ospf‐1‐area‐0.0.0.0]network 5.5.5.5 0.0.0.0 [R5‐ospf‐1‐area‐0.0.0.0]network 100.0.11.4 0.0.0.3 [R5‐ospf‐1‐area‐0.0.0.0]network 100.0.11.8 0.0.0.3业务网段不允许出现协议报文。(5分)[SW3‐ospf‐1]silent‐interface Vlan‐interface 10 [SW3‐ospf‐1]silent‐interface Vlan‐interface 20R4 ,R5 上配置默认路由指向互联网,并引入到 OSPF;并通过合适的方法使其实现主备,主链路为电信,备用链路为联通;只有当电信链路down后,数业务数据才会通过联通链路访问互联网。[R4]ip route‐static 0.0.0.0 0 200.1.1.2 preference 200 [R4‐ospf‐1]default‐route‐advertise cost 5000 [R5]ip route‐static 0.0.0.0 0 200.2.2.2 [R5‐ospf‐1]default‐route‐advertise在R4,R5上分别配置 EASY IP,保障所有业务网段可以通过R4或者R5访问到互联网。[R4]acl basic 2000 [R4‐acl‐ipv4‐basic‐2000]rule permit source 192.168.1.0 0.0.0.255 [R4‐acl‐ipv4‐basic‐2000]rule permit source 192.168.2.0 0.0.0.255 [R4]interface Serial 1/0 [R4‐Serial1/0]nat outbound 2000[R5]acl basic 2000 [R5‐acl‐ipv4‐basic‐2000]rule permit source 192.168.1.0 0.0.0.255 [R5‐acl‐ipv4‐basic‐2000]rule permit source 192.168.2.0 0.0.0.255 [R5]interface Serial 1/0 [R5‐Serial1/0]nat outbound 2000R4,R5分别通过单线串行链路连接到互联网,需要配置 PPP,并配置双向 chap 验证。[R6]local‐user r4 class network New local user added. [R6‐luser‐network‐r4]password simple 123 [R6‐luser‐network‐r4]service‐type ppp [R6]local‐user r5 class network New local user added. [R6‐luser‐network‐r5]password simple 123 [R6‐luser‐network‐r5]service‐type ppp //开启ppp验证 [R6]interface Serial 1/0 [R6‐Serial1/0]ppp authentication‐mode chap [R6‐Serial1/0]ppp chap user r6 [R6‐Serial1/0]qu [R6]interface Serial 2/0 [R6‐Serial2/0]pp authentication‐mode chap [R6‐Serial2/0]ppp chap user r6//配置R4 [R4]local‐user r6 class network New local user added. [R4‐luser‐network‐r6]password simple 123 [R4‐luser‐network‐r6]service‐type ppp [R4‐luser‐network‐r6]qu [R4]interface Serial 1/0 [R4‐Serial1/0]ppp authentication‐mode chap [R4‐Serial1/0]ppp chap user r4//配置R5 [R5]local‐user r6 class network New local user added. [R5‐luser‐network‐r6]password simple 123 [R5‐luser‐network‐r6]service‐type ppp [R5‐luser‐network‐r6]qu [R5]interface Serial 1/0 [R5‐Serial1/0]ppp authentication‐mode chap [R5‐Serial1/0]ppp chap user r5R5开启 TELNET 远程管理,使用用户 mo66.cn 登录,密码666 ,权限为最高;并且只允许技术部远程管理 R5。[R5]local‐user mo66.cn class manage New local user added. [R5‐luser‐manage‐huaxia]password simple 666 [R5‐luser‐manage‐huaxia]service‐type telnet [R5‐luser‐manage‐huaxia]qu [R5]telnet server enable [R5]user‐interface vty 0 4 [R5‐line‐vty0‐4]authentication‐mode scheme [R5‐line‐vty0‐4]user‐role level‐15 //配置acl只允许技术部管理R5 [R5]acl basic 2001 [R5‐acl‐ipv4‐basic‐2001]rule permit source 192.168.1.0 0.0.0.255 [R5‐acl‐ipv4‐basic‐2001]qu [R5]telnet server acl 200交卷交卷~
2022年08月14日
475 阅读
2 评论
0 点赞