搜索到
1
篇与
比赛
的结果
-
校园ICT技能节比赛题目【2022.5】 介绍:本次实验拓扑以及需求都是根据真实项目进行修改而来;考虑到同学们的学习层次以及进度,对其中部分未涉及的地方进行删减和修改;项目: xxx规划【由于涉及到一些图片隐私的问题,本文此处进行了删减】实验拓扑:比赛要求:IP地址已经规划好,无需考虑IP地址配错问题;打开拓扑文件中的配置文件 rs.net 即可打开拓扑开始考试;在比赛时间内完成实验需求,并且写出实验文档,要求如下:命名规范19网安1-xxx 19云2-张三 19云3-李四格式以word文档的方式提交,按照每个实验要求,在每个要求下面写下自己的配置命令。拓扑介绍:PC7 , PC10属于技术部vlan10,PC8 , PC9属于财务部vlan20;SW1,SW2为接入层设备,负责局域网通讯,并且使用高可靠的方式互联;SW3为Vlan10和Vlan20的网关设备;SW3,R4,R5运行OSPF单域,并且R4,R5分别为联通电信的出口,保证网络的可靠性;其中R6为Inernet互联网设备。实验要求:局域网中存在 Vlan10和Vlan20 两个业务 VLAN,Vlan10 和 Vlan20IP 网段分别对应 192.168.1.0/24 和 192.168.2.0/24,请按需求划分Vlan。[SW1]vlan 10 [SW1‐vlan10] [[SW1‐vlan10]qu [SW1]vlan 20 [SW1‐vlan20]qu [SW1]interface GigabitEthernet 1/0/4 [SW1‐GigabitEthernet1/0/4]port link‐type access [SW1‐GigabitEthernet1/0/4]port access vlan 10 [SW1‐GigabitEthernet1/0/4]qu [SW1]interface GigabitEthernet 1/0/5 [SW1‐GigabitEthernet1/0/5]port link‐type access [SW1‐GigabitEthernet1/0/5]port access vlan 20[SW2]vlan 10 [SW2‐vlan10]qu [SW2]vlan 20 [SW2‐vlan20]qu [SW2]interface GigabitEthernet 1/0/4 [SW2‐GigabitEthernet1/0/4]port link‐type access [SW2‐GigabitEthernet1/0/4]port access vlan 20 [SW2‐GigabitEthernet1/0/4]qu [SW2]interface GigabitEthernet 1/0/5 [SW2‐GigabitEthernet1/0/5]port link‐type access [SW2‐GigabitEthernet1/0/5]port access vlan 10SW1 和 SW2 之间的直连链路上配置静态链路聚合实现链路冗余,提高链路带宽。[SW1]interface Bridge‐Aggregation 1 [SW1‐Bridge‐Aggregation1]qu [SW1]interface GigabitEthernet 1/0/2 [SW1‐GigabitEthernet1/0/2]port link‐aggregation group 1 [SW1‐GigabitEthernet1/0/2]qu [SW1]interface GigabitEthernet 1/0/3 [SW1‐GigabitEthernet1/0/3]port link‐aggregation group 1[SW2]interface Bridge‐Aggregation 1 [SW2‐Bridge‐Aggregation1]qu [SW2]interface GigabitEthernet 1/0/2 [SW2‐GigabitEthernet1/0/2]port link‐aggregation group 1 [SW2‐GigabitEthernet1/0/2]qu [SW2]interface GigabitEthernet 1/0/3 [SW2‐GigabitEthernet1/0/3]port link‐aggregation group 1所有交换机相连的端口配置为 Trunk,允许相关流量通过[SW1]interface Bridge‐Aggregation 1 [SW1‐Bridge‐Aggregation1]port link‐type trunk [SW1‐Bridge‐Aggregation1]port trunk permit vlan 10 20 [SW1‐Bridge‐Aggregation1]qu [SW1]interface GigabitEthernet 1/0/1 [SW1‐GigabitEthernet1/0/1]port link‐type trunk [SW1‐GigabitEthernet1/0/1]port trunk permit vlan 10 20[SW2]interface Bridge‐Aggregation 1 [SW2‐Bridge‐Aggregation1]port link‐type trunk [SW2‐Bridge‐Aggregation1]port trunk permit vlan 10 20 [SW2‐Bridge‐Aggregation1]qu [SW2]interface GigabitEthernet 1/0/1 [SW2‐GigabitEthernet1/0/1]port link‐type trunk [SW2‐GigabitEthernet1/0/1]port trunk permit vlan 10 20[SW3]interface GigabitEthernet 1/0/1 [SW3‐GigabitEthernet1/0/1]port link‐type trunk [SW3‐GigabitEthernet1/0/1]port trunk permit vlan 10 20 [SW3‐GigabitEthernet1/0/1]qu [SW3]interface GigabitEthernet 1/0/2 [SW3‐GigabitEthernet1/0/2]port link‐type trunk [SW3‐GigabitEthernet1/0/2]port trunk permit vlan 10 20SW1,SW2 和 SW3 运行的生成树版本为STP,并修改cost值,使阻塞端口在SW2的g0/1口上。[SW1]stp mode stp [SW1]display stp brief MST ID Port Role STP State Protection 0 Bridge‐Aggregation1 DESI FORWARDING NONE 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARDING NONE[SW2]stp mode stp [SW2]display stp brief MST ID Port Role STP State Protection 0 Bridge‐Aggregation1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARDING NONE[SW3]stp mode stp [SW3]display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 ALTE DISCARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE//阻塞端口不符合要求,修改阻塞端口 [SW3]stp priority 0 [SW2]interface GigabitEthernet 1/0/1 [SW2‐GigabitEthernet1/0/1]stp cost 400按图在R4,R5和SW3 上配置OSPF单域,宣告业务网段使全网互通;其中SW3的Vlan100 和 Vlan200 分别是和R4, R5来建立OSPF邻居用的(15分)//划分端口,让三层接口UP [SW3]interface GigabitEthernet 1/0/3 [SW3‐GigabitEthernet1/0/3]port link‐type access [SW3‐GigabitEthernet1/0/3]port access vlan 100 [SW3‐GigabitEthernet1/0/3]qu [SW3]interface GigabitEthernet 1/0/4 [SW3‐GigabitEthernet1/0/4]port link‐type access [SW3‐GigabitEthernet1/0/4]port access vlan 200 //配置OSPF [SW3]ospf [SW3‐ospf‐1]area 0 [SW3‐ospf‐1‐area‐0.0.0.0]network 3.3.3.3 0.0.0.0 [SW3‐ospf‐1‐area‐0.0.0.0]network 100.0.11.0 0.0.0.3 [SW3‐ospf‐1‐area‐0.0.0.0]network 100.0.11.4 0.0.0.3 [SW3‐ospf‐1‐area‐0.0.0.0]network 192.168.1.0 0.0.0.255 [SW3‐ospf‐1‐area‐0.0.0.0]network 192.168.2.0 0.0.0.255[R4]ospf [R4‐ospf‐1]area 0 [R4‐ospf‐1‐area‐0.0.0.0]network 4.4.4.4 0.0.0.0 [R4‐ospf‐1‐area‐0.0.0.0]network 100.0.11.0 0.0.0.3 [R4‐ospf‐1‐area‐0.0.0.0]network 100.0.11.8 0.0.0.3[R5]ospf [R5‐ospf‐1]area 0 [R5‐ospf‐1‐area‐0.0.0.0]network 5.5.5.5 0.0.0.0 [R5‐ospf‐1‐area‐0.0.0.0]network 100.0.11.4 0.0.0.3 [R5‐ospf‐1‐area‐0.0.0.0]network 100.0.11.8 0.0.0.3业务网段不允许出现协议报文。(5分)[SW3‐ospf‐1]silent‐interface Vlan‐interface 10 [SW3‐ospf‐1]silent‐interface Vlan‐interface 20R4 ,R5 上配置默认路由指向互联网,并引入到 OSPF;并通过合适的方法使其实现主备,主链路为电信,备用链路为联通;只有当电信链路down后,数业务数据才会通过联通链路访问互联网。[R4]ip route‐static 0.0.0.0 0 200.1.1.2 preference 200 [R4‐ospf‐1]default‐route‐advertise cost 5000 [R5]ip route‐static 0.0.0.0 0 200.2.2.2 [R5‐ospf‐1]default‐route‐advertise在R4,R5上分别配置 EASY IP,保障所有业务网段可以通过R4或者R5访问到互联网。[R4]acl basic 2000 [R4‐acl‐ipv4‐basic‐2000]rule permit source 192.168.1.0 0.0.0.255 [R4‐acl‐ipv4‐basic‐2000]rule permit source 192.168.2.0 0.0.0.255 [R4]interface Serial 1/0 [R4‐Serial1/0]nat outbound 2000[R5]acl basic 2000 [R5‐acl‐ipv4‐basic‐2000]rule permit source 192.168.1.0 0.0.0.255 [R5‐acl‐ipv4‐basic‐2000]rule permit source 192.168.2.0 0.0.0.255 [R5]interface Serial 1/0 [R5‐Serial1/0]nat outbound 2000R4,R5分别通过单线串行链路连接到互联网,需要配置 PPP,并配置双向 chap 验证。[R6]local‐user r4 class network New local user added. [R6‐luser‐network‐r4]password simple 123 [R6‐luser‐network‐r4]service‐type ppp [R6]local‐user r5 class network New local user added. [R6‐luser‐network‐r5]password simple 123 [R6‐luser‐network‐r5]service‐type ppp //开启ppp验证 [R6]interface Serial 1/0 [R6‐Serial1/0]ppp authentication‐mode chap [R6‐Serial1/0]ppp chap user r6 [R6‐Serial1/0]qu [R6]interface Serial 2/0 [R6‐Serial2/0]pp authentication‐mode chap [R6‐Serial2/0]ppp chap user r6//配置R4 [R4]local‐user r6 class network New local user added. [R4‐luser‐network‐r6]password simple 123 [R4‐luser‐network‐r6]service‐type ppp [R4‐luser‐network‐r6]qu [R4]interface Serial 1/0 [R4‐Serial1/0]ppp authentication‐mode chap [R4‐Serial1/0]ppp chap user r4//配置R5 [R5]local‐user r6 class network New local user added. [R5‐luser‐network‐r6]password simple 123 [R5‐luser‐network‐r6]service‐type ppp [R5‐luser‐network‐r6]qu [R5]interface Serial 1/0 [R5‐Serial1/0]ppp authentication‐mode chap [R5‐Serial1/0]ppp chap user r5R5开启 TELNET 远程管理,使用用户 mo66.cn 登录,密码666 ,权限为最高;并且只允许技术部远程管理 R5。[R5]local‐user mo66.cn class manage New local user added. [R5‐luser‐manage‐huaxia]password simple 666 [R5‐luser‐manage‐huaxia]service‐type telnet [R5‐luser‐manage‐huaxia]qu [R5]telnet server enable [R5]user‐interface vty 0 4 [R5‐line‐vty0‐4]authentication‐mode scheme [R5‐line‐vty0‐4]user‐role level‐15 //配置acl只允许技术部管理R5 [R5]acl basic 2001 [R5‐acl‐ipv4‐basic‐2001]rule permit source 192.168.1.0 0.0.0.255 [R5‐acl‐ipv4‐basic‐2001]qu [R5]telnet server acl 200交卷交卷~
