Chapter 1 Understanding Packet Tracer Software...1
Chapter II Basic Configuration and Management of Switches...2
Chapter III Port Configuration and Management of Switches...3
Chapter IV Telnet Remote Logon Configuration for Switches...5
Chapter V Port Aggregation Configuration for Switches...7
Chapter VI Switch Partitioning VLAN Configuration...9
Chapter 7 Basic Configuration of Layer 3 Switches...
Chapter VIII Routing Between VLAN s Using Three-Layer Switches...
Chapter 9 Quick Spanning Tree Configuration...16
CHAPTER X BASIC CONFIGURATION OF ROUTERS...19
Chapter 11 Router One-arm Routing Configuration...21
Chapter 12 Router Static Routing Configuration...23
Chapter 13 Router RIP Dynamic Routing Configuration...25
Chapter 14 Router OSPF Dynamic Routing Configuration...28
Chapter 15 Router Integrated Routing Configuration...31
Chapter 16 Configuration of Standard IP Access Control Lists...34
Chapter 17 Extended IP Access Control List Configuration...
Chapter 18 NAT Configuration for Network Address Translation...
Chapter 19 Network Port Address Translation NAPT Configuration...41
Chapter 1 Understanding Packet Tracer Software
Introduction to Packet Tracer
Packet Tracer is an analog software developed by Cisco for CCNA certification to design, configure, and troubleshoot networks.
The Packer Tracer simulator software is more powerful than Boson, simpler than Dynamips, and is ideal for beginners of network devices.
learning tasks
1,install Packer Tracer; 2,Using a switch with a model 2960, set 2 pc Interconnect computers to form a small local area network. 3,Set up separately pc Machine ip Address; 4,Verification pc They can communicate with each other.
Experimental equipment
Switch_ 29601; PC 2; straight-through
PC1
IP: 192.168.1.2 submask: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.1.3 submask: 255.255.255.0 Gateway: 192.168.1.1
PC1 ping PC2 Reply
PC2 ping PC1 Reply
PC2 ping Gateway Timeout
Chapter II Basic Configuration and Management of Switches
Experimental Objectives
Master configuration management of basic switch information.
Experimental Background
A company has entered a new batch of switches, which are initially configured and managed after being put into the network. As a network administrator, you perform basic configuration and management of switches.
Technical Principles
Switches are managed in two basic ways: in-band management and out-of-band management.
Managing switches through the Console port of the switch is out-of-band management; This management method does not take up the network port of the switch, and the switch must be configured with the Console port for the first time.
In-band management through Telnet, dial-up, etc.
The command line operation modes of the switch mainly include:
User Mode Switch>
Privileged Mode Switch#
Global Configuration Mode Switch(config)#
Port Mode Switch(config-if)#
Experimental steps:
New Packet Tracer Topology
Understanding switch command line
Enter privileged mode (en)
Enter global configuration mode (conf t)
Enter switch port view mode (int f0/1)
Return to superior mode (exit)
Return to privileged mode (end) from global
Help information (e.g.?, co?, copy?)
Command abbreviations (such as conf t)
Command autocompletion (Tab)
Shortcut keys (ctrl+c interrupts the test, ctrl+z falls back to privileged view)
Reload restart. (in privileged mode)
Modify switch name (hostname X)
Experimental equipment
Switch_2960 1 Taiwan; PC 1 Taiwan; Configuration line;
PC Console Port
Switch>enable Switch#conf t Switch(config)#hostname X Switch(config)#interface fa 0/1 Switch(config-if)#end Use tab Key, command abbreviation, help command?
Chapter III Port Configuration and Management of Switches
Experimental Objectives
Master configuration management of basic switch information.
Experimental Background
A company has entered a batch of new switches, which are initially configured and managed after being put into the network. As a network administrator, you configure and manage the ports of the switches.
Technical Principles
Switches are managed in two basic ways: in-band management and out-of-band management.
Managing switches through the Console port of the switch is out-of-band management; This management method does not take up the network port of the switch, and the switch must be configured with the Console port for the first time.
The command line operation modes of the switch mainly include:
User Mode Switch>
Privileged Mode Switch#
Global Configuration Mode Switch(config)#
Port Mode Switch(config-if)#
Experimental steps:
New Packet Tracer Topology
Understanding switch port configuration command line
Modify switch name (hostname X)
Configure switch port parameters (speed,duplex)
View switch version information (show version)
View currently active configuration information (show running-config)
View boot configuration information saved in NVRAM (show startup-config)
View port information Switch#show interface
View the switch's MAC address table Switch#show mac-address-table
Select a port Switch(config)# interface type mod/port (type indicates the port type, usually ethernet, Fastethernet, Gigabitethernet) (mod indicates the module in which the port is located, port represents the number in the module) for example interface fastethernet0/1
Select multiple ports Switch(config)#interface type mod/startport-endport
Set port communication speed Switch(config-if)#speed [10/100/auto]
Set Port Single Duplex Mode Switch (config-if)#duplex [ha f/fu/auto]
There are many passwords in switches and routers. Setting these passwords can effectively improve the security of devices.
switch(config)# enable password ****** Set password to privileged mode
Switch (config-line) can set the password required to connect the device and Telnet to the remote login through the Console port;
switch(config)# line Console 0 indicates the configuration console line, 0 is the line number of the console.
Switch (config-line)# login is used to turn on login authentication.
Switch(config-line)# password 5ijsj //Set password for console access
If the switch is set to a specific speed other than auto, care should be taken to ensure that both sides of the communication have the same settings.
Important: When configuring a switch, pay attention to the matching of the single-duplex mode of the switch port. If one end of the link is set to full-duplex and the other end is negotiated automatically, it will result in poor response and high error rate. Packet loss will be serious. Usually both ends are set to the same mode.
Experimental equipment
Switch_2960 1 Taiwan; PC 1 Taiwan; Configuration line; Straight Line
PC console port
Switch>enable Switch#conf t Switch(config)#hostname S2960 S2960(config)#interface fa 0/1 S2960(config-if)#speed 100 S2960(config-if)#duplex full S2960(config-if)#exit At the same time, the PC Network Card Changed to Full Duplex Mode, 100 M Rate, otherwise link is blocked S2960(config)#hostname switch Switch(config)#exit Switch#show version Switch#show run Switch#show interface Switch#show mac-address-table Switch#config t Switch(config)#Enable password cisco//activate privileged mode password is Cisco Switch(config)#no enable password //Unprivileged mode password Switch(config)# line Console 0 Switch(config- line)#password cisco Switch(config- line)# login Switch(config- line)#no password//Cancel password
Chapter IV Configuration of Telnet Remote Logon for Switches
Experimental Objectives
Master how to configure switches in Telnet mode.
Experimental Background
After first configuring the switch in the device room, you want to be able to remotely manage the device later in the office or on business trips. Now you need to configure it properly on the switch.
Technical Principles
Configure the managed IP address of the switch (the IP address of the computer is in the same network segment as the managed IP address of the switch):
In Layer 2 switches, IP addresses are used only for remote login management switches and are not required for the operation of the switches. However, if there is no configuration management IP address, the switches can only be locally configured and managed using the control port Console.
By default, all ports of a switch are VLAN1, which is automatically created and managed by the switch. Each VLAN has only one active administrative address, so before setting an administrative address for a Layer 2 switch, you should first select the VLAN1 interface, then use the IP address configuration command to set the administrative IP address.
Configure the user name and login password for telnet users:
There are many passwords in switches and routers. Setting these passwords can effectively improve the security of devices.
switch(config)# line vty 0 4 indicates that a remote login line is configured, and 0~4 is the line number of the remote login.
Switch (config-line)# login local is used to turn on login authentication.
Switch(config-line)# password 5ijsj //Set password for remote login access
Experimental steps
New Packet Tracer Topology
Configure switch management ip address
Switch(config)# int VLAN 1
Switch(config-if)# ip address IP submask*
Configure user login password
Switch(config)# enable password *****Set password to privileged mode
Switch(config)# line vty 0 4
Switch(config- line)# password 5ijsj
Switch(config- line)# login
Experimental equipment
Switch_ 29601; PC 1; Direct connection; Configuration Line
PC0 Settings
192.168.1.2 255.255.255.0 192.168.1.1
PC1 Settings
192.168.1.3 255.255.255.0 192.168.1.1
Terminal on PC0 Desktop
Switch>En //enable Switch#Conf t // Enter global configuration mode Switch(config)#enable password 123456
Switch(config)#inter VLAN 1 (all ports of the default switch are in VLAN1)//Create and enter the interface view of VLAN 1
Switch(config-if)#ip address 192.168.1.1 255.255.255.0//Configure switch remotely managed IP address on VLAN 1 interface Switch(config-if)#no shutdown //open interface Switch(config-if)#exit//Back to global configuration mode Switch(config)#username xjc password 123
Switch(config)# line vty 0 4 // Enter remote login user management view, 0-4 users
Switch(config)# password 5ijsj
Switch (config-line)# login //Turn on login authentication
Switch (config-line)#privilege Level 3 //Configure the highest level of privilege 3 for remote login users
Switch(config- line)#end //Exit to Privileged Mode Switch#show run //Show current switch configuration
CMD in PC0 Desktop Tab, Command Prompt
ping 192.168.1.1 //After success, move on to the next step telnet 192.168.1.1 input password:5ijsj //Logon successful, enter user mode Switch>Enable//enable Switch#
CMD in PC1 Desktop Tab, Command Prompt
ping 192.168.1.1 //Success, go on to the next step telnet 192.168.1.1 input password:5ijsj Switch>Enable//enable Switch#
Chapter V Port Aggregation Configuration for Switches
Experimental Objectives
Understand the basic principles of port aggregation;
Master the configuration method of general switch port aggregation;
Experimental Background
Port aggregation, also known as link aggregation, physically connects multiple ports on a switch and logically bundles them together to form a port with a larger broadband to share load and provide redundant links.
Technical Principles
Port aggregation uses the EtherChannel feature to provide redundant, high-speed connections between switches. Bundles together multiple FastEthernet or Gigabit Ethernet physical links between two devices to form a logical link between devices, thereby increasing bandwidth and providing redundancy.
Both switches have a 100M rate to the computer. Although there are two 100M physical channels connecting between SW1 and SW2, only 100M is available for tree generation. Links between switches can easily form bottlenecks. Using port aggregation technology, two 100M links are aggregated into a 200M logical link. When one link fails, the other link will continue to work.
An S2000 Series Ethernet switch can only have one convergence group, and a convergence group can have up to four ports. The port numbers within the group must be continuous, but there are no special requirements for the starting port.
In a port sink group, the smallest port number acts as the primary port, while the other acts as the member port. The link type of a member port in the same sink group is consistent with the link type of the primary port, that is, if the primary port is a Trunk port, the member port is also a Trunk port; if the link type of the primary port is changed to an Access port, the link type of the member port becomes Access. Port.
All ports participating in aggregation must work in full duplex mode at the same rate to aggregate. Aggregation functions need to be configured at both ends of the link to work.
The main applications of port aggregation are:
Connection between switches: A junction layer switch to a core layer switch or a core layer switch.
Connection between switches and servers: Cluster servers provide centralized access by connecting to switches using multiple network cards.
Connection between switches and routers: Switches and routers use port aggregation to resolve WAN and LAN connectivity bottlenecks.
Connections between servers and routers: Cluster servers provide centralized access by connecting to routers using multiple network cards
View: Global Configuration Mode
Command:
interface range interface_name1 to interface_name2
Switchport mode trunk
channel-group 1 mode on joins Link Group 1 and opens
Parameters:
_interface_name1: aggregation start port
_interface_name2: Aggregation end port.
_trunk indicates that the port can forward all VLAN packets
_Combines two or more physical ports into a logical path, the link channel-group, which also forms a logical port-channel (as a whole)
The switchport mode access is directly connected to the host, and all the interfaces in the VLAN belong to are access
The interface of the switchport mode trunk trunk mode l can transmit multiple VLAN information at the same time.
trunk mode is commonly used in two SWITCH and ROUTER, switch and switch
Privileged mode
Switch#show EtherChannel summary: Displays information about the relevant convergence port group;
Experimental equipment
Switch_ 29602; PC 4; straight-through
Switch0: Operation Specific
Switch>
Switch#config t
Switch(config)#interface range f0/1-2
Switch(config-if-range)#Switchport mode trunk //Set port mode to trunk
Switch(config-if-range)# channel-group 1 mode on //join link group 1 and open
Switch(config-if-range)#exit
Switch(config)#port-channel load-balance dst-ip //Distribution according to destination host IP address data for load balancing
Switch(config)#exit
Switch#show EtherChannel summary
Switch1: Operation Specific
Switch>
Switch#config t
Switch(config)#interface range f0/1-2
Switch(config-if-range)#Switchport mode trunk //Set port mode to trunk
Switch(config-if-range)# channel-group 1 mode on //join link group 1 and open
Switch(config-if-range)#exit
Switch(config)#port-channel load-balance dst-ip //Distribution according to destination host IP address data for load balancing of Ethernet channel group
Switch(config)#exit
Switch#show EtherChannel summary //Show Ethernet channel group status
PC0 Settings
192.168.1.2 255.255.255.0
PC1 Settings
192.168.1.3 255.255.255.0
PC0 ping PC1 Reply
PC1 ping PC0 Reply
Chapter VI Switch Partitioning VLAN Configuration
Experimental Objectives
Understand the basic configuration of virtual AN(VLAN);
Master the configuration method of VLAN s divided by ports for general switches.
Master Tag VLAN configuration method.
Experimental Background
The PC of Finance and sales department in a company communicates through two switches. The PCs of the Finance and Sales departments are required to communicate, but for data security purposes, the Sales and Finance departments need to be isolated from each other and are now properly configured on the switches to achieve this goal.
Technical Principles
A VLAN is a physical network segment. Logically divide the VLANs into several virtual local area networks. The large VLANs are flexible and independent of physical location. VLANs have the characteristics of a physical network segment. Hosts in the same VLAN can communicate directly with each other. Hosts in different VLANs must forward their access to each other through a routing device. Broadcast packets can only be broadcast within this VLAN and cannot be transmitted to other VLANs.
Port VLAN is one of the ways to implement VLAN. It uses the port of the switch to divide the VLAN. A port can only belong to one VLAN.
Tag VLANs are another type of switch port-based, which allows direct access between hosts within the same VLAN of a switch while isolating hosts of different VLANs. Tag VLAN follows the standard of IEEE802.1Q protocol. When using the port configured with Tag VLAN for data transmission, 8021.Q tag information of 4 bytes is added to the data frame to indicate which VLAN the data frame belongs to, so that the end switch can filter the data frame accurately after receiving it.
Experimental steps
Create a new Packet Tracer topology diagram;
Divide VLAN;
Divide the ports into corresponding VLAN s;
Set Tag VLAN Trunk property;
test
Experimental equipment
Switch_ 29602; PC 4; straight-through
PC1
IP: 192.168.1.2 Submark: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.1.3 Submark: 255.255.255.0 Gateway: 192.168.1.1
PC3
IP: 192.168.1.4 Submark: 255.255.255.0 Gateway: 192.168.1.1
PC4
IP: 192.168.1.5 Submark: 255.255.255.0 Gateway: 192.168.1.1
Switch1
Switch>en Switch#conf t Switch(config)#VLAN 2 Switch(config-VLAN)#exit Switch(config)#VLAN 3 Switch(config-VLAN)#exit Switch(config)#inter fa 0/1 Switch(config-if)#switch access VLAN 2 Switch(config-if)#exit Switch(config)#inter fa 0/2 Switch(config-if)#switch access VLAN 3 Switch(config-if)#exit Switch(config)#inter fa 0/24 Switch(config-if)#switch mode trunk Switch(config-if)#end Switch#show VLAN
Switch2
Switch>en Switch#conf t Switch(config)#vlan 2 Switch(config-vlan)#exit Switch(config)#VLAN 3 Switch(config-VLAN)#exit Switch(config)#int fa 0/1 Switch(config-if)#switch access VLAN 2 Switch(config-if)#exit Switch(config)#int fa 0/2 Switch(config-if)#switch access VLAN 3 Switch(config-if)#exit Switch(config)#int fa 0/24 Switch(config-if)#switch mode trunk Switch(config-if)#end Switch#show VLAN
PC1 ping PC2 timeout
PC1 ping PC3 Reply
Chapter VII Basic Configuration of Layer 3 Switches
Experimental Objectives
Understand the basic principles of a three-layer switch;
Master the configuration method of three-layer switch physical port opening routing function;
Experimental Background
The company has a three-tier switch which requires you to test whether the three-tier function of the switch is working properly.
Technical Principles
* Turn on Routing
• Switch(config)#ip routing
• Switch (config)#interface fastEthernet 0/5
• Switch (config-if)#no switchport
• Switch (config-if)#ip address 192.168.1.1 255.255.255.0
• Switch (config-if)#no shutdown
• Switch (config-if)#end
* Configure routing capabilities for three-tier switch ports
If you have a three-tier switch, you can use the no switchport command.
A three-tier switch is a switch with three-tier routing. That is, the port of this switch has both three-tier routing and two-tier switching functions. The three-tier switch port defaults to the two-tier port, where you need to enter the no switchport command if you need to enable the three-tier functionality. The no switchport command is not used if it is a two-tier switch.
Experimental equipment
Switch 35601, PC1, Direct Line, Configuration Line
PC0 Settings
192.168.1.2 255.255.255.0
Terminal on PC0 Desktop
Switch>en
Switch#config t
Switch(config)#hostname S3550
S3550(config)#ip routing //Turn on Routing
S3550(config)#interface fastEthernet 0/5
S3550(config-if)#no switchport //The port enables three-tier routing
S3550(config-if)#ip address 192.168.5.1 255.255.255.0 //Configure IP address
S3550(config-if)#no shutdown //Open port
S3550(config-if)#end
S3550#
Think Question: Connect different VLAN s by fixing IP addresses with routing capabilities of three-tier switches?
Chapter VIII Routing Between VLAN s Using Three-Layer Switches
Experimental Objectives
Master Switch Tag VLAN Configuration
Master the basic configuration method of three-layer switches;
Master the configuration method of three-layer switch VLAN routing;
VLAN s communicate with each other through three-layer switches.
Experimental Background
An enterprise has two main departments, Technical Department and Sales Department, which are located in different offices. For security and easy management, the hosts of the two departments are divided into VLANs. Technology Department and Sales Department are located in different VLANs. First, because of business needs, the hosts of Sales Department and Technical Department can access each other and obtain corresponding resources. The switches of the two departments are connected through a three-tier switch.
Technical Principles
Layer 3 switches have the function of network layer, and the principle of VLANs mutual access is: using the routing function of layer 3 switches, by identifying the IP address of the packets, looking up the routing table for routing forwarding, layer 3 switches use direct connection routing to achieve mutual access between different VLANs. Layer 3 switches configure IP addresses for interfaces. The interconnection between VLANs is achieved by using SVI (Switched Virtual Interface). SVI refers to creating virtual interfaces for VLANs in switches and configuring IP addresses.
Experimental steps
New packet tracer topology
(1) Configure VLAN2 and VLAN3 on the Layer 2 switch and divide port 2 and 3 into VLAN2 and VLAN3 respectively.
(2) Define the tag VLAN mode for the port fa 0/1 that connects the Layer 2 switch to the Layer 3 switch.
(3) Configuring VLAN2 and VLAN3 on a three-layer switch verifies that the hosts under the two-layer switch VLAN2 and VLAN3 cannot communicate with each other.
(4) Set up the communication between VLANs of three-layer switches, create virtual interfaces of VLAN2 and VLAN3, and configure IP addresses of virtual interfaces of VLAN2 and VLAN3.
(5) View the three-layer switch routing table.
(6) Set the default Gateway of the host under Layer 2 switch VLAN2 and VLAN3 as the IP address of the corresponding virtual interface.
(7) Verify that the two-tier switch VLAN2 and the hosts under VLAN3 can communicate with each other.
First, set the interface IP addresses of each VLAN on the three-layer switches. A three-tier switch treats VLANs as an interface, just like a router, and then sets IP addresses that are consistent with the network addresses of the respective VLANs on each computer accessing the VLANs, and sets the default Gateway as the interface addresses of the VLANs. In this way, all VLANs can also visit each other.
Experimental equipment
Switch_ 29601; Swithc_ 35601; PC 3; straight-through
PC1
IP: 192.168.1.2 Submark: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.2.2 Submark: 255.255.255.0 Gateway: 192.168.2.1
PC3
IP: 192.168.1.3 Submark: 255.255.255.0 Gateway: 192.168.1.1
PC1 Ping PC3
Ping 192.168.1.3 Reply
PC1 Ping PC2
Ping 192.168.2.2 timeout
S2960
Switch>en Switch#conf t Switch(config )#VLAN 2 Switch(config-VLAN)#exit Switch(config )#VLAN 3 Switch(config-VLAN)#exit Switch(config )#int fa 0/2 Switch(config-if)#switchport access VLAN 2 Switch(config-if)#exit Switch(config )#int fa 0/3 Switch(config-if)#switchport access VLAN 3 Switch(config-if)#exit Switch(config )#int fa 0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#end Switch#show VLAN
S3560
Switch>en Switch#conf t Switch(config )#VLAN 2 //New VLAN 2 Switch(config-VLAN)#exit Switch(config )#VLAN 3 //New VLAN 3 Switch(config-VLAN)#exit
Switch(config) #ip routing //Turn on Routing
Switch(config )#int fa 0/1 // Enter port 1 of module 0
Tag VLAN
Switch(config-if)#switchport trunk encapsulation dot1q //trunk encapsulation for this interface encapsulated in 802.1Q frame format Switch(config-if)#switchport mode trunk //Define the working mode of this interface as trunk Switch(config-if)#exit Switch(config )#int fa 0/2 // Enter port 2 of module 0 Switch(config-if)#switchport access VLAN 2 //Current port join VLAN 2 Switch(config-if)#exit Switch(config )#interface VLAN 2 //Enter VLAN2 Virtual Interface Switch(config-if)#ip address 192.168.1.1 255.255.255.0 //Configure IP address Switch(config-if)#no shutdown //Open the port Switch(config-if)#exit Switch(config )#interface VLAN 3 Switch(config-if)#ip address 192.168.2.1 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#end Switch#show ip route //show routing table Switch#show VLAN //show VLAN information
PC1 Ping PC3
Ping 192.168.1.3 Reply
PC1 Ping PC2
Ping 192.168.2.2 Reply
Chapter IX Configuration of Quick Spanning Trees
Experimental Objectives
Understand how Spanning Tree Protocol works;
Master the basic configuration method of fast spanning tree protocol RSTP;
Experimental Background
In order to carry out computer teaching and network office work, the school establishes a computer classroom and a school office area, where the computer networks are connected by two switches to form an internal campus network. In order to improve the reliability of the network, as a network administrator, you need to use two links to interconnect the switches. Now it is required to configure the switches properly so that the network avoids loops.
Technical Principles
The spanning-tree protocol is used to provide redundant backup links in the switching network and to solve looping problems in the switching network.
The spanning tree protocol generates an attribute network without loops in the network with switch loops by using the SPA algorithm, which logically disconnects the redundant backup link of the switch network. When the main link fails, it can automatically switch to the backup link to ensure the normal forwarding of data.
Spanning Tree Protocol Version: STP, RSTP (Quick Spanning Tree Protocol), MSTP (Multiple Spanning Tree Protocol).
The spanning tree protocol features a long convergence time. It takes 50 seconds to switch from a primary link failure to a backup link.
Fast Spanning Tree adds two port roles to the Spanning Tree protocol, replacing the port or backup port as the root port and the specified port, respectively. When the root port or specified port fails, the redundant port does not need to take 50 seconds to converge, and can be switched directly to the replacement or backup port to achieve fast convergence of the RSTP protocol in less than 1 second.
Implement functionality
Make the network avoid loops and broadcast storms when there are redundant links.
Experimental steps
New packet tracer topology
The STP protocol is enabled by default. Transfers BPDU protocol data units between two switches. Select the root switch, root port, etc. to determine the port's forwarding status. The port marked yellow in the diagram is block ed.
Set up RSTP.
Check the switch show spanning-tree status for information on the status with the switch and the root port.
The role of the switch can be changed by changing the priority spanning-tree VLAN 10 priority 4096 of the switch spanning tree.
Test. When the main link is in the down state, it can automatically switch to the backup link to ensure the normal forwarding of data.
Experimental equipment
Switch_2960 2 Taiwan; PC 2 Taiwan; Direct connection (devices connected)
When connecting the network according to the topology diagram, note that both switches are configured with the Quick Spanning Tree protocol before connecting the two switches
Come. Connecting before configuring can cause a broadcast storm that can affect the normal operation of the switch.
PC1
IP: 192.168.1.2 submask: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.1.3 submask: 255.255.255.0 Gateway: 192.168.1.1
PC1 ping PC2 Reply
S1
Switch>en Switch#show spanning-tree //View configuration information for spanning-tree
StpVersion: RSTP! Version of spanning tree protocol
SysStpStatus: Enabled! Spanning Tree Protocol is running, disab e is off
Priority: 32768! View switch priority
RootCost: 200000! The overhead of reaching the root switch by the switch
RootPort: Fa0/1! View the root port on the switch
perhaps
RootCost: 0! The cost of reaching the root switch, 0 being the root
RootPort: 0! View the root port on the switch, 0 means the switch is the root
Switch#show spanning-tree interface fastEthernet 0/1
! Displays the status of Switch port fastethernet 0/1
PortState : forwarding
!SwitchB Port of fastthernet 0/1 In Forwarding ( forwarding)state
PortRo e: rootPort! View port role as root port
Switch#show spanning-tree interface fastEthernet 0/2
Show the status of Switch port fastethernet 0/2
PortState : discarding
! SwitchB port fastthernet 0/2 is in discarding state
Switch#conf t
Switch(config)#int fa 0/10 Switch(config-if)#switchport access VLAN 10 Switch(config-if)#exit Switch(config)#int rang fa 0/1 - 2 Switch(config-range)#switchport mode trunk Switch(config-range)#exit Switch(config)#spanning-tree mode rapid-pvst //! Specify the type of spanning-tree protocol as RSTP Switch(config)#end
S2
Switch>en Switch#conf t Switch(config)#int fa 0/10 Switch(config-if)#switchport access VLAN 10 Switch(config-if)#exit Switch(config)#int range fa 0/1 - 2 Switch(config-range)#switchport mode turnk Switch(config-range)#exit Switch(config)#spanning-tree mode rapid-pvst Switch(config)#end Switch#show spanning-tree
PC1
Ipconfig /a ping -t 192.168.1.3 Reply
S2
Switch>en Switch#conf t Switch(config)#int fa 0/1 Switch(config-if)#shutdown //close the port
(Check if the ping of PC1 is working)
PC1
ping -t 192.168.1.3 Reply
Check which is the root switch, which is the root port, and which is blocked.
Chapter X Basic Configuration of Routers
Experimental Objectives
Master several common router configuration methods;
Master the method of configuring router with Console cable;
Master the method of configuring the router in Telnet mode;
Familiarize yourself with the different command line operation modes of the router and the switching between them.
Master the basic configuration commands of the router;
Experimental Background
You are the new network administrator of a company. The company requires you to be familiar with network products. First, you are required to log on to the router and understand and master the command line operation of the router.
As a network administrator, after you have initially configured your router in the device room for the first time, you want to manage your device remotely in the office or on business. Now you need to configure your router appropriately.
Technical Principles
Routers are managed in two basic ways: in-band management and out-of-band management. Managing a router through the router's Console port is out-of-band management and does not occupy the router's network interface. It is characterized by the need for configuration cables and close configurations. The Console port must be used for the first configuration.
Experimental steps
New packet tracer topology
(1) Use standard Console cables to connect the serial port of the computer to the Console port of the router. Enabling a SuperTerminal on a computer and configuring the parameters of the SuperTerminal is the connection between the computer and the router through the Console interface.
(2) Configure the managed IP address of the router and the user name and login password for Telnet users. Configure the IP address of the computer (in the same network segment as the router management IP address), connect the computer to the router through the network cable, and view the switches on the router through the computer Telnet;
(3) Change the host name of the router;
(4) Erase configuration information. Save configuration information, display configuration information;
(5) Display current configuration information;
(6) Display historical commands.
Experimental equipment
Router_ 28111; PC 1; Crossing lines; Configuration Line
Description: Crosslines: Router to computer Router to switch
Direct connection: computer is connected to switch
PC
IP: 192.168.1.2
submask: 255.255.255.0
Gageway:192.168.1.1
Router (no need to do)
Graphical: interface open FastEthernet0/0 port Command line: rip View: router rip; osfp view:router osfp 1
PC terminal
Router>en Router #conf t Router (config)#hostname R1 R1(config)#enable secret 123456 //set privileged mode password R1(config)#exit R1#exit R1>en password:Enter the password at this time, it will not be displayed R1#conf t R1(config)# line vty 0 4 //Set telnet remote login password R1(config- line)#password 5ijsj R1(config- line)# login R1(config- line)#exit R1(config)#interface fa 0/0 // Enter port 0 of Router 0 module R1(config-if)#ip address 192.168.1.1 255.255.255.0 //The port is configured with the appropriate IP address and subnet mask R1(config-if)#no shut //open port R1(config-if)#end
PC CMD
Ipconfig /a //View local TCP/IP configuration (IP address, subnet mask, gateway, MAC address) ping 192.168.1.1 telnet 192.168.1.1 //Log on to the router remotely password:5ijsj //Enter telnet password en password:123456 //Enter Privileged Mode Password show running //Show current router configuration
Chapter 11 Router One-arm Routing Configuration
Experimental Objectives
Master the configuration method of one-arm router; Different via one-arm router VLAN Communicate with each other;
Experimental Background
An enterprise has two main departments, technical department and sales department, which are in different offices. For safety and easy management, the host of the two departments is carried out VLAN The division of technology and sales is different VLAN. Now because the business needs require that the Hosts of Sales and Technology can access each other and obtain the corresponding resources, the switches of the two departments are connected through a router.
Technical Principles
One-arm routing: for implementation VLAN A three-layer network device router for inter-communication, which requires only one Ethernet and can take care of all by creating subinterfaces VLAN Gateways, but in different VLAN Forward data between.
Experimental steps
Newly build packer tracer Topology Diagram When switch set up two VLAN Logically, they are already two networks, and broadcasts are isolated. Two VLAN A network must communicate through a router. If it connects to a physical port of the router, it must have two subinterfaces and two subinterfaces. VLAN Corresponding and also requiring the port of the switch connected to the router fa 0/1 To set to trunk,Because this interface passes through two VLAN Packets. Check the settings and you should be able to see them correctly VLAN and Trunk Information. The gateways of the computer point to the subinterfaces of the router. Configure subinterfaces to turn on router physical interfaces. Default encapsulation dot1q Agreement. Configure Router Subinterface IP Address.
Experimental equipment
PC 2; Router_ 28111; Switch_ 29601 units
PC1
IP: 192.168.1.2
submask: 255.255.255.0
Gageway:192.168.1.1
PC2
IP: 192.168.2.2
submask: 255.255.255.0
Gageway:192.168.2.1
PC1 Ping PC2
Ping 192.168.2.2 timeout
Switch
en conf t VLAN 2 exit VLAN 3 exit interface fastEthernet 0/2 //Enter port 2 of switch 0 module switchport access VLAN 2 //Join VLAN 2 exit int fa 0/3 //Enter port 3 of switch 0 module switchport access VLAN 3 //Join VLAN 3 exit int fa 0/1 //Enter port 1 of switch 0 module switchport mode trunk //Set the working mode of the port to trunk
Router
en conf t int fa 0/0 //Enter port 0 of Router 0 module no shutdown //Open this port exit interface fast 0/0.1 //Enter Port 0, Subinterface 1 of Router 0 Module encapsulation dot1Q 2 //Encapsulation protocol set to dot1q allows VLAN s of 2 ip address 192.168.1.1 255.255.255.0 //The subinterface is configured with an IP address of 192.168.1.1 exit int fa 0/0.2 //Enter Port 0 Subinterface 2 of Router 0 Module encapsulation dot1q 3 //Encapsulation protocol set to dot1q allows passing VLAN s of 3 ip address 192.168.2.1 255.255.255.0 //The subinterface is configured with an IP address of 192.168.2.1 end show ip route
PC1 Ping PC2
Ping 192.168.2.2 Reply
Chapter 12 Router Static Routing Configuration
Experimental Objectives
Master the configuration methods and techniques of static routing;
Master the connectivity of the network through static routing;
Familiarize yourself with WAN cable linking;
Experimental Background
The school has two new and old school districts, each of which is a separate local area network, so that the new and old school districts can communicate with each other and share resources. Each school district outlet is connected by a router, and one school between two routers applies for a 2 M Of DDN Special lines are connected, requiring proper configuration for normal mutual access between the two campuses.
Technical Principles
A router is a network layer device that can select the best path to forward packets based on the IP header information. Implement mutual access between hosts in different network segments. Routers routing and forwarding are based on routing tables. Routing table is composed of one route information.
There are two main ways to generate routing tables: manual configuration and dynamic configuration, that is, static and dynamic routing protocol configuration.
Static routing refers to routing information that has been manually configured by the network administrator.
In addition to the advantages of simplicity, efficiency and reliability, static routing also has the advantage of high network security and confidentiality.
The default route can be seen as a special case of static routing. When the data is looking for a routing table and no route table entry matches the target is found, specify a route for the data.
Experimental steps
New packet tracer topology
(1) Configure the IP address of the interface on router R1 and R2 and the clock frequency on the R1 serial port;
(2) View the direct connection routes generated by the router;
(3) Configure static routes on routers R1 and R2;
(4) Verify the static routing configuration on R1 and R2;
(5) Set the default Gateway of PC1 and PC2 hosts as IP addresses of router interface fa 1/0 respectively;
(6) PC1 and PC2 hosts can communicate with each other;
Experimental equipment
pc 2 Taiwan; Router-PT Extensible Route 2 ( Switch_2811 nothing V.35 Line connection; Switch_2960 2 Taiwan; DCE Serial line; Direct connection; Crossing Line
PC1
IP: 192.168.1.2 submask: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.2.2 submask: 255.255.255.0 Gateway: 192.168.2.1
PC1 ping PC2
Ping 192.168.2.2 timeout
R1
en conf t hostname R1 int fa 1/0 no shut ip address 192.168.1.1 255.255.255.0 exit int serial 2/0 ip address 192.168.3.1 255.255.255.0 clock rate 64000(Clock must be configured to communicate)
no shut
end
R2
en conf t hostname R2 int fa 1/0 ip address 192.168.2.1 255.255.255.0
no shut
exit int serial 2/0 ip address 192.168.3.2 255.255.255.0 no shut end
R1
en conf t ip route 192.168.2.0 255.255.255.0 192.168.3.2 end show ip route
R2
en conf t ip route 192.168.1.0 255.255.255.0 192.168.3.1 end show ip route
PC1 Ping PC2
Ping 192.168.2.2 Reply
Chapter 13 Router RIP Dynamic Routing Configuration
Experimental purpose
Master the configuration method of RIP protocol:
Master the routing generated by learning through the dynamic routing protocol RIP;
Familiarize yourself with WAN cable linking;
Experimental Background
Suppose the campus network is connected to the campus network exit router through a three-layer switch, and the router is connected to another router outside the campus. It is necessary to configure properly to achieve the communication between the internal host and the external host of the campus network. In order to simplify the management and maintenance of network management, the school decided to adopt RIPV2 Protocol to achieve interoperability.
Technical Principles
RIP (Routing Information Protocols) is an earlier and more common IGP internal network management protocol, which is used in small similar networks and is a distance vector protocol.
When RIP protocol hops are used as a measure of path cost, the maximum number of hops specified in RIP protocol is 15.
RIP protocol has two versions: RIPv1 and RIPv2. RIPv1 belongs to class routing protocol and does not support V SM. It updates routing information in broadcast form with a 30-second update cycle. RIPv2 is a Classless routing protocol that supports V SM and provides finer routing in the form of multicast.
Experimental steps
Building a packet tracer topology
(1) In this experiment, VLAN10 and VLAN20 are divided on the three-tier switches, where VLAN10 is used to connect the campus network host and VLAN20 is used to connect R1.
(2) Routers are connected through a V.35 cable through a serial port, and DCE ends are connected on R1 to configure its clock frequency of 64000.
(3) Hosts and switches are connected directly, and hosts and routers are connected by cross-lines.
(4) Configure RIPV2 routing protocol on S3560.
(5) Configure RIPV2 routing protocol on routers R1 and R2.
(6) Set the default Gateway of PC1 and PC2 hosts to the IP address of the interface with the directly connected network device.
(7) Verify that PC1 and PC2 hosts can trust each other;
Experimental equipment
PC 2; Switch_ 35601; Router-PT 2; Direct connection; Crossing lines; DCE Serial Line
PC1
IP: 192.168.1.2 submask: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.2.2 submask: 255.255.255.0 Gateway: 192.168.2.1
S3560
en conf t hostname S3560 VLAN 10 exit VLAN 20 exit interface fa 0/10 switchport access VLAN 10 exit interface fa 0/20 switchport access vlan 20 exit end show VLAN conf t interface VLAN 10 ip address 192.168.1.1 255.255.255.0 no shutdown exit interface VLAN 20 ip address 192.168.3.1 255.255.255.0 no shutdown end show ip route show runing conf t router rip network 192.168.1.0 network 192.168.3.0 version 2 end show ip route
R1
en conf t hostname R1 interface fa 0/0 no shutdown ip address 192.168.3.2 255.255.255.0 exit interface serial 2/0 no shutdown ip address 192.168.4.1 255.255.255.0 clock rate 64000 end show ip route conf t router rip network 192.168.3.0 network 192.168.4.0 version 2 exit
R2
en conf t hostname R2 interface fa 0/0 no shutdown ip address 192.168.2.1 255.255.255.0 exit interface serial 2/0 no shutdown ip address 192.168.4.2 255.255.255.0 end show ip route conf t router rip network 192.168.2.0 netword 192.168.4.0 version 2 end
PC1 Ping PC2
Ping 192.168.2.2 Reply
Chapter 14 Router OSPF Dynamic Routing Configuration
Experimental purpose
Master how to configure the OSPF protocol:
Master the routing generated by learning through the dynamic routing protocol OSPF;
Familiarize yourself with WAN cable linking;
Experimental Background
Suppose the campus network is connected to the campus network exit router through a three-layer switch, and the router is connected to another router outside the campus. It is necessary to configure properly to achieve the communication between the internal host and the external host of the campus network. In order to simplify the management and maintenance of network management, the school decided to adopt OSPF Protocol to achieve interoperability.
Technical Principles
OSPF open shortest path priority protocol is one of the most widely used routing protocols in the network. It belongs to the internal network management routing protocol and can adapt to various sizes of network environment. It is a typical link state protocol. The OSPF routing protocol makes each device in the network synchronize a database with the link state of the whole network by diffusing the link state information of the device to the whole network. Then the router uses the SPF algorithm to calculate the shortest path to other networks based on itself, and finally forms the whole network routing information.
Experimental steps
New packet tracer topology
(1) In this experiment, VLAN10 and VLAN20 are divided on the three-tier switches, where VLAN10 is used to connect the campus network host and VLAN20 is used to connect R1.
(2) Routers are connected through a V35 cable through a serial port, DCE ends are connected on R1, and their clock frequency is configured at 64000.
(3) Hosts and switches are connected directly, and hosts and routers are connected by cross-lines.
(4) Configure OSPF routing protocol on S3560.
(5) Configure OSPF routing protocol on routers R1 and R2.
(6) Set the default Gateway of PC1 and PC2 hosts to the IP address of the interface with the directly connected network device.
(7) Verify that PC1 and PC2 hosts can trust each other;
Experimental equipment
PC 2; Switch_ 35601; Router-PT 2; Direct connection; Crossing lines; DCE Serial Line
PC1
IP: 192.168.1.2 submask: 255.255.255.0 Gateway: 192.168.1.1
PC2
IP: 192.168.2.2 submask: 255.255.255.0 Gateway: 192.168.2.1
S3560
en conf t hostname S3569 VLAN 10 exit VLAN 20 interface fa 0/10 switchport access VLAN 10 exit int fa 0/20 switchport access vlan 20 exit interface vlan 10 ip address 192.168.1.1 255.255.255.0 no shutdown exit interface VLAN 20 ip address 192.168.3.1 255.255.255.0 no shutdown end show ip route conf t router ospf 1 network 192.168.1.0 0.0.0.255 area 0 network 192.168.3.0 0.0.0.255 area 0 end show ip route
R1
en conf t hostname R1 interface fa 0/0 no shutdown ip address 192.168.3.2 255.255.255.0 exit interface serial 2/0 no shutdown clock rate 64000 ip address 192.168.4.1 255.255.255.0 end show ip route conf t router ospf 1 network 192.168.3.0 0.0.0.255 area 0 network 192.168.4.0 0.0.0.255 area 0 end show ip route
R2
en conf t hostname R2 interface fa 0/0 no shutdown ip address 192.168.2.1 255.255.255.0 exit interface serial 2/0 no shutdown ip address 192.168.4.2 255.255.255.0 end show ip route conf t router ospf 1 network 192.168.2.0 0.0.0.255 area 0 network 192.168.4.0 0.0.0.255 area 0 end show ip route
Chapter 15 Router Integrated Routing Configuration
Experimental Objectives
Master the configuration method of the integrated router; Master the view of routes generated by route redistribution learning; Familiarize yourself with WAN cable linking;
Experimental Background
Suppose a company connects to its export router through a three-tier switch R1 Up, Router R1 And another router outside the company R2 Connect. Layer 3 switches and R1 Inter-run RIPV2 Routing protocol, R1 and R2 Inter-run OSPF Routing protocol. It is necessary to configure properly to achieve the communication between internal and external hosts.
Technical Principles
In order to support the device to run multiple routing protocol processes, the system software provides the ability to redistribute routing information from one routing process to another. For example, you can put OSPF Routing Pass High after Redistribution in Routing Domain RIP In a routing domain, you can also add RIP Notify to routing domain after route redistribution OSPF In the routing domain. Routes can be redistributed across all IP Routing between protocols.
To distribute routes from one routing domain to another and control route redistribution, execute the following commands in the routing process configuration mode:
redistribute Protocol [metric metric][metric-type metric-type][match interna |external type|nssa-external type][tag tag][route-map route-map-name][subnets]
Experimental steps
Newly build Packet Tracer Topology Diagram (1)PC Connect directly with the switch; PC Connect with routes, routes, and routes by crossing lines. (2)Divide two on three levels VLAN,Function RIPV2 Agreement; R2 Function OSPF Agreement. (5)On router R1 Top Left Configuration RIPV2 Routing protocol; Right Configuration OSPF Agreement. (6)stay R1 External routes are introduced in the routing process for route redistribution. (7)take PC1,PC2 Host Default Gateway Set to Interface with Direct Network Devices IP Address. (8)Verification PC1,PC2 Hosts can communicate with each other;
Experimental equipment
Router_1841 2; Switch_ 35601; Straight line; Crossing Line
PC0
IP: 192.168.1.2 submask: 255.255.255.0 Gageway: 192.168.1.1
PC1
IP: 192.168.4.2 submask: 255.255.255.0 Gageway: 192.168.4.1
Switch0
en conf t VLAN 2 exit int fa 0/10 switchport access VLAN 2 exit int VLAN 1 ip address 192.168.1.1 255.255.255.0 no shutdown exit int VLAN 2 ip address 192.168.2.1 225.255.255.0 no shutdown end show int VLAN 1 conf t router rip network 192.168.1.0 network 192.168.2.0 version 2
Router0
en conf t host R1 inf fa 0/0 ip address 192.168.2.2 255.255.255.0 no shutdown int fa 0/1 ip address 192.168.3.1 255.255.255.0 no shutdown exit router rip network 192.168.2.0 version 2 router ospf 1 network 192.168.3.0 0.0.0.255 area 0
Route1
en conf t host R2 int fa 0/1 ip address 192.168.3.2 255.255.255.0 no shutdown int fa 0/0 ip address 192.168.4.1 255.255.255.0 no shutdown exit router ospf 1 network 192.168.3.0 0.0.0.255 area 0 network 192.168.4.0 0.0.0.255 area 0 end show ip route
Router0
end show ip route show run show ip route ping 192.168.1.2 (success) ping 192.168.4.2 (success)
PC0
ping 192.168.4.2 (RepLay form 192.168.1.1: Destination host unreachable)
Switch_3560
show ip rout (There are only two direct-connect routes)
Router0
conf t router rip redistribute ospf 1 exit router ospf 1 redistribute rip subnets end
Router1
show ip route
PC0
ping 192.168.4.2 (RepLay form 192.168.4.2: byes=32 time=125ms TT =125)
Note: This example works well on Packet Tracer 5.2. Switch0 cannot learn routing information from 192.168.3.0 and 192.168.4.0 on Packet Tracer 5.3. Switch0 needs to specify static routing for Switch0: IP route 0.0.0.0.0 192.168.2.2
Chapter 16 Configuration of Standard IP Access Control Lists
Experimental Objectives
Understanding standards IP The principle and function of access control list; Master Numbering Standards IP Configuration method of access control list;
Experimental Background
You are the network administrator of the company. The managers, finance departments and sales departments of the company belong to three different network segments. Routers are used to transfer information between the three departments. For security reasons, the company's leadership requires that the sales department cannot access the finance department, but the management department can access the finance department. PC1 On behalf of the manager's host, PC2 On behalf of the sales department, PC3 Represents the host of the Finance Department.
Technical Principles
ACLs All of them are called access control lists ( Access Control Lists),Also known as access control list ( Access Lists),Firewall, also known as package filtering in some documents. ACLs Controls data packets on network device interfaces by defining rules that allow them to be passed or discarded, thereby improving network manageability and security; IP AC There are two types: standard IP Access lists and extensions IP Access list, numbered range 1~99,1300~1999,100~199,2000~2699; standard IP Access control lists can be based on the source of the packet IP Address definition rules to filter data packets; extend IP The access list can be based on the origin of the packet IP,objective IP,Source Port, Destination Port, Protocol to define rules for data packet filtering; IP AC Rule application based on interface is divided into stack application and stack application.
Experimental steps
Newly build Packet Tracer Topology Diagram (1)Pass Between Routers V.35 Cables are connected through a serial port. DCE End connected at R1 On, configure its clock frequency 64000; the host and router are connected via crosslines. (2)Configure Router Interface IP Address. (3)Configure the static routing protocol on the router to allow three PC Able to interact with each other Ping This is because party control lists are only involved if they are interconnected. (4)stay R1 Numbered above IP Standard Access Control (5)Standardize IP Access control is applied to interfaces. (6)Verify interoperability between hosts.
Experimental equipment
PC 3; Router-PT 2; Crossing line; DCE serial line;
PC0
IP: 172.16.1.2 submask: 255.255.255.0 Gageway: 172.16.1.1
PC1
IP: 172.16.2.2 submask: 255.255.255.0 Gageway: 172.16.2.1
PC2
IP: 172.16.4.2 submask: 255.255.255.0 Gageway: 172.16.4.1
Router0
en conf t host R0 int fa 0/0 ip address 172.16.1.1 255.255.255.0 no shutdown int fa 1/0 ip address 172.16.2.1 255.255.255.0 no shutdown int s 2/0 ip address 172.16.3.1 255.255.255.0 no shutdown clock rate 64000
Router1
en conf t host R1 int s 2/0 ip address 172.16.3.2 255.255.255.0 no shutdown int fa 0/0 ip address 172.16.4.1 255.255.255.0 no shutdown
Router0
exit ip route 172.16.4.0 255.255.255.0 172.16.3.2
Router1
exit ip route 0.0.0.0 0.0.0.0 172.16.3.1 end show ip route
PC0
ping 172.16.4.2 (success)
PC1
ping 172.16.4.2 (success)
Router0
ip access- list standard 5ijsj permit 172.16.1.0 0.0.0.255 deny 172.16.2.0 0.0.0.255 (If there is one above permit Follow one by default deny,So this command is not writable) conf t int s 2/0 ip access-group 5ijsj out end
PC0
ping 172.16.4.2 (success)
PC1
ping 172.16.4.2 (Replay from 172.16.2.1: Destination host unreachable)
Chapter 17 Extended IP Access Control List Configuration
Experimental Objectives
Understanding standards IP The principle and function of access control list; Master Numbering Standards IP Configuration method of access control list;
Experimental Background
You are the network administrator of the company. The managers, finance departments and sales departments of the company belong to three different network segments. Routers are used to transfer information between the three departments. For security reasons, the company's leadership requires that the sales department cannot access the finance department, but the management department can access the finance department. PC1 On behalf of the manager's host, PC2 On behalf of the sales department, PC3 Represents the host of the Finance Department.
Technical Principles
The typical rules defined in the access list are as follows: source address, destination address, upper level protocol, time zone;
extend IP Access List (No. 100)-199,2000,2699)Use these four combinations for forwarding or blocking grouping; based on the source of the packet IP,objective IP,Source Port, Destination Port, Protocol to define rules for data packet filtering.
extend IP The configuration of the access list includes the following two parts:
Define Extensions IP Access List
Will expand IP Access lists apply to specific interfaces
Experimental steps
Newly build Packet Tracer Topology Diagram (1)Branch export router passes between external router V.35 Cable serial connection, DCE End connected at R2 On, configure its clock frequency 64000; Host and router are connected via crossover lines. (2)To configure PC Machine, Server and Router Interfaces IP Address. (3)Configure a static routing protocol on each router to allow PC Mutual energy ping This is because access control lists are only involved if they are interconnected. (4)stay R2 Upper Configuration Numbered IP Extended access control list. (5)Will expand IP Access lists are applied to interfaces,. (6)Verify interoperability between hosts.
Experimental equipment
PC 1; Server-PT 1; Router-PT 3; Crossing lines; DCE Serial Line
PC0
IP: 172.16.1.2 submask: 255.255.255.0 Gateway: 172.16.1.1
Server0
IP: 172.16.4.2 submask: 255.255.255.0 Gateway: 172.16.4.1
Router0
en conf t host R0 int fa 0/0 ip address 172.16.1.1 255.255.255.0 no shutdown int fa 1/0 ip address 172.16.2.1 255.255.255.0 no shutdown exit
Router1
en conf t host R1 int fa 1/0 ip address 172.16.2.2 255.255.255.0 no shutdown int s 2/0 ip address 172.16.3.1 255.255.255.0 no shutdown clock rate 64000
Router2
en conf t host R2 int s 2/0 ip address 172.16.3.2 255.255.255.0 no shutdown int fa 0/0 ip address 172.16.4.1 255.255.255.0 no shutdown
Router0
ip route 0.0.0.0 0.0.0.0 172.16.2.2
Router2
exit ip route 0.0.0.0 0.0.0.0 172.16.3.1
Router1
eixt ip route 172.16.1.0 255.255.255.0 172.16.2.1 ip route 172.16.4.0 255.255.255.0 172.16.3.2 end show ip route
PC0
ping 172.16.4.2(success) Web Browser: http://172.16.4.2(success)
Router1
conf t access- list 100 permit tcp host 172.16.1.2 host 172.16.4.2 eq www access- lint 100 deny icmp host 172.16.1.2 host 172.16.4.2 echo int s 2/0 ip access-group 100 out end
PC0
Web Browser: http://172.16.4.2(success) ping 172.16.4.2(Reply from 172.16.2.2: Destination host unreachable)
Chapter 18 NAT Configuration for Network Address Translation
Experimental Objectives
Understand NAT The principle and function of network address translation; Master Static NAT Configuration for LAN access to the Internet;
Experimental Background
You're the network administrator for a company that wants to publish WWW Service. Intranet is now required Web The server IP Address Mapping to Global IP Address to enable external network access within the company Web The server.
Technical Principles
Network Address Translation NAT(Network Address Trans ation),Widely used in various types Internet Access modes and various types of networks. The reason is simple. NAT Not only perfectly solved IP The problem of insufficient addresses can also effectively prevent attacks from outside the network, hide and protect computers inside the network.
By default, internal IP Address cannot be routed to external network, internal host 10.1.1.1 To be external Internet Signal communication, IP Packet arrival NAT When router, IP Source address of header 10.1.1.1 Replaced with a legitimate external network IP,And NAT This record is saved in the forwarding table. When an external host sends an answer to the intranet, NAT When the router receives, check the current NAT Convert tables, using 10.1.1.1 Replace this external address.
NAT The network is divided into internal and external networks, which are used by LAN hosts NAT When accessing a network, the local address inside the LAN is converted to a global address (Internet is legal) IP Address) Forward the packet;
NAT There are two types: NAT(Network Address Translation) and NAPT(Network Port Address Translation IP Address corresponds to a global address).
static state NAT: Implement one-to-one mapping of internal and external addresses. In reality, they are generally used for servers;
dynamic NAT: Define an address pool, map automatically, and be one-to-one. In reality, it is used less;
NAPT: Mapping multiple intranets using different ports IP Address to a specified external network IP Address, many-to-one.
Experimental steps
Newly build Packet Tracer Topology Diagram (1)R1 Export routers for companies that pass between them and external routers V.35 Cable serial connection, DCE End connected at R1 On, configure its clock frequency 64000; (2)To configure PC Machine, Server and Router Interfaces IP Address; (3)Configure a static routing protocol on each router to allow PC Mutual energy Ping Tong; (4)stay R1 Configure Static on NAT. (5)stay R1 Define the internal and external network interfaces on the. (6)Verify interoperability between hosts.
Experimental equipment
PC 1 Taiwan; Server-PT 1 Taiwan; Switch_2950-24 1 Taiwan; Router-PT 2 Taiwan; Direct connection; Crossing lines; DCE null modem cable
Server-PT
192.168.1.2 255.255.255.0 192.168.1.1
PC0
222.0.2.2 255.255.255.0 222.0.2.1
Router0
en conf t host R0 int fa 0/0 ip address 192.168.1.1 255.255.255.0 no shutdown int s 2/0 ip address 222.0.1.1 255.255.255.0 no shutdown clock rate 64000
Router1
en conf t host R1 int s 2/0 ip address 222.0.1.2 255.255.255.0 no shut int fa 0/0 ip address 222.0.2.1 255.255.255.0 no shutdown
Router0
exit; ip route 222.0.2.0 255.255.255.0 222.0.1.2
Router1
exit ip route 192.168.1.0 255.255.255.0 222.0.1.1 end show ip route
PC0
CMD
ping 192.168.1.2 (success)
Web Browser
http://192.168.1.2 (success)
Router0
int fa 0/0 ip nat inside int s 2/0 ip nat outside exit ip nat inside source static 192.168.1.2 222.0.1.3 end show ip nat translations
PC0
Web Browser
http://222.0.1.3 (success)
Router0
show ip nat translations
Chapter 19 Configuration of NAPT for Network Port Address Translation
Experimental purpose
Understand NAT The principle and function of network address translation; master NAPT Configuration for LAN access to the Internet;
Experimental Background
You are the network administrator of a company. The company's office network needs access to the Internet. The company only provides Internet access to ISP A private line has been applied for which a company has been assigned IP Address, Configuration enables company-wide host access to the external network.
Technical Principles
NAT The network is divided into internal and external networks, which are used by LAN hosts NAT When accessing a network, the local address inside the LAN is converted to a global address (Internet is legal) IP Address) Forward the packet;
NAT There are two types: NAT(Network Address Translation) and NAPT(Network Port Address Translation IP Address corresponds to a global address).
NAPT: Mapping multiple intranets using different ports IP Address to a specified external network IP Address, many-to-one.
NAPT Port multiplexing is used. All hosts of the internal network can share a legitimate external IP Address implementation pairs Internet To maximize savings IP Address resources. At the same time, it can hide all the hosts inside the network, effectively avoiding from Internet Attacks by. Therefore, port multiplexing is the most widely used method in network.
Experimental steps
Newly build Packet Tracer Topology Diagram (1)R1 Export routers for your company, and ISP Pass Between Routers V.35 Cable serial connection, DCE End connected at R1 On, configure its clock frequency 64000; (2)To configure PC Machine, Server and Router Interfaces IP Address; (3)Configure a static routing protocol on each router to allow PC Mutual energy Ping Tong; (4)stay R1 Upper Configuration NAPT. (5)stay R1 Define the internal and external network interfaces on the. (6)Verify interoperability between hosts.
Experimental equipment
PC 2; Server-PT 1; Switch_ 2950-241 Router-PT 2; Straight line; Crossing lines; DCE Serial Line
PC1
192.168.1.2 255.255.255.0 192.168.1.1
PC2
192.168.1.3 255.255.255.0 192.168.1.1
Server
200.1.2.2 255.255.255.0 200.1.2.1
Router0
en conf t host R0 int fa 0/0 ip address 192.168.1.1 255.255.255.0 no shutdown int s 2/0 ip address 200.1.1.1 255.255.255.0 no shutdown clock rate 64000
Router1
en conf t host R1 int s 2/0 ip address 200.1.1.2 255.255.255.0 no shutdown int fa 0/0 ip address 200.1.2.1 255.255.255.0 no shutdown
Router0
exit ip route 200.1.2.0 255.255.255.0 200.1.1.2
Router1
exit ip route 192.168.1.0 255.255.255.0 200.1.1.1 end show ip route
PC1
CMD
ping 200.1.2.2 (success)
Web Browser
http://200.1.2.2 (success)
Router0
int fa 0/0 ip nat inside int s 2/0 ip nat outside exit access- list 1 permit 192.168.1.0 0.0.0.255 ip nat poo 5ijsj 200.1.1.3 200.1.1.3 netmask 255.255.255.0 ip nat inside source list 1 poo 5ijsj overload (nothing overload Represents many-to-many, has overload Represents many-to-one) end show ip nat translations(No result)
PC1
Web Browser
http://200.1.2.2 (success)
Router0
show ip nat translations(1 Result)
PC2
Web Browser
http://200.1.2.2 (success)
Router0
show ip nat translations(There are two results)
Chapter 20 Port Security of Switches
Experimental purpose
Master the port security function of the switch and control the user's secure access.
Background description
You are the network administrator of a company that requires strict control over the network. To prevent IP from users within the company
Address conflict to prevent network attacks and vandalism within the company. Each employee is assigned a fixed IP address, and
The restriction only allows employee hosts to use the network and not connect to other hosts at will. For example, an employee's assigned
The IP address is 172.16.1.55/24 and the host MAC address is 00-06-1B-DE-13-B4. The host is connected to an S3560
Above.
Implement functionality
Configure a maximum number of connections of 1 for all ports of the switch and IP+MAC address binding for the interface of the PC1 host
Fixed.
Experimental equipment
S3650 Switch (1), PC (1), Direct Connection Line (1)
Experimental Topology
Experimental steps
Configure the maximum number of connections for a switch port.
Switch#configure termina
Switch(config)#interface range fastethernet 0/3! Configuration mode for port 3 of module 0
Switch(config-if)#switchport port-security
Turn on port security for switches
Switch(config-if)#switchport port-secruity maximum 1
Maximum number of connections for configuration port is 1
Switch(config-if)#switchport port-secruity violation shutdown
! Configure how security violations are handled as shutdown
Verification test: View the port security configuration of the switch.
Switch#show port-security
Secure Port MaxSecureAddr(count) CurrentAddr(count) Security Action
Fa0/1 1 0 protected
Fa0/2 1 0 protected
Fa0/3 1 0 Shutdown
Fa0/4 1 0 protected
Fa0/5 1 0 protected
Configure the address binding for the switch port.
View IP and MAC address information for the host
Open the CMD command prompt window on the host and execute the ipconfig/a command.
Configure address binding for switch ports
Switch#configure termina
Switch(config)#interface f astethernet 0/3
Switch(config-if)#switchport port-security
Switch (config-if) #switchport-security mac-address 0006.1bde.13b4 IP-address 172.16.1.55! Configure binding of IP address and MAC address
Validation test: View address security binding configuration.
Switch#show port-security address
VLAN Mac Address IP Address Type Port Remaining Age(mins)
1 0006.1bde.13b4 17 2.16.1.55 Confi gured Fa0/3
EIGRP Dynamic Routing
Router0:
Router0#show run Bui ding configuration... Current configuration :
ip dhcp poo 1
network 192.168.2.0 255.255.255.0 defau t-router 192.168.2.1 dns-server 10.10.1.1 !
interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface Serial 2/0 ip address 192.168.1.2 255.255.255.0 !
router eigrp 2
network 192.168.2.0
network 192.168.1.0
auto-summary !
Router1: outer1#show run Bui ding configuration... Current configuration : ! !
interface Serial 2/0 ip address 192.168.1.3 255.255.255.0 !
interface Serial 3/0 ip address 172.16.1.2 255.255.0.0
router eigrp 2
network 192.168.1.0 network 172.16.0.0 auto-summary !
Router2: Router2#show run Bui ding configuration... Current configuration :
ip dhcp poo 2 network 10.1.1.0 255.255.255.0 defau t-router 10.1.1.1 dns-server 10.10.1.1 interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
interface Serial 3/0 ip address 172.16.1.1 255.255.0.0 !!
router eigrp 2
network 172.16.0.0
network 10.1.1.0 0.0.0.255 auto-summary
Note: Router DHCP service, pc automatically gets the address eigrp network, which is a neighbor address segment
Sharp Swap DHCP Configuration:
Configure DHCP server
(config)#service dhcp -- turn on dhcp server functionality
(config)#ip dhcp ping packets 1 -- When DHCP server assigns IP, it first detects if the IP address to be assigned is already in use, assigns if it is not, and assigns the next IP if it is already in use
(config)#ip dhcp exc uded-address 192.168.2.1 192.168.2.10 -- Set exclusion address 192.168.2.1 to 192.168.2.10 Addresses are not assigned to clients (optional configuration)
(config)#ip dhcp pool test2 -- Create a new DHCP address pool named test2
(dhcp-config)# ease infinite -- Lease time set to permanent
(dhcp-config)#network 192.168.2.0 255.255.255.0 -- Address segment assigned to client
(dhcp-config)#dns-server 202.101.115.55 -- DNS assigned to client
(dhcp-config)#defau t-router 192.168.2.1 -- Gateway for client
(config)#exit
#write
VTP synchronization VLAN
Switch 0:
Switch(config)#interface f0/1
Switch(config-if)#switch mode trunk
Switch(config)#vtp mode server
Switch(config)#vtp domain ccnp
Switch(config)#vtp password ccnp
Switch(config)#vtp password ccnp
Switch(config)#VLAN 10
Switch(config-VLAN)#VLAN 20
Switch(config-VLAN)#VLAN 30 - Create multiple VLANs
Switch 1:
Switch(config)#interface f0/1
Switch(config-if)#switch mode trunk
Switch(config)#vtp mode c ient
Switch(config)#vtp domain ccnp
Switch(config)#vtp password ccnp
Switch(config)#vtp password ccnp
Switch# show VLAN - Verify VTP synchronization VLAN information
Show vtp status
SSH Configuration
-
Configure Domain Name
R1#conf t
R1(config)#ip domain-name cisco.com
R1(config)#2) Configuration Asymmetric Key
R1(config)#crypto key generate rsa Enter 1024 when prompted for key length. Note: The default is 512. 3) Configure login username and password for authentication
R1(config)#username admin password cisco 4) Configure SSH version
R1(config)#ip ssh version 2
- Configure SSH session maximum idle timeout value and SSH connection authentication retries
R1(config)#ip ssh time-out ?
<1-120> SSH time-out interva (secs)
R1(config)#ip ssh time-out 60 //Maximum idle time out: 60 seconds
R1(config)#ip ssh authentication-retries ?
<0-5> Number of authentication retries
R1(config)#ip ssh authentication-retries 2 //Authentication retries: 2
R1 (config)#6) disables Telnet on the VTY line and activates SSH.
R1(config)# line vty 0 4
R1 (config-line)#no transport input a //Disable all traffic
R1 (config-line)#transport input SSH //Allow SSH traffic
R1 (config-line)# login local // Require local authentication
Step 5: Repeat step 4 on R2 to configure SSH.
Step 6: Verify SSH configuration and run 1 on R1) Verify SSH version and other settings
R1#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 2
R1# 2) Verify SSH is running
R1#sh ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.