CCNP綜合實驗題

 

 

 實驗題:­

  1.在圖上顯示的所有設備上配置Hostname,enable密文密碼,所有vty密碼.Hostname如圖所示,密碼都爲     cisco.­

  2.確保交換機之間所有的端口都爲Trunk.­

  3.Core1,Core2爲VTP-server,SW1,SW2爲VTP-client,域名爲CCNP,創建VLAN10,VLAN20,VLAN30,VLAN40,­

  4.確保Core1與Core2其中一個爲VLAN1-500的根橋和VLAN501-1024的備份根橋,一個爲VLAN1-500備份根橋   和VLAN501-1024的根橋.­

  5.劃VLAN.PC1爲VLAN10,PC2爲VLAN20.SW0f0/1連PC1,SW1f0/1邊PC2.Gatewayf0/0爲    VLAN30,,gatewayF0/1爲VLAN40,­

  6.Core1與Core2兩個鏈路做二層etherchannel,用工業標準.只要求寫出配置文檔,暫時不配置到生產環境    中.­

  7.VLAN10的IP網段爲192.168.10.0/24,,VLAN20爲192.168.20.0/24­

  配置PC1的IP爲192.168.10.10/24,,網關爲192.168.10.100­

     PC2的IP爲192.168.20.20/24,,網關爲192.168.20.200­

  8.Core1起SVI口,­

  VLAN10:192.168.10.100,  VLAN20:192.168.20.100,VLAN30:192.168.30.100,VLAN40:192.168.40.100­

  Core2起SVI口,­

  VLAN10:192.168.10.200,VLAN20:192.168.20.200,,,VLAN30:192.168.30.200,VLAN40:192.168.40.200­

  9.Gateway S0/3/0與ISP-internet s0/3/0相連,­

  GatewayIP:S0/3/0-197.68.1.1/30­

          f0/0-192.168.30.30/24­

          f0/1-192.168.40.40/24­

  10.Gateway,Core1,Core起OSPF,宣告相應的網絡.使得Core1只與Gatewayf0/0建立鄰居,Core1只有一個  OSPF鄰居.Core2只與Gatewayf0/1建立鄰居,Core2只有一個鄰居.Core1與Core2之間不需要建立OSPF鄰  居.Gateway的鄰居表中只有兩個鄰居.­

  Gateway:Loopback0:3.3.3.3/32,宣告該網絡,也作爲ospf router-id­

  Core1:Loopback0:1.1.1.1/32,宣告該網絡,也作爲ospf router-id­

  Core2:Loopback0:2.2.2.2/32,宣告該網絡,也作爲ospf router-id­

  確保PC1,PC2能ping通gateway3.3.3.3.­

  11:SW1與SW2上只能配上192.168.1.0/24網段的管理IP,通過一定的配置,使PC能登錄到這兩個交換機上.­

  SW1管理IP:192.168.1.10­

  SW2管理IP:192.168.1.20­

  12.學校購買了公網地址.198.1.1.1-198.1.1.10,,28位.ISP路由器上有loopback口9.9.9.9/32­

  在Gateway上做NAT,­

  使得VLAN10裏IP地址爲16以下奇數的用戶只能複用198.1.1.1-198.1.1.5作爲源地址去訪問外網9.9.9.9­

  使得VLAN20裏IP地址爲32以下(包括32)所有用戶只能複用198.1.1.6-198.1.1.10作爲源地址去訪問外網    9.9.9.9­

  13.在SW1上配置.使得F0/1的端口只能接入PC1,否則自動關閉端口.­

  14.配置HSRP.只要求寫出配置,(可以使用dynamips查命令)­

  core1爲VLAN10的主網關,Vlan20的備份網關­

  core2爲VLAN20的主網關,VLAN10的備份網關.­

  15.只要求寫出配置.在gateway上建立兩個帳啓用用於管理,當PC用戶登錄到gateway時,輸入不同的用戶會   擁有不同的權限.­

  一個是超級用戶:level:15,,,,username:admin,password:admin,,­

  一個是受限用戶:level:0,,,,,username:user,password:user,,並具有查看路由表的權限.­

 

答案：

 

1、
enable
conf t
host **
no ip domain-lo
lin con 0
exec-ti 0 0
logg syn
exit
enable secret cisco
lin vty 0 *
password cisco

2、 switchport mode trunk

3、
core1:
enable
vlan database
vlan 10
vlan 20
vlan 30
vlan 40
vtp server
vtp domain CCNP

core2:
enable
vlan database
vtp server
vtp domain CCNP

SW1/SW2:
enable
vlan database
vtp client
vtp domain CCNP

4、
core1:
spanning-tree vlan 1-500 root primary
spanning-tree vlan 501-1024 root secondary

core2:
spanning-tree vlan 1-500 root secondary  
spanning-tree vlan 501-1024 root primary

5、
switchport mode access
switchport access vlan **

6、
int range f0/2 - 3
channel-group 1 mode on
switchport mode trunk
int int port-channel 1
switchport mode trunk

7、PC直接配置

8、
core1:
interface Vlan10
ip address 192.168.10.100 255.255.255.0
interface Vlan20
ip address 192.168.20.100 255.255.255.0
interface Vlan30
ip address 192.168.30.100 255.255.255.0
interface Vlan40
ip address 192.168.40.100 255.255.255.0

core2:
interface Vlan10
ip address 192.168.10.200 255.255.255.0
interface Vlan20
ip address 192.168.20.200 255.255.255.0
interface Vlan30
ip address 192.168.30.200 255.255.255.0
interface Vlan40
ip address 192.168.40.200 255.255.255.0

9、
Gateway:
enable
conf t
int s0/3/0
ip add 197.68.1.1 255.255.255.252
no sh
int f0/0
ip add 192.168.30.30 255.255.255.0
no sh
int f0/1
ip add 192.168.40.40 255.255.255.0
no sh

10、
gateway :
router ospf 100
router-id 3.3.3.3
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 3.3.3.3 0.0.0.0 area 0

core1：
router ospf 100
router-id 1.1.1.1
redistribute connected subnets
network 192.168.30.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0

core2：
router ospf 100
router-id 2.2.2.2
redistribute connected subnets
network 192.168.40.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0

11、
core1:
int vlan 1
ip add 192.168.1.100 255.255.255.0
no sh

core2:
int vlan 1
ip add 192.168.1.200 255.255.255.0
no sh

sw1:
int vlan 1
ip add 192.168.1.10 255.255.255.0
no sh
ip default-gateway 192.168.10.100

sw2:
int vlan 1
ip add 192.168.1.20 255.255.255.0
no sh
ip default-gateway 192.168.10.200

12、
Gateway:
enable
conf t
int s0/3/0
ip nat outside
int f0/0
ip nat inside
int f0/1
ip nat inside
exit
router ospf 100
default-information originate
exit
ip route 0.0.0.0 0.0.0.0 197.68.1.2  
access-list 10 permit 192.168.10.1 0.0.0.14
access-list 20 permit 192.168.20.32 0.0.0.0
access-list 20 permit 192.168.20.0 0.0.0.31
ip nat pool VLAN10 198.1.1.1 198.1.1.5 netmask 255.255.255.240
ip nat pool VLAN20 198.1.1.6 198.1.1.10 netmask 255.255.255.240
ip nat inside source list 10 pool vlan10 overload
ip nat inside source list 20 pool vlan20 overload
end

ISP:
enable
conf t
ip route 198.1.1.0 255.255.255.0 197.68.1.1
end

13、
enable
conf t
int f0/1
switchport mode access
switchport access vlan 10
switchport port-security(開啓端口安全)
switchport port-security mac-address sticky (第一個接入電腦MAC地址-常用)
或
switchport port-security mac-address 00E0.8FB6.D85（某PC的MAC地址）
switchport port-security maximum 1（允許最大連接數爲1)
switchport port-security violation shutdown (違反立即關閉)

14、
core1(核心1）：
interface vlan 10
ip address 192.168.10.100 255.255.255.0
no shutdown
standby 10 ip 192.168.10.100
standby 10 priority 150
standby 10 preempt
interface vlan 20
ip address 192.168.20.100 255.255.255.0
no shutdown
standby 20 ip 192.168.20.200
standby 20 priority 100
standby 20 preempt
end

core2(核心2）：
interface vlan 10
ip address 192.168.10.200 255.255.255.0
no shutdown
standby 10 ip 192.168.10.100
standby 10 priority 100
standby 10 preempt
interface vlan 20
ip address 192.168.20.200 255.255.255.0
no shutdown
standby 20 ip 192.168.20.200
standby 20 priority 150
standby 20 preempt
end

15、
gateway:
enable
conf t
line vty 0 15
login local
exit
username admin privilege 15 password admin
username user privilege 0 password user
驗證:
PC telnet 路由，查看權限
爲user用戶增加權限：privilege exec level 0 show ip route