CCNP綜合實(shí)驗(yàn)題

1、CCNP綜合實(shí)驗(yàn)題實(shí)驗(yàn)題: 1.在圖上顯示的所有設(shè)備上配置Hostname,enable密文密碼,所有vty密碼.Hostname如圖所示,密碼都為cisco. 2.確保交換機(jī)之間所有的端口都為Trunk. 3.Core1,Core2為VTP-server,SW1,SW2為VTP-client,域名為CCNP,創(chuàng)建VLAN10,VLAN20,VLAN30,VLAN40, 4.確保Core1與Core2其中一個(gè)為VLAN1-500的根橋和VLAN501-1024的備份根橋,一個(gè)為VLAN1-500備份根橋和VLAN501-1024的根橋. 5.劃VLAN.PC1為VLAN10,PC2為VLAN2

2、0.SW0f0/1連PC1,SW1f0/1邊PC2.Gatewayf0/0為VLAN30,gatewayF0/1為VLAN40, 6.Core1與Core2兩個(gè)鏈路做二層etherchannel,用工業(yè)標(biāo)準(zhǔn).只要求寫出配置文檔,暫時(shí)不配置到生產(chǎn)環(huán)境中. 8.Core1起SVI口,VLAN10:192.168.10.100,VLAN20:192.168.20.100,VLAN30:192.168.30.100,VLAN40:192.168.40.100 Core2起SVI口,VLAN10:192.168.10.200,0.200,VLAN30:192.168.30.200,VLAN40:192.

3、168.40.200 9.Gateway S0/3/0與ISP-internet s0/3/0相連, GatewayIP:S0/3/0-197.68.1.1/30 f0/0-192.168.30.30/24 f0/1-192.168.40.40/24 10.Gateway,Core1,Core起OSPF,宣告相應(yīng)的網(wǎng)絡(luò).使得Core1只與Gatewayf0/0建立鄰居,Core1只有一個(gè) OSPF鄰居.Core2只與Gatewayf0/1建立鄰居,Core2只有一個(gè)鄰居.Core1與Core2之間不需要建立OSPF鄰 居.Gateway的鄰居表中只有兩個(gè)鄰居. Gateway:Loopback

4、0:3.3.3.3/32,宣告該網(wǎng)絡(luò),也作為ospf router-id Core1:Loopback0:1.1.1.1/32,宣告該網(wǎng)絡(luò),也作為ospf router-id Core2:Loopback0:2.2.2.2/32,宣告該網(wǎng)絡(luò),也作為ospf router-id 確保PC1,PC2能ping通gateway3.3.3.3. 11:SW1與SW2上只能配上192.168.1.0/24網(wǎng)段的管理IP,通過一定的配置,使PC能登錄到這兩個(gè)交換機(jī)上. 在Gateway上做NAT, 13.在SW1上配置.使得F0/1的端口只能接入PC1,否則自動(dòng)關(guān)閉端口. 14.配置HSRP.只要求寫出配

5、置,(可以使用dynamips查命令) core1為VLAN10的主網(wǎng)關(guān),Vlan20的備份網(wǎng)關(guān) core2為VLAN20的主網(wǎng)關(guān),VLAN10的備份網(wǎng)關(guān). 15.只要求寫出配置.在gateway上建立兩個(gè)帳啟用用于管理,當(dāng)PC用戶登錄到gateway時(shí),輸入不同的用戶會(huì) 擁有不同的權(quán)限. 一個(gè)是超級(jí)用戶:level:15,username:admin,password:admin, 一個(gè)是受限用戶:level:0,username:user,password:user,并具有查看路由表的權(quán)限. 答案： 1、 enable conf t host * no ip domain-lo lin c

6、on 0 exec-ti 0 0 logg syn exit enable secret cisco lin vty 0 * password cisco 2、 switchport mode trunk 3、 core1: enable vlan database vlan 10 vlan 20 vlan 30 vlan 40 vtp server vtp domain CCNP core2: enable vlan database vtp server vtp domain CCNP SW1/SW2: enable vlan database vtp client vtp domain

7、CCNP 4、 core1: spanning-tree vlan 1-500 root primary spanning-tree vlan 501-1024 root secondary core2: spanning-tree vlan 1-500 root secondary spanning-tree vlan 501-1024 root primary 5、 switchport mode access switchport access vlan * 6、 int range f0/2 - 3 channel-group 1 mode on switchport mode tru

8、nk int int port-channel 1 switchport mode trunk 7、PC直接配置 8、 core1: interface Vlan10 ip address 192.168.10.100 255.255.255.0 interface Vlan20 ip address 192.168.20.100 255.255.255.0 interface Vlan30 ip address 192.168.30.100 255.255.255.0 interface Vlan40 ip address 192.168.40.100 255.255.255.0 core2

9、: interface Vlan10 ip address 192.168.10.200 255.255.255.0 interface Vlan20 ip address 192.168.20.200 255.255.255.0 interface Vlan30 ip address 192.168.30.200 255.255.255.0 interface Vlan40 ip address 192.168.40.200 255.255.255.0 9、 Gateway: enable conf t int s0/3/0 ip add 197.68.1.1 255.255.255.252

10、 no sh int f0/0 ip add 192.168.30.30 255.255.255.0 no sh int f0/1 ip add 192.168.40.40 255.255.255.0 no sh 10、 gateway : router ospf 100 router-id 3.3.3.3 network 192.168.30.0 0.0.0.255 area 0 network 192.168.40.0 0.0.0.255 area 0 network 3.3.3.3 0.0.0.0 area 0 core1： router ospf 100 router-id 1.1.1

11、.1 redistribute connected subnets network 192.168.30.0 0.0.0.255 area 0 network 1.1.1.1 0.0.0.0 area 0 core2： router ospf 100 router-id 2.2.2.2 redistribute connected subnets network 192.168.40.0 0.0.0.255 area 0 network 2.2.2.2 0.0.0.0 area 0 11、 core1: int vlan 1 ip add 192.168.1.100 255.255.255.0

12、 no sh core2: int vlan 1 ip add 192.168.1.200 255.255.255.0 no sh sw1: int vlan 1 ip add 192.168.1.10 255.255.255.0 no sh ip default-gateway 192.168.10.100 sw2: int vlan 1 ip add 192.168.1.20 255.255.255.0 no sh ip default-gateway 192.168.10.200 12、 Gateway:enable conf t int s0/3/0 ip nat outside in

13、t f0/0 ip nat inside int f0/1 ip nat inside exit router ospf 100 default-information originate exit ip route 0.0.0.0 0.0.0.0 197.68.1.2 access-list 10 permit 192.168.10.1 0.0.0.14 access-list 20 permit 192.168.20.32 0.0.0.0 access-list 20 permit 192.168.20.0 0.0.0.31 ip nat pool VLAN10 198.1.1.1 198

14、.1.1.5 netmask 255.255.255.240 ip nat pool VLAN20 198.1.1.6 198.1.1.10 netmask 255.255.255.240 ip nat inside source list 10 pool vlan10 overload ip nat inside source list 20 pool vlan20 overload end ISP:enableconf tend13、 enable conf t int f0/1 switchport mode access switchport access vlan 10 switch

15、port port-security(開啟端口安全) switchport port-security mac-address sticky (第一個(gè)接入電腦MAC地址-常用) 或 switchport port-security mac-address 00E0.8FB6.D85（某PC的MAC地址） switchport port-security maximum 1（允許最大連接數(shù)為1) switchport port-security violation shutdown (違反立即關(guān)閉) 14、 core1(核心1）： interface vlan 10 ip address 192

16、.168.10.100 255.255.255.0 no shutdown standby 10 ip 192.168.10.100 standby 10 priority 150 standby 10 preempt interface vlan 20 ip address 192.168.20.100 255.255.255.0 no shutdown standby 20 ip 192.168.20.200 standby 20 priority 100 standby 20 preempt end core2(核心2）： interface vlan 10 ip address 192.168.10.200 255.255.255.0 no shutdown standby 10 ip 192.168.10.100 standby 10 priority 100 standby 10 preempt interface vlan 20 ip address 192.168.20.200 255.255.255.0 no shutdown standby 20 ip 192.168.20