PT-練習(xí)861-CCNA-綜合技巧練習(xí)(教師版)

PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)（教師版）拓?fù)鋱D所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第1頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)HQ地址表設(shè)備接口IP地址子網(wǎng)掩碼DLCI映射Fa0/0不適用S0/0/0.4152DLCI41到B1HQS0/0/0.4252DLCI42到B2S0/0/0.4352DLCI43到B3S0/0/15352不適用S0/1/052不適用分支路由器的地址表設(shè)備接口IP地址子網(wǎng)掩碼Fa0/0.1010.X.10.1Fa0/0.2010.X.20.1Fa0/0.3010.X.30.1Fa0/0.8810.X.88.1BXFa0/0.9910.X.99.1S0/0/0第二個(gè)地址52BX-S1VLAN9910.X.99.21BX-S2VLAN9910.X.99.22BX-S3VLAN9910.X.99.23BX-WRSVLAN110.X.40.1.以分支路由器B1、B2或B3的編號(hào)代替"X"。.HQ的點(diǎn)對(duì)點(diǎn)PVC使用子網(wǎng)中的第二個(gè)地址。HQ使用第一個(gè)地址。.WRT300N路由器通過(guò)DHCP從分支路由器獲得Internet地址。所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第2頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)VLAN配置和端口映射VLAN編號(hào)網(wǎng)絡(luò)地址VLAN名稱端口映射1010.X.10.0/24AdminBX-S2,Fa0/62010.X.20.0/24SalesBX-S2,Fa0/113010.X.30.0/24ProductionBX-S2,Fa0/168810.X.88.0/24WirelessBX-S3,Fa0/79910.X.99.0/24Mgmt&Native所有中繼所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第3頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)學(xué)習(xí)目標(biāo).在集中星型拓?fù)渲信渲脦欣^.將PPP的身份驗(yàn)證方式配置為CHAP和PAP.配置靜態(tài)NAT和動(dòng)態(tài)NAT.配置靜態(tài)路由和默認(rèn)路由簡(jiǎn)介在本次綜合性CCNA技巧練習(xí)中，XYZ公司在WAN連接中混合使用幀中繼與PPP。HQ路由器通過(guò)NAT提供對(duì)服務(wù)器群和Internet的訪問(wèn)。另外HQ還使用基本的防火墻ACL來(lái)過(guò)濾入站流量。每臺(tái)分支路由器都配置為支持VLAN間路由和DHCP。路由過(guò)程通過(guò)EIGRP以及靜態(tài)路由和默認(rèn)路由完成。每個(gè)交換網(wǎng)絡(luò)上都配置了VLAN、VTP和STP。本練習(xí)已啟用端口安全功能并提供無(wú)線接入。在本次綜合練習(xí)中，您的任務(wù)是充分利用您在四門(mén)Exploration課程中所學(xué)的知識(shí)，成功運(yùn)用所有技術(shù)。您要負(fù)責(zé)配置HQ路由器以及分支路由器B1、B2和B3。此外，您還要負(fù)責(zé)配置每一臺(tái)通過(guò)分支路由器連接到網(wǎng)絡(luò)的設(shè)備。NewB路由器代表一臺(tái)小型公司經(jīng)合并后作為新分支機(jī)構(gòu)的分支路由器。您不具有NewB路由器的訪問(wèn)權(quán)。但是，您要在HQ和NewB之間建立一條鏈路，使這家新的分支機(jī)構(gòu)能夠訪問(wèn)內(nèi)部網(wǎng)絡(luò)和Internet。ipaddress52frame-relayinterface-dlci41!interfaceSerial0/0/0.42point-to-pointipaddress52frame-relayinterface-dlci42!interfaceSerial0/0/0.43point-to-pointipaddress52frame-relayinterface-dlci43endwr!-----------!B1!-----------enableconfigureterminalhostB1enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress52encapsulationframe-relayframe-relaylmi-typeq933anoshutdownendwr!-----------!B2!-----------enable所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第5頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)configureterminalhostB2enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress52encapsulationframe-relayframe-relaylmi-typeq933anoshutdownendwr!-----------!B3!-----------enableconfigureterminalhostB3enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!interfaceSerial0/0/0ipaddress052encapsulationframe-relayietfframe-relaylmi-typeansinoshutdownendwr步驟2.在HQ上配置LAN接口。!interfaceFastEthernet0/0descriptionServerFarmipaddressnoshutdown!步驟3.檢驗(yàn)HQ能否ping通每臺(tái)分支路由器。HQ#pingTypeescapesequencetoabort.所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第6頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=40/71/89msHQ#pingTypeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=35/60/69msHQ#ping0Typeescapesequencetoabort.Sending5,100-byteICMPEchosto0,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=23/58/87ms任務(wù)2：將PPP的身份驗(yàn)證方式配置為CHAP和PAP步驟1.使用PPP封裝和CHAP身份驗(yàn)證配置從HQ到ISP的WAN鏈路。CHAP口令是ciscochap。usernameISPpasswordciscochapinterfaceSerial0/1/0descriptionLinktoISPipaddress52encapsulationppppppauthenticationchapnoshutdown步驟2.使用PPP封裝和PAP身份驗(yàn)證配置從HQ到NewB的WAN鏈路。您需要將電纜連接到正確的接口。HQ是鏈路的DCE端。您需要選擇時(shí)鐘頻率。PAP口令是ciscopap。usernameNewBpasswordciscopapinterfaceSerial0/0/1descriptionLinktoB4ipaddress5352encapsulationppppppauthenticationpapppppapsent-usernameHQpassword0ciscopapclockrate64000noshutdown步驟3.檢驗(yàn)HQ能否ping通ISP和NewB。HQ#pingTypeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=17/30/38msHQ#ping54Typeescapesequencetoabort.所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第7頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)Sending5,100-byteICMPEchosto54,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=5/29/47ms任務(wù)3：在HQ上配置靜態(tài)NAT和動(dòng)態(tài)NAT步驟1.配置NAT。請(qǐng)遵循下列要求：.允許轉(zhuǎn)換/8中的所有地址。.XYZ公司擁有40/29地址空間。XYZCORP池使用從.241到.245范圍內(nèi)的地址，子網(wǎng)掩碼為/29。.位于的網(wǎng)站注冊(cè)于IP地址為46的公共DNS系統(tǒng)。ipaccess-liststandardNAT_LISTpermit55!ipnatpoolXYZCORP4145netmask48ipnatinsidesourcelistNAT_LISTpoolXYZCORPoverloadipnatinsidesourcestatic46!interfacefa0/0ipnatinsideinterfaces0/0/0.41point-to-pointipnatinsideinterfaces0/0/0.42point-to-pointipnatinsideinterfaces0/0/0.43point-to-pointipnatinsideinterfaces0/0/1ipnatinsideinterfaces0/1/0ipnatoutside步驟2.使用擴(kuò)展ping命令檢驗(yàn)NAT是否在運(yùn)作。使用HQLAN接口作為源地址，從HQpingISP上的serial0/0/0接口。此ping命令應(yīng)該成功。HQ#pingProtocol[ip]:TargetIPaddress:Repeatcount[5]:Datagramsize[100]:Timeoutinseconds[2]:Extendedcommands[n]:ySourceaddressorinterface:Typeofservice[0]:SetDFbitinIPheader?[no]:Validatereplydata?[no]:Datapattern[0xABCD]:Loose,Strict,Record,Timestamp,Verbose[none]:Sweeprangeofsizes[n]:Typeescapesequencetoabort.Sending5,100-byteICMPEchosto,timeoutis2seconds:Packetsentwithasourceaddressof!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=18/34/42ms所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第8頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)使用showipnattranslations命令檢驗(yàn)NAT是否已將ping命令使用的內(nèi)部地址進(jìn)行了轉(zhuǎn)換。HQ#showipnattranslationsProInsideglobalInsidelocalOutsidelocalOutsideglobalicmp41:35:35:35:35icmp41:36:36:36:36icmp41:37:37:37:37icmp41:38:38:38:38icmp41:39:39:39:39---46------任務(wù)4：配置靜態(tài)路由和默認(rèn)路由步驟1.配置HQ到達(dá)ISP的默認(rèn)路由和到達(dá)NewBLAN的靜態(tài)路由。請(qǐng)使用送出接口作為參數(shù)。iprouteSerial0/1/0iprouteSerial0/0/1步驟2.配置分支路由器到達(dá)HQ的默認(rèn)路由。請(qǐng)使用下一跳IP地址作為參數(shù)。!B1iproute!B2iproute!B3iproute步驟3.檢驗(yàn)ISP范圍外的連通性。所有三臺(tái)NewBPC以及NetAdminPC都應(yīng)該能ping通Web服務(wù)器。!在NewB-PC1上PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Requesttimedout.Replyfrom34:bytes=32time=10msTTL=125Replyfrom34:bytes=32time=10msTTL=125Replyfrom34:bytes=32time=10msTTL=125Pingstatisticsfor34:Packets:Sent=4,Received=3,Lost=1(25%loss),Approximateroundtriptimesinmilli-seconds:Minimum=10ms,Maximum=10ms,Average=10msPC>!在NetAdmin上所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第9頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Replyfrom34:bytes=32time=12msTTL=126Replyfrom34:bytes=32time=188msTTL=126Replyfrom34:bytes=32time=8msTTL=126Replyfrom34:bytes=32time=8msTTL=126Pingstatisticsfor34:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=8ms,Maximum=188ms,Average=54msPC>任務(wù)5：配置VLAN間路由步驟1.配置每臺(tái)分支路由器使其支持VLAN間路由。使用分支路由器的地址表配置并激活VLAN間路由的LAN接口。VLAN99為本征VLAN。!-----------------!分支路由器!-----------------!以路由器編號(hào)代替X。interfaceFastEthernet0/0noshutdown!interfaceFastEthernet0/0.10descriptionAdminVLAN10encapsulationdot1Q10ipaddress10.X.10.1!interfaceFastEthernet0/0.20descriptionSalesVLAN20encapsulationdot1Q20ipaddress10.X.20.1!interfaceFastEthernet0/0.30descriptionProductionVLAN30encapsulationdot1Q30ipaddress10.X.30.1!interfaceFastEthernet0/0.88descriptionWirelessVLAN88encapsulationdot1Q88ipaddress10.X.88.1!interfaceFastEthernet0/0.99descriptionMgmt&NativeVLAN99encapsulationdot1Q99nativeipaddress10.X.99.1!所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第10頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)步驟2.檢查路由表。每臺(tái)分支路由器現(xiàn)在都應(yīng)該有六個(gè)直接相連的網(wǎng)絡(luò)和一條靜態(tài)默認(rèn)路由。B1#showiproute<省略部分輸出>Gatewayoflastresortistonetwork/8isvariablysubnetted,6subnets,2masksC/24isdirectlyconnected,FastEthernet0/0.10C/24isdirectlyconnected,FastEthernet0/0.20C/24isdirectlyconnected,FastEthernet0/0.30C/24isdirectlyconnected,FastEthernet0/0.88C/24isdirectlyconnected,FastEthernet0/0.99C/30isdirectlyconnected,Serial0/0/0S*/0[1/0]via任務(wù)6：配置和優(yōu)化EIGRP路由步驟1.配置HQ、B1、B2和B3的EIGRP。.使用AS100。.在適當(dāng)?shù)慕涌谏辖肊IGRP更新。.手動(dòng)總結(jié)EIGRP路由，使每臺(tái)分支路由器只向HQ通告10.X.0.0/16地址空間。注：PacketTracer無(wú)法準(zhǔn)確地模擬EIGRP總結(jié)路由的優(yōu)勢(shì)。路由表仍將顯示所有的子網(wǎng)，即使您已正確配置手動(dòng)總結(jié)。!-----------------!HQ路由器!-----------------routereigrp100passive-interfaceFastEthernet0/0passive-interfaceSerial0/0/1passive-interfaceSerial0/1/0networknoauto-summary!!-----------------!分支路由器!-----------------!routereigrp100passive-interfaceFastEthernet0/0.10passive-interfaceFastEthernet0/0.20passive-interfaceFastEthernet0/0.30passive-interfaceFastEthernet0/0.99networknoauto-summary!!!以路由器編號(hào)代替X!所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第11頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)interfaceserial0/0/0ipsummary-addresseigrp10010.X.0.0步驟2.檢查路由表和連通性。HQ路由器和分支路由器現(xiàn)在應(yīng)該有完整的路由表。HQ#shiproute<省略部分輸出>Gatewayoflastresortistonetwork/8isvariablysubnetted,21subnets,2masksC/24isdirectlyconnected,FastEthernet0/0D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:14,Serial0/0/0.41D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via,00:00:07,Serial0/0/0.42D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43D/24[90/2172416]via0,00:00:04,Serial0/0/0.43S/24isdirectlyconnected,Serial0/0/1C/30isdirectlyconnected,Serial0/0/0.41C/30isdirectlyconnected,Serial0/0/0.42C/30isdirectlyconnected,Serial0/0/0.43C52/30isdirectlyconnected,Serial0/0/1/30issubnetted,1subnetsCisdirectlyconnected,Serial0/1/0S*/0isdirectlyconnected,Serial0/1/0NetAdminPC現(xiàn)在應(yīng)該能ping通每臺(tái)分支路由器上的每個(gè)VLAN子接口。!在NetAdminPC上PacketTracerPCCommandLine1.0PC>pingPingingwith32bytesofdata:Replyfrom:bytes=32time=104msTTL=254Replyfrom:bytes=32time=104msTTL=254Replyfrom:bytes=32time=100msTTL=254Replyfrom:bytes=32time=132msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=100ms,Maximum=132ms,Average=110msPC>ping所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第12頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)Pingingwith32bytesofdata:Replyfrom:bytes=32time=83msTTL=254Replyfrom:bytes=32time=152msTTL=254Replyfrom:bytes=32time=118msTTL=254Replyfrom:bytes=32time=103msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=83ms,Maximum=152ms,Average=114msPC>pingPingingwith32bytesofdata:Replyfrom:bytes=32time=114msTTL=254Replyfrom:bytes=32time=99msTTL=254Replyfrom:bytes=32time=108msTTL=254Replyfrom:bytes=32time=153msTTL=254Pingstatisticsfor:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=99ms,Maximum=153ms,Average=118ms任務(wù)7：配置VTP、中繼、VLAN接口和VLAN下列要求適用于所有三個(gè)分支。配置三臺(tái)交換機(jī)中的一臺(tái)。然后將這些交換機(jī)的腳本應(yīng)用于其它兩臺(tái)交換機(jī)。步驟1.配置分支交換機(jī)的VTP。.BX-S1為VTP服務(wù)器。BX-S2和BX-S3為VTP客戶端。.域名為XYZCORP。.口令為xyzvtp。步驟2.在BX-S1、BX-S2和BX-S3上配置中繼。將適當(dāng)?shù)慕涌谂渲脼橹欣^模式并指定VLAN99為本征VLAN。步驟3.在BX-S1、BX-S2和BX-S3上配置VLAN接口和默認(rèn)網(wǎng)關(guān)。步驟4.在BX-S1上創(chuàng)建VLAN。只在BX-S1上創(chuàng)建并命名"VLAN配置和端口映射"表中列出的VLAN。VTP會(huì)向BX-S1和BX-S2通告新的VLAN。!!在以下腳本中將"X"替換為分支路由器編號(hào)!!-----------!S1!-----------enableconfigureterminal所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第13頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)hostBX-S1enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeservervtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/5switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.21noshutipdefault-gateway10.X.99.1!vlan10nameAdminvlan20nameSalesvlan30nameProductionvlan88nameWirelessvlan99nameMgmt&Nativeendwr!-----------!S2!-----------enable所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第14頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)configureterminalhostBX-S2enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeclientvtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.22noshutipdefault-gateway10.X.99.1!endwr!-----------!S3!-----------enableconfigureterminalhostBX-S3enablesecretclassbannermotd$AUTHORIZEDACCESSONLY!$linecon0passciscologinlinevty04passciscologinservicepassword-encryption!vtpmodeclient所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第15頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)vtpdomainxyzcorpvtppasswordxyzvtp!interfaceFastEthernet0/1switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/2switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/3switchporttrunknativevlan99switchportmodetrunk!interfaceFastEthernet0/4switchporttrunknativevlan99switchportmodetrunk!interfacevlan99ipaddress10.X.99.23noshutipdefault-gateway10.X.99.1!endwr步驟5.檢查這些VLAN是否已發(fā)送到BX-S2和BX-S3。使用適當(dāng)?shù)拿顧z查S2和S3是否已具有您在S1上創(chuàng)建的VLAN。PacketTracer模擬VTP通告可能需要花費(fèi)數(shù)分鐘的時(shí)間。一種強(qiáng)制發(fā)送VTP通告的快速方法是，將其中一臺(tái)客戶端交換機(jī)更改為透明模式然后再改回客戶端模式。!所有交換機(jī)將擁有相似的輸出。所有BX-S1交換機(jī)的VTP!工作模式都是服務(wù)器模式。B2-S2#showvtpstatusVTPVersion:2ConfigurationRevision:0MaximumVLANssupportedlocally:64NumberofexistingVLANs:10VTPOperatingMode:ClientVTPDomainName:xyzcorpVTPPruningMode:DisabledVTPV2Mode:DisabledVTPTrapsGeneration:DisabledMD5digest:0xCD0xBF0xDE0x4E0x0F0x790x7D0x3EConfigurationlastmodifiedby1at3-1-9300:43:41B2-S2#showvlanbriefVLANNameStatusPortsdefaultactiveFa0/5,Fa0/6,Fa0/7,Fa0/8Fa0/9,Fa0/10,Fa0/11,Fa0/12Fa0/13,Fa0/14,Fa0/15,Fa0/16Fa0/17,Fa0/18,Fa0/19,Fa0/20所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第16頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)Fa0/21,Fa0/22,Fa0/23,Fa0/24Gig1/1,Gig1/210Adminactive20Salesactive30Productionactive88Wirelessactive99Mgmt&Nativeactive1002fddi-defaultactive1003token-ring-defaultactive1004fddinet-defaultactive1005trnet-defaultactive任務(wù)8：分配VLAN并配置端口安全性步驟1.為接入端口分配VLAN。根據(jù)"VLAN配置和端口映射"表完成下列要求：.配置接入端口.為接入端口分配VLAN步驟2.配置端口安全性。使用下列策略在BX-S2接入端口上建立端口安全性：.僅允許一個(gè)MAC地址.將第一個(gè)學(xué)習(xí)到的MAC地址配置為"粘滯"在配置中.設(shè)置端口，使其在出現(xiàn)安全違規(guī)時(shí)關(guān)閉!-----------!BX-S3!-----------!interfaceFastEthernet0/7switchportaccessvlan88switchportmodeaccess!-----------!BX-S2!-----------!interfaceFastEthernet0/6switchportaccessvlan10switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown!interfaceFastEthernet0/11switchportaccessvlan20switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第17頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)!interfaceFastEthernet0/16switchportaccessvlan30switchportmodeaccessswitchportport-securityswitchportport-securitymaximum1switchportport-securitymac-addressstickyswitchportport-securityviolationshutdown!步驟3.檢查VLAN分配和端口安全性。使用適當(dāng)?shù)拿顧z查是否已正確分配接入VLAN，以及是否已啟用端口安全策略。B1-S2#showvlanbriefVLANNameStatusPortsdefaultactiveFa0/5,Fa0/7,Fa0/8,Fa0/9Fa0/10,Fa0/12,Fa0/13,Fa0/14Fa0/15,Fa0/17,Fa0/18,Fa0/19Fa0/20,Fa0/21,Fa0/22,Fa0/23Fa0/24,Gig1/1,Gig1/210AdminactiveFa0/620SalesactiveFa0/1130ProductionactiveFa0/1688Wirelessactive99Mgmt&Nativeactive1002fddi-defaultactive1003token-ring-defaultactive1004fddinet-defaultactive1005trnet-defaultactiveB1-S2#showport-securityinterfacefa0/6PortSecurity:EnabledPortStatus:Secure-upViolationMode:ShutdownAgingTime:0minsAgingType:AbsoluteSecureStaticAddressAging:DisabledMaximumMACAddresses:1TotalMACAddresses:0ConfiguredMACAddresses:0StickyMACAddresses:0LastSourceAddress:Vlan:0000.0000.0000:0SecurityViolationCount:0任務(wù)9：配置STP步驟1.將BX-S1配置為根橋。將BX-S1的優(yōu)先級(jí)設(shè)置為4096，使這些交換機(jī)始終成為所有VLAN的根橋。!-----------!BX-S1!-----------!spanning-treevlan1priority4096所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第18頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)spanning-treevlan10priority4096spanning-treevlan20priority4096spanning-treevlan30priority4096spanning-treevlan88priority4096spanning-treevlan99priority4096!步驟2.將BX-S3配置為備用根橋。將BX-S3的優(yōu)先級(jí)設(shè)置為8192，使這些交換機(jī)始終成為所有VLAN的備用根橋。!-----------!BX-S3!-----------!spanning-treevlan1priority8192spanning-treevlan10priority8192spanning-treevlan20priority8192spanning-treevlan30priority8192spanning-treevlan88priority8192spanning-treevlan99priority8192!步驟3.檢驗(yàn)BX-S1是否成為根橋。!對(duì)于所有交換機(jī)上的所有VLAN，輸出都應(yīng)當(dāng)是類(lèi)似的。!B1-S1#showspanning-treevlan10VLAN0010SpanningtreeenabledprotocolieeeRootIDPriority4106Address00D0.BA3D.2C94ThisbridgeistherootHelloTime2secMaxAge20secForwardDelay15secBridgeIDPriority4106(priority4116sys-id-ext10)Address00D0.BA3D.2C94AgingTime300InterfaceRoleStsCostPrio.NbrTypeFa0/3DesgFWD19128.3ShrFa0/1DesgFWD19128.3ShrFa0/2DesgFWD19128.3ShrFa0/5DesgFWD19128.3ShrFa0/4DesgFWD19128.3Shr任務(wù)10：配置DHCP步驟1.為每個(gè)VLAN配置DHCP池。在每臺(tái)分支路由器上，依據(jù)下列要求為每個(gè)VLAN配置DHCP池：.對(duì)于LAN，在每個(gè)池中排除前10個(gè)IP地址。.對(duì)于無(wú)線LAN，在每個(gè)池中排除前24個(gè)IP地址。.池的名稱為BX_VLAN##，其中X是路由器編號(hào)，##是VLAN編號(hào)。所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第19頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí).將連接到HQ服務(wù)器群的DNS服務(wù)器包含在內(nèi)作為DHCP配置的組成部分。!-----------!B1!-----------!ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB1_VLAN10networkdefault-routerdns-serveripdhcppoolB1_VLAN20networkdefault-routerdns-serveripdhcppoolB1_VLAN30networkdefault-routerdns-serveripdhcppoolB1_VLAN88networkdefault-routerdns-server!-----------!B2!-----------!ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB2_VLAN10networkdefault-routerdns-serveripdhcppoolB2_VLAN20networkdefault-routerdns-serveripdhcppoolB2_VLAN30networkdefault-routerdns-serveripdhcppoolB2_VLAN88networkdefault-routerdns-server!-----------!B3!-----------!所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第20頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address0ipdhcpexcluded-address4!ipdhcppoolB3_VLAN10networkdefault-routerdns-serveripdhcppoolB3_VLAN20networkdefault-routerdns-serveripdhcppoolB3_VLAN30networkdefault-routerdns-serveripdhcppoolB3_VLAN88networkdefault-routerdns-server步驟2.配置PC使用DHCP。目前，這些PC配置為使用靜態(tài)IP地址。請(qǐng)將此配置更改為DHCP。步驟3.檢驗(yàn)PC和無(wú)線路由器是否有IP地址。步驟4.檢驗(yàn)連通性。所有通過(guò)物理方式連接到網(wǎng)絡(luò)中的PC都應(yīng)該能ping通Web服務(wù)器。!在B1-PC1上PacketTracerPCCommandLine1.0PC>pingPinging34with32bytesofdata:Replyfrom34:bytes=32time=234msTTL=125Replyfrom34:bytes=32time=184msTTL=125Replyfrom34:bytes=32time=230msTTL=125Replyfrom34:bytes=32time=228msTTL=125Pingstatisticsfor34:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=184ms,Maximum=234ms,Average=219msPC>任務(wù)11：配置防火墻ACL步驟1.檢驗(yàn)OutsideHost的連通性。OutsideHostPC應(yīng)該能ping通位于的服務(wù)器。所有內(nèi)容版權(quán)所有.1992-2007CiscoSystems,Inc.保留所有權(quán)利。本文檔為Cisco公開(kāi)信息。第21頁(yè)（共31頁(yè)）CCNAExploration接入WAN：網(wǎng)絡(luò)故障排除PT練習(xí)8.6.1：CCNA綜合技巧練習(xí)!-----------!OutsideHost!-----------!PacketTracerPCCommandLine1.0PC>pingPinging46with32bytesofdata:Replyfrom46:bytes=32time=45msTTL=126Replyfrom46:bytes=32time=115msTTL=126Replyfrom46:bytes=32time=124msTTL=126Replyfrom46:bytes=32time=101msTTL=126Pingstatisticsfor46:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=45ms,Maximum=124ms,Average=96msPC>步驟2.實(shí)施基本的防火墻ACL。由于ISP提供通往Internet的連接，因此請(qǐng)按照下列順序配置名為FIREWALL的命名ACL