Not to be missed --- comprehensive experiment on practical application of CCNA

Through a comprehensive experiment, we will enhance the basic settings of routing and switching, remote management, VLAN division, VTP protocol, STP protocol, Dynamic and Static Routing Protocol configuration, and DHCP, configure NAT, PPP, and ACL. The comprehensive use of various technologies and knowledge is conducive to improving our knowledge and technical level.Lab environment:Many devices are complicated. The simulator is used to complete the experiment.Experiment topology:650) this. width = 650; "onclick =" window. open ("http://blog.51cto.com/viewpic.php? Refimg = "+ this. src)" border = "0" alt = "" src = "http://www.bkjia.com/uploads/allimg/131227/04064224C-0.png"/>Lab requirements:1. Make sure that you select the cables between devices. 2. Set an IP address for each device. Set the connection interface to UP.3. configure the route and switch for remote login. Specify the password and encrypt the password. 4. Configure the SW-1 as VTP Server and the SW-2 as VTP Client. 5. Configure vlan on the SW-1, The SW-2 uses the VTP protocol to synchronize VLAN information from the SW-1 6. Configure the Router-1 F0/0 sub interface (single arm Routing), so that it supports inter-VLAN routing. 7. Configure STP (Spanning Tree) protocol and the SW-1 is the root switch. 8. configure the DHCP Server on the Router-1, the IP address of the four PCs, the gateway, the DNS is assigned by it, the IP address of the DNS Server is: 100.1.1.2/24 (can be manually specified) 9. configure the Router-1 so that it can access the Internet. R2, R3, and R4 run the OSPF protocol, and four devices can communicate with each other. 10. The PPP protocol is encapsulated between R1 and R2, and CHAP authentication and password are used for customization. 11. Configure dynamic PAT on the Router-1, 4 PCs can access the Internet through R1. At the same time set static PAT, so that the Internet through the Router-1 TCP 2323 port Telnet to the SW-1.12. configure the ACL on the Router-1 to deny the host in VLAN 2 from accessing the WWW Service of the Web server, and other services are working properly.Experiment Configuration:1. Configure the IP address (the initial setting is omitted)R1 --->Router> enRouter # conf tRouter (config) # ho Router-1Router-1 (config) # int s1/0Router-1 (config-if) # ip add 10.1.1.1 255.255.255.0Router-1 (config-if) # clock rate 64000Router-1 (config-if) # no shRouter-1 (config-if) # int f0/0Router-1 (config-if) # no shRouter-1 (config-if) # exitR2 --->

Router> enRouter # conf tRouter (config) # ho Router-2Router-2 (config) # int s1/0Router-2 (config-if) # ip add 10.1.1.2 255.255.255.0Router-2 (config-if) # no shRouter-2 (config-if) # int f0/1Router-2 (config-if) # ip add route 2.2.1 route 255.0router-2 (config-if) # no shRouter-2 (config-if) # int f0/0Router-2 (config-if) # ip add 30.3.3.1 route 255.255.0router-2 (config-if) # no shRouter-2 (config-if) # exitR3 --->Router # conf tRouter (config) # ho Router-3Router-3 (config) # int s1/0Router-3 (config-if) # ip add 40.4.4.1 route 255.255.0router-3 (config-if) # clock rate 64000Router-3 (config-if) # no shRouter-3 (config-if) # int f0/1Router-3 (config-if) # ip add route 2.2.2 route 255.255.0router-3 (config-if) # no shR4 --->Router # conf tRouter (config) # ho Router-4Router-4 (config) # int s1/0Router-4 (config-if) # ip add 40.4.4.2 255.255.255.0Router-4 (config-if) # no shRouter-4 (config-if) # int f0/0Router-4 (config-if) # ip add 30.3.3.2 255.255.255.0Router-4 (config-if) # int f0/1Router-4 (config-if) # ip add 100.1.1.1 255.255.255.0SW-1 --->Switch> enSwitch # conf tSwitch (config) # ho SW-1SW-1 (config) # int vlan 1SW-1 (config-if) # ip add 192.168.1.2 255.255.255.0SW-1 (config-if) # no shSW-1 (config-if) # exitSW-1 (config) # ip default-gateway 192.168.1.1SW-2 --->Switch> enSwitch # conf tSwitch (config) # ho SW-2SW-2 (config) # int vlan 1SW-2 (config-if) # ip add 192.168.1.3 255.255.255.0SW-2 (config-if) # no shSW-2 (config-if) # exitSW-2 (config) # ip default-gateway 192.168.1.1

  WEB server configuration -->IP Address: 100.1.1.2 mask: 255.255.255.0 Default Gateway: 100.1.1.1 Test the connectivity between R1 and R2:Router-1> ping 10.1.1.2Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/28/32 ms test OK! Can be connected. ConfigureRemote LoginAndPassword protection:The configurations of each device are the same. Here, only one device is shown, and other commands can be copied and pasted. R1 ---> R1 (config) # lin vty 0 4R1 (config-line) # login localR1 (config-line) # username AdminPassword CiscoR1 (config-line) # exitR1 (config) # enable secret CiscoR1 (config) # service password-encrption -- encrypt all passwords Remote Login R1 test:Router-2 # telnet 10.1.1.1
Trying 10.1.1.1... Open

User Access VerificationUsername:Admin-- Enter the previously set user name
Password: -- enter the previously set Password

Router-2> en
Password:
Router-2 # successfully completed the test! View the password display on R1: Router-1 # show running-config .............................. partial output line vty 0 4
Login localusername Router-2 password 7 0822455D0A16 --- password encrypted
Username admin password 7 0822455D0A16 Configure the VTP protocol of the vswitch: (the device is in VTP Server mode by default)SW-1 ---> SW-1 (config) # vtp domain cisco -- VTP domain name set to ciscoSW-1 (config) # int f0/2SW-1 (config-if) # switchport mode trunk -- set the port to trunkSW-1 (config-if) # int f0/3SW-1 (config-if) # switchport mode trunk -- set the port to trunkSW-1 (config-if) # exit SW-2 ---> SW-2 (config) # vtp domain cisco -- VTP domain name set to ciscoSW-2 (config) # vtp mode client -- set vswitch to Client mode SW-2 (config) # int f0/2SW-2 (config-if) # switchport mode trunk -- set the port to trunkSW-2 (config-if) # int f0/3SW-2 (config-if) # switchport mode trunk -- set the port to trunkSW-2 (config-if) # exit Configure VLAN settings:Divide the vlan on the SW-1 and add the corresponding port to it. SW-1 (config) # vlan 2 --- create VLAN 2SW-1 (config-vlan) # vlan 3 --- create VLAN 3SW-1 (config-vlan) # int f0/4SW-1 (config-if) # swi pattern accSW-1 (config-if) # swi acc vlan 2

SW-1 (config-if) # int f0/5SW-1 (config-if) # swi mode accSW-1 (config-if) # swi acc vlan 3SW-1 (config-if) # exitView vtp information on the SW-1:Sw-1 # sh vtp status
VTP Version: 2
Configuration Revision: 2 -- the Configuration Revision number is changed to 2
Maximum VLANs supported locally: 255
Number of existing VLANs: 7 -- the Number of existing VLANs has changed to 7
VTP Operating Mode: Server -- VTPServer Mode
VTP Domain Name: cisco -- The VTP Domain Name Is cisco
VTP Pruning Mode: Disabled
VTP V2 Mode: Disabled
VTP Traps Generation: Disabled
MD5 digest: 0x31 0x26 0xE0 0x77 0xB2 0xAA 0x88 0x3C
Configuration last modified by 192.168.1.2 at 3-1-93 00:51:51
Local updater ID is 192.168.1.2 on interface Vl1 (lowest numbered VLAN interface found)Check the vtp information on the SW-2 to see if it is synchronized with the SW-1:SW-2 # sh vtp status
VTP Version: 2
Configuration Revision: 2
Maximum VLANs supported locally: 255
Number of existing VLANs: 7
VTP Operating Mode: Client-VTP Client Mode
VTP Domain Name: cisco
VTP Pruning Mode: Disabled
VTP V2 Mode: Disabled
VTP Traps Generation: Disabled
MD5 digest: 0x31 0x26 0xE0 0x77 0xB2 0xAA 0x88 0x3C
Configuration last modified by 192.168.1.2 at 3-1-93 00:51:51 is evident that the VTP information for the SW-2 and the SW-1 is fully synchronized. But only synchronous information, the port contained in the VLAN also needs to be specified, as follows: SW-2 (config) # int f0/1SW-2 (config-if) # swi mode accSW-2 (config-if) # swi acc vlan 2SW-2 (config-if) # int f0/4SW-2 (config-if) # swi mode accSW-2 (config-if) # swi acc vlan 3SW-2 (config-if) # exitConfigure a single-arm route to achieve mutual access between VLAN1, 2, and 3:SW-1 -->SW-1 (config) # int f0/1SW-1 (config) # swi mode trunk -- set the master-stem LinkRouter-1 -->Router-1 (config) # int f0/0.1Router-1 (config) # encapsulation dot1q 1 -- encapsulate, 1 refers to VLAN1Router-1 (config) # ip add 192.168.1.1 255.255.255.0Router-1 (config) # int f0/0.2Router-1 (config) # enca dot1q 2Router-1 (config) # ip add 192.168.2.1 route 255.255.0router-1 (config) # enca dot1q 3Router-1 (config) # ip add 192.168.3.1 255.255.255.0Configure STP protocol:SW-1 (config) # spanning-tree vlan 1, 2, 3 priority 4096 ---- configure the SW-1 as the root switch for all VLANs.Configure DHCP server :( on the Router-1)Router-1 (config) # ip dhcp excluded-address 192.168.2.1 -- remove the gateway address 192.168.2.1 out of the address pool Router-1 (config) # ip dhcp poolVlan2-- Configure the DHCP address pool, named VLAN2Router-1 (dhcp-config) # network 192.168.2.0 255.255.255.255.0 -- specify the IP address segment Router-1 (dhcp-config) # default-router 192.168.2.1 -- specify the gateway Router-1 (dhcp-config) # dns-server 100.1.1.2 -- specify the DNSRouter-1 (dhcp-config) # exitRouter-1 (config) # ip dhcp excluded-address 192.168.3.1Router-1 (config) # ip dhcp pool vlan3Router-1 (dhcp-config) # network 192.168.3.0 255.255.255.0Router-1 (dhcp-config) # default-router 192.168.3.1Router-1 (dhcp-config) # dns-server 100.1.1.2Router-1 (dhcp-config) # exit to view pc ip address acquisition: 650) this. width = 650; "onclick =" window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406424525-1.png "/> 650) this. width = 650;" onclick = "window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406426292-2.png "/> OK! Obtained successfully! The same way, you can see that the PC-2's IP address is: 192.168.2.3 PC-3 IP address is: 192.168.3.2 PC-4 IP address is: 192.168.3.3. Ping the PC-1 on the PC-3, the result is as follows: 650) this. width = 650; "onclick =" window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406422Y7-3.png "/> If the PC can be pinged between different VLANs, it indicates that the preceding VLAN routing is correct. You can ping other devices!Configure Default route on Router-1:All unknown traffic is sent to the InternerRouter-1 (config) # ip route 0.0.0.0 0.0.0.0 10.1.1.2The R2-R3-R4 runs the OSPF protocol and the configuration is as follows:R2 ---> Router-2 (config) # router ospf 100Router-2 (config-router) # network 10.1.1.0 0.0.255 area 0Router-2 (config-router) # network route 2.2.0 0.0.0.255 area 0Router-2 (config-router) # network 30.3.3.0 0.0.0.255 area 0 R3 ---> Router-3 (config) # router ospf 100Router-3 (config-router) # network 40.4.4.0 0.0.0.255 area 0Router-3 (config-router) # network router 2.2.0 0.0.0.255 area 0 R4 ---> Router-4 (config) # router ospf 100Router-4 (config-router) # network 100.1.1.0 0.0.0.255 area 0Router-4 (config-router) # network 30.3.3.0 0.0.0.255 area 0Router-4 (config-router) # network 40.4.4.0 0.0.0.255 area 0Test network connectivity:On R1, ping the IP addresses of the Internet in the topology. For example, R1 to ping the Web server: 650) this. width = 650; "onclick =" window. open ("http://blog.51cto.com/viewpic.php? Refimg = "+ this. src)" border = "0" alt = "" src = "http://www.bkjia.com/uploads/allimg/131227/0406425545-4.png"/> You can also test that all IP addresses are pinged. Configure the PPP protocol between R1 and R2: R1 ----> Router-1 (config) # user Router-2 passCisco-- Specify the authentication object and authentication password Router-1 (config) # int s1/0Router-1 (config-if) # encapsulation ppp -- use the PPP encapsulation type Router-1 (config-if) # ppp authentication chap --- specify the authentication method R2 ----> Router-2 (config) # user Router-1 passCiscoRouter-2 (config) # int s1/0Router-2 (config-if) # encapsulation pppRouter-2 (config-if) # ppp authentication chapVerify the CHAP authentication of PPP:Router-2 (config) # int s1/0Router-2 (config-if) # shut --- Close Interface % LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down % LINEPROTO-5-UPDOWN: line protocol on Interface Serial1/0, changed state to downRouter-2 (config-if) # no sh --- restart Interface % LINK-5-CHANGED: Interface Serial1/0, changed state to up ping again test: Router-2 # ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 ms successful pimg R1, ppp chap authentication successful!Configure NAT:Configure on a router Router-1DynamicPATAllows four PCs to access the Internet through R1. Router-1 (config) # int f0/0.1Router-1 (config-subif) # ip nat inside -- specify as entry Router-1 (config-subif) # int f0/0.2Router-1 (config-subif) # ip nat insideRouter-1 (config-subif) # int f0/0.3Router-1 (config-subif) # ip nat insideRouter-1 (config-subif) # int s1/0Router-1 (config-if) # ip nat outsideRouter-1 (config-if) # exitRouter-1 (config) # access-list 1 permit 192.168.2.0 0.0.255router-1 (config) # access-list 1 permit 192.168.3.0 0.0.255router-1 (config) # ip nat inside source list 1 int s1/0 overload Configure on router Router-1StaticPATTo allow the Internet to access the SW-1.Router-1 (config) # int f0/0.1Router-1 (config-subif) # ip nat insideRouter-1 (config-subif) through the TCP 2323 port of R1) # exitRouter-1 (config) # ip nat inside source static tcp 192.168.1.2 23 10.1.1.1 2323 -- allow the Internet address to Telnet to the SW-1 through the TCP 2323 port of the route. PC1 ping Web server, view IP address translation entries; 650) this. width = 650; "onclick =" window. open ("http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/040642A96-5.png "/> you can see that the private address of the PC-1, 192.168.2.2, is converted to 10.1.1.1, then, the public network address 100.1.1.2 is successfully reached and a success is returned. Dynamic PAT successful.Configure ACL:Before configuring, we access http://100.1.1.2 , The result is. 650) this. width = 650; "onclick =" window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406424163-6.png "/> View the Web server successfully! Start configuring ACL --> Router-1 (config) # access-list 100 deny tcp 192.168.2.0 0.0.255 host 100.1.1.2 eq 80 -- deny access to the Web server Router-1 (config) over TCP 80 port 192.168.2.0) # access-list 100 permit ip any-others allow Router-1 (config) # int f0/0.2Router-1 (config-subif) # ip access-group 100 in -- after applying the ACL to this interface configuration, we access http://100.1.1.2 , The result is. 650) this. width = 650; "onclick =" window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406425164-7.png "/> PC-1 can still ping the Web server, see: 650) this. width = 650;" onclick = "window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src)" border = "0" alt = "" src =" http://www.bkjia.com/uploads/allimg/131227/0406422E9-8.png "/> Now, all labs are complete !!

This article is from the "YYJCWXF sanmao)" blog, please be sure to keep this source http://weixianfei.blog.51cto.com/950271/345568