《CISCO_CCNA实验指南》由会员分享,可在线阅读,更多相关《CISCO_CCNA实验指南(50页珍藏版)》请在金锄头文库上搜索。
1、l Telnet和ssh登录GNS3模拟1Telnetenconf tint f0/0ip address 192.168.186.1 255.255.255.0no shutexitenable password 123456789/设置特权exec密码service password-encryption/对密码进行加密/line vty 0 4password 123456789/虚拟终端密码login/允许登录或username liaozuobiao password yufanglin/本地用户名数据库设置密码line vty 0 4login local/2、sshenconf
2、tint f0/0ip address 192.168.186.1 255.255.255.0no shutexitusername liaozuobiao secret yufanglinhostname R1/主机名 在ios设备上标注RSA密钥对时需要hostname和domain-nameip domain-name ssh version 2crypto key generate rsa general-keys modulus 1024 /密钥类型和长度line vty 0 4login local/本地用户名数据库transport input ssh/使用ssh作为登录程序e
3、xit调试结果:在R2这个主机上键入命令l 端口安全特性Packet tracer 模拟配置命令:enconf tint f0/1switchport mode access /定义为主机访问端口,注意在trunk、EtherChannel端口上不起作用switchport access vlan 1switchport port-security/启动端口安全特性,这步很关键, Dont forget,因为默认是禁用的switchport port-security maximum 1 /设置接口关联最大设备数switchport port-security violation shutdo
4、wn /设置违反安全性规则时接口应该干什么switchport port-security mac-address sticky /设置粘性学习调试:从主机0 ping 主机1,发现能够ping通然后将f0/1断开,接至主机2(未连接),如图:主机2 ping 主机1,不能够ping通,且端口f0/1自动关闭,要恢复的话先shutdown 再no shut发现端口恢复至开启状态。当违反端口安全性时,可以在配置模式下使用以下命令重新设置接口:errdisable recovery cause psecure-vialotionl VLAN和聚合gns3模拟R3:enconf tno ip rou
5、tingint f0/0ip address 192.168.186.1 255.255.255.0no shutR4:enconf tno ip routingint f0/0ip address 192.168.186.2 255.255.255.0no shutR5:enconf tno ip routingint f0/0ip address 192.168.186.3 255.255.255.0no shutR6enconf tno ip routingint f0/0ip address 192.168.186.4 255.255.255.0no shutSW1:envlan da
6、tabasevtp server/vtp sever模式vtp domain VtpSev/域名vtp password liaozuobiao/密钥vtp pruning/启动修剪vlan 10/vlan 20/创建vlanexitconf tint f0/0switchport mode access/接入模式switchport access vlan 10/将端口分配给vlan10int f0/1switchport mode accessswitchport access vlan 20int range f0/11 - 15switchport mode trunk/中继模式swi
7、tchport trunk allowed vlan all/允许所有vlan通过switchport trunk native vlan 1/设置本地vlan/exitint range f0/11 - 15channel-protocol pagp/pagp聚合协议channel-group 1 mode on/配置端口聚合为打开模式或(gns3不能配置)exitlacp system-priority 100/设置系统优先级int range f0/11 - 15channel-protocol lacp/lacp聚合协议channel-group 1 mode active/启动端口聚
8、合为积极模式lacp port-priority 100/端口优先级/SW2:envlan databasevtp clientvtp password liaozuobiaoexitconf tint f0/0switchport mode accessswitchport access vlan 10int f0/1switchport mode accessswitchport access vlan 20int range f0/11 - 15switchport mode trunkswitchport trunk allowed vlan allswitchport trunk n
9、ative vlan 1/exitint range f0/11 - 15channel-protocol pagpchannel-group 1 mode on或exitlacp system-priority 100int range f0/11 - 15channel-protocol lacpchannel-group 1 mode activelacp port-priority 100/l 单臂路由Packet tracer 模拟交换机:enconf tint vlan 1ip address 192.168.186.2 255.255.255.0 /设置管理地址no shutex
10、itip default-gateway 192.168.186.1/设置默认网关int f0/1switchport mode accessswitchport access vlan 2int f0/2switchport mode accessswitchport access vlan 3int f0/3switchport mode trunk/设置端口模式为vlan中继路由器:enconf tint f0/1ip address 192.168.186.1 255.255.255.0no shutint f0/1.1/配置子接口encapsulation dot1q 2/封装802
11、.1q协议 并设置与子接口相关联的vlan号ip address 192.168.187.10 255.255.255.0/设置子接口ip地址int f0/1.2encapsulation dot1q 3ip address 192.168.188.10 255.255.255.0int f0/0ip address 10.1.1.1 255.255.255.0no shut调试结果:从主机0 ping 主机1发现能够ping通,再从主机2 ping ip地址192.168.186.1即交换机的管理地址发现可以ping通 所以在交换机上可以配置 telnet 或ssh登录,主机2充当管理角色,
12、详见telnet登录配置。下面H3C路由器部分 配置:int f0/1ip address 192.168.186.1 24int f0/1.1ip address 192.168.187.10 24vlan-type dot1q vid 2/封装802.1q协议 并设置与子接口相关联的vlan号l DHCPGNS3模拟配置如下:enconf tservice dhcp/启动dhcp服务器特性ip dhcp pool pool1/创建一个地址池network 192.168.186.0 /24/指定要分配给客户端的IP地址范围dns-server 192.168.186.253/将dns服务器
13、地址分配给客户端netbios-name-server 192.168.186.253/将wins服务器地址分配给客户端default-router 192.168.186.1/将默认网关分配给客户端lease 6/设置租赁期import all/将为更高级别服务器导入的dhcp选项 即将isp的dhcp服务器选项导入exitip dhcp ping timeout 600 /设置服务器测试其地址池地址是否正在使用的等待应答时间ip dhcp excluded-address 192.168.186.1/设置排除地址范围ip dhcp excluded-address 192.168.186.253 192.168.186.254int f0/0ip address 192.168.186.1 255.255.255.0no shutend调试和实验结果:xp设置为自动获取ip地址,使用ipconfig/release 然后用ipconfig/renew再用 ipconfig/a
