Noriu/Cyber_Security_Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae4c5ba42a
Cyber_Security_Notes/B. 第二阶段/拓扑练习/0903_项目实战 - 1.md
Noriu ae4c5ba42a 2024年9月3日 10:55:24
2024-09-03 10:55:27 +08:00

250 lines
6.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 项目实战 - 基础交换网络设计
![image-20240903094302311](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903094302311.png)
![image-20240902173915624](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240902173915624.png)
### 一、IP、VLAN、Routing
- **PC**
- **SW1**
```
[SW1]vlan batch 10 20 30
[SW1]port-group group-member g0/0/1 g0/0/3 g0/0/4
[SW1-port-group]port link-type access
[SW1-port-group]port default vlan 10
[SW1-port-group]quit
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
```
- **SW2**
```
[SW2]vlan batch 10 20 30
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 20
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
```
- **SW3**
```
[SW3]vlan batch 10 20 30
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access
[SW3-GigabitEthernet0/0/1]port default vlan 30
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type trunk
[SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
```
- **HX - SW5**
```
[HX-SW5]vlan batch 10 20 30 50
[HX-SW5]port-group group-member g0/0/1 to g0/0/3
[HX-SW5-port-group]port link-type trunk
[HX-SW5-port-group]port trunk allow-pass vlan all
[HX-SW5-port-group]quit
[HX-SW5]int g0/0/5
[HX-SW5-GigabitEthernet0/0/5]port link-type access
[HX-SW5-GigabitEthernet0/0/5]port default vlan 50
[HX-SW5-GigabitEthernet0/0/5]quit
[HX-SW5]int vlan 50
[HX-SW5-Vlanif50]ip add 192.168.50.251 24
```
- **AR3 - DHCP**
```
[AR3-DHCP]int g0/0/1
[AR3-DHCP-GigabitEthernet0/0/1]ip add 192.168.50.1 24
[AR3-DHCP-GigabitEthernet0/0/1]quit
[AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251
```
### 二、DHCP
#### 1、配置
- **AR3 - DHCP**
```
[AR3-DHCP]dhcp enable
[AR3-DHCP]ip pool vlan10
[AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
[AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
[AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
[AR3-DHCP-ip-pool-vlan10]quit
[AR3-DHCP]ip pool vlan20
[AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
[AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
[AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
[AR3-DHCP-ip-pool-vlan20]quit
[AR3-DHCP]ip pool vlan30
[AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
[AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
[AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
[AR3-DHCP-ip-pool-vlan30]quit
[AR3-DHCP]int g0/0/1
[AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
```
- **HX - SW5**
```
[HX-SW5]dhcp enable
[HX-SW5]int Vlanif 10
[HX-SW5-Vlanif10]ip add 192.168.10.251 24
[HX-SW5-Vlanif10]dhcp select relay
[HX-SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
[HX-SW5-Vlanif10]int Vlanif 20
[HX-SW5-Vlanif20]ip add 192.168.20.251 24
[HX-SW5-Vlanif20]dhcp select relay
[HX-SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
[HX-SW5-Vlanif20]int Vlanif 30
[HX-SW5-Vlanif30]ip add 192.168.30.251 24
[HX-SW5-Vlanif30]dhcp select relay
[HX-SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
```
#### 2、测试
- **PC1 *[VALN10]***
```
PC1>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fed3:1698
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.253
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-D3-16-98
DNS server........................: 8.8.8.8
```
- **PC2 *[VALN20]***
```
PC2>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe31:2c88
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.253
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.254
Physical address..................: 54-89-98-31-2C-88
DNS server........................: 8.8.8.8
```
- **PC3 *[VALN30]***
```
PC3>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fef9:3881
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.30.253
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.30.254
Physical address..................: 54-89-98-F9-38-81
DNS server........................: 8.8.8.8
```
****
### 三、VLAN间通信
> 要实现vlan间通信需修改vlanif的IP地址修改为DHCP分配的网关地址
#### 1、配置
- **HX - SW5**
```
[HX-SW5]int Vlanif 10
[HX-SW5-Vlanif10]ip add 192.168.10.254 24
[HX-SW5-Vlanif10]int Vlanif 20
[HX-SW5-Vlanif20]ip add 192.168.20.254 24
[HX-SW5-Vlanif20]int Vlanif 30
[HX-SW5-Vlanif30]ip add 192.168.30.254 24
```
#### 2、测试
- **PC1 PING PC2**
```
PC1>ping 192.168.20.253
Ping 192.168.20.253: 32 data bytes, Press Ctrl_C to break
From 192.168.20.253: bytes=32 seq=1 ttl=127 time=109 ms
From 192.168.20.253: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.20.253: bytes=32 seq=3 ttl=127 time=79 ms
From 192.168.20.253: bytes=32 seq=4 ttl=127 time=78 ms
From 192.168.20.253: bytes=32 seq=5 ttl=127 time=78 ms
--- 192.168.20.253 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/84/109 ms
```
- **PC1 PING PC3**
```
PC1>ping 192.168.30.253
Ping 192.168.30.253: 32 data bytes, Press Ctrl_C to break
From 192.168.30.253: bytes=32 seq=1 ttl=127 time=94 ms
From 192.168.30.253: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.30.253: bytes=32 seq=3 ttl=127 time=79 ms
From 192.168.30.253: bytes=32 seq=4 ttl=127 time=93 ms
From 192.168.30.253: bytes=32 seq=5 ttl=127 time=94 ms
--- 192.168.30.253 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/87/94 ms
```
- **PC2 PING PC3**
```
PC2>ping 192.168.30.253
Ping 192.168.30.253: 32 data bytes, Press Ctrl_C to break
From 192.168.30.253: bytes=32 seq=1 ttl=127 time=94 ms
From 192.168.30.253: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.30.253: bytes=32 seq=3 ttl=127 time=94 ms
From 192.168.30.253: bytes=32 seq=4 ttl=127 time=78 ms
From 192.168.30.253: bytes=32 seq=5 ttl=127 time=78 ms
--- 192.168.30.253 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/84/94 ms
```
Reference in New Issue View Git Blame Copy Permalink