Experimental content
There are 15 experiments in this part, which need to be completed by Cisco packet tracker software.
Preparation stage
1. Understand the concepts of VLSM, CIDR, RIP, OSPF, VLAN, STP, NAT and DHCP, so as to be able to plan and configure the network.
2, Understand the basic use of CPT
Experimental content
Connect two PC s directly to build LAN
Connect the two computers directly and ping each other after setting the ip address. If the connection can be successfully pinged, it indicates that the connection is successful.
Building LAN with switches
The topology diagram is as follows:
Network configuration:
| name | ip |
|---|---|
| pc0 | 192.168.1.1 |
| pc1 | 192.168.1.2 |
| pc2 | 192.168.2.1 |
| pc3 | 192.168.2.2 |
1. Can PC0 ping PC1, PC2 and PC3?
A: PC0 can ping PC1, but not PC2 and PC3.
2. Can PC3 ping PC0, PC1 and PC2? Why?
3. Change the mask of 4 PC S to 255.255 0.0, can they ping each other? Why?
A: they can ping each other. If the mask is 255.255 255.0, PC0, PC1, PC2 and PC3 are not the same LAN, and they cannot communicate with each other. The mask is changed to 255.255 0.0, they belong to the same LAN and can communicate with each other.
4. Does the network connected by layer-2 switch need to be configured with a gateway? Why?
Answer: if necessary, configure gateway network interconnection in layer 2 switch. Without a gateway, the host under the jurisdiction of this machine cannot communicate with other networks, so a gateway is required.
5. Hub is a multi interface device working in the physical layer. What is the difference between hub and switch?
A: the Hub works in the physical layer, while the switch works in the physical layer and data link layer. The two working areas are different.
Switch interface address list
Layer 2 switch is a plug and play multi interface device. It has three processing methods for received frames: broadcast, forwarding and discard (please find out when and what operations). Then, to forward successfully, the switch must have an interface address list, i.e. MAC table, which is automatically obtained by the switch through learning!
Still build the topology shown in the figure above, and configure the IP of each computer in the same subnet. Use the magnifying glass in the toolbar to click a switch, such as Switch3 on the left, and select MAC Table. You can see that the MAC Table of the initial switch is empty, That is, it doesn't know how to forward frames (how will it handle?). After accessing (ping) PC1 with PC0, check the MAC Table of the switch. Now there are corresponding records. Please think about how to get them. With the increase of network communication, each switch will generate its own complete MAC Table. At this time, the switching speed of the switch is the fastest!
MAC table without ping:
MAC table after ping:
You can also use CPT's Simulation mode, that is, Simulation mode, to further see this process!
Spanning Tree Protocol
The switch will broadcast when the destination address is unknown or the broadcast frame is received. If there is a loop / loop between switches, a broadcast loop 0 storm will occur, which will seriously affect the network performance.
The STP protocol running in the switch can avoid the broadcast cycle storm between switches.
Using only switches, build the following topology:
This is the initial state. We can see that there is a loop between switches, which will cause the cyclic transmission of broadcast frames, that is, a broadcast storm, which will seriously affect the network performance.
Then, the switch will automatically block the redundant lines through the spanning tree protocol (STP) to form a spanning tree with a unique path tree with Switch0 as the root!
After a period of time, with the STP protocol successfully building the spanning tree, the two interfaces of Switch3 and Switch1 are physically connected, but logically impassable. They are in Blocking state (Orange), as shown in the following figure:
During network operation, if there is a problem with the physical connection between Switch0 and Switch1 at some time, the spanning tree will change automatically. The previous Blocking interface above Switch1 is now active (green), but the interface below Switch3 is still in Blocking state (Orange), as shown in the following figure:
Preliminary router configuration
Simulate the connection between two schools and build the topology as follows:
Configuration data
PC configuration data:
| name | ip | gateway |
|---|---|---|
| pc7 | 192.168.1.2/24 | 192.168.1.1 |
| pc8 | 192.168.1.3/24 | 192.168.1.1 |
| pc9 | 192.168.3.2/24 | 192.168.3.1 |
| pc10 | 192.168.3.3/24 | 192.168.3.1 |
Port configuration data:
| Interface | ip | Subnet mask |
|---|---|---|
| Router0 Ethernet port of Chongqing Jiaotong University | 192.168.1.1 | 255.255.255.0 |
| Router0 WAN port of Chongqing Jiaotong University | 192.168.2.1 | 255.255.255.0 |
| Router1 Ethernet port of Chongqing University | 192.168.3.1 | 255.255.255.0 |
| Router1 WAN port of Chongqing University | 192.168.2.2 | 255.255.255.0 |
The following describes the connection and configuration of modules in Wan:
Description I
Jiaotong University and Chongqing University are in different subnets and need to communicate through routers. There is at least one subnet under each interface of the router. In the figure, we simply plan three subnets:
1. The router on the left belongs to Jiaotong University. The switch is used to connect the network of Jiaotong University, and the network number is 192.168 1.0/24, the router interface is also the gateway of Jiaotong University network, and the assigned IP is 192.168 one point one
2. The router on the right belongs to Chongqing University. The switch is used to connect the network of Chongqing University, and the network number is 192.168 3.0/24, the router interface is also the gateway of Chongqing University network, and the assigned IP is 192.168 three point one
3. The two routers are connected by WAN interface, which is also a subnet, and the assigned network number is 192.168 2.0/24
Note II
In reality, the connection between Jiaotong University and Chongqing University is remote. The connection is either through the optical fiber interface of the router or through the WAN interface, the so-called serial port (as shown in the topology diagram). Generally, it will not be connected through twisted pair, because twisted pair is generally used for short-distance connection, which is no more than 100m.
Configure the WAN port connection of the router as follows.
The reason is that the default 2621XM router port is not enough. We need to add the required router module before equipment interconnection (pay attention to turn off the power when adding the module). We add NM-4E module for Router 0
Note III
In the simulated WAN connection, pay attention to the DCE and DTE terminals (there is a prompt on the line when connecting, and the DCE terminal with a clock flag.)
DCE (data communication equipment or data circuit terminal equipment): the equipment and its connection with the communication network constitute the user network interface of the network terminal, and the clock frequency is 64000.
DTE (data terminal equipment): refers to the equipment located at the user end of the user network interface, which can be used as a source, sink or both.
Note IV
The router has a variety of command line configuration modes, and each mode corresponds to different prompts and corresponding permissions.
- User mode: user mode
- Privileged mode: privileged mode
- Global configuration mode: global configuration mode
- Interface mode: interface configuration mode
- Subinterface mode: subinterface configuration mode
Note V
In the CLI interface of the router, you can see that after the router is started successfully, because there is NO configuration, you will be prompted whether to carry out dialog configuration (Would you like to enter the initial configuration dialog?). Because there are many steps, please select NO.
Note VI
The basic configuration of Chongqing Jiaotong University router is as follows:
Ethernet interface:
Router>enable // Enter privileged mode from normal mode Router#configure terminal / / enter global configuration mode Rcqouter(config)#interface f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.1.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode
WAN interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 192.168.2.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#clock rate 64000 / / it is the DCE terminal. Configure the clock frequency Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode
The basic configuration of Chongqing University router is as follows:
Ethernet interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.3.1 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode
WAN interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 192.168.2.2 255.255.255.0 / / configure the IP address of the interface Router(config-if)#no shutdown / / activate the interface Router(config-if)#^z / / directly retreat to privileged mode
At present, PCs and gateways in Jiaotong University can ping each other, and Chongqing University is similar. However, you cannot Ping major PCs from Jiaotong University's PCs, and vice versa, that is, you cannot cross subnets. Why?
A: because the routing table is empty at this time, there is no path to the other party. This problem can be solved through static routing, dynamic routing RIP and dynamic routing SOSPF.
Static routing
Static routing is a non adaptive routing protocol, which is manually configured by network managers and cannot be changed according to the change of network topology. Therefore, static routing is simple and efficient, and is suitable for networks with very simple structure.
Chongqing Jiaotong University router static routing configuration:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2 / / tell the router of Jiaotong University to 192.168 3.0 the next hop of this network is 192.168 two point two Router(config)#Exit / / exit to privileged mode Router#show ip route / / view the route table
Chongqing University router static routing configuration:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode // Tell Chongqing University router to 192.168 1.0 the next hop of this network is 192.168 two point one Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 Router(config)#Exit / / exit to privileged mode Router#show ip route / / view the route table
Check the routing table and you can see a route marked S, which means Static. So far, these PC s can ping each other
Dynamic routing RIP
Dynamic routing protocol adopts adaptive routing algorithm, which can re optimize the computer routing according to the change of network topology.
The full name of RIP is Routing Information Protocol, which is the representative of distance vector routing (although it is eliminated at present, it can be used as the object of our study). Using rip protocol, you only need to tell the router which networks are directly connected, and then rip automatically constructs the outlet table according to the algorithm.
Because the network we simulated is very simple, we can't use static and dynamic routes at the same time, otherwise we can't see the effect, so we need to clear the static routes just configured.
There are two ways to clear static routing configuration:
- Turn off the router directly. It is equivalent to not saving any configuration, and then reconfiguring IP and other parameters of each interface according to the previous basic configuration (this method is recommended, and you can get familiar with the interface configuration command again);
- Use the no command to clear the static route. In the global configuration mode, Jiaotong University router uses no IP route 192.168 3.0 255.255. 255.0 192.168. 2.2. Chongqing University Router: no IP route 192.168 1.0 255.255. 255.0 192.168. 2.1 . It is equivalent to using the no command to cancel the static routing command just configured.
RIP routing configuration of Chongqing Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router rip / / enable the RIP routing protocol. Note the router command Router(config-router)#network 192.168.1.0 / / network 192.168.0 1.0 connect directly with me Router(config-router)#network 192.168.2.0 / / network 192.168 2.0 connect directly with me Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
RIP routing configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router rip / / enable the RIP routing protocol. Note the router command Router(config-router)#network 192.168.3.0 / / network 192.168 3.0 direct connection with me Router(config-router)#network 192.168.2.0 / / network 192.168 2.0 connect directly with me Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
Looking at the routing table, you can see a route marked R, which means RIP. So far, these PC s can ping each other!
Dynamic routing OSPF
OSPF (Open Shortest Path First) is an internal gateway protocol (IGP), which is used to make routing decisions in a single Autonomous System (AS). OSPF has better performance than RIP and is a widely used routing protocol in the current domain.
Similarly, we need to clear the RIP route just configured:
- Turn off the router directly. It is equivalent to that no configuration is saved, and then each interface reconfigures IP and other parameters according to the previous basic configuration
- Use the no command to clear the RIP route. In the global configuration mode, all routers use the: no router rip command to clear
OSPF routing configuration of Chongqing Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 (you can ignore the concept of process number temporarily) Router(config-router)#network 192.168.1.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 192.168 All hosts of the 1.0/24 network (reverse mask) participate in OSPF Router(config-router)#network 192.168.2.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 192.168 All hosts of the 2.0/24 network (reverse mask) participate in OSPF Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
OSPF routing configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 Router(config-router)#network 192.168.3.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 192.168 All hosts of the 3.0/24 network (reverse mask) participate in OSPF Router(config-router)#network 192.168.2.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 192.168 All hosts of the 2.0/24 network (reverse mask) participate in OSPF Router(config-router)#^z / / directly retreat to privileged mode Router#show ip route / / view the route table
Looking at the routing table, you can see a route marked O, which means OSPF. So far, these PC s can ping each other!
In privileged mode, you can use debug ip ospf events to turn on OSPF diagnosis (no debug ip ospf events to turn off diagnosis), and you can see the Hello information sent between routers to diagnose whether the current link has changed for routing adjustment (event triggering rather than timing update!).
Reverse mask
Our common subnet mask is the so-called forward mask, which is represented by continuous 1 and 0, where 1 indicates that accurate matching is required and 0 does not need to be, so as to obtain the network number. Similarly, the reverse mask is also represented by continuous 1 and 0, but on the contrary, where 0 means that exact matching is required, and 1 does not need to, so as to obtain the relevant IP, which is mainly used in OSPF.
There is also a wildcard mask, which also adopts rules similar to the reverse mask. It is mainly used in the Access Control List ACL.
Port based network address translation PAT
Network Address Translation (NAT) is widely used by various Internet service providers, namely ISP s, in their networks, including WiFi networks. NAT not only perfectly solves the problem of insufficient lP address, but also can effectively avoid attacks from outside the network and hide and protect computers inside the network.
NAT can be implemented in three ways:
- Static conversion: Static NAT
- Dynamic conversion: Dynamic NAT
- Port multiplexing: OverLoad
Port multiplexing is the most used and flexible. It refers to not only changing the source IP address of the data packet sent to the Internet, but also changing its source port, that is, PAT (Port Address Translation) is performed.
Using port multiplexing, all hosts in the internal network can share a legal external IP address to access the Internet, so as to save IP address resources to the greatest extent. At the same time, it can hide all hosts inside the network to effectively avoid attacks from the Internet. Therefore, port multiplexing is the most widely used method in the network.
We still use the topology of Chongqing Jiaotong University and Chongqing University for PAT experiment. We need to ensure that the routing of the two schools has been configured successfully. Whether static routing or dynamic routing is used, we give the complete configuration process below: set the routers of the two schools to use OSPF protocol, Simulate that Jiaotong University uses the internal IP address (192.168.1.0 / 24), Chongqing University uses the external IP address (8.8.8.0 / 24), and the external IP address (202.202.240.0 / 24) is used between the two routers. PAT is implemented at the exit of Jiaotong University, that is, the WAN port.
PC configuration data in topology diagram:
| pc | ip | gateway |
|---|---|---|
| Chongqing Jiaotong University PC7 | 192.168.1.2/24 | 192.168.1.1 |
| Chongqing Jiaotong University PC8 | 192.168.1.3/24 | 192.168.1.1 |
| Chongqing University PC9 | 8.8.8.2/24 | 8.8.8.1 |
| Chongqing University PC10 | 8.8.8.3/24 | 8.8.8.1 |
Router interface configuration data:
| pc | ip | gateway |
|---|---|---|
| Router0 Ethernet port of Chongqing Jiaotong University | 192.168.1.1 | 255.255.255.0 |
| Router0 WAN port of Chongqing Jiaotong University | 202.202.240.1 | 255.255.255.0 |
| Router1 Ethernet port of Chongqing University | 8.8.8.1 | 255.255.255.0 |
| Router1 WAN port of Chongqing University | 202.202.240.2 | 255.255.255.0 |
Router interface configuration of Chongqing Jiaotong University:
Ethernet interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 192.168.1.1 255.255.255.0 / / configure IP Router(config-if)#no shutdown / / activate the interface
WAN interface
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 202.202.240.1 255.255.255.0 / / configure IP Router(config-if)#clock rate 64000 / / it is the DCE terminal. Configure the clock frequency Router(config-if)#no shutdown / / activate the interface
Router interface configuration of Chongqing University:
Ethernet interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int f0/0 / / enter the configuration Ethernet port mode Router(config-if)#ip address 8.8.8.1 255.255.255.0 / / configure IP Router(config-if)#no shutdown / / activate the interface
WAN interface:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#int s0/0 / / enter the WAN port configuration mode Router(config-if)#ip address 202.202.240.2 255.255.255.0 / / configure IP Router(config-if)#no shutdown / / activate the interface
OSPF routing configuration of Chongqing Jiaotong University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 (you can ignore the concept of process number temporarily) Router(config-router)#network 192.168.1.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 192.168 All hosts of the 1.0/24 network (reverse mask) participate in OSPF Router(config-router)#network 202.202.240.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 202.202 All hosts of the 240.0/24 network (reverse mask) participate in OSPF Chongqing University router OSPF Routing configuration: Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#router ospf 1 / / enable OSPF routing protocol. The process number is 1 Router(config-router)#network 202.202.240.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 202.202 All hosts of the 240.0/24 network (reverse mask) participate in OSPF Router(config-router)#network 8.8.8.0 0.0.0.255 area 0 / / in the autonomous domain 0 belongs to 8.8 All hosts of the 8.0/24 network (reverse mask) participate in OSPF
At this time, any two PCs can ping each other! For example, using PC0 (192.168.1.2) to Ping PC2 (8.8.8.2) of Chongqing University within Jiaotong University should be successful.
Next, let's look at the routers of Chongqing University as the backbone routers in the Internet. Then these routers will not forward packets with internal / private IP addresses (directly discarded). We simulate the process of packet loss by implementing access control ACL on the routers of Chongqing University, that is, discarding packets from Jiaotong University (private IP address).
Packet loss configuration of Chongqing University Router:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#access-list 1 deny 192.168.1.0 0.0.0.255 / / create ACL 1, discard / do not forward from 192.168 All packets of 1.0/24 network Router(config)#Access list 1 allow any / / add ACL 1 rules and forward packets from all other networks Router(config)#int s0/0 / / configure WAN port Router(config-if)#IP access group 1 in / / implement the rules in ACL 1 on the WAN port for incoming packets. In fact, if the WAN port receives a packet from 192.168 1.0/24 IP packets are discarded
At this time, it is not successful to ping the PC2 (8.8.8.2) of Chongqing University by using the PC0 (192.168.1.2) inside Jiaotong University. The Destination host unreachable message will be displayed.
Next, let's start implementing PAT. That is, we will convert the internal / private IP address to the external / public IP address at the exit of Jiaotong University router, so that the source IP of the packet will not be discarded by Chongqing University router, so the network is connected.
Router PAT configuration of Chongqing Jiaotong University:
Router>en // Enter privileged mode from normal mode Router#conf t / / enter global configuration mode Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255 / / create ACL 1, allowing from 192.168.1 All packets of 1.0/24 network Router(config)#ip nat inside source list 1 interface s0/0 overload / / the IP from the ACL will implement PAT on the WAN interface Router(config)#int f0/0 / / configure Ethernet port Router(config-if)#ip nat inside / / configure the Ethernet port as the internal port of PAT Router(config)#int s0/0 / / configure WAN port Router(config-if)#ip nat outside / / configure the WAN port as the external port of PAT
Now, use PC7 (192.168.1.2) inside Jiaotong University again to ping PC9 (8.8.8.2) of Chongqing University
After the ping is successful, use show ip nat translations in the privileged configuration mode of Jiaotong University router to view the translation process!
Virtual LAN VLAN
VLAN (Virtual Local Area Network) is Virtual Local Area Network. By dividing VLAN, we can divide a physical network into multiple logical network segments, that is, multiple subnets.
After the VLAN is divided, the network broadcast storm can be eliminated, the network security can be enhanced, and it is convenient for unified management.
Build a topology in CPT as shown in the following figure:
Cisco 2960 switch is a VLAN supporting switch with 24 100M and 2 1000M Ethernet ports. By default, all interfaces are in VLAN 1, so the connected computers are in the same VLAN and can communicate.
Next, the 24 100M interfaces of the switch are divided into three parts and divided into three different VLAN s. The id numbers are set to 10, 20 and 30 respectively, and aliases (computer, communication and electronic) are set to facilitate differentiation and management.
Switch VLAN configuration:
Switch>en Switch#conf t Switch(config)#vlan 10 / / create a VLAN with id 10 (by default, all interfaces of the switch belong to VLAN 1 and cannot be used) Switch(config-vlan)#name computer / / set the alias of VLAN Switch(config-vlan)#exit Switch(config)#int vlan 10 / / the VLAN is a subnet. Set its IP as the subnet gateway Switch(config-if)#ip address 192.168.0.1 255.255.255.0 Switch(config-if)#exit Switch(config)#vlan 20 / / create a VLAN with id 20 Switch(config-vlan)#name communication / / set alias Switch(config-vlan)#exit Switch(config)#int vlan 20 Switch(config-if)#ip addr 192.168.1.1 255.255.255.0 Switch(config-if)#exit Switch(config)#vlan 30 / / create a VLAN with id 20 Switch(config-vlan)#name electronic / / set alias Switch(config-vlan)#exit Switch(config)#int vlan 30 Switch(config-if)#ip add 192.168.2.1 255.255.255.0 Switch(config-if)#exit Switch(config)#int range f0/1-8 / / group configuration interface (1-8) Switch(config-if-range)#switchport mode access / / set to access mode Switch(config-if-range)#switchport access vlan 10 / / classified into VLAN 10 Switch(config-if-range)#exit Switch(config)#int range f0/9-16 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#exit Switch(config)#int range f0/17-24 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 30 Switch(config-if-range)#^Z Switch#show vlan / / view the VLAN partition
So far, we have divided three VLANs on the switch (excluding the default VLAN 1).
The network configuration of PC under each VLAN and the connected switch interface are as follows:
| name | connector | VLAN | ip | gateway |
|---|---|---|---|---|
| pc0 | F0/1 | VLAN10 | 192.168.0.2/24 | 192.168.0.1 |
| pc1 | F0/2 | VLAN10 | 192.168.0.3/24 | 192.168.0.1 |
| pc2 | F0/17 | VLAN30 | 192.168.2.2/24 | 192.168.2.1 |
| pc3 | F0/9 | VLAN20 | 192.168.1.2/24 | 192.168.1.1 |
| pc4 | F0/10 | VLAN20 | 192.168.1.3/24 | 192.168.1.1 |
| pc5 | F0/18 | VLAN30 | 192.168.2.3/24 | 192.168.2.1 |
| pc6 | F0/19 | VLAN30 | 192.168.2.4/24 | 192.168.2.1 |
vlan partition
Pinging PC5 (IP 192.168.2.2) with PC0 (IP 192.168.0.2) fails, but ping ing pc1 (ip 192.168.0.3) in VLAN can pass through
By dividing VLANs, ports in the same vlan can communicate directly without routers, while routers are required for routing between different VLANs, so they cannot communicate. The router (switch) is the gateway. The broadcast test is carried out in each vlan. The function of vlan is to isolate the broadcast and avoid broadcast storm.
Virtual LAN management VTP
VTP (VLAN Trunk Protocol) is the VLAN relay protocol. It uniformly plans and manages the division of VLAN. VTP passes through ISL frame or Cisco private DTP frame (refer to relevant materials for information) maintaining the unity of VLAN configuration, also known as virtual LAN trunk protocol, is a private protocol of Cisco. VTP uniformly manages, adds, deletes and adjusts VLANs, and automatically broadcasts information to other switches in the network.
In addition, VTP reduces the configurations that may cause security problems. As long as the corresponding settings are made in the VTP Server, the VTP Client will automatically learn the VLAN information on the VTP Server.
To demonstrate VTP, rebuild the following topology:
Create two VLANs, and then make PC0 and PC1 belong to VLAN 2, and PC1 and PC3 belong to VLAN 3.
3560 VTP Server configuration:
Switch>en Switch#conf t Switch(config)#hostname 3560 / / change the switch name (optional) 3560(config)#vtp domain cqjtu / / set the VTP domain name to cqjtu 3560(config)#vtp mode server / / set it to VTP server mode 3560(config)#VLAN 2 / / create a new VLAN 2 3560(config-vlan)#name computer / / set the alias of VLAN 2 (optional) 3560(config-vlan)#exit 3560(config)#VLAN 3 / / rebuild VLAN 3 3560(config-vlan)#name communication / / set the alias of VLAN 2 (optional) 3560(config-vlan)#exit 3560(config)#int vlan 2 / / configure interface VLAN 2, which will be the gateway of the subnet (on the left) 3560(config-if)#ip address 192.168.1.1 255.255.255.0 3560(config-if)#exit 3560(config)#int vlan 3 / / configure interface VLAN 3, which will be the gateway of the subnet (on the right) 3560(config-if)#ip address 192.168.2.1 255.255.255.0
2960A (left) VTP Client configuration:
Switch>en Switch#conf t Switch(config)#hostname 2960A / / change the switch name (optional) 2960A(config)#vtp domain cqjtu / / join a VTP domain named cqjtu 2960A(config)#vtp mode client / / set the mode to VTP client 2960A(config)#int g0/1 / / configure the g0/1 Gigabit interface connected to the core switch 3560 2960A(config-if)#switchport mode trunk / / set the interface to trunk mode 2960A(config-if)#switchport trunk allowed vlan all / / allow trunking for all VLANs 2960A(config-if)#exit 2960A(config)#int f0/1 / / configure interface 1 2960A(config-if)#switchport mode access / / set the interface to normal access mode 2960A(config-if)#switchport access vlan 2 / / divide the interface into VLAN 2 2960A(config-if)#exit 2960A(config)#int f0/2 / / configure interface 2 2960A(config-if)#switchport mode access / / set the interface to normal access mode 2960A(config-if)#switchport access vlan 3 / / divide the interface into VLAN 3
2960B (right) VTP Client configuration:
Switch>en Switch#conf t Switch(config)#hostname 2960B / / change the switch name (optional) 2960B(config)#vtp domain cqjtu / / join a VTP domain named cqjtu 2960B(config)#vtp mode client / / set the mode to VTP client 2960B(config)#int g0/1 / / configure the g0/1 Gigabit interface connected to the core switch 3560 2960B(config-if)#switchport mode trunk / / set the interface to trunk mode 2960B(config-if)#switchport trunk allowed vlan all / / allow trunking for all VLANs 2960B(config-if)#exit 2960B(config)#int f0/1 / / configure interface 1 2960B(config-if)#switchport mode access / / set the interface to normal access mode 2960B(config-if)#switchport access vlan 2 / / divide the interface into VLAN 2 2960B(config-if)#exit 2960B(config)#int f0/2 / / configure interface 2 2960B(config-if)#switchport mode access / / set the interface to normal access mode 2960B(config-if)#switchport access vlan 3 / / divide the interface into VLAN 3
So far, each switch is configured.
The switches, interfaces and network configurations connected to each PC are as follows:
| name | Connected switch interface | VLAN | ip | gateway |
|---|---|---|---|---|
| pc0 | 2960A-F0/1 | VLAN 2 | 192.168.1.2/24 | 192.168.1.1 |
| pc1 | 2960A-F0/2 | VLAN 3 | 192.168.2.2/24 | 192.168.1.1 |
| pc2 | 2960A-F0/1 | VLAN 2 | 192.168.1.3/24 | 192.168.1.1 |
| pc3 | 2960A-F0/2 | VLAN 3 | 192.168.2.3/24 | 192.168.1.1 |
PC0 (192.168.1.2) ping PC1 (192.168.2.2) ping
PC2 (192.168.1.3) ping failed
Communication between VLAN s
By default, communication between VLANs is not allowed. At this time, we need the so-called single arm router to forward it between VLANs!
The core switch 3560 we use is a layer 3 switch, which can work in the network layer, also known as the routing switch, that is, it has the routing function and can carry out this forwarding operation.
3560 switch configuration:
3560>en 3560#conf t 3560(config)#int g0/1 / / configure the interface connecting the 2960A switch on the left 3560(config-if)#switchport trunk encapsulation dot1q / / encapsulating VLAN protocol 3560(config-if)#switchport mode trunk / / set to relay mode 3560(config-if)#switchport trunk allowed vlan all / / forward between all VLANs 3560(config-if)#exit 3560(config)#int g0/2 / / configure the interface connecting the 2960B switch on the right 3560(config-if)#switchport trunk encapsulation dot1q / / encapsulating VLAN protocol 3560(config-if)#switchport mode trunk / / set to relay mode 3560(config-if)#switchport trunk allowed vlan all / / forward between all VLANs 3560(config-if)#exit 3560(config)#ip routing / / enable routing forwarding
So far, PC S between VLANs and within VLANs can communicate normally.
Simple configuration of DHCP, DNS and Web server
Establish the following topology diagram:
In this topology, both servers and clients are connected to the same switch. For simplicity, the Server-PT serves as DHCP, DNS and Web servers at the same time. Each client does not need to be configured and will automatically obtain the network configuration.
Click the Server icon in the CPT topology diagram and set its static IP address to 19.89 6.4/24, and then select Service to configure the following:
| machine name | Configuration item | explain |
|---|---|---|
| Server | HTTP | Just turn it on |
| Server | DNS | 19.89.6.4: www.google.com,www.baidu.com |
| Server | DNS | Address pool start address: 19.89 6.10/24 and return the DNS address |
| PC | network configuration | Automatic acquisition |
After completing the configuration according to the table item, open the web browser of the host to get the default server Pt, the home page of the Web server.
WLAN Preliminary Configuration
WLAN, namely WiFi, is also widely used in various scenarios.
Let's practice the related configuration by building a home WLAN with the following topology:
Notebook and desktop computers only have wired network cards by default. Please shut down first, delete the wired network card in the shutdown state, add a wireless network card, and then turn on.
Generally, we need to configure the basic network configuration of the wireless router (IP, mask, gateway, DNS, etc., which are mostly obtained automatically in reality), and then configure the wireless access part of the wireless router, such as connection password and encryption type, and turn on the DHCP function. For configuration, please refer to relevant materials.