CCNA的一个综合实验(经典)

CCNA实验14NAT轮询实验
版本V1.0
密级☑开放☐内部☐机密
类型☐讨论版☐测试版☑正式版
1实验拓扑
2实验背景及需求
背景：
某公司组建网络接入Internet,申请了两个公网地址，一个用于PAT让内网设备上网使用，一个用于Server1/Server2的轮询服务，保证服务器集群性能的发挥；
需求：
N里面PC1和server属于不同的VLAN，网关都在R1上，server1/2对外提供相同的服务；
2.申请了两个公网IP，一个用于PAT，一个用于Server1/Server2的轮询服务；
3.PC4访问轮询服务IP时，能够实现Server1/2轮询。

相关资料：
R1
ipnat pool server 10.10.20.1 10.10.20.2 netmask 255.255.255.0 type rotary（建立地址池，设定集群服务器的，并设置rotary）
ipnat inside source list 1 interface FastEthernet0/0 overload（配置PAT）
ipnat inside destination list 2 pool server（进行轮询映射）
access-list 1 permit 10.10.0.0 0.0.255.255（允许内网用户PAT访问外网）
access-list 2 permit 12.1.1.3 0.0.0.0（为集群服务器设定一个公网虚拟IP）
R2
ip route 12.1.1.3 255.255.255.255 12.1.1.1（这一条非常重要，若不配置这一条，不管在模拟器还是在真机上，都不能实现服务器轮询）。

CCNA 基础实验辑SPOTO IT 人才培训机构 —— 专业的IT 人才解决方案提供商 实验1：Cisco 路由器基础配置路由器模式概述：Router> 用户模式，通常用来查看统计信息，但不能修改路由器的设置。

Router# 特许模式，可以查看并修改路由器的配置，通常在这里运行show 命令。

Router(config)# 全局模式，在这里修改当前运行配置中的内容。

Router(config-if)# 接口模式，用来配置路由器的物理接口和环回接口。

Router(config-subif)# 子接口模式，用来配置在路由器中创建的逻辑接口。

Router(config-line)# 控置台接口模式，通常用来配置用户模式口令，如T elnet 的登录密码。

Router(config-router)# 路由协议接口模式，在这里配置路由协议，如RIP 、IGRP 等。

1.登录路由器的必要配置：Router>enable Router#configure terminalRouter(config)#no ip domain lookup //关闭动态的域名解析。

Router(config)#line console 0Router(config-line)#exec-timeout 0 0 //关闭控置台的会话超时，以保证不会被踹出去。

Router(config-line)#logging synchronous //关闭日志同步，阻止控置台的一些提示信息。

Router(config-line)#exit Router(config)#//都是托速度的东西，关掉比较好。

2.路由器基本配置Router(config)#hostname R1 //修改路由器的标识。

R1(config)#banner motd #This is Cisco Router 2620. //配置日期信息标志区(MOTD)，登录到路由器时显示。

CCNA上机试题一、根据下列拓扑结构图按要求作题1、按上图标志连接好设备，分别命名为Router01，Router02，Switch为每个设备设置特权密码，console密码，密码统一为Cisco，要求所有的密码皆密文显示。

2、Router01的f0/0连接Switch的f0/1 Router02的F0/0连接Switch的F0/23、Router01配置IP地址为10.10.10.2/24，Router02配置IP地址为10.10.10.3/24Switch配置一个管理IP为10.10.10.1/244、确保所连的每个接口状态为UP，在Router01 ping Router02的IP地址能通5、设置Router01能通过对方的主机名TELNET到Switch上进行配置6、设置每个设备的登录信息（登录时提示每台设备的主机名）7、为每台机器设置统一的时间为2010年7月4日8:30分8、查看历史命令记录，并设置最多记录50条历史命令9、关闭设备的域名解析功能10、保存所做的配置关键步骤：1Router01 (config)#service password-encryption //设置所有密码为密文显示5Router01 (config)#ip host Router02 10.10.10.3 //设置通过对方主机名telnet登录Router01 (config)#telnet Router026Router01(config)#banner motd #Enter TEXT message. End with the character '#'.this is router router01#Router01(config)# //设置登录信息红色部分为自己所敲的命令或字符设备一启动将会显示this is router router017Router01#show clock //查看设备时间Router01#clock set 8:30:00 4 jul 2010 //设置设备时间8Router01#show history //查看命令历史记录Router01#terminal history size 50 //设置最多记录50条命令9Router01(config)#no ip domain-lookup //关闭域名解析功能。

福建最好的培训中心福建最大的CISCO实验室3名CCIE,100多套CISCO设备PIX防火墙，3550交换机，7000路由器，两条ISDN线路基带MODEM，电话交换机，NETSCREEN防火墙登录微思实验室：远程: telnet://本地: telnet:192.168.10.251• Lab 1 - Basic Router Configuration• Lab 2 - Advanced Router Configuration• Lab 3 - CDP• Lab 4 - Telnet• Lab 5 - TFTP• Lab 6 - RIP• Lab 7 - IGRP• Lab 8 - EIGRP• Lab 9 - OSPF• Lab 10 – Catalyst 1900 Switch Configuration• Lab 11 - VLANs & Trunking (Catalyst 1900)• Lab 12 - Catalyst 2950 Switch Configuration• Lab 13 - VLANs and Trunking (Catalyst 2950)• Lab 13-1 Routing inter VLAN(Dot1q)• Lab 14 - IP Access Lists• Lab 15 - NAT/PAT• Lab 16 - PPP & CHAP• Lab 17 - ISDN BRI-BRI using Legacy DDR• Lab 18 - ISDN BRI-BRI using Dialer Profiles• Lab 19 - ISDN PRI using Dialer Profiles• Lab 20 - Frame RelayLAB 1 –基本配置3. 用户模式Router>4. Router> enable //用户模式敲入enable进入到特权模式Router#5. Router# ? //敲入问号看帮助6. Router# disable //特权模式敲入disable退到用户模式Router>7. Router> enable //用户模式敲入enable进入到特权模式Router# configure terminal //特权模式敲入configure terminal进入配置模式Router(config)# //配置模式8. 配置路由器名字(主机名)如…R1‟ (注：如果你用的实验台号是03，则命名为na03r1,如果为12，则命名na12r1,依次类推).Router(config)# hostname na12r1 //把第12号实验台的第一台路由器命名为na12r1na12r1(config)#9. 配置路由器的密码:●配置console 口密码:R1(config)#line console 0R1(config-line)#loginR1(config-line)#password ciscoR1(config-line)#设置密码后:00:29:42: %SYS-5-CONFIG_I: Configured from console by consoleUser Access VerificationPassword:Password: //这里要输入console口密码●配置enable 密码//从用户模式到enable模式的密码问题A: when both encrypted and unencrypted enable passwords are configured, which one is used?R1(config)# enable password cisco//密码显示为明文R1(config)# enable secret wisdom//密码为加密过的,显示为乱码注:用命令show running-config 可以看到密码cisco为明文,密码wisdom显示为乱码,当两个密码都配置时,只有enable secret所跟的密码生效,两个密码不可以配置一样的密码.配置vty密码//远程登陆telnet 的密码R1(config)#line vty 0 4R1(config-line)#loginR1(config-line)#password ciscoR1(config-line)#telnet命令的使用: telnet +IP address or hostname of a remote system例如: telnet 192.168.10.25110. 配置路由器接口ethernet0的IP address:R1>enableR1#configure terminalR1(config)#interface ethernet 0R1(config-if)#ip address 11.1.1.1 255.255.255.0R1(config-if)#no shutdown11. 在Serial0口配置R1(config-if)# int serial 0R1(config-if)# ip address 12.1.1.1 255.255.255.0R1(config-if)# no shutdown12. 测试ctrl-z的作用R1(config-if)# ctrl-z 任何模式下敲入ctrl-z都会退回到特权模式R1# 特权模式13. 退出路由器R1# logout 完全退出路由器14. 回到特权模式R1> enablepassword: cisco 输入enable secret 的密码为ciscoR1#15.显示接口的基本概况:R1# show ip interface brief16. 显示详细信息:show interface +接口类型+接口偏号例如:R1# show interfaces ethernet0 或是show interface serial 0R1#show interfaces ethernet 0Ethernet0 is up, line protocol is downHardware is Lance, address is 0000.0c92.8164 (bia 0000.0c92.8164)Internet address is 11.1.1.1/24MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 145/255, load 1/255 ……………….…………17.显示内存信息(也就是路由器正在运行的配置):R1# show running-config //当前正在远行的配置18. 显示NVRAM? If not, why not?R1# show startup-config 显示已经保存过的配置19. 保存配置:R1# copy running-config startup-config或是R1#write保存配置:copy running-config startup-config等同于write20. 现在显示NVRAM.R1# show startup-config21. 使用Show version:问题A: What IOS release is running在R1? 查看IOS的版本问题B: What are the contents of the configuration register? 查看寄存器的值R1# show version22. 查看运行的协议问题A:which protocols are currently running on the router?R1# show ip protocols23. 进入另一台Router.Router> enableRouter# configure terminalRouter(config)#24. 配置主机名，配置密码.Router(config)# hostname R2R2(config)# enable secret cisco25. 配置以太网IP.R2(config)# interface e0R2(config-if)# ip address 220.1.1.2 255.255.255.0R2(config-if)# no shutdown26. 显示所有接口简单信息R2(config-if)# ctrl-zR2# show ip interface briefR1#show ip interface briefInterface IP-Address OK? Method Status ProtocolEthernet0 11.1.1.1 YES manual up down Serial0 unassigned YES unset administratively down down Serial1 unassigned YES unset administratively down down3. 配置登陆信息Banner”Welcome to WISDOM LAB - Authorized Users Only”.R1(config)# banner motd #Welcome to WISDOM LAB - Authorized Users Only #4. 退出路由器,重新登录.R1# logoutenterpassword: ciscoR1> enablepassword: cisco6. 在R1上将R2和12.1.1.2对应起来（相当于Windows里的Hosts文件的作用）。

CCNA综合实验配置代码B1封装帧中继：Router(config)#hostname B1 B1(config)#int se 0/0/0B1(config-if)#encapsulation frame-relay B1(config-if)#frame-relay lmi-type q933a B1(config-if)#frame-relay interface-dlci 100B1(config-if)#ip add 10.255.255.2 255.255.255.252 B1(config-if)#no shutdownB1配制单臂路由：B1(config-if)#exit B1(config)#int fa 0/0 B1(config-if)#no shB1(config-if)#no shutdown B1(config-if)#int fa 0/0.10B1(config-subif)#encapsulation dot1Q 10B1(config-subif)#ip add 10.1.10.1 255.255.255.0 B1(config-subif)#no shutdown B1(config-subif)#exit B1(config)#int fa 0/0.20B1(config-subif)#encapsulation dot1Q 20B1(config-subif)#ip add 10.1.20.1 255.255.255.0 B1(config-subif)#exit B1(config)#int fa 0/0.30B1(config-subif)#encapsulation dot1Q 30B1(config-subif)#ip add 10.1.30.1 255.255.255.0 B1(config-subif)#exit B1(config)#int fa 0/0.88B1(config-subif)#encapsulation dot1Q 88B1(config-subif)#ip add 10.1.88.1 255.255.255.0 B1(config-subif)#exit B1(config)#int fa 0/0.99B1(config-subif)#encapsulation dot1Q 99 native B1(config-subif)#ip add 10.1.99.1 255.255.255.0 B1(config-subif)#no shB1(config-subif)#no shutdown B1(config-subif)#end B1#copy run start配制dhcp服务B1#conf tB1(config)#ip dhcp pool B1_VLAN10B1(dhcp-config)#network 10.1.10.0 255.255.255.0 B1(dhcp-config)#default-router 10.1.10.1 B1(dhcp-config)#dns-server 10.0.1.4 B1(dhcp-config)#exitB1(config)#ip dhcp excluded-address 10.1.10.1 10.1.10.10 B1(config)#ip dhcp pool B1_VLAN20B1(dhcp-config)#network 10.1.20.0 255.255.255.0 B1(dhcp-config)#default-router 10.1.20.1 B1(dhcp-config)#dns-server 10.0.1.4 B1(dhcp-config)#exitB1(config)#ip dhcp excluded-address 10.1.20.1 10.1.20.10 B1(config)#ip dhcp pool B1_VLAN30B1(dhcp-config)#network 10.1.30.0 255.255.255.0 B1(dhcp-config)#default-router 10.1.30.1 B1(dhcp-config)#dns-server 10.0.1.4 B1(dhcp-config)#exitB1(config)#ip dhcp excluded-address 10.1.30.1 10.1.30.10 B1(config)#ip dhcp excluded-address 10.1.88.1 10.1.88.24 B1(config)#exit配制eigrp和被动接口B1(config)#router eigrp 100B1(config-router)#network 10.1.10.0 B1(config-router)#network 10.1.20.0B1(config-router)#network 10.1.30.0 B1(config-router)#network 10.1.88.0B1(config-router)#network 10.1.99.0 B1(config-router)#network 10.255.255. 0B1(config-router)#no auto-summaryB1(config-router)#passive-interface default B1(config-router)#no passive-interface fa 0/0.88 B1(config)#int se 0/0/0B1(config-if)#ip summary-address eigrp 100 10.1.0.0 255.255.0.0 配制默认路由：B1(config)#ip route 0.0.0.0 0.0.0.0 10.255.255.1B1-S1 配置Switch(config)#hostname B1-S1 B1-S1(config)#vtp mode server B1-S1(config)#vtp domain xyzcorp B1-S1(config)#vtp password xyzvtp B1-S1#vlan databaseB1-S1(vlan)# vlan 10 name Admin//手动汇总B1-S1(vlan)# vlan 20 name SalesB1-S1(vlan)# vlan 30 name Production B1-S1(vlan)# vlan 88 name WirelessB1-S1(vlan)# vlan 99 name Mgmt&Native B1-S1(config)#int range fa 0/1-5B1-S1(config-if-range)#switchport mode trunkB1-S1(config-if-range)#switchport trunk native vlan 99 B1-S1(config-if-range)#exit B1-S1(config)#int vlan 99B1-S1(config-if)#ip add 10.1.99.21 255.255.255.0 B1-S1(config-if)# no shutdownB1-S1(config)#ip default-gateway 10.1.99.1B1-S1(config)#spanning-tree vlan 1 priority 4096 B1-S1(config)#spanning-tree vlan 10 priority 4096 B1-S1(config)#spanning-tree vlan 20 priority 4096 B1-S1(config)#spanning-tree vlan 30 priority 4096 B1-S1(config)#spanning-tree vlan 88 priority 4096 B1-S1(config)#spanning-tree vlan 99 priority 4096B1-S2 配置Switch(config)#hostname B1-S2 B1-S2(config)#vtp mode client B1-S2(config)#vtp domain xyzcorp B1-S2(config)#vtp password xyzvtp B1-S2(config)#int vlan 99B1-S2(config-if)#ip add 10.1.99.22 255.255.255.0 B1-S2(config-if)#no shutdownB1-S2(config)#ip default-gateway 10.1.99.1 B1-S2(config)#int fa 0/6B1-S2(config-if)#switchport mode access B1-S2(config-if)#switchport access vlan 10 B1-S2(config-if)#exit B1-S2(config)#int fa 0/11B1-S2(config-if)#switchport mode access B1-S2(config-if)#switchport access vlan 20 B1-S2(config-if)#exit B1-S2(config)#int fa 0/16B1-S2(config-if)#switchport mode access B1-S2(config-if)#switchport access vlan 30 B1-S2(config-if)#exitB1-S2(config)#int range fa 0/1-4B1-S2(config-if-range)#switchport mode trunkB1-S2(config-if-range)#switchport trunk native vlan 99B1-S2(config)#int fa 0/6 //配制端口安全 B1-S2(config-if)#switchport port-securityB1-S2(config-if)#switchport port-security maximum 1B1-S2(config-if)#switchport port-security mac-address sticky B1-S2(config-if)#switchport port-security violation shutdown B1-S2(config-if)#exitB1-S2(config)#int fa 0/11 //配制端口安全 B1-S2(config-if)#switchport port-securityB1-S2(config-if)#switchport port-security maximum 1B1-S2(config-if)#switchport port-security mac-address sticky B1-S2(config-if)#switchport port-security violation shutdown B1-S2(config-if)#exitB1-S2(config)#int fa 0/16 //配制端口安全 B1-S2(config-if)#switchport port-securityB1-S2(config-if)#switchport port-security maximum 1B1-S2(config-if)#switchport port-security mac-address sticky B1-S2(config-if)#switchport port-security violation shutdown B1-S2(config-if)#exitB1-S3 配置Switch(config)#hostname B1-S3 B1-S3(config)#vtp mode client B1-S3(config)#vtp domain xyzcorp B1-S3(config)#vtp password xyzvtp B1-S3(config)#int vlan 99B1-S3(config-if)#ip add 10.1.99.23 255.255.255.0 B1-S3(config-if)#no shutdown B1-S3(config-if)#exitB1-S3(config)#ip default-gateway 10.1.99.1 B1-S3(config)#int range fa 0/1-4B1-S3(config-if-range)#switchport mode trunkB1-S3(config-if-range)#switchport trunk native vlan 99 B1-S3(config)#int fa 0/7B1-S3(config-if)#switchport mode access B1-S3(config-if)#switchport access vlan 88B1-S3(config)#spanning-tree vlan 1 priority 8192 B1-S3(config)#spanning-tree vlan 10 priority 8192 B1-S3(config)#spanning-tree vlan 20 priority 8192 B1-S3(config)#spanning-tree vlan 30 priority 8192 B1-S3(config)#spanning-tree vlan 88 priority 8192 B1-S3(config)#spanning-tree vlan 99 priority 8192HQ 配置Router(config)#hostname HQ HQ(config)#int fa 0/0HQ(config-if)#ip add 10.0.1.1 255.255.255.0 HQ(config-if)#no shutdownHQ(config)#username NewB password ciscopap HQ(config)#int se 0/0/1HQ(config-if)#ip add 10.255.255.253 255.255.255.252 HQ(config-if)#clock rate 64000 HQ(config-if)#encapsulation ppp HQ(config-if)#ppp authentication papHQ(config-if)#ppp pap sent-username HQ password ciscopap HQ(config-if)#no shutdownHQ(config)#username ISP password ciscopap HQ(config)#int se 0/1/0HQ(config-if)#ip add 209.165.201.1 255.255.255.252 HQ(config-if)#encapsulation pppHQ(config-if)#ppp authentication chap HQ(config-if)#exitHQ(config-if)#no shutdown HQ(config)#int se0/0/0HQ(config-if)#encapsulation frame-relay HQ(config-if)#frame-relay lmi-type q933a HQ(config-if)#no shutdownHQ(config)#int se 0/0/0.41 point-to-pointHQ(config-subif)#ip add 10.255.255.1 255.255.255.252 HQ(config-subif)#frame-relay interface-dlci 41 HQ(config-subif)#exitHQ(config)#int se 0/0/0.42 point-to-pointHQ(config-subif)#ip add 10.255.255.5 255.255.255.252 HQ(config-subif)#frame-relay interface-dlci 42 HQ(config-subif)#exitHQ(config)#int se 0/0/0.43 point-to-pointHQ(config-subif)#ip add 10.255.255.9 255.255.255.252 HQ(config-subif)#frame-relay interface-dlci 43HQ(config)#ip nat inside source static 10.0.1.2 209.165.200.246HQ(config)#int fa 0/0HQ(config-if)#ip nat inside HQ(config-if)#int se 0/1/0 HQ(config-if)#ip nat outside HQ(config-if)#exitHQ(config)#ip nat pool XYZCORP 209.165.200.241 209.165.200.245 netmask 255.255.255.248 HQ(config)#ip access-list standard NAT_LISTHQ(config-std-nacl)#permit 10.0.0.0 0.255.255.255 HQ(config-std-nacl)#exitHQ(config)#ip nat inside source list NAT_LIST pool XYZCORP HQ(config)#int se 0/0/1 HQ(config-if)#ip nat insideHQ(config)#int se 0/0/0.41 point-to-point HQ(config-if)#ip nat insideHQ(config)#int se 0/0/0.42 point-to-point HQ(config-if)#ip nat insideHQ(config)#int se 0/0/0.43 point-to-point HQ(config-if)#ip nat insideHQ(config)#ip route 0.0.0.0 0.0.0.0 se0/1/0 // 到ISP的默认路由 HQ(config)#ip route 10.4.5.0 255.255.255.0 se 0/0/1 //到NewB的默认路由 HQ(config)#router eigrp 100HQ(config-router)#network 10.0.0.0 HQ(config-router)#no auto-summaryHQ(config-router)#passive-interface defaultHQ(config-router)#no passive-interface se0/0/0.41 HQ(config-router)#no passive-interface se0/0/0.42HQ(config-router)#no passive-interface se0/0/0.43 或passive-interface se0/1/0 HQ(config-router)#no passive-interface fa 0/1 或passive-interface se0/0/1 HQ(config)#ip access-list extended FIREWALLHQ(config-ext-nacl)#permit tcp any host 10.0.1.2 eq 80 HQ(config-ext-nacl)#permit tcp 209.165.201.0 0.0.0.3 any HQ(config-ext-nacl)#permit tcp 209.165.201.136 0.0.0.3 any HQ(config-ext-nacl)#permit tcp 209.165.201.132 0.0.0.3 any HQ(config-ext-nacl)#permit tcp 209.165.201.128 0.0.0.3 anyHQ(config-ext-nacl)#permit icmp 209.165.201.0 0.0.0.3 any echo HQ(config-ext-nacl)#permit icmp 209.165.201.136 0.0.0.3 any echo HQ(config-ext-nacl)#permit icmp 209.165.201.132 0.0.0.3 any echo HQ(config-ext-nacl)#permit icmp209.165.201.128 0.0.0.3 any echo HQ(config-ext-nacl)#exit HQ(config)#int se0/1/0HQ(config-if)#ip access-group FIREWALL in HQ(config-if)#exit 感谢您的阅读，祝您生活愉快。

配置帧中继 实验拓扑：实验目标：学习配置帧中继链路,和帧中继子接口的配置。

实验环境：CCNP 帧中继环境.,开启 R1,R2,R3 并开启帧中继交换机。

配置帧中继：帧中继基本配置：首先我们要对接口的封装类型选择帧中继封装 对 R1,R2,R3 的 S1/0 口分别选择帧中继封装 r1(config)#int s1/0 r1(config-if)#encapsulation frame-relay 然后分别为 R1,R2,R3 配置 IP 地址 参考配置： r1interface Serial1/0 ip address 5.5.123.1 255.255.255.0 encapsulation frame-relay R2 interface Serial1/0 ip address 5.5.123.2 255.255.255.0 encapsulation frame-relay R3 interface Serial1/0 ip address 5.5.123.3 255.255.255.0 encapsulation frame-relay 配置完毕后稍等片刻 R1,R2,R3 就可以互通了.帧中继通信是通过 frame-map 来查找 IP 和 DLCI 号对应表进行通信的.可以通过 show frame-relay map 来查看 r1#show fram map Serial1/0 (up): ip 5.5.123.2 dlci 162(0xA2,0x2820), dynamic, broadcast,, status defined, active Serial1/0 (up): ip 5.5.123.3 dlci 163(0xA3,0x2830), dynamic, broadcast,, status defined, active R1 去 ping 5.5.123.2 是用 dlci 号 162 封装,去 ping 5.5.123.3 是用 dlci 163 封装,这些 dlci 号是 通过动态 inarp 来学习的. 可以手工来写 map r1(config-if)#frame-relay map ip 5.5.123.3 163 broadcast r1(config-if)#frame-relay map ip 5.5.123.2 162 broadcast r1(config-if)#do s fram map Serial1/0 (up): ip 5.5.123.2 dlci 162(0xA2,0x2820), static, broadcast, CISCO, status defined, active Serial1/0 (up): ip 5.5.123.3 dlci 163(0xA3,0x2830), static, broadcast, CISCO, status defined, active 注意刚才 frame map 刚才是 dynamic 现在是 static. 请为 R2,R3 也配置手工 map.然后互相 ping 测试配置 frame-relay 子接口：Frame-relay 子接口有二种:点到点,点到多点 /*以下对 Frame-relay 简称 FR 点到点只能接一个对端,点到多点可以接多个对端. 我们把 R1 作为 multipoint R2,R3 的子接口做 point to point (R1 不是必须做 multipoint 子接口. 只是为了熟悉多点子接口的配置) 把物理接口的 ip 地址 no 掉.把刚才做的 map 也 no 掉. R1 interface Serial1/0encapsulation frame-relay interface Serial1/0.1 multipoint /*指定物理接口为 multipoint ip address 5.5.123.1 255.255.255.0 frame-relay map ip 5.5.123.2 162 broadcast frame-relay map ip 5.5.123.3 163 broadcast R2 interface Serial1/0 no ip address encapsulation frame-relay /*对物理口封装 FR interface Serial1/0.1 point-to-point /*指定物理接口为 P-TO-P ip address 5.5.123.2 255.255.255.0 frame-relay interface-dlci 261 /*指定对端的 DLCI (R1) R3 interface Serial1/0 no ip address encapsulation frame-relay interface Serial1/0.1 point-to-point ip address 5.5.123.3 255.255.255.0 frame-relay interface-dlci 361 /*指定对端的 DLCI (R1) 互相 ping 测试 注:帧中继互通不需要二端的接口类型或子接口类型一致,只需要可以获得 DLCI 即可,也就是 说.物理接口和 multipoint,multipoint 和 p-p,p-p 和物理接口都可以互通常用命令：clear frame-relay inarp show frame-relay map /*清除动态学习的 map /*查看 frame-relay 的 map。

----------------------------文档来源百度文库..花了俺20virtual$下载的不共享出来让更多的人看到俺心里那个坑就是填不平…里面包含了CCNA的一些基础实验题，其中有个别题目的配置部分有小错误，留给大家去排错了~希望大家能够喜欢！最后，祝大家学习愉快~！实验一路由器基本配置一、实验设备一台路由器，一台PC，配置线一条。

二、实验要求1.更改路由器名称为RA2.设置password为cisco1,secret为cisco2,vty为cisco3,并要求所有密码都加密。

3.关闭域名查找，命令输入同步。

4.配置以太网口的IP为202.119.249.2195.设置登陆提示信息6.对串行口进行描述（描述信息为：welcome to lixin lab）7.将上述信息保存到tftp server8.将实验过程配置写在记事本中进行粘贴。

9.配置VTY访问权限。

10.禁止路由器进行域名解析。

三、实验步骤Router>enableRouter#configure terminalRouter(config)#hostname RA 设置路由器名RA(config)#enable password cisco1 设置密码RA(config)#enable secret cisco2 设置加密密码RA (config)#no ip domain-lookup关闭域名查找（当我们打错命令时，不会去查找DNS，造成延时）RA (config)#line console 0RA (config-line)#logging synchronous命令输入达到同步（信息提示不会打断你的输入）RA (config-line)#exec-timeout 0 0 设置永久不超时RA (config-line)#exitRA(config)#line vty 0 4RA(config-line)#（enable）password cisco3 设置vty密码RA(config-line)#exitRA(config)#service password-encryption 对密码加密RA(config)#int fastEthernet 0/0RA(config-if)#ip address 202.119.249.1 255.255.255.0 对以太网口fa0/0配置IP RA(config-if)#no shutdown 开启端口RA(config-if)#exitRA(config)#banner motd & welcome welcome to ccna lab!!! & 设置登陆提示信息RA(config)#int fa0/1RA(config-if)#description this is a fast port 描述端口信息RA(config-if)#exitRA(config)#copy running-config tftp 把信息保存到tftp实验二静态路由一、实验设备两台28系列型号路由器通过串口相连。

CCNA实验手册目录实验1．登录Cisco路由器/交换机2实验2．初始化路由器和创建Startup-config文件6实验3．了解用户模式、特权模式和全局模式9实验4．配置特权模式密码14实验5．配置VTY登录安全16实验6．查看路由器的Running-config配置文件 17实验7．查看路由器的Startup-config配置文件18实验8．备份路由器的running-config至startup-config20实验9．清除路由器的配置22实验10．更改路由器的寄存器值23实验11．配置路由器的主机名与IP映射表24实验11．配置路由器的主机名与IP映射表24实验12．配置命令缩写25实验13．配置路由器的BANNER信息26实验14．做实验前的默认配置27实验15．查看路由器信息相关命令28实验16．配置VTY接口使用本地用户名与密码进行登录 32实验17．捕获HyperTerminal和Telnet会话33实验18．配置路由器基本连接35实验19．路由器连接登录操作39实验20．静态路由配置42实验21．默认路由配置66实验22．RIP路由选择基础实验69实验23．RIPv1发送和接收规则78实验24．RIP不支持不连续子网83实验25．配置使用RIPv286实验26．配置RIP认证91实验27．IGRP实验95实验28．EIGRP实验99实验29．OSPF路由实验 103实验30．使用ACL增强Router 安全109实验31．标准访问控制列表110实验32．扩展访问控制列表112实验33．备份IOS到TFTP服务器112登录Cisco路由器/交换机图表 1 登录Cisco Router Switch实验目的了解始何在PC使用客户端登录到路由器上实验过程启动Hyper Terminal程序图表 2 在运行输入HYPERTRM.EXE 调出超级终端图表 3 在"连接描述" 输入连接名称图表 4 在"连接到"中选择连接到Router的Com口图表 5 在Com口属性对话框中点击"还原为默认值" 登录到路由器上开始进行配置图表 6 点击确认显示Router的提示符初始化路由器和创建Startup-config文件实验目的了解路由器初次启动时如何进行配置与保存配置实验过程登录没有进行过配置的路由器% Please answer 'yes' or 'no'.Would you like to enter the initial configuration dialog? [yes/no]://如果路由器刚启动时在nvram中没有startup-config或是寄存器值为0x2142时，路由路会出现初始化本配置向导，如果我们选择yes将进入其配置模式yesAt any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Basic management setup configures only enough connectivityfor management of the system, extended setup will ask youto configure each interface on the systemWould you like to enter basic management setup? [yes/no]: yes//是否进行基本配置Configuring global parameters:Enter host name [Router]: Rack141R1//输入路由器的hostnameThe enable secret is a password used to protect access toprivileged EXEC and configuration modes. This password, afterentered, becomes encrypted in the configuration.Enter enable secret: cisco//输入路由器的特权md5密码The enable password is used when you do not specify anenable secret password, with some older software versions, andsome boot images.Enter enable password: cisco//输入路由器的特权密码(明文显示在配置文件中)% Please choose a password that is different from the enable secret//不允许特权md5密码与特权密码(明文)相同Enter enable password: training//再次输入特权密码（明文）The virtual terminal password is used to protectaccess to the router over a network interface.Enter virtual terminal password: trainingConfigure SNMP Network Management? [yes]: yes//是否配置SNMP网管协议Community string [public]: public//配置SNMP网管协议的Communtiy社团值Current interface summaryAny interface listed with OK? value "NO" does not have a valid configuration Interface IP-Address OK? Method Status ProtocolEthernet0/0 unassigned NO unset up upEthernet0/1 unassigned NO unset up up unassigned NO unset upSerial1/0 unassigned NO unset up downEnter interface name used to connect to themanagement network from the above interface summary: ethernet0/0//对路由器上的某个接口进行配置，输入接口的名称即可Configuring interface Ethernet0/0:Configure IP on this interface? [yes]: yes//是否在接口上配置一个IPIP address for this interface: 192.168.0.1//配置接口的IPSubnet mask for this interface [255.255.255.0] :Class C network is 192.168.0.0, 24 subnet bits; mask is /24The following configuration command script was created:hostname Rack141R1enable secret 5 $1$k39O$aQQirPZhZhVOS.TEvypiY/enable password trainingline vty 0 4password trainingsnmp-server community public!no ip routinginterface Ethernet0/0no shutdownip address 192.168.0.1 255.255.255.0!interface Ethernet0/1shutdownno ip address!!interface Serial1/0shutdownno ip address!end[0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]: 2//选择选存配置文件到NVRAM中(即生成startup-config)，并退出至命令提示行Building configuration...Use the enabled mode 'configure' command to modify this configuration.Press RETURN to get started!*Mar 1 00:01:31.599: %SYS-5-RESTART: System restarted --Cisco Internetwork Operating System SoftwareIOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)Technical Support: ://www.cisco/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 06-Nov-06 14:22 by ccai*Mar 1 00:01:31.627: %SNMP-5-COLDSTART: SNMP agent on host Rack141R1 is undergoing a cold startRack141R1>了解用户模式、特权模式和全局模式实验目的了解思科IOS的不同配置模式实验过程登录路由器% Please answer 'yes' or 'no'.Would you like to enter the initial configuration dialog? [yes/no]: noPress RETURN to get started!Router>//现在我们进入到了User mode，在这个模式下我们使用? 号可以看到能够输入的命令输入? 号查看能够运行的命令列表Router>?Exec commands:access-enable Create a temporary Access-List entryaccess-profile Apply user-profile to interfaceclear Reset functionsconnect Open a terminal connectiondisable Turn off privileged commandsdisconnect Disconnect an existing network connectionenable Turn on privileged commandsexit Exit from the EXEChelp Description of the interactive help systemlock Lock the terminallogin Log in as a particular userlogout Exit from the EXECmls exec mls router commandsmstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connectionpad Open a X.29 PAD connectionping Send echo messagesppp Start IETF Point-to-Point Protocol (PPP)进入特权模式Router>enableRouter#//进行特权模式后，可以看到路由器的提示符由> 变成了#在特权模式下输入? 号查看能够运行的命令Router#?//输入?号查看可以运行的命令//与用户模式比较一下，看看有什么区别？Exec commands:access-enable Create a temporary Access-List entryaccess-profile Apply user-profile to interfaceaccess-template Create a temporary Access-List entrybfe For manual emergency modes settingcd Change current directoryclear Reset functionsclock Manage the system clockconfigure Enter configuration modeconnect Open a terminal connectioncopy Copy from one file to anotherdebug Debugging functions (see also 'undebug')delete Delete a filedir List files on a filesystemdisable Turn off privileged commandsdisconnect Disconnect an existing network connectionenable Turn on privileged commandserase Erase a filesystemexit Exit from the EXEChelp Description of the interactive help systemlock Lock the terminallogin Log in as a particular userlogout Exit from the EXECmls exec mls router commandsmstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connectionno Disable debugging functionspad Open a X.29 PAD connectionping Send echo messagesppp Start IETF Point-to-Point Protocol (PPP)reload Halt and perform a cold restartshow Show running system informationslip Start Serial-line IP (SLIP)start-chat Start a chat-script on a linesystat Display information about terminal linestelnet Open a telnet connectionterminal Set terminal line parameterstest Test subsystems, memory, and interfacestraceroute Trace route to destinationRouter#再退出到用户模式下Router#disableRouter>现在进入到全局配置模式下Router>Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#//当从特权模式转到全局配置模式下时，路由器的提示符由Router# 变成了Router(config)#在全局模式下输入? 号查看一下支持的命令Router(config)#?// 现在可以看到在全局模式下支持的命令明显的比较多Configure commands:aaa Authentication, Authorization and Accounting.access-list Add an access list entryalias Create command aliasappletalk Appletalk global configuration commands arap Appletalk Remote Access Protocolarp Set a static ARP entryasync-bootp Modify system bootp parameters autonomous-system Specify local AS number to which we belong banner Define a login bannerboot Modify system boot parametersbridge Bridge Group.buffers Adjust system buffer pool parametersbusy-message Display message when connection to host fails call-history-mib Define call history mib parameterscdp Global CDP configuration subcommands chat-script Define a modem chat scriptclock Configure time-of-day clockconfig-register Define the configuration registercontroller Configure a specific controllerdecnet Global DECnet configuration subcommands default Set a command to its defaultsdefault-value Default character-bits valuesdialer Dialer watch commandsdialer-list Create a dialer list entrydnsix-dmdp Provide DMDP service for DNSIXdnsix-nat Provide DNSIX service for audit trails downward-compatible-config Generate a configuration compatible with oldersoftwaredss Configure dss parametersenable Modify enable password parametersend Exit from configure modeexception Exception handlingexit Exit from configure modefile Adjust file system parametersframe-relay global frame relay configuration commands help Description of the interactive help system hostname Set system's network nameinterface Select an interface to configureip Global IP configuration subcommandsipx Novell/IPX global configuration commands key Key managementline Configure a terminal linelogging Modify message logging facilitieslogin-string Define a host-specific login stringmap-class Configure static map classmap-list Configure static map listmemory-size Adjust memory size by percentagemenu Define a user-interface menumls mls router global commandsmodemcap Modem Capabilities databasemop Configure the DEC MOP Servermultilink PPP multilink global configurationnetbios NETBIOS access control filteringno Negate a command or set its defaultsntp Configure NTPpartition Partition deviceprinter Define an LPD printerpriority-list Build a priority listprivilege Command privilege parametersprompt Set system's promptqueue-list Build a custom queue listresume-string Define a host-specific resume stringrif Source-route RIF cacherlogin Rlogin configuration commandsrmon Remote Monitoringroute-map Create route-map or enter route-map command moderouter Enable a routing processrtr RTR Base Configurationscheduler Scheduler parametersservice Modify use of network based servicessmrp Simple Multicast Routing Protocol configurationcommandssnmp-server Modify SNMP parametersstackmaker Specify stack name and add its member state-machine Define a TCP dispatch state machine subscriber-policy Subscriber policytacacs-server Modify TACACS query parametersterminal-queue Terminal queue commandstftp-server Provide TFTP service for netload requests username Establish User Name Authenticationvirtual-profile Virtual Profile configurationx25 X.25 Level 3x29 X29 commandsRouter(config)#退出到特权模式Router(config)#exitRouter#配置特权模式密码实验目的了解如何加强特权模式下的安全实验过程首先配置路由器的enable权限密码Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#enable password cisco//配置登录特权模式的密码为cisco配置完后我们使用show running-config查看配置文件：Router#sh runBuilding configuration...Current configuration:!version 11.2no service password-encryptionno service udp-small-serversno service tcp-small-servers!hostname Router!enable password cisco//可以在show running-config文件中看到密码以明文形式，这样密码很容易泄漏为了对明文密码加密，可以使用：Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#service password-encryption再使用show running-config查看一下配置文件：Router#sh runBuilding configuration...Current configuration:!version 11.2service password-encryptionno service udp-small-serversno service tcp-small-servers!hostname Router!enable password 7 030752180500//现在看到当使用了service password-encryption后在show running-config中密码不在以明文的方式显示出来我们使用更加安全的加密方式Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#enable secret password再次查看一下配置文件Router#sh runBuilding configuration...Current configuration:!version 11.2service password-encryptionno service udp-small-serversno service tcp-small-servers!hostname Router!enable secret 5 $1$Exm1$1U1XmnWnxYDRemFHhp4aS0// 在show running-config的结果中enable secret的密码是无法看到的，且无法破解enable password 7 030752180500配置VTY登录安全实验目的了解如何加强远程登录的安全性实验过程Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#line vty 0 4Router(config-line)#password ciscoRouter(config-line)#login问题以下配置情况能否进行远程登录：Router(config)#line vty 0 4□可以登录□不能登录Router(config-line)#password ciscoRouter(config-line)#loginRouter(config)#line vty 0 4□可以登录□不能登录Router(config-line)#loginRouter(config)#line vty 0 4□可以登录□不能登录Router(config-line)#password ciscoRouter(config)#line vty 0 4Router(config-line)#password cisco□可以登录□不能登录Router(config-line)#loginRouter(config-line)#no loginRouter(config)#line vty 0 4Router(config-line)#password cisco□可以登录□不能登录Router(config-line)#loginRouter(config-line)#no password使用什么方法可以查看到是否有人登录到自己的路由器上？____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ 怎么验证我们对Vty接口进行的配置呢？____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________实验目的了解思科路由器上的Running-config文件的作用与操作方法实验过程在特权模式下使用show running-config 调出内存中的配置Router#show running-configBuilding configuration...Current configuration:!version 11.2service password-encryptionno service udp-small-serversno service tcp-small-servers!hostname Router!enable secret 5 $1$Exm1$1U1XmnWnxYDRemFHhp4aS0enable password 7 030752180500!username user1 password 7 0311480E145Eusername user2 password 7 010*********username eee password 7 03username eee autocommand show verusername xxx password 7 09!interface Loopback0no ip address!interface Ethernet0/0怎么验证这个文件是否存在可以使用dir system:Router#dir system:Directory of system:/12 drwx 0 <no date> its2 dr-x 0 <no date> memory1 -rw- 873 <no date> running-config//可以看到在路由器的system: 文件系统（即内存）下有一个名为running-confi实验目的了解思科路由器上的startup-config文件的作用与操作方法实验过程：查看路由器的startup-configRouter#Router#show startup-config//查看在nvram中的startup-config配置文件startup-config is not present//nvram中没有此文件现在使用copy命令保存文件Router#copy system:/running-config nvram:/startup-config// copy 命令的格式为copy 源路径:/文件名目标路径:/文件名//这句命令的作用是把内存中的running-config拷贝到nvram中的startup-config 文件Destination filename [startup-config]?Building configuration...[OK]当拷贝完成后，查看一下nvram中的文件Router#dir nvram:Directory of nvram:/124 -rw- 895 <no date> startup-config//现在可以看到在nvram中有一个名为startup-config 的文件125 ---- 5 <no date> private-config1 -rw- 0 <no date> ifIndex-table 129016 bytes total (127040 bytes free)Startup-config文件在路由器重启时是否调入到内存中，是基于路由器的寄存器值来决定的Router#show versionCisco Internetwork Operating System SoftwareIOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)Technical Support: ://www.cisco/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 06-Nov-06 14:22 by ccaiImage text-base: 0x60008B00, data-base: 0x6194C000ROM: ROMMON Emulation MicrocodeROM: 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE(fc2)Router uptime is 23 minutesSystem returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19System image file is "tftp://255.255.255.255/unknown"cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.Processor board ID 00000000R4700 CPU at 80MHz, Implementation 33, Rev 1.2Bridging software.X.25 software, Version 3.0.0.4 Ethernet/IEEE 802.3 interface(s)4 Serial network interface(s)DRAM configuration is 64 bits wide with parity enabled.125K bytes of non-volatile configuration memory.8192K bytes of processor board System flash (Read/Write)Configuration register is 0x2102//值是0x2104则是指在路由器重启时调startup-config到内存//现在可以看到当前的路由器是0x2102备份路由器的running-config至startup-config实验目的了解思科路由器的Running-config与startup-config文件的区别实验过程登录路由器cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.Processor board ID 00000000R4700 CPU at 80MHz, Implementation 33, Rev 1.2Bridging software.X.25 software, Version 3.0.0.4 Ethernet/IEEE 802.3 interface(s)4 Serial network interface(s)DRAM configuration is 64 bits wide with parity enabled.125K bytes of non-volatile configuration memory.8192K bytes of processor board System flash (Read/Write)--- System Configuration Dialog ---ould you like to enter the initial configuration dialog? [yes/no]: {% Please answer 'yes' or 'no'.//选择NO以进入命令提示符下这时，输入show startup-configRouter#show startup-configstartup-config is not present//思考，现在为什么显示没有这个文件呢？我们将内存中的配置文件保存到NVRAM中Router#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]Router#show startup-config//现在在次查看startup-config，可以看到已经有这个文件了！Using 895 out of 129016 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!enable password cisco使用相同的命令Router#copy system:/running-config nvram:/startup-configDestination filename [startup-config]?Building configuration...[OK]问题使用dir nvram:/ 能否看到startup-config的文件内容？____________________________________________________________________ ____________________________________________________________________ 简述running-config与startup-config的区别是什么？____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________清除路由器的配置实验目的了解如何清除路由器上当前的配置实验环境描述当您的路由器已经有配置、或是有残留配置时可以对路由器进行重启，但是如果路由器保存有startup-config的话，下次重启时路由器会自动加载这个配置文件，所以我们需要对startup-config进行清除实验过程首先确定您的路由器中是否有startup-config文件Router#show startup-configUsing 1268 out of 129016 bytes!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption现在我们对这个文件进行清除Router#write eraseErasing the nvram filesystem will remove all files! Continue? [confirm]y[OK] Erase of nvram: completeRouter#现在再查看一下是否还有startup-configRouter#show startup-config%% Non-volatile configuration memory is not presentRouter#练习在深度的实验室中，我们需要重新做实验时，是否需要删除Nvram中的startup-config文件呢？_____________________________________________________________________ _____________________________________________________________________更改路由器的寄存器值实验目标了解Cisco路由器上的寄存器值的作用与配置方法实验过程登录Router，使用show version查看版本Router#show versionCisco Internetwork Operating System SoftwareIOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)Technical Support: ://www.cisco/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 06-Nov-06 14:22 by ccaiImage text-base: 0x60008B00, data-base: 0x6194C000Configuration register is 0x2142//在show version命令的最后一行显示了当前路由器的寄存器值，本实验中的值为0x2142(16进制)修改路由器的寄存器值Router#Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#config-register 0x2102// Config-register后面跟上想修改的寄存器值实验总结表格 1 常用寄存器值0x2100 Rom Monitor0x2101 从Rom启动0x2102 从FLASH启动，同时读取NVRAM中的startup-config（这是默认的值）0x2142 从FLASH启动，跳过NVRAM中的startup-config，常用于进行密码恢复配置路由器的主机名与IP映射表实验目的了解思科路由器的Host映射表的作用与操作方法实验过程在R1上配置主机名(hostname) 与IP的映射关系Rack141R1(config)#ip host Rack141R2 219.145.77.88Rack141R1(config)#ip host Rack141R3 33.87.73.123Rack141R1(config)#ip host Rack141R4 141.21.44.2查看当前路由器上进行的映射关系配置Rack141R1#show hostsDefault domain is not setName/address lookup uses domain serviceName servers are 255.255.255.255Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidatetemp - temporary, perm - permanentNA - Not Applicable None - Not definedHost Port Flags Age Type Address(es) Rack141R2 None (perm, OK) 0 IP 219.145.77.88 Rack141R3 None (perm, OK) 0 IP 33.87.73.123 Rack141R4 None (perm, OK) 0 IP 141.21.44.2练习在路由器上配置hostname与IP 映射有什么作用呢？_____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ （2）怎么样验证我们配置的映射是可以正常使用的？_____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________配置命令缩写实验目的了解思科路由器上命令缩写的使用实验过程登录路由器，开始配置Rack141R1(config)#alias exec sir show ip route//定义输入sir等于输入show ip routeRack141R1(config)#exitRack141R1#sir//现在直接输入sir即等于输入了show ip route,这样我们就可以支持命令缩写了Codes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static routeGateway of last resort is not setRack141R1#实验总结我们可以定义出自己经常使用的命令的缩写（注：以下并不是标准，具体缩写根据习惯）alias exec ct conf talias exec sr sh runalias exec sri sh run intalias exec u undeb allalias exec sfm sh frame mapalias exec sfr sh frame routealias exec sfp sh fram pvcalias exec sis sh isdn statalias exec sam sh atm mapalias configure rr router ripalias configure ro router ospf配置路由器的BANNER信息实验目的了解如何对思科路由器上进行Banner配置实验过程使用bannd motd %进行banner配置Router(config)#Router(config)#banner motd %Enter TEXT message. End with the character '%'._ --- _ _----_/ \ @@@@ \/| . .|\ @@@@@. . |\( #( oo)# @@@@(oo)~)_!s/ \ ~~\| \|<~~ \!t(____ H _)_ _(__~H___)_%Router(config)#退出路由器验证banner是否有效Router con0 is now availablePress RETURN to get started.*Mar 1 00:20:20.119: %SYS-5-CONFIG_I: Configured from console by console_ --- _ _----_/ \ @@@@ \/| . .|\ @@@@@. . |\( #( oo)# @@@@(oo)~)_!s/ \ ~~\| \|<~~ \!t(____ H _)_ _(__~H___)_Router>做实验前的默认配置实验目的了解做实验之前需要进行的基本配置实验过程Router(config)#*Mar 1 00:34:56.395: %SYS-5-CONFIG_I: Configured from console by consoleRouter(config)#enable password ciscoRouter(config)#hostname Rack141R1Rack141R1(config)#no ip domain-lookupRack141R1(config)#line con 0Rack141R1(config-line)#login% Login disabled on line 0, until 'password' is setRack141R1(config-line)#password ciscoRack141R1(config-line)#exec-timeout 0 0Rack141R1(config-line)#logging synchronousRack141R1(config-line)#Rack141R1(config-line)#line vty 0 4Rack141R1(config-line)#login% Login disabled on line 66, until 'password' is set% Login disabled on line 67, until 'password' is set% Login disabled on line 68, until 'password' is set% Login disabled on line 69, until 'password' is set% Login disabled on line 70, until 'password' is setRack141R1(config-line)#password ciscoRack141R1(config-line)#exec-timeout 0 0Rack141R1(config-line)#logging synchronousRack141R1(config-line)#exit练习解释做实验之前需要进行配置的每一条命令的具体作用_____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________查看路由器信息相关命令实验目的了解如何在思科路由器上查看基本的信息实验过程使用show 命令查看思科中路器的不同信息，使用show version查看路由器的版本Router#show versionCisco Internetwork Operating System SoftwareIOS (tm) 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)Technical Support: ://www.cisco/techsupportCopyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 06-Nov-06 14:22 by ccaiImage text-base: 0x60008B00, data-base: 0x6194C000ROM: ROMMON Emulation MicrocodeROM: 3600 Software (C3620-IS-M), Version 12.3(21), RELEASE SOFTWARE (fc2)Router uptime is 23 minutesSystem returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19System image file is "tftp://255.255.255.255/unknown"cisco 3620 (R4700) processor (revision 0xFF) with 61440K/4096K bytes of memory.Processor board ID 00000000R4700 CPU at 80MHz, Implementation 33, Rev 1.2Bridging software.X.25 software, Version 3.0.0.4 Ethernet/IEEE 802.3 interface(s)4 Serial network interface(s)DRAM configuration is 64 bits wide with parity enabled.125K bytes of non-volatile configuration memory.8192K bytes of processor board System flash (Read/Write)Configuration register is 0x2142查看接口信息Rack141R1#show ip interface briefInterface IP-Address OK? Method Status ProtocolEthernet0/0 unassigned YES unset administratively down downEthernet0/1 unassigned YES unset administratively down downEthernet0/2 unassigned YES unset administratively down downEthernet0/3 unassigned YES unset administratively down downSerial1/0 unassigned YES unset administratively down downSerial1/1 unassigned YES unset administratively down downSerial1/2 unassigned YES unset administratively down downSerial1/3 unassigned YES unset administratively down downRack141R1#查看进程Rack141R1#show processesCPU utilization for five seconds: 4%/0%; one minute: 0%; five minutes: 0% PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process1 Cwe 60499ED4 02 0 5624/6000 0 Chunk Manager2 Csp 604C8478 0 544 0 2628/3000 0 Load Meter3 M* 0 2776 513 541110280/12000 0 Exec4 Mwe 610088F4 0 1 023508/24000 0 EDDRI_MAIN5 Lst 604A87C8 1756 314 5592 5648/6000 0 Check heaps6 Cwe 604AE7D0 0 1 0 5608/6000 0 Pool Manager7 Mst 603E2728 0 2 0 5604/6000 0 Timers8 Mwe 6001FF08 0 2 0 5600/6000 0 Serial Backgroun9 Mwe 603B5644 0 2 0 5588/6000 0 AAA high-capacit10 Mwe 6054E548 4 1 400011624/12000 0 OIR Handler11 Msi 605720A4 0 92 0 5612/6000 0 Environmental mo12 Mwe 60574860 8 54 148 5604/6000 0 ARP Input13 Mwe 60770994 0 543 0 5684/6000 0 HC。

东莞斯瑞教育中心CCNA实验手册V5.0CCNA实验手册实验一基础实验一、拓扑图如下：二、实验目的1、掌握CISCO设备的基础配置。

2、2台设备能够ping 通。

3、熟练使用各种show命令查看设备状态。

三、实验要求：假设公司架设了一条东莞到香港的专线,作为网络管理员的你需要完成设备的基本配置,两台设备要PING通。

四、实验步骤：1、按照拓扑图所示，搭建实验平台2、完成CISCO设备的基础配置➢基本配置包括。

➢设置主机名称和设备标识。

➢关闭设备的DNS查询功能。

➢开启光标跟随功能。

➢设置超时时间,要求HongKong超时时间是10分30秒,DongGuan永远不超时。

➢配置控制台密码,配置VTY密码,配置特权密码,启用密码加密服务。

➢完成基本和辅助配置之后，按照拓扑图配置好设备的IP地址，测试相邻设备之间能否ping通。

➢使用CDP协议查看邻居设备信息,可以对设备进行远程telnet。

➢保存配置文件后，备份IOS软件和配置文件。

3、配置如下：设备命名：Router(config)#hostname dongguanDongguan(config)#关闭DNS查询：Router(config)#no ip domain-lookup注释：IOS软件会把未知的命令当做网络上设备的主机名称，通过广播去查找这台设备，这个过程需要比较久的时间，用这个命令可以避免DNS查询过程，节省时间。

启用光标跟随：Router(config)#line console 0Router(config-line)#logging synchronous注释：IOS软件会对系统状态变化自动的跳出提示信息，这会打乱我们的命令输入会影响我们命令的输入，启动光标跟随可以解决这个问题。

设置超时时间Router(config)#line console 0Router(config-line)#exec-timeout 0（分） 0 （秒）『永不超时』注释：当我们一段时间没有对设备进行操作后，会自动跳出登录，好比windows系统在多长时间没有活动后自动锁定，需要我们重新登录。