第3题
【说明】
某局域网的拓扑结构如图3-1所示。
某局域网的拓扑结构如图3-1所示。
【问题:3.1】(8分)
网络的主要配置如下,请解释配置命令。
//(1)
[SwitchB] vlan batch 10 20
[SwitchB] interface GigabitEthernet 0/0/1
[SwitchB- GigabitEthernet0/0/1] port link-type access
[SwitchB-GigabitEthernet0/0/1] port default vlan 10
[SwitchB] interface GigabitEthernet0/0/2
[SwitchB- GigabitEthernet0/0/2] port link-type access
[SwitchB-GigabitEthernet0/0/2] port default vlan 20
[SwitchB] interface GigabitEthernet0/0/23
[SwitchB-GigabitEthernet0/0/23] port link-type trunk
[SwitchB-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20
//(2)
[SwitchA] vlan batch 10 20 30 100
[SwitchA] interface GigabitEthernet 0/0/23
[SwitchA-GigabitEthernet0/0/23] port link-type trunk
[SwitchA-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20
//(3)
[SwitchA] interface GigabitEthernet 0/0/24
[SwitchA-GigabitEthernet0/0/24] port link-type trunk
[SwitchA-GigabitEthernet0/0/24] port default vlan 30
//配置连接路由器的接口模式,该接口属于VLAN100
[SwitchA] interface GigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
//配置内网网关和连接路由器的地址
[SwitchA] interface Vlanif 10
[SwitchA- Vlanif10] ip address 192.168.10.124
[SwitchA] interface Vlanif 20
[SwitchA- Vlanif20] ip address 192.168.20.124
[SwitchA] interface Vlanif 30
[SwitchA- Vlanif30] ip address 192.168.30.124
[SwitchA] interface Vlanif 100
[SwitchA- Vlanif100] ip address 172.16.1.124
//(4)
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 172.16.1.2
//(5)
[AR2200] interface GigabitEthernet 0/0/0
[AR2200- GigabitEthernet 0/0/0] ip address 59.74.130.230
[AR2200] interface GigabitEthernet 0/0/1
[AR2200- GigabitEthernet 0/0/1] ip address 172.16.1.224
//(6)
[AR2200] acl 2000
[AR2200-acl-basic-2000] rule permit source 192.168.10.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 192.168.20.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 192.168.30.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 172.16.1.0 0.0.0.255
//(7)
[AR2200] interface GigabitEthernet 0/0/0
[AR2200- GigabitEthernet 0/0/0] nat outbound 2000
//(8)
[AR2200] ip route-static 192.168.10.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 192.168.20.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 192.168.30.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 0.0.0.0 0.0.0.0 59.74.130.1
(1)-(8)备选答案
A.在SwitchC上配置接口模式,该接口属于VLAN30
B.配置指向路由器的静态路由
C.在SwitchA上创建VLAN ,配置接口模式并放行VLAN 10和VLAN 20
D.配置到内网的静态路由和到外网的静态路由
E.配置路由器内部和外部接口的IP地址
F.配置ACL策略
G.外网接口配置NAT转换
H.在SwitchB上创建VLAN ,配置接口模式
网络的主要配置如下,请解释配置命令。
//(1)
[SwitchB] vlan batch 10 20
[SwitchB] interface GigabitEthernet 0/0/1
[SwitchB- GigabitEthernet0/0/1] port link-type access
[SwitchB-GigabitEthernet0/0/1] port default vlan 10
[SwitchB] interface GigabitEthernet0/0/2
[SwitchB- GigabitEthernet0/0/2] port link-type access
[SwitchB-GigabitEthernet0/0/2] port default vlan 20
[SwitchB] interface GigabitEthernet0/0/23
[SwitchB-GigabitEthernet0/0/23] port link-type trunk
[SwitchB-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20
//(2)
[SwitchA] vlan batch 10 20 30 100
[SwitchA] interface GigabitEthernet 0/0/23
[SwitchA-GigabitEthernet0/0/23] port link-type trunk
[SwitchA-GigabitEthernet0/0/23] port trunk allow-pass vlan 10 20
//(3)
[SwitchA] interface GigabitEthernet 0/0/24
[SwitchA-GigabitEthernet0/0/24] port link-type trunk
[SwitchA-GigabitEthernet0/0/24] port default vlan 30
//配置连接路由器的接口模式,该接口属于VLAN100
[SwitchA] interface GigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
//配置内网网关和连接路由器的地址
[SwitchA] interface Vlanif 10
[SwitchA- Vlanif10] ip address 192.168.10.124
[SwitchA] interface Vlanif 20
[SwitchA- Vlanif20] ip address 192.168.20.124
[SwitchA] interface Vlanif 30
[SwitchA- Vlanif30] ip address 192.168.30.124
[SwitchA] interface Vlanif 100
[SwitchA- Vlanif100] ip address 172.16.1.124
//(4)
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 172.16.1.2
//(5)
[AR2200] interface GigabitEthernet 0/0/0
[AR2200- GigabitEthernet 0/0/0] ip address 59.74.130.230
[AR2200] interface GigabitEthernet 0/0/1
[AR2200- GigabitEthernet 0/0/1] ip address 172.16.1.224
//(6)
[AR2200] acl 2000
[AR2200-acl-basic-2000] rule permit source 192.168.10.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 192.168.20.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 192.168.30.0 0.0.0.255
[AR2200-acl-basic-2000] rule permit source 172.16.1.0 0.0.0.255
//(7)
[AR2200] interface GigabitEthernet 0/0/0
[AR2200- GigabitEthernet 0/0/0] nat outbound 2000
//(8)
[AR2200] ip route-static 192.168.10.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 192.168.20.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 192.168.30.0 255.255.255.0 172.16. 1.1
[AR2200] ip route-static 0.0.0.0 0.0.0.0 59.74.130.1
(1)-(8)备选答案
A.在SwitchC上配置接口模式,该接口属于VLAN30
B.配置指向路由器的静态路由
C.在SwitchA上创建VLAN ,配置接口模式并放行VLAN 10和VLAN 20
D.配置到内网的静态路由和到外网的静态路由
E.配置路由器内部和外部接口的IP地址
F.配置ACL策略
G.外网接口配置NAT转换
H.在SwitchB上创建VLAN ,配置接口模式
【问题:3.2】(6 分)
图3-2是PC4的网络属性配置界面,根据以上配置填空。
IP 地址:(9)
子网掩码: :(10)
默认网关:(11)
图3-2是PC4的网络属性配置界面,根据以上配置填空。
IP 地址:(9)
子网掩码: :(10)
默认网关:(11)
【问题:3.3】(6 分)
//为了限制VLAN 10中的用户的访问,在网络中增加了如下配置。
[SwitchA]time-range t 8:00 to 18:00 daily
[SwitchA] acl number 3002
[SwitchA-acl-adv-3002] rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0 time-range t
[SwitchA] traffic classifier tc1
[SwitchA- classifier tc1] if-match acl 3002
[SwitchA] traffic behavior tb1
[SwitchA- behavior tb1] deny
[SwitchA] traffic policy tp1
[SwitchA- traffic policy tp1] classifier tcl behavior tb1
[SwitchA]interface GigabitEthemet0/0/23
[SwitchA-GigabitEthemet0/0/23] traffic-policy tp1 inbound
1.以上配置实现了VLAN 10中的用户在(12)时间段可以访问VLAN(13)中的主机。
2.ÄCL3002中的编号表示该ACL的类型是(14)。
//为了限制VLAN 10中的用户的访问,在网络中增加了如下配置。
[SwitchA]time-range t 8:00 to 18:00 daily
[SwitchA] acl number 3002
[SwitchA-acl-adv-3002] rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0 time-range t
[SwitchA] traffic classifier tc1
[SwitchA- classifier tc1] if-match acl 3002
[SwitchA] traffic behavior tb1
[SwitchA- behavior tb1] deny
[SwitchA] traffic policy tp1
[SwitchA- traffic policy tp1] classifier tcl behavior tb1
[SwitchA]interface GigabitEthemet0/0/23
[SwitchA-GigabitEthemet0/0/23] traffic-policy tp1 inbound
1.以上配置实现了VLAN 10中的用户在(12)时间段可以访问VLAN(13)中的主机。
2.ÄCL3002中的编号表示该ACL的类型是(14)。