PAIP.一些流氓软件的流氓营销方法.txt

实验中的IP划分：
SW1 VLAN 2 192.168.2.250 VLAN 3 192.168.2.250
SW2 VLAN 2 192.168.2.249 VLAN 3 192.168.2.249
R1 bvi 1 192.168.2.251 bvi 2 192.168.3.251
R2 bvi 1 192.168.2.248 bvi 2 192.168.3.248
HSRP 2 192.168.2.254 HSRP 3 192.168.3.254

一。实验目的
了解桥接的作用：桥接”，是指依据OSI网络模型的链路层的地址，对网络数据包进行转发的过程。当路由器配置了桥接选项后，会处理所有接口上的所有的数据帧，并实时调查每个主机的位置。若在某个接口上收入一个帧，就会在一个桥接内置入一个条目，列出发送数据的主机和接收到数据帧的接口MAC地址，这样路由表就被不断地在通信中完善起来。
参考：http://zhidao.baidu.com/question/5760460.html


二。实验内容
1。在实验中，我们使用的是二层交换机，通过路由器来实现VLAN之间的路由
在E0/0 E0/1下面划分子接口
int e0/0.1 int e0/0.2
en dot1q 2 en dot1q 3 分别封装VLAN 2 VLAN 3
2。因为在同一物理接口不能配置同一网段的IP地址，我们要通过桥接组来实现子接口之间的桥接
int e0/0.1 int e0/1.1
bridge-group 1 bridge-group 2 建立两个桥接组
3。这只是简单的两层桥接，要实现三层桥接，我们要给桥接组配置IP地址
int bvi 1 int bvi 2
ip add 192.168.2.1 255.255.255.0 ip add 192.168.3.1 255.255.255.0
两个组分别使用VLAN2 与VLAN 3的网段，这样可以实现VLAN之间的路由
4。为了完成VLAN之间的路由，所有橙色线路的端口为trunk
switchport mode truck
switchport truck en do
5。所有PC接入端号使作protfast 端口，接到收敛速成度
spanning-stree protfast
6。为了终端PC的安全，我们可以采用热备份协议，实现网关冗余
R1: int bvi 1 int bri 2
standy 1 ip 192.168.2.254 standy 2 ip 192.168.3.254
standy 1 pree standy 2 pree 开启抢占
R2: int bvi 1

standy 1 ip 192.168.2.254 standy 2 ip 192.168.3.254
standy 1 pree standy 2 pree 开启抢占
standy 1 pri 50 让R1成为VLAN 1主网关 standy 2 pri 200 让R2成为VLAN 2的主网关
在第6中，我们分别分R1与R2成为VLAN 1与VLAN 2的主，彼此之间成为备份，使得网络更可靠
7。ISP与本地路由器之间采用路由协议，可以实现负载均衡
在实验中用到如下命令：
bridge 1 protocol ieee 封装协议
birdge 1 route ip 　支持IP路由
　 birdge irb 将桥接接口集成路由功能

二。实验配置
这个实验中，主要是难点是子接口的路由桥接，但这个设计早以最淘汰了，我们可以在三层路由来实现上面的功能 。另一个知识点就是为这个VLAN 建立备份网关，我们可以采用HSRP VRRP GLBP协议来实现

三．配置
R1-up#sh run
Building configuration...
Current configuration : 1119 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-up
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip cef
bridge irb
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.1
encapsulation dot1Q 2
bridge-group 1
!
interface Ethernet0/0.2
encapsulation dot1Q 3
bridge-group 2
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
no fair-queue
!
interface Ethernet0/1
no ip address
half-duplex
!
interface Ethernet0/1.1
encapsulation dot1Q 2
bridge-group 1
!
interface Ethernet0/1.2
encapsulation dot1Q 3
bridge-group 2
!
interface BVI1
ip address 192.168.2.251 255.255.255.0
standby 1 ip 192.168.2.1
standby 1 preempt
!
interface BVI2
ip address 192.168.3.251 255.255.255.0
standby 2 ip 192.168.3.1
!
ip http server
ip classless
!
!
!
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

R2-down#sh run
Building configuration...
Current configuration : 1173 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2-down
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.1
encapsulation dot1Q 2
bridge-group 1
!
interface Ethernet0/0.2
encapsulation dot1Q 3
bridge-group 2
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface Ethernet0/1
no ip address
half-duplex
!
interface Ethernet0/1.1
encapsulation dot1Q 2
bridge-group 1
!
interface Ethernet0/1.2
encapsulation dot1Q 3
bridge-group 2
!
interface BVI1
ip address 192.168.2.248 255.255.255.0
standby 1 ip 192.168.2.1
standby 1 priority 50
standby 1 preempt
//桥接组1 并启用了HSRP
!
interface BVI2
ip address 192.168.3.248 255.255.255.0
standby 2 ip 192.168.3.1
standby 2 priority 200
standby 2 preempt
//桥接组2 并启用了HSRP
!
ip http server
no ip http secure-server
ip classless
!
!
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Sw1-up#sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Sw1-up
!
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
ip address 192.168.2.250 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN3
ip address 192.168.3.250 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end
Sw1-up#

Sw2-down#sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Sw2-down
!
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
spanning-tree portfast
!
interface FastEthernet0/5
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
!
interface FastEthernet0/7
spanning-tree portfast
!
interface FastEthernet0/8
spanning-tree portfast
!
interface FastEthernet0/9
spanning-tree portfast
!
interface FastEthernet0/10
spanning-tree portfast
!
interface FastEthernet0/11
spanning-tree portfast
!
interface FastEthernet0/12
spanning-tree portfast
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
ip address 192.168.2.249 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN3
ip address 192.168.3.249 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end
Sw2-down#


本文出自 “skyyue” 博客，请务必保留此出处http://skyyue.blog.51cto.com/159530/30768