如何解决CCNA安全实验室:保护第二层交换机的数据包跟踪器问题
我正在这个实验室工作
https://ccnasec.com/6-3-1-1-lab-securing-layer-2-switches-instructor-version.html
在Packet Tracer中,但是有一部分程序挂起,因为它不起作用。接下来,我显示运行配置R1,SW1,SW2。
运行配置R1
Building configuration...
Current configuration : 1227 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.4
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool CCNAS
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
ip dhcp pool 20Users
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX15243825-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1.99
encapsulation dot1Q 99
ip address 192.168.99.1 255.255.255.0
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
运行配置S1
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 0
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
switchport trunk native vlan 99
switchport mode trunk
switchport port-security
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
!
end
运行配置S2
Current configuration : 1543 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW2
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
spanning-tree guard root
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
!
end
我的问题是下一步
步骤8:将活动端口移动到默认VLAN 1以外的VLAN。
将当前活动访问(非中继)端口添加到新VLAN。
S1 (config) # interface f0 / 6
S1 (config-if-range) # switchport access vlan 20
S2 (config) # interface f0 / 18
S2 (config-if) # switchport access vlan 20
R1此时,R1> SW1> SW2> PCA> PCB之间没有通信
和下一步
第4部分:配置DHCP侦听 DHCP侦听是一项Cisco Catalyst功能,可确定哪些交换机端口可以响应DHCP请求。它仅允许授权的DHCP服务器响应DHCP请求并将网络信息分发给客户端。
Task 1: Set Up DHCP
Step 1: Set up DHCP on R1 for VLAN 1.
R1(config)# ip dhcp pool CCNAS
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.1.1
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.4
Step 2: Set up DHCP on R1 for VLAN 20.
R1(config)# ip dhcp pool 20Users
R1(dhcp-config)# network 192.168.20.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.20.1
R1(config)# ip dhcp excluded-address 192.168.20.1
Task 2: Configure Inter-VLAN Communication
Step 1: Configure subinterfaces on R1.
R1(config)# interface g0/1
R1(config-if)# shutdown
R1(config-if)# no ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# int g0/1.1
R1(config-if)# encapsulation dot1q 1
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# int g0/1.20
R1(config-if)# encapsulation dot1q 20
R1(config-if)# ip address 192.168.20.1 255.255.255.0
R1(config-if)# int g0/1.99
R1(config-if)# encapsulation dot1q 99
R1(config-if)# ip address 192.168.99.1 255.255.255.0
Step 2: Configure S1 interface f0/5 as a trunk port.
S1(config)# int f0/5
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
在第4步中执行此过程时,F0 / 5接口将关闭,而在尝试再次将其打开时,它将仅保持30秒钟并再次关闭。
注意:我尚未应用ip ssh的安全性部分,使其能够在不使用用户名和密码的情况下正常工作
您能帮助我了解我在做什么吗?
我已经多次完成了整个过程,但连接断开了,无法恢复。
PKT文件https://wetransfer.com/downloads/efcb58784881990b3f1add1649a9d38620200904090646/c39691
如果要下载
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。