diff --git a/6_vpn/IP表.png b/6_vpn/IP表.png new file mode 100644 index 0000000..f8f77fb Binary files /dev/null and b/6_vpn/IP表.png differ diff --git a/ne_vpn/{7B735C26-65A4-4059-8265-98FAD0DBAE2B}.png.jpg b/6_vpn/step1.jpg similarity index 100% rename from ne_vpn/{7B735C26-65A4-4059-8265-98FAD0DBAE2B}.png.jpg rename to 6_vpn/step1.jpg diff --git a/ne_vpn/{8E277068-2A40-483C-8069-2C51CB0692B0}.png.jpg b/6_vpn/step10.jpg similarity index 100% rename from ne_vpn/{8E277068-2A40-483C-8069-2C51CB0692B0}.png.jpg rename to 6_vpn/step10.jpg diff --git a/ne_vpn/{D73A95D5-0296-4D50-A411-A8F52164C73E}.png.jpg b/6_vpn/step11.jpg similarity index 100% rename from ne_vpn/{D73A95D5-0296-4D50-A411-A8F52164C73E}.png.jpg rename to 6_vpn/step11.jpg diff --git a/ne_vpn/{29A7C7CA-5BAB-4791-A363-F6475A069191}.png.jpg b/6_vpn/step12.jpg similarity index 100% rename from ne_vpn/{29A7C7CA-5BAB-4791-A363-F6475A069191}.png.jpg rename to 6_vpn/step12.jpg diff --git a/ne_vpn/{82410AA6-91C9-4E1C-B4F8-26185D56DFAA}.png.jpg b/6_vpn/step13.jpg similarity index 100% rename from ne_vpn/{82410AA6-91C9-4E1C-B4F8-26185D56DFAA}.png.jpg rename to 6_vpn/step13.jpg diff --git a/ne_vpn/{9953C14E-EA88-4422-82CC-49EB64DFA6C2}.png.jpg b/6_vpn/step2.jpg similarity index 100% rename from ne_vpn/{9953C14E-EA88-4422-82CC-49EB64DFA6C2}.png.jpg rename to 6_vpn/step2.jpg diff --git a/ne_vpn/{ABE2D2B6-170D-439F-B3B5-EC687894B252}.png.jpg b/6_vpn/step3.jpg similarity index 100% rename from ne_vpn/{ABE2D2B6-170D-439F-B3B5-EC687894B252}.png.jpg rename to 6_vpn/step3.jpg diff --git a/ne_vpn/{B406A215-EA98-499D-8FEB-1315B932806C}.png.jpg b/6_vpn/step4.jpg similarity index 100% rename from ne_vpn/{B406A215-EA98-499D-8FEB-1315B932806C}.png.jpg rename to 6_vpn/step4.jpg diff --git a/ne_vpn/{30171CF0-AB86-4E88-8E8F-0DE67A0096B1}.png.jpg b/6_vpn/step5.jpg similarity index 100% rename from ne_vpn/{30171CF0-AB86-4E88-8E8F-0DE67A0096B1}.png.jpg rename to 6_vpn/step5.jpg diff --git a/ne_vpn/{A7BB7E20-7872-4120-B4B8-AC32BE319418}.png.jpg b/6_vpn/step6.jpg similarity index 100% rename from ne_vpn/{A7BB7E20-7872-4120-B4B8-AC32BE319418}.png.jpg rename to 6_vpn/step6.jpg diff --git a/ne_vpn/{B7F35491-A1C6-4D0C-A852-94CA938F52F5}.png.jpg b/6_vpn/step7.jpg similarity index 100% rename from ne_vpn/{B7F35491-A1C6-4D0C-A852-94CA938F52F5}.png.jpg rename to 6_vpn/step7.jpg diff --git a/ne_vpn/{D89C734F-BB96-4A51-B87C-EE9D4415062E}.png.jpg b/6_vpn/step8.jpg similarity index 100% rename from ne_vpn/{D89C734F-BB96-4A51-B87C-EE9D4415062E}.png.jpg rename to 6_vpn/step8.jpg diff --git a/ne_vpn/{31DD2B8B-35D8-4040-B2AD-792319C6CC4D}.png.jpg b/6_vpn/step9.5.jpg similarity index 100% rename from ne_vpn/{31DD2B8B-35D8-4040-B2AD-792319C6CC4D}.png.jpg rename to 6_vpn/step9.5.jpg diff --git a/ne_vpn/{CA534DD1-232F-4463-A867-73D86F921978}.png.jpg b/6_vpn/step9.jpg similarity index 100% rename from ne_vpn/{CA534DD1-232F-4463-A867-73D86F921978}.png.jpg rename to 6_vpn/step9.jpg diff --git a/6_vpn/vpn.pdf b/6_vpn/vpn.pdf index 95b53ad..3ebd3e6 100644 Binary files a/6_vpn/vpn.pdf and b/6_vpn/vpn.pdf differ diff --git a/6_vpn/vpn.typ b/6_vpn/vpn.typ index be94682..7f92d01 100644 --- a/6_vpn/vpn.typ +++ b/6_vpn/vpn.typ @@ -65,7 +65,7 @@ = 实验环境 == 实验背景 #para[ - 网工系的学生正在学习VPN技术,需要通过实验验证VPN实例在网络隔离中的应用。为此,需要搭建一个简单的网络拓扑,包括三台路由器和四台PC,通过配置VPN实例实现不同网络之间的数据隔离。 + 本实验模拟企业网络场景。利用VPN实例技术实现公司内员工所用电脑 client1 不可访问管理client4和client2;公司内管理员所用电脑client2不可访问管理client3和client1。 ] == 实验设备 @@ -78,7 +78,8 @@ [*设备名称*], [*设备型号*], [*设备数量*] ), - "路由器", "华为AR6120-S", "3", + "路由器", "华为AR6120-S", "2", + "交换机", "华为S5735", "1", "PC", "联想启天M410\nWindows 10", "4", )] #para[ @@ -90,88 +91,63 @@ #para[ 按实验背景,绘制拓扑图如下: ] - #figure(image("实验拓扑.png",format: "png",fit:"stretch",width: 100%),caption: "实验拓扑图") + #figure(image("拓扑图.png",format: "png",fit:"stretch",width: 100%),caption: "实验拓扑图") #para[ - 要求将红框内的PC1、PC3划分到一个VPN实例中。 + 要求将CLIENT1、CLIENT3和CLIENT2、CLIENT4分别划分到一个VPN实例中。 ] #pagebreak() == 按照拓扑图接线 #para[ 按照拓扑图接线。 ] - #figure(image("机柜正面连线.jpg",format: "jpg",fit:"stretch",width: 50%),caption: "机柜正面接线图") - #figure(image("机柜背面连线.jpg",format: "jpg",fit:"stretch",width: 50%),caption: "机柜背面接线图") + #figure(image("正面.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "机柜正面接线图") + #figure(image("背面.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "机柜背面接线图") #pagebreak() == 配置基本网络 -=== 配置PC - - 配置PC1的IP地址为`192.168.10.1/24`,网关为`192.168.10.2`; - - 配置PC2的IP地址为`192.168.20.1/24`,网关为`192.168.20.2`; - - 配置PC3的IP地址为`192.168.30.1/24`,网关为`192.168.30.2`; - - 配置PC4的IP地址为`192.168.40.1/24`,网关为`192.168.40.2`。 +=== 配置PC和路由器以及交换机Vlanif的IP地址 #para[ - 步骤简单,展示图略。 + 配置IP如下表所示: ] -=== 配置路由器IP地址 + #figure(image("IP表.png",format: "png",fit:"stretch",width: 80%),caption: "IP地址表") #para[ - 按照拓扑图配置路由器的IP地址。配置AR1的G0/0/0口IP地址为 + 具体配置命令较为简单,此处不再赘述,以下为部分步骤截图: ] -1. 配置AR1路由器: - - 接口 `GE 0/0/0` 连接到 `AR3`,IP地址为 `192.168.60.2`。 - - 接口 `GE 0/0/1` 连接到 `PC3`,IP地址为 `192.168.30.2`。 -#figure(image("ar1ip.png",format: "png",fit:"stretch",width: 60%),caption: "配置AR1的IP地址") + #figure(image("step1.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "IP配置步骤示例(1)") + #figure(image("step2.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "IP配置步骤示例(2)") + #figure(image("step3.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "IP配置步骤示例(3)") + #figure(image("step4.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "IP配置步骤示例(4)") -2. 配置AR2路由器: - - 接口 `GE 0/0/0` 连接到 `AR3`,IP地址为 `192.168.80.2`。 - - 接口 `GE 0/0/1` 连接到 `PC4`,IP地址为 `192.168.40.2`。 -#figure(image("ar2ip.png",format: "png",fit:"stretch",width: 60%),caption: "配置AR2的IP地址") -3. 配置AR3路由器: - - 接口 `GE 0/0/0` 连接到 `PC1`,IP地址为 `192.168.10.2`。 - - 接口 `GE 0/0/1` 连接到 `PC2`,IP地址为 `192.168.20.2`。 - 注意拓扑图中的`Ethernet0/0/0`和`Ethernet0/0/1`分别对应`GE 0/0/3`和`GE 0/0/2`: - - 接口 `GE 0/0/2` 连接到 `AR2`,IP地址为 `192.168.80.1`。 - - 接口 `GE 0/0/3` 连接到 `AR1`,IP地址为 `192.168.60.1`。 -#figure(image("ar3ip.jpg",format: "jpg",fit:"stretch",width: 70%),caption: "配置AR3的IP地址") -=== 配置RIP协议使互通 +=== 在LSW1上建立VPN实例 #para[ - 本次实验使用RIP协议,配置路由器使得各个网络互通: + 首先需要在LSW1上创建两个VPN实例,分别用于隔离Vlan 20和Vlan 200上的流量。 ] - #figure(image("ar1rip.png",format: "png",fit:"stretch",width: 60%),caption: "在AR1上配置RIP协议") - #figure(image("ar2rip.png",format: "png",fit:"stretch",width: 60%),caption: "在AR2上配置RIP协议") - #figure(image("ar3rip.jpg",format: "jpg",fit:"stretch",width: 60%),caption: "在AR3上配置RIP协议") + #figure(image("step8.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "激活Vlanif接口") + #figure(image("step9.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "创建VPN实例vpn_employee和vpn_admin") + #figure(image("step9.5.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "创建管理VPN实例 (vpn_admin)") + #pagebreak() #para[ - 此时在PC4(`192.168.40.1/24`)上ping其他三台主机,发现可以互通: -] - #figure(image("配置vpn前_2.jpg",format: "jpg",fit:"stretch",width: 90%),caption: "PC2 ping其他主机") -== 配置VPN实例 -=== 创建VPN实例 + 接下来需要将VLAN接口绑定到对应的VPN实例并配置IP。 +] + #figure(image("step5.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "在Vlan 20上绑定VPN实例并设置IP地址") + #figure(image("step6.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "在Vlan 200上绑定VPN实例并设置IP地址") + #figure(image("step7.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "在Vlan 10上绑定VPN实例并设置IP地址") #para[ - 在AR1上创建VPN实例`wlxvpn`,并为该实例设置RD值为`100:1`: + 最后只需要在LSW上配置路由并在路由器配置回程路由即可。 ] - #figure(image("ar3vpn.jpg",format: "jpg",fit:"stretch",width: 70%),caption: "创建VPN实例并设置RD值") -#para[ - 并配置接口`GE 0/0/0`、`GE 0/0/2`绑定到该实例: -] - #figure(image("ar3binding.jpg",format: "jpg",fit:"stretch",width: 70%),caption: "绑定接口") -#para[ - 如下图@qingkong,绑定之后接口的配置会被清空,需要重新设置接口的IP地址: -] - #figure(image("ar3ip_2.jpg",format: "jpg",fit:"stretch",width: 70%),caption: "重新设置接口IP地址") -=== 配置VPN实例的路由 -#para[ - 向`wlxvpn`的路由表中创建RIP进程,进程号为100,并且该进程与VPN实例`wlxvpn`进行绑定。设备在该RIP进程中所学习到的路由会加载到`wlxvpn`的路由表中。 -] - #figure(image("ar3vpnrip.png",format: "png",fit:"stretch",width: 50%),caption: "配置RIP进程") -#para[ - 此时可以测试一下VPN的连通性: -] - #figure(image("vpnpingPC1.png",format: "png",fit:"stretch",width: 80%),caption: "AR3 ping PC1") + #figure(image("step11.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "在 LSW1 上为VPN实例配置路由") + #figure(image("step12.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "在 AR1 上配置回程路由,AR2 同理") +#pagebreak() == 结果检验 #para[ - 在PC1上分别ping PC2与PC3,发现PC1与PC2无法通信,PC1与PC3可以通信: + 在LSW1上查看VPN实例信息,确认配置成功: ] - #figure(image("配置vpn后.jpg",format: "jpg",fit:"stretch",width: 100%),caption: "PC1分别ping VPN内外的主机") + #figure(image("step10.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "查看VPN实例信息") #para[ - 说明VPN实例`wlxvpn`的配置成功,实现了PC1与PC2等的数据隔离。 + 在CLIENT1上分别ping CLIENT2, CLIENT3与CLIENT4,发现CLIENT1与CLIENT2, CLIENT4无法通信,CLIENT1与CLIENT3可以通信: +] + #figure(image("step13.jpg",format: "jpg",fit:"stretch",width: 80%),caption: "CLIENT1分别ping VPN内外的主机") +#para[ + 说明VPN实例`vpn_employee`和`vpn_admin`的配置成功,实现了CLIENT1与CLIENT2等的数据隔离。 ] = 实验总结 #para[ @@ -184,5 +160,5 @@ // #h(0.5em) #it.body ] -// #pagebreak() -// #bibliography("ref.yml",full: true,title: "参考文献",style:"gb-7714-2015-numeric") \ No newline at end of file +#pagebreak() +#bibliography("ref.yml",full: true,title: "参考文献",style:"gb-7714-2015-numeric") \ No newline at end of file diff --git a/6_vpn/拓扑图.png b/6_vpn/拓扑图.png new file mode 100644 index 0000000..fbcb50e Binary files /dev/null and b/6_vpn/拓扑图.png differ diff --git a/ne_vpn/PXL_20250930_091136627.jpg b/6_vpn/正面.jpg similarity index 100% rename from ne_vpn/PXL_20250930_091136627.jpg rename to 6_vpn/正面.jpg diff --git a/ne_vpn/PXL_20250930_091128409.jpg b/6_vpn/背面.jpg similarity index 100% rename from ne_vpn/PXL_20250930_091128409.jpg rename to 6_vpn/背面.jpg diff --git a/ne_vpn/{3E21C43D-554C-4B35-BCAF-0C1EEABC0E88}.png.jpg b/ne_vpn/{3E21C43D-554C-4B35-BCAF-0C1EEABC0E88}.png.jpg deleted file mode 100644 index c55761a..0000000 Binary files a/ne_vpn/{3E21C43D-554C-4B35-BCAF-0C1EEABC0E88}.png.jpg and /dev/null differ diff --git a/ne_vpn/{A78BDB10-7D69-481D-9394-311784AD6605}.png.jpg b/ne_vpn/{A78BDB10-7D69-481D-9394-311784AD6605}.png.jpg deleted file mode 100644 index 56c3106..0000000 Binary files a/ne_vpn/{A78BDB10-7D69-481D-9394-311784AD6605}.png.jpg and /dev/null differ diff --git a/ne_vpn/{EAD67E2D-5AB8-42A7-9554-9ECD7B55B193}.png.jpg b/ne_vpn/{EAD67E2D-5AB8-42A7-9554-9ECD7B55B193}.png.jpg deleted file mode 100644 index 41cf0df..0000000 Binary files a/ne_vpn/{EAD67E2D-5AB8-42A7-9554-9ECD7B55B193}.png.jpg and /dev/null differ diff --git a/ne_vpn/{FCDCE2EC-8C0B-4AB7-A04B-10A6A7B8FB1F}.png.jpg b/ne_vpn/{FCDCE2EC-8C0B-4AB7-A04B-10A6A7B8FB1F}.png.jpg deleted file mode 100644 index db96cf9..0000000 Binary files a/ne_vpn/{FCDCE2EC-8C0B-4AB7-A04B-10A6A7B8FB1F}.png.jpg and /dev/null differ diff --git a/ne_vpn/{FDECDAD3-BFA9-4007-9AF3-E2135C364744}.png.jpg b/ne_vpn/{FDECDAD3-BFA9-4007-9AF3-E2135C364744}.png.jpg deleted file mode 100644 index 0888a88..0000000 Binary files a/ne_vpn/{FDECDAD3-BFA9-4007-9AF3-E2135C364744}.png.jpg and /dev/null differ diff --git a/ne_vpn/{FF008E41-5E26-4E69-9487-E27227E6C666}.png.jpg b/ne_vpn/{FF008E41-5E26-4E69-9487-E27227E6C666}.png.jpg deleted file mode 100644 index 5f5abe6..0000000 Binary files a/ne_vpn/{FF008E41-5E26-4E69-9487-E27227E6C666}.png.jpg and /dev/null differ