🍭实验环境
本次集训营实验拓扑一共有三部分组成,其中总部的内网是双层架构,边界设备是一台防火墙;分支的内部架构相对而言简单一点,边界和总部一样,布置一台防火墙。不管是总部还是分部,内网都使用IPv6,第三个部分是运营商部分,因为一些原因运营商网络没有迁移到IPv6,内网全部都是IPv4。
🍭实验需求
1️⃣要求总部、分部的IPv6主机可以访问运营商的IPv4服务器。
2️⃣要求总部内部的IPv6主机和分支内部的IPv6主机通过整个公网来互相访问。
🍭具体配置
一、总部
📝LSW1
vlan batch 14 15 100
int g0/0/3
port link-type access
port default vlan 100
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 14
quit
int g0/0/2
port link-type access
port default vlan 15
quit
ipv6
int vlan 100
ipv6 enable
ipv6 address 2001:0:0:100::1 64
quit
int vlan 14
ipv6 enable
ipv6 address 2001:0:0:14::1 64
quit
int vlan 15
ipv6 enable
ipv6 address 2001:0:0:15::1 64
quit
undo stp enable
📝LSW2
vlan batch 24 25 200
int g0/0/3
port link-type access
port default vlan 200
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 24
quit
int g0/0/2
port link-type access
port default vlan 25
quit
ipv6
int vlan 200
ipv6 enable
ipv6 address 2001:0:0:200::2 64
quit
int vlan 24
ipv6 enable
ipv6 address 2001:0:0:24::2 64
quit
int vlan 25
ipv6 enable
ipv6 address 2001:0:0:25::2 64
quit
undo stp enable
📝LSW3
vlan batch 34 35 300
int g0/0/3
port link-type access
port default vlan 300
stp edged-port enable
quit
int g0/0/1
port link-type access
port default vlan 34
quit
int g0/0/2
port link-type access
port default vlan 35
quit
ipv6
int vlan 300
ipv6 enable
ipv6 address 2001:0:0:300::3 64
quit
int vlan 34
ipv6 enable
ipv6 address 2001:0:0:34::3 64
quit
int vlan 35
ipv6 enable
ipv6 address 2001:0:0:35::3 64
quit
undo stp enable
📝LSW4
vlan batch 14 24 34 41 45
ipv6
int g0/0/3
port link-type access
port default vlan 34
quit
int g0/0/1
port link-type access
port default vlan 14
quit
int g0/0/2
port link-type access
port default vlan 24
quit
int g0/0/4
port link-type access
port default vlan 41
quit
int g0/0/24
port link-type access
port default vlan 45
quit
int vlan 14
ipv6 enable
ipv6 address 2001:0:0:14::4 64
quit
int vlan 24
ipv6 enable
ipv6 address 2001:0:0:24::4 64
quit
int vlan 34
ipv6 enable
ipv6 address 2001:0:0:34::4 64
quit
int vlan 41
ipv6 enable
ipv6 address 2001:0:0:41::4 64
quit
int vlan 45
ipv6 enable
ipv6 address 2001:0:0:45::4 64
quit
undo stp enable
📝LSW5
vlan batch 15 25 35 45 51
ipv6
int g0/0/3
port link-type access
port default vlan 35
quit
int g0/0/1
port link-type access
port default vlan 15
quit
int g0/0/2
port link-type access
port default vlan 25
quit
int g0/0/24
port link-type access
port default vlan 45
quit
int g0/0/5
port link-type access
port default vlan 51
quit
int vlan 15
ipv6 enable
ipv6 address 2001:0:0:15::5 64
quit
int vlan 25
ipv6 enable
ipv6 address 2001:0:0:25::5 64
quit
int vlan 35
ipv6 enable
ipv6 address 2001:0:0:35::5 64
quit
int vlan 45
ipv6 enable
ipv6 address 2001:0:0:45::5 64
quit
int vlan 51
ipv6 enable
ipv6 address 2001:0:0:51::5 64
quit
undo stp enable
接下来我们做一下防火墙的配置
📝FW1:(默认用户名:admin 密码: Admin123)
ipv6
int g1/0/0
ipv6 enable
ipv6 add 2001:0:0:41::1 64
quit
int g1/0/1
ipv6 enable
ipv6 add 2001:0:0:51::1 64
quit
int g1/0/2
ip add 100.1.11.1 24
quit
int g1/0/3
ip add 100.1.12.1 24
quit
firewall zone trust
add interface g1/0/0
add interface g1/0/1
quit
firewall zone untrust
add interface g1/0/2
add interface g1/0/3
quit
security-policy
default action permit
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N] y //这里为警告提示我们输入y(yes)即可.
quit
int g1/0/0
service-manage ping permit
quit
int g1/0/1
service-manage ping permit
quit
int g1/0/2
service-manage ping permit
quit
int g1/0/3
service-manage ping permit
quit
ospfv3 10
router-id 100.100.100.100
quit
int g1/0/0
ospfv3 10 area 0
int g1/0/1
ospfv3 10 area 0
quit
ospfv3 10
default-route-advertise always
下一步我们来运行ospf
📝LSW1
ospfv3 10
router-id 1.1.1.1
quit
int vlan 100
ospfv3 10 area 0
int vlan 14
ospfv3 10 area 0
int vlan 15
ospfv3 10 area 0
quit
📝LSW2
ospfv3 10
router-id 2.2.2.2
quit
int vlan 200
ospfv3 10 area 0
int vlan 24
ospfv3 10 area 0
int vlan 25
ospfv3 10 area 0
📝LSW3
ospfv3 10
router-id 3.3.3.3
quit
int vlan 300
ospfv3 10 area 0
int vlan 34
ospfv3 10 area 0
int vlan 35
ospfv3 10 area 0
quit
📝LSW4
ospfv3 10
router-id 4.4.4.4
quit
int vlan 14
ospfv3 10 area 0
int vlan 24
ospfv3 10 area 0
int vlan 34
ospfv3 10 area 0
int vlan 45
ospfv3 10 area 0
int vlan 41
ospfv3 10 area 0
quit
📝LSW5
ospfv3 10
router-id 5.5.5.5
quit
int vlan 15
ospfv3 10 area 0
int vlan 25
ospfv3 10 area 0
int vlan 35
ospfv3 10 area 0
int vlan 45
ospfv3 10 area 0
int vlan 51
ospfv3 10 area 0
quit
二、运营商
📝ISP1
int g0/0/0
ip add 100.1.11.2 24
quit
int g0/0/1
ip add 100.1.100.1 24
quit
ospf 10 router-id 1.1.1.1
area 0
net 100.1.11.2 0.0.0.0
net 100.1.100.1 0.0.0.0
quit
silent-interface g0/0/0
quit
📝ISP2
int g0/0/0
ip add 100.1.12.2 24
quit
int g0/0/1
ip add 100.1.100.2 24
quit
ospf 10 router-id 2.2.2.2
area 0
net 100.1.12.2 0.0.0.0
net 100.1.100.2 0.0.0.0
quit
silent-interface g0/0/0
quit
📝ISP3
int g0/0/0
ip add 100.1.100.3 24
quit
int g0/0/1
ip add 100.1.23.3 24
quit
ospf 10 router-id 3.3.3.3
area 0
net 100.1.23.3 0.0.0.0
net 100.1.100.3 0.0.0.0
quit
silent-interface g0/0/1
quit
📝ISP4
int g0/0/0
ip add 100.1.100.4 24
quit
int g0/0/1
ip add 100.1.200.4 24
quit
ospf 10 router-id 4.4.4.4
area 0
net 100.1.200.4 0.0.0.0
net 100.1.100.4 0.0.0.0
quit
silent-interface g0/0/1
quit
📝FW1
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
net 100.1.100.2 0.0.0.0
quit
silent-interface g0/0/0
quit
**📝ISP3**
int g0/0/0
ip add 100.1.100.3 24
quit
int g0/0/1
ip add 100.1.23.3 24
quit
ospf 10 router-id 3.3.3.3
area 0
net 100.1.23.3 0.0.0.0
net 100.1.100.3 0.0.0.0
quit
silent-interface g0/0/1
quit
**📝ISP4**
int g0/0/0
ip add 100.1.100.4 24
quit
int g0/0/1
ip add 100.1.200.4 24
quit
ospf 10 router-id 4.4.4.4
area 0
net 100.1.200.4 0.0.0.0
net 100.1.100.4 0.0.0.0
quit
silent-interface g0/0/1
quit
**📝FW1**
[外链图片转存中...(img-ZNNBkgRA-4701986039536)]
[外链图片转存中...(img-sFVfzYSn-4701986039537)]
**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**