ensp之静态路由综合实验

Smiling Mr. Rui

已于 2024-01-21 22:07:50 修改

阅读量980

点赞数 2

分类专栏：网络文章标签：服务器运维

于 2023-08-03 18:33:17 首次发布

本文链接：https://blog.csdn.net/AXDRXS/article/details/131926990

版权

网络专栏收录该内容

60 篇文章 4 订阅

订阅专栏

一、实验题目

本次实验涉及知识点包括但不限于：IP地址配置、环回地址配置、合理进行子网汇总、缺省路由、空路由接口、浮动静态路由、ACL表规则撰写、动态NAT网络地址转换、端口映射、远程登陆等知识点。

二、实验思路

2.1 规划IP地址

根据题目要求，私网以192.168.1.0/24为母网，划分子网，R1、R2、R4、R5各有环回接口，为方便子网汇总，骨干链路需要6个网段，且要留空余网段，2的三次方=8>6，则借三位：

192.168.1.0/27 1.0/30 1.4/30 1.8/30 1.12/30 1.16/30 1.20/30 1.24/30 1.28/30 划分主干道网段

192.168.1.32/27 1.32/28 1.48/28

192.168.1.64/27 1.64/28 1.80/28

192.168.1.96/27 1.96/28 1.112/28

192.168.1.128/27 1.128/28 1.144/28

192.168.1.160/27 1.160/28 1.176/28

192.168.1.192/27

192.168.1.224/27

2.2 缺省路由（默认路由）

每一台路由器上通过缺省对外网进行流量访问，再补充静态路由实现内网全网可达

2.3 子网汇总

写静态路由时，两个环回直接汇总为一条，减少路由条目，合理利用空路由接口，避免环路

2.4 NAT与ACL

编写ACL规则允许外网流量进入内网，用端口映射将LSP路由登录到R1

2.5 浮动静态路由

R4、R5之间链路通过修改静态路由优先级进行切换

三、实验步骤

3.1 新建拓扑

打开华为模拟器ENSP，根据题目搭建拓扑，分为内网外网

3.2 配置接口IP

R1：

[r1]int lo0
[r1-LoopBack0]ip add 192.168.1.33 28
[r1-LoopBack0]int lo1
[r1-LoopBack1]ip add 192.168.1.49 28
[r1-LoopBack1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.5 30

R2-R6配置与R1类似，不做展示

3.3 开启dhcp服务

<r3>sys
Enter system view, return user view with Ctrl+Z.
[r3]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]ip pool 1
Info: It's successful to create an IP address pool.       
[r3-ip-pool-1]network 192.168.1.96 mask 27
[r3-ip-pool-1]gateway-list 192.168.1.97
[r3-ip-pool-1]dns-list 114.114.114.114 8.8.8.8 
[r3-ip-pool-1]q
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global 
[r3-GigabitEthernet0/0/2]q

PC1与PC2自动获取到IP地址

3.4 空接口防环

进行子网汇总的都要进行NULL接口，防止环路产生

[r1]ip route-static 192.168.1.32 27 NULL 0
[r2]ip route-static 192.168.1.64 27 NULL 0
[r4]ip route-static 192.168.1.128 27 NULL 0
[r5]ip route-static 192.168.1.160 27 NULL 0

3.5 撰写ACL表

通过编写规则让外网流量可以进入192.168.1.0这个私网，从而使全网互通


[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]int g0/0/2
[r5-GigabitEthernet0/0/2]nat outbound 2000

3.6 远程登陆

NAT的端口映射让R6可以通过登录边界路由器的端口从而登录到R1

打开R1的telnet服务
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]aaa
[r1-aaa]local-user wl privilege level 15 password cipher 123456
Info: Add a new user.    
[r1-aaa]local-user wl service-type telnet 
[r1-aaa]q
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r1-ui-vty0-4]q

在R5边界接口上进行端口映射
[r5]int g0/0/2
[r5-GigabitEthernet0/0/2]nat static protocol tcp  global current-interface 23 inside 192.168.1.33 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[r5-GigabitEthernet0/0/2]q

3.7 修改优先级

R4路由器上修改
[r4]ip route-static 0.0.0.0 0 192.168.1.18 preference 70
R5路由器上也要修改
[r5]ip route-static 192.168.1.0 255.255.255.252 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.4 255.255.255.252 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.17 pr 70
[r5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.17 pr 70

优先级为60的链路关闭后，优先级为70的链路浮动上来，进行使用

四、测试

全网可达：

<r1>ping -a 192.168.1.33 192.168. 1.161
                                  ^
Error:Too many parameters found at '^' position.
<r1>ping -a 192.168.1.33 192.168.1.161 
  PING 192.168.1.161: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Reply from 192.168.1.161: bytes=56 Sequence=4 ttl=253 time=60 ms
    Reply from 192.168.1.161: bytes=56 Sequence=5 ttl=253 time=40 ms

  --- 192.168.1.161 ping statistics ---
    5 packet(s) transmitted
    2 packet(s) received
    60.00% packet loss
    round-trip min/avg/max = 40/50/60 ms

<r1>ping -a 192.168.1.33 192.168.1.126
  PING 192.168.1.126: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.1.126: bytes=56 Sequence=2 ttl=127 time=50 ms
    Reply from 192.168.1.126: bytes=56 Sequence=3 ttl=127 time=50 ms
    Reply from 192.168.1.126: bytes=56 Sequence=4 ttl=127 time=60 ms
    Reply from 192.168.1.126: bytes=56 Sequence=5 ttl=127 time=40 ms

  --- 192.168.1.126 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 40/50/60 ms

<r1>ping -a 192.168.1.33 192.168.1.125
  PING 192.168.1.125: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.1.125: bytes=56 Sequence=2 ttl=127 time=50 ms
    Reply from 192.168.1.125: bytes=56 Sequence=3 ttl=127 time=50 ms
    Reply from 192.168.1.125: bytes=56 Sequence=4 ttl=127 time=60 ms
    Reply from 192.168.1.125: bytes=56 Sequence=5 ttl=127 time=50 ms

  --- 192.168.1.125 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 50/52/60 ms

<r1>ping -a 192.168.1.33 192.168.1.65 
  PING 192.168.1.65: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.65: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 192.168.1.65: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 192.168.1.65: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 192.168.1.65: bytes=56 Sequence=4 ttl=255 time=20 ms
    Reply from 192.168.1.65: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 192.168.1.65 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/30/60 ms

<r1>ping -a 192.168.1.33 192.168.1.129
  PING 192.168.1.129: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.129: bytes=56 Sequence=1 ttl=254 time=30 ms
    Reply from 192.168.1.129: bytes=56 Sequence=2 ttl=254 time=40 ms
    Reply from 192.168.1.129: bytes=56 Sequence=3 ttl=254 time=30 ms
    Reply from 192.168.1.129: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 192.168.1.129: bytes=56 Sequence=5 ttl=254 time=40 ms

  --- 192.168.1.129 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/36/40 ms

<r1>ssy
    ^
Error: Unrecognized command found at '^' position.
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]ip rou
[r1]ip route-
[r1]ip route-static 192.168.1.32 27 n
[r1]ip route-static 192.168.1.32 27 NULL 0
[r1]ping 12.0.0.1
  PING 12.0.0.1: 56  data bytes, press CTRL_C to break
    Reply from 12.0.0.1: bytes=56 Sequence=1 ttl=253 time=40 ms
    Reply from 12.0.0.1: bytes=56 Sequence=2 ttl=253 time=30 ms
    Reply from 12.0.0.1: bytes=56 Sequence=3 ttl=253 time=40 ms
    Reply from 12.0.0.1: bytes=56 Sequence=4 ttl=253 time=40 ms
    Reply from 12.0.0.1: bytes=56 Sequence=5 ttl=253 time=30 ms

  --- 12.0.0.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/36/40 ms

[r1]ping -a 192.168.1.33 1.1.1.1
  PING 1.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=252 time=50 ms
    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=252 time=70 ms
    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=252 time=40 ms
    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=252 time=40 ms
    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=252 time=40 ms

  --- 1.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/70 ms

PC端可访问外网：