1.划分子网
2.配置VLAN
LSW1
[LSW1]vlan 2
[LSW1-vlan2]q
[LSW1]vlan 3
[LSW1-vlan3]q
[LSW1]port-group group-member g0/0/2 to g0/0/3
[LSW1-port-group]port link-type access
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/3]port link-type access
[LSW1-port-group]port default vlan 2
[LSW1-GigabitEthernet0/0/2]port default vlan 2
[LSW1-GigabitEthernet0/0/3]port default vlan 2
[LSW1]int g0/0/4
[LSW1-GigabitEthernet0/0/4]port link-type access
[LSW1-GigabitEthernet0/0/4]port de
[LSW1-GigabitEthernet0/0/4]port default vlan 3
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port l t
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
LSW2
[LSW2]vlan 2
[LSW2-vlan2]q
[LSW2]vlan 3
[LSW2-vlan3]q
[LSW2]int g0/0/2
[LSW2-GigabitEthernet0/0/2] p l a
[LSW2-GigabitEthernet0/0/2] p d v 2
[LSW2-GigabitEthernet0/0/2]q
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]p l a
[LSW2-GigabitEthernet0/0/3]p d v 3
[LSW2-GigabitEthernet0/0/3]q
[LSW2]int g 0/0/1
[LSW2-GigabitEthernet0/0/1]port l t
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
配置VLAN对应子接口
R1
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]ip add 192.168.1.33 27
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
[R1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]ip add 192.168.1.65 27
[R1-GigabitEthernet0/0/0.2]dot1q termination v 3
[R1-GigabitEthernet0/0/0.2]arp broadcast enable
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.1 30
R2
[R2]int g0/0/0.1
[R2-GigabitEthernet0/0/0.1]ip add 192.168.1.97 27
[R2-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R2-GigabitEthernet0/0/0.1]arp broadcast en
[R2]int g0/0/0.2
[R2-GigabitEthernet0/0/0.2]ip add 192.168.1.129 27
[R2-GigabitEthernet0/0/0.2]dot1q termination vid 3
[R2-GigabitEthernet0/0/0.2]arp broadcast en
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.1.2 30
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]ip add 12.0.0.1 24
配置R3接口
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 1.1.1.1 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 12.0.0.2 24
3. 配置DHCP
R1
[R1]dhcp en
[R1]ip pool aa
[R1-ip-pool-aa]network 192.168.1.32 mask 27
[R1-ip-pool-aa]gateway-list 192.168.1.33
[R1-ip-pool-aa]dns-list 114.114.114.114
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dhcp select global
[R1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]dhcp s g
注:HTTP服务器不能通过DHCP自动获取IP地址,所以需手动配置
R2
[R2]dhcp en
[R2]ip pool bb
[R2-ip-pool-bb]network 192.168.1.96 mask 27
[R2-ip-pool-bb]gateway-list 192.168.1.97
[R2-ip-pool-bb]dns-list 114.114.114.114
[R2]ip pool cc
[R2-ip-pool-cc]network 192.168.1.128 mask 27
[R2-ip-pool-cc]gateway-list 192.168.1.129
[R2-ip-pool-cc]dns-list 114.114.114.114
[R2-ip-pool-cc]int g0/0/0.1
[R2-GigabitEthernet0/0/0.1]dhcp s g
[R2-GigabitEthernet0/0/0.1]int g0/0/0.2
[R2-GigabitEthernet0/0/0.2]dhcp s g
[R2-GigabitEthernet0/0/0.2]q
4.启动OSPF协议
R1
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
R2
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
在R2配置一条缺省路由
[R2]ip route-static 0.0.0.0 0 12.0.0.2
[R2-ospf-1]default-route-advertise
5.配置需求5
开启R1 telnet服务
[R1]aaa
[R1-aaa]local-user xxx privilege level 15 password cipher 123456
Info: Add a new user.
[R1-aaa]local-user xxx service-type telnet
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
添加ACL
[R1]acl 3000
[R1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1
.33 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.62 0.0.0.0 destination 192.168.1
.65 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]q
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
实现PC1-PC4访问PC5
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R2]int g 0/0/2
[R2-GigabitEthernet0/0/2]nat outbound 2000
6.配置需求7
在R2出接口配置端口映射
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 in
side 192.168.1.66 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
可通过IP地址访问HTTP服务器
然后配置DNS服务器
再用域名进行访问
7.R3 Telnet R1
在R2上映射23号端口
[R2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
成功Telnet R1