实验需求
- 按照图示配置 IP 地址(省略)
- SW1 和 SW2 之间的直连链路配置链路聚合
- 公司内部业务网段为 Vlan10 和 Vlan20;Vlan10 是市场部,Vlan20 是技术部,要求对 Vlan 进行命名以便识别;PC1 属于 Vlan10,PC2 属于 Vlan20,Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居;Vlan111 为 SW1 和 R1 的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan
- 所有交换机相连的端口配置为 Trunk,允许相关流量通过
- 交换机连接 PC 的端口配置为边缘端口
- 在 SW1 上配置 DHCP 服务,为 Vlan10 和 Vlan20 的 PC 动态分配 IP 地址、网关和 DNS 地址;要求 Vlan10 的网关是
192.168.1.252
,Vlan20 的网关是192.168.2.253
- 按图示分区域配置 OSPF 实现公司内部网络全网互通,ABR 的环回口宣告进骨干区域;业务网段不允许出现协议报文
- R1 上配置默认路由指向互联网,并引入到 OSPF
- R1 通过双线连接到互联网,配置 PPP-MP,并配置双向 chap 验证
- 配置 EASY IP,只有业务网段
192.168.1.0/24
和192.168.2.0/24
的数据流可以通过 R1 访问互联网 - R1 开启 TELNET 远程管理,使用用户
abc
登录,密码abc
,只允许技术部远程管理 R1
链路聚合
[SW1]interface Bridge-Aggregation 1 #创建聚合组
[SW1-Bridge-Aggregation1]interface GigabitEthernet 1/0/1 #进入接口G1/0/1
[SW1-GigabitEthernet1/0/1]port link-aggregation group 1 #加入聚合组
[SW1-GigabitEthernet1/0/1]interface GigabitEthernet 1/0/2 #进入接口G1/0/2
[SW1-GigabitEthernet1/0/2]port link-aggregation group 1 #加入聚合组[SW1-GigabitEthernet1/0/2]display link-aggregation summary
SW2同理
[SW1]interface Bridge-Aggregation 1
[SW1-Bridge-Aggregation1]port link-type trunk
[SW1-Bridge-Aggregation1]port trunk permit vlan 10 20 30
边缘端口
[SW3]interface GigabitEthernet 1/0/3
[SW3-GigabitEthernet1/0/3]stp edged-port
[SW3-GigabitEthernet1/0/3]interface GigabitEthernet 1/0/4
[SW3-GigabitEthernet1/0/4]stp edged-port
OSPF
R1
[R1]ospf router-id 10.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.3
[R1-ospf-1-area-0.0.0.0]network 10.0.0.14 0.0.0.3
[R1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0[R1-ospf-1-area-0.0.0.0]area 1
[R1-ospf-1-area-0.0.0.1]network 10.0.0.5 0.0.0.3R2
[R2]ospf router-id 10.1.1.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.0.2 0.0.0.3
[R2-ospf-1-area-0.0.0.0]network 10.0.0.18 0.0.0.3
[R2-ospf-1-area-0.0.0.0]network 10.1.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]area 1
[R2-ospf-1-area-0.0.0.1]network 10.0.0.9 0.0.0.3R3
[R3]ospf router-id 10.1.1.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.0.13 0.0.0.3
[R3-ospf-1-area-0.0.0.0]network 10.0.0.17 0.0.0.3
[R3-ospf-1-area-0.0.0.0]network 10.1.1.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]network 192.168.3.254 0.0.0.3SW1
[SW1]ospf router-id 10.1.1.11
[SW1-ospf-1]area 1
[SW1-ospf-1-area-0.0.0.1]network 10.0.0.4 0.0.0.3
[SW1-ospf-1-area-0.0.0.1]network 10.1.1.11 0.0.0.0
[SW1-ospf-1-area-0.0.0.1]network 10.1.2.0 0.0.0.3
[SW1-ospf-1-area-0.0.0.1]network 192.168.1.0 0.0.0.255[SW1-ospf-1-area-0.0.0.1]network 192.168.2.0 0.0.0.255
[SW1-ospf-1]silent-interface Vlan-interface 10
[SW1-ospf-1]silent-interface Vlan-interface 20
SW2
[SW2]ospf router-id 10.1.1.12
[SW2-ospf-1]area 1
[SW2-ospf-1-area-0.0.0.1]network 10.0.0.10 0.0.0.3
[SW2-ospf-1-area-0.0.0.1]network 10.1.1.12 0.0.0.0
[SW2-ospf-1-area-0.0.0.1] network 10.1.2.2 0.0.0.3
[SW2-ospf-1-area-0.0.0.1]network 192.168.1.253 0.0.0.255
SW2-ospf-1-area-0.0.0.1]network 192.168.2.253 0.0.0.255[SW2-ospf-1]silent-interface Vlan-interface 10
[SW2-ospf-1]silent-interface Vlan-interface 20
DHCP
[SW1]dhcp server ip-pool 1
[SW1-dhcp-pool-1]network 192.168.1.0 mask 255.255.255.0
[SW1-dhcp-pool-1]gateway-list 192.168.1.252
[SW1-dhcp-pool-1]dns-list 8.8.8.8
[SW1-dhcp-pool-1]qu
[SW1]dhcp server ip-pool 2
[SW1-dhcp-pool-2]network 192.168.2.0 mask 255.255.255.0
[SW1-dhcp-pool-2]gateway-list 192.168.2.253
[SW1-dhcp-pool-2]dns-list 8.8.8.8
PPP-MP
[R1]interface MP-group 1
[R1-MP-group1]interface Serial 1/0
[R1-Serial1/0]ppp mp MP-group 1
[R1-Serial1/0]interface Serial 2/0
[R1-Serial2/0]ppp mp MP-group 1
[R1]local-user wangdaye class network
[R1-luser-network-wangdaye]password simple 123
[R1-luser-network-wangdaye]service-type ppp
[R1-luser-network-wangdaye]intface Serial 1/0
[R1-Serial1/0]ppp authentication-mode chap
[R1-Serial1/0]ppp chap user wangdaye[R1-Serial1/0]interface Serial 2/0
[R1-Serial2/0]ppp authentication-mode chap
[R1-Serial2/0]ppp chap user wangdaye[R1-Serial2/0]interface MP-group 1
[R1-MP-group1]ip address 202.100.1.2 30
[INTERNET]interface MP-group 1
[INTERNET-MP-group1]interface Serial 1/0
[INTERNET-Serial1/0]ppp mp MP-group 1
[INTERNET-Serial1/0]interface Serial 2/0
[INTERNET-Serial2/0]ppp mp MP-group 1
[INTERNET]local-user wangdaye class network
[INTERNET-luser-network-wangdaye]password simple 123
[INTERNET-luser-network-wangdaye]service-type ppp
[INTERNET-luser-network-wangdaye]intface Serial 1/0
[INTERNET-Serial1/0]ppp authentication-mode chap
[INTERNET-Serial1/0]ppp chap user wangdaye[INTERNET-Serial1/0]interface Serial 2/0
[INTERNET-Serial2/0]ppp authentication-mode chap
[INTERNET-Serial2/0]ppp chap user wangdaye[INTERNET-Serial2/0]interface MP-group 1
[INTERNET-MP-group1]ip address 202.100.1.1 30
路由引入
[R1-ospf-1]default-route-advertise
EASY IP
[R1]acl basic 2000
[R1-acl-ipv4-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R1-acl-ipv4-basic-2000]rule permit source 192.168.2.0 0.0.0.255[R1]interface MP-group 1
[R1-MP-group1]nat outbound 2000
TELNET
[R1]telnet server enable
[R1]local-user abc
[R1-luser-manage-abc]password simple abc
[R1-luser-manage-abc]service-type telnet
[R1-luser-manage-abc]authorization-attribute user-role level-15
[R1]user-interface vty 0 4
[R1-line-vty0-4]authentication-mode scheme[R1]acl basic 2001
[R1-acl-ipv4-basic-2001]rule permit source 192.168.2.0 0.0.0.255[R1-acl-ipv4-basic-2001]qu
[R1]telnet server acl 2001