该实验涉及网络划分、OSPF协议配置、DR选举、DHCP服务、收敛速度优化及访问控制策略。通过172.16.0.0/16网络划分,实现多区域OSPF,确保网络更新安全。R1被设定为DR,PC1作为外网节点与其他设备互访。R7作为运营商仅配置IP,PC1远程登录R7实则访问R4。此外,配置了防止PC5回ping PC3的安全策略,并允许PC4 ping R6但禁止其登录。
目录
1.拓扑图
2.实验要求
1.使用172.16.0.0/16划分网络
2.使用ospf协议合理规划区域保证更新安全
3.加快收敛速度
4.R1为DR没有BDR
5.pc2345自动获取ip地址
PC1为外网,要求可以互相访问
6.R7为运营商只能配置IP地址
7.pc1远程登录R7实际登录r4
8.pc4可以ping通R6但不能登录R6
9.pc3能pingPC5但PC5不能PINGpc3
3.实验步骤
3.1划分网段
172.16.0.0 /19
172.16.32.0 /19
172.16.64.0 /19
172.16.96.0 /19
172.16.128.0 /19
172.16.160.0 /19
172.16.192.0 /19
172.16.224.0 /19
3.2配置接口ip
3.3开启ospf
ospf
area 1
network 172.16.1.0 0.0.0.255
network 6.6.6.6 0.0.0.03.4开启dhcp
vlan batch 2 3
interface e0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface e0/0/2
port link-type access
port default vlan 2
interface e0/0/3
port link-type access
port default vlan 33.5加快收敛
ospf timer hello 53.6R1为DR没有BDR
[r2-GigabitEthernet0/0/1]ospf dr-priority 0
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 172.16.32.3(GigabitEthernet0/0/0)'s neighbors
Router ID: 2.2.2.2 Address: 172.16.32.1
State: Full Mode:Nbr is Master Priority: 0
DR: 172.16.32.3 BDR: None MTU: 0
Dead timer due in 33 sec
Retrans timer interval: 5
Neighbor is up for 00:01:05
Authentication Sequence: [ 0 ]
Router ID: 3.3.3.3 Address: 172.16.32.2
State: Full Mode:Nbr is Master Priority: 0
DR: 172.16.32.3 BDR: None MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 00:00:46
Authentication Sequence: [ 0 ] 3.7PC1为外网,要求可以互相访问
[r6]ip route-static 0.0.0.0 0 10.1.1.2
[r6-ospf-1]default-route-advertise
[r6]acl 2000
[r6-acl-basic-2000]rule permit source any
[r6]interface g0/0/1
[r6-GigabitEthernet0/0/1]nat outbound 20003.8Pc3能pingPC5但PC5不能PINGpc3
[r5-acl-adv-3000]rule deny icmp source 192.168.4.254 0 destination 192.168.2.254
0 icmp-type echo
[r5-GigabitEthernet0/0/1]traffic-filter inbound acl 30003.98.pc4可以ping通R6但不能登录R6
[r5-acl-adv-3000]rule deny tcp source 192.168.4.254 0 destination 172.16.128.2 0
destination-port eq 23
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
