要求:
1,公网设备只配置IP地址
2,全网可达
3,外网设备不允许存在私网路由
4,内网设备不允许存在公网路由
5,test-1可以登录telnet server,而test-2不可以
6,PC1可以访问test-1,PC2不可以
7,PC使用DHCP获取IP地址
分析:1、给各个路由接口配上IP
2、在AR1和AR2上配置DHCP让pc端获得IP
3、启动ospf进程,手工配置RID,area 1为公网 area 2为私网,然后宣告路由
4、在telnet路由器上启用telnet服务
5、AR1启用高级ACL,在0/0/1口调用
AR2启用高级ACL,在0/0/1口调用
第一步配置路由IP
AR1上:
[AR1]int g 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[AR1-GigabitEthernet0/0/0]int g 0/0/1
[AR1-GigabitEthernet0/0/1]ip add
[AR1-GigabitEthernet0/0/1]ip address 192.168.12.1 24
Telnet server上:
[Telnet]int g 0/0/0
[Telnet-GigabitEthernet0/0/0]ip add
[Telnet-GigabitEthernet0/0/0]ip address 192.168.1.2 24
AR2上:
[AR2]int g 0/0/0
[AR2-GigabitEthernet0/0/0]ip add
[AR2-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[AR2-GigabitEthernet0/0/0]int g 0/0/1
[AR2-GigabitEthernet0/0/1]ip add
[AR2-GigabitEthernet0/0/1]ip address 192.168.12.2 24
[AR2-GigabitEthernet0/0/1]int g 0/0/2
[AR2-GigabitEthernet0/0/2]ip ad
[AR2-GigabitEthernet0/0/2]ip address 23.0.0.1 24
AR3上:
[AR3]int g 0/0/0
[AR3-GigabitEthernet0/0/0]ip add
[AR3-GigabitEthernet0/0/0]ip address 23.0.0.2 24
[AR3-GigabitEthernet0/0/0]int g 0/0/1
[AR3-GigabitEthernet0/0/1]ip add
[AR3-GigabitEthernet0/0/1]ip address 34.0.0.1 24
test-1上:
[test-1]int g 0/0/0
[test-1-GigabitEthernet0/0/0]ip add
[test-1-GigabitEthernet0/0/0]ip address 34.0.0.2 24
test-2上:
[test-2]int g0/0/0
[test-2-GigabitEthernet0/0/0]ip add
[test-2-GigabitEthernet0/0/0]ip address 34.0.0.3 24
第二步在AR1与AR2中配置DHCP服务使pc有IP
AR1上:
[AR1-GigabitEthernet0/0/1]q
[AR1]dhcp ena
[AR1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR1]ip pool aaa
Info: It's successful to create an IP address pool.
[AR1-ip-pool-aaa]network 192.168.1.0 mask 24
[AR1-ip-pool-aaa]get
[AR1-ip-pool-aaa]ga
[AR1-ip-pool-aaa]gateway-list 192.168.1.1
[AR1-ip-pool-aaa]dns
[AR1-ip-pool-aaa]dns-list 8.8.8.8[AR1-ip-pool-aaa]q
[AR1]int g 0/0/0
[AR1-GigabitEthernet0/0/0]dhcp sse
[AR1-GigabitEthernet0/0/0]dhcp se
[AR1-GigabitEthernet0/0/0]dhcp select g
[AR1-GigabitEthernet0/0/0]dhcp select global
AR2上:
[AR2-GigabitEthernet0/0/2]q
[AR2]dhcp e
[AR2]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR2]ip pool aaa
Info: It's successful to create an IP address pool.
[AR2-ip-pool-aaa]network 192.168.2.0 mask 24
[AR2-ip-pool-aaa]dns
[AR2-ip-pool-aaa]gate
[AR2-ip-pool-aaa]gateway-list 192.168.2.1
[AR2-ip-pool-aaa]dns
[AR2-ip-pool-aaa]dns-list 8.8.8.8
[AR2-ip-pool-aaa]q
[AR2]int g 0/0/0
[AR2-GigabitEthernet0/0/0]dhcp
[AR2-GigabitEthernet0/0/0]dhcp s
[AR2-GigabitEthernet0/0/0]dhcp select g
[AR2-GigabitEthernet0/0/0]dhcp select global
检查pc端是否有IP:
第三步启动opsf,配RID,宣告IP信息
在telnet server上:
[Telnet]ospf 1 r
[Telnet]ospf 1 router-id 1.1.1.1
[Telnet-ospf-1]area 0
[Telnet-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
在AR1上:
[AR1]ospf 1 ro
[AR1]ospf 1 router-id 2.2.2.2
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]net
[AR1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 192.168.12.1 0.0.0.0
在AR2上:
[AR2-GigabitEthernet0/0/0]q
[AR2]ospf 1 rou
[AR2]ospf 1 router-id 3.3.3.3
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 192.168.12.2 0.0.0.0AR2-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]q
[AR2-ospf-1]q
[AR2]ospf 1 rou
[AR2]ospf 1 router-id 3.3.3.3
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]net
[AR2-ospf-1-area-0.0.0.1]network 23.0.0.1 0.0.0.0
在AR3上:
[AR3]ospf 1 rou
[AR3]ospf 1 router-id 4.4.4.4
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]net
[AR3-ospf-1-area-0.0.0.1]network 23.0.0.2 0.0.0.0
[AR3-ospf-1-area-0.0.0.1]network 34.0.0.1 0.0.0.0
在test-1上:
[test-1]ospf 1 r
[test-1]ospf 1 router-id 5.5.5.5
[test-1-ospf-1]area 1
[test-1-ospf-1-area-0.0.0.1]netw
[test-1-ospf-1-area-0.0.0.1]network 34.0.0.3 0.0.0.0
在test-2上:
[test-2]ospf 1 r
[test-2]ospf 1 router-id 6.6.6.6
[test-2-ospf-1]area 1
[test-2-ospf-1-area-0.0.0.1]net
[test-2-ospf-1-area-0.0.0.1]network 34.0.0.3 0.0.0.0
第四步在telnet server路由上启用telnet协议
telnet上:
[Telnet-ospf-1-area-0.0.0.0]q
[Telnet-ospf-1]q
[Telnet]user-group 1
[Telnet-user-group-1]user-interface vty 0 4
[Telnet-ui-vty0-4]authentication-mode aaa
[Telnet-ui-vty0-4]q
[Telnet]aa
[Telnet-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[Telnet-aaa]local-user huawei privilege level 15
[Telnet-aaa]local-user huawei service-type telnet
第五步在AR1的0/0/1口配置高级ACL表;AR2的0/0/2口配置映射,0/0/1口配置高级ACL表
AR1上
[AR1]acl 3000
[AR1-acl-adv-3000]rule permit tcp source 192.168.1.2 0 destination 34.0.0.2 0
[AR1-acl-adv-3000]rule deny tcp source 192.168.1.2 0 destination 34.0.0.3 0 dest
ination-port eq 23
[AR1-acl-adv-3000]q
[AR1]int g 0/0/1
[AR1-GigabitEthernet0/0/1]traffic-filter outbound acl 3000
AR2上配置映射:
[AR2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telne
t inside 192.168.1.2 telnet
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
再在AR2上配置ACL表
[AR2]acl 3000
[AR2-acl-adv-3000]rule deny ip source 192.168.2.254 0.0.0.0 destination 34.0.0.2
0.0.0.0
[AR2-acl-adv-3000]q
[AR2]int g 0/0/1
[AR2-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
第七步进行测试要求 5、test1登录telnet 要求 6、 pc1 ping test1 pc2 ping test2
命令太多 直接截图:
telnet出现问题 应该使acl表写反了