静态路由实验

 1、R6为ISP，接口IP地址均为公有地址，该设备只能配置IP地址，之后不能再对其进行任何配置；
2、R1-R5为局域网，私有IP地址192.168.1.0/24，请合理分配；
3、R1、R2、R4，各有两个环回IP地址；R5,R6各有一个环回地址；所有路由器上环回均代表连接用户的接口；
4、R3下面的两台PC通过DHCP自动获取IP地址；
5、选路最佳，路由表尽量小，避免环路；
6、R1-R5均可以访问R6的环回；
7、R6 telnet R5的公有地址时，实际登录到R1上；
8、R4与R5正常通过1000M链路，故障时通过100m链路；

首先更改设备名称以免后续无法分辨

[Huawei]sysname AR1 

[Huawei]sysname AR2

[Huawei]sysname AR3 

[Huawei]sysname AR4 

[Huawei]sysname AR5 

给每个接口配上IP，后续用 display ip interface brief 命令查看接口是否双up

[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.1.9 30

[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 192.168.1.5 30
[AR3]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 192.168.1.10 30
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 192.168.1.13 30

[AR3-GigabitEthernet0/0/1]int g0/0/2

[AR3-GigabitEthernet0/0/2]ip add 192.168.1.97 27

[AR4]int g 0/0/0
[AR4-GigabitEthernet0/0/0]ip add 192.168.1.6 30
[AR4-GigabitEthernet0/0/0]int g0/0/1

[AR4-GigabitEthernet0/0/1]ip add 192.168.1.14 30

[AR4-GigabitEthernet0/0/1]int g0/0/2
[AR4-GigabitEthernet0/0/2]ip add 192.168.1.17 30

[AR4-GigabitEthernet0/0/2]int g4/0/0
[AR4-GigabitEthernet4/0/0]ip add 192.168.1.21 30

[AR5]int g 0/0/0
[AR5-GigabitEthernet0/0/0]ip add 192.168.1.18 30

[AR5-GigabitEthernet0/0/0]int g0/0/2
[AR5-GigabitEthernet0/0/2]ip add 192.168.1.22 30
[AR5-GigabitEthernet0/0/2]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip add 12.0.0.5 24

[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip add 12.0.0.6 24

给要求的路由器配上环回地址

[AR1]int l0
[AR1-LoopBack0]ip add 192.168.1.33 28
[AR1-LoopBack0]int l1
[AR1-LoopBack1]ip add 192.168.1.49 28
[AR2]int l0
[AR2-LoopBack0]ip add 192.168.1.65 28
[AR2-LoopBack0]int l1
[AR2-LoopBack1]ip add 192.168.1.81 28
[AR4]int l0
[AR4-LoopBack0]ip add 192.168.1.129 28
[AR4-LoopBack0]int l1
[AR4-LoopBack1]ip add 192.168.1.145 28
[AR5]int l0
[AR5-LoopBack0]ip add 192.168.1.169 27
[AR6]int l0
[AR6-LoopBack0]ip add 1.1.1.6 24

在AR3打开DHCP服务为pc分配ip 

首先创建地址池，随便取个名字例如a

 [AR3]dhcp enable 

[AR3]ip pool a

给地址池分配网段，网关和dns 

[AR3-ip-pool-a]network 192.168.1.96 mask 27
[AR3-ip-pool-a]gateway-list 192.168.1.97
[AR3-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
 

在连接连接交换机分配地址的接口打开DHCP的全局服务 

 [AR3]int g0/0/2

[AR3-GigabitEthernet0/0/2]dhcp select global

右键PC将地址改为DHCP获取并在命令行输入ipconfig查询分配的地址（多试一次，可能会有延迟） 

 

给每个路由器配置 静态路由，后续用display ip routing-table protocol static 查看静态路由信息

 [AR1]ip route-static 192.168.1.64 27 192.168.1.2
[AR1]ip route-static 192.168.1.4 30 192.168.1.2
[AR1]ip route-static 192.168.1.128 27 192.168.1.2
[AR1]ip route-static 192.168.1.128 27 192.168.1.10
[AR1]ip route-static 192.168.1.16 30 192.168.1.2
[AR1]ip route-static 192.168.1.16 30 192.168.1.10
[AR1]ip route-static 192.168.1.168 27 192.168.1.2

[AR1]ip route-static 192.168.1.168 27 192.168.1.10

[AR1]ip route-static 192.168.1.20 30 192.168.1.2

[AR1]ip route-static 192.168.1.20 30 192.168.1.10

[AR1]ip route-static 192.168.1.12 30 192.168.1.10

[AR1]ip route-static 192.168.1.96 27 192.168.1.10

[AR2]ip route-static 192.168.1.128 27 192.168.1.6
[AR2]ip route-static 192.168.1.16 30 192.168.1.6
[AR2]ip route-static 192.168.1.168 27 192.168.1.6
[AR2]ip route-static 192.168.1.20 30 192.168.1.6
[AR2]ip route-static 192.168.1.12 30 192.168.1.6
[AR2]ip route-static 192.168.1.96 27 192.168.1.6
[AR2]ip route-static 192.168.1.96 27 192.168.1.1
[AR2]ip route-static 192.168.1.8 30 192.168.1.1
[AR2]ip route-static 192.168.1.32 27 192.168.1.1

 [AR3]ip route-static 192.168.1.32 27 192.168.1.9
[AR3]ip route-static 192.168.1.0 30 192.168.1.9
[AR3]ip route-static 192.168.1.64 27 192.168.1.9
[AR3]ip route-static 192.168.1.64 27 192.168.1.14
[AR3]ip route-static 192.168.1.4 30 192.168.1.14
[AR3]ip route-static 192.168.1.128 27 192.168.1.14
[AR3]ip route-static 192.168.1.16 30 192.168.1.14
[AR3]ip route-static 192.168.1.168 27 192.168.1.14

[AR4]ip route-static 192.168.1.96 27 192.168.1.13
[AR4]ip route-static 192.168.1.8 30 192.168.1.13
[AR4]ip route-static 192.168.1.32 27 192.168.1.13
[AR4]ip route-static 192.168.1.32 27 192.168.1.5
[AR4]ip route-static 192.168.1.0 30 192.168.1.5
[AR4]ip route-static 192.168.1.64 27 192.168.1.5
[AR4]ip route-static 192.168.1.168 27 192.168.1.18
[AR4]ip route-static 192.168.1.168 27 192.168.1.22

[AR5]ip route-static 192.168.1.128 27 192.168.1.1
[AR5]ip route-static 192.168.1.128 27 192.168.1.21
[AR5]ip route-static 192.168.1.12 30 192.168.1.17
[AR5]ip route-static 192.168.1.12 30 192.168.1.21
[AR5]ip route-static 192.168.1.96 27 192.168.1.17
[AR5]ip route-static 192.168.1.96 27 192.168.1.21
[AR5]ip route-static 192.168.1.8 30 192.168.1.17
[AR5]ip route-static 192.168.1.8 30 192.168.1.21 
[AR5]ip route-static 192.168.1.32 27 192.168.1.17
[AR5]ip route-static 192.168.1.32 27 192.168.1.21
[AR5]ip route-static 192.168.1.0 30 192.168.1.17
[AR5]ip route-static 192.168.1.0 30 192.168.1.21
[AR5]ip route-static 192.168.1.64 27 192.168.1.17
[AR5]ip route-static 192.168.1.64 27 192.168.1.21
[AR5]ip route-static 192.168.1.4 30 192.168.1.17
[AR5]ip route-static 192.168.1.4 30 192.168.1.21 

 破除路由环路

[AR1]ip route-static 192.168.1.32 27 NULL 0

[AR2]ip route-static 192.168.1.64 27 NULL 0
[AR4]ip route-static 192.168.1.128 27 NULL 0

测试全网通

 

 在AR5上设置基础acl允许流量通过

基础acl只需要源地址，而高级acl还需要目标地址

[AR5]acl 2000
[AR5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 

[AR5]int g0/0/1   
[AR5-GigabitEthernet0/0/1]nat outbound 2000

配置缺省路由

[AR1]ip route-static 0.0.0.0 0 192.168.1.2
[AR1]ip route-static 0.0.0.0 0 192.168.1.10 

[AR2]ip route-static 0.0.0.0 0 192.168.1.6

[AR3]ip route-static 0.0.0.0 0 192.168.1.14

[AR4]ip route-static 0.0.0.0 0 192.168.1.18
[AR4]ip route-static 0.0.0.0 0 192.168.1.22
[AR5]ip route-static 0.0.0.0 0 12.0.0.6

用AR1测试 一下能不能ping通

 

用aaa模式创建一个用户并设置加密密码，并将权限等级提至最高 ，并为用户提供远程登陆模式

[AR1]aaa 

[AR1-aaa]local-user abc password cipher 123 privilege level 15
[AR1-aaa]local-user abc service-type  telnet

为用户创建组群（0 1为两个人类推）并将登陆模式设为aaa 

[AR1]user-interface vty 0 1
[AR1-ui-vty0-1]authentication-mode aaa 

 端口映射

[AR5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 in
side 192.168.1.1 23

将100M路径的优先级提高，则将优先通过1000M路径

[AR4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61

[AR5]ip route-static 192.168.1.0 30 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.4 30 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.8 30 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.12 30 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.32 27 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.64 27 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.96 27 192.168.1.21 preference 6
[AR5]ip route-static 192.168.1.128 27 192.168.1.21 preference 61