实验拓扑与要求如下所示:
1、R6为ISP,接口IP地址均为公有地址,该设备只能配置IP地址,之后不能再对其进行任何配置;
2、R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
3、R1、R2、R4,各有两个环回IP地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;
4、R3下面的两台PC通过DHCP自动获取IP地址;
5、选路最佳,路由表尽量小,避免环路;
6、R1-R5均可以访问R6的环回;
7、R6 telnet R5的公有地址时,实际登录到R1上;
8、R4与R5正常通过1000M链路,故障时通过100m链路;
分析:
1.实验中已经分析出各网段所需要的IP地址,先配置出各网段的IP,注意环回地址的配置
2.R3上需要配置DHCP服务,两台PC上需要将IPV4模式改为DHCP
3.内网各路由器之间使用静态路由表配置IP,外网由于R6只能进行IP配置,故需要在R5处配置缺省路由,同时,为避免环路,还需要在R1,R2,R4处配置缺省路由避免环路
4.R1-R5想要访问R6的环回,需要使用NAT,同时再配置一个缺省路由到R5的外网接口
5.在R1上配置telnet服务,链路问题只需修改优先级即可,由于ensp路由默认优先级是60,只需大于60即可
实验开始:
首先是IP的配置,这里以R1为例
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.68.1.1 30
Mar 24 2024 11:35:49-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R1-GigabitEthernet0/0/0]q
[R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.5 30
Mar 24 2024 11:36:19-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
[R1]int l0
[R1-LoopBack0]ip add 192.168.1.33 28
[R1-LoopBack0]int l1
[R1-LoopBack1]ip add 192.168.1.49 28
进入相应的接口之后,根据分析好的网段配置相应的Ip地址及环回地址
接下来,在R3处启动DHCP服务:
[R3]dhcp e
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]ip pool aaa
Info: It's successful to create an IP address pool.
[R3-ip-pool-aaa]network 192.168.1.96 mask 27
[R3-ip-pool-aaa]gateway-list 192.168.1.97
[R3-ip-pool-aaa]dns-list 114.114.114.114
[R3-ip-pool-aaa]
随后在接口处声明:
[R3-GigabitEthernet0/0/2]dhcp select global
电脑输入ipconfig显示获取成功
下面编写静态路由,为了防止静态路由漏写,我们一般采用顺时针的方式进行编写:
以R1和R2为例:
[R1]ip rou
[R1]ip route
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.6
[R1]ip route-static 192.168.1.16 30 192.168.1.6
[R1]ip route-static 192.168.1.16 30 192.168.1.2
[R1]ip route-static 192.168.1.160 27 192.168.1.2
[R1]ip route-static 192.168.1.160 27 192.168.1.6
[R1]ip route-static 192.168.1.20 30 192.168.1.6
[R1]ip route-static 192.168.1.20 30 192.168.1.2
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R1]ip route-static 192.168.1.96 27 192.168.1.6
R2
[R2]ip rou
[R2]ip route
[R2]ip route-static 192.168.1.128 27 192.168.1.10
[R2]ip route-static 192.168.1.16 30 192.168.1.10
[R2]ip route-static 192.168.1.160 27 192.168.1.10
[R2]ip route-static 192.168.1.12 30 192.168.1.10
[R2]ip route-static 192.168.1.20 30 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.32 27 192.168.1.1
编写好后可用display ip routing-table查看
外网通:
[R5]ip rou
[R5]ip route
[R5]ip route-static 0.0.0.0 0 12.0.0.2
发现操作成功
接下来是防环处理,需要在各路由接口上进行汇总:
[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0
欲使R1-R5全部访问R6环回,需要做NAT配置以及缺省路由:
[R5]acl 2000
[R5-acl-basic-2000]rule permit
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]q
[R5]int g0/0/2
[R5-GigabitEthernet0/0/2]nat o
[R5-GigabitEthernet0/0/2]nat outbound 2000
[R5-GigabitEthernet0/0/2]
R1-R4:
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
[R2]ip route-static 0.0.0.0 0 192.168.1.10
[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R4]ip route-static 0.0.0.0 0 192.168.1.22
实现了内外网通信
接下来使telnet远程登陆:
[R1]aaa
[R1-aaa]lo
[R1-aaa]local-user lt pr
[R1-aaa]local-user lt privilege le
[R1-aaa]local-user lt privilege level 15 opa
[R1-aaa]local-user lt privilege level 15 pa
[R1-aaa]local-user lt privilege level 15 password c
[R1-aaa]local-user lt privilege level 15 password cipher 123456
[R1-aaa]lo
[R1-aaa]local-user lt
[R1-aaa]local-user lt se
[R1-aaa]local-user lt service-type t
[R1-aaa]local-user lt service-type telnet
[R1-aaa]us
[R1-aaa]user-in
[R1-aaa]q
[R1]user-i
[R1]user-interface vty 0 4
[R1-ui-vty0-4]au
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]
在R5处进行端口映射:
[R5]int g 0/0/2
[R5-GigabitEthernet0/0/2]nat server p
[R5-GigabitEthernet0/0/2]nat server protocol t
[R5-GigabitEthernet0/0/2]nat server protocol tcp g
[R5-GigabitEthernet0/0/2]nat server protocol tcp global cu
[R5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 in
[R5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
就实现了R6 telnet R5的公有地址时,实际登录到R1上
最后一个,在华为中,优先级数字越高,优先级越低,所以我们只需要在R4和R5处分别将192.168.1.20/30这个网段的优先级调至>60即可
R4上,由于前面设置了环回地址,所以只需要对环回地址进行更改即可:
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
在R5上,由于没有相应的环回地址,只能一个一个的申明:
[R5]ip route-static 192.168.1.0 30 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.4 30 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.8 30 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.12 30 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.32 27 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.64 27 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.96 27 192.168.1.21 preference 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.128 27 192.168.1.21 preference 61
Info: Succeeded in modifying route.
就实现了R4与R5正常通过1000M链路,故障时通过100m链路; 因为此时1000M优先级高于100M,所以正常时都是通过1000M链路。
扫一扫
721
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
