实验拓扑及需求
配置所需的IP地址
配置Telnet,要求园区网内所有设备均支持远程管理
配置Trunk,交换机之间链路均为Trunk模式
配置Vlan,SW2与SW3上创建相关VLAN,关联4台PC到对应的VLAN接口
配置MLS,通过SW1实现VLAN间路由
配置DHCP,使SW1可以为各个VLAN内主机分配地址
配置STP,使SW1成为所有VLAN的根桥,要求手动修改优先级为4096
配置OSPF,企业网内为进程1
配置缺省路由与NAT,R1上配置静态缺省路由,SW1通过OSPF学习缺省路由
配置NAT,在R1上配置EasyIP
配置PPP,R1与R2之间封装协议为PPP,使用CHAP认证
配置OSPF,运营商网络为进程2
配置DNS,通过www.ayanami.com访问HTTP服务器,通过www.izuminoa.com访问FTP服务器
配置ACL,在R1上配置ACL,拒绝VLAN 20的流量访问HTTP服务器
配置
直接给出各个设备配置,不逐一按要求分步列出。
SW1:
sysname SW1
#
undo info-center enable
#
vlan batch 10 12 20 30 40 50
#
stp instance 0 priority 4096
#
dhcp enable
#
aaa
local-user admin password simple ayanami
local-user admin privilege level 15
local-user admin service-type telnet
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.1
#
interface Vlanif12
ip address 192.168.12.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.1
#
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.1
#
interface Vlanif40
ip address 192.168.40.254 255.255.255.0
dhcp select interface
dhcp server dns-list 3.0.0.1
#
interface Vlanif50
ip address 192.168.50.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 12
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 192.168.0.0 0.0.255.255
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
SW2:
sysname SW2
#
undo info-center enable
#
vlan batch 10 20 30 40 50
#
dhcp enable
#
aaa
local-user admin password simple ayanami
local-user admin privilege level 15
local-user admin service-type telnet
#
interface Vlanif50
ip address 192.168.50.2 255.255.255.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
SW3:
sysname SW3
#
undo info-center enable
#
vlan batch 10 20 30 40 50
#
dhcp enable
#
aaa
local-user admin password simple ayanami
local-user admin privilege level 15
local-user admin service-type telnet
#
interface Vlanif50
ip address 192.168.50.3 255.255.255.0
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type access
port default vlan 30
#
interface Ethernet0/0/3
port link-type access
port default vlan 40
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
R1:
sysname R1
#
board add 0/4 2SA
#
acl number 2000
rule 1 permit
#
acl number 3000
rule 1 deny tcp source 192.168.20.0 0.0.0.255 destination 4.0.0.1 0 destination
-port eq www
#
aaa
local-user admin password cipher %$%$~sn^$)7\*0J*n6'!{LM0gq58%$%$
local-user admin privilege level 15
local-user admin service-type telnet
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user pppadmin
ppp chap password simple pppayanami
ip address 12.0.0.1 255.255.255.0
nat outbound 2000
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.12.2 255.255.255.0
traffic-filter inbound acl 3000
#
ospf 1 router-id 2.2.2.2
default-route-advertise
area 0.0.0.0
network 192.168.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 Serial4/0/0
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
R2:
sysname R2
#
board add 0/4 2SA
#
undo info-center enable
#
aaa
local-user pppadmin password cipher %$%$+%\~//=&`X*P,<,=|fFQgx:;%$%$
local-user pppadmin service-type ppp
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
ip address 12.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 23.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 24.0.0.2 255.255.255.0
#
ospf 2 router-id 2.2.2.2
area 0.0.0.0
network 12.0.0.0 0.0.0.255
network 23.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255
#
R3:
sysname R3
#
undo info-center enable
#
interface GigabitEthernet0/0/0
ip address 23.0.0.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 34.0.0.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 3.0.0.254 255.255.255.0
#
ospf 2 router-id 3.3.3.3
area 0.0.0.0
network 3.0.0.0 0.0.0.255
network 23.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255
#
R4:
sysname R4
#
undo info-center enable
#
interface GigabitEthernet0/0/0
ip address 24.0.0.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 34.0.0.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 4.0.0.254 255.255.255.0
#
ospf 2 router-id 4.4.4.4
area 0.0.0.0
network 4.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255