静态综合实验

1：合理子网划分

192.168.1.0/24

192.168.1.000 00000/27---骨干链路

192.168.1.000 000 00/30 ---- 192.168.1.0/30

192.168.1.001 0010 00/30----192.168.1.4/30

192.168.1.000 010 00/30----192.168.1.8/30

192.168.1.000 011 00/30----192.168.1.12/30

192.168.1.000 100 00/30----192.168.1.16/30

192.168.1.000 101 00/30----192.168.1.20/30

192.168.1.000 110 00/30(保留地址)

192.168.1.000 111 00/30

192.168.1.001 00000/27---r1----192.168.1.32/27

192.168.1.001 0 0000/28  -- 192.168.1.32/28

192.168.1.001 1 0000/28  -- 192.168.1.48/28

192.168.1.0100 0000/27---r2---192.168.1.64/27

192.168.1.010 0 0000/28  --192.168.1.64/28

192.168.1.010 1 0000/28  --192.168.1.80/28

192.168.1.011 00000/27---r3---192.168.1.96/27

192.168.1.100 00000/27---r4---192.168.1.128/27

192.168.1.100 0 0000/28  ---192.168.1.128/28

192.168.1.100 1 0000/28  --192.168.1.144/28

192.168.1.101 00000/27---r5---192.168.1.160/27

192.168.1.110 00000/27(保留地址)

192.168.1.111 00000/27

2:配置私网ip

3：配置dhcp

[r3]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[r3]ip pool aa

Info: It's successful to create an IP address pool.

[r3-ip-pool-aa]net                    

[r3-ip-pool-aa]network 192.168.1.96 mask 27

[r3-ip-pool-aa]gat                    

[r3-ip-pool-aa]gateway-list 192.168.1.97

[r3-ip-pool-aa]q                       

[r3]interface g                          

[r3]interface GigabitEthernet 0/0/2

[r3-GigabitEthernet0/0/2]dh 

[r3-GigabitEthernet0/0/2]dhcp se        

[r3-GigabitEthernet0/0/2]dhcp select gl      

[r3-GigabitEthernet0/0/2]dhcp select global

4：全网可达（含浮动静态路由）

列如:（可以使用缺省路由来替代一些静态路由，减少工作量）

R1:

ip route-static 0.0.0.0 0.0.0.0 192.168.1.2

ip route-static 0.0.0.0 0.0.0.0 192.168.1.6

ip route-static 192.168.1.8 255.255.255.252 192.168.1.2

ip route-static 192.168.1.12 255.255.255.252 192.168.1.6

ip route-static 192.168.1.64 255.255.255.224 192.168.1.2

ip route-static 192.168.1.96 255.255.255.224 192.168.1.6

R2:           

ip route-static 0.0.0.0 0.0.0.0 192.168.1.10

ip route-static 192.168.1.4 255.255.255.252 192.168.1.1

ip route-static 192.168.1.32 255.255.255.224 192.168.1.1

ip route-static 192.168.1.96 255.255.255.224 192.168.1.1

ip route-static 192.168.1.96 255.255.255.224 192.168.1.10

R3:

ip route-static 0.0.0.0 0.0.0.0 192.168.1.2

ip route-static 0.0.0.0 0.0.0.0 192.168.1.6

ip route-static 192.168.1.8 255.255.255.252 192.168.1.2

ip route-static 192.168.1.12 255.255.255.252 192.168.1.6

ip route-static 192.168.1.64 255.255.255.224 192.168.1.2

ip route-static 192.168.1.96 255.255.255.224 192.168.1.6

R4:(浮动静态)

ip route-static 0.0.0.0 0 GigabitEthernet 0/0/2 192.168.1.18(需要标明出口，防止出现shutdown g0/0/2网段后192.168.1.22接口弹不出来,防止走空接口.)

Routing Tables: Public

         Destinations : 27       Routes : 28      

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  61   0          RD   192.168.1.22    GigabitEthernet

4/0/0

ip route-static 0.0.0.0 0.0.0.0 192.168.1.22 preference 61

ip route-static 192.168.1.0 255.255.255.252 192.168.1.9

ip route-static 192.168.1.4 255.255.255.252 192.168.1.13

ip route-static 192.168.1.32 255.255.255.224 192.168.1.13

ip route-static 192.168.1.32 255.255.255.224 192.168.1.9

ip route-static 192.168.1.64 255.255.255.224 192.168.1.9

ip route-static 192.168.1.96 255.255.255.224 192.168.1.13

（应为相较于空接口路由192.168.1.0 24 null 0来说缺省路由的网络位少会优先走空接口路由会使得来到R4的信息被空接口吞掉，所以需要重新写一条到192.168.1.160 27的静态路由来解决这一问题,解决方法如下）

[r4]ip route-static 192.168.1.160 27 192.168.1.18

[r4]ip route-static 192.168.1.160 27 192.168.1.22 preference 61

R5:

ip route-static 0.0.0.0 0.0.0.0 12.0.0.2

ip route-static 192.168.1.0 255.255.255.0 192.168.1.17

ip route-static 192.168.1.0 255.255.255.0 192.168.1.21 preference 61

*因为做了手工汇总可能会产生许多黑洞路由所以要做对应的空接口路由

R4: [r4]ip route-static 192.168.1.0 24 NULL 0

R2: [r2]ip route-static 192.168.1.64 27 NULL 0

R1: [r1]ip route-static 192.168.1.32 27 NULL 0

5:实现R1-R5都可以访问R6的环回

r5]acl 2000

[r5-acl-basic-2000]r                         

[r5-acl-basic-2000]ru                        

[r5-acl-basic-2000]rule per                  

[r5-acl-basic-2000]rule permit sou           

[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[r5]interface GigabitEthernet 0/0/2

[r5-GigabitEthernet0/0/2]na                  

[r5-GigabitEthernet0/0/2]nat o               

[r5-GigabitEthernet0/0/2]nat outbound 2000

[r1]ping 1.1.1.1

  PING 1.1.1.1: 56  data bytes, press CTRL_C to break

    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=252 time=60 ms

    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=252 time=40 ms

    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=252 time=40 ms

Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=252 time=40 ms

6:R6telnetR5的公有ip地址时，登陆到r1上.

做法如下:

[r1-aaa]local-user binbin pr                 

[r1-aaa]local-user binbin privilege le       

[r1-aaa]local-user binbin privilege level 15 pas  

[r1-aaa]local-user binbin privilege level 15 password  ci

[r1-aaa]local-user binbin privilege level 15 password  cipher 123456

Info: Add a new user.

[r1-aaa]lo                                   

[r1-aaa]local-user binbin se                 

[r1-aaa]local-user binbin service-type t     

[r1-aaa]local-user binbin service-type telnet

[r5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 in  

[r5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 ins

ide 192.168.1.1 23

最后在r6上telnetR5的接口就可以登陆到R1上进行远程操作。

<r6>telnet 12.0.0.1

  Press CTRL_] to quit telnet mode

  Trying 12.0.0.1 ...

  Connected to 12.0.0.1 ...

Login authentication

Username:binbin

Password:

  -----------------------------------------------------------------------------

   

  User last login information:    

  -----------------------------------------------------------------------------

  Access Type: Telnet     

  IP-Address : 192.168.1.2    

  Time       : 2022-03-23 23:40:42-08:00    

  -----------------------------------------------------------------------------

<r1>