1子网划分
AR1
G0/0/0 192.168.0.225/30 G0/0/1 192.168.0.229/30
Lo0 192.168.0.1/27 Lo1 192.168.0.33/27
AR2
G0/0/0 192.168.0.237/30 G0/0/1 192.168.0.226/30
Lo0 192.168.0.65/27 Lo1 192.168.0.97/27
AR3
G0/0/0 192.168.0.233/30 G0/0/1 192.168.0.230/30
G0/0/2 192.168.0.193/27 Lo0 192.168.0.193/27
AR4
G0/0/0 192.168.0.234/30 G0/0/1 192.168.0.238/30
G0/0/2 192.168.0.245/30 E0/0/0 192.168.0.241/30
Lo0 192.168.0.129/27 Lo1 192.168.0.161/27
AR5
G0/0/0 4.4.4.1/24 G0/0/2 192.168.0.246/30
E0/0/0 192.168.0.242/30
AR6
G0/0/0 4.4.4.200/24 LO0 5.5.5.5 /30
为了防止环路,在每个路由器上配置黑洞路由。
ip route-static 192.168.0.64 255.255.255.192 NULL0
AR5上配置nat
acl name nat 2000
rule 10 permit source 192.168.0.0 0.0.0.255
nat address-group 2 4.4.4.10 4.4.4.20
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
nat outbound 2000 address-group 2
AR3上配置DHCP
ip pool 192
gateway-list 192.168.0.193
network 192.168.0.192 mask 255.255.255.224
excluded-ip-address 192.168.0.194 192.168.0.196
lease day 0 hour 0 minute 30
dns-list 114.114.114.114 8.8.8.8
interface GigabitEthernet0/0/2
ip address 192.168.0.193 255.255.255.224
dhcp select global
AR5上配置端口映射
interface GigabitEthernet0/0/0
nat server protocol tcp global 4.4.4.2 telnet inside 192.168.0.225 telnet
AR1上开启Tlenet
user-interface vty 0 4
authentication-mode password
set authentication password cipher %$%$4EN./\jo05V<{QCL#PY$,<#A5cp]Y;*3|1]GVwIw
7gXP<#D,%$%$
验证nat
验证telnet及端口映射
验证DHCP
ar1配置
[V200R003C00]
#
sysname ar1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.225 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.229 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.33 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.226
ip route-static 0.0.0.0 0.0.0.0 192.168.0.220 preference 100
ip route-static 192.168.0.0 255.255.255.192 NULL0
ip route-static 192.168.0.64 255.255.255.192 192.168.0.226
ip route-static 192.168.0.128 255.255.255.192 192.168.0.226
ip route-static 192.168.0.128 255.255.255.192 192.168.0.230
ip route-static 192.168.0.192 255.255.255.224 192.168.0.230
ip route-static 192.168.0.236 255.255.255.252 192.168.0.226
ip route-static 192.168.0.240 255.255.255.248 192.168.0.226
ip route-static 192.168.0.240 255.255.255.248 192.168.0.230
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode password
set authentication password cipher %$%$WAwH'yu$8EPFU2;T`SMR,<zO'|];QB",fJcVJ0=d
zKX@<zR,%$%$
user-interface vty 16 20
#
wlan ac
#
return
ar2配置
[V200R003C00]
#
sysname ar2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.226 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.237 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.65 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.97 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.238
ip route-static 0.0.0.0 0.0.0.0 192.168.0.225 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.225
ip route-static 192.168.0.64 255.255.255.192 NULL0
ip route-static 192.168.0.192 255.255.255.224 192.168.0.225
ip route-static 192.168.0.192 255.255.255.224 192.168.0.238 preference 100
ip route-static 192.168.0.228 255.255.255.252 192.168.0.225
ip route-static 192.168.0.232 255.255.255.252 192.168.0.238
ip route-static 192.168.0.240 255.255.255.248 192.168.0.238
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
ar3配置
[V200R003C00]
#
sysname ar3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool 192
gateway-list 192.168.0.193
network 192.168.0.192 mask 255.255.255.224
excluded-ip-address 192.168.0.194 192.168.0.196
lease day 0 hour 0 minute 30
dns-list 114.114.114.114 8.8.8.8
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.0.233 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.230 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 192.168.0.193 255.255.255.224
dhcp select global
#
interface NULL0
#
interface LoopBack0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.234
ip route-static 0.0.0.0 0.0.0.0 192.168.0.229 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.229
ip route-static 192.168.0.64 255.255.255.192 192.168.0.229
ip route-static 192.168.0.64 255.255.255.192 192.168.0.234 preference 100
ip route-static 192.168.0.128 255.255.255.192 192.168.0.234
ip route-static 192.168.0.236 255.255.255.252 192.168.0.234
ip route-static 192.168.0.240 255.255.255.248 192.168.0.234
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
ar4配置
[V200R003C00]
#
sysname ar4
#
board add 0/4 2FE
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet4/0/0
ip address 192.168.0.241 255.255.255.252
#
interface Ethernet4/0/1
#
interface GigabitEthernet0/0/0
ip address 192.168.0.234 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.0.238 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 192.168.0.245 255.255.255.252
#
interface NULL0
#
interface LoopBack0
ip address 192.168.0.129 255.255.255.224
#
interface LoopBack1
ip address 192.168.0.161 255.255.255.224
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.246
ip route-static 0.0.0.0 0.0.0.0 192.168.0.242 preference 100
ip route-static 192.168.0.0 255.255.255.192 192.168.0.237
ip route-static 192.168.0.0 255.255.255.192 192.168.0.233 preference 100
ip route-static 192.168.0.192 255.255.255.224 192.168.0.233
ip route-static 192.168.0.224 255.255.255.252 192.168.0.237
ip route-static 192.168.0.228 255.255.255.252 192.168.0.233
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
ar5 配置
[V200R003C00]
#
sysname ar5
#
board add 0/4 2FE
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
acl name nat 2000
rule 10 permit source 192.168.0.0 0.0.0.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
nat address-group 2 4.4.4.10 4.4.4.20
#
interface Ethernet4/0/0
ip address 192.168.0.242 255.255.255.252
#
interface Ethernet4/0/1
#
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
nat server protocol tcp global 4.4.4.2 telnet inside 192.168.0.225 telnet
nat outbound 2000 address-group 2
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 192.168.0.246 255.255.255.252
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 4.4.4.200
ip route-static 192.168.0.0 255.255.255.0 192.168.0.245
ip route-static 192.168.0.0 255.255.255.0 192.168.0.241 preference 100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
ar6配置
[V200R003C00]
#
sysname ar6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 4.4.4.200 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.252
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return