题目
要求:
1.R6为isp,接口IP地址均为公有地址;该设备只能配置IP地址,之后不能再对其进行其他任何配置;
2.R1-R5为局域网,私有IP地址192.168.1./24,请合理分配;
3.R1,R2,R4,各有两个环回地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口:
4.R3下的两台PC通过DHCP自动获取P地址;
5.选路最佳,路由表尽量小,避免环路;
6.R1-R5均可以访问R6的环回;
7.R6通过telnet 登录R5的公有IP地址时,实际登陆到R1上;
8.R4与R5正常通过1000M链路,故障时通过100M链路;
第一步:划分广播域
一共是有14个广播域,但不建议直接按14个区划分,因为需要借4位,掩码为28,但掩码28分给骨干链路非常浪费,因为骨干只需要两个。所以我们可以将骨干链路作为一个,将每一个路由器作为单独的一个广播域,所以一共是6个广播域(一个骨干6条链路作为一个,五个路由器。)
划分8个网段
192.168.1.0 27 -----骨干链路
骨干链路再划分6个
192.168.1.0 30 -----R1-2
192.168.1.4 30 -----R1-3
192.168.1.8 30 -----R2-4
192.168.1.12 30 -----R3-4
192.168.1.16 30 -----R4-5
192.168.1.20 30 -----R4-5
剩下两个多余的网段做备用
192.168.1.24 30
192.168.1.28 30
192.168.1.32 27 -----R1的环回
两个环回
192.168.1.32 28
192.168.1.48 28
192.168.1.64 27 -----R2的环回
192.168.1.64 28
192.168.1.80 28
192.168.1.96 27 -----R4的环回
192.168.1.96 28
192.168.1.112 28
192.168.1.128 27----R5的环回
192.168.1.160 27----R3的用户网段
剩下两个网段做备用
192.168.1.192 27
192.168.1.224 27
结果如下:
第二部:配置R1-R6的ip地址和相对应的环回地址,配置完后先ping排错。
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[r1-GigabitEthernet0/0/1]ip address 192.168.1.5 30
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[r2-GigabitEthernet0/0/1]ip address 192.168.1.9 30
[r3-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[r3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
[r3-GigabitEthernet0/0/2]ip address 192.168.1.163 27
[r4-GigabitEthernet0/0/0]ip address 192.168.1.14 30
[r4-GigabitEthernet0/0/1]ip address 192.168.1.10 30
[r4-GigabitEthernet0/0/2]ip address 192.168.1.21 30
[r4-GigabitEthernet1/0/0]ip address 192.168.1.17 30
[r5-GigabitEthernet0/0/0]ip address 192.168.1.22 30
[r5-GigabitEthernet0/0/2]ip address 192.168.1.18 30
[r5-GigabitEthernet0/0/1]ip address 12.0.0.1 24
[r6-GigabitEthernet0/0/0]ip address 12.0.0.2 24
第三步:配置环回地址
[r1]interface loopback 0
[r1-LoopBack0]ip address 192.168.1.33 28
[r1-LoopBack1]ip address 192.168.1.49 28
[r2-LoopBack0]ip address 192.168.1.65 28
[r2-LoopBack1]ip address 192.168.1.81 28
[r4-LoopBack0]ip address 192.168.1.97 28
[r4-LoopBack1]ip address 192.168.1.113 28
[r5-LoopBack0]ip address 192.168.1.129 28
[r6-LoopBack0]ip address 1.1.1.1 24
第四步:R3配置dhcp(两种方法)
1.全局地址池dhcp
[r3]dhcp enable
[r3]ip policy-based-route
[r3]ip pool aa
[r3-ip-pool-aa]network 192.168.1.160 mask 27
[r3-ip-pool-aa]gateway-list 192.168.1.3 (注释:网关可以添加多个。)
[r3-ip-pool-aa]dns-list 1.1.1.1
[r3-ip-pool-aa]excluded-ip-address 192.168.1.190 192.168.1.180(注释:地址排除,dhcp就不会分配所被排除的网络ip)
2.接口地址池dhcp
[r3]dhcp enable
[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]dhcp select interface
[r3-GigabitEthernet0/0/2]dhcp server dns-list 2.2.2.2
网关为接口ip地址。
第五步:配置静态路由
[r1]ip route-static 0.0.0.0 0 192.168.1.2
[r1]ip route-static 0.0.0.0 0 192.168.1.6
[r1]ip route-static 192.168.1.64 27 192.168.1.2
[r1]ip route-static 192.168.1.160 27 192.168.1.6
[r1]ip route-static 192.168.1.8 30 192.168.1.2
[r1]ip route-static 192.168.1.12 30 192.168.1.6
[r2]ip route-static 192.168.1.32 27 192.168.1.1
[r2]ip route-static 192.168.1.4 30 192.168.1.1
[r2]ip route-static 192.168.1.160 27 192.168.1.1
[r2]ip route-static 192.168.1.160 27 192.168.1.10
[r2]ip route-static 0.0.0.0 0 192.168.1.10
[r3]ip route-static 192.168.1.32 27 192.168.1.5
[r3]ip route-static 192.168.1.64 27 192.168.1.5
[r3]ip route-static 192.168.1.64 27 192.168.1.14
[r3]ip route-static 192.168.1.0 30 192.168.1.5
[r3]ip route-static 0.0.0.0 0 192.168.1.14
[r4]ip route-static 0.0.0.0 0 192.168.1.18
[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[r4]ip route-static 192.168.32 27 192.168.1.9
[r4]ip route-static 192.168.32.27 192.168.1.13
[r4]ip route-static 192.168.1.0 30 192.168.1.9
[r4]ip route-static 192.168.1.4 30 192.168.1.13
[r4]ip route-static 192.168.1.64 27 192.168.1.9
[r4]ip route-static 1921.168.1.160 27 192.168.1.13
[r5]ip route-static 192.168.1.0 24 192.168.1.18
[r5]ip route-static 192.168.1.0 24 192.168.1.22 perference 61
(注释:因为r5是边界路由,接受到数据一定是往左边发送的,所以可以直接写汇总之后的路由)
第六步:配置空接口防环
[r1]ip route-static 192.168.1.32 27 NULL 0
[r3]ip route-static 192.168.1.160 27 NULL 0
[r2]ip route-static 192.168.1.64 27 NULL 0
[r4]ip route-static 192.168.1.96 27 NULL 0
[r5]ip route-static 192.168.1.128 27 NULL 0
[r5]ip route-static 192.168.1.192 27 NULL 0
[r5]ip route-static 192.168.1.224 27 NULL 0
第七步:配置r5的nat
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255(注释:通配符,0不可变,1可变)
[r5]interface GigabitEthernet 0/0/2 (注释:在边界路由器的出接口使用)
[r5-GigabitEthernet 0/0/2]nat outbound 2000
第八步:配置telent
[r5-GigabitEthernet 0/0/2]nat server protocol tcp global current-interface telent inside 192.168.1.1 telent
[r1]telent server enable (注:打开r1的telent)
[r1]user-interface vty 4
[r1-ui-vty0-4]authentication-mode aaa (注:修改认证模式)
[r1]aaa
[r1-aaa]loacl-user huawei password cipher 123456
[r1-aaa]loacl-user huawei privilege level 3 (注:用户优先等级1-15,其中4-15等级一致)
[r1-aaa]loacl-user huawei service-type telent
最后一步:让我们来ping 1.1.1.1
PC>ping 1.1.1.1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=252 time=63 ms
From 1.1.1.1: bytes=32 seq=2 ttl=252 time=47 ms
From 1.1.1.1: bytes=32 seq=3 ttl=252 time=62 ms
From 1.1.1.1: bytes=32 seq=4 ttl=252 time=47 ms
From 1.1.1.1: bytes=32 seq=5 ttl=252 time=47 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/53/63 ms