实验内容:
实验步骤:
1、IP地址规划,及拓扑搭建如下
2、配置与测试
1)配置IP地址:
如下图是R1上配置的节点和环回,其他IP地址规划类推;
下面是R3下的两台PC通过DHCP自动获取IP地址的配置命令:
[R3]dhcp enable
[R3]ip pool aaa
[R3-ip-pool-aaa]display this
[V200R003C00]
#
ip pool aaa
gateway-list 192.168.1.97
network 192.168.1.96 mask 255.255.255.224
dns-list 114.114.114.114
#
[R3-GigabitEthernet0/0/2]dhcp select global
2)写各个路由表写缺省路由
如下是配置的缺省路由:
[R5]ip route-static 0.0.0.0 0 56.1.1.2
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R2]ip route-static 0.0.0.0 0 192.168.1.10
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
3)添加缺少的静态路由
R1:
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.96 27 192.168.1.6
[R1]ip route-static 192.168.1.12 30 192.168.1.6
R2:
[R2]ip route-static 192.168.1.32 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.96 27 192.168.1.10 #缺省是查不到才会走如果不写此条路由就不会从右边去往R3下面网段,就是实现不了负载均衡
R3:
[R3]ip route-static 192.168.1.32 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R3]ip route-static 192.168.1.0 30 192.168.1.5
R4:
[R4]ip route-static 192.168.1.64 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.96 27 192.168.1.13
R5:
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.17
做到此处,内网就已经全通了
故做了测试列举一个:
4)配置空接口,避免成环:
[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0
注:R3没有汇总环回不会成环
5)到边界路由器R5上去做nat:
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]q
[R5-GigabitEthernet0/0/1]nat outbound 2000
完成后,在R1上去ping 56.1.1.2 和6.6.6.6外网,测试如下:
注明:R5上的接口或环回去ping外网6.6.6.6是不会通的因为R5上的本地接口不会被转换,环回就相当于新建的接口。
6)配置浮动路由:(将e4/0/0线路开启,并添加R4上的缺省路由优先级为61和R5上添加内网路由信息优先级为61)
[R4]ip route-static 0.0.0.0 0 192.168.1.26 preference 61
[R5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.4 255.255.255.252 192.168.1.25 pr 61
[R5]ip route-static 192.168.1.0 255.255.255.252 192.168.1.25 pr 61
用R1测试去ping外网
7)在R6上登录R5实际上是登录R1:
首先,在R1上打开telnet
[R1]aaa
[R1-aaa]local-user zhou privilege level 15 password cipher 123456
Info: Add a new user.
[R1-aaa]local-user zhou service-type telnet
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
再在R5上做映射
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]nat static protocol tcp global current-interface 23 inside 192.168.1.33 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
最后去R6上去测试
综上总结搭建网络拓扑的思路:
网络拓扑思路:
1、拓扑设计——IP地址规划
2、拓扑搭建
3、配置
1)底层——所有节点拥有合法IP地址
2)路由——全网可达
3)策略——优化 规则 安全
4)测试
4、维护
5、升级——割接
2337
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
