1、R6为ISP,接口IP地址均为公有地址,该设备只能配置IP地址,之后不能再对其进行任何配置;
1、R6为ISP,接口IP地址均为公有地址,该设备只能配置IP地址,之后不能再对其进行任何配置;
2、R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
3、R1、R2、R4,各有两个环回IP地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;
4、R3下面的两台PC通过DHCP自动获取IP地址;
5、选路最佳,路由表尽量小,避免环路;
6、R1-R5均可以访问R6的环回;
7、R6 telnet R5的公有地址时,实际登录到R1上;
8、R4与R5正常通过1000M链路,故障时通过100m链路;
一. 实验思路
1.划分网段 192.168.1.0/24
注意:骨干、环回都算一个网段!(一个真实的用户网段),从题中可以看出,此时我们需要划分十三个网段! ---- 骨干6个2.配IP --- 先给交换机配
3.对R1,R2,R3,R4进行配置静态路由
4.由于避免环路,所以需要空接口 --- r1,r2,r4
5.对R3进行开启DHCP服务
6.对R5开启nat服务,使内网可以访问外网中的R6
7.进行telnet登录测试
二.实验详细步骤
1.划分网段并配ip
A.先划分为6个大网段 --- 借三位
1)192.168.1.000 00000 --- 192.168.1.0/27 --- 骨干链路
骨干链路有六个 --- 需要借三位
192.168.1.000 000 00/30 ---- 192.168.1.0/30
192.168.1.000 001 00/30 ---- 192.168.1.4/30
192.168.1.000 010 00/30 ---- 192.168.1.8/30
192.168.1.000 011 00/30 ---- 192.168.1.12/30
192.168.1.000 100 00/30 ---- 192.168.1.16/30
192.168.1.000 101 00/30 ---- 192.168.1.20/30
(192.168.1.000 110 00/30 ---- 192.168.1.24/30
192.168.1.000 111 00/30 ---- 192.168.1.28/30)多余的不管!
2)192.168.1.001 00000 --- 192.168.1.32/27 --- R1的环回
需要借一位
192.168.1.001 0 0000 --- 192.168.1.32/28 loopback1
192.168.1.001 1 0000 --- 192.168.1.48/28 loopback2
3)192.168.1.010 00000 --- 192.168.1.64/27 --- R2的环回
需要借一位
192.168.1.010 0 0000 --- 192.168.1.64/28 loopback1
192.168.1.010 1 0000 --- 192.168.1.80/28 loopback2
4)192.168.1.011 00000 --- 192.168.1.96/27 --- R3的用户网段
5)192.168.1.100 00000 --- 192.168.1.128/27--- R4的环回
需要借一位
192.168.1.100 0 0000 --- 192.168.1.128/28
192.168.1.100 1 0000 --- 192.168.1.144/28
6)192.168.1.101 00000 --- 192.168.1.160/27--- R5的环回
预留:
192.168.1.110 00000 --- 192.168.1.192/27
192.168.1.111 00000 --- 192.168.1.224/27
二.划分好网段之后,进行配IP地址
A.由于路由器太多,先进行对他们改名
[Huawei]sys R1 --- 进入系统试图再改
[Huawei]SYS R2
[Huawei]SYS R3
·····
B.为了让后面配IP更方便,关闭日志
<R1>undo terminal monitor ---- 在用户视图中关闭
C.然后在进行每个路由器和交换机的接口配IPR1:
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[R1]int g 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.1.5 30
[R1]int loopback0
[R1-LoopBack0]ip address 192.168.1.33 28
[R1]int loopback1
[R1-LoopBack1]ip address 192.168.1.49 28
查看一下配置表
[R1]dis ip interface brief
R2:
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[R2]int g 0/0/1
[R2-GigabitEthernet0/0/1]ip address 192.168.1.9 30
[R2]int loopback0
[R2-LoopBack0]ip address 192.168.1.65 28
[R2]int loopback1
[R2-LoopBack1]ip address 192.168.1.81 28
[R2]display ip interface brief
R3:
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
[R3]int g 0/0/2
[R3-GigabitEthernet0/0/2]ip address 192.168.1.97 27R4:
[R4]int g 0/0/0
[R4-GigabitEthernet0/0/0]ip address 192.168.1.10 30
[R4]int g 0/0/1
[R4-GigabitEthernet0/0/1]ip address 192.168.1.14 30
[R4]int g0/0/2
[R4-GigabitEthernet0/0/2]ip address 192.168.1.17 30
[R4]int g4/0/0
[R4-GigabitEthernet4/0/0]ip address 192.168.1.21 30
[R4]int LoopBack 0
[R4-LoopBack0]ip address 192.168.1.129 28
[R4]int LoopBack 1
[R4-LoopBack1]ip address 192.168.1.145 28
[R4]dis ip interface briefR5:
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
[R5]int g 0/0/1
[R5-GigabitEthernet0/0/1]ip address 12.0.0.1 24
[R5]int g 0/0/2
[R5-GigabitEthernet0/0/2]ip address 192.168.1.22 30
[R5]int LoopBack 0
[R5-LoopBack0]ip address 192.168.1.161 27
[R5]dis ip interface brief
R6:
[R6]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 12.0.0.2 24
[R6]int LoopBack 0
[R6-LoopBack0]ip address 1.1.1.1 24
2.对R1,R2,R3,R4进行配置静态路由
R1:
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.2
[R1]ip route-static 192.168.1.128 27 192.168.1.6
[R1]ip route-static 192.168.1.16 30 192.168.1.2
[R1]ip route-static 192.168.1.16 30 192.168.1.6
[R1]ip route-static 192.168.1.20 30 192.168.1.6
[R1]ip route-static 192.168.1.20 30 192.168.1.2
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R1]ip route-static 192.168.1.96 27 192.168.1.6
[R1]ip route-static 192.168.1.160 27 192.168.1.2
[R1]ip route-static 192.168.1.160 27 192.168.1.6R2:
[R2]ip route-static 192.168.1.128 27 192.168.1.10
[R2]ip route-static 192.168.1.16 30 192.168.1.10
[R2]ip route-static 192.168.1.20 30 192.168.1.10
[R2]ip route-static 192.168.1.160 27 192.168.1.10
[R2]ip route-static 192.168.1.12 30 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.32 27 192.168.1.1R3:
[R3]ip route-static 192.168.1.128 27 192.168.1.14
[R3]ip route-static 192.168.1.20 30 192.168.1.14
[R3]ip route-static 192.168.1.160 27 192.168.1.14
[R3]ip route-static 192.168.1.16 30 192.168.1.14
[R3]ip route-static 192.168.1.8 30 192.168.1.14
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.32 27 192.168.1.5R4:
[R4]ip route-static 192.168.1.160 27 192.168.1.18
[R4]ip route-static 192.168.1.160 27 192.168.1.22
[R4]ip route-static 192.168.1.64 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.96 27 192.168.1.13
R5:
[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.21
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.21
[R5]ip route-static 192.168.1.64 27 192.168.1.21
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.64 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.21
[R5]ip route-static 192.168.1.32 27 192.168.1.21
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.21
[R5]ip route-static 192.168.1.96 27 192.168.1.21
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.21
3.由于避免环路,所以需要空接口
r1:
[R1]ip route-static 192.168.1.32 27 null 0r2:
[R2]ip route-static 192.168.1.64 27 null 0r3:
[R4]ip route-static 192.168.1.128 27 null 0
4.要给R3开启DHCP服务
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]ip pool aa
Info: It's successful to create an IP address pool.
[R3-ip-pool-aa]gateway-list 192.168.1.97
[R3-ip-pool-aa]network 192.168.1.96 mask 27
[R3-ip-pool-aa]dns-list 114.114.114.114 8.8.8.8
[R3]int g0/0/2
[R3-GigabitEthernet0/0/2]dhcp select global
查看一下PC1和PC2是否获取到IP地址 --- 注意配置网关
5.可以相互测试一下是否ping的通
1.R1去ping192.168.1.18接口
[R1]ping 192.168.1.18
PING 192.168.1.18: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.18: bytes=56 Sequence=1 ttl=253 time=160 ms
Reply from 192.168.1.18: bytes=56 Sequence=2 ttl=253 time=60 ms
Reply from 192.168.1.18: bytes=56 Sequence=3 ttl=253 time=80 ms
Reply from 192.168.1.18: bytes=56 Sequence=4 ttl=253 time=80 ms
Reply from 192.168.1.18: bytes=56 Sequence=5 ttl=253 time=90 ms
说明是可以通的;2.让R5去ping一下外网中的R6
[R5]ping 1.1.1.6
PING 1.1.1.6: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.6: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 1.1.1.6: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 1.1.1.6: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 1.1.1.6: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 1.1.1.6: bytes=56 Sequence=5 ttl=255 time=50 ms
也可以ping通;
6.给R5配置acl、nat
1.不使用高级acl的原因是,高级acl需要写源IP和目标ip,但是这里我们是内网访问外网,外网是不知道有哪些网段的,所以不用高级acl;
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255[R5]int g 0/0/1
[R5-GigabitEthernet0/0/1]nat outbound 2000
7.由于公网ip地址会随时间变化,所以我们需要给R1-R4配缺省
[R1]ip route-static 0.0.0.0 0 192.168.1.10
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R2]ip route-static 0.0.0.0 0 192.168.1.6[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R4]ip route-static 0.0.0.0 0 192.168.1.22
R5:
[R5]ip route-static 0.0.0.0 0 12.0.0.2
检验一下:让R1去ping一下外网:
[R1]ping 1.1.1.1 ---- 可以ping通
8.给R1配置telnet服务、R5配nat server
[R1]aaa
[R1-aaa]local-user xjf password cipher xjf123456 privilege level 15
Info: Add a new user.
[R1-aaa]local-user xjf service-type telnet
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa[R5]int g 0/0/1
[R5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Are you sure to continue?[Y/N]:y
实验完成!