HCIP02

实验

进行网段划分

198.162.1.0/24---将骨干链路看成一个整体，环回网段先看为一个整体再进行拆分，一共需要六个子网段，所以取三位。

          192.168.1.0000 0000/27---骨干链路

                 192.168.1.000 000 00/30---192.168.1.0/30

                 192.168.1.000 001 00/30---192.168.1.4/30

                 192.168.1.000 010 00/30---192.168.1.8/30

                 192.168.1.000 011 00/30---192.168.1.12/30

                 192.168.1.000 100 00/30---192.168.1.16/30

                 192.168.1.000 101 00/30---192.168.1.20/30

                 192.168.1.000 110 00/30

                 192.168.1.000 111 00/30

          192.168.1.0010 0000/27---192.168.1.32/27---R1环回

                 192.168.1.001 0 000/28---192.168.1.32/28

                 192.168.1.001 1 000/28---192.168.1.48/28

          192.168.1.0100 0000/27---192.168.1.64/27---R2环回

                  192.168.1.010 0 000/28---192.168.1.64/28

                  192.168.1.010 1 000/28---192.168.1.80/28

          192.168.1.0110 0000/27---192.168.1.96/27---R3网段

                 192.168.1.011 0 000/28

                 192.168.1.011 1 000/28

          192.168.1.1000 0000/27---192.168.1.128/27---R4环回

              192.168.1.100 0 000/28---192.168.1.128/28

              192.168.1.100 1 000/28---192.168.1.144/28

          192.168.1.1010 0000/27---192.168.1.160/27---R5环回

              192.168.1.101 0 000/28---192.168.1.160/28

              

          192.168.1.1100 0000/27---192.168.1.192/27

          192.168.1.1110 0000/27---192.168.1.224/27

配置IP地址

R1

[r1-GigabitEthernet0/0/0]dis this

interface GigabitEthernet0/0/0

ip address 192.168.1.1 255.255.255.252 
#

[r1-GigabitEthernet0/0/1]ip add 192.168.1.9 30

[r1-LoopBack0]int loo0

[r1-LoopBack0]ip add 192.168.1.33 28
[r1-LoopBack0]int loo1
[r1-LoopBack1]ip add 192.168.1.49 28
 

R2

[r2-GigabitEthernet0/0/0]dis this
interface GigabitEthernet0/0/0
 ip address 192.168.1.2 255.255.255.252 
[r2-GigabitEthernet0/0/0]int g0/0/1
interface GigabitEthernet0/0/1
 ip address 192.168.1.5 255.255.255.252 

[r2]int loo0
[r2-LoopBack0]ip add 192.168.1.65 28
[r2-LoopBack0]int lo1
[r2-LoopBack1]ip add 192.168.1.82 28
[r2-LoopBack1]

R3

[r3]int g0/0/0
interface GigabitEthernet0/0/0
 ip address 192.168.1.10 255.255.255.252 
[r3-GigabitEthernet0/0/0]int g0/0/1
interface GigabitEthernet0/0/1
 ip address 192.168.1.13 255.255.255.252 
[r3-GigabitEthernet0/0/1]int g0/0/2
interface GigabitEthernet0/0/2
 ip address 192.168.1.97 255.255.255.252 

 

R4

GigabitEthernet0/0/0              192.168.1.6/30           
GigabitEthernet0/0/1              192.168.1.14/30           
GigabitEthernet0/0/2              192.168.1.21/30          
GigabitEthernet4/0/0              192.168.1.17/30             
 

[r4-LoopBack0]ip add 192.168.1.129 28
[r4-LoopBack0]int l1
[r4-LoopBack1]ip add 192.168.1.145 28
 

R5

GigabitEthernet0/0/0              192.168.1.22/30             
GigabitEthernet0/0/1              12.0.0.1/24               
GigabitEthernet0/0/2              192.168.1.18/30     

[r5]int l0
[r5-LoopBack0]ip add 192.168.1.161 30
   

R6

GigabitEthernet0/0/0              12.0.0.2/24  

[ISP]int l0
[ISP-LoopBack0]ip add 1.1.1.1 24

DHCP分配地址

[r3]dhcp en
ent.done.
[r3]ip pool aa
[r3-ip-pool-aa]network 192.168.1.96 mask 27
[r3-ip-pool-aa]gateway-list 192.168.1.97
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global

缺省路由

R1

[r1]ip route-static 0.0.0.0 0 192.168.1.2
[r1]ip route-static 0.0.0.0 0 192.168.1.10

[r1]ip route-static 192.168.1.64 27 192.168.1.2
[r1]ip route-static 192.168.1.4 30 192.168.1.2
[r1]ip route-static 192.168.1.12 30 192.168.1.10
[r1]ip route-static 192.168.1.96 27 192.168.1.10

[r1]ip route-static 192.168.1.32 27 NULL 0---添加空接口防止环路

R2

[r2]ip route-static 0.0.0.0 0 192.168.1.6
[r2]ip route-static 0.0.0.0 0 192.168.1.1
[r2]ip route-static 192.168.1.96 27 192.168.1.1
[r2]ip route-static 192.168.1.8 30 192.168.1.1
[r2]ip route-static 192.168.1.32 27 192.168.1.1
[r2]ip route-static 192.168.1.96 27 192.168.1.6

[r2]ip route-static 192.168.1.64 27 NULL 0---添加空接口防止环路

R3

[r3]ip route-static 0.0.0.0 0 192.168.1.14
[r3]ip route-static 192.168.1.32 27 192.168.1.9
[r3]ip route-static 192.168.1.0 30 192.168.1.9
[r3]ip route-static 192.168.1.64 30 192.168.1.9
[r3]ip route-static 192.168.1.64 30 192.168.1.14
 

R4

[r4]ip route-static 0.0.0.0 0 192.168.1.18
[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61---R4与R5正常通过1000M链路，故障时通过100m链路，修改优先级
[r4]ip route-static 192.168.1.96 27 192.168.1.13
[r4]ip route-static 192.168.1.8 30 192.168.1.13
[r4]ip route-static 192.168.1.32 27 192.168.1.13
[r4]ip route-static 192.168.1.32 27 192.168.1.5
[r4]ip route-static 192.168.1.0 30 192.168.1.5
[r4]ip route-static 192.168.1.64 27 192.168.1.5

[r4]ip route-static 192.168.1.160 27 192.168.1.18
[r4]ip route-static 192.168.1.160 27 192.168.1.22 preference 61---R4与R5正常通过1000M链路，故障时通过100m链路，修改优先级

[r4]ip route-static 192.168.1.0 24 NULL 0---添加空接口防止环路

R5

[r5]ip route-static 0.0.0.0 0 12.0.0.2 
[r5]ip route-static 192.168.1.0 24 192.168.1.17  
[r5]ip route-static 192.168.1.0 24 192.168.1.21 preference 61
 

[r5]acl number 2000   
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]nat outbound 2000

Pc1ping外网

R1ping外网

R6 telnet R5的公有地址时，实际登录到R1上

1、R1上设置远程登录

[r1-aaa]local-user admin privilege level 15 password cipher 123456
[r1-aaa]local-user admin service-type telnet

[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa

2、R5接口配置

[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

3、R6上telnet测试

<ISP>telnet 12.0.0.1
  Press CTRL_] to quit telnet mode
  Trying 12.0.0.1 ...
  Connected to 12.0.0.1 ...

Login authentication

Username:admin
Password:
<r1>
<r1>
<r1>q

  Configuration console exit, please retry to log on

  The connection was closed by the remote host
<ISP>