本文详细描述了实验中对子网划分、静态路由配置(包括默认路由和等价路由)、AR5路由器的NAT和ACL设置、IP地址分配、DHCP服务以及全网可达测试的过程,涉及AR系列设备的IP地址配置、NAT转换和安全控制措施。
实验分析
1、子网划分
2、配置静态路由时候 注意缺省路由的方向。等价路由的运用
3、AR5是边界路由,注意路由的配置,NAT,镜像的配置
4、在做ACL时候注意源与目的 的先后
5、来路由配置的时候避免绕路的产生
IP划分
IP分配
192.168.1.0/24
AR1环回192.168.1.000 00000 /27 0
192.168.1.000 0 0000 /28 0
192.168.1.000 1 0000 /28 16
AR2环回 192.168.1.001 00000 /27 32
192.168.1.001 0 0000 /28 32
192.168.1.001 1 0000 /28 48
AR4环回 192.168.1.010 00000 /27 64
192.168.1.010 0 0000 /28 64
192.168.1.010 1 0000 /28 80
AR5环回 192.168.1.011 00000 /27 96
内网干路192.168.1.100 00000 /27 128
AR1-AR2:192.168.1.100 000 00 /30 128
AR1-AR3:192.168.1.100 001 00 /30 132
AR2-AR4:192.168.1.100 010 00 /30 136
AR3-AR4:192.168.1.100 011 00 /30 140
AR4-AR5:192.168.1.100 101 00 /30 148
192.168.1.100 100 00 /30 144
192.168.1.100 110 00 /30 152
预留地址:192.168.1.100 111 00 /30 156
预留地址:
AR3连接PC段:192.168.1.101 00000 /27 160
192.168.1.110 00000 /27
192.168.1.111 00000 /27
实操拓扑图
配IP
AR1端
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.129 30
[AR1-GigabitEthernet0/0/0]q
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.133 30
[AR1-GigabitEthernet0/0/1]q
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 192.168.1.1 28
[AR1-LoopBack0]q
[AR1]interface LoopBack 1
[AR1-LoopBack1]ip address 192.168.1.17 28
AR2端
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.1.130 30
[AR2-GigabitEthernet0/0/0]q
[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 192.168.1.137 30
[AR2-GigabitEthernet0/0/1]q
[AR2]interface LoopBack 0
[AR2-LoopBack0]ip address 192.168.1.33 28
[AR2-LoopBack0]q
[AR2]interface LoopBack 1
[AR2-LoopBack1]ip address 192.168.1.49 28
AR3端
[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0]ip address 192.168.1.134 30
[AR3-GigabitEthernet0/0/0]q
[AR3]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 192.168.1.141 30
[AR3-GigabitEthernet0/0/1]q
[AR3]interface GigabitEthernet 0/0/2
[AR3-GigabitEthernet0/0/2]ip address 192.168.1.145 30
AR4端
[AR4]interface GigabitEthernet 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 192.168.1.138 30
[AR4-GigabitEthernet0/0/0]q
[AR4]interface GigabitEthernet 0/0/1
[AR4-GigabitEthernet0/0/1]ip address 192.168.1.142 30
[AR4-GigabitEthernet0/0/1]q
[AR4]interface GigabitEthernet 0/0/2
[AR4-GigabitEthernet0/0/2]ip address 192.168.1.149 30
[AR4-GigabitEthernet0/0/2]q
[AR4]interface GigabitEthernet 4/0/0
[AR4-GigabitEthernet4/0/0]ip address 192.168.1.153 30
[AR4-GigabitEthernet4/0/0]q
[AR4]interface LoopBack 0
[AR4-LoopBack0]ip address 192.168.1.65 28
[AR4-LoopBack0]q
[AR4]interface LoopBack 1
[AR4-LoopBack1]ip address 192.168.1.81 28
AR5端
[AR5]interface GigabitEthernet 0/0/0
[AR5-GigabitEthernet0/0/0]ip address 192.168.1.150 30
[AR5-GigabitEthernet0/0/0]q
[AR5]interface GigabitEthernet 0/0/1
[AR5-GigabitEthernet0/0/1]ip address 192.168.1.154 30
[AR5-GigabitEthernet0/0/1]q
[AR5]interface GigabitEthernet 0/0/2
[AR5-GigabitEthernet0/0/2]ip address 12.0.0.1 24
[AR5-GigabitEthernet0/0/2]q
[AR5]interface LoopBack 0
[AR5-LoopBack0]ip address 192.168.1.97 27
AR6端
[AR6]interface GigabitEthernet 0/0/0
[AR6-GigabitEthernet0/0/0]ip address 12.0.0.2 24
[AR6-GigabitEthernet0/0/0]q
[AR6]interface LoopBack 0
[AR6-LoopBack0]ip address 1.1.1.1 24
DHCP
AR3端
[AR3]dhcp enable
[AR3]ip pool aa
[AR3-ip-pool-aa]network 192.168.1.144 mask 30
[AR3-ip-pool-aa]gateway-list 192.168.1.145
[AR3-ip-pool-aa]q
[AR3]interface GigabitEthernet 0/0/2
[AR3-GigabitEthernet0/0/2]dhcp select global
静态路由配置
AR1端
[AR1]ip route-static 192.168.1.0 24 192.168.1.130
[AR1]ip route-static 192.168.1.0 24 192.168.1.134
AR2端
[AR2]ip route-static 192.168.1.0 24 192.168.1.138
[AR2]ip route-static 192.168.1.0 27 192.168.1.129[AR2]ip route-static 192.168.1.140 30 192.168.1.138
[AR2]ip route-static 192.168.1.132 30 192.168.1.129
[AR2]ip route-static 192.168.1.160 27 192.168.1.129
[AR2]ip route-static 192.168.1.160 27 192.168.1.138
AR3端
[AR3]ip route-static 192.168.1.0 24 192.168.1.142
[AR3]ip route-static 192.168.1.128 30 192.168.1.133
[AR3]ip route-static 192.168.1.140 30 192.168.1.142
[AR3]ip route-static 192.168.1.32 27 192.168.1.142
[AR3]ip route-static 192.168.1.32 27 192.168.1.133
AR4端
[AR4]ip route-static 192.168.1.32 27 192.168.1.137
[AR4]ip route-static 192.168.1.160 27 192.168.1.141
[AR4]ip route-static 192.168.1.128 30 192.168.1.137
[AR4]ip route-static 192.168.1.132 30 192.168.1.141
[AR4]ip route-static 192.168.1.0 27 192.168.1.129
[AR4]ip route-static 192.168.1.0 27 192.168.1.133[AR4]ip route-static 192.168.1.96 27 192.168.1.150
[AR4]ip route-static 192.168.1.96 27 192.168.1.154 preference 70
AR5端
[AR5]ip route-static 192.168.1.32 27 192.168.1.149
[AR5]ip route-static 192.168.1.136 30 192.168.1.149
[AR5]ip route-static 192.168.1.140 30 192.168.1.153
[AR5]ip route-static 192.168.1.160 27 192.168.1.153
[AR5]ip route-static 192.168.1.128 30 192.168.1.149
[AR5]ip route-static 192.168.1.132 30 192.168.1.153
[AR5]ip route-static 192.168.1.0 27 192.168.1.149
[AR5]ip route-static 192.168.1.0 27 192.168.1.153[AR5]ip route-static 0.0.0.0 0 12.0.0.2
[AR5-ospf-1]default-route-advertise
全网可达测试
NAT
AR5
[AR5]acl 2000
[AR5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR5-acl-basic-2000]q
[AR5]interface GigabitEthernet 0/0/2
[AR5-GigabitEthernet0/0/2]nat outbound 2000
Telnet
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa
[AR1]aaa
[AR1-aaa]local-user huawei password cipher 123456
[AR1-aaa]local-user huawei privilege level 15
[AR1-aaa]local-user huawei service-type telnet
映射
[AR5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telnet
inside 192.168.1.129 telnet
ACL
[AR3]acl 3000
[AR3-acl-adv-3000]rule deny ip source 192.168.1.189 0 destination 1.1.1.1 0
[AR3-acl-adv-3000]rule deny ip source 192.168.1.190 0 destination 1.1.1.1 0[AR3]interface GigabitEthernet 0/0/2
[AR3-GigabitEthernet0/0/2]traffic-filter inbound acl 3000
扫一扫
345
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
