首先划分子网(子网划分不唯一):
我们将192.168.1.0/24进行划分,分为用户网段与骨干网段两大类。
用户网段:将AR1上的两个环回看成一个网段,AR2、AR4以此类推,按照这种我们共得到5个用户网段(即AR1一个、AR2一个、AR4一个、AR3一个、AR5一个)。
骨干网段:除AR5与AR6之间,共有6个骨干网段,看成一个网段
首先基于骨干划分:
192.168.1.0/24
192.168.1.000 00000/24
192.168.1.0/27 -骨干
192.168.1.32/27 -AR1
192.168.1.64/27 -AR2
192.168.1.96/27 -AR3
192.168.1.128/27 -AR4
192.168.1.160/27 -AR5
剩余为后期使用网段,暂不做处理
192.168.1.192/27
192.168.1.224/27
根据上面的环回情况:
AR1、AR2、AR4都各有两个环回需要再拆分,AR3和AR5只有一个不用拆了
192.168.1.32/27
192.168.1.32/28 -AR1 环回1
192.168.1.48/28 -AR1 环回2
192.168.1.64/27
192.168.1.64/28 -AR2 环回1
192.168.1.80/28 -AR2 环回2
192.168.1.128/27
192.168.1.128/28 -AR4 环回1
192.168.1.144/28 -AR4 环回2
骨干网段:6个网段再借3位
192.168.1.0/27
192.168.1.0/30
192.168.1.4/30
192.168.1.8/30
192.168.1.12/30
192.168.1.16/30
192.168.1.20/30
暂且不用
192.168.1.24/30
192.168.1.28/30
设备配ip
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[AR1-GigabitEthernet0/0/0]interface g0/0/1
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.5 30 //前面都是接口地址
[AR1-GigabitEthernet0/0/1]interface LoopBack 0 //开始环回地址
[AR1-LoopBack0]ip address 191.168.1.33 28
[AR1-LoopBack0]interface LoopBack 1
[AR1-LoopBack1]ip address 191.168.1.49 28
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[AR2-GigabitEthernet0/0/0]interface g0/0/1
[AR2-GigabitEthernet0/0/1]ip address 192.168.1.9 30
[AR2-GigabitEthernet0/0/1]interface LoopBack 0
[AR2-LoopBack0]ip address 192.168.1.65 28
[AR2-LoopBack0]interface LoopBack 1
[AR2-LoopBack1]ip address 192.168.1.81 28
[AR3]interface g0/0/2
[AR3-GigabitEthernet0/0/2]ip address 192.168.1.97 27
[AR3-GigabitEthernet0/0/2]interface g0/0/0
[AR3-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[AR3-GigabitEthernet0/0/0]interface g0/0/1
[AR3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
[AR4]interface g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 192.168.1.10 30
[AR4-GigabitEthernet0/0/0]interface g0/0/2
[AR4-GigabitEthernet0/0/2]ip address 192.168.1.14 30
[AR4-GigabitEthernet0/0/2]interface g0/0/1
[AR4-GigabitEthernet0/0/1]ip address 192.168.1.17 30
[AR4-GigabitEthernet0/0/1]interface g4/0/0
[AR4-GigabitEthernet4/0/0]ip address 192.168.1.21 30
[AR4-GigabitEthernet4/0/0]interface LoopBack 0
[AR4-LoopBack0]ip address 192.168.1.129 28
[AR4-LoopBack0]interface LoopBack 1
[AR4-LoopBack1]ip address 192.168.1.145 28
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
[AR5-GigabitEthernet0/0/0]interface g0/0/1
[AR5-GigabitEthernet0/0/1]ip address 56.1.1.1 24
[AR5-GigabitEthernet0/0/1]interface g0/0/2
[AR5-GigabitEthernet0/0/2]ip address 192.168.1.22 30
[AR5-GigabitEthernet0/0/2]interface LoopBack 0
[AR5-LoopBack0]ip address 192.168.1.161 27
[AR6]interface g0/0/0
[AR6-GigabitEthernet0/0/0]ip address 56.1.1.2 24
[AR6]interface LoopBack 0
[AR6-LoopBack0]ip address 6.6.6.6 24
配置完成后,养成好习惯,在路由器上Ping一下看看相邻链路是否通
配置AR3上的DHCP服务
[AR3]DHCP enable //路由器起DHCP
[AR3]ip pool AR3 //定义地址池的名字
[AR3-ip-pool-AR3]network 192.168.1.96 mask 27 //定义地址池的网络范围
[AR3-ip-pool-AR3]gateway-list 192.168.1.97 //定义网关
[AR3-ip-pool-AR3]dns-list 114.114.114.114 8.8.8.8 //DNS域名解析服务
[AR3-ip-pool-AR3]q
[AR3]interface g0/0/2
[AR3-GigabitEthernet0/0/2]dhcp select global //上接口开启dhcp
在两台PC上查看一下:
首先在PC界面应用一下DHCP
然后再命令行输入:ipconfig,查看获取的IP地址等
进行静态路由配置:
前提:先不考虑100M的线路
先写缺省:
[AR1]ip route-static 0.0.0.0 0 192.168.1.2
[AR1]ip route-static 0.0.0.0 0 192.168.1.6
[AR2]ip route-static 0.0.0.0 0 192.168.1.10
[AR3]ip route-static 0.0.0.0 0 192.168.1.14
[AR4]ip route-static 0.0.0.0 0 192.168.1.18
[AR5]ip route-static 0.0.0.0 0 56.1.1.2
手动静态:
//在去AR2、AR3的环回和AR2、AR3的右侧直连路段缺省路由是有问题的所有手动配置
[AR1]ip route-static 192.168.1.64 27 192.168.1.2
[AR1]ip route-static 192.168.1.96 27 192.168.1.6
[AR1]ip route-static 192.168.1.12 30 192.168.1.6
[AR1]ip route-static 192.168.1.8 30 192.168.1.2
//与上面同理
[AR2]ip route-static 192.168.1.32 27 192.168.1.1
[AR2]ip route-static 192.168.1.4 30 192.168.1.1
[AR2]ip route-static 192.168.1.96 27 192.168.1.1
[AR2]ip route-static 192.168.1.96 27 192.168.1.10
[AR3]ip route-static 192.168.1.32 27 192.168.1.5
[AR3]ip route-static 192.168.1.0 30 192.168.1.5
[AR3]ip route-static 192.168.1.64 27 192.168.1.5
[AR3]ip route-static 192.168.1.64 27 192.168.1.14
[AR4]ip route-static 192.168.1.64 27 192.168.1.9
[AR4]ip route-static 192.168.1.0 30 192.168.1.9
[AR4]ip route-static 192.168.1.32 27 192.168.1.9
[AR4]ip route-static 192.168.1.32 27 192.168.1.13
[AR4]ip route-static 192.168.1.4 30 192.168.1.13
[AR4]ip route-static 192.168.1.96 27 192.168.1.13
[AR5]ip route-static 192.168.1.128 27 192.168.1.17
[AR5]ip route-static 192.168.1.96 27 192.168.1.17
[AR5]ip route-static 192.168.1.64 27 192.168.1.17
[AR5]ip route-static 192.168.1.32 27 192.168.1.17
[AR5]ip route-static 192.168.1.0 30 192.168.1.17
[AR5]ip route-static 192.168.1.4 30 192.168.1.17
[AR5]ip route-static 192.168.1.8 30 192.168.1.17
[AR5]ip route-static 192.168.1.12 30 192.168.1.17
AR5上的错误思路:
[AR5]ip route-static 192.168.1.0 24 192.168.1.17
[AR4]ip route-static 192.168.1.0 24 NULL 0
//AR5直接将路由往左甩,会产生路由黑洞,这是在AR4上建立空接口,但是当AR4的g0/0/1
断开时,AR4应该使用g4/0/0接口,但是因为空接口的缘故所有,192.168.1.16/30网段依然显示可达,所以出现问题。
NAT:
[AR5]acl 2000
[AR5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR5-acl-basic-2000]int g0/0/1
[AR5-GigabitEthernet0/0/1]nat outbound 2000
测试 是否可达:
PC测试:
汇总的位置,进行防环:
[AR1]ip route-static 192.168.1.32 27 NULL 0
[AR2]ip route-static 192.168.1.64 27 NULL 0
[AR4]ip route-static 192.168.1.128 27 NULL 0
起100M接口
//查看AR4路由表,找1.18往右的路由,做备份
[AR4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[AR5]ip route-static 192.168.1.0 255.255.255.252 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.4 255.255.255.252 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.21 preference 61
[AR5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.21 preference 61
将AR4的1000M接口断掉测试100M接口是否能正常使用(查看路由表也可):
[AR4]int g0/0/1
[AR4-GigabitEthernet0/0/1]shutdown
//查看AR5路由表是否由1.17向1.21切换
[AR5]display ip routing-table
测试:
telnet:
//AR1起Telnet
[AR1]aaa
[AR1-aaa]local-user AR1 password cipher 123456
[AR1-aaa]local-user AR1 service-type telnet
[AR1-aaa]q
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa
[AR5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 in
side 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
测试: