HCIP作业1

一.划分网段

192.168.1.0/24

骨干网络

192.168.1.0/27 192.168.1.0/30、192.168.1.4/30、192.168.1.8/30 192.168.1.12/30 192.168.1.41630 192.168.1.20/30

环回

192.168.1.32/27 192.168.1.32/28 192.168.1.48/28   

192.168.1.64/27 192.168.1.64/28 192.168.1.80/28   

192.168.1.96/27 192.168.1.96/28 192.168.1.112/28  

192.168.1.128/27

192.168.1.196/27

192.168.1.160/27

备份

192.168.1.192/27  

192.168.1.256/27  

二.DHCP自动获取IP

[r3]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.    
[r3]ip pool xx
Info: It's successful to create an IP address pool.
[r3-ip-pool-xx]network 192.168.1.128 mask 255.255.255.224
[r3-ip-pool-xx]gateway-list 192.168.1.129
[r3-ip-pool-xx]dns-list 8.8.8.8 114.114.114.114
[r3]interface g0/0/2    
[r3-GigabitEthernet0/0/2]dhcp select global

三.缺省路由

配置R1 R2 R3

 

[r1]ip route-static 0.0.0.0 0 192.168.1.18    
[r1]ip route-static 0.0.0.0 0 192.168.1.22

配置R4 

[r4]ip route-static 0.0.0.0 0 192.168.1.2
[r4]ip route-static 0.0.0.0 0 192.168.1.6 preference 61

四.补全路由

[r1]ip route-static 192.168.1.64 27 192.168.1.18
[r1]ip route-static 192.168.1.12 30 192.168.1.18
[r1]ip route-static 192.168.1.128 27 192.168.1.22 
[r1]ip route-static 192.168.1.8 30 192.168.1.22

R1 R2 R3 R4 R5同理

 

[r5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.5  p 61
[r5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.5  p 61
[r5]ip route-static 192.168.1.16 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.20 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.5 p 61
[r5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.5 p 61
[r5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.5  p 61
[r5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.5 p 61

R5往回调配

五.一对多的nat

[r5]acl 2000 
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]int g0/0/1
[r5-GigabitEthernet0/0/1]nat outbound 2000

在r1\r2\r4上面做空接口

[r1]ip route-static 192.168.1.32 27 NULL 0
[r2]ip route-static 192.168.1.64 27 NULL 0
[r4]ip route-static 192.168.1.96 27 n0

六. r6登录r5实际登录r1的环回上

[r1]aaa    
[r1-aaa]local-user bbb privilege level 15 password cipher 123456
Info: Add a new user.    
[r1-aaa]local-user bbb service-type telnet.
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa

在r5上面可以登录r1

<r5>telnet 192.168.1.33
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.33 ...
  Connected to 192.168.1.33 ...

在r5的公网地址接口处设置端口映射，令r6能够访问到内网的192.168.1.33

[r5]interface g0/0/1  
[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.33 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

在r6上面登录r1的环回

<r6>telnet 56.1.1.1
  Press CTRL_] to quit telnet mode
  Trying 56.1.1.1 ...
  Connected to 56.1.1.1 ...