一.划分网段
192.168.1.0/24
骨干网络
192.168.1.0/27 192.168.1.0/30、192.168.1.4/30、192.168.1.8/30 192.168.1.12/30 192.168.1.41630 192.168.1.20/30
环回
192.168.1.32/27 192.168.1.32/28 192.168.1.48/28
192.168.1.64/27 192.168.1.64/28 192.168.1.80/28
192.168.1.96/27 192.168.1.96/28 192.168.1.112/28
192.168.1.128/27
192.168.1.196/27
192.168.1.160/27
备份
192.168.1.192/27
192.168.1.256/27
二.DHCP自动获取IP
[r3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]ip pool xx
Info: It's successful to create an IP address pool.
[r3-ip-pool-xx]network 192.168.1.128 mask 255.255.255.224
[r3-ip-pool-xx]gateway-list 192.168.1.129
[r3-ip-pool-xx]dns-list 8.8.8.8 114.114.114.114
[r3]interface g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global
三.缺省路由
配置R1 R2 R3
[r1]ip route-static 0.0.0.0 0 192.168.1.18
[r1]ip route-static 0.0.0.0 0 192.168.1.22
配置R4
[r4]ip route-static 0.0.0.0 0 192.168.1.2
[r4]ip route-static 0.0.0.0 0 192.168.1.6 preference 61
四.补全路由
[r1]ip route-static 192.168.1.64 27 192.168.1.18
[r1]ip route-static 192.168.1.12 30 192.168.1.18
[r1]ip route-static 192.168.1.128 27 192.168.1.22
[r1]ip route-static 192.168.1.8 30 192.168.1.22
R1 R2 R3 R4 R5同理
[r5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.16 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.20 255.255.255.252 192.168.1.5 p 61
[r5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.5 p 61
[r5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.5 p 61
[r5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.5 p 61
[r5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.5 p 61
R5往回调配
五.一对多的nat
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]int g0/0/1
[r5-GigabitEthernet0/0/1]nat outbound 2000
在r1\r2\r4上面做空接口
[r1]ip route-static 192.168.1.32 27 NULL 0
[r2]ip route-static 192.168.1.64 27 NULL 0
[r4]ip route-static 192.168.1.96 27 n0
六. r6登录r5实际登录r1的环回上
[r1]aaa
[r1-aaa]local-user bbb privilege level 15 password cipher 123456
Info: Add a new user.
[r1-aaa]local-user bbb service-type telnet.
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
在r5上面可以登录r1
<r5>telnet 192.168.1.33
Press CTRL_] to quit telnet mode
Trying 192.168.1.33 ...
Connected to 192.168.1.33 ...
在r5的公网地址接口处设置端口映射,令r6能够访问到内网的192.168.1.33
[r5]interface g0/0/1
[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.33 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
在r6上面登录r1的环回
<r6>telnet 56.1.1.1
Press CTRL_] to quit telnet mode
Trying 56.1.1.1 ...
Connected to 56.1.1.1 ...