目录
一、实验拓扑
二、实验需求
1、R6为ISP,接口IP地址均为公有地址,该设备只能配置IP地址,之后不能再对其进行任何配置;
2、R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
3、R1、R2、R4,各有两个环回IP地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;
4、R3下面的两台PC通过DHCP自动获取IP地址;
5、选路最佳,路由表尽量小,避免环路;
6、R1-R5均可以访问R6的环回;
7、R6 telnet R5的公有地址时,实际登录到R1上;
8、R4与R5正常通过1000M链路,故障时通过100m链路;
三、实验步骤
1、分配IP地址
192.168.1.0/24
(1)192.168.1.0000 0000 192.168.1.0 /27—骨干链路网段
192.168.1.0000 0000 192.168.1.0 /30—AR1-AR2
192.168.1.0000 0100 192.168.1.4 /30—AR2-AR4
192.168.1.0000 1000 192.168.1.8 /30—AR1-AR3
192.168.1.0000 1100 192.168.1.12/30—AR3-AR4
192.168.1.0001 0000 192.168.1.16/30—AR4-AR5
192.168.1.0001 0100 192.168.1.20/30—AR4-AR5
(2)192.168.1.0010 0000 192.168.1.32/27—AR1环回
192.168.1.0010 0000 192.168.1.32/28—L0
192.168.1.0011 0000 192.168.1.48/28—L1
(3)192.168.1.0100 0000 192.168.1.64/27—AR2环回
192.168.1.0100 0000 192.168.1.64/28—L0
192.168.1.0101 0000 192.168.1.80/28—L1
(4)192.168.1.0110 0000 192.168.1.96/27—AR3下的用户网段
(5)192.168.1.1000 0000 192.168.1.128/27—AR4环回
192.168.1.1000 0000 192.168.1.128/28—L0
192.168.1.1001 0000 192.168.1.144/28—L1
(6)192.168.1.1010 0000 192.168.1.160/27—AR5环回
2、配置路由器接口IP地址和环回接口
AR1接口ip:
[AR1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.9 30
AR1环回接口:
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 192.168.1.33 28
[AR1]interface LoopBack 1
[AR1-LoopBack1]ip address 192.168.1.49 28
AR2接口ip:
[AR2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[AR2-GigabitEthernet0/0/1]ip address 192.168.1.5 30
AR2环回接口:
[AR2]interface LoopBack 0
[AR2-LoopBack0]ip address 192.168.1.65 28
[AR2]interface LoopBack 1
[AR2-LoopBack1]ip address 192.168.1.81 28
AR3接口ip:
[AR3-GigabitEthernet0/0/0]ip address 192.168.1.10 30
[AR3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
[AR3-GigabitEthernet0/0/2]ip address 192.168.1.97 27
AR3 DHCP分发ip地址 :
[AR3]dhcp enable
[AR3]ip pool aa
[AR3-ip-pool-aa]network 192.168.1.96 mask 27
[AR3-ip-pool-aa]gateway-list 192.168.1.97
[AR3-ip-pool-aa]dns-list 114.114.114.114
[AR3-GigabitEthernet0/0/2]dhcp select global
AR4接口ip:
[AR4-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[AR4-GigabitEthernet0/0/1]ip address 192.168.1.14 30
[AR4-GigabitEthernet0/0/2]ip address 192.168.1.17 30
[AR4-GigabitEthernet4/0/0]ip address 192.168.1.21 30
AR4环回接口:
[AR4]interface LoopBack 0
[AR4-LoopBack0]ip address 192.168.1.129 28
[AR4]interface LoopBack 1
[AR4-LoopBack1]ip address 192.168.1.145 28
AR5接口ip:
[AR5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
[AR5-GigabitEthernet0/0/2]ip address 192.168.1.22 30
[AR5-GigabitEthernet0/0/1]ip address 12.0.0.1 24
AR5环回接口:
[AR5]interface LoopBack 0
[AR5-LoopBack0]ip address 192.168.1.161 27
AR6接口ip:
[AR6-GigabitEthernet0/0/0]ip address 12.0.0.2 24
AR6环回接口:
[AR6]interface LoopBack 0
[AR6-LoopBack0]ip address 1.1.1.1 24
3、内网静态路由全网通:
AR1:
[AR1]ip route-static 192.168.1.4 30 192.168.1.2
[AR1]ip route-static 192.168.1.64 27 192.168.1.2
[AR1]ip route-static 192.168.1.128 27 192.168.1.2
[AR1]ip route-static 192.168.1.20 30 192.168.1.2
[AR1]ip route-static 192.168.1.160 27 192.168.1.2
[AR1]ip route-static 192.168.1.16 30 192.168.1.2
[AR1]ip route-static 192.168.1.12 30 192.168.1.2
[AR1]ip route-static 192.168.1.96 27 192.168.1.10
[AR1]ip route-static 192.168.1.12 30 192.168.1.10
[AR1]ip route-static 192.168.1.128 27 192.168.1.10
[AR1]ip route-static 192.168.1.20 30 192.168.1.10
[AR1]ip route-static 192.168.1.16 30 192.168.1.10
[AR1]ip route-static 192.168.1.160 27 192.168.1.10
AR2:
[AR2]ip route-static 192.168.1.20 30 192.168.1.6
[AR2]ip route-static 192.168.1.128 27 192.168.1.6
[AR2]ip route-static 192.168.1.160 27 192.168.1.6
[AR2]ip route-static 192.168.1.16 30 192.168.1.6
[AR2]ip route-static 192.168.1.12 30 192.168.1.6
[AR2]ip route-static 192.168.1.96 27 192.168.1.6
[AR2]ip route-static 192.168.1.32 27 192.168.1.1
[AR2]ip route-static 192.168.1.8 30 192.168.1.1
[AR2]ip route-static 192.168.1.32 27 192.168.1.1
AR3:
[AR3]ip route-static 182.168.1.32 27 192.168.1.9
[AR3]ip route-static 182.168.1.0 30 192.168.1.9
[AR3]ip route-static 182.168.1.64 27 192.168.1.9
[AR3]ip route-static 182.168.1.4 30 192.168.1.14
[AR3]ip route-static 182.168.1.128 27 192.168.1.14
[AR3]ip route-static 182.168.1.16 30 192.168.1.14
[AR3]ip route-static 182.168.1.20 30 192.168.1.14
[AR3]ip route-static 182.168.1.160 27 192.168.1.14
[AR3]ip route-static 182.168.1.64 27 192.168.1.14
AR4:
[AR4]ip route-static 192.168.1.160 27 192.168.1.22
[AR4]ip route-static 192.168.1.160 27 192.168.1.18
[AR4]ip route-static 192.168.1.96 27 192.168.1.13
[AR4]ip route-static 192.168.1.8 30 192.168.1.13
[AR4]ip route-static 192.168.1.32 27 192.168.1.13
[AR4]ip route-static 192.168.1.32 27 192.168.1.5
[AR4]ip route-static 192.168.1.0 30 192.168.1.5
[AR4]ip route-static 192.168.1.64 27 192.168.1.5
AR5:
[AR5]ip route-static 192.168.1.128 27 192.168.1.21
[AR5]ip route-static 192.168.1.128 27 192.168.1.17
[AR5]ip route-static 192.168.1.12 30 192.168.1.17
[AR5]ip route-static 192.168.1.12 30 192.168.1.21
[AR5]ip route-static 192.168.1.96 27 192.168.1.21
[AR5]ip route-static 192.168.1.96 27 192.168.1.17
[AR5]ip route-static 192.168.1.8 30 192.168.1.17
[AR5]ip route-static 192.168.1.8 30 192.168.1.21
[AR5]ip route-static 192.168.1.32 27 192.168.1.21
[AR5]ip route-static 192.168.1.32 27 192.168.1.17
[AR5]ip route-static 192.168.1.0 30 192.168.1.17
[AR5]ip route-static 192.168.1.0 30 192.168.1.21
[AR5]ip route-static 192.168.1.64 27 192.168.1.21
[AR5]ip route-static 192.168.1.64 27 192.168.1.17
[AR5]ip route-static 192.168.1.4 30 192.168.1.17
[AR5]ip route-static 192.168.1.4 30 192.168.1.21
4、公网通
AR5:ip route-static 0.0.0.0 0 12.0.0.2
5、配置防环机制
[AR1]ip route-static 192.168.1.32 27 NULL 0
[AR2]ip route-static 192.168.1.64 27 NULL 0
[AR4]ip route-static 192.168.1.128 27 NULL 0
6、内网访问公网(NAT)
AR5配置ACL
[AR5]acl 2000
[AR5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR5-acl-basic-2000]interface g0/0/1
[AR5-GigabitEthernet0/0/1]nat outbound 2000
R1-R4配置缺省
[AR1]ip route-static 0.0.0.0 0 192.168.1.2
[AR1]ip route-static 0.0.0.0 0 192.168.1.10
[AR2]ip route-static 0.0.0.0 0 192.168.1.6
[AR3]ip route-static 0.0.0.0 0 192.168.1.14
[AR4]ip route-static 0.0.0.0 0 192.168.1.22
[AR4]ip route-static 0.0.0.0 0 192.168.1.18
7、远程登陆到R1
AR1:配置远程登陆
[AR1]aaa
[AR1-aaa]local-user huang password cipher 123 privilege level 15
[AR1-aaa]local-user huang service-type telnet
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa
将内网服务发布到公网:配置nat server
[AR5]int g0/0/1
[AR5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
8、浮动静态路由
测试:tracert 192.168.1.161
[AR4]ip route-static 0.0.0.0 0 192.168.1.18 preference 61
AR5:
[AR5]ip route-static 192.168.1.12 30 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.96 27 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.8 30 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.32 27 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.0 30 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.64 27 192.168.1.17 preference 61
[AR5]ip route-static 192.168.1.4 30 192.168.1.17 preference 61