实验要求:
实验预览图:
实验分析:
1、对R6仅配置接口IP和环回地址
2、实验要求局域网的私有IP地址为192.168.1.0/24,如图分析可先对骨干网络、环回和用户网段进行划分,再对R1、R2、R4划分两个环回地址,对R5、R3划分一个地址
3、对R1、R2、R4、各配置两个环回地址,对R5配置一个用户网段,对R6配置一个环回地址
4、对R3开启DHCP服务并进行相关地址池配置。
5、使用缺省路由,同时对含有两个环回的路由器进行子网汇总。
6、R1-R5可以访问R6的环回地址,在R3上配置acl使得PC无法访问R6的环回地址。
7、在R1上开启telnet服务,接着在R5的公网端口上进行映射。
8、在R4-R5中,对1000M的线路使用默认优先级,对100M的线路将优先级更改为70
实验过程:
进行IP划分
-
192.168.1.000 00000——192.168.1.0/27——骨干网络
-
192.168.1.000 000 00——192.168.1.0/30——R1-2
-
192.168.1.000 001 00——192.168.1.4/30——R2-4
-
192.168.1.000 010 00——192.168.1.8/30——R1-3
-
192.168.1.000 011 00——192.168.1.12/30——R3-4
-
192.168.1.000 100 00——192.168.1.16/30——R4-5
-
192.168.1.000 101 00——192.168.1.20/30——R4-5
-
192.168.1.000 110 00——192.168.1.24/30——保留
-
192.168.1.000 111 00——192.168.1.28/30——保留
-
-
192.168.1.001 00000——192.168.1.32/27——R1环回
-
192.168.1.001 0 0000——192.168.1.32/28
-
192.168.1.001 1 0000——192.168.1.48/28
-
-
192.168.1.010 00000——192.168.1.64/27——R2环回
-
192.168.1.010 0 0000——192.168.1.64/28
-
192.168.1.010 1 0000——192.168.1.80/28
-
-
192.168.1.011 00000——192.168.1.96/27——R3用户网段
-
192.168.1.100 00000——192.168.1.128/27——R4环回
-
192.168.1.100 0 0000——192.168.1.128/28
-
192.168.1.100 1 0000——192.168.1.144/28
-
-
192.168.1.101 00000——192.168.1.160/27——R5环回
-
192.168.1.110 00000——192.168.1.192/27——保留
-
192.168.1.111 00000——192.168.1.224/27——保留
配置完成图:
进行IP配置:
R1:
配置接口0/0/0:
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.9 30
配置接口0/0/1:
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.1.1 30
配置环回0:
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 192.168.1.33 28
配置环回1:
[r1]interface LoopBack 1
[r1-LoopBack1]ip address 192.168.1.49 28
检查配置:
[r1]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.9/30 up up
GigabitEthernet0/0/1 192.168.1.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 192.168.1.33/28 up up(s)
LoopBack1 192.168.1.49/28 up up(s)
NULL0 unassigned up up(s)
R2:
配置接口0/0/0:
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
配置接口0/0/1:
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.1.5 30
配置环回0:
[r2]interface LoopBack 0
[r2-LoopBack0]ip address 192.168.1.81 28
配置环回1:
[r2]interface LoopBack 1
[r2-LoopBack1]ip address 192.168.1.65 28
检查配置;
[r2]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.2/30 up up
GigabitEthernet0/0/1 192.168.1.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 192.168.1.81/28 up up(s)
LoopBack1 192.168.1.65/28 up up(s)
NULL0 unassigned up up(s)
R3:
配置接口0/0/0:
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.1.10 30
配置接口0/0/1:
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
配置接口0/0/2:
[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]ip address 192.168.1.97 27
检查配置:
[r3]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.10/30 up up
GigabitEthernet0/0/1 192.168.1.13/30 up up
GigabitEthernet0/0/2 192.168.1.97/27 up up
NULL0 unassigned up up(s)
R4:
配置接口0/0/0:
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.1.6 30
配置接口0/0/1:
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.1.14 30
配置接口0/0/2:
[r4]interface GigabitEthernet 0/0/2
[r4-GigabitEthernet0/0/2]ip address 192.168.1.17 30
配置接口4/0/0:
[r4]interface GigabitEthernet 4/0/0
[r4-GigabitEthernet4/0/0]ip address 192.168.1.21 30
配置环回0:
[r4]interface LoopBack 0
[r4-LoopBack0]ip address 192.168.1.129 28
配置环回1:
[r4]interface LoopBack 1
[r4-LoopBack1]ip address 192.168.1.145 28
检查配置:
[r4]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.6/30 up up
GigabitEthernet0/0/1 192.168.1.14/30 up up
GigabitEthernet0/0/2 192.168.1.17/30 up up
GigabitEthernet4/0/0 192.168.1.21/30 up up
LoopBack0 192.168.1.129/28 up up(s)
LoopBack1 192.168.1.145/28 up up(s)
NULL0 unassigned up up(s)
R5:
配置接口0/0/0:
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
配置接口0/0/1:
[r5]interface GigabitEthernet 0/0/1
[r5-GigabitEthernet0/0/1]ip address 192.168.1.22 30
配置接口0/0/2:
[r5]interface GigabitEthernet 0/0/2
[r5-GigabitEthernet0/0/2]ip address 12.0.0.1 24
配置环回0:
[r5]interface LoopBack 0
[r5-LoopBack0]ip address 192.168.1.161 27
查看配置:
[r5]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.18/30 up up
GigabitEthernet0/0/1 192.168.1.22/30 up up
GigabitEthernet0/0/2 12.0.0.1/24 up up
LoopBack0 192.168.1.161/27 up up(s)
NULL0 unassigned up up(s)
R6:
配置接口0/0/0:
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 12.0.0.2 24
配置环回0:
[r6]interface LoopBack 0
[r6-LoopBack0]ip address 1.1.1.1 24
查看配置:
[r6]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 12.0.0.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/24 up up(s)
NULL0 unassigned up up(s)
使用DHCP对PC端IP进行配置:
服务端R3:
[r3]dhcp enable
[r3]ip pool 1
[r3-ip-pool-1]network 192.168.1.96 mask 27
[r3-ip-pool-1]gateway-list 192.168.1.97
[r3-ip-pool-1]dns-list 8.8.8.8[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global
PC端:
查看配置:
全网可达
R1:
[r1]ip route-static 0.0.0.0 0 192.168.1.2
[r1]ip route-static 0.0.0.0 0 192.168.1.10
[r1]ip route-static 192.168.1.80 28 192.168.1.2
[r1]ip route-static 192.168.1.64 28 192.168.1.2
[r1]ip route-static 192.168.1.4 30 192.168.1.2
[r1]ip route-static 192.168.1.96 27 192.168.1.10
[r1]ip route-static 192.168.1.12 30 192.168.1.10
R2:
[r2]ip route-static 0.0.0.0 0 192.168.1.6
[r2]ip route-static 192.168.1.32 28 192.168.1.1
[r2]ip route-static 192.168.1.48 28 192.168.1.1
[r2]ip route-static 192.168.1.8 30 192.168.1.1[r2]ip route-static 192.168.1.96 27 192.168.1.1
[r2]ip route-static 192.168.1.12 30 192.168.1.6
[r2]ip route-static 192.168.1.96 27 192.168.1.6
R3:
[r3]ip route-static 0.0.0.0 0 192.168.1.14
[r3]ip route-static 192.168.1.32 28 192.168.1.9
[r3]ip route-static 192.168.1.48 28 192.168.1.9
[r3]ip route-static 192.168.1.0 30 192.168.1.9
[r3]ip route-static 192.168.1.80 28 192.168.1.9
[r3]ip route-static 192.168.1.64 28 192.168.1.9
[r3]ip route-static 192.168.1.64 28 192.168.1.14
[r3]ip route-static 192.168.1.80 28 192.168.1.14
[r3]ip route-static 192.168.1.4 30 192.168.1.14
R4:
[r4]ip route-static 0.0.0.0 0 192.168.1.18
[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 70
[r4]ip route-static 192.168.1.80 28 192.168.1.5
[r4]ip route-static 192.168.1.64 28 192.168.1.5
[r4]ip route-static 192.168.1.0 30 192.168.1.5
[r4]ip route-static 192.168.1.32 28 192.168.1.5
[r4]ip route-static 192.168.1.48 28 192.168.1.5
[r4]ip route-static 192.168.1.96 27 192.168.1.13
[r4]ip route-static 192.168.1.8 30 192.168.1.13
[r4]ip route-static 192.168.1.32 28 192.168.1.13
[r4]ip route-static 192.168.1.48 28 192.168.1.13
R5:
[r5]ip route-static 0.0.0.0 0 12.0.0.2
[r5]ip route-static 192.168.1.0 24 192.168.1.17
[r5]ip route-static 192.168.1.0 24 192.168.1.21 preference 70
在R5配置NAT:
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5]interface GigabitEthernet 0/0/2
[r5-GigabitEthernet0/0/2]nat outbound 2000
在私网R1上开启telnet并映射到R5的公网端口上:
在R1上开启telnet服务:
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r1]aaa
[r1-aaa]local-user huawei password cipher 123456
[r1-aaa]local-user huawei privilege level 15
[r1-aaa]local-user huawei service-type telnet
将R1的telnet服务映射到R5的公网端口上:
[r5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface telnet
inside 192.168.1.1 telnet
R1-R5均可访问R6环回,仅对对PC进行限制:
使用ACL在R3上进行配置:
[r3]acl 3000
[r3-acl-adv-3000]rule deny ip source 192.168.1.126 0 destination 1.1.1.1 0
[r3-acl-adv-3000]rule deny ip source 192.168.1.125 0 destination 1.1.1.1 0[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]traffic-filter inbound acl 3000
实验测试:
全网可达:
R1:
R2:
R3:
R4:
R5:
PC:
R1-R5可以访问R6环回,PC不能访问R6环回:
R1:
R2:
R3:
R4:
R5:
PC1:
PC2:
R6telnetR5的公有IP时,实际访问的是R1: