实验拓扑搭建如下:
思路:
- 地址规划:ISP与R7.R8路由器根据提供的地址直接进行进行配置即可,其余路由器将192.168.1.0/24网段分为五个子网,其次根据每台路由器骨干链路和环回数量再进行子网划分,最终划分地址如下:
192.168.1.0/24
192.168.1.32/27 r2
192.168.1.32/28 骨干
192.168.1.48/29 环回
192.168.1.56/29
192.168.1.64/27 r3
192.168.1.64/28 骨干
192.168.1.80/29 环回
192.168.1.88/29
192.168.1.96/27 r4
192.168.1.96/28 骨干
192.168.1.112/29 环回
192.168.1.120/29
192.168.1.128/27 r5
192.168.1.128/28 骨干
192.168.1.144/29 环回
192.168.1.152/29
192.168.1.160/27 r6
192.168.1.160/29 骨干
192.168.1.168/29
192.168.1.176/29 环回
192.168.1.184/29
- 配置:根据实验需求,ISP路由器仅配置IP地址即可,在R2-R6路由器上配置RIPV2,在R7-R8上配置RIPV1;
- 基本配置完成后,根据RIPV1与V2 版本兼容性问题,会发现R2-R6中没有R7-R8的路由条目,因此,在R6与R7直连接口分别配置兼容性,即:
R6:interface Ethernet0/1
ip rip send version 1 2
ip rip receive version 1 2
R7: interface Ethernet0/0
ip rip send version 1 2
ip rip receive version 1 2
- 由于RIPv1连续子网的问题,需要在R7与R8直连配置第二地址,所配地址应与R7-R8的环回为连续子网,即:172.16.3.0/24
- 根据要求R2到R5的环回通过R3访问,即根据RIP选路规则需要使用偏移列表在控制层面加大R6度量值;
- 为了满足更新安全需要在配置RIPV2 的路由器上配置接口认证,同时为了减少路由条目更新需要做手工汇总,减少条目;修改收敛时间,以加快收敛速度;
- 最后在边界路由器R2上向内网下放缺省路由, 同时手工配置静态缺省指向ISP以及定义ACL,NAT实现内外网互通;
- 最后在r8上开启远程登录,在r2上配置端口映射,实现ISPTelnetR2实际登录R8
实验配合如下:
ISP:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 12.1.1.1 255.255.255.0
R2:
interface Loopback0
ip address 192.168.1.49 255.255.255.248
ip rip advertise 15
!
interface Loopback1
ip address 192.168.1.57 255.255.255.248
ip rip advertise 15
!
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/1
ip address 192.168.1.33 255.255.255.240
ip nat inside
ip rip advertise 15
ip virtual-reassembly in
ip summary-address rip 192.168.1.48 255.255.255.240
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
ip address 192.168.1.162 255.255.255.248
ip nat inside
ip rip advertise 15
ip virtual-reassembly in
ip summary-address rip 192.168.1.48 255.255.255.240
router rip
version 2
timers basic 15 90 90 120
network 192.168.1.0
default-information originate
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Ethernet0/0 overload
ip nat inside source static tcp 78.1.1.2 23 12.1.1.2 23 extendable
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 permit 78.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end
R3:
Building configuration...
Current configuration : 2080 bytes
!
! Last configuration change at 10:23:06