静态路由综合实验
实验要求:
1一R6为isp,接口IP地址均为公有地址;该设备只能配置IP地址,之后不能再对其进行任何配置﹔
2-R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配﹔
3-所有路由器上环回,均代表连接用户的接口;4一R3下的两台FC通过DHCP自动获取IP地址5-选路最佳,路由表尽量小,避免环路;6-R1-R5均可访问R6的环回
7一R6telnetR5的公有IP地址时,实际登陆到R1上
8-R4与R5正常通过1000链路,故障时通过100兆链路;
实验拓扑结构:
1、IP规划与IP配置:
ri骨干:192.168.1.0/30
r1环回:
192.168.1.32/27
192.168.1.32/28
192.168.1.48/28
r2骨干:192.168.1.8/30
r1环回:
192.168.1.64/27
192.168.1.64/28
192.168.1.80/28
r3骨干:192.168.1.4/30
dhcp地址池:
192.168.1.96/27
r4骨干:192.168.1.12/30
192.168.16/30
r4环回:
192.168.1.128/27
192.168.1.128/28
192.168.1.144/28
r5骨干:192.168.1.20/30
r5环回:
192.168.1.160/27
公网网段:11.1.1.0/24
r6环回:6.6.6.6/24
2.为R3的两台PC配置DHCP服务:
[r3]dhcp enable
[r3]ip pool qq
[r3-ip-pool-qq]network 192.168.1.96 mask 27
[r3-ip-pool-qq]gateway-list 192.168.1.97
[r3-ip-pool-qq]dns-list 8.8.8.8
[r3]int g0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global
DHCP分配IP成功
## 配置静态路由以及防环空接口,并实现R4与R5正常通过1000链路,故障时通过100兆链路;:
**r1:**
ip route-static 0.0.0.0 0.0.0.0 192.168.1.6
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
ip route-static 192.168.1.8 255.255.255.252 192.168.1.2
ip route-static 192.168.1.12 255.255.255.252 192.168.1.6
ip route-static 192.168.1.32 255.255.255.224 NULL0
ip route-static 192.168.1.64 255.255.255.224 192.168.1.2
ip route-static 192.168.1.96 255.255.255.224 192.168.1.6
**r2:**
ip route-static 0.0.0.0 0.0.0.0 192.168.1.10
ip route-static 0.0.0.0 0.0.0.0 192.168.1.13
ip route-static 192.168.1.4 255.255.255.252 192.168.1.1
ip route-static 192.168.1.32 255.255.255.224 192.168.1.1
ip route-static 192.168.1.64 255.255.255.224 NULL0
ip route-static 192.168.1.96 255.255.255.224 192.168.1.1
ip route-static 192.168.1.96 255.255.255.224 192.168.1.10
**r3:**
ip route-static 0.0.0.0 0.0.0.0 192.168.1.14
ip route-static 192.168.1.0 255.255.255.252 192.168.1.5
ip route-static 192.168.1.32 255.255.255.224 192.168.1.5
ip route-static 192.168.1.64 255.255.255.224 192.168.1.5
ip route-static 192.168.1.64 255.255.255.224 192.168.1.14
ip route-static 192.168.1.96 255.255.255.224 NULL0
**r4:**
ip route-static 0.0.0.0 0.0.0.0 192.168.1.18
ip route-static 0.0.0.0 0.0.0.0 192.168.1.22 preference 70
ip route-static 192.168.1.0 255.255.255.252 192.168.1.9
ip route-static 192.168.1.4 255.255.255.252 192.168.1.13
ip route-static 192.168.1.32 255.255.255.224 192.168.1.9
ip route-static 192.168.1.32 255.255.255.224 192.168.1.13
ip route-static 192.168.1.64 255.255.255.224 192.168.1.9
ip route-static 192.168.1.96 255.255.255.224 192.168.1.13
ip route-static 192.168.1.128 255.255.255.224 NULL0
**r5:**
ip route-static 0.0.0.0 0.0.0.0 11.1.1.2
ip route-static 0.0.0.0 0.0.0.0 192.168.1.17
ip route-static 0.0.0.0 0.0.0.0 192.168.1.21
ip route-static 192.168.1.0 255.255.255.252 192.168.1.17
ip route-static 192.168.1.0 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.4 255.255.255.252 192.168.1.17
ip route-static 192.168.1.4 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.8 255.255.255.252 192.168.1.17
ip route-static 192.168.1.8 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.12 255.255.255.252 192.168.1.17
ip route-static 192.168.1.12 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.32 255.255.255.224 192.168.1.17
ip route-static 192.168.1.32 255.255.255.224 192.168.1.21 preference 70
ip route-static 192.168.1.64 255.255.255.224 192.168.1.17
ip route-static 192.168.1.64 255.255.255.224 192.168.1.21 preference 70
ip route-static 192.168.1.96 255.255.255.224 192.168.1.17
ip route-static 192.168.1.96 255.255.255.224 192.168.1.21 preference 70
ip route-static 192.168.1.128 255.255.255.224 192.168.1.17
ip route-static 192.168.1.128 255.255.255.224 192.168.1.21 preference 70
测试网络:
全网可达
r4和r5之间的备份线路做好后,测试一下:
shutdown r5的0/0/0接口后:
nat转换:
R5:
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]nat outbound 2000
实现R6telnetR5的公有IP地址时,实际登陆到R1上:
在R1上注册并开启服务:
aaa
[r1-aaa]local-user mh007 privilege level 15 password cipher 123456
[r1-aaa]local-user mh007 service-type telnet
[r1]user-interface vty 0
[r1-ui-vty0]authentication-mode aaa
R5上:
[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
我们在R6上进行telnet远程登陆,登录到R1上:
至此,要求全部实现!