一、实验拓扑
二、实验需求
- 按照图示配置IP地址
- 按照图示划分区域
- 要求PC6能ping通PC7
- 在R3上down掉G0/2时测试链路连通性,并查看追踪路由
- 在R3上down掉G0/1时测试链路连通性,并查看追踪路由
- 分别为每台路由器配置两个环回口,要求PC6能够ping通R12345的所有环回口
- 要求PC6不能访问192.168.4.0网段,访问其他网段均能ping通,以及PC7不能访问192.168.1.0网段,访问其他网段均能ping通
- 要求PC6不能访问PC7,访问其他网段均能ping通
- 要求PC6不能ping通R2的所有环回口,访问其他网段均能ping通,要求PC7不能ping通R1的所有环回口,访问其他网段均能ping通
- 要求PC6不能ping通R5的所有环回口,访问其他网段均能ping通
三、实验步骤
- 按照图示配置IP地址
[R1]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.1.1/24 -- --
GE0/1 up up 192.168.6.1/24
[R2]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.5.2/24 -- --
GE0/1 up up 192.168.7.2/24 --
[R3]display ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.1.3/24 -- --
GE0/1 up up 192.168.4.3/24 -- --
GE0/2 up up 192.168.2.3/24 --
[R4]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.5.4/24 -- --
GE0/1 up up 192.168.4.4/24 -- --
GE0/2 up up 192.168.3.4/24 --
[R5]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.2.5/24 -- --
GE0/1 up up 192.168.3.5/24 --
- 按照图示划分区域
[R1]router id 1.1.1.1
[R1]ospf 1
[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2]network 192.168.6.0 0.0.0.255
[R1-ospf-1-area-0.0.0.2]network 192.168.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.2]display ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbor Brief Information
Area: 0.0.0.2
Router ID Address Pri Dead-Time State Interface
3.3.3.3 192.168.1.3 1 34 Full/BDR
[R2]router id 2.2.2.2
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 192.168.5.0 0.0.0.255
[R2-ospf-1-area-0.0.0.1]network 192.168.7.0 0.0.0.255
<R2>display ospf peer
OSPF Process 1 with Router ID 2.2.2.2
Neighbor Brief Information
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
4.4.4.4 192.168.5.4 1 37 Full/BDR GE0/0
[R3]router id 3.3.3.3
[R3]ospf 1
[R3-ospf-1]area 2
[R3-ospf-1-area-0.0.0.2]network 3.3.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.2]network 192.168.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.2]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
<R3>display ospf peer
OSPF Process 1 with Router ID 3.3.3.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
4.4.4.4 192.168.4.4 1 39 Full/BDR GE0/1
5.5.5.5 192.168.2.5 1 35 Full/BDR GE0/2
Area: 0.0.0.2
Router ID Address Pri Dead-Time State Interface
1.1.1.1 192.168.1.1 1 39 Full/DR GE0/0
[R4]router id 4.4.4.4
[R4]ospf 1
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 4.4.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]network 192.168.5.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
<R4>display ospf peer
OSPF Process 1 with Router ID 4.4.4.4
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
3.3.3.3 192.168.4.3 1 35 Full/DR GE0/1
5.5.5.5 192.168.3.5 1 36 Full/BDR GE0/2
Area: 0.0.0.1
Router ID Address Pri Dead-Time State Interface
2.2.2.2 192.168.5.2 1 39 Full/DR GE0/0
[R5]router id 5.5.5.5
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
<R5>display ospf peer
OSPF Process 1 with Router ID 5.5.5.5
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
3.3.3.3 192.168.2.3 1 36 Full/DR GE0/0
4.4.4.4 192.168.3.4 1 32 Full/DR GE0/1
-
要求PC6能ping通PC7
-
在R3上down掉G0/2时测试链路连通性,并查看追踪路由
[R3]int g0/2
[R3-GigabitEthernet0/2]shutdown
- 在R3上down掉G0/1时测试链路连通性,并查看追踪路由
[R3-GigabitEthernet0/2]int g0/1
[R3-GigabitEthernet0/1]shutdown
- 分别为每台路由器配置两个环回口,要求PC6能够ping通R12345的所有环回口
[R1]int l1
[R1-LoopBack1]ip add 11.11.11.11 32
[R1]ospf 1
[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2]network 11.11.11.11 0.0.0.0
[R2]int l1
[R2-LoopBack1]ip add 22.22.22.22 32
[R2]ospf 1
[R2-ospf-1] area 1
[R2-ospf-1-area-0.0.0.1]network 22.22.22.22 0.0.0.0
依次类推....
- 要求PC6不能访问192.168.4.0网段,访问其他网段均能ping通,以及PC7不能访问192.168.1.0网段,访问其他网段均能ping通
[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 192.168.4.
0 0.0.0.255
[R1]int g0/1
[R1-GigabitEthernet0/1]packet-filter 3000 inbound
[R2]acl advanced 3000
[R2-acl-ipv4-adv-3000]rule deny icmp source 192.168.7.7 0 destination 192.168.1.
0 0.0.0.255
[R2]int g0/1
[R2-GigabitEthernet0/1]packet-filter 3000 inbound
- 要求PC6不能访问PC7,访问其他网段均能ping通
[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 192.168.7.
7 0
- 要求PC6不能ping通R2的所有环回口,访问其他网段均能ping通,要求PC7不能ping通R1的所有环回口,访问其他网段均能ping通
[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 2.2.2.2 0
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 22.22.22.2
2 0
[R2]acl advanced 3000
[R2-acl-ipv4-adv-3000]rule deny icmp source 192.168.7.7 0 destination 1.1.1.1 0
[R2-acl-ipv4-adv-3000]rule deny icmp source 192.168.7.7 0 destination 11.11.11.1
1 0
- 要求PC6不能ping通R5的所有环回口,访问其他网段均能ping通
[R1]acl advanced 3000
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 5.5.5.5 0
[R1-acl-ipv4-adv-3000]rule deny icmp source 192.168.6.6 0 destination 55.55.55.5
5 0
四、实验结果
361
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
