一、网络拓扑
二、要求
1、AR6理解为ISP设备,所连接的两个网段为公网;R1-R5构建为一个私有的局域网;
2、AR6上只能进行ip地址配置,之后不得对该路由器进行其他任何配置
3、公网范围IP地址已经指定,剩余R1-R5整个私网使用192.168.1.0/24进行合理分配
4、PC1/3为划分到VLAN2,PC2/4/HTTP 服务器划分到VLAN3;PC1-4通过DHCP自动获取ip地址;
5、所有路由器路由表应尽量控制减少,预防出现环路,所有选路均为最佳路径;R4与R5之间正常使用1000M链路,1000M链路故障时自动切换到100m链路,整个网络仅使用静态路由协议;
6、PC1—PC4均可ping通PC5,同时PC5可以通过域名www.beixin.com来访问http服务器;
7、全网仅R1可以telnet登录R2
三、分析
1、合理划分IP地址
2、在R1,R2上开启DHCP服务
3、R4和R5之间创建浮动静态路由
4、在内网和外网之间进行地址转换
四、配置内容
1、在交换机L1、L2上分别划分VLAN2,VLAN3,PC1,PC3属于VLAN2,PC2、PC4、http服务器属于VLAN3,配置结果如下:
L1:
L2:
2、配置各个设备的接口IP
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.1.1 30
[R1-GigabitEthernet0/0/2]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.1.5 30
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip address 192.168.1.9 30
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip address 192.168.1.6 30
[R3-GigabitEthernet0/0/1]int g0/0/1
[R3-GigabitEthernet0/0/2]ip address 192.168.1.13 30
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip address 192.168.1.14 30
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip address 192.168.1.10 30
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]ip address 192.168.1.17 30
[R4-GigabitEthernet0/0/2]int g4/0/0
[R4-GigabitEthernet4/0/0]ip address 192.168.1.21 30
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]ip address 192.168.1.22 30
[R5-GigabitEthernet0/0/1]int g0/0/2
[R5-GigabitEthernet0/0/2]ip address 12.1.1.1 24
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[R6-GigabitEthernet0/0/0]int g0/0/1
[R6-GigabitEthernet0/0/1]ip address 1.1.1.1 24
3、在路由器R1、R3上分别启动DHCP服务,创建地址池,为PC1-4自动分配IP
R1:
[R1]dhcp enable
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]ip address 192.168.1.33 28
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
[R1-GigabitEthernet0/0/0.1]dhcp select global
[R1-GigabitEthernet0/0/0.1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[R1-GigabitEthernet0/0/0.2]ip address 192.168.1.49 28
[R1-GigabitEthernet0/0/0.2]arp broadcast enable
[R1-GigabitEthernet0/0/0.2]dhcp select global
[R1]ip pool 2
[R1-ip-pool-2]network 192.168.1.32 mask 28
[R1-ip-pool-2]gateway-list 192.168.1.33
[R1-ip-pool-2]dns-list 114.114.114.114
[R1]ip pool 3
[R1-ip-pool-3]network 192.168.1.48 mask 28
[R1-ip-pool-3]gateway-list 192.168.1.49
[R1-ip-pool-3]dns-list 114.114.114.114
R3:
[R3]dhcp enable
[R3]int g0/0/0.1
[R3-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R3-GigabitEthernet0/0/0.1]ip address 192.168.1.65 28
[R3-GigabitEthernet0/0/0.1]arp broadcast enable
[R3-GigabitEthernet0/0/0.1]dhcp select global
[R3-GigabitEthernet0/0/0.1]int g0/0/0.2
[R3-GigabitEthernet0/0/0.2]dot1q termination vid 3
[R3-GigabitEthernet0/0/0.2]ip address 192.168.1.81 28
[R3-GigabitEthernet0/0/0.2]arp broadcast enable
[R3-GigabitEthernet0/0/0.2]dhcp select global
[R3]ip pool 2
[R3-ip-pool-2]network 192.168.1.64 mask 28
[R3-ip-pool-2]gateway-list 192.168.1.65
[R3-ip-pool-2]dns-list 114.114.114.114
[R3]ip pool 3
[R3-ip-pool-3]network 192.168.1.80 mask 28
[R3-ip-pool-3]gateway-list 192.168.1.81
[R3-ip-pool-3]dns-list 114.114.114.114
4、配置设备之间的路由
R1:
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
ip route-static 0.0.0.0 0.0.0.0 192.168.1.6
ip route-static 192.168.1.8 255.255.255.252 192.168.1.2
ip route-static 192.168.1.12 255.255.255.252 192.168.1.6
ip route-static 192.168.1.32 255.255.255.224 NULL0
ip route-static 192.168.1.64 255.255.255.224 192.168.1.6
R2:
ip route-static 0.0.0.0 0.0.0.0 192.168.1.10
ip route-static 192.168.1.4 255.255.255.252 192.168.1.1
ip route-static 192.168.1.12 255.255.255.252 192.168.1.10
ip route-static 192.168.1.32 255.255.255.224 192.168.1.1
ip route-static 192.168.1.64 255.255.255.224 192.168.1.1
ip route-static 192.168.1.64 255.255.255.224 192.168.1.10
R3:
ip route-static 0.0.0.0 0.0.0.0 192.168.1.14
ip route-static 192.168.1.0 255.255.255.224 NULL0
ip route-static 192.168.1.0 255.255.255.252 192.168.1.5
ip route-static 192.168.1.8 255.255.255.252 192.168.1.14
ip route-static 192.168.1.16 255.255.255.252 192.168.1.14
ip route-static 192.168.1.20 255.255.255.252 192.168.1.14
ip route-static 192.168.1.32 255.255.255.224 192.168.1.5
R4:
ip route-static 0.0.0.0 0.0.0.0 192.168.1.18
ip route-static 0.0.0.0 0.0.0.0 192.168.1.22 preference 70
ip route-static 192.168.1.0 255.255.255.252 192.168.1.9
ip route-static 192.168.1.4 255.255.255.252 192.168.1.13
ip route-static 192.168.1.32 255.255.255.224 192.168.1.9
ip route-static 192.168.1.32 255.255.255.224 192.168.1.13
ip route-static 192.168.1.64 255.255.255.224 192.168.1.13
R5:
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ip route-static 192.168.1.0 255.255.255.252 192.168.1.17
ip route-static 192.168.1.0 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.4 255.255.255.252 192.168.1.17
ip route-static 192.168.1.4 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.8 255.255.255.252 192.168.1.17
ip route-static 192.168.1.8 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.12 255.255.255.252 192.168.1.17
ip route-static 192.168.1.12 255.255.255.252 192.168.1.21 preference 70
ip route-static 192.168.1.32 255.255.255.224 192.168.1.17
ip route-static 192.168.1.32 255.255.255.224 192.168.1.21 preference 70
ip route-static 192.168.1.64 255.255.255.224 192.168.1.17
ip route-static 192.168.1.64 255.255.255.224 192.168.1.21 preference 70
至此,实现内网全网可达
5、为PC5设置IP,掩码和网关
6、在路由器R5上设置NAT,实现全网可达
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]q
[R5]int g0/0/2
[R5-GigabitEthernet0/0/2]nat outbound 2000
PC1 ping PC5
7、配置端口映射、http、dns、pad,实现通过域名www.beixin.com来访问http服务器
[R5]int g0/0/2
[R5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 inside 192.168.1.92 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
8、R2配置Telnet,全网仅R1可以telnet登录R2
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2]aaa
[R2-aaa]local-user huawei password cipher 123 privilege level 15
Info: Add a new user.
[R2-aaa]local-user huawei service-type telnet
[R2]acl 2000
[R2-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]traffic-filter inbound acl 2000
[R2]acl 3000
[R2-acl-adv-3000]rule permit tcp source 192.168.1.1 0.0.0.0 destination 192.168.1.2 0.0.0.0 destination-port eq 23
[R2-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255 destination 192.168.1.2 0.0.0.0 destination-port eq 23
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
五、测试
1、用pc1分别ping PC3,PC4:
2、PC1 ping R5:
3、R4与R5之间正常使用1000M链路,1000M链路故障时自动切换到100m链路
4、Pad通过域名www.beixin.com访问http服务器
5、全网仅R1可以telnet登录R2