目录标题
网络部署思路
1.拓扑设计-ip地址规划
2.实施
- 底层所有节点拥有合法ip地址
- 路由-静态 动态 全网可达
- 策略-规则 优化 安全
- 测试
- 排错
3.维护
4.升级-割接(网工) 扩容(服务器)
192.168.1.0/24 借三位
192.168.1.32/27 R1
R1有两个环回,把192.168.1.32/27拆成192.168.1.32/28 192.168.1.48/28
192.168.1.64/27 R2
192.168.1.64/28 192.168.1.80/28
192.168.1.96/27 R3
192.168.1.1.128/27 R4
192.168.1.128/28 192.168.1.144/28
192.168.1.1.160/27 R5
192.168.1.192/27
192.168.1.224/27
第一步:分别配置环回路由
[R1]interface LoopBack 0
[R1-LoopBack0]ip add 192.168.1.33 28
[R1-LoopBack0]int lo1
[R1-LoopBack1]ip add 192.168.1.49 28
[R1-LoopBack1]
[R2]int lo0
[R2-LoopBack0]ip add 192.168.1.65 28
[R2-LoopBack0]int lo1
[R2-LoopBack1]ip add 192.168.1.81 28
[R2-LoopBack1]
R3这里没有环回,下面连的是真实的物理接口
[R3]int g0/0/2
[R3-GigabitEthernet0/0/2]ip add 192.168.1.97 27
[R3-GigabitEthernet0/0/2]
[R4]int lo0
[R4-LoopBack0]ip add 192.168.1.129 28
[R4-LoopBack0]int lo1
[R4-LoopBack1]ip add 192.168.1.145 28
[R4-LoopBack1]
[R5]int lo0
[R5-LoopBack0]ip add 192.168.1.161 27
[R6]int lo0
[R6-LoopBack0]ip add 6.6.6.6 24
第二步:配置骨干链路
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.1 30
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.5 30.
[R1-GigabitEthernet0/0/0]
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.1.9 30
[R2-GigabitEthernet0/0/1]
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 192.168.1.6 30
[R3-GigabitEthernet0/0/1]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.1.13 30
[R3-GigabitEthernet0/0/0]
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 192.168.1.10 30
[R4-GigabitEthernet0/0/0]
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.1.14 30
[R4-GigabitEthernet0/0/1]int g4/0/0
[R4-GigabitEthernet4/0/0]ip add 192.168.1.17 30
[R4-GigabitEthernet4/0/0]int g0/0/2
[R4-GigabitEthernet0/0/2]ip add 192.168.1.21 30
[R4-GigabitEthernet0/0/2]
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ip add 192.168.1.18 30
[R5-GigabitEthernet0/0/0]int g0/0/2
[R5-GigabitEthernet0/0/2]ip add 192.168.1.22 30
[R5-GigabitEthernet0/0/2]int g0/0/1
[R5-GigabitEthernet0/0/1]ip add 56.1.1.1 24
[R5-GigabitEthernet0/0/1]
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ip add 56.1.1.2 24
[R6-GigabitEthernet0/0/0]
第三步:R3上配置dhcp
[R3]dhcp enable
[R3]ip pool a
[R3-ip-pool-a]network 192.168.1.96 mask 27
[R3-ip-pool-a]gateway-list 192.168.1.97
[R3-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[R3-ip-pool-a]q
[R3]int g0/0/2
[R3-GigabitEthernet0/0/2]dhcp select global
[R3-GigabitEthernet0/0/2]
查看两个电脑是否自动查到ip
第四步:建立缺省路由
[R5]ip route-static 0.0.0.0 0 56.1.1.2
为了避免大家产生误会,我将g0/0/2备用线路断掉
[R4]int g0/0/2
[R4-GigabitEthernet0/0/2]shutdown
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R2]ip route-static 0.0.0.0 0 192.168.1.10
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
第五步:加最优路由和它到不了的路由
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.96 27 192.168.1.6
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R1]
[R2]ip route-static 192.168.1.32 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R3]ip route-static 192.168.1.32 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.96 27 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.17
到这里整个内网互通了
第六步:最备份链路
[R4]int g0/0/2
[R4-GigabitEthernet0/0/2]undo shutdown
将R4下一跳为1.18的路由全部再以1.22来一次,在更改一下优先级
将R5上下一跳为1.17的路由全部以1.21来一次,在更改优先级
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[R5]ip route-static 192.168.1.32 27 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.64 27 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.96 27 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.128 27 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.0 30 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.4 30 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.8 30 192.168.1.21 pr 61
[R5]ip route-static 192.168.1.12 30 192.168.1.21 pr 61
我们将主链路g4/0/0链路断开,在ping下
主链路断了,它走的是备用链路
第七步:访问外网
内网可互通了,但是访问不了外网
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]q
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]nat outbound 2000
[R5-GigabitEthernet0/0/1]
第八步:路由优化
避免环路
在R1、R2、R4针对汇总网段进行空接口的预设。如果未来你把其中一个环回关闭,对方不知道,给你发数据,你没有缺省,把数据甩出去到时候就成了回环
[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0
R6上远程登录R5,实际上登录到R1上
将R5的56.1.1.1的80端口映射到R1上
[R1]aaa
[R1-aaa]local-user yangyong privilege level 15 password cipher 123456
[R1-aaa]local-user yangyong service-type telnet
[R1-aaa]q
[R1]user-interface vty 0
[R1-ui-vty0]authentication-mode aaa
[R1-ui-vty0]
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]int g0/0/1
[R5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 in
[R5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
将23端口映射到192.168.1.1的23端口
Are you sure to continue?[Y/N]:y
[R5-GigabitEthernet0/0/1]
登录成功,到这里实验就全部做完了。