要求:
(设备名称按照拓扑标识修改,注意区分大小写)
1、ISP路由器仅配置IP地址
2、私网使用OSPF做到内网全通,R1-R2-R4OSPF使用一条命令进行宣告(直接宣告192.168.1.0网段)R3采用精准宣告;router-ID分别为(例:R1-1.1.1.1 R2-2.2.2.2);OSPF进程为1
2.1 ospf区域按照拓扑标注进行配置,整个odpf网络环境需要保障更新安全,认证模式统一使用接口认证,采用md5进行认证,密码为huawei,key-id为1.
2.2 ospf区域0,R3为DR,没有BDR
2.3 减少路由条目,避免环路
3、PC1-PC4使用DHCP获取地址,地址池名称使用a,b
4、PC1不能访问PC5,acl编号为3000
5、R4出口只拥有一个公网IP
6、R1-telnet服务器的账号密码为aaa/123456
7、内网用户可以正常访问ISP(边界做默认路由)
8、公网设备的路由表不能有私网的路由,使用nat(acl编号为2000)
9、内网设备的路由表不能有公网的路由,边界下发默认路由
10、VLAN及IP规划查看附件材料(所有trunk链路按照最少VLAN透传原则放通-仅放通需要放通的vlan)
SW1:
SW2:
R1:
配置于R2类似
配置远程登陆 aaa/123456
R2:
AR3:
防环:
AR4:
ISP(AR5):
以下是每个设备的配置命令--可以直接复制到设备上(pc5是静态路由需要自行配置)
sw1
vlan batch 2 3
int g0/0/1
port link-type access
port default vlan 2
int g0/0/2
port link-type access
port default vlan 3
int g0/0/3
port link-type trunk
port trunk allow-pass vlan 2 3
sw2
vlan batch 20 30
int g0/0/1
port link-type access
port default vlan 20
int g0/0/2
port link-type access
port default vlan 30
int g0/0/3
port link-type trunk
port trunk allow-pass vlan 20 30
R2
int g0/0/1.1
ip address 192.168.1.65 28
dot1q termination vid 20
arp broadcast enable
int g0/0/1.2
ip address 192.168.1.81 28
dot1q termination vid 30
arp broadcast enable
quit
ospf 1 router-id 2.2.2.2
area 0
network 192.168.1.0 0.0.0.255
quit
quit
dhcp enable
ip pool aa
network 192.168.1.64 mask 28
gateway-list 192.168.1.65
quit
ip pool bb
network 192.168.1.80 mask 28
gateway-list 192.168.1.81
int g0/0/1.1
dhcp select global
int g0/0/1.2
dhcp select global
int g0/0/1
ospf dr-priority 0
int g0/0/0
ip address 192.168.1.2 27
ospf dr-priority 0
R1
int g0/0/1.1
ip address 192.168.1.33 28
dot1q termination vid 2
arp broadcast enable
int g0/0/1.2
ip address 192.168.1.49 28
dot1q termination vid 3
arp broadcast enable
quit
ospf 1 router-id 1.1.1.1
area 0
network 192.168.1.0 0.0.0.255
quit
quit
dhcp enable
ip pool aa
network 192.168.1.32 mask 28
gateway-list 192.168.1.33
quit
ip pool bb
network 192.168.1.48 mask 28
gateway-list 192.168.1.49
int g0/0/1.1
dhcp select global
int g0/0/1.2
dhcp select global
int g0/0/1
ospf dr-priority 0
int g0/0/0
ip address 192.168.1.1 27
ospf dr-priority 0
quit
aaa
local-user aaa password cipher 123456 privilege level 3
local-user aaa service-type telnet
quit
user-interface vty 0 4
authentication-mode aaa
R3
int g0/0/1
ip address 192.168.1.129 30
int g0/0/0
ip address 192.168.1.3 27
quit
ospf 1 router-id 3.3.3.3
area 0
network 192.168.1.3 0.0.0.0
quit
area 1
network 192.168.1.129 0.0.0.0
quit
quit
ip route-static 192.168.1.0 27 NULL 0
R4
int g0/0/0
ip address 192.168.1.130 30
int g0/0/1
ip address 100.1.1.1 24
quit
ospf 1 router-id 4.4.4.4
area 1
network 192.168.1.0 0.0.0.255
quit
default-route-advertise always
quit
ip route-static 0.0.0.0 0.0.0.0 100.1.1.2
acl 2000
rule permit source 192.168.1.0 0.0.0.255
quit
int g0/0/1
nat outbound 2000
quit
acl 3000
rule deny tcp source 192.168.1.46 0 destination 200.1.1.100 0 d
estination-port eq telnet
int g0/0/1
traffic-filter outbound acl 3000
AR5(ISP)
int g0/0/0
ip address 100.1.1.2 24
int g0/0/1
ip address 200.1.1.1 24