SW1
vlan batch 2 to 3
interface Ethernet0/0/1
port link-type access
port default vlan 2
interface Ethernet0/0/2
port link-type access
port default vlan 2
interface Ethernet0/0/3
port link-type access
port default vlan 3
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
SW2
vlan batch 2 to 3
interface Ethernet0/0/1
port link-type access
port default vlan 2
interface Ethernet0/0/2
port link-type access
port default vlan 3
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 3
R1
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.252
dhcp enable
ip pool v2
gateway-list 192.168.1.65
network 192.168.1.64 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8
ip pool v3
gateway-list 192.168.1.97
network 192.168.1.96 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8
interface GigabitEthernet0/0/1.1
dot1q termination vid 2
arp broadcast enable ip address 192.168.1.65 255.255.255.224
dhcp select global
interface GigabitEthernet0/0/1.2
dot1q termination vid 3
arp broadcast enable
ip address 192.168.1.97 255.255.255.224
dhcp select global
R2
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.252
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
dhcp enable
ip pool v2
gateway-list 192.168.1.129
network 192.168.1.128 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8
ip pool v3
gateway-list 192.168.1.161
network 192.168.1.160 mask 255.255.255.224
dns-list 114.114.114.114 8.8.8.8
interface GigabitEthernet0/0/2.1
dot1q termination vid 2
ip address 192.168.1.129 255.255.255.224
arp broadcast enable
dhcp select global
interface GigabitEthernet0/0/2.2
dot1q termination vid 3
ip address 192.168.1.161 255.255.255.224
arp broadcast enable
dhcp select global
ISP
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 3.3.3.1 255.255.255.0
2.OSPF配置
R1
ospf 1 router-id 1.1.1.1 //开启ospf协议,给定router-id
area 0.0.0.0 //进入区域0
network 192.168.1.0 0.0.0.255 //宣告网段
interface GigabitEthernet0/0/0
ospf authentication-mode md5 1 cipher xiaoli123 //在与邻居相连接口上做认证,保障安全
R2
ospf 1 router-id 2.2.2.2
default-route-advertise always
area 0.0.0.0
network 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0/0
ospf authentication-mode md5 1 cipher xiaoli123
3.ACL+NAT
R1
aaa
local-user xiaoli password cipher xiaoli123
local-user xiaoli service-type telnet
local-user xiaoli privilege level 15
user-interface vty 0 4
authentication-mode aaa
acl number 3000
rule 5 deny tcp source 192.168.1.94 0 destination 192.168.1.65 0 destination-port eq telnet
rule 10 deny tcp source 192.168.1.94 0 destination 192.168.1.97 0 destination-port eq telnet
rule 10 deny tcp source 192.168.1.94 0 destination 192.168.1.1 0 destination-port eq telnet
interface GigabitEthernet0/0/1.1
traffic-filter inbound acl 3000
R2
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0/1
nat outbound 2000
nat static protocol tcp global current-interface www inside 192.168.1.98 www netmask 255.255.255.255
nat static protocol tcp global current-interface telnet inside 192.168.1.1 telnet netmask 2