IP划分
192.168.1.0/24
192.168.1.0/27---作为骨干链路 (还有六段自己的链路,再借三位)
192.168.1.0/30 192.168.1.4/30 192.168.1.8/30
192.168.1.12/30 192.168.1.16/30 192.168.1.20/30
192.168.1.32/27---r1环回
192.168.1.32/28
192.168.1.48/28
192.168.1.64/27---r2环回
192.168.1.64/28
192.168.1.80/28
192.168.1.96/27---r4环回
192.168.1.96/28
192.168.1.112/28
192.168.1.128/27---r3dhcp获取
192.168.1.160/27---r5环回
192.168.1.160/28
配置ip地址
1,以r1为例,配置直连网段IP:
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[r1]interface g0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.1.13 30
2,配置环回网段IP:
[r1]interface LoopBack 1
[r1-LoopBack1]ip address 192.168.1.33 28
[r1]interface LoopBack 2
[r1-LoopBack1]ip address 192.168.1.49 28
3,为避免环路,且避免链路多的路由条目过于繁琐,做缺省路由
[r1]ip route-static 0.0.0.0 0 192.168.1.2
3.配置静态路由:
[r1]ip route-static 192.168.1.8 30 192.168.1.14
[r1]ip route-static 192.168.1.128 27 192.168.1.14
最后再加上空接口防环路由
[r1]ip route-static 192.168.1.32 27 NULL 0
5.浮动静态路由
在R4上
[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 70
DHCP自动获取IP地址
[r3]dhcp enable
[r3]ip pool aa
[r3-ip-pool-aa]network 192.168.1.128 mask 27
[r3-ip-pool-aa]gateway-list 192.168.1.129
[r3-ip-pool-aa]dns-list 114.114.114.114 8.8.8.8
[r3-ip-pool-aa] quit
[r3]
[r3]int g 1/0/0
[r3-GigabitEthernet0/0/2]ip add 192.168.1.129 27
[r3-GigabitEthernet0/0/2]dhcp s
[r3-GigabitEthernet0/0/2]dhcp select g
[r3-GigabitEthernet0/0/2]dhcp select global
r1-r5都能访问公网ip
使用acl控制流量
[r5]acl 2000
[r5-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]quit
[r5]interface g 1/0/0
[r5-GigabitEthernet1/0/0]nat outbound 2000
R6 telnet R5的IP地址时,实际登录R1
r1上的配置
[r1]aaa
[r1-aaa]local-user zly privilege level 15 password cipher 123456
[r1-aaa]local-user zly service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
r5上的配置
[r5]int g 1/0/0
[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23