ENSP网络综合实验，三层网络架构

实验要求：

1. 企业内网划分多个vlan，减少广播域大小，提高网络稳定性
2. 用户的网关配置在核心交换机
3. 所有设备，都可以被telnet远程管理
4. 出口配置NAT
5. 所有用户均为自动获取IP地址
6. 企业总部和分部采用oSPF路由协议连接

1. 企业内网划分多个vlan，减少广播域大小，提高网络稳定性

基础IP配置省略，读者请自行配置

按照图中所示划分用户 vlan，并设置 access 和 trunk 口

[SW4]vlan batch 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.

[SW4]int e0/0/2
[SW4-Ethernet0/0/2]p l a
[SW4-Ethernet0/0/2]p d v 10
[SW4-Ethernet0/0/2]q

[SW4]int e0/0/1
[SW4-Ethernet0/0/1]p l t
[SW4-Ethernet0/0/1]p t a v a
[SW4-Ethernet0/0/1]q

[SW5]vlan batch 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW5]int e0/0/2
[SW5-Ethernet0/0/2]p l a
[SW5-Ethernet0/0/2]p d v 20
[SW5-Ethernet0/0/2]q
[SW5]int e0/0/1
[SW5-Ethernet0/0/1]p l t
[SW5-Ethernet0/0/1]p t a v a
[SW5-Ethernet0/0/1]q

[SW2]vlan batch 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]p l t
[SW2-Ethernet0/0/1]p t a v a
[SW2-Ethernet0/0/1]q
[SW2]int e0/0/2
[SW2-Ethernet0/0/2]p l t
[SW2-Ethernet0/0/2]p t a v a
[SW2-Ethernet0/0/2]q
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
[SW2-GigabitEthernet0/0/1]q

[SW3]vlan batch 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]p l a
[SW3-Ethernet0/0/1]p d v 200
[SW3-Ethernet0/0/1]q
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]p l t
[SW3-GigabitEthernet0/0/1]p t a v a
[SW3-GigabitEthernet0/0/1]q

[SW1]vlan batch 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]p l t
[SW1-GigabitEthernet0/0/2]p t a v a
[SW1-GigabitEthernet0/0/2]q
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]p l t
[SW1-GigabitEthernet0/0/3]p t a v a

2. 用户的网关配置在核心交换机

[SW1]int vlanif 10
[SW1-Vlanif10]ip add 192.168.10.254 24
[SW1-Vlanif10]q
[SW1]int vlanif 20
[SW1-Vlanif20]ip add 192.168.20.254 24
[SW1-Vlanif20]q
[SW1]int vlanif 200
[SW1-Vlanif200]ip add 192.168.200.254 24

测试连接，PC1、PC2、Server2 可以互相通信

3. 所有设备，都可以被 telnet 远程管理

用 vlan666 作为管理 vlan，管理网段192.168.255.0/24

创建用户名为root，密码为123456，读者也可自行修改

[SW1]vlan 666
[SW1-vlan666]q
[SW1]int vlanif 666
[SW1-Vlanif666]ip add 192.168.255.1 24
[SW1-Vlanif666]q

#telnet配置
[SW1]aaa
[SW1-aaa]local-user root privilege level 3 password cipher 123456
Info: Add a new user.
[SW1-aaa]local-user root service-type telnet
[SW1-aaa]q

[SW1]user-interface vty 0 4
[SW1-ui-vty0-4]aut	
[SW1-ui-vty0-4]authentication-mode aaa

[SW2]vlan 666
[SW2-vlan666]q
[SW2]int vlanif 666
[SW2-Vlanif666]ip add 192.168.255.2 24
[SW2-Vlanif666]q
[SW2]aaa
[SW2-aaa]local-user root privilege level 3 password cipher 123456
Info: Add a new user.
[SW2-aaa]local-user root service-type telnet
[SW2-aaa]q
[SW2]user-interface vty 0 4
[SW2-ui-vty0-4]authentication-mode aaa

[SW3]vlan 666
[SW3-vlan666]q
[SW3]int vlanif 666
[SW3-Vlanif666]ip add 192.168.255.3 24
[SW3-Vlanif666]q
[SW3]aaa
[SW3-aaa]local-user root privilege level 3 password cipher 123456
Info: Add a new user.
[SW3-aaa]local-user root service-type telnet
[SW3-aaa]q
[SW3]user-interface vty 0 4
[SW3-ui-vty0-4]authentication-mode aaa

[SW4]vlan 666
[SW4-vlan666]q
[SW4]int vlanif 666
[SW4-Vlanif666]ip add 192.168.255.4 24
[SW4-Vlanif666]q
[SW4]aaa
[SW4-aaa]local-user root privilege level 3 password cipher 123456
Info: Add a new user.
[SW4-aaa]local-user root service-type telnet
[SW4-aaa]q
[SW4]user-interface vty 0 4
[SW4-ui-vty0-4]authentication-mode aaa

[SW5]vlan 666
[SW5-vlan666]q
[SW5]int vlanif 666
[SW5-Vlanif666]ip add 192.168.255.5 24
[SW5-Vlanif666]q
[SW5]aaa
[SW5-aaa]local-user root privilege level 3 password cipher 123456
Info: Add a new user.
[SW5-aaa]local-user root service-type telnet
[SW5-aaa]q
[SW5]user-interface vty 0 4
[SW5-ui-vty0-4]authentication-mode aaa

验证测试，在 SW1 上 telnet 任意一台交换机，输入用户名和密码后可以进入对应交换机的控制界面，即为成功

4. 出口配置NAT

[SW1]vlan 80
[SW1-vlan80]q

[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l a
[SW1-GigabitEthernet0/0/1]p d v 80
[SW1-GigabitEthernet0/0/1]q

[SW1]int vlanif 80
[SW1-Vlanif80]ip add 192.168.254.1 24
[SW1-Vlanif80]q

[SW1]ip route-static 0.0.0.0 0 192.168.254.2

[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.254.2 24
[R1-GigabitEthernet0/0/1]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 100.1.1.2 24
[R1-GigabitEthernet0/0/0]q

[R1]ip route-static 0.0.0.0 0 100.1.1.3
[R1]ip route-static 192.168.0.0 16 192.168.254.1

[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.0.0 0.0.255.255
[R1-acl-basic-2000]q
[R1]nat address-group 1 100.1.1.10 100.1.1.20
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat 

[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 100.1.1.3 24
[R3]ip route-static 192.168.0.0 16 100.1.1.2
[R3]int LoopBack 0
[R3-LoopBack0]ip add 8.8.8.8 32

测试连接，PC1 可以 ping 通公网 8.8.8.8，即为成功

5. 所有用户均为自动获取IP地址

配置DHCP

[SW1]ip pool vlan_10
Info:It's successful to create an IP address pool.
[SW1-ip-pool-vlan_10]gateway-list 192.168.10.1
[SW1-ip-pool-vlan_10]network 192.168.10.0 mask 24
[SW1-ip-pool-vlan_10]dns-list 8.8.8.8
[SW1-ip-pool-vlan_10]q

[SW1]ip pool vlan_20
Info:It's successful to create an IP address pool.
[SW1-ip-pool-vlan_20]gateway-list 192.168.20.1
[SW1-ip-pool-vlan_20]network 192.168.20.0 mask 24
[SW1-ip-pool-vlan_20]dns-list 8.8.8.8
[SW1-ip-pool-vlan_20]q

[SW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW1]int vlanif 10
[SW1-Vlanif10]dhcp select global 
[SW1-Vlanif10]q
[SW1]int vlanif 20
[SW1-Vlanif20]dhcp select global 
[SW1-Vlanif20]q

查看 PC1 的 ip，同时 PC1 和 PC2 可以实现互通

6. 企业总部和分部采用oSPF路由协议连接

配置OSPF

[SW1]ospf 1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 192.168.254.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 192.168.255.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]q

[R1]int s0/0/0
[R1-Serial0/0/0]ip add 192.168.253.2 24

[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.253.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]q

[R2]int s0/0/0
[R2-Serial0/0/0]ip add 192.168.253.4 24
[R2-Serial0/0/0]q
[R2]int e0/0/0
[R2-Ethernet0/0/0]ip add 192.168.100.254 24

[R2]ip route-static 192.168.0.0 16 192.168.253.2

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.168.253.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]q

测试连接，PC1 可以与 Server1 通信，即为成功

实验结束