目录
实验拓扑图
子网划分
192.168.1.0/24 划分为4个子网
192.168.1.0/26 划分为16个子网
192.168.1.0/30 192.168.1.1~192.168.1.2 //干路左端口IP地址 192.168.1.4/30 192.168.1.5~192.168.1.6 //干路右端口IP地址
192.168.1.64/26 //vlan2ip范围 192.168.1.65~192.168.1.126
192.168.1.128/26 //vlan3ip范围 192.168.1.129~192.168.1.190
192.168.1.192/26 //服务器ip范围 192.168.1.193~192.168.1.254
路由器:
R1:
端口IP分配及net进出口分配
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.252 //接口f0/0配置IP地址及子网掩码
ip nat inside //设置net入口
interface FastEthernet0/1
ip address 192.168.1.5 255.255.255.252 //接口f0/1配置IP地址及子网掩码
ip nat inside //设置net入口
interface FastEthernet1/0
ip address 12.1.1.1 255.255.255.0 //接口f1/0配置IP地址及子网掩码
ip nat outside //设置net出口
net分配
ip nat inside source list 1 interface FastEthernet1/0
//内网中所有流量从边界路由器的f1/0口出
ip nat inside source static tcp 192.168.1.194 80 12.1.1.1 80
//外网对12.1.1.1:80端口的tcp流量映射到内网的192.168.1.194的80端口
ip nat inside source static tcp 192.168.1.195 80 12.1.1.1 443
//外网对12.1.1.1:443(https)端口的tcp流量映射到内网的192.168.1.195的80端口
ip nat inside source static tcp 192.168.1.2 23 12.1.1.1 23
//isp设备对R1的共有地址进行telnet时,实际登录到SW1
路由表设置
ip route 192.168.1.64 255.255.255.192 192.168.1.2
//静态路由
ip route 192.168.1.64 255.255.255.192 192.168.1.6
//静态路由
ip route 192.168.1.128 255.255.255.192 192.168.1.2
//静态路由
ip route 192.168.1.128 255.255.255.192 192.168.1.6
//静态路由
ip route 192.168.1.192 255.255.255.192 192.168.1.2
//静态路由
ip route 192.168.1.192 255.255.255.192 192.168.1.6
//静态路由
ip route 0.0.0.0 0.0.0.0 12.1.1.254
缺省路由
标准ACL及拓展ACL
access-list 1 permit any
//标准ACL允许所有流量
access-list 101 permit tcp host 192.168.1.65 host 192.168.1.1 eq telnet
//拓展ACL允许主机192.168.1.65对192.168.1.1的tcp23端口的请求(远程登陆)
access-list 101 deny ip any any
//拒绝所有
TELNET配置
username R1 privilege 15 secret 520521
//设置telnet登陆用户名和密码
line vty 0
//使用虚拟接口
login local
ISP:
端口IP分配
interface FastEthernet0/0
ip address 12.1.1.254 255.255.255.0 //为ISP接口f0/0配置IP地址及子网掩码
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0 //为ISP接口f0/1配置IP地址及子网掩码
三层交换机:
SW1:
trunk口分配及IP分配
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk //开启交换机接口f0/1为trunk口
interface FastEthernet0/2
switchport trunk encapsulation dot1q //开启交换机接口f0/2为trunk口
switchport mode trunk
interface FastEthernet0/3
no switchport //修改f0/3为三层接口并配置IP地址及子网掩码
ip address 192.168.1.193 255.255.255.192
standby version 2 //配置f0/3接口HSRP协议虚拟ip为192.168.1.193
standby 11 ip 192.168.1.193
standby 11 priority 101 //修改优先级为101
standby 11 preempt //开启自动抢占
interface FastEthernet0/24 //修改f0/24为三层接口并配置IP地址及子网掩码
no switchport
ip address 192.168.1.2 255.255.255.252
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q //开启交换机接口g0/1为trunk口
switchport mode trunk
interface Vlan2 //配置vlan2接口IP地址及子网掩码
ip address 192.168.1.65 255.255.255.192
standby version 2
standby 2 ip 192.168.1.65 //配置vlan2接口HSRP协议虚拟ip为192.168.1.65
standby 2 priority 101 //修改优先级为101
standby 2 preempt //开启自动抢占
interface Vlan3
ip address 192.168.1.129 255.255.255.192 //配置vlan3接口HSRP协议虚拟ip为192.168.1.129
standby version 2
standby 3 ip 192.168.1.129
standby 3 preempt //开启自动抢占
路由表设置
ip routing
//开启路由功能
ip route 192.168.1.4 255.255.255.252 192.168.1.1
//静态路由
ip route 0.0.0.0 0.0.0.0 192.168.1.1
//缺省路由
TELNET配置
username SW1 privilege 15 secret 520521
//创建telnet用户名及密码
line vty 0
//使用虚拟接口
login local
设置生成树主根及从根
spanning-tree vlan 2 root primary
//设置vlan2为主根
spanning-tree vlan 3 root secondary
//设置vlan3为从根
SW2:
trunk口分配及IP分配
interface FastEthernet0/1
switchport trunk encapsulation dot1q //开启交换机接口f0/1为trunk口
switchport mode trunk
interface FastEthernet0/2
switchport trunk encapsulation dot1q //开启交换机接口f0/2为trunk口
switchport mode trunk
interface FastEthernet0/3 //为f0/3接口配置IP地址及子网掩码
no switchport //修改为三层接口
ip address 192.168.1.193 255.255.255.192
standby version 2 //配置HRSP协议配置虚拟接口ip为192.168.1.193
standby 11 ip 192.168.1.193
standby 11 preempt //开启自动抢占
interface FastEthernet0/24 //为f0/24接口配置IP地址及子网掩码
no switchport //修改为三层接口
ip address 192.168.1.6 255.255.255.252
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q //开启交换机接口g0/1为trunk口
switchport mode trunk
interface Vlan2 //配置vlan2接口IP地址及子网掩码
ip address 192.168.1.65 255.255.255.192
standby version 2
standby 2 ip 192.168.1.65 //配置HRSP协议配置虚拟接口ip为192.168.1.65
standby 2 preempt //开启自动抢占
interface Vlan3
ip address 192.168.1.129 255.255.255.192 //配置vlan3接口IP地址及子网掩码
standby version 2
standby 3 ip 192.168.1.129 //配置HRSP协议配置虚拟接口ip为192.168.1.129
standby 3 priority 101 //修改默认优先级为101
standby 3 preempt //开启自动抢占
路由表设置
ip routing
//开启路由功能
ip route 192.168.1.0 255.255.255.252 192.168.1.5
//静态路由
ip route 0.0.0.0 0.0.0.0 192.168.1.5
//默认路由
设置生成树主根及从根
spanning-tree vlan 3 root primary
//设置vlan3为主根
spanning-tree vlan 2 root secondary
//设置vlan2为从根
二层交换机
switch0:
创建vlan
switch0(config)vlan 2 //创建vlan2
switch0(config)exit
switch0(config)vlan 3 //创建vlan3
switch0(config)exit
接口vlan配置
interface FastEthernet0/1 //为接口划分vlan
switchport access vlan 2
switchport mode access
interface FastEthernet0/2 //为接口划分vlan
switchport access vlan 3
switchport mode access
switch1:
创建vlan
switch1(config)vlan 2 //创建vlan2
switch1(config)exit
switch1(config)vlan 3 //创建vlan3
switch1(config)exit
接口vlan配置
interface FastEthernet0/1 //为接口划分vlan
switchport access vlan 2
switchport mode access
interface FastEthernet0/2 //为接口划分vlan
switchport access vlan 3
switchport mode access
switch2:无需配置
PC及服务器
PC0:
PC1:
PC2:
PC3:
PC4:
HTTP服务器:
HTTPS服务器:
DNS服务器:
DNS设置:
测试
PC4可通过不同域名正常访问内网中的两台服务器
ISP设备对R1的公有IP地址进行telnet时,实际登录到SW1上;
整个内网只有PC 0可以对R1的私有IP地址进行telnet;
PC1对R1私有地址telnet测试;
任意删除三层交换机其中一台,网络依然可以正常通讯;删除的三层交换机(PC0访问PC4)
删除右边的三层交换机(PC1访问PC4)
实验配置文件下载地址:点击下载