拓扑图:
实验要求:
-
R6为isp,接口IP地址均为公有地址;该设备只能配置IP地址,之后不能再对其进行其他任何配置;
-
R1- R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
-
R1,R2,R4,各有两个环回地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;
-
R3下的两台PC通过DHCP自动获取IP地址;
-
选路最佳,路由表尽量小,避免环路;
-
R1- R5均可以访问R6的环回;
-
R6telnetR5的公有IP地址时,实际登陆到R1上;
-
R4与R5正常通过1000M链路,故障时通过100m链路;
思路:
数广播域,子网划分,配置路由器接口IP地址,配置静态路由,配置DHCP服务,配置telnet,配置nat,配置端口映射。
子网划分:
用户主机:8个广播域;链路:6个广播域
192.168.1.00000000 --- 192.168.1.0/24 -- 整个局域网
192.168.1.000 00000 --- 192.168.1.0/27 -- R1环回
192.168.1.001 00000 --- 192.168.1.32/27 -- R1环回
192.168.1.010 00000 --- 192.168.1.64/27 -- R2环回
192.168.1.011 00000 --- 192.168.1.96/27 -- R2环回
192.168.1.100 00000 --- 192.168.1.128/27 -- R3
192.168.1.101 00000 --- 192.168.1.160/27 -- R4环回
192.168.1.110 00000 --- 192.168.1.192/27 -- R4环回
192.168.1.111 00000 --- 192.168.1.224/27 -- R5环回
192.168.1.000000 00 --- 192.168.1.0/30 -- R1~R2链路
192.168.1.000001 00 --- 192.168.1.4/30 -- R2~R4链路
192.168.1.000010 00 --- 192.168.1.8/30 -- R4~R3链路
192.168.1.000011 00 --- 192.168.1.12/30 -- R3~R1链路
192.168.1.000100 00 --- 192.168.1.16/30 -- R4~R5链路(100M)
192.168.1.000101 00 --- 192.168.1.20/30 -- R4~R5链路(1000M)
配置命令:
R1:
sys
sys r1
//配置接口IP地址
int g0/0/0
ip add 192.168.1.1 30
ospf dr-pri 0
int g0/0/1
ip add 192.168.1.13 30
int lo0
ip add 192.168.1.2 27
int lo1
ip add 192.168.1.33 27
//配置静态路由
ip route-s 0.0.0.0 0 192.168.1.2
ip route-s 192.168.1.64 26 192.168.1.2
ip route-s 192.168.1.4 30 192.168.1.2
ip route-s 0.0.0.0 0 192.168.1.14
ip route-s 192.168.1.128 27 192.168.1.14
ip route-s 192.168.1.8 30 192.168.1.14
ip route-s 192.168.1.0 26 NULL 0
//配置认证
aaa
local-user admin privilege level 15 password cipher 123456
local-user admin service-type telnet
user-interface vty 0 4
authentication-mode aaa
R2:
sys
sys r2
//配置接口IP地址
int g0/0/0
ip add 192.168.1.2 30
int g0/0/1
ip add 192.168.1.5 30
int lo0
ip add 192.168.1.65 27
int lo1
ip add 192.168.1.97 27
//配置静态路由
ip route-s 0.0.0.0 0 192.168.1.6
ip route-s 192.168.1.128 27 192.168.1.1
ip route-s 192.168.1.128 27 192.168.1.6
ip route-s 192.168.1.12 30 192.168.1.1
ip route-s 192.168.1.0 26 192.168.1.1
ip route-s 192.168.1.64 26 NULL 0
R3:
sys
sys r3
//配置接口ip地址
int g0/0/0
ip add 192.168.1.14 30
int g0/0/1
ip add 192.168.1.9 30
int g0/0/2
ip add 192.168.1.129 27
//配置DHCP
dhcp enable
ip pool 128
net 192.168.1.128 mask 27
gate 192.168.1.129
dns 114.114.114.114
//开启DHCP
int g0/0/2
dhcp select global
//配置静态路由
ip route-s 0.0.0.0 0 192.168.1.10
ip route-s 192.168.1.0 30 192.168.1.13
ip route-s 192.168.1.0 26 192.168.1.13
ip route-s 192.168.1.64 26 192.168.1.10
ip route-s 192.168.1.64 26 192.168.1.13
R4:
sys
sys r4
//配置接口ip地址
int g0/0/1
ip add 192.168.1.10 30
int g0/0/0
ip add 192.168.1.6 30
int g4/0/0
ip add 192.168.1.17 30
int g0/0/2
ip add 192.168.1.21 30
int lo0
ip add 192.168.1.161 27
int lo1
ip add 192.168.1.193 27
//配置静态路由
ip route-s 0.0.0.0 0 192.168.1.18 pre 61
ip route-s 0.0.0.0 0 g0/0/2 192.168.1.22
ip route-s 192.168.1.128 27 192.168.1.9
ip route-s 192.168.1.12 30 192.168.1.9
ip route-s 192.168.1.0 26 192.168.1.9
ip route-s 192.168.1.0 26 192.168.1.5
ip route-s 192.168.1.0 30 192.168.1.5
ip route-s 192.168.1.64 26 192.168.1.5
ip route-s 192.168.1.0 24 NULL 0
ip route-s 192.168.1.224 27 192.168.1.18
ip route-s 192.168.1.224 27 192.168.1.22
R5:
sys
sys r5
acl 2000
rule permit source 192.168.1.0 0.0.0.255
int g0/0/1
ip add 12.0.0.2 24
nat outbound 2000
int g0/0/0
ip add 192.168.1.18 30
int g0/0/2
ip add 192.168.1.22 30
int lo0
ip add 192.168.1.225 27
default-route-advertise always
ip route-s 0.0.0.0 0 12.0.0.1
ip route-s 192.168.1.0 24 192.168.1.17
ip route-s 192.168.1.0 24 192.168.1.21 pre 61
ip route-s 192.168.1.224 27 NULL 0
int g0/0/1
nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
R6:
sys
sys r6
int g0/0/0
ip add 12.0.0.1 24
int lo0
ip add 1.1.1.1 24