实验要求:
拓扑图搭建如下:
1、给每台路由器配置环回地址和接口地址
R1:
环回地址:
192.168.1.33 28
192.168.1.49 28
接口地址:
g0/0/0接口:192.168.1.1 30
g0/0/1接口:192.168.1.5 30
R2:
环回地址:
192.168.1.65 28
192.168.1.81 28
接口地址:
g/0/0/0接口:192.168.1.2 30
g0/0/1接口:192.168.1.9 30
R3:
接口地址:
g0/0/0接口:192.168.1.6 30
g0/0/1接口:192.168.1.13 30
g0/0/2接口:192.168.1.97 27
R4:
环回地址:
192.168.1.129 28
192.168.1.145 28
接口地址:
g0/0/0接口:192.168.1.10 30
g0/0/1接口:192.168.1.14 30
g0/0/2接口:192.168.1.17 30
g4/0/0接口:192.168.1.21 30
R5:
环回地址:
192.168.1.161 27
接口地址:
g0/0/0接口:192.168.1.18 30
g0/0/1接口:12.0.0.1 24
g0/0/2接口:192.168.1.22 30
R6:
环回地址:
1.1.1.1 24
接口地址:
g0/0/0接口:12.0.0.2 24
R1:
[R1]inter g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[R1-GigabitEthernet0/0/0]inter g0/0/1
[R1-GigabitEthernet0/0/1]ip add 192.168.1.5 30
[R1-GigabitEthernet0/0/1]inter lo 0
[R1-LoopBack0]ip add 192.168.1.33 28
[R1-LoopBack0]inter lo 1
[R1-LoopBack1]ip add 192.168.1.49 28
R2:
[R2]inter g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[R2-GigabitEthernet0/0/0]inter g0/0/1
[R2-GigabitEthernet0/0/1]ip add 192.168.1.9 30
[R2-GigabitEthernet0/0/1]inter lo 0
[R2-LoopBack0]ip add 192.168.1.65 28
[R2-LoopBack0]inter lo 1
[R2-LoopBack1]ip add 192.168.1.81 28
R3:
[R3]inter g0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.1.6 30
[R3-GigabitEthernet0/0/0]inter g0/0/1
[R3-GigabitEthernet0/0/1]ip add 192.168.1.13 30
[R3-GigabitEthernet0/0/1]inter g0/0/2
[R3-GigabitEthernet0/0/2]ip add 192.168.1.97 27
R4:
[R4]inter g0/0/0
[R4-GigabitEthernet0/0/0]ip add 192.168.1.10 30
[R4-GigabitEthernet0/0/0]inter g0/0/1
[R4-GigabitEthernet0/0/1]ip add 192.168.1.14 30
[R4-GigabitEthernet0/0/1]inter g0/0/2
[R4-GigabitEthernet0/0/2]ip add 192.168.1.17 30
[R4-GigabitEthernet0/0/2]inter g4/0/0
[R4-GigabitEthernet4/0/0]ip add 192.168.1.21 30
[R4]inter lo 0
[R4-LoopBack0]ip add 192.168.1.129 28
[R4-LoopBack0]inter lo 1
[R4-LoopBack1]ip add 192.168.1.145 28
R5:
[R5]inter g0/0/0
[R5-GigabitEthernet0/0/0]ip add 192.168.1.18 30
[R5-GigabitEthernet0/0/2]inter g0/0/1
[R5-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[R5-GigabitEthernet0/0/0]inter g0/0/2
[R5-GigabitEthernet0/0/2]ip add 192.168.1.22 30
[R5-GigabitEthernet0/0/1]inter lo 0
[R5-LoopBack0]ip add 192.168.1.161 27
R6:
[R6]inter g0/0/0
[R6-GigabitEthernet0/0/0]ip add 12.0.0.2 24
[R6-GigabitEthernet0/0/0]inter lo 0
[R6-LoopBack0]ip add 1.1.1.1 24
2、R3下的两台pc通过DHCP自动获取IP地址
开启DHCP服务功能:
创建名字为aaa的DHCP地址池:
定义下发地址的网段:
定义网关:
指定DNS服务器地址:
进入对应的接口选择接口支持同全局配置模式的DHCP服务功能:
在pc配置中勾选DHCP项
pc1自动获取了地址:
命令配置:
[R3]dhcp enable
[R3]ip pool aaa
[R3-ip-pool-aaa]network 192.168.1.96 mask 27
[R3-ip-pool-aaa]gateway-list 192.168.1.97
[R3-ip-pool-aaa]dns-list 114.114.114.114
[R3-ip-pool-aaa]inter g0/0/2
[R3-GigabitEthernet0/0/2]dhcp select global
3、配置静态路由使全网可达
R1:
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R1]ip route-static 192.168.1.96 27 192.168.1.6
R2:
[R2]ip route-static 0.0.0.0 0 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.32 27 192.168.1.1
R3:
[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.32 27 192.168.1.5
R4:
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R4]ip route-static 0.0.0.0 0 192.168.1.22 pre
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 70(修改优先级,使正常状态下,走1000M的链路,故障时走100M的链路)
[R4]ip route-static 192.168.1.96 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.64 27 192.168.1.9
R5:
[R5]ip route-static 0.0.0.0 0 12.0.0.2
[R5]ip route-static 192.168.1.0 24 192.168.1.17
[R5]ip route-static 192.168.1.0 24 192.168.1.21 pre
[R5]ip route-static 192.168.1.0 24 192.168.1.21 preference 70
4、为了避免路由黑洞,需要在黑洞路由器上写相应的空接口配置命令
R1:
[R1]ip route-static 192.168.1.32 27 NULL 0
R2:
[R2]ip route-static 192.168.1.64 27 NULL 0
R4:
[R4]ip route-static 192.168.1.128 27 NULL 0
R4ping不通R5的环回地址,则需要把静态路由直接写入(因为R4匹配到的是空接口路由,到达不了R5的环回地址)
[R4]ip route-static 192.168.1.160 27 192.168.1.18
[R4]ip route-static 192.168.1.160 27 192.168.1.20 pre
[R4]ip route-static 192.168.1.160 27 192.168.1.20 preference 70
R5:
[R5]ip route-static 192.168.1.0 24 NULL 0
5、R1—R5可以访问R6的环回(内网可以访问外网)
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5]inter g0/0/1
[R5-GigabitEthernet0/0/1]nat outbound 2000
6、R6telnetR5的公有IP地址时,实际登录到R1上
先开启R1上的telnet功能:
[R1]aaa
设置名字、权限等级、密码:
[R1-aaa]local-user admin privilege level 15 password cipher 123456(cipher表示密码是以密文形式存储)
[R1-aaa]local-user admin service-type telnet (用户是用来提供telnet服务的)
开启虚拟登录端口:
[R1]user-interface vty 0 4
选择认证类型是aaa(登录时按照aaa里创建的用户名、密码登录):
[R1-ui-vty0-4]authentication-mode aaa
在R5上做端口映射:
[R5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y