题目要求:
??
? ?子网划分:
虚拟局域网划分与交换机接口配置
?
[sw1]vlan batch 2 to 3
[sw1]port-group group-member e0/0/2 to e0/0/3
[sw1-port-group]port link-type access?
[sw1-port-group]port default vlan 2
[sw1]int e0/0/4
[sw1-Ethernet0/0/4]port link-type access
[sw1-Ethernet0/0/4]port default vlan 3
[sw2]vlan batch 2 to 3
[sw2]int e0/0/2
[sw2-Ethernet0/0/2]port link-type access
[sw2-Ethernet0/0/2]port default vlan 2
[sw2]int e0/0/3
[sw2-Ethernet0/0/3]port link-type access
[sw2-Ethernet0/0/3]port?default vlan 3
trunk干道配置
[sw1]int e0/0/1
[sw1-Ethernet0/0/1]port link-type trunk?
[sw1-Ethernet0/0/1]port trunk allow-pass vlan all
[sw2]int e0/0/1
[sw2-Ethernet0/0/1]port link-type trunk?
[sw2-Ethernet0/0/1]port trunk allow-pass vlan all
路由接口配置
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 30
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/1.1]arp broadcast enable?
[r1-GigabitEthernet0/0/1.1]ip add 192.168.1.65 27
[r1]int g0/0/1.2 ??
[r1-GigabitEthernet0/0/1.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/1.2]arp broadcast enable?
[r1-GigabitEthernet0/0/1.2]ip add 192.168.1.97 27
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 192.168.1.2 30
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip add 12.1.1.1 24
[r2]int g0/0/2.1
[r2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/2.1]arp broadcast enable?
[r2-GigabitEthernet0/0/2.1]ip add 192.168.1.129 27
[r2]int g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/2.2]arp broadcast enable?
[r2-GigabitEthernet0/0/2.2]ip add 192.168.1.161 27
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]ip add 1.1.1.1 24
开启DHcp,创建池塘,位终端下放ip
[r1]ip pool v2
[r1-ip-pool-v2]network 192.168.1.64 mask 255.255.255.224
[r1-ip-pool-v2]gateway-list 192.168.1.65
[r1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[r1]ip pool v3
[r1-ip-pool-v3]network 192.168.1.96 mask 255.255.255.224
[r1-ip-pool-v3]gateway-list 192.168.1.97
[r1-ip-pool-v3]dns-list 114.114.114.114 8.8.8.8
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]dhcp select global?
[r1]int g0/0/1.2
[r1-GigabitEthernet0/0/1.2]dhcp select global?
[r2]ip pool v2
[r2-ip-pool-v2]network 192.168.1.128 mask 255.255.255.224
[r2-ip-pool-v2]gateway-list 192.168.1.129
[r2-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[r2]ip pool v3
[r2-ip-pool-v3]network 192.168.1.160 mask 255.255.255.224
[r2-ip-pool-v3]gateway-list 192.168.1.161
[r2-ip-pool-v3]dns-list 114.114.114.114
[r2]int g0/0/2.1
[r2-GigabitEthernet0/0/2.1]dhcp select global?
[r2]int g0/0/2.2
[r2-GigabitEthernet0/0/2.2]dhcp select global?
开启ospf服务,划分区域,并宣告
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 192.168.1.65 0.0.0.0
[r1-ospf-1-area-0.0.0.1]network 192.168.1.97 0.0.0.0?
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0?
[r2-ospf-1]area 2
[r2-ospf-1-area-0.0.0.2]network 192.168.1.129 0.0.0.0
[r2-ospf-1-area-0.0.0.2]network 192.168.1.161 0.0.0.0
区域ip汇总
[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]abr-summary 192.168.1.64 255.255.255.192
[r2]ospf 1
[r2-ospf-1]area 2
[r2-ospf-1-area-0.0.0.2]abr-summary 192.168.1.128 255.255.255.192
(将两个地址路由汇总成一个路由,减少路由表路由条数)
将AR1路由器连接终端的接口设置沉默接口
[r1]ospf 1
[r1-ospf-1]silent-interface g0/0/1.1
[r1-ospf-1]silent-interface g0/0/1.2
[r2]ospf 1
[r2-ospf-1]silent-interface g0/0/2.1
[r2-ospf-1]silent-interface g0/0/2.2
进行加密认证,保证网络的安全:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
开启telent服务,并拒绝PC1进行telent
[r1]aaa ? ? ?
[r1-aaa]local-user huawei?password cipher 123456
[r1-aaa]local-user huawei?service-type telnet
[r1-aaa]local-user huawei?privilege level 15
[r1-aaa]q
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
[r1] acl 3000
[r1-acl-adv-3000]
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.1?0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.65?0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.92 0 destination 192.168.1.97 0 destination-port eq 23
[r1]int g0/0/1.1
[r1-GigabitEthernet0/0/1.1]traffic-filter inbound acl 3000
保证全网可达,在边界路由器上设置缺省路由:
[r2]ospf 1
[r2-ospf-1]default-route-advertise always?
路由器AR2想要访问1.1.1.0/24网段还需写一条静态缺省
[r2]ip route-static 0.0.0.0 0 12.1.1.2(为边界路由器R2手写缺省路由)
创建NAT,将私网变成公网去房网ISP服务器
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2-acl-basic-2000]q
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]nat outbound 2000
访问PC5
?
端口映射:
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 inside 192.168.1.100 80
Warning:The port 80 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
配置http服务器、client与DNS服务器
HTTP服务器:
?
DNS服务器:
?
client
?
?
?
ISP路由telent12.1.1.1 ,最终成功登录到R1上
建立端口映射:
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
成功登录:
防环
?[r1]ip route-static 192.168.1.0 26 NULL 0
[r2]ip route-static 192.168.1.128 26 null 0?
?