一、实验拓扑
二、实验需求
1-R6为isp,接口IP地址均为公有地址;该设备只能配置IP地址,之后不能再对其进行任何配置。
2-R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配。
3-所有路由器上环回,均代表连接用户的接口。
4-R3下的两台PC通过DHCP自动获取IP地址。
5-选路最佳,路由表尽量小,避免环路。
6-R1-R5均可访问R6的环回。
7-R6telnetR5的公有IP地址时,实际登陆到R1上。
8-R4与R5正常通过1000链路,故障时通过100兆链路。
三、实验思路
一、IP地址划分
首先对网段 192.168.1.0/24 进行ip地址的划分。为了尽可能减少路由条目,进行一个子网汇总:分别将R1、R2、R4的两个环回接口划分到一个网段,R3下面的主机一个网段,R5一个环回接口,所有的骨干链路划分在一个网段,所以一共需要6个网段。
划分方案:主机位借3位
一个骨干链路网段:
192.168.1.0/27
六段骨干链路:192.168.1.0/30 192.168.1.4/30 192.168.1.8/30
192.168.1.12/30 192.168.1.16/30 192.168.1.20/30
四个用户网段:
1. 192.168.1.32/27
R1环回:192.168.1.32/28 192.168.1.48/28
2. 192.168.1.64/27
R2环回:192.168.1.64/28 192.168.1.80/28
3. 192.168.1.96/27
R3DHCP:192.168.1.96/27
4. 192.168.1.128/27
R4环回:192.168.1.128/28 192.168.1.144/28
5. 192.168.1.160/27
R5环回:192.168.1.160/27
R5-R6公网5.5.5.0/24,R6环回6.6.6.0/24。
二、写静态路由条目:先写缺省路由,可以有效减少路由表的路由条目;然后写空接口防止环路。
三、R3配置DHCP服务,使主机动态获取IP地址。
四、R5出接口配置NAT,使得R1-R5可以访问公网。
五、R5的公网接口配置端口映射,R6telnetR5的公有IP地址的telnet服务时实际连接到R1的23端口。
六、降低R4与R5之间百兆链路路由条目的优先级,使得R4与R5正常通过1000链路,故障时通过100兆链路。
三、实验步骤
一、配置IP地址
根据划分方案对路由器配置IP地址:
R1配置IP地址:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/30 up up
GigabitEthernet0/0/1 192.168.1.5/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 192.168.1.33/28 up up(s)
LoopBack1 192.168.1.49/28 up up(s)
NULL0 unassigned up up(s)
R2配置IP地址:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.2/30 up up
GigabitEthernet0/0/1 192.168.1.9/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 192.168.1.65/28 up up(s)
LoopBack1 192.168.1.81/28 up up(s)
NULL0 unassigned up up(s)
R3配置IP地址:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.13/30 up up
GigabitEthernet0/0/1 192.168.1.6/30 up up
GigabitEthernet0/0/2 192.168.1.97/27 up up
LoopBack0 unassigned up up(s)
NULL0 unassigned up up(s)
R4配置IP地址:
Interface IP Address/Mask Physical Protocol
Ethernet4/0/0 192.168.1.21/30 up up
Ethernet4/0/1 unassigned down down
GigabitEthernet0/0/0 192.168.1.10/30 up up
GigabitEthernet0/0/1 192.168.1.14/30 up up
GigabitEthernet0/0/2 192.168.1.17/30 up up
NULL0 unassigned up up(s)
R5配置IP地址:
Interface IP Address/Mask Physical Protocol
Ethernet4/0/0 192.168.1.22/30 up up
Ethernet4/0/1 unassigned down down
GigabitEthernet0/0/0 5.5.5.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 192.168.1.18/30 up up
LoopBack0 192.168.1.161/27 up up(s)
NULL0 unassigned up up(s)
R6配置IP地址:
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 5.5.5.2/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 6.6.6.1/24 up up(s)
NULL0 unassigned up up(s)
二、路由
个路由器的缺省路由:
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
[R2]ip route-static 0.0.0.0 0 192.168.1.10
[R3]ip route-static 0.0.0.0 0 192.168.1.14
[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R5]ip route-static 0.0.0.0 0 5.5.5.2
防环且选择最优路径的路由:
[R1]ip route-static 192.168.1.64 27 192.168.1.2
[R1]ip route-static 192.168.1.8 30 192.168.1.2
[R1]ip route-static 192.168.1.96 27 192.168.1.6
[R1]ip route-static 192.168.1.12 30 192.168.1.6
[R2]ip route-static 192.168.1.32 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.96 27 192.168.1.10
[R3]ip route-static 192.168.1.32 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R4]ip route-static 192.168.1.64 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.96 27 192.168.1.13
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.17
各汇总网段的空接口
[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0
三、R3配置DHCP服务
[R3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R3]ip pool a
Info: It's successful to create an IP address pool.
[R3-ip-pool-a]network 192.168.1.96 mask 27
[R3-ip-pool-a]gateway-list 192.168.1.97
[R3-ip-pool-a]dns-list 8.8.8.8
[R3-ip-pool-a]int g0/0/2
[R3-GigabitEthernet0/0/2]dhcp select global
四、R5公网出接口配置NAT
[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5]interface g0/0/0
[R5-GigabitEthernet0/0/0]nat outbound 2000
R1ping公网IP
五、R5公网出接口配置端口映射
R1开启telnet服务
[R1]aaa
[R1-aaa]local-user admin privilege level 15 password cipher 123456
[R1-aaa]local-user admin service-type telnet
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
R5公网出接口配置端口映射
[R5-GigabitEthernet0/0/0]nat static protocol tcp global current-interface 23 inside 192.168.1.33 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
R6telnet登录
六、链路故障,配置浮动静态路由
降低R4与R5之间百兆链路路由条目的优先级
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[R5]ip route-static 192.168.1.0 255.255.255.252 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.4 255.255.255.252 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.8 255.255.255.252 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.12 255.255.255.252 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.32 255.255.255.224 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.64 255.255.255.224 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.96 255.255.255.224 192.168.1.21 preference 61
[R5]ip route-static 192.168.1.128 255.255.255.224 192.168.1.21 preference 61
