文章讲述了如何配置ISP路由器,包括IP地址分配、OSPF区域划分、VLAN管理、DHCP服务器设置、NAT转换以及安全控制(如Telnet访问权限)。通过一步步实验步骤,解决PC1无法TelnetR1的问题并实现全网互通。
题目:
1.ISP路由器只配置IP地址,再不做任何配置;
2.内部网络基于192.168.1.0/24进行规划;
3. R1-R2之间启动ospf协议;
4. PC1-PC4自动获取IP地址;
5. PC1不能Telnet R1,其他内网pc都可以Telnet;
6. PC1-PC4可以访问PC5,R2的公网接口只有一个公网IP: 12.1.1.1;
7. ISP路由Telnet 12.1.1.1,最终成功登录到R1上;
一、拓展图
二、内部网络基于192.168.1.0/24进行规划
192.168.1.0
192.168.1.00000000 /24
分3段
192.168.1.00 000000/26----area0
192.168.1.000000 00/30----area0
192.168.1.01 000000/26----area1
划分2个vlan
192.168.1.010 00000/27---192.168.1.64/27
192.168.1.011 00000/27---192.168.1.96/27
192.168.1.10 000000/26----area2
划分2个vlan
192.168.1.100 00000/27---192.168.1.128/27
192.168.1.101 00000/27---192.168.1.160/27
三、实验步骤
undo terminal monitor 关闭系统监视信息
pc5:
R1:
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[R1]int g0/0/1.1 #创建虚拟子接口
[R1-GigabitEthernet0/0/1.1]ip address 192.168.1.94 27 #开启虚拟子接口因为有两个vlan
[R1-GigabitEthernet0/0/1.1]dot1q termination vid 2
#处理带由vlan id为2的数据,包含拆除标签和装配标签
[R1-GigabitEthernet0/0/1.1]arp broadcast enable
#命令用来使能终结子接口的ARP广播功能
[R1]int g0/0/1.2
[R1-GigabitEthernet0/0/1.2]ip address 192.168.1.126 27
[R1-GigabitEthernet0/0/1.2]dot1q termination vid 3
R2:
[R2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[R2-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[R2]int g0/0/2.1
[R2-GigabitEthernet0/0/2.1]ip address 192.168.1.158 27
[R2-GigabitEthernet0/0/2.1]dot1q termination vid 2
[R2-GigabitEthernet0/0/2.1]arp broadcast enable
[R2]int g0/0/2.2
[R2-GigabitEthernet0/0/2.2]ip address 192.168.1.190 27 #192-2
[R2-GigabitEthernet0/0/2.2]dot1q termination vid 3
[R2-GigabitEthernet0/0/2.2]arp broadcast enable
R3:
[R3-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[R3-GigabitEthernet0/0/1]ip address 1.1.1.1 24
L1:创建vlan 2 vlan 3
[L1]vlan 2
[L1-vlan2]
[L1-vlan2]vlan 3
[L1-vlan3]
更改链路类型:
[L1]int g0/0/2
[L1-GigabitEthernet0/0/2]port link-type access
[L1-GigabitEthernet0/0/2]port default vlan 2
[L1]int g0/0/3
[L1-GigabitEthernet0/0/3]port link-type access
[L1-GigabitEthernet0/0/3]port default vlan 2
[L1]int g0/0/4
[L1-GigabitEthernet0/0/4]port link-type access
[L1-GigabitEthernet0/0/4]port default vlan 3
[L1]int g0/0/1
[L1-GigabitEthernet0/0/1]port link-type trunk
[L1-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
L2:创建vlan 2 vlan 3
[L2]vlan 2
[L2-vlan2]vlan 3
更改链路类型:
[L2-GigabitEthernet0/0/2]port link-type access
[L2-GigabitEthernet0/0/2]port default vlan 2
[L2-GigabitEthernet0/0/3]port link-type access
[L2-GigabitEthernet0/0/3]port default vlan 3
[L2]int g0/0/1
[L2-GigabitEthernet0/0/1]port link-type trunk
[L2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
dhcp自动下发IP地址:
R1:下做dhcp
[R1]ip pool AA
[R1-ip-pool-AA]network 192.168.1.64 mask 27
[R1-ip-pool-AA]gateway-list 192.168.1.94
[R1-ip-pool-AA]dns
[R1-ip-pool-AA]dns-list 114.114.114.114 8.8.8.8
[R1-ip-pool-AA]q
[R1]int g0/0/1.1
[R1-GigabitEthernet0/0/1.1]dhcp select global
[R1]ip pool BB
[R1-ip-pool-BB]network 192.168.1.96 mask 27
[R1-ip-pool-BB]gateway-list 192.168.1.126
[R1-ip-pool-BB]dns
[R1-ip-pool-BB]dns-list 114.114.114.114 8.8.8.8
[R1-ip-pool-BB]q
[R1]int g0/0/1.2
[R1-GigabitEthernet0/0/1.2]dhcp select global
R2:下做dhcp
[R2]ip pool AA
[R2-ip-pool-AA]network 192.168.1.128 mask 27
[R2-ip-pool-AA]gateway-list 192.168.1.158
[R2-ip-pool-AA]dns
[R2-ip-pool-AA]dns-list 144.144.144.144 8.8.8.8
[R2]int g0/0/2.1
[R2-GigabitEthernet0/0/2.1]dhcp select global
[R2]ip pool BB
[R2-ip-pool-BB]network 192.168.1.160 mask 27
[R2-ip-pool-BB]gateway-list 192.168.1.190
[R2-ip-pool-BB]dns
[R2-ip-pool-BB]dns-list 114.114.114.114 8.8.8.8
[R2-ip-pool-BB]q
[R2]int g0/0/2.2
[R2-GigabitEthernet0/0/2.2]dhcp select global
dhcp配置成功:
查看pc1下发的ip地址:ip address dhcp-alloc #自动获取dhcp下发的ip
[PC1]dhcp enable
[PC1]int g0/0/0
[PC1-GigabitEthernet0/0/0]ip address dhcp-alloc #自动获取dhcp下发的ip
[PC1]dis ip interface brief #显示接口IP状态与配置信息
pc2:ipconfig
pc3:ip address dhcp-alloc
[PC3]dhcp en
[PC3-GigabitEthernet0/0/0]ip address dhcp-alloc
[PC3]dis ip int brief
pc4:
下一步全网通:
内网
使用ospf:
R1: 进行宣告
[R1]ospf 1 router-id 1.1.1.1 #先写进程 ospf 1 同时建议定义RID值 建议使用IP
[R1-ospf-1]a 0 #area 0
[R1-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0 #宣告 这里宣告的是精确宣告ip地址
[R1-ospf-1-area-0.0.0.0]q
[R1-ospf-1]a 1
[R1-ospf-1-area-0.0.0.1]network 192.168.1.64 0.0.0.31 #这里宣告网段 因为下面用户多
[R1-ospf-1-area-0.0.0.1]network 192.168.1.96 0.0.0.31 #32-27=5 11111=31
R2: 进行宣告
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]a 0
[R2-ospf-1-area-0.0.0.0]network 192.168.1.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]a 2
[R2-ospf-1-area-0.0.0.2]network 192.168.1.128 0.0.0.31
[R2-ospf-1-area-0.0.0.2]network 192.168.1.160 0.0.0.31
[R2-ospf-1-area-0.0.0.2]q
[R2]ospf 1
[R2-ospf-1]default-route-advertise always #ospf的源头强制下发缺省路由
查看ospf表:看是否学到对象ip
dis ip routing-table protocol ospf
学到非直连网段
学到非直连网段IP了,我们可以PC1-----ping-----PC4,通了说明ospf成功
公网:配缺省路由 isp就是在公网所以不配缺省
[R2]ip route-static 0.0.0.0 0 12.1.1.2
创建telnet:
[R1]aaa #进入aaa模式
[R1-aaa]local-user ck password cipher 123 privilege level 15 #创建用户
[R1-aaa]local-user ck service-type telnet #定义用ck使用telnet服务
[R1-aaa]q
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa #0-4个虚拟通道认证模式为aaa
[R1-ui-vty0-4]q
PC1---telnet-----R1
使用acl限制PC1---telnet----R1:
[R1]acl 3000
[R1-acl-adv-3000]rule deny tcp source 192.168.1.92 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port eq 23
[R1-acl-adv-3000]rule deny tcp source 192.168.1.92 0.0.0.0 destination 192.168.
1.94 0.0.0.0 destination-port eq 23
[R1-GigabitEthernet0/0/1.1]traffic-filter inbound acl 3000
ESAY NAT:
PC1-PC4可以访问PC5,R2的公网接口只有一个公网IP: 12.1.1.1,在这里我们需要做NAT,公私网的转换 这里做esay nat,所以不用做地址池
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 #私网通过NAPT,使 R1 接入到互联网
[R2-acl-basic-2000]int g0/0/1
[R2-GigabitEthernet0/0/1]nat outbound 2000
ISP路由Telnet 12.1.1.1,最终成功登录到R1上
NAT SERVER:
在这里我们需要在R2上做公私网的NAT SERVER转换,把Telnet的Telnet服务发布到公网,使ISP(R3)可以访问
R2:
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
Are you sure to continue?[Y/N]:y
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
