第一个实验

路由器网络配置与故障切换策略
原创 于 2022-07-07 15:18:11 发布 · 1.2k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#开发语言

实验配置了路由器R1-R6的IP地址和DHCP服务,确保局域网内的PC通过DHCP获取IP。通过IP汇总和缺省路由减少路由表大小,避免环路。设置NAT实现R1-R5对公网的访问。R6通过telnet连接到R5的公有IP实际登录到R1。此外,R4和R5之间的链路故障切换策略被调整,优先使用1000M链路,故障时切换到100M链路。

实验要求:

1、R6为isp,接口Ip地址均为公有地址;该设备只能配置Ip地址,之后不能再对其进行其他任何配置;

2、R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配
3、R1,R2,R4,各有两个环回地址,R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;

4、R3下的两台pc通过DHCP自动获取Ip地址;

5、选路最佳,路由表尽量小,避免环路;

6 、R1-R5均可以访问R6的环回;
7、R6telnetr5的公有IP地址时,实际登陆到r1上;

8、R4与R5正常通过1000m链路,故障时通过100M链路;

实验分析、配置、解析及结果

1、2、3:IP划分: 6个骨干和5个路由器IP(以及R1、R2、R4、R5、R6环回):

4:通过DHCP获取IP地址

[r3]dhcp en

[r3]dhcp enable

Info: The operation may take a few seconds. Please wait for a moment.done.

[r3]ip po

[r3]ip policy-based-route

[r3]ip pool aa

Info: It's successful to create an IP address pool.

[r3-ip-pool-aa]

[r3-ip-pool-aa]

[r3-ip-pool-aa]

[r3-ip-pool-aa]net

[r3-ip-pool-aa]netbios-type

[r3-ip-pool-aa]network 192.168.1.96 m

[r3-ip-pool-aa]network 192.168.1.96 mask 27

[r3-ip-pool-aa]

[r3-ip-pool-aa]

[r3-ip-pool-aa]gatew

[r3-ip-pool-aa]gateway-list 192.168.1.97

[r3-ip-pool-aa]q

[r3]int g0/0/2

[r3-GigabitEthernet0/0/2]dhcp sel

[r3-GigabitEthernet0/0/2]dhcp select glo

[r3-GigabitEthernet0/0/2]dhcp select global

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:feea:1794

IPv6 address......................: :: / 128

IPv6 gateway......................: ::

IPv4 address......................: 192.168.1.126

Subnet mask.......................: 255.255.255.224

Gateway...........................: 192.168.1.97

Physical address..................: 54-89-98-EA-17-94

DNS server........................:

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fed5:1bae

IPv6 address......................: :: / 128

IPv6 gateway......................: ::

IPv4 address......................: 192.168.1.125

Subnet mask.......................: 255.255.255.224

Gateway...........................: 192.168.1.97

Physical address..................: 54-89-98-D5-1B-AE

DNS server........................:

5、加缺省路由及IP汇总使路由表尽量小,加空接口,避免环路

[r1]ip route-static 0.0.0.0 0 192.168.1.2

[r1]ip route-static 0.0.0.0 0 192.168.1.6

[r1]ip route-static 192.168.1.64 27 192.168.1.2

[r1]ip route-static 192.168.1.8 30  192.168.1.2

[r1]ip route-static 192.168.1.12 30 192.168.1.6

[r1]ip route-static 192.168.1.96 27 192.168.1.6

[r1]ip route-static 192.168.1.32 27 NULL 0

[r2]ip route-static 0.0.0.0 0 192.168.1.10

[r2]ip route-static 192.168.1.96 27 192.168.1.10

[r2]ip route-static 192.168.1.96 27 192.168.1.1

[r2]ip route-static 192.168.1.4 30 192.168.1.1

[r2]ip route-static 192.168.1.32 27 192.168.1.1

[r2]ip route-static 192.168.1.64 27 NULL 0

r3]ip route-static 0.0.0.0 0 192.168.1.14

[r3]ip route-static 192.168.1.64 27 192.168.1.14

[r3]ip route-static 192.168.1.64 27 192.168.1.5

[r3]ip route-static 192.168.1.32 27 192.168.1.5

[r3]ip route-static 192.168.1.0 30 192.168.1.5

r4]ip route-static 0.0.0.0 0 192.168.1.18

[r4]ip route-static 192.168.1.96 27 192.168.1.13

[r4]ip route-static 192.168.1.4 30 192.168.1.13

[r4]ip route-static 192.168.1.32 27 192.168.1.13

[r4]ip route-static 192.168.1.32 27 192.168.1.9

[r4]ip route-static 192.168.1.0 30 192.168.1.9

[r4]ip route-static 192.168.1.64 27 192.168.1.9

[r4]ip route-static 192.168.1.128 27 NULL 0

[r4]ip route-static 192.168.1.0 24 NULL 0

[r4]ip route-static 192.168.1.160 27 192.168.1.18   --------防止R4匹配到[r4]ip route-static 192.168.1.0 24 NULL 0空接口,从而ping不R5

[r4]ip route-static 192.168.1.160 27 192.168.1.22 preference 70

[r4]undo ip route-static 0.0.0.0 0 192.168.1.18

[r4]ip route-static 0.0.0.0 0 GigabitEthernet 0/0/2  192.168.1.18  ——写下一跳和出接口,防止静态浮动实现不了

结果:[r4]ping 192.168.1.161

   PING 192.168.1.161: 56  data bytes, press CTRL_C to break

    Reply from 192.168.1.161: bytes=56 Sequence=1 ttl=255 time=70 ms

    Reply from 192.168.1.161: bytes=56 Sequence=2 ttl=255 time=20 ms

    Reply from 192.168.1.161: bytes=56 Sequence=3 ttl=255 time=20 ms

    Reply from 192.168.1.161: bytes=56 Sequence=4 ttl=255 time=30 ms

    Reply from 192.168.1.161: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 192.168.1.161 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 20/32/70 ms

[r5]ip route-static 0.0.0.0 0 12.0.0.2

[r5]ip route-static 192.168.1.0 24 192.168.1.17

[r5]ip route-static 192.168.1.0 24 192.168.1.21 pre

[r5]ip route-static 192.168.1.0 24 192.168.1.21 preference 70

6、用NAT:

[r5]acl 2000

[r5-acl-basic-2000]

[r5-acl-basic-2000]ru

[r5-acl-basic-2000]rule p

[r5-acl-basic-2000]rule permit so

[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[r5-acl-basic-2000]

[r5-acl-basic-2000]q

[r5]

[r5]int g0/0/1

[r5-GigabitEthernet0/0/1]nat out

[r5-GigabitEthernet0/0/1]nat outbound 2000

结果:

<r1>ping 1.1.1.1

  PING 1.1.1.1: 56  data bytes, press CTRL_C to break

    Request time out

    Request time out

    Request time out

    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=252 time=50 ms

    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=252 time=40 ms

  --- 1.1.1.1 ping statistics ---

    5 packet(s) transmitted

    2 packet(s) received

    60.00% packet loss

round-trip min/avg/max = 40/45/50 ms

<r2>ping 1.1.1.1

  PING 1.1.1.1: 56  data bytes, press CTRL_C to break

    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=253 time=40 ms

    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=253 time=40 ms

    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=253 time=40 ms

    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=253 time=40 ms

    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=253 time=30 ms

  --- 1.1.1.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 30/38/40 ms

7、R6telnetr5的公有IP地址时,实际登陆到r1上:

[r1]aaa

[r1-aaa]local-user admin ?

  access-limit   Set access limit of user(s)

  ftp-directory  Set user(s) FTP directory permitted

  idle-timeout   Set the timeout period for terminal user(s)

  password       Set password

  privilege      Set admin user(s) level

  service-type   Service types for authorized user(s)

  state          Activate/Block the user(s)

  user-group     User group

[r1-aaa]local-user admin p

[r1-aaa]local-user admin password

[r1-aaa]local-user admin privilege le

[r1-aaa]local-user admin privilege level 15

[r1-aaa]local-user admin privilege level 15 pa

[r1-aaa]local-user admin privilege level 15 password ci

[r1-aaa]local-user admin privilege level 15 password cipher 123456

[r1-aaa]loc

[r1-aaa]local-user adq

[r1-aaa]local-user ad

[r1-aaa]local-user admin s

[r1-aaa]local-user admin service-typete

[r1-aaa]local-user admin service-type te

[r1-aaa]local-user admin service-type terminal

[r1-aaa]local-user admin service-type telnet

[r1-aaa]q

[r1]user-in

[r1]user-interface v

[r1]user-interface vty 0 4

[r1-ui-vty0-4]auth

[r1-ui-vty0-4]authentication-mode aaa

[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 ins

ide 192.168.1.1 23

Warning:The port 23 is well-known port. If you continue it may cause function fa

ilure.

Are you sure to continue?[Y/N]:y

[r5-GigabitEthernet0/0/1]

结果:

<r6>telnet 12.0.0.1

  Press CTRL_] to quit telnet mode

  Trying 12.0.0.1 ...

  Connected to 12.0.0.1 ...

Login authentication

Username:admin

Password:

Error: Local authentication is rejected.

  Logged Fail!

Username:admin

Password:

<r1>

<r1>

<r1>

<r1>

8、R4与R5正常通过1000m链路,故障时通过100M链路:修改优先级

ip route-static 0.0.0.0 0 192.168.1.18

[r4]ip route-static 0.0.0.0 0 192.168.1.22 pre

[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 70
 

wbw219
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值