实验要求:
1、R6为ISP,接口IP地址均为公有地址,该设备只能配置IP地址,之后不能再对其进行任何配置;
2、R1-R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
3、R1、R2、R4,各有两个环回IP地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口;
4、R3下面的两台PC通过DHCP自动获取IP地址;
5、选路最佳,路由表尽量小,避免环路;
6、R1-R5均可以访问R6的环回;
7、R6 telnet R5的公有地址时,实际登录到R1上;
8、R4与R5正常通过1000M链路,故障时通过100m链路;
实验步骤:
推荐使用AR2220和AR2240路由器
1、网段划分:
首先输入:sys 进入系统视图,接着输入:interface GigabitEthernet0/0/1 进入接口视图
随后ip addres 192.168.1.1(ip地址)255.255.255.252(子网掩码)(为啥是252,因为在192.168.1.0/30这个网段中255.255.255.252表示该子网只有4个IP地址可用,其中一个是网络地址、一个是广播地址,另外两个是可用地址。)
AR1:int g0/0/1 IP地址:192.168.1.5 30
int g0/0/0 IP地址:192.168.1.1 30
配置R1 环回地址
AR2:int g0/0/1 IP地址:192.168.1.9 30
int g0/0/0 IP地址:192.168.1.2 30
配置R2 环回地址
AR3:int g0/0/1 IP地址:192.168.1.13 30
int g0/0/0 IP地址:192.168.1.6 30
给R3配置dhcp服务:
AR4:int g0/0/1 IP地址:192.168.1.14 30
int g0/0/0 IP地址:192.168.1.9 30
int g0/0/2 IP地址:192.168.1.17 30
int g4/0/0 IP地址:192.168.1.21 30
配置R4的环回地址:
int l0 然后 ip ad 192.168.1.129 28
int l1 然后ip ad 192.168.1.145 28
AR5:int 0/0/2 IP地址:192.168.1.22 30
int g0/0/0 IP地址:192.168.1.18 30
int g0/0/1 IP地址:12.0.0.5 24
AR6:int g0/0/0 IP地址:12.0.0.6 24
配置R6环回地址:
配置R1的静态路由:
ip route-static 192.168.1.20 30 192.168.1.2
ip route-static 192.168.1.20 30 192.168.1.6
ip route-static 192.168.1.0 30 192.168.1.2
ip route-static 192.168.1.12 30 192.168.1.6
ip route-static 192.168.1.16 30 192.168.1.2
ip route-static 192.168.1.16 30 192.168.1.6
ip route-static 192.168.1.64 30 192.168.1.2
ip route-static 192.168.1.96 27 192.168.1.6
ip route-static 192.168.1.128 27 192.168.1.2
ip route-static 192.168.1.128 27 192.168.1.6
ip route-static 192.168.1.160 27 192.168.1.2
ip route-static 192.168.1.160 27 192.168.1.6
配置R2的静态路由:
[R2]ip route-static 192.168.1.128 27 192.168.1.10
[R2]ip route-static 192.168.1.16 30 192.168.1.10
[R2]ip route-static 192.168.1.160 27 192.168.1.10
[R2]ip route-static 192.168.1.20 30 192.168.1.10
[R2]ip route-static 192.168.1.12 30 192.168.1.10
[R2]ip route-static 192.168.1.96 27 192.168.1.1
[R2]ip route-static 192.168.1.4 30 192.168.1.1
[R2]ip route-static 192.168.1.32 27 192.168.1.1
配置R3的静态路由:
[R3]ip route-s
[R3]ip route-static 192.168.1.32 27 192.168.1.5
[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.5
[R3]ip route-static 192.168.1.64 27 192.168.1.14
[R3]ip route-static 192.168.1.8 30 192.168.1.14
[R3]ip route-static 192.168.1.128 27 192.168.1.14
[R3]ip route-static 192.168.1.16 30 192.168.1.14
[R3]ip route-static 192.168.1.160 27 192.168.1.14
[R3]ip route-static 192.168.1.20 30 192.168.1.14
[R3]dis ip ro
[R3]dis ip routing-table p
[R3]dis ip routing-table protocol s
[R3]dis ip routing-table protocol static
配置R4的静态路由:
[R4]ip rou
[R4]ip route-static 192.168.1.96 27 192.168.1.13
[R4]ip route-static 192.168.1.4 30 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.13
[R4]ip route-static 192.168.1.32 27 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.64 27 192.168.1.9
[R4]ip route-static 192.168.1.160 27 192.168.1.18
[R4]ip route-static 192.168.1.160 27 192.168.1.22
配置R5的静态路由:
[R5]ip route-s
[R5]ip route-static 192.168.1.128 27 192.168.1.17
[R5]ip route-static 192.168.1.128 27 192.168.1.21
[R5]ip route-static 192.168.1.12 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.21
[R5]ip route-static 192.168.1.96 27 192.168.1.17
[R5]ip route-static 192.168.1.96 27 192.168.1.21
[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.21
[R5]ip route-static 192.168.1.32 27 192.168.1.17
[R5]ip route-static 192.168.1.32 27 192.168.1.21
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.21
[R5]ip route-static 192.168.1.64 27 192.168.1.17
[R5]ip route-static 192.168.1.64 27 192.168.1.21
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.21
检查内网是否通了:
现在进行公网通:
在R5上配(缺省路由):ip route-static 0.0.0.0 0 12.0.0.6
检查公网是否通了:
避免环路:
静态防环机制
[R1]ip route-static 192.168.1.32 27 NULL 0
[R2]ip route-static 192.168.1.64 27 NULL 0
[R4]ip route-static 192.168.1.128 27 NULL 0
R1访问R6 公网上需要进行nat操作
[R5]acl 2000
[R5-acl-basic-2000]rule per
[R5-acl-basic-2000]rule permit s
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]q
[R5]int g0/0/1
[R5-GigabitEthernet0/0/1]nat o
[R5-GigabitEthernet0/0/1]nat outbound 2000
[R5-GigabitEthernet0/0/1]
给R1搞缺省:
[R1]ip rou
[R1]ip route-s
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.6
给R2搞缺省:[R2]ip route-static 0.0.0.0 0 192.168.1.10
给R3搞缺省:[R3]ip route-static 0.0.0.0 0 192.168.1.14
给R4搞缺省:[R4]ip route-static 0.0.0.0 0 192.168.1.18
[R4]ip route-static 0.0.0.0 0 192.168.1.22
现在R1 ping 1.1.1.6 就可以通了
R6登录到R1上:
给R1配置远程登陆:
[R1]aaa
[R1-aaa]lo
[R1-aaa]local-user wangdaye ps
[R1-aaa]local-user wangdaye pa
[R1-aaa]local-user wangdaye password ci
[R1-aaa]local-user wangdaye password cipher way12345 pri
[R1-aaa]local-user wangdaye password cipher way12345 privilege le
[R1-aaa]local-user wangdaye password cipher way12345 privilege level 15
给wangdaye这个用户设置服务类型:
R1-aaa]local-user wangdaye ser
[R1-aaa]local-user wangdaye service-type telnet
[R1-aaa]dis th
[V200R003C00]
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user wangdaye password cipher %$%$RK~w)),WiO}jqSIz6p(K!>Ja%$%$
local-user wangdaye privilege level 15
local-user wangdaye service-type telnet
#
return
给用户设置登录通道:
[R1-aaa]quit
[R1]use
[R1]user-in
[R1]user-interface vty 0 4
[R1-ui-vty0-4]au
[R1-ui-vty0-4]authentication-mode ?
aaa AAA authentication
password Authentication through the password of a user terminal interface
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]quit
给R5配置nat server:
nat server protocol tcp global current-interface 23 ins
ide 192.168.1.1 23
R6通过公网地址访问:
第八个问题:
1.查询R1所走的路径:[R1]tracert 192.168.1.161
2、修改通过R4的优先级:ip ro
[R4]ip route-s
[R4]ip route-static 0.0.0.0 0 192.168.1.22 pre
[R4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
Info: Succeeded in modifying route.
Mar 20 2024 18:41:30-08:00 R4 %%01RM/4/IPV4_DEFT_RT_CHG(l)[0]:IPV4 default Route
is changed. (ChangeType=Delete, InstanceId=0, Protocol=Static, ExitIf=GigabitEt
hernet4/0/0, Nexthop=192.168.1.22, Neighbour=0.0.0.0, Preference=1023410176, Lab
el=NULL, Metric=0)
[R4]
[R4]
修改通过R5的优先级:[R5]ip route-s
[R5]ip route-static 192.168.1.0 30 192.168.1.21 pre 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.4 30 192.168.1.21 pre 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.8 30 192.168.1.21 pre 6
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.21 30 192.168.1.21 pre 61
Info: The destination address and mask of the configured static route mismatched
, and the static route 192.168.1.20/30 was generated.
[R5]ip route-static 192.168.1.32 27 192.168.1.21 pre 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.64 27 192.168.1.21 pre 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.96 27 192.168.1.21 pre 61
Info: Succeeded in modifying route.
[R5]ip route-static 192.168.1.128 27 192.168.1.21 pre 61
Info: Succeeded in modifying route.
如果没对:就关一条路径
进入 0/0/2接口 输入shutdown