一、实验要求

1、AR6理解为ISP设备，所连接的两个网段为公网；R1-R5构建为一个私有的局域网；

2、AR6上只能进行ip地址配置，之后不得对该路由器进行其他任何配置

3、公网范围IP地址已经指定，剩余R1-R5整个私网使用192.168.1.0/24进行合理分配

4、PC1/3为划分到VLAN2，PC2/4/HTTP 服务器划分到VLAN3；PC1-4通过DHCP自动获取ip地址；

5、所有路由器路由表应尽量控制减少，预防出现环路，所有选路均为最佳路径；R4与R5之间正常使用1000M链路，

1000M链路故障时自动切换到100m链路，整个网络仅使用静态路由协议；

6、PC1—PC4均可ping通PC5，同时PC5可以通过域名www.beixin.com来访问http服务器；

7、全网仅R1可以telnet登录R2

二、实验拓扑图

三、实验步骤 

1.先给所有设备改名字

<Huawei>sysname R1

2.交换机上配置VLAN以及trunk干道，在路由器上创建机接口并划分对应VLAN中

  SW1：

[SW1]vlan 2
[SW1]vlan 3
[SW1]int e0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 2
[SW1-Ethernet0/0/2]int e0/0/1
[SW1-Ethernet0/0/1]port link-type access 
[SW1-Ethernet0/0/1]port default vlan 3
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3

R1： 

[R1]int g0/0/2.1
[R1-GigabitEthernet0/0/2.1]dot1q termination vid 2	
[R1-GigabitEthernet0/0/2.1]ip address 192.168.1.65 27
[R1-GigabitEthernet0/0/2.1]arp broadcast enable 
[R1-GigabitEthernet0/0/2.1]int g0/0/0.2	
[R1-GigabitEthernet0/0/2.2]dot1q termination vid 3
[R1-GigabitEthernet0/0/2.2]ip address 192.168.1.97 27
[R1-GigabitEthernet0/0/2.2]arp broadcast enable 

 SW2：

[SW2]vlan 2
[SW2]vlan 3
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access 
[SW2-Ethernet0/0/1]port default vlan 2
[SW2]int e0/0/2
[SW2-Ethernet0/0/2]port link-type access 
[SW2-Ethernet0/0/2]port default vlan 3
[SW2-Ethernet0/0/2]int e0/0/3
[SW2-Ethernet0/0/3]port link-type access 
[SW2-Ethernet0/0/3]port default vlan 3
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk 
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 3

 R4：

[R4]int g0/0/2.1
[R4-GigabitEthernet0/0/2.1]dot1q termination vid 2
[R4-GigabitEthernet0/0/2.1]ip address 192.168.1.129 27
[R4-GigabitEthernet0/0/2.1]arp broadcast enable 
[R4-GigabitEthernet0/0/2.1]int g0/0/0.2
[R4-GigabitEthernet0/0/2.2]dot1q termination vid 3	
[R4-GigabitEthernet0/0/2.2]ip address 192.168.1.161 27	
[R4-GigabitEthernet0/0/2.2]arp broadcast enable 

3.给路由器各接口配置IP 

[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.1.1 30
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.9 30

R1：

R2：

R3：

R4：

R5：

ISP： 

4.使用DHCP为PC1-4分配地址

PC1-2：

[R1]dhcp enable 
[R1]ip pool 1
Info: It's successful to create an IP address pool.
[R1-ip-pool-1]network 192.168.1.64 mask 27
[R1-ip-pool-1]gateway-list 192.168.1.65
[R1-ip-pool-1]int g0/0/2.1	
[R1-GigabitEthernet0/0/2.1]dhcp select global 
[R1-GigabitEthernet0/0/2.1]q
[R1]dhcp e
[R1]ip pool 2
Info: It's successful to create an IP address pool.
[R1-ip-pool-2]network 192.168.1.96 mask 27
[R1-ip-pool-2]gateway-list 192.168.1.97
[R1-ip-pool-2]int g0/0/2.2	
[R1-GigabitEthernet0/0/2.2]dhcp select global 
[R1-GigabitEthernet0/0/2.2]q

 PC3-4：

[R4]dhcp enable 
[R4]ip pool 1
[R4-ip-pool-1]network 192.168.1.128 mask 27
[R4-ip-pool-1]gateway-list 192.168.1.129
[R4-ip-pool-1]int g0/0/2.1	
[R4-GigabitEthernet0/0/2.1]dhcp select global 
[R4-GigabitEthernet0/0/2.1]q
[R4]ip pool 2
[R4-ip-pool-2]network 192.168.1.160 mask 27
[R4-ip-pool-2]gateway-list 192.168.1.161
[R4-ip-pool-2]int g0/0/2.2	
[R4-GigabitEthernet0/0/2.2]dhcp select global 
[R4-GigabitEthernet0/0/2.2]q

 5.通过配置静态路由以及缺省实现内网全通

R1：

[R1]ip route-static 192.168.1.4 30 192.168.1.2
[R1]ip route-static 192.168.1.12 30 192.168.1.10
[R1]ip route-static 192.168.1.16 30 192.168.1.10	
[R1]ip route-static 192.168.1.16 30 192.168.1.2
[R1]ip route-static 192.168.1.20 30 192.168.1.10
[R1]ip route-static 192.168.1.20 30 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.2
[R1]ip route-static 0.0.0.0 0 192.168.1.10

R2：

[R2]ip route-static 192.168.1.8 30 192.168.1.1
[R2]ip route-static 192.168.1.64 26 192.168.1.1
[R2]ip route-static 192.168.1.128 26 192.168.1.1
[R2]ip route-static 192.168.1.128 26 192.168.1.6
[R2]ip route-static 192.168.1.12 30 192.168.1.6
[R2]ip route-static 192.168.1.16 30 192.168.1.6
[R2]ip route-static 192.168.1.20 30 192.168.1.6
[R2]ip route-static 0.0.0.0 0 192.168.1.6

R3：

[R3]ip route-static 192.168.1.0 30 192.168.1.5
[R3]ip route-static 192.168.1.64 30 192.168.1.5
[R3]ip route-static 192.168.1.64 30 192.168.1.13
[R3]ip route-static 192.168.1.8 30 192.168.1.13
[R3]ip route-static 192.168.1.128 26 192.168.1.13
[R3]ip route-static 0.0.0.0 0 192.168.1.18
[R3]ip route-static 0.0.0.0 0 192.168.1.22

R4：

[R4]ip route-static 192.168.1.64 26 192.168.1.9
[R4]ip route-static 192.168.1.0 30 192.168.1.9
[R4]ip route-static 192.168.1.4 30 192.168.1.14
[R4]ip route-static 192.168.1.16 30 192.168.1.14
[R4]ip route-static 192.168.1.20 30 192.168.1.14
[R4]ip route-static 0.0.0.0 0 192.168.1.14

R5：

[R5]ip route-static 192.168.1.4 30 192.168.1.17
[R5]ip route-static 192.168.1.4 30 192.168.1.21
[R5]ip route-static 192.168.1.12 30 192.168.1.17
[R5]ip route-static 192.168.1.12 30 192.168.1.21
[R5]ip route-static 192.168.1.0 30 192.168.1.17
[R5]ip route-static 192.168.1.0 30 192.168.1.21
[R5]ip route-static 192.168.1.8 30 192.168.1.17
[R5]ip route-static 192.168.1.8 30 192.168.1.21
[R5]ip route-static 192.168.1.64 26 192.168.1.17
[R5]ip route-static 192.168.1.64 26 192.168.1.21
[R5]ip route-static 192.168.1.128 26 192.168.1.17
[R5]ip route-static 192.168.1.128 26 192.168.1.21
[R5]ip route-static 192.168.1.0 24 null 0
[R5]ip route-static 0.0.0.0 0 12.1.1.2

6.在R5上配置NAT地址转换，一对多配置，PC1~pC4可以访问PC5；

[R5]acl 2000
[R5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[R5-acl-basic-2000]int g0/0/2
[R5-GigabitEthernet0/0/2]nat outbound 2000

7.通过配置端口映射PC5通过域名www.beixin.com来访问http服务器；

[R5]int g0/0/2
[R5-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 ins
ide 192.168.1.162
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y

8.使用Telnet来达到仅R1可以Telnet登录R2

[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]aaa
[R2-aaa]local-user Huawei password cipher 123456
Info: Add a new user.	
[R2-aaa]local-user Huawei privilege level 15
[R2-aaa]local-user Huawei service-type telnet