拓扑结构:
要求
1、R6为网络运营商(ISP),接口IP地址均为公有地址;该设备只能配置IP地址,之后不能在对其进行任何配置;
2、R1~R5为局域网,私有IP地址192.168.1.0/24,请合理分配;
3、所有路由器上环回,均代表连接用户的接口;
4、R3下的两台PC通过DHCP自动获取IP地址;
5、选路最佳,路由表尽量小,避免环路;
6、R1~R5均可访问R6的环回
7、R6telnetR5的公有IP地址时,实际登录到R1上
8、R4与R5正常运行时通过1000兆链路,故障时通过100兆链路
使用的设备:6台
路由器、1台
交换机、2台
电脑
解决网络拓扑:
1、确定广播域的个数
2、分配网段
3、配置IP地址 (优先配置路由器)
确定广播域的个数
根据拓扑结构图以及要求可知,本拓扑结构一共拥有16个网段,包括两个给定网段、6个接口网段和7个环回网段和一个DHCP分配网段
分配网段
其中14个内网网段基于192.168.1.0/24进行划分
划分为4个网段,需要借2位子网掩码:
6个接口网段:
192.168.1.0 /26
192.168.1.0/30
192.168.1.4/30
192.168.1.8/30
192.168.1.12/30
192.168.1.16/30
192.168.1.20/30
1个DHCP网段:
192.168.1.24/29
7个环回网段:
192.168.1.32/27
192.168.1.64 /26
192.168.1.64/27
192.168.1.96/27
192.168.1.128 /26
192.168.1.128/27
192.168.1.160/27
192.168.1.192 /26
192.168.1.192/27
192.168.1.224/27
配置路由器IP地址
AR1:
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 30
[r1-GigabitEthernet0/0/0]
Apr 22 2023 19:42:00-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]q
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ip address 192.168.1.5 30
[r1-GigabitEthernet0/0/1]
Apr 22 2023 19:42:22-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r1-GigabitEthernet0/0/1]q
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 192.168.1.65 27
[r1-LoopBack0]q
[r1]interface LoopBack 1
[r1-LoopBack1]ip address 192.168.1.97 27
[r1-LoopBack1]q
[r1]AR2:
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.1.2 30
[r2-GigabitEthernet0/0/0]
Apr 22 2023 19:44:30-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r2-GigabitEthernet0/0/0]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.1.9 30
Apr 22 2023 19:44:51-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r2-GigabitEthernet0/0/1]q
[r2]interface LoopBack 0
[r2-LoopBack0]ip address 192.168.1.129 27
[r2-LoopBack0]q
[r2]interface LoopBack 1
[r2-LoopBack1]ip address 192.168.1.161 27
[r2-LoopBack1]q
[r2]AR3:配置IP地址并配置DHCP池塘
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.1.6 30
[r3-GigabitEthernet0/0/0]
Apr 22 2023 19:47:09-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.1.13 30
Apr 22 2023 19:47:28-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r3-GigabitEthernet0/0/1]q
[r3]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[r3]ip pool a
Info: It's successful to create an IP address pool.
[r3-ip-pool-a]network 192.168.1.24 mask 29
[r3-ip-pool-a]gateway-list 192.168.1.25
[r3-ip-pool-a]dns-list 114.114.114.114 8.8.8.8
[r3-ip-pool-a]q
[r3]interface GigabitEthernet 0/0/2
[r3-GigabitEthernet0/0/2]ip address 192.168.1.25 29
Apr 22 2023 19:49:35-08:00 r3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state.
[r3-GigabitEthernet0/0/2]dhcp select global
[r3-GigabitEthernet0/0/2]q
[r3]AR4:
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.1.10 30
Apr 22 2023 19:51:25-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.1.14 30
Apr 22 2023 19:51:42-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r4-GigabitEthernet0/0/1]q
[r4]interface GigabitEthernet 0/0/2
[r4-GigabitEthernet0/0/2]ip address 192.168.1.17 30
Apr 22 2023 19:52:12-08:00 r4 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state.
[r4-GigabitEthernet0/0/2]q
[r4]interface GigabitEthernet 1/0/0
[r4-GigabitEthernet1/0/0]ip address 192.168.1.21 30
Apr 22 2023 19:52:36-08:00 r4 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP on the interface GigabitEthernet1/0/0 has entered the UP state.
[r4-GigabitEthernet1/0/0]q
[r4]interface LoopBack 0
[r4-LoopBack0]ip address 192.168.1.193 27
[r4-LoopBack0]q
[r4]interface LoopBack 1
[r4-LoopBack1]ip address 192.168.1.225 27
[r4-LoopBack1]q
[r4]AR5:
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r5
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip address 192.168.1.18 30
Apr 22 2023 19:55:53-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r5-GigabitEthernet0/0/0]q
[r5]interface GigabitEthernet 0/0/1
[r5-GigabitEthernet0/0/1]ip address 192.168.1.22 30
Apr 22 2023 19:56:10-08:00 r5 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r5-GigabitEthernet0/0/1]q
[r5]interface GigabitEthernet 0/0/2
[r5-GigabitEthernet0/0/2]ip address 56.1.1.1 24
Apr 22 2023 19:56:36-08:00 r5 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state.
[r5-GigabitEthernet0/0/2]q
[r5]interface LoopBack 0
[r5-LoopBack0]ip address 192.168.1.33 27
[r5-LoopBack0]q
[r5]AR6:
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r6
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 56.1.1.2 24
[r6-GigabitEthernet0/0/0]
Apr 22 2023 19:58:29-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r6-GigabitEthernet0/0/0]q
[r6]interface LoopBack 0
[r6-LoopBack0]ip address 3.3.3.3 24
[r6-LoopBack0]q
[r6]配置OSPF动态路由协议
AR1:
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.1.64 0.0.0.31
[r1-ospf-1-area-0.0.0.0]network 192.168.1.96 0.0.0.31
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[r1-ospf-1-area-0.0.0.0]network 192.168.1.4 0.0.0.3
[r1-ospf-1-area-0.0.0.0]q
[r1-ospf-1]q
[r1]
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r1-GigabitEthernet0/0/0]q
[r1]interface GigabitEthernet 0/0/1
[r1-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r1-GigabitEthernet0/0/1]q
[r1]AR2:
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 192.168.1.128 0.0.0.31
[r2-ospf-1-area-0.0.0.0]network 192.168.1.160 0.0.0.31
[r2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[r2-ospf-1-area-0.0.0.0]network 192.168.1.8 0.0.0.3
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]q
[r2]
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/0]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/1]q
[r2]AR3:
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 192.168.1.24 0.0.0.7
[r3-ospf-1-area-0.0.0.0]network 192.168.1.4 0.0.0.3
[r3-ospf-1-area-0.0.0.0]network 192.168.1.12 0.0.0.3
[r3-ospf-1-area-0.0.0.0]q
[r3-ospf-1]q
[r3]
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/1]q
[r3]AR4:
[r4]ospf 1 router-id 4.4.4.4
Info: The configuration succeeded. You need to restart the OSPF process to validate the new router ID.
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 192.168.1.192 0.0.0.31
[r4-ospf-1-area-0.0.0.0]network 192.168.1.224 0.0.0.31
[r4-ospf-1-area-0.0.0.0]network 192.168.1.12 0.0.0.3
[r4-ospf-1-area-0.0.0.0]network 192.168.1.8 0.0.0.3
[r4-ospf-1-area-0.0.0.0]network 192.168.1.16 0.0.0.3
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]q
[r4]
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/1]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/2
[r4-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/2]q
[r4]interface GigabitEthernet 1/0/0
[r4-GigabitEthernet1/0/0]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet1/0/0]q
[r4]ip route-static 192.168.1.32 27 192.168.1.22 preference 70
[r4]AR5:
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 192.168.1.16 0.0.0.3
[r5-ospf-1-area-0.0.0.0]network 192.168.1.32 0.0.0.31
[r5-ospf-1-area-0.0.0.0]q
[r5-ospf-1]q
[r5]
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r5-GigabitEthernet0/0/0]q
[r5]interface GigabitEthernet 0/0/1
[r5-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r5-GigabitEthernet0/0/1]q
[r5]PC1~PC5通过运行OSPF动态路由协议,此时内网已经全网可达。并且在每一个运行OSPF协议的接口上都做了认证,保障更新安全。并且将R4与R5之间的一条链路的优先级修改为70,使其成为一条备份链路。
配置缺省路由
通过R5向内部网络发布一条通往外网的缺省静态路由
AR5:
[r5]ip route-static 0.0.0.0 0 56.1.1.2
[r5]ospf 1
[r5-ospf-1]default-route-advertise always
[r5-ospf-1]q
[r5]此时内网都有一条缺省路由
配置NAT协议和ACL访问控制列表
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]q
[r5]interface GigabitEthernet 0/0/2
[r5-GigabitEthernet0/0/2]nat outbound 2000
[r5-GigabitEthernet0/0/2]q
[r5]在R1上开启telnet服务
[r1]aaa
[r1-aaa]local-user panda privilege level 15 password cipher 123456
Info: Add a new user.
[r1-aaa]local-user panda service-type telnet
[r1-aaa]q
[r1]user-interface vty 0
[r1-ui-vty0]authentication-mode aaa
[r1-ui-vty0]q
[r1]并做好23端口映射,配置完后,内网可以ping通外网
ISP在远程登录R5时,会远程登录到R1上
实验到此为止,就完成了 ,要求也是全部完成。
