1)首先实验要求是将192.168.1.0/24的网段进行IP地址的划分。根据拓扑结构,我们得知需要划分出6个网段,划分的网段如下:
192.168.1.0/24
192.168.1.0/27
192.168.1.32/27
192.168.1.64/27
192.168.1.96/27
192.168.1.128/27
192.168.1.160/27
192.168.1.192/27
192.168.1.224/27
2)选其中6个网段作为实验所需网段,剩余2个网段作为保留网段,在将192.168.1.0/27作为我们的骨干链路的网段,根据拓扑得知我们需要6个网段,划分的网段如下:
192.168.1.0/27
192.168.1.4/30
192.168.1.8/30
192.168.1.12/30
192.168.1.16/30
192.168.1.20/30
192.168.1.24/30
192.168.1.28/30
选其中6个网段作为骨干链路的网段,其余网段作为保留网段。此类划分好是因为一个骨干链路刚好需要2个IP地址,此种划分刚好满足这种现象,以达到IP地址最大化节约。
3)将划分出的网段再次进行划分用作环回接口,划分结构如下:
192.168.1.32/28
192.168.1.48/28
192.168.1.64/28
192.168.1.80/28
192.168.1.96/28
192.168.1.112/28
192.168.1.128/28
192.168.1.144/28
192.168.1.160/28
192.168.1.176/28
192.168.1.192/28
192.168.1.208/28
192.168.1.224/28
192.168.1.240/28
以上此类的划分是为了可以更加方便的汇总。
2、配置:
1)对各个设备进行IP地址和环回接口的配置
AR1:
IP地址的配置:
[r1-GigabitEthernet0/0/0]ip a 192.168.1.1 30
[r1-GigabitEthernet0/0/2]ip a 192.168.1.9 30
环回接口的配置:
[r1-LoopBack0]ip a 192.168.1.33 28
[r1-LoopBack1]ip a 192.168.1.49 28
AR2:
IP地址的配置:
[r2-GigabitEthernet0/0/0]ip a 192.168.1.2 30
[r2-GigabitEthernet0/0/1]ip a 192.168.1.5 30
环回接口的配置:
[r2-LoopBack0]ip a 192.168.1.65 28
[r2-LoopBack1]ip a 192.168.1.81 28
AR3:
IP地址的配置:
[r3-GigabitEthernet0/0/0]ip a 192.168.1.10 30
[r3-GigabitEthernet0/0/1]ip a 192.168.1.13 30
[r3-GigabitEthernet0/0/2]ip a 192.168.1.97 27
AR4:
IP地址的配置:
[r4-GigabitEthernet0/0/0]ip a 192.168.1.6 30
[r4-GigabitEthernet0/0/1]ip a 192.168.1.14 30
[r4-GigabitEthernet0/0/2]ip a 192.168.1.21 30
[r4-GigabitEthernet4/0/0]ip a 192.168.1.17 30
环回接口的配置
[r4-LoopBack0]ip a 192.168.1.129 28
[r4-LoopBack1]ip a 192.168.1.145 28
AR5:
IP地址的配置:
[r5-GigabitEthernet0/0/0]ip a 192.168.1.22 30
[r5-GigabitEthernet0/0/2]ip a 192.168.1.18 30
[r5-GigabitEthernet0/0/1]ip a 12.0.0.1 24
环回接口的配置:
[r5-LoopBack0]ip a 192.168.1.161 28
AR6:
IP地址的配置:
[isp-GigabitEthernet0/0/0]ip a 12.0.0.2 24
环回接口的配置:
[isp-LoopBack0]ip a 1.1.1.1 24
2)配置路由和空接口
AR1:
[r1]ip route-static 0.0.0.0 0 192.168.1.2
[r1]ip route-static 0.0.0.0 0 192.168.1.10
[r1]ip route-static 192.168.1.96 27 192.168.1.10
[r1]ip route-static 192.168.1.4 30 192.168.1.2
[r1]ip route-static 192.168.1.12 30 192.168.1.10
[r1]ip route-static 192.168.1.32 27 NULL 0
AR2:
[r2]ip route-static 0.0.0.0 0 192.168.1.6
[r2]ip route-static 192.168.1.32 27 192.168.1.1
[r2]ip route-static 192.168.1.96 27 192.168.1.1
[r2]ip route-static 192.168.1.96 27 192.168.1.6
[r2]ip route-static 192.168.1.12 30 192.168.1.6
[r2]ip route-static 192.168.1.64 27 NULL 0
AR3:
[r3]ip route-static 0.0.0.0 0 192.168.1.14
[r3]ip route-static 192.168.1.32 27 192.168.1.9
[r3]ip route-static 192.168.1.64 27 192.168.1.9
[r3]ip route-static 192.168.1.64 27 192.168.1.14
[r3]ip route-static 192.168.1.4 30 192.168.1.14
[r3]ip route-static 192.168.1.0 30 192.168.1.9
AR4:
[r4]ip route-static 0.0.0.0 0 192.168.1.18
[r4]ip route-static 0.0.0.0 0 192.168.1.22 preference 61
[r4]ip route-static 192.168.1.96 27 192.168.1.13
[r4]ip route-static 192.168.1.8 30 192.168.1.13
[r4]ip route-static 192.168.1.32 27 192.168.1.13
[r4]ip route-static 192.168.1.32 27 192.168.1.5
[r4]ip route-static 192.168.1.0 30 192.168.1.5
[r4]ip route-static 192.168.1.64 27 192.168.1.5
[r4]ip route-static 192.168.1.0 24 NULL 0
[r4]ip route-static 192.168.1.160 27 192.168.1.18 --- 防止空接口讲数据包丢掉
[r4]ip route-static 192.168.1.160 27 192.168.1.22 preference 61 --- 浮动静态路由
AR5:
[r5]ip route-static 192.168.1.0 24 192.168.1.17
[r5]ip route-static 192.168.1.0 24 GigabitEthernet 0/0/0 192.168.1.21
[r5]ip route-static 0.0.0.0 0 12.0.0.2
3)在AR3上配置DHCP
[r3]dhcp enable
[r3]ip pool aaa
[r3-ip-pool-aaa]network 192.168.1.96 mask 27
[r3-ip-pool-aaa]gateway-list 192.168.1.97
[r3-ip-pool-aaa]q
[r3]int g 0/0/2
[r3-GigabitEthernet0/0/2]dhcp select global
4)对AR5配置nat协议
[r5]acl 2000
[r5-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r5-acl-basic-2000]q
[r5]int g 0/0/1
[r5-GigabitEthernet0/0/1]nat outbound 2000
5)对AR1启动telnet
[r1]aaa
[r1-aaa]local-user xujialong privilege level 15 password cipher 123456
[r1-aaa]q
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
6)在AR5上启动nat的映射配置
[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 in
side 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
7)在AR6 上远程登陆
<isp>telnet 12.0.0.1