第一次作业 - 技术栈

列图：

要求：

学校内HTTP客户端可以正常通过域名www.baidu.com访问百度的服务器
学校网络内部基于192.168.1.0/24划分，PC1可以访问3.3.3.0/24网段，PC2不允许
学校内部使用静态路由，R1和R2之间浮动静态路由
运营商使用动态路由协议
AR1可以被telnet

对要求进行分析：

HTTP 客户端访问百度：要靠 DNS 解析域名、NAT 转换内网地址，再保证全程路由能通，这样内网主机才能正常打开百度网页。
PC1/PC2 访问控制：PC1 能访问 3.3.3.0 网段、PC2 不能，核心是在设备上配 ACL 访问控制列表，给两台主机做不同的访问权限限制。
学校内网主要用静态路由保证稳定，AR1 和 AR2 之间再配浮动静态路由，让主链路坏了能自动切换到备份链路。
运营商动态路由：运营商那边不用手动配静态路由，直接用 OSPF 等动态路由协议，让路由器自动学习和更新所有公网网段的路由。
AR1 可被 Telnet：要在 AR1 上开启 Telnet 服务、配好登录密码和权限，同时保证管理主机和 AR1 路由能通，就能远程登录管理 AR1。

首先让各个区域内先进行互通，再考虑各区域之间

学校内网：

bash 复制代码

//AR1

[AR1]int GigabitEthernet 0/0/2

[AR1-GigabitEthernet0/0/2]ip address 192.168.1.129 26

[AR1-GigabitEthernet0/0/2]int g 0/0/0

[AR1-GigabitEthernet0/0/0]ip address 192.168.1.193 26

[AR1]ip route-static 192.168.1.0 25 192.168.1.130

[AR1]ip route-static 192.168.1.0 25 192.168.1.194 preference 70

[AR1]int g 0/0/1

[AR1-GigabitEthernet0/0/1]ip address 13.0.0.1 24

[AR1]ip route-static 0.0.0.0 0 13.0.0.3


//AR2
	
[AR2]interface GigabitEthernet 0/0/0.2
	
[AR2-GigabitEthernet0/0/0.2]ip address 192.168.1.65 26

[AR2]interface GigabitEthernet 0/0/0.3
	
[AR2-GigabitEthernet0/0/0.3]ip address 192.168.1.1 26

[AR2]interface GigabitEthernet 0/0/0.2

[AR2-GigabitEthernet0/0/0.2]dot1q termination vid 2

[AR2-GigabitEthernet0/0/0.2]int g 0/0/0.3
[AR2-GigabitEthernet0/0/0.3]dot1q termination vid 3


[AR2-GigabitEthernet0/0/0.2]arp broadcast enable 
[AR2-GigabitEthernet0/0/0.2]int g 0/0/0.3
[AR2-GigabitEthernet0/0/0.3]arp broadcast enable


[AR2]int g 0/0/2

[AR2-GigabitEthernet0/0/2]ip address 192.168.1.130 26
[AR2-GigabitEthernet0/0/2]int g 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 192.168.1.194 26

	
[AR2]dhcp enable 

[AR2]ip pool vlam3


[AR2-ip-pool-vlam3]network 192.168.1.0 mask 26

[AR2-ip-pool-vlam3]gateway-list 192.168.1.1
[AR2-ip-pool-vlam3]dns-list 100.1.1.1
	
[AR2-ip-pool-vlam3]excluded-ip-address 192.168.1.2
[AR2-ip-pool-vlam3]q
[AR2]int g 0/0/0.3
	
[AR2-GigabitEthernet0/0/0.3]dhcp selectg	
[AR2-GigabitEthernet0/0/0.3]dhcp select g	
[AR2-GigabitEthernet0/0/0.3]dhcp select global 

//LSW1

[sw1]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.

[sw1]
	
[sw1]interface GigabitEthernet 0/0/1
	
[sw1-GigabitEthernet0/0/1]port link-type access 


[sw1-GigabitEthernet0/0/1]port default vlan 3

[sw1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1-GigabitEthernet0/0/2]port default vlan 3

[sw1-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]port link-type access

[sw1-GigabitEthernet0/0/3]port default vlan 2
	
[sw1]interface GigabitEthernet 0/0/4

[sw1-GigabitEthernet0/0/4]port link-type trunk 
	
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 2 3

[sw1-GigabitEthernet0/0/4]
[sw1-GigabitEthernet0/0/4]
[sw1-GigabitEthernet0/0/4]dis this
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 3
#
return

运营商：

bash 复制代码

//AR3
[AR3]int g 0/0/0

[AR3-GigabitEthernet0/0/0]ip address 13.0.0.3 24

[AR3-GigabitEthernet0/0/0]int g 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 34.0.0.3 24
 
[AR3-GigabitEthernet0/0/1]int g 0/0/2
[AR3-GigabitEthernet0/0/2]ip address 35.0.0.3 24

[AR3-GigabitEthernet0/0/2]q

[AR3]int	
[AR3]interface l	
[AR3]interface LoopBack 0
[AR3-LoopBack0]ip add	
[AR3-LoopBack0]ip address 3.3.3.3 24
[AR3]ospf 1 router-id 3.3.3.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 13.0.0.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 34.0.0.3 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 35.0.0.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

//AR4
[AR4]int g 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 34.0.0.4 24
[AR4-GigabitEthernet0/0/0]int g 0/0/1
[AR4-GigabitEthernet0/0/1]ip address 100.1.1.254 24
[AR4]ospf 1 router-id 4.4.4.4
[AR4-ospf-1]area 0
[AR4-ospf-1-area-0.0.0.0]netw	
[AR4-ospf-1-area-0.0.0.0]network 34.0.0.4 0.0.0.0
[AR4-ospf-1-area-0.0.0.0]network 100.1.1.254 0.0.0.0

//AR5
[AR5]int g 0/0/0
[AR5-GigabitEthernet0/0/0]ip add	
[AR5-GigabitEthernet0/0/0]ip address 35.0.0.5 24
[AR5]ospf 1 router-id 5.5.5.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 35.0.0.5 0.0.0.0
[AR5-ospf-1-area-0.0.0.0]network 56.0.0.5 0.0.0.0

百度网络：

bash 复制代码

//AR6

[AR6]int g 0/0/0

[AR6-GigabitEthernet0/0/0]ip address 56.0.0.6 24

[AR6-GigabitEthernet0/0/0]


[AR6]ip route-static 0.0.0.0 0 56.0.0.5

[AR6]int g 0/0/1
[AR6-GigabitEthernet0/0/1]ip add	
[AR6-GigabitEthernet0/0/1]ip address 172.16.1.254 24

各区域互通：

bash 复制代码

//AR2
[AR2]ip route-static 0.0.0.0 0 192.168.1.129
[AR2]ip route-static 0.0.0.0 0 192.168.1.193 preference 70
[AR2]acl 3000
[AR2-acl-adv-3000]
[AR2-acl-adv-3000]rule deny ip source 192.168.1.62 0.0.0.0 destination 3.3.3.3 0
[AR2-acl-adv-3000]rule permit ip

//AR1
[AR1]ip route-static 0.0.0.0 0 13.0.0.3
[AR1]acl 2000
	
[AR1-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

[AR1]int GigabitEthernet 0/0/1

[AR1-GigabitEthernet0/0/1]nat outbound 2000


[AR1]display current-configuration 
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa
AR1-aaa]local-user hcip password cipher 123456
[AR1-aaa]local-user hcip service-type telnet
[AR1-aaa]local-user hcip privilege level 1
//AR6
[AR6]int GigabitEthernet 0/0/0
[AR6-GigabitEthernet0/0/0]nat server protocol tcp global current-interface 80 in
side 172.16.1.1 www
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[AR6-GigabitEthernet0/0/0]