实验拓扑图
实验要求
要求
1、出口路由使用 NAT。
2、校园内服务器搭建www、FTP、DNS。
3、宿舍汇聚交换机与核心交换机链路使用链路聚合。
4、校园内除服务器不使用自动分配地址,其他pc使用自动获取ip地址。
5、核心交换机建VLAN、DHCP。
6、使用acl在服务器交换机设置FTP只允许教一楼的ip访问。
7、交换机管理vlan10,设置telnet 用户名个人名字拼音,密码为学号?
配置过程
sw7
[sw7]vlan batch 3 10
[sw7]int vlanif10
[sw7-Vlanif10]ip add 10.1.1.100 24 ------------------交换机网管地址
[sw7-Vlanif10]int g 0/0/1
[sw7-GigabitEthernet0/0/1]port link-type trunk?
[sw7-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 10
[sw7-GigabitEthernet0/0/1]int g 0/0/2
[sw7-GigabitEthernet0/0/2]port link-type access?
[sw7-GigabitEthernet0/0/2]port default vlan 3
sw8
[sw8]vlan batch 4 10
[sw8]int Vlanif 10
[sw8-Vlanif10]ip add 10.1.1.102 24
[sw8-Vlanif10]int g 0/0/1
[sw8-GigabitEthernet0/0/1]port link-type trunk
[sw8-GigabitEthernet0/0/1]port trunk allow-pass vlan 4 10
[sw8-GigabitEthernet0/0/1]int g 0/0/2
[sw8-GigabitEthernet0/0/2]port link-type access?
[sw8-GigabitEthernet0/0/2]port default vlan 4
sw9
[sw9]vlan batch 5 10
[sw9]int vlanif 10
[sw9-Vlanif10]ip add 10.1.1.103 24
[sw9-Vlanif10]int g 0/0/1
[sw9-GigabitEthernet0/0/1]port link-type trunk
[sw9-GigabitEthernet0/0/1]port trunk allow-pass?vlan 5 10
[sw9-GigabitEthernet0/0/1]int g 0/0/2
[sw9-GigabitEthernet0/0/2]port link-type access
[sw9-GigabitEthernet0/0/2]port default vlan 5
sw10
[sw10]vlan batch 21 10
[sw10]int vlanif 10
[sw10-Vlanif10]ip add 10.1.1.1 24
[sw10-Vlanif10]int g 0/0/1
[sw10-GigabitEthernet0/0/1]port link-type trunk
[sw10-GigabitEthernet0/0/1]port trunk allow-pass vlan 21 10
[sw10-GigabitEthernet0/0/1]int g 0/0/2
[sw10-GigabitEthernet0/0/2]port link-type access?
[sw10-GigabitEthernet0/0/2]port default vlan 21
sw11
[sw11]vlan batch 22 10
[sw11]int vlanif 10
[sw11-Vlanif10]ip add 10.1.1.2 24
[sw11-Vlanif10]int g 0/0/1
[sw11-GigabitEthernet0/0/1]port link-type trunk
[sw11-GigabitEthernet0/0/1]port trunk allow-pass vlan 22 10
[sw11-GigabitEthernet0/0/1]int g 0/0/2
[sw11-GigabitEthernet0/0/2]port link-type access?
[sw11-GigabitEthernet0/0/2]port default vlan 22
sw12
[sw12]vlan batch 23 10
[sw12]interface vlanif 10
[sw12-Vlanif10]ip add 10.1.1.3 24
[sw12-Vlanif10]int g 0/0/1
[sw12-GigabitEthernet0/0/1]port link-type trunk
[sw12-GigabitEthernet0/0/1]port trunk allow-pass?vlan 23 10
[sw12-GigabitEthernet0/0/1]int g 0/0/2
[sw12-GigabitEthernet0/0/2]port link-type access?
[sw12-GigabitEthernet0/0/2]port default vlan 23
sw13
[sw13]vlan batch 24 10
[sw13]int vlanif 10
[sw13-Vlanif10]ip add 10.1.1.4 24
[sw13-Vlanif10]int g 0/0/1
[sw13-GigabitEthernet0/0/1]port link-type trunk?
[sw13-GigabitEthernet0/0/1]port trunk allow-pass vlan 24 10
[sw13-GigabitEthernet0/0/1]int g 0/0/2
[sw13-GigabitEthernet0/0/2]port link-type access?
[sw13-GigabitEthernet0/0/2]port default vlan 24
sw14
[sw14]vlan batch 25 10
[sw14]int vlanif 10
[sw14-Vlanif10]ip add 10.1.1.5 24
[sw14-Vlanif10]int g 0/0/1
[sw14-GigabitEthernet0/0/1]port link-type trunk?
[sw14-GigabitEthernet0/0/1]port trunk allow-pass vlan 25 10
[sw14-GigabitEthernet0/0/1]int g 0/0/2
[sw14-GigabitEthernet0/0/2]port link-type access?
[sw14-GigabitEthernet0/0/2]port default vlan 25
sw15
[sw15]vlan batch 26 10
[sw15]int vlanif 10
[sw15-Vlanif10]ip add 10.1.1.6 24
[sw15-Vlanif10]int g 0/0/1
[sw15-GigabitEthernet0/0/1]port link-type trunk?
[sw15-GigabitEthernet0/0/1]port trunk allow-pass vlan 26 10
[sw15-GigabitEthernet0/0/1]int g 0/0/2
[sw15-GigabitEthernet0/0/2]port link-type access?
[sw15-GigabitEthernet0/0/2]port default vlan 26
sw16
[sw16]vlan batch 27 10
[sw16]interface vlanif 10
[sw16-Vlanif10]ip add 10.1.1.7 24
[sw16-Vlanif10]int g 0/0/1
[sw16-GigabitEthernet0/0/1]port link-type trunk?
[sw16-GigabitEthernet0/0/1]port trunk allow-pass vlan 27 10
[sw16-GigabitEthernet0/0/1]int g 0/0/2
[sw16-GigabitEthernet0/0/2]port link-type access?
[sw16-GigabitEthernet0/0/2]port default vlan 27
sw17
[sw17]vlan batch 10 28
[sw17]int vlanif 10
[sw17-Vlanif10]ip add 10.1.1.8 24
[sw17-Vlanif10]int g 0/0/1
[sw17-GigabitEthernet0/0/1]port link-type trunk?
[sw17-GigabitEthernet0/0/1]port trunk allow-pass vlan 28 10
[sw17-GigabitEthernet0/0/1]int g 0/0/2
[sw17-GigabitEthernet0/0/2]port link-type access?
[sw17-GigabitEthernet0/0/2]port default vlan 28
sw18
[sw18]vlan batch 29 10
[sw18]int vlanif 10
[sw18-Vlanif10]ip add 10.1.1.9 24
[sw18-Vlanif10]int g 0/0/1
[sw18-GigabitEthernet0/0/1]port link-type trunk?
[sw18-GigabitEthernet0/0/1]port trunk allow-pass vlan 29 10
[sw18-GigabitEthernet0/0/1]int g 0/0/2
[sw18-GigabitEthernet0/0/2]port link-type access?
[sw18-GigabitEthernet0/0/2]port default vlan 29
sw19
[sw19]vlan batch 10 30
[sw19]int Vlanif 10
[sw19-Vlanif10]ip add 10.1.1.10 24
[sw19-Vlanif10]int g 0/0/1
[sw19-GigabitEthernet0/0/1]port link-type trunk?
[sw19-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 10
[sw19-GigabitEthernet0/0/1]int g 0/0/2
[sw19-GigabitEthernet0/0/2]port link-type access?
[sw19-GigabitEthernet0/0/2]port default vlan 30
sw20
[sw20]vlan batch 31 10
[sw20]int vlanif 10
[sw20-Vlanif10]ip add 10.1.1.11 24
[sw20-Vlanif10]int g 0/0/1
[sw20-GigabitEthernet0/0/1]port link-type trunk?
[sw20-GigabitEthernet0/0/1]port trunk allow-pass vlan 31 10
[sw20-GigabitEthernet0/0/1]int g 0/0/2
[sw20-GigabitEthernet0/0/2]port link-type access?
[sw20-GigabitEthernet0/0/2]port default vlan 31
sw21
[sw21]vlan batch 32 10
[sw21]int vlanif 10
[sw21-Vlanif10]ip add 10.1.1.12 24
[sw21-Vlanif10]int g 0/0/1
[sw21-GigabitEthernet0/0/1]port link-type trunk?
[sw21-GigabitEthernet0/0/1]port trunk allow-pass vlan 32 10
[sw21-GigabitEthernet0/0/1]int g 0/0/2
[sw21-GigabitEthernet0/0/2]port link-type access?
[sw21-GigabitEthernet0/0/2]port default vlan 32
汇聚层到核心层的交换机接口配置
方法一:逐一配置
sw1
[sw1]vlan batch 3 4 5 10
[sw1]int g 0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk?
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 3 10
[sw1-GigabitEthernet0/0/3]int g 0/0/4
[sw1-GigabitEthernet0/0/4]port link-type trunk?
[sw1-GigabitEthernet0/0/4]port trunk allow-pass vlan 4 10
[sw1-GigabitEthernet0/0/4]int g 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type trunk?
[sw1-GigabitEthernet0/0/5]port trunk allow-pass vlan 5 10
[sw1-GigabitEthernet0/0/5]int g 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk?
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 4 5 10
[sw1-GigabitEthernet0/0/1]int g 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk?
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 3 4 5 10
sw2
[sw2]vlan batch 21 to 26 10
[sw2]int g 0/0/3
[sw2-GigabitEthernet0/0/3]port link-type trunk?
[sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 21 10
[sw2-GigabitEthernet0/0/3]int g 0/0/4
[sw2-GigabitEthernet0/0/4]port link-type trunk?
[sw2-GigabitEthernet0/0/4]port trunk allow-pass vlan 22 10
[sw2-GigabitEthernet0/0/4]int g 0/0/5
[sw2-GigabitEthernet0/0/5]port link-type trunk
[sw2-GigabitEthernet0/0/5]port trunk allow-pass vlan 23 10
[sw2-GigabitEthernet0/0/5]int g 0/0/6
[sw2-GigabitEthernet0/0/6]port link-type trunk?
[sw2-GigabitEthernet0/0/6]port trunk allow-pass vlan 24 10
[sw2-GigabitEthernet0/0/6]int g 0/0/7
[sw2-GigabitEthernet0/0/7]port link-type trunk?
[sw2-GigabitEthernet0/0/7]port trunk allow-pass vlan 25 10
[sw2-GigabitEthernet0/0/7]int g 0/0/8
[sw2-GigabitEthernet0/0/8]port link-type trunk?
[sw2-GigabitEthernet0/0/8]port trunk allow-pass vlan 26 10
[sw2-GigabitEthernet0/0/8]int g 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk?
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 21 to 26 10
[sw2-GigabitEthernet0/0/1]int g 0/0/2
[sw2-GigabitEthernet0/0/2]port link-type trunk?
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 21 to 26 10
sw3
[sw3]vlan batch 27 to 32 10
[sw3]int g 0/0/3
[sw3-GigabitEthernet0/0/3]port link-type trunk?
[sw3-GigabitEthernet0/0/3]port trunk allow-pass vlan 27 10
[sw3-GigabitEthernet0/0/3]int g 0/0/4
[sw3-GigabitEthernet0/0/4]port link-type trunk
[sw3-GigabitEthernet0/0/4]port trunk allow-pass vlan 28 10
[sw3-GigabitEthernet0/0/4]int g 0/0/5
[sw3-GigabitEthernet0/0/5]port link-type trunk?
[sw3-GigabitEthernet0/0/5]port trunk allow-pass vlan 29 10
[sw3-GigabitEthernet0/0/5]int g 0/0/6
[sw3-GigabitEthernet0/0/6]port link-type trunk?
[sw3-GigabitEthernet0/0/6]port trunk allow-pass vlan 30 10
[sw3-GigabitEthernet0/0/6]int g 0/0/7
[sw3-GigabitEthernet0/0/7]port link-type trunk?
[sw3-GigabitEthernet0/0/7]port trunk allow-pass vlan 31 10
[sw3-GigabitEthernet0/0/7]int g 0/0/8
[sw3-GigabitEthernet0/0/8]port link-type trunk?
[sw3-GigabitEthernet0/0/8]port trunk allow-pass vlan 32 10
[sw3-GigabitEthernet0/0/8]int g 0/0/1
[sw3-GigabitEthernet0/0/1]port link-type trunk?
[sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan 27 to 32 10
[sw3-GigabitEthernet0/0/1]int g 0/0/2
[sw3-GigabitEthernet0/0/2]port link-type trunk?
?[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan 27 to 32 10
sw4
[sw4]int g 0/0/4
[sw4-GigabitEthernet0/0/4]port link-type trunk?
[sw4-GigabitEthernet0/0/4]port trunk allow-pass vlan 3 to 5 10
[sw4-GigabitEthernet0/0/4]int g 0/0/5
[sw4-GigabitEthernet0/0/5]port link-type trunk?
[sw4-GigabitEthernet0/0/5]port trunk allow-pass vlan 3 to 5 10
[sw4-GigabitEthernet0/0/5]int g 0/0/6
[sw4-GigabitEthernet0/0/6]port link-type trunk?
[sw4-GigabitEthernet0/0/6]port trunk allow-pass vlan 21 to 26 10
[sw4-GigabitEthernet0/0/6]int g 0/0/7
[sw4-GigabitEthernet0/0/7]port link-type trunk?
[sw4-GigabitEthernet0/0/7]port trunk allow-pass vlan 21 to 26 10
[sw4-GigabitEthernet0/0/7]int g 0/0/8
[sw4-GigabitEthernet0/0/8]port link-type trunk?
[sw4-GigabitEthernet0/0/8]port trunk allow-pass vlan 27 to 32 10
[sw4-GigabitEthernet0/0/8]int g 0/0/9
[sw4-GigabitEthernet0/0/9]port link-type trunk?
[sw4-GigabitEthernet0/0/9]port trunk allow-pass vlan 27 to 32 10
[sw4]int g 0/0/3
[sw4-GigabitEthernet0/0/3]port link-type access?
[sw4-GigabitEthernet0/0/3]port default vlan 10
方法二:采用链路聚合方式(LACP)
链路聚合(Link?Aggregation),是指将多个物理端口捆绑在一起,成为一个逻辑端口,以实现出入流量在各成员端口中的负荷分担,交换机根据用户配置的端口负荷分担策略决定报文从哪一个成员端口发送到对端的交换机
配置LACP
LSW1:
int Eth-Trunk 1
trunkport GigabitEthernet 0/0/1 0/0/2
port?link-type?trunk
port trunk allow-pass vlan 3 4 5 10
LSW2
int Eth-Trunk 2
trunkport GigabitEthernet 0/0/1 0/0/2
port?link-type?trunk
port trunk allow-pass vlan 21 22 23 24 25 26 10
LSW3
int Eth-Trunk 3
trunkport GigabitEthernet 0/0/1 0/0/2
port?link-type?trunk
port trunk allow-pass vlan 27 28 25 30 31 32 10
LSW4:
int Eth-Trunk 1
trunkport GigabitEthernet 0/0/4 0/0/5
port?link-type?trunk
port trunk allow-pass vlan 3 4 5 10
int Eth-Trunk 2
trunkport GigabitEthernet 0/0/6 0/0/7
port?link-type?trunk
port trunk allow-pass vlan 21 22 23 24 25 26 10
int Eth-Trunk 3
trunkport GigabitEthernet 0/0/8 0/0/9
port?link-type?trunk
port trunk allow-pass vlan 27 28 25 30 31 32 10
sw4配置DHCP
[sw4]dhcp enable
[sw4]ip pool vlan3
[sw4-ip-pool-vlan3]network 172.16.2.0 mask 24
[sw4-ip-pool-vlan3]gateway-list 172.16.2.254
[sw4-ip-pool-vlan3]dns-list 172.16.1.1
[sw4-ip-pool-vlan3]dns-list 121.31.43.204
[sw4]ip pool vlan4
[sw4-ip-pool-vlan4]network 172.16.3.0 mask 24
[sw4-ip-pool-vlan4]gateway-list 172.16.3.254
[sw4-ip-pool-vlan4]dns-list 172.16.1.1
[sw4-ip-pool-vlan4]dns-list 121.31.43.204
[sw4]ip pool vlan5
[sw4-ip-pool-vlan5]network 172.16.4.0 mask 24
[sw4-ip-pool-vlan5]gateway-list 172.16.4.254
[sw4-ip-pool-vlan5]dns-list 172.16.1.1
[sw4-ip-pool-vlan5]dns-list 121.31.43.204
[sw4]ip pool vlan21
[sw4-ip-pool-vlan21]network 172.16.100.0 mask 25
[sw4-ip-pool-vlan21]gateway-list 172.16.100.126
[sw4-ip-pool-vlan21]dns-list 172.16.1.1
[sw4-ip-pool-vlan21]dns-list 121.31.43.204
[sw4-ip-pool-vlan21]ip pool vlan22
[sw4-ip-pool-vlan22]network 172.16.101.0 mask 25
[sw4-ip-pool-vlan22]gateway-list 172.16.101.126
[sw4-ip-pool-vlan22]dns-list 172.16.1.1
[sw4-ip-pool-vlan22]dns-list 121.31.43.204
[sw4-ip-pool-vlan22]ip pool vlan23
[sw4-ip-pool-vlan23]network 172.16.102.0 mask 25
[sw4-ip-pool-vlan23]gateway-list 172.16.102.126
[sw4-ip-pool-vlan23]dns-list 172.16.1.1
[sw4-ip-pool-vlan23]dns-list 121.31.43.204
[sw4-ip-pool-vlan23]ip pool vlan24
[sw4-ip-pool-vlan24]network 172.16.103.0 mask 25
[sw4-ip-pool-vlan24]gateway-list 172.16.103.126
[sw4-ip-pool-vlan24]dns-list 172.16.1.1
[sw4-ip-pool-vlan24]dns-list 121.31.43.204
[sw4-ip-pool-vlan24]ip pool vlan25
[sw4-ip-pool-vlan25]network 172.16.104.0 mask 25
[sw4-ip-pool-vlan25]gateway-list 172.16.104.126
[sw4-ip-pool-vlan25]dns-list 172.16.1.1
[sw4-ip-pool-vlan25]dns-list 121.31.43.204
[sw4-ip-pool-vlan25]ip pool vlan26
[sw4-ip-pool-vlan26]network 172.16.105.0 mask 25
[sw4-ip-pool-vlan26]gateway-list 172.16.105.126
[sw4-ip-pool-vlan26]dns-list 172.16.1.1
[sw4-ip-pool-vlan26]dns-list 121.31.43.204
[sw4-ip-pool-vlan26]ip pool vlan27
[sw4-ip-pool-vlan27]network 172.16.100.128 mask 25
[sw4-ip-pool-vlan27]gateway-list 172.16.100.254
[sw4-ip-pool-vlan27]dns-list 172.16.1.1
[sw4-ip-pool-vlan27]dns-list 121.21.43.204
[sw4-ip-pool-vlan27]ip pool vlan28
[sw4-ip-pool-vlan28]network 172.16.101.128 mask 25
[sw4-ip-pool-vlan28]gateway-list 172.16.101.254
[sw4-ip-pool-vlan28]dns-list 172.16.1.1
[sw4-ip-pool-vlan28]dns-list 121.31.43.204
[sw4-ip-pool-vlan28]ip pool vlan29
[sw4-ip-pool-vlan29]network 172.16.102.128 mask 25
[sw4-ip-pool-vlan29]gateway-list 172.16.102.254
[sw4-ip-pool-vlan29]dns-list 172.16.1.1
[sw4-ip-pool-vlan29]dns-list 121.31.43.204
[sw4-ip-pool-vlan29]ip pool vlan30
[sw4-ip-pool-vlan30]network 172.16.103.128 mask 25
[sw4-ip-pool-vlan30]gateway-list 172.16.103.254
[sw4-ip-pool-vlan30]dns-list 172.16.1.1
[sw4-ip-pool-vlan30]dns-list 121.31.43.204
[sw4-ip-pool-vlan30]ip pool vlan31
[sw4-ip-pool-vlan31]network 172.16.104.128 mask 25
[sw4-ip-pool-vlan31]gateway-list 172.16.104.254
[sw4-ip-pool-vlan31]dns-list 172.16.1.1
[sw4-ip-pool-vlan31]dns-list 121.31.43.204
[sw4-ip-pool-vlan31]ip pool vlan32
[sw4-ip-pool-vlan32]network 172.16.105.128 mask 25
[sw4-ip-pool-vlan32]gateway-list 172.16.105.254
[sw4-ip-pool-vlan32]dns-list 172.16.1.1
[sw4-ip-pool-vlan32]dns-list 121.31.43.204
sw4配置vlanif接口
[sw4]vlan batch 21 to 32 3 4 5 10
[sw4]
[sw4-Vlanif3]ip add 172.16.2.254 24
[sw4-Vlanif3]dhcp select global
[sw4-Vlanif3]int?vlanif 4
[sw4-Vlanif4]ip add 172.16.3.254 24
[sw4-Vlanif4]dhcp select global
[sw4-Vlanif4]int vlanif 5
[sw4-Vlanif5]ip add 172.16.4.254 24
[sw4-Vlanif5]dhcp select global
[sw4-Vlanif5]int vlanif 21
[sw4-Vlanif21]ip add 172.16.100.126 25
[sw4-Vlanif21]dhcp select global
[sw4-Vlanif21]int vlanif 22
[sw4-Vlanif22]ip add 172.16.101.126 25
[sw4-Vlanif22]dhcp select global
[sw4-Vlanif22]int vlanif 23
[sw4-Vlanif23]ip add 172.16.102.126 25
[sw4-Vlanif23]dhcp select global?
[sw4-Vlanif23]int vlanif 24
[sw4-Vlanif23]ip add 172.16.102.126 25
[sw4-Vlanif23]dhcp select global?
[sw4-Vlanif23]int vlanif 24
[sw4-Vlanif24]ip add 172.16.103.126 25
[sw4-Vlanif24]dhcp select global?
[sw4-Vlanif24]int vlanif 25
[sw4-Vlanif25]ip add 172.16.104.126 25
[sw4-Vlanif25]dhcp select global?
[sw4-Vlanif25]int vlanif 26
[sw4-Vlanif26]ip add 172.16.105.126 25
[sw4-Vlanif26]dhcp select global?
[sw4-Vlanif26]int vlanif 27
[sw4-Vlanif27]ip add 172.16.100.254 25
[sw4-Vlanif27]dhcp select global?
[sw4-Vlanif27]int vlanif 28
[sw4-Vlanif28]ip add 172.16.101.254 25
[sw4-Vlanif28]dhcp select global?
[sw4-Vlanif28]int vlanif 29
[sw4-Vlanif29]ip add 172.16.102.254 25
[sw4-Vlanif29]dhcp select global?
[sw4-Vlanif29]int vlanif 30
[sw4-Vlanif30]ip add 172.16.103.254 25
[sw4-Vlanif30]dhcp select global?
[sw4-Vlanif30]int vlanif 31
[sw4-Vlanif31]ip add 172.16.104.254 25
[sw4-Vlanif31]dhcp select global
[sw4-Vlanif31]int vlanif 32
[sw4-Vlanif32]ip add 172.16.105.254 25
[sw4-Vlanif32]dhcp select global
[sw4-Vlanif32]int vlanif 10
[sw4-Vlanif10]ip add 10.1.1.253 24
DHCP配置完成后,内部网络已经可以相互ping通
接下来配置外网
首先配置一条缺省指向外网
sw4
[sw4]ip route-static 0.0.0.0 0 10.1.1.254
R1
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 10.1.1.254 24
[r1-GigabitEthernet0/0/0]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 221.5.150.1 24
R1静态指向内部链路聚合汇总后的网络地址
[r1]ip route-static 172.16.0.0 16 10.1.1.253
R1配置OSPF,10.1.1.0/24宣告在Area 1内,221.5.150.0/24宣告在Area 0内,通过OSPF建邻来互相获取对方的路由信息
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 221.5.150.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]q
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 10.1.1.0 0.0.0.255
R2
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip add 221.5.150.2 24
[r2-GigabitEthernet0/0/0]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip add 121.31.43.254 24
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 121.31.43.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 221.5.150.0 0.0.0.255
R1上做NAT,因为R1是校园内网的出口路由器,需要R1指向外网,而因为ip地址有限,所以需要采用NAT技术来实现外网的ip映射到内网,从而可以将一个ip地址多用。
采用的是动态NAT配置
[r1]acl 2000 ------------先采用ACL方式来选取我们需要抓取的流量
[r1-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r1-acl-basic-2000]int g 0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000 ------------然后在出接口上调用NAT中我们写的ACL
此时内部PC可以ping通R2
接下来配置校园内网服务器的交换机
sw5?
[sw5]vlan batch 2 10
[sw5]int g 0/0/3
[sw5-GigabitEthernet0/0/3]port link-type access?
[sw5-GigabitEthernet0/0/3]port default vlan 2
[sw5-GigabitEthernet0/0/3]int g 0/0/4
[sw5-GigabitEthernet0/0/4]port link-type access?
[sw5-GigabitEthernet0/0/4]port default vlan 2
[sw5-GigabitEthernet0/0/4]int g 0/0/5
[sw5-GigabitEthernet0/0/5]port link-type access?
[sw5-GigabitEthernet0/0/5]port default vlan 2
[sw5-GigabitEthernet0/0/5]q
sw5上采用链路聚合的方式来配置接口类型
[sw5]int Eth-Trunk 5
[sw5-Eth-Trunk5]trunkport g 0/0/1 0/0/2
[sw5-Eth-Trunk5]port link-type trunk?
[sw5-Eth-Trunk5]port trunk allow-pass vlan 2 10
同样sw4上也要做对应的配置
[sw4]int Eth-Trunk 5
[sw4-Eth-Trunk5]trunkport g 0/0/1 0/0/2
[sw4-Eth-Trunk5]port link-type trunk?
[sw4-Eth-Trunk5]port trunk allow-pass vlan 2 10
[sw4-Eth-Trunk5]q
[sw4]vlan 2
[sw4-vlan2]q
[sw4]int vlanif 2
[sw4-Vlanif2]ip add 172.16.1.126 25
sw5上配置高级ACL允许ftp流量通过
因为要求只允许一教楼的IP访问ftp,所以采用高级ACL方式限制
[sw5]acl 3000
[sw5-acl-adv-3000]
rule 5 permit tcp source 172.16.2.0 0.0.0.255 destination 172.16.1.5 0.0.0.127 destination eq 21
[sw5-acl-adv-3000]
rule 10 permit tcp source 172.16.3.0 0.0.0.255 destination 172.16.1.5 0 destination eq 21
[sw5-acl-adv-3000]
rule 15 permit tcp source 172.16.4.0 0.0.0.255 destination 172.16.1.5 0 destination eq 21
[sw5-acl-adv-3000]
rule deny tcp source any destination 172.16.1.5 0 destination-port eq 21
[sw5-acl-adv-3000]
rule 20 deny tcp source 172.16.100.0 0.0.0.127 destination 172.16.1.5 0?destination-port eq 21
[sw5-acl-adv-3000]
rule 20 deny tcp source 172.16.101.0 0.0.0.127 destination 172.16.1.5 0 destination-port eq 21
[sw5-acl-adv-3000]q
[sw5]int Eth-Trunk 5 ----------------在sw5的聚合接口上调用ACL
[sw5-Eth-Trunk5]traffic-filter inbound acl 3000 -------在sw5的聚合接口的入接口方向绑定ACL3000
[sw4]aaa
[sw4-aaa]local-user shenyiming privilege level 3 password cipher 21060311
[sw4-aaa]local-user shenyiming service-type telnet
[sw4-aaa]q
[sw4]user-interface vty 0 4
[sw4-ui-vty0-4]authentication-mode aaa
R1上telnet远程登录sw4
在R1上远程登录的sw4上登录ftp