标签:r1 r2 ip GigabitEthernet0 HCIA 192.168 --- 实验 port
一、实验要求
1.ISP路由器只能配置IP地址,之后不得·进行任何配置
2.内部整个网络基于192.168.1.0/24进行地址规划—左边区域就是内部网络
3.R1 R2之间启动ospf协议,单区域
4.PC1–PC4 自动获取IP地址—DHCP
5.PC1不能telnetR1,PC1外的其他内网Pc可以—ACL
6.PC1 —PC4可以访问PC5 ,R2的公网接口只拥有一个公有IP12.0.0.1—NAT
7.外部的client 可以通过域名访问http server----端口映射80
8.isp 路由telnet 12.0.0.1 ,最终成功登录R1—端口映射23
二、实验拓扑
三、IP地址规划
先数清楚有几个广播域,交换机还要先配置,因为VLAN里面还有广播域划分;
需要5个网段,所以需要借3位,用5个网段,还剩3个预留地址作为后期升级使用。
192.168.1.0 /24
- 192.168.1.000 00000 /27—192.168.1.0/27
- 192.168.1.001 00000 /27—192.168.1.32/27
- 192.168.1.010 00000 /27—192.168.1.64/27
- 192.168.1.011 00000 /27—192.168.1.96/27
- 192.168.1.100 00000 /27----192.168.1.128/27
预留地址:
- 192.168.1.101 00000 /27
- 192.168.1.110 00000 /27
- 192.168.1.111 00000 /27
四、路由配置信息
1.先配置交换机:
[sw1]vlan 2
[sw1]vlan 3
[sw1]port-group group-member g0/0/2 to g0/0/3
[sw1-port-group]p l a
[sw1-GigabitEthernet0/0/2]p l a
[sw1-GigabitEthernet0/0/3]p l a
[sw1-port-group]p d v 2
[sw1-GigabitEthernet0/0/2]p d v 2
[sw1-GigabitEthernet0/0/3]p d v 2
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access
[sw1-GigabitEthernet0/0/4]port default vlan 3
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw2]vlan 2
[sw2]vlan 3
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/2]port default vlan 2
[sw2-GigabitEthernet0/0/2]int g 0/0/3
[sw2-GigabitEthernet0/0/3]port link-type access
[sw2-GigabitEthernet0/0/3]port default vlan 3
[sw2-GigabitEthernet0/0/3]int g 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
2.路由器IP配置
[r1]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]ip add 192.168.1.33 27
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2
Feb 7 2022 10:37:46-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0.1 has entered the UP state.
[r1-GigabitEthernet0/0/0.1]arp broadcast enable
[r1-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r1-GigabitEthernet0/0/0.2]ip add 192.168.1.65 27
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3
Feb 7 2022 10:38:13-08:00 r1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0.2 has entered the UP state.
[r1-GigabitEthernet0/0/0.2]arp broadcast enable
[r1]int g 0/0/1
[r1-GigabitEthernet0/0/1]ip add 192.168.1.1 30
[r2-GigabitEthernet0/0/1]int g 0/0/0.1
[r2-GigabitEthernet0/0/0.1]ip add 192.168.1.97 27
[r2-GigabitEthernet0/0/0.1]dot1q termination vid 2
[r2-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r2-GigabitEthernet0/0/0.2]ip add 192.168.1.129 27
[r2-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r2-GigabitEthernet0/0/0.2]arp broadcast enable
[r2-GigabitEthernet0/0/0.2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip add 192.168.1.2 30
[r2-GigabitEthernet0/0/0]int g 0/0/2
[r2-GigabitEthernet0/0/2]ip add 12.0.0.1 24
[r3]int g 0/0/1
[r3-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[r3-GigabitEthernet0/0/1]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add 1.1.1.1 24
3、PC自动获取IP,做DHCP配置:
[r1]dhcp enable
[r1]ip pool aa
[r1-ip-pool-aa]network 192.168.1.32 mask 27
[r1-ip-pool-aa]gateway-list 192.168.1.33
[r1-ip-pool-aa]dns-list 114.114.114.114
[r1]int g 0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global
[r2]dhcp enable
[r2]ip pool bb
[r2-ip-pool-bb]network 192.168.1.96 mask 27
[r2-ip-pool-bb]gateway-list 192.168.1.97
[r2-ip-pool-bb]dns-list 114.114.114.114
[r2]ip pool cc
[r2-ip-pool-cc]network 192.168.1.128 mask 27
[r2-ip-pool-cc]gateway-list 192.168.1.129
[r2-ip-pool-cc]dns-list 114.114.114.114
[r2]int g0/0/0.1
[r2-GigabitEthernet0/0/0.1]dhcp select global
[r2-GigabitEthernet0/0/0.1]int g 0/0/0.2
[r2-GigabitEthernet0/0/0.2]dhcp select global
测试可以自动获取IP地址;
4.ospf的配置:
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[r2-ospf-1]default-route-advertise always
简单测试一下内网:
5.开启telnet服务:
[r1]aaa
[r1-aaa]local-user an privilege level 15 password cipher 123456
[r1-aaa]local-user an service-type telnet
[r1]user-interface vty 0 4
[r1-ui-vty0-4]authentication-mode aaa
测试:
6、做一个ACL抓取感兴趣流量:
[r1]acl 3000
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.1 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.33 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]rule deny tcp source 192.168.1.61 0.0.0.0 destination 192.168.1
.65 0.0.0.0 destination-port eq 23
[r1-acl-adv-3000]display this
[V200R003C00]
#
acl number 3000
rule 10 deny tcp source 192.168.1.61 0 destination 192.168.1.1 0 destination-po
rt eq telnet
rule 15 deny tcp source 192.168.1.61 0 destination 192.168.1.33 0 destination-p
ort eq telnet
rule 20 deny tcp source 192.168.1.61 0 destination 192.168.1.65 0 destination-p
ort eq telnet
#
return
[r1]interface g 0/0/0
[r1-GigabitEthernet0/0/0]traffic-filter inbound acl 3000
因为下面是PC 所以无法测试。
7.做一个nat:
[r2]acl 2000
[r2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[r2]int g 0/0/2
[r2-GigabitEthernet0/0/2]nat outbound 2000
测试结果:
8、端口映射:
[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 80 i
nside 192.168.1.66 80
Warning:The port 80 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]
测试结果:
9.telnet:
[r2-GigabitEthernet0/0/2]nat server protocol tcp global current-interface 23 in
side 192.168.1.1 23
Warning:The port 23 is well-known port. If you continue it may cause function fa
ilure.
Are you sure to continue?[Y/N]:y
[r2-GigabitEthernet0/0/2]
IA阶段的就此结束,以后接触更多的再和大家分享
标签:r1,r2,ip,GigabitEthernet0,HCIA,192.168,---,实验,port 来源: https://blog.csdn.net/anran_06/article/details/122804567
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。