实验要求:
1.按照拓扑图上标识规划网络。
2.使用0SPF协议进程100实现ISP互通。
3.私网内PC属于VLAN1O, FTP Server属于VLAN2O,网关分
别为所连接的接入交换机,其中PC要求通过DHCP动态获取
4:私网内部所有交换机都为三层交换机,请合理规划VLAN,
5.在网关出口和汇聚交换机之间通过链路聚合手工负载分担
7.私网申请到一个公网地址: 100. 1. 10. 1/24 (网关出口)
使用相关技术实现私网内设备访问ISP
8. FTP-Server对外提供服务,ISP内Client 能够访间FIP-Server
9.为保障内网服务器安全要求PC不能访问FTPServer,请通过相关技术解决。
LSW5和LSW6配置思路:
1、创建vlan
2、进入虚拟vlan配置IP地址
3、ospf动态路由宣告并创建环回口
3、在系统视图开启dhcp功能
4、在虚拟vlan利用dhcp动态获取ip地址
5、设置链路类型,打标签,放通所有
sysname LSW5
#
vlan batch 10 20 30 40 50 //批量创建vlan
#
dhcp enable //开启DHCP
#
ospf 1 router-id 5.5.5.5 //创建OSPF 进程1
area 0.0.0.0 //创建区域
#
acl number 3000 //创建ACL
rule 5 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 //拒绝PC1网段访问Server网段
#
interface Vlanif10 //进入虚拟接口
ip address 192.168.1.254 255.255.255.0 //配置IP地址
ospf enable 1 area 0.0.0.0 //ospf宣告
dhcp select interface //开启DHCP
#
interface Vlanif30 //进入虚拟接口
ip address 192.168.4.1 255.255.255.0 //配置IP地址
ospf enable 1 area 0.0.0.0 //OSPF宣告
#
interface GigabitEthernet0/0/1 //进入接口
port link-type trunk //设置链路类型
port trunk pvid vlan 30 //打上标签
port trunk allow-pass vlan 2 to 4094 //放通所有
#
interface GigabitEthernet0/0/2 //进入接口
port link-type access //设置链路类型
port default vlan 10 //打上标签
traffic-filter inbound acl 3000 //创建好ACL后在接口入接口应用ACL
#
interface LoopBack0 //创建环回口
ip address 5.5.5.5 255.255.255.255 //配置IP地址
ospf enable 1 area 0.0.0.0 //OSPF宣告
sysname LSW6
#
vlan batch 10 20 30 40 50
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
#
dhcp enable
#
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
ospf enable 1 area 0.0.0.0
dhcp select interface
#
interface Vlanif40
ip address 192.168.5.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 40
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
ospf enable 1 area 0.0.0.0
#
sysname LSW3
#
vlan batch 10 20 30 40 50
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
#
interface Vlanif30
ip address 192.168.4.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface Vlanif40
ip address 192.168.5.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface Vlanif50
ip address 192.168.6.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk1 //创建链路聚合1
port link-type trunk //设置端口类型
port trunk pvid vlan 50 //打标签
port trunk allow-pass vlan 2 to 4094 //运行所有
#
interface GigabitEthernet0/0/1
eth-trunk 1 //加入链路聚合组
#
interface GigabitEthernet0/0/2
eth-trunk 1 //加入链路聚合组
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 30
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 40
port trunk allow-pass vlan 2 to 4094
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
出口nat配置方式:
1、将申请到的公网地址配置到出接口上
interface GigabitEthernet0/0/2
ip address 100.1.10.1 255.255.255.0
2、创建ACL 2000,匹配需要转换的地址
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source any
3、在出接口应用nat策略
[AR1-GigabitEthernet0/0/2]nat outbound 2000
4、配置缺省路由下一跳为运行商
[AR1]ip route-static 0.0.0.0 0 100.1.10.2
5、在动态路由ospf进程中下发缺省路由
[AR1-ospf-1]default-route-advertise
#
sysname AR1
#
interface Eth-Trunk1 //创建链路聚合组
undo portswitch //将二层升级为三层使得有配置ip地址功能
ip address 192.168.6.2 255.255.255.0 //配置IP地址
ospf enable 1 area 0.0.0.0 //宣告
#
interface GigabitEthernet0/0/0
eth-trunk 1 //加入链路聚合组
#
interface GigabitEthernet0/0/1
eth-trunk 1 //加入链路聚合组
#
interface GigabitEthernet0/0/2
ip address 100.1.10.1 255.255.255.0
nat outbound 2000 //出接口做NAT地址转换时在出接口应用
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0
#
acl 2000 //创建ACL
rule permit source any //规则运行所有
#
ospf 1 router-id 1.1.1.1
default-route-advertise //下发缺省
area 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.10.2 //配置一条静态
##
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 100.1.10.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 100.1.20.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 2.2.2.2
default-route-advertise //下发缺省
area 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.10.1 //配置一条静态
#
#
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 100.1.20.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 100.1.30.254 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
#基本配置:
查看动态分配IP地址图
测试图:
