创建一个拓扑
配置思路
在三层上配置VTP进行vlan的下发
设置MLS实现vlan路由
设置DHCP进行ip地址的下发,
配置STP发生环路
配置EIGRP,企业内网运行EIGRP,宣告精确到网络地址
配置NAT,在R1上配置PAT
配置PPP,R1和R2之间封装协议为PPP,使用CHAP双向认证,密码为love。
配置OSPF,R2和R3和R4之间运行OSPF,宣告精确到主机地址。
配置DNS,可以通过www.wakin.com访问HTTP服务器。
配置ACL,在R1上配置ACL,拒绝VLAN20的主机通过浏览器访问HTTP服务器,其他流量不受影响。
配置Telnet,要求DSW和R1均支持远程管理,密码为admin,要求密码在配置文件中加密。
ASW1命令配置
en
conf t
ho ASW1
int f0/24
sw mo trunk
sw noneg
int f0/20
sw mo trunk
sw noneg
vtp mode client
vtp domain wakin
vtp version 2
vtp password 123
int f0/1
sw mo acc
sw acc vlan 10
int f0/11
sw mo acc
sw acc vlan 20
spann vlan 10,20 pri 4096
ASW2命令配置
en
conf t
ho ASW2
int f0/24
sw mo trunk
sw noneg
int f0/20
sw mo trunk
sw noneg
vtp mode client
vtp domain wakin
vtp version 2
vtp password 123
int f0/1
sw mo acc
sw acc vlan 30
int f0/11
sw mo acc
sw acc vlan 40
spann vlan 30,40 pri 4096
DSW命令配置
en
conf t
ho DSW
service password-encry
line vty 0 4
password admin
login
int f0/22
sw trunk en dot1q
sw mo trunk
sw noneg
int f0/23
sw trunk en dot1q
sw mo trunk
sw noneg
vtp mode server
vtp domain wakin
vtp version 2
vtp password 123
vlan 10
vlan 20
vlan 30
vlan 40
ip routing
int vlan 10
ip add 192.168.10.254 255.255.255.0
no shu
int vlan 20
ip add 192.168.20.254 255.255.255.0
no shu
int vlan 30
ip add 192.168.30.254 255.255.255.0
no shu
int vlan 40
ip add 192.168.40.254 255.255.255.0
no shu
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 217.1.1.2
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 217.1.1.2
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
dns-server 217.1.1.2
ip dhcp pool vlan40
network 192.168.40.0 255.255.255.0
default-router 192.168.40.254
dns-server 217.1.1.2
int f0/24
no sw
ip add 192.168.0.2 255.255.255.0
no shu
router eigrp 1
no au
net 192.168.10.0 0.0.0.255
net 192.168.20.0 0.0.0.255
net 192.168.30.0 0.0.0.255
net 192.168.40.0 0.0.0.255
net 192.168.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 192.168.0.1
R1配置
en
conf t
ho R1
service password-encry
line vty 0 4
password admin
login
int f0/0
ip add 192.168.0.1 255.255.255.0
no shu
ip nat inside
ip access-group 100 in
int s2/0
ip add 12.1.1.1 255.255.255.252
no shu
ip nat outside
encap ppp
ppp authen chap
router eigrp 1
no au
net 192.168.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 12.1.1.2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255
access-list 1 permit 192.168.40.0 0.0.0.255
ip nat inside source list 1 int s2/0 overload
username R2 password love
access-list 100 deny tcp 192.168.20.0 0.0.0.255 host 218.1.1.2 eq 80
access-list 100 permit ip any any
R2配置
en
conf t
ho R2
int s2/0
ip add 12.1.1.2 255.255.255.252
no shu
encap ppp
ppp authen chap
int f1/0
ip add 23.1.1.1 255.255.255.252
no shu
int f0/0
ip add 24.1.1.1 255.255.255.252
no shu
username R1 password love
router ospf 1
router-id 2.2.2.2
net 23.1.1.1 0.0.0.0 a 0
net 24.1.1.1 0.0.0.0 a 0
net 12.1.1.2 0.0.0.0 a 0
R3配置
en
conf t
ho R3
int s2/0
ip add 34.1.1.1 255.255.255.252
no shu
int f1/0
ip add 23.1.1.2 255.255.255.252
no shu
int f0/0
ip add 217.1.1.1 255.255.255.0
no shu
router ospf 1
router-id 3.3.3.3
net 23.1.1.2 0.0.0.0 a 0
net 34.1.1.1 0.0.0.0 a 0
net 217.1.1.1 0.0.0.0 a 0
R4配置
en
conf t
ho R4
int s2/0
ip add 34.1.1.2 255.255.255.252
no shu
int f0/0
ip add 24.1.1.2 255.255.255.252
no shu
int f1/0
ip add 218.1.1.1 255.255.255.0
no shu
router ospf 1
router-id 4.4.4.4
net 24.1.1.2 0.0.0.0 a 0
net 34.1.1.2 0.0.0.0 a 0
net 218.1.1.1 0.0.0.0 a 0
做完配置后,可以实现一下操作
1.全网互通
2.PC可以telnet远程连接DSW和R1
3.pc处了pc2不可以访问218.1.1.2网址,其他pc都可使用http服务
实验一共用到了
VTP,MSL,DHCP,STP,EIGRP,NAT,PPP,OSPF,DNS,ACL
大家有不懂的可以发私信