NAT配置、vlan间路由

实验要求:

某企业通过路由器R1接入Internet,R2、R3和R4模拟Internet中的网云,整个网络的拓扑如下图:

clip_image002

各设备的IP地址配置如下:

R1:

S0/0/0:12.1.1.1/24

Fa0/0.1:192.168.1.254/24

Fa0/0.2:192.168.2.254/24

Fa0/0.3:192.168.3.254/24

R2:

S0/0/0:12.1.1.2/24

Fa0/0:24.1.1.2/24

Fa0/1:23.1.1.2/24

R3:

Fa0/1:23.1.1.3/24

S0/0/0:34.1.1.3/24

R4:

S0/0/0: 34.1.1.4/24

Fa0/0:24.1.1.4/24

Fa0/1:218.1.1.1/24

SW1: vlan 1 :192.168.1.2/24

SW2: vlan 1 :192.168.1.3/24

PC1、PC2、PC3和PC4的IP地址均自动获取。PC1和PC3属于vlan 2 ,vlan 2:192.168.2.0/24;PC2和PC4属于vlan 3 ,vlan 3:192.168.3.0/24

Web 服务器:218.1.1.2/24

一、要求:

1、本实验拓扑如上图;

image

2、根据拓扑要求为每个设备配置IP地址,保证所有配置的接口状态为UP;

3、配置设备的远程登录和密码保护。配置图中的2台交换机、4台路由器,使6台设备均支持远程登录和配置,配置中出现的所有密码均使用cisco,并且不能在配置文件中明文显示;

4、配置VTP协议,在SW1为VTP Server ,SW2为VTP Client ;

5、vlan 配置。在SW1上配置VLAN ,保证SW2可以使用VTP协议从SW1上同步VLAN配置信息,配置4台PC到对应的VLAN,配置路由器R1的子接口,使其支持vlan间路由;

6、配置STP协议,配置生成树协议,使SW1为跟交换机;

7、配置DHCP。在路由器R1上配置DHCP,使4台PC都可以获取到正确的IP地址、网关和DNS,DNS服务器的地址是218.1.1.2;

8、配置路由器协议,配置R1,使其可以访问Internet,配置R2、R3和R4运行OSPF路由协议,配置完成后,4台路由器之间互相都可以访问;

9、配置PPP协议,路由器R1与R2之间封装的协议是PPP,使用CHAP验证,密码仍然是cisco;

10、配置NAT,在路由器R1上配置动态PAT,使4台PC都可以通过R1访问Internet。在路由器R1上配置静态PAT,是Internet可以通过路由器R1的TCP 2323端口Telnet登录到SW1;

11、配置ACL,配置路由器R1,拒绝vlan 2的主机访问Web 服务器的www 服务,其他服务不受影响。

二、实验配置

1、图中使用了5根交叉双绞线、5根直通双绞线、2根串行线,R1和R3是串行线的DCE端;

2、配置IP地址

l 配置

R1的配置如下,这里仅配置S0/0/0接口的IP地址,并打开F0/0接口,每个子接口IP地址的配置属于VLAN配置部分。

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#no ip domain lookup

Router(config)#hostname R1

R1(config)#int s0/0/0

R1(config-if)#ip add 12.1.1.1 255.255.255.0

R1(config-if)#clock rate 56000

R1(config-if)#no shut

R1(config-if)#int fa0/0

R1(config-if)#no shut

R2的配置如下:

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#no ip domain lookup

Router(config)#hostname R2

R2(config)#int s0/0/0

R2(config-if)#ip add 12.1.1.2 255.255.255.0

R2(config-if)#no sh

R2(config-if)#int fa0/0

R2(config-if)#ip add 24.1.1.2 255.255.255.0

R2(config-if)#no sh

R2(config-if)#int fa0/1

R2(config-if)#ip add 23.1.1.2 255.255.255.0

R2(config-if)#no sh

R3的配置如下:

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#no ip domain lookup

Router(config)#hostname R3

R3(config)#int s0/0/0

R3(config-if)#ip add 34.1.1.3 255.255.255.0

R3(config-if)#clock rate 56000

R3(config-if)#no sh

R3(config-if)#int fa0/1

R3(config-if)#ip add 23.1.1.3 255.255.255.0

R3(config-if)#no sh

R4的配置如下:

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#no ip domain lookup

Router(config)#hostname R4

R4(config)#int s0/0/0

R4(config-if)#ip add 34.1.1.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#int fa0/0

R4(config-if)#ip add 24.1.1.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#int fa0/1

R4(config-if)#ip add 218.1.1.1 255.255.255.0

R4(config-if)#no sh

SW1的配置如下:

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#no ip domain lookup

Switch(config)#hostname SW1

SW1(config)#int vlan 1

SW1(config-if)#ip add 192.168.1.2 255.255.255.0

SW1(config-if)#no sh

SW1(config-if)#exit

SW1(config)#ip default-gateway 192.168.1.1

SW2的配置如下:

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#no ip domain lookup

Switch(config)#hostname SW2

SW2(config)#int vlan 1

SW2(config-if)#ip add 192.168.1.3 255.255.255.0

SW2(config-if)#no sh

SW2(config-if)#exit

SW2(config)#ip default-gateway 192.168.1.1

PC1、PC2、PC3和PC4的地址是自动获取,等配置完DHCP后再来查看。

Web 服务器的配置如下:

clip_image006

l 检验

IP地址配置完成后,可以使用“show ip interface brief ”命令进行检查,看所有接口IP地址的配置和接口的状态。比如路由器R2的执行和显示如下:

R2#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 24.1.1.2 YES manual up up

FastEthernet0/1 23.1.1.2 YES manual up up

Serial0/0/0 12.1.1.2 YES manual up up

Serial0/1/0 unassigned YES unset administratively down down

Serial0/2/0 unassigned YES unset administratively down down

Serial0/3/0 unassigned YES unset administratively down down

Vlan1 unassigned YES unset administratively down down

R2#

在所有设备上ping所有直连设备与本设备接口的IP地址,测试网络的连通性:

R2#ping 12.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 18/35/78 ms

R2#

3、配置设备的远程登录和密码保护

l 配置

R1的配置如下:

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#line vty 0 4

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit

R1(config)#enable secret cisco

R1(config)#service password-encryption

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#line vty 0 4

R2(config-line)#password cisco

R2(config-line)#login

R2(config-line)#exit

R2(config)#enable secret cisco

R2(config)#service password-encryption

R3>en

R3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R3(config)#line vty 0 4

R3(config-line)#password cisco

R3(config-line)#login

R3(config-line)#exit

R3(config)#enable secret cisco

R3(config)#service password-encryption

R4>en

R4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R4(config)#line vty 0 4

R4(config-line)#password cisco

R4(config-line)#login

R4(config-line)#exit

R4(config)#enable secret cisco

R4(config)#service password-encryption

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#line vty 0 4

SW1(config-line)#password cisco

SW1(config-line)#login

SW1(config-line)#exit

SW1(config)#enable secret cisco

SW1(config)#service password-encryption

SW2>en

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#line vty 0 4

SW2(config-line)#password cisco

SW2(config-line)#login

SW2(config-line)#exit

SW2(config)#enable secret cisco

SW2(config)#service password-encryption

l 检验

在路由器R2上远程登录路由器R1,操作和显示如下:

R2#telnet 12.1.1.1

Trying 12.1.1.1 ...Open

User Access Verification

Password:

R1>en

Password:

R1#

在路由器R2上使用“show running-config ”命令查看密码的显示情况,关键部分的显示如下:

R2#show running-config

Building configuration...

line vty 0 4

password 7 0822455D0A16

login

!

end

4、配置VTP协议

l 配置

SW1的配置如下:

SW1#vlan database

% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

SW1(vlan)#vtp domain CYSD

Changing VTP domain name from NULL to CYSD

SW1(vlan)#exit

APPLY completed.

Exiting....

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#int fa0/23

SW1(config-if)#switchport mode trunk

SW1(config-if)#int fa0/24

SW1(config-if)#switchport mode trunk

SW2的配置如下:

SW2#vlan database

% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

SW2(vlan)#vtp domain CYSD

Domain name already set to CYSD.

SW2(vlan)#v

SW2(vlan)#vtp client

Setting device to VTP CLIENT mode.

SW2(vlan)#exit

APPLY completed.

Exiting....

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#int fa0/23

SW2(config-if)#switchport mode trunk

SW2(config-if)#int fa0/24

SW2(config-if)#switchport mode trunk

因为cisco交换机默认是VTP Server,所以SW1只要配置VTP域名就可以了。特别要注意的是,VTP信息只能在Trunk链路上传输,SW1和SW2之间的两条链路要配置成主干链路。

l 检验

配置完成后,在SW2上使用“show vtp status”命令进行查看,显示结果如下:

SW2#sh vtp status

VTP Version : 2

Configuration Revision : 0

Maximum VLANs supported locally : 255

Number of existing VLANs : 5

VTP Operating Mode : Client

VTP Domain Name : CYSD

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xE6 0xFE 0x11 0x67 0xCE 0xCC 0xE6 0xD4

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

SW2#

因为SW1上还没有配置vlan信息,SW1上VTP的配置修正号是0,所以SW2的配置修正号也是0,存在的vlan个数仍然是默认的5个。配置完成后,可以进一步检验VTP的配置。

5、vlan配置

配置vlan

在vtp Server交换机SW1上添加vlan,并把端口加入对应的vlan中,SW1的配置如下:

SW1#vlan database

% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

SW1(vlan)#vlan 2 name gouzhongxing

VLAN 2 added:

Name: gouzhongxing

SW1(vlan)#vlan 3 name lixiaomeng

VLAN 3 added:

Name: lixiaomeng

SW1(vlan)#exit

APPLY completed.

Exiting....

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#int fa0/2

SW1(config-if)#sw

SW1(config-if)#switchport m

SW1(config-if)#switchport mode a

SW1(config-if)#switchport mode access

SW1(config-if)#sw

SW1(config-if)#switchport a

SW1(config-if)#switchport access v

SW1(config-if)#switchport access vlan 2

SW1(config-if)#int fa0/3

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 3

配置完成后,使用“show vlan”命令检查SW1上vlan的配置情况,显示如下:

SW1#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6

Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Gig1/1, Gig1/2

2 gouzhongxing active Fa0/2

3 lixiaomeng active Fa0/3

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

使用“show vtp status”命令检查SW1上的VTP信息,显示如下:

SW1#show vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 255

Number of existing VLANs : 7

VTP Operating Mode : Server

VTP Domain Name : CYSD

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x78 0x1B 0xA3 0x8F 0xCD 0x13 0x17 0x88

Configuration last modified by 192.168.1.2 at 3-1-93 01:54:55

Local updater ID is 192.168.1.2 on interface Vl1 (lowest numbered VLAN interface found)

SW1#

注意到VTP的配置修正号变成了2,存在的VLAN数也变成了7,使用“show vtp status”命令检查SW2上的VTP信息,显示如下:

SW2#sh vtp status

VTP Version : 2

Configuration Revision : 2

Maximum VLANs supported locally : 255

Number of existing VLANs : 7

VTP Operating Mode : Client

VTP Domain Name : CYSD

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x78 0x1B 0xA3 0x8F 0xCD 0x13 0x17 0x88

Configuration last modified by 192.168.1.2 at 3-1-93 01:54:55

SW2#

从上面的输出中可以看到,SW2上的vlan配置信息与SW1的vlan配置信息同步,VTP仅能同步vlan信息,vlan中包含的端口还需要单独配置,SW2的配置如下:

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)#int fa0/1

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 2

SW2(config-if)#int fa0/2

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 3

l 配置vlan间路由

这里要配置单臂路由,借助路由器R1实现vlan 1 、vlan 2 、vlan 3之间的互访。SW1和R1之间的链路要配置成主干链路,SW1配置如下:

SW1>en

Password:

SW1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#int fa0/1

SW1(config-if)#switchport mode trunk

路由器R1的配置如下:

R1>en

Password:

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#int fa0/0

R1(config-if)#int fa0/0.1

R1(config-subif)#encapsulation dot1Q 1

R1(config-subif)#ip add 192.168.1.1 255.255.255.0

R1(config-subif)#no sh

R1(config-subif)#int fa0/0.2

R1(config-subif)#encapsulation dot1Q 2

R1(config-subif)#ip add 192.168.2.254 255.255.255.0

R1(config-subif)#no sh

R1(config-subif)#int fa0/0.3

R1(config-subif)#encapsulation dot1Q 3

R1(config-subif)#ip add 192.168.3.254 255.255.255.0

R1(config-subif)#no sh

6、配置STP协议。要求配置生成树协议,使SW1为根交换机。

配置前先查看STP协议的运行情况,SW1上显示如下:

SW1#show spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32770

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

VLAN0003

Spanning tree enabled protocol ieee

Root ID Priority 32771

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

SW1#

网络中只有两台交换机,既然SW1不是根交换机,那么根交换机是SW2。配置SW1使其成为所有vlan的根交换机,配置命令如下:

SW1(config)#spanning-tree vlan 1,2,3 priority 4096

SW1#show spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 4097

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 4098

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4098 (priority 4096 sys-id-ext 2)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

VLAN0003

Spanning tree enabled protocol ieee

Root ID Priority 4099

Address 0001.6472.0D1A

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4099 (priority 4096 sys-id-ext 3)

Address 0001.6472.0D1A

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/3 Desg FWD 19 128.3 P2p

Fa0/23 Desg FWD 19 128.23 P2p

Fa0/24 Desg FWD 19 128.24 P2p

SW1#

注意,此时SW1已经是根交换机了。

7、配置DHCP

路由器R1的配置如下:

R1>en

Password:

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#ip dhcp excluded-address 192.168.2.254

R1(config)#ip dhcp pool vlan2

R1(dhcp-config)#network 192.168.2.0 255.255.255.0

R1(dhcp-config)#default-router 192.168.2.254

R1(dhcp-config)#dns-server 218.1.1.2

R1(dhcp-config)#exit

R1(config)#ip dhcp excluded-address 192.168.3.254

R1(config)#ip dhcp pool vlan3

R1(dhcp-config)#network 192.168.3.0 255.255.255.0

R1(dhcp-config)#default-router 192.168.3.254

R1(dhcp-config)#dns-server 218.1.1.2

l 检验

使用如下图所示的方法,依次配置PC1、PC2、PC3和PC4,使用DHCP分配。

clip_image008

配置PC自动获取IP地址

配置完成后,在PC1的DOS窗口中查看IP地址的获取情况,显示如下:

clip_image010

在PC1上ping PC2的IP地址,显示如下:

clip_image012

PC1能成功地ping通PC2,表明前面配置的VLAN间路由正确,在PC1上ping PC3,显示如下:

clip_image014

PC1能成功地ping通PC3,表明前面配置的跨交换机vlan内的通信也正确。

8、配置路由协议

在路由器R1上配置默认路由,把所有未知流量都发往Internet,配置命令如下:

R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2

配置R2、R3和R4,运行OSPF路由协议

R2(config)#router ospf 1

R2(config-router)#network 24.1.1.0 0.0.0.255 area 0

R2(config-router)#network 23.1.1.0 0.0.0.255 area 0

R2(config-router)#network 12.1.1.0 0.0.0.255 area 0

R3(config)#router ospf 1

R3(config-router)#network 23.1.1.0 0.0.0.255 area 0

R3(config-router)#network 34.1.1.0 0.0.0.255 area 0

R4(config)#router ospf 1

R4(config-router)#network 24.1.1.0 0.0.0.255 area 0

R4(config-router)#network 34.1.1.0 0.0.0.255 area 0

R4(config-router)#network 218.1.1.0 0.0.0.255 area 0

l 检验

R1#ping 218.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 218.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 93/93/94 ms

R1#

路由器R2的OSPF邻居表显示如下:

R2#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

218.1.1.1 1 FULL/BDR 00:00:36 24.1.1.4 FastEthernet0/0

34.1.1.3 1 FULL/BDR 00:00:34 23.1.1.3 FastEthernet0/1

R2#

路由器E2的路由表显示如下:

R2#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/0/0

23.0.0.0/24 is subnetted, 1 subnets

C 23.1.1.0 is directly connected, FastEthernet0/1

24.0.0.0/24 is subnetted, 1 subnets

C 24.1.1.0 is directly connected, FastEthernet0/0

34.0.0.0/24 is subnetted, 1 subnets

O 34.1.1.0 [110/782] via 23.1.1.3, 00:04:06, FastEthernet0/1

[110/782] via 24.1.1.4, 00:02:47, FastEthernet0/0

O 218.1.1.0/24 [110/2] via 24.1.1.4, 00:02:33, FastEthernet0/0

R2#

9、配置PPP协议

路由器R1的配置如下:

R1(config)#username R2 password cisco

R1(config)#int s0/0/0

R1(config-if)#encapsulation ppp

R1(config-if)#ppp authentication chap

路由器R2的配置如下:

R2(config)#username R1 password cisco

R2(config)#int s0/0/0

R2(config-if)#encapsulation ppp

R2(config-if)#ppp authentication chap

测试

R1#ping 218.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 218.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 63/81/93 ms

R1#

R1可以成功ping通服务器,PPP的CHAP验证成功。

10、配置NAT

在路由器R1上配置动态PAT,使4台PC都可以通过R1访问Internet,R1的配置如下:

R1(config)#int fa0/0.2

R1(config-subif)#ip nat inside

R1(config-subif)#int fa0/0.3

R1(config-subif)#ip nat inside

R1(config-subif)#int s0/0/0

R1(config-if)#ip nat outside

R1(config-if)#exit

R1(config)#access-list 1 permit 192.168.2.0 0.0.0.255

R1(config)#access-list 1 permit 192.168.3.0 0.0.0.255

R1(config)#ip nat inside source list 1 int s0/0/0 overload

R1(config)#

在路由器R1上配置静态PAT,使Internet可以通过路由器R1的TCP 2323端口Telnet登录到SW1。R1的配置如下:

R1(config)#int fa0/0.1

R1(config-subif)#ip nat inside

R1(config-subif)#exit

R1(config)#ip nat inside source static tcp 192.168.1.2 23 12.1.1.1 2323

R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255

测试

在PC1上ping Web服务器的IP地址,显示如下:

PC>ping 218.1.1.2

Pinging 218.1.1.2 with 32 bytes of data:

Reply from 218.1.1.2: bytes=32 time=203ms TTL=125

Reply from 218.1.1.2: bytes=32 time=125ms TTL=125

Reply from 218.1.1.2: bytes=32 time=125ms TTL=125

Reply from 218.1.1.2: bytes=32 time=156ms TTL=125

Ping statistics for 218.1.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 125ms, Maximum = 203ms, Average = 152ms

PC>

11、配置ACL 。配置路由器R1,拒绝vlan 2 的主机访问Web 服务器的WWW服务,其他服务不受影响。

配置ACL前,在PC1上访问www.cysd.com ,显示如图:

clip_image016

PC1浏览Web服务器成功

接下来配置ACL,路由器R1的配置如下:

R1(config)#access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 218.1.1.2 eq 80

R1(config)#access-list 100 permit ip any any

R1(config)#int fa0/0.2

R1(config-subif)#ip access-group 100 in

在PC1上访问www.cysd.com ,如图所示:

clip_image018

PC1浏览Web服务器失败

PC1浏览Web服务器失败,在PC1上ping Web服务器的IP地址,显示如下:

PC>ping 218.1.1.2

Pinging 218.1.1.2 with 32 bytes of data:

Reply from 218.1.1.2: bytes=32 time=125ms TTL=125

Reply from 218.1.1.2: bytes=32 time=140ms TTL=125

Reply from 218.1.1.2: bytes=32 time=156ms TTL=125

Reply from 218.1.1.2: bytes=32 time=108ms TTL=125

Ping statistics for 218.1.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 156ms, Average = 132ms

PC>

PC1仍可以成功ping通Web服务器。

至此,综合实验配置全部完成。

你可能感兴趣的:(display,internet,路由器,blank,的)