1.实验要求
根据所给的某企业网络拓扑(见课程设计内容),该公司的两个分区分别使用
OSFP和
RIP(
Version 2)协议来进行内网互通,
OSPF域及内部
server的地址来自网络
192.168.0.0/24, RIP域的地址来自网络
192.168.1.0/24,要求尽量节约
IP地址,该公司从
ISP获得了一个子网:
200.200.200.0/27,使用这个子网地址来访问
Internet,按照要求完成企业网中各设备的配置,使得企业内网所有主机能够相互访问,并且内网主机能访问外网服务器。
NAT配置
(1)为内部
Server配置静态
NAT,内部全局地址使用
200.200.200.1。
检测:在内部
server上
ping外部
server,应该
ping通;在
Core路由器上打开
debug ip nat,观察地址转换过程。
在外部
server上
ping200.200.200.1,应该
ping通;在
Core路由器上打开
debug ip nat,观察地址转换过程。
(2)为内部网络配置动态
NAT 过载,地址池使用
200.200.200.2-
200.200.200.30。
ACL配置
(
1)配置标准
ACL,拒绝
PC2所在的网络访问路由器
OSPF Border。
检测:此时,
PC2所在网段只能
ping通
PC3所在网段,
ping不通其他网段了。
(
2)在路由器
RIP1上配置扩展
ACL,拒绝
PC4所在的网络访问外部
Server上的
WEB服务。
2.此图为其已经标注好的拓扑图
3.具体要求
NAT配置
(1)为内部
Server配置静态
NAT,内部全局地址使用
200.200.200.1。
检测:在内部
server上
ping外部
server,应该
ping通;在
Core路由器上打开
debug ip nat,观察地址转换过程。
在外部
server上
ping200.200.200.1,应该
ping通;在
Core路由器上打开
debug ip nat,观察地址转换过程。
(2)为内部网络配置动态
NAT 过载,地址池使用
200.200.200.2-
200.200.200.30。
检测:内网所有主机都能
ping通外部
server,在
Core路由器上打开
debug ip nat,观察地址转换过程。
注意:观察地址转换过程后,关闭
debug(
no debug all)。
ACL配置
(
1)配置标准
ACL,拒绝
PC2所在的网络访问路由器
OSPF Border。
检测:此时,
PC2所在网段只能
ping通
PC3所在网段,
ping不通其他网段了。
(
2)在路由器
RIP1上配置扩展
ACL,拒绝
PC4所在的网络访问外部
Server上的
WEB服务。
检测:在
PC4上不能访问外部
Server上的
WEB服务,但可以
ping通外部
Server。
4.相关的配置
1>在Core路由器上配置
hostname core
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial1/0
ip address 10.0.0.18 255.255.255.252
ip nat inside
!
interface Serial1/1
ip address 10.0.0.22 255.255.255.252
ip nat inside
!
interface Serial1/2
ip address 201.1.1.1 255.255.255.252
ip nat outside
!
interface Serial1/3
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat pool NET10 200.200.200.2 200.200.200.30 netmask 255.255.255.224
ip nat inside source list 1 pool NET10
ip nat inside source static 172.16.1.2 200.200.200.1
ip classless
ip route 10.0.0.0 255.255.255.252 Serial1/0
ip route 10.0.0.4 255.255.255.252 Serial1/0
ip route 192.168.0.0 255.255.255.0 Serial1/0
ip route 10.0.0.12 255.255.255.252 Serial1/1
ip route 10.0.0.8 255.255.255.252 Serial1/1
ip route 192.168.1.0 255.255.255.0 Serial1/1
ip route 202.112.10.0 255.255.255.0 Serial1/2
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
banner motd ^C NOT ADMINISTRATORS MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
2>在OSPF-Border路由器上配置
hostname OSPF-Border
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.6 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.0.17 255.255.255.252
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 172.16.1.3
log-adjacency-changes
passive-interface Serial1/0
network 10.0.0.2 0.0.0.0 area 0
network 10.0.0.6 0.0.0.0 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
access-list 101 permit tcp 192.168.0.0 0.0.0.128 10.0.0.4 0.0.0.3 eq telnet
access-list 101 permit ip any any
!
!
!
banner motd ^CNOT ADMIN MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
access-class 101 in
password 123
login
!
!
!
end
3>在OSPF 1上配置
hostname OSPF1
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.129 255.255.255.192
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 172.16.1.1
log-adjacency-changes
network 10.0.0.1 0.0.0.0 area 0
network 192.168.0.129 0.0.0.0 area 0
!
ip classless
!
!
!
!
!
banner motd ^CNOT ADMINSTRATORS MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
4>在OSPF2路由器的配置
hostname OSPF2
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.5 255.255.255.252
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.128
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.0.193 255.255.255.192
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 172.16.1.2
log-adjacency-changes
network 10.0.0.5 0.0.0.0 area 0
network 192.168.0.1 0.0.0.0 area 0
network 192.168.0.193 0.0.0.0 area 0
!
ip classless
!
!
access-list 101 permit icmp any 0.0.0.1 255.255.255.224
access-list 101 deny icmp any any
!
!
!
banner motd ^CNOT ADMIN MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
5>在RIP_Border路由器配置
hostname RIP-Border
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.10 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.14 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.0.21 255.255.255.252
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
default-information originate
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
!
!
!
no cdp run
!
banner motd ^CNOT ADMINISTRATORS MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
6>在RIP1路由器中的配置
hostname RIP1
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.9 255.255.255.252
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.193 255.255.255.192
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.1.129 255.255.255.192
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip classless
!
!
access-list 101 deny tcp 192.168.1.0 0.0.0.192 host 202.112.10.2 eq www
access-list 101 permit ip any any
!
!
!
banner motd ^CNOT ADMIN MAY NO LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
7>在RIP2路由器中的配置
!
hostname RIP2
!
!
!
enable password 456
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.13 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.128
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip classless
!
!
!
!
!
no cdp run
!
banner motd ^CNOT ADMIN MAY NOT LOGIN ^C
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
7>在ISP路由器中的配置
hostname ISP
!
!
!
enable password 456
!
!
!
no ip domain-lookup
ip name-server 0.0.0.0
!
!interface FastEthernet0/0
ip address 202.112.10.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 201.1.1.2 255.255.255.252
clock rate 64000
!
ip route 202.112.10.0 255.255.255.0 Serial1/2
8>PC1配置I
P address:192.168.0.130
Subnet Mask :255.255.255.192
default gateway :192.168.0.129
9>PC2 配置
IP address:192.168.0.2
Subnet Mask :255.255.255.128
default gateway :192.168.0.1
10>PC3配置
IP address:192.168.0.194
Subnet Mask :255.255.255.192
default gateway :192.168.0.193
11>pc4 配置
IP adress:192.168.1.194
Subnet Mask :255.255.255.192
default gateway :192.168.1.193
12>PC5的配置
IP adress:192.168.1.130
Subnet Mask :255.255.255.192
default gateway :192.168.1.129
13>PC6的配置
IP adress:192.168.1.2
Subnet Mask :255.255.255.128
default gateway :192.168.1.1
14>内部Server配置
IP adress:172.16.1.2
Subnet Mask :255.255.255.0
default gateway :172.16.1.1