交换路由中期测验20181226(动态路由配置与重分发、NAT转换、ACL访问控制列表)
测试拓扑:
接口配置信息
HostName |
接口 |
IP地址 |
网关 |
Server 0 |
Fa0 |
172.16.15.1/24 |
172.16.15.254 |
Server 1 |
Fa0 |
100.2.15.200/24 |
100.2.15.100 |
Server 2 |
Fa0 |
100.1.15.200/24 |
100.1.15.100 |
PC0 – PC2 |
Fa0 |
192.168.15.1-3/24 |
192.168.15.254 |
PC3 – PC5 |
Fa0 |
10.1.15.1-3/24 |
10.1.15.254 |
Router 1 |
F0/1 F0/0 E0/1/0 |
172.16.15.254/24 10.2.15.1/24 10.3.15.1/24 |
不适用 |
Router 6 |
F0/0 F0/1 |
10.3.15.6/24 10.1.15.254/24 |
|
Core |
F0/0 F0/1 S0/1/0 |
192.168.15.254/24 10.2.15.2/24 114.1.1.1/30 |
|
Router 2 |
S0/1/0 F0/0 F0/1 |
114.1.1.2/30 23.1.15.2/24 25.1.15.2/24 |
|
Router3 |
F0/0 F0/1 |
23.1.15.3/24 34.1.15.3/24 |
|
Router4 |
F0/0 F0/1 |
34.1.15.4/24 45.1.15.4/24 |
|
Router 5 |
F0/0 F0/1 E0/1/0 |
45.1.15.5/24 100.2.15.100/24 25.1.15.5/24 |
操作任务:
一、根据接口配置信息,配置IP地址
参考配置:略
注意Core上S0/1/0接口设置时钟频率:clock rate 64000
/30转换为子网掩码为255.255.255.252
二、在Router1、Router6和Core中配置RIPv2路由协议
要求:能让内网内的6台主机和Server0互相通讯
注意:Core设备配置RIPv2不包含S0/1/0的IP地址
参考配置:
Router1:
router rip
version 2
network 10.0.0.0
network 172.16.0.0
no auto-summary
Router6:
router rip
version 2
network 10.0.0.0
no auto-summary
Core:
router rip
version 2
network 10.0.0.0
network 192.168.15.0
no auto-summary
三、在Router1中配置访问控制,具体要求如下:
PC3-5不能ping通Server0,只能使用http、tftp方式访问
PC0-2只能ping通Server0
参考配置:
Router1:
access-list 105 permit tcp 10.1.15.0 0.0.0.255 host 172.16.15.1 eq www
access-list 105 permit icmp 192.168.15.0 0.0.0.255 host 172.16.15.1
access-list 105 deny ip any any
int f0/1 //进入使其生效的接口,从而调用控制列表
(在接口模式下)ip access-group 105 out
四、在Core上配置NAT,具体要求如下:
要求使用PAT技术使6台主机都可以访问公网
在边界上配置默认路由,指向下一跳114.1.1.2
参考配置:
Core:
access-list 20 permit 192.168.15.0 0.0.0.255
access-list 20 permit 10.1.15.0 0.0.0.255
ip nat inside source list 20 interface s0/1/0
//进入边界路由器的三个接口,分别设置inside和outside
int f0/0
ip nat inside
int f0/1
ip nat inside
int s0/1/0
ip nat outside
进入Core的Rip配置,打上此条指令:default-information originate
(目的:做一个默认信息源发布,就可以在内网的路由器上注入一条默认路由,从而帮助内网穿过外网。)
ip route 0.0.0.0 0.0.0.0 114.1.1.2
五、在Router2、Router3、Router4黄色区域的接口配置EIGRP
在Router2、Router4、Router5红色区域的接口配置OSPF
参考配置:
Router2:
router eigrp 15
network 23.0.0.0
no auto-summary
router ospf 15
network 25.1.15.0 0.0.0.255 area 0
network 114.1.1.0 0.0.0.3 area 0
Router3:
router eigrp 15
network 23.0.0.0
network 34.0.0.0
network 100.0.0.0
no auto-summary
Router4:
router eigrp 15
network 34.0.0.0
no auto-summary
router ospf 15
network 45.1.15.0 0.0.0.255 area 0
Router5:
router ospf 15
network 45.1.15.0 0.0.0.255 area 0
network 25.1.15.0 0.0.0.255 area 0
network 100.2.15.0 0.0.0.255 area 0
六、在Router4上做OSPF和EIGRP的双向重分布
参考配置:
Router4:
分别进入动态路由协议配置界面,打上重发布指令
router eigrp 15
redistribute ospf 15 metric 10000 100 255 1 1500
router ospf 15
redistribute eigrp 15 subnets