码迷,mamicode.com
首页 > 其他好文 > 详细

【思科】DHCP 、RIP、链路聚合、ACL访问控制列表综合实验

时间:2014-08-29 02:56:27      阅读:658      评论:0      收藏:0      [点我收藏+]

标签:链路聚合   rip   acl   dhcp   

实验拓扑:

bubuko.com,布布扣

R3为网关,R4为出口路由器,并且为DHCP路由器,R5为外网一台路由器


实验要求:1.三台PC属于3个vlan

          2.R1,R2做链路聚合

          3.网关终结在R3,实现vlan间路由

          4.c1,c2,c3通过dhcp服务器获得IP

          5.只允许外网路由器R5来远程管理R3


实验步骤:

  1. 首先配置R1

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#no ip routing

R1(config)#vlan 10,20,30                       建立vlan10,vlan20,vlan30

R1(config-vlan)#ex

R1(config)#int f1/1

R1(config-if)#switchport access vlan 10             f1/1划分为vlan 10

R1(config-if)#int f1/2                 

R1(config-if)#switchport access vlan 20             f1/2划分为vlan 20


R1(config-if)#int range f1/14 -15

R1(config-if-range)#channel-group 1 mode  on        建立链路聚合组

Creating a port-channel interface Port-channel1 

*Mar  1 00:05:31.643: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:05:31.715: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

R1(config-if-range)#ex

*Mar  1 00:05:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

R1(config)#int port-channel 1

R1(config-if)#switchport mode trunk                改为trunk口

R1(config-if)#ex

R1(config)#

*Mar  1 00:05:43.063: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar  1 00:05:43.095: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar  1 00:05:43.107: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:05:43.155: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:05:43.587: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk 

*Mar  1 00:05:45.091: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

R1(config)#int f1/3

R1(config-if)#switchport mode  trunk               上行口也改为trunk

*Mar  1 00:05:59.855: %DTP-5-TRUNKPORTON: Port Fa1/3 has become dot1q trunk


2.配置R2

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#no ip routing

R2(config)#vlan 10,20,30

R2(config-vlan)#ex

R2(config)#int f1/3

R2(config-if)#switchport access vlan 30

R2(config)#int range f1/14 -15

R2(config-if-range)#channel-group 1 mode on           与R1做相同配置

Creating a port-channel interface Port-channel1 

*Mar  1 00:07:29.195: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:07:29.263: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:07:29.463: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk Port-channel1 VLAN1.

*Mar  1 00:07:29.463: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking Port-channel1 on VLAN1. Inconsistent port type.PVST+: restarted the forward delay timer for Port-channel1


R2(config-if-range)#ex

*Mar  1 00:07:32.147: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

R2(config)#int port-channel 1

R2(config-if)#switchport mode  trunk 

R2(config-if)#ex

*Mar  1 00:07:39.463: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar  1 00:07:39.503: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar  1 00:07:39.523: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:07:39.563: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:07:39.991: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk

*Mar  1 00:07:41.503: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up


3.配置R3

R3#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#ip routing

R3(config)#int f1/1

R3(config-if)#no sh

R3(config-if)#switchport mode trunk 

R3(config-if)#ex

*Mar  1 00:08:56.415: %DTP-5-TRUNKPORTON: Port Fa1/1 has become dot1q trunk

R3(config)#vlan 10,20,30

R3(config-vlan)#ex


R3(config)#int vlan 10                                

*Mar  1 00:09:12.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

R3(config-if)#ip add 192.168.10.1 255.255.255.0          vlan10网关

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4             设置DHCP中继,目标为R4接口地址 


R3(config-if)#int vlan 20                                 

R3(config-if)#ip add 192.168.10.1 255.255.255.0           vlan20网关

*Mar  1 00:09:59.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

R3(config-if)#ip add 192.168.20.1 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4

   

R3(config-if)#int vlan 30                      

*Mar  1 00:10:13.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up

R3(config-if)#ip add 192.168.30.1 255.255.255.0             vlan30网关

R3(config-if)#no sh                            

R3(config-if)#ip helper-address 192.168.34.4          

R3(config-if)#

R3(config-if)#ex


配置上行口f1/2

R3(config)#int f1/2

R3(config-if)#no switchport 

*Mar  1 00:10:42.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/2, changed state to up

R3(config-if)#ip add 192.168.34.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ex

R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.34.4         指一条默认路由给出口路由器



4.配置R4

R4(config)#int f0/1

R4(config-if)#ip add 192.168.34.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

*Mar  1 00:11:44.315: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar  1 00:11:45.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up


做3个DHCP地址池来为3个vlan 分配IP


R4(config)#ip dhcp pool v10 

R4(dhcp-config)#network 192.168.10.0 /24

R4(dhcp-config)#default-router 192.168.10.1


R4(dhcp-config)#ip dhcp pool v20           

R4(dhcp-config)#network 192.168.20.0 /24   

R4(dhcp-config)#default-router 192.168.20.1


R4(dhcp-config)#ip dhcp pool v30           

R4(dhcp-config)#network 192.168.30.0 /24   

R4(dhcp-config)#default-router 192.168.30.1

R4(dhcp-config)#ex

R4(config)#int f0/0

R4(config-if)#ip add 12.0.0.1 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

R4(config)#ip route 192.168.10.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.20.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.30.0 255.255.255.0 192.168.34.3


可以验证pc是否已分配到地址

bubuko.com,布布扣

IP已经获得


配置NAT,用R4外网口上网

R4(config)#int f0/1

R4(config-if)#ip nat inside                         设置内网口

*Mar  1 01:30:41.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up

R4(config-if)#int f0/0     

R4(config-if)#ip nat outside                         设置外网口

R4(config-if)#ex

R4(config)#access-list 10 permit 192.168.10.0 0.0.0.255         访问列表

R4(config)#access-list 11 permit 192.168.20.0 0.0.0.255

R4(config)#access-list 12 permit 192.168.30.0 0.0.0.255


R4(config)#ip nat inside source list 10 int f0/1 overload        应用列表

R4(config)#ip nat inside source list 11 int f0/1 overload 

R4(config)#ip nat inside source list 12 int f0/1 overload 


5.配置R5

R5#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R5(config)#int f0/0

R5(config-if)#ip add 12.0.0.2 255.255.255.0

R5(config-if)#no sh

R5(config-if)#ex

测试下pc能否访问外网路由器

bubuko.com,布布扣

是通的


注意:因为外网是不可能指私网的IP地址的,所以下面用动态路由RIP来模拟实验

R4

R4(config)#router rip

R4(config-router)#network 192.168.34.0

R4(config-router)#network 12.0.0.0  


R5 

R5(config)#router rip 

R5(config-router)#

*Mar  1 00:15:51.191: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 00:15:52.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R5(config-router)#network 12.0.0.0

R5(config-router)#ex



下面,要实现只有R5能远程管理R3,这要用ACL控制列表来实现

R3(config)#int l0                       进环回口

*Mar  1 00:53:14.715: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

R3(config-if)#ip add 3.3.3.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ex

R3(config)#router rip 

R3(config-router)#network 3.3.3.0

R3(config-router)#network 192.168.10.0

R3(config-router)#network 192.168.20.0

R3(config-router)#network 192.168.30.0

R3(config-router)#network 192.168.34.0


R3(config)#access-list 1 permit host 12.0.0.2

R3(config)#line vty 0 4

R3(config-line)#access-class 1 in

R3(config-line)#password abc

R3(config-line)#login

检验一下R5能telnet吗?

bubuko.com,布布扣

R4能否?

bubuko.com,布布扣

很明显,远程登录被拒绝,这样,实验目的就达到了。







本文出自 “NE之路” 博客,请务必保留此出处http://332162926.blog.51cto.com/8831013/1546341

【思科】DHCP 、RIP、链路聚合、ACL访问控制列表综合实验

标签:链路聚合   rip   acl   dhcp   

原文地址:http://332162926.blog.51cto.com/8831013/1546341

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!