eNSP综合实验：OSPF、DHCP、NAT等技术运用

拓扑图

1、 SW1为PC1和PC2的DHCP服务器，AR2为PC3和PC4的DHCP服务器

2、PC1、PC2、PC3、PC4能够访问外网

3、外网能够访问内网的HTTP服务器和FTP服务器

SW1配置

system-view 
sysname SW1

vlan batch 10 20 50 101

//各vlanif的IP地址配置如下：
[SW1]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
LoopBack0                         44.44.44.44/32       up         up(s)     
Vlanif10                          192.168.10.254/24    up         up        
Vlanif20                          192.168.20.254/24    up         up        
Vlanif50                          192.168.50.254/24    up         up        
Vlanif101                         192.168.101.1/30     up         up    

//各端口配置
[SW1]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 101

[SW1]interface GigabitEthernet0/0/2
[SW1-GigabitEthernet0/0/2]port hybrid pvid vlan 10
[SW1-GigabitEthernet0/0/2]port hybrid untagged vlan 10

[SW1]interface GigabitEthernet0/0/3
[SW1-GigabitEthernet0/0/3]port hybrid pvid vlan 20
[SW1-GigabitEthernet0/0/3]port hybrid untagged vlan 20

[SW1]interface GigabitEthernet0/0/23
[SW1-GigabitEthernet0/0/23]port link-type access
[SW1-GigabitEthernet0/0/23]port default vlan 50

[SW1]interface GigabitEthernet0/0/24
[SW1-GigabitEthernet0/0/24]port link-type access
[SW1-GigabitEthernet0/0/24]port default vlan 50

//DHCP配置
[SW1]dhcp enable

[SW1]ip pool vlanif10
[SW1-ip-pool-vlanif10]gateway-list 192.168.10.254
[SW1-ip-pool-vlanif10]network 192.168.10.0 mask 24
[SW1-ip-pool-vlanif10]lease day 2
[SW1-ip-pool-vlanif10]dns-list 114.114.114.114

[SW1]interface Vlanif10
[SW1-Vlanif10]ip address 192.168.10.254 24
[SW1-Vlanif10]dhcp select global        //基于全局DHCP

[SW1]interface Vlanif20
[SW1-Vlanif20]ip address 192.168.20.254 24
[SW1-Vlanif20]dhcp select interface     //基于接口DHCP
[SW1-Vlanif20]dhcp server lease day 2
[SW1-Vlanif20]dhcp server dns-list 114.114.114.114

//OSPF配置
[SW1]router id 44.44.44.44
[SW1]ospf 1
[SW2-ospf-1]area 1
[SW2-ospf-1-area-0.0.0.1]network 192.168.101.1 0.0.0.0
[SW2-ospf-1-area-0.0.0.1]network 192.168.10.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.1]network 192.168.20.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.1]network 192.168.50.0 0.0.0.255

SW2配置

[SW2]vlan batch 30 40 102

//各vlanif的IP地址配置如下：
[SW2]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
LoopBack0                         55.55.55.55/32       up         up(s) 
Vlanif30                          192.168.30.254/24    up         up        
Vlanif40                          192.168.40.254/24    up         up        
Vlanif102                         192.168.102.1/30     up         up        

//各端口配置
[SW2]interface GigabitEthernet0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 102

[SW2]interface GigabitEthernet0/0/2
[SW2-GigabitEthernet0/0/2]port hybrid pvid vlan 30
[SW2-GigabitEthernet0/0/2]port hybrid untagged vlan 30

[SW2]interface GigabitEthernet0/0/3
[SW2-GigabitEthernet0/0/3]port hybrid pvid vlan 40
[SW2-GigabitEthernet0/0/3]port hybrid untagged vlan 40

//DHCP中继配置
[SW2]interface Vlanif30
[SW2-Vlanif30]ip address 192.168.30.254 24
[SW2-Vlanif30]dhcp select relay
[SW2-Vlanif30]dhcp relay server-ip 192.168.102.2

[SW2]interface Vlanif40
[SW2-Vlanif40]ip address 192.168.40.254 24
[SW2-Vlanif40]dhcp select relay
[SW2-Vlanif40]dhcp relay server-ip 192.168.102.2

//OSPF配置
[SW2]router id 55.55.55.55
[SW2]ospf 1
[SW2-ospf-1]area 2
[SW2-ospf-1-area-0.0.0.2]network 192.168.102.1 0.0.0.0
[SW2-ospf-1-area-0.0.0.2]network 192.168.30.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.2]network 192.168.40.0 0.0.0.255

AR1配置

//各端口IP地址配置如下：
[AR1]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              172.16.13.2/30       up         up        
GigabitEthernet0/0/1              172.16.12.1/30       up         up        
GigabitEthernet0/0/2              192.168.101.2/30     up         up        
LoopBack0                         11.11.11.11/32       up         up(s)  


//OSPF配置
[AR1]router id 11.11.11.11 
[AR1]ospf 1 
[AR1-ospf-1]area 0 
[AR1-ospf-1-area-0.0.0.0]authentication-mode hmac-md5 1 plain 123456
[AR1-ospf-1-area-0.0.0.0]network 172.16.12.1 0.0.0.0 
[AR1-ospf-1-area-0.0.0.0]network 172.16.13.2 0.0.0.0 
[AR1-ospf-1]area 1 
[AR1-ospf-1-area-0.0.0.1]network 192.168.101.2 0.0.0.0

AR2配置

//各端口IP地址配置如下：
[AR2]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              172.16.23.2/30       up         up        
GigabitEthernet0/0/1              172.16.12.2/30       up         up        
GigabitEthernet0/0/2              192.168.102.2/30     up         up        
LoopBack0                         22.22.22.22/32       up         up(s)

//DHCP地址池配置：
[AR2]dhcp enable

[AR2]ip pool vlanif30
[AR2-vlanif30]gateway-list 192.168.30.254 
[AR2-vlanif30]network 192.168.30.0 mask 24
[AR2-vlanif30]lease day 2 
[AR2-vlanif30]dns-list 114.114.114.114 

[AR2]ip pool vlanif40
[AR2-vlanif40]gateway-list 192.168.40.254 
[AR2-vlanif40]network 192.168.40.0 mask 24 
[AR2-vlanif40]lease day 2 
[AR2-vlanif40]dns-list 114.114.114.114 

[AR2]interface GigabitEthernet0/0/2
[AR2-GigabitEthernet0/0/2]dhcp select global

//OSPF配置
[AR2]router id 22.22.22.22
[AR2]ospf 1 
[AR2-ospf-1]area 0 
[AR2-ospf-1-area-0.0.0.0]authentication-mode hmac-md5 1 plain 123456
[AR2-ospf-1-area-0.0.0.0]network 172.16.12.2 0.0.0.0 
[AR2-ospf-1-area-0.0.0.0]network 172.16.23.2 0.0.0.0 
[AR2-ospf-1]area 2 
[AR2-ospf-1-area-0.0.0.2]network 192.168.102.2 0.0.0.0

AR3配置

1、内网PC1、PC2、PC3、PC4能够访问外网

2、外网Client通过公网IP访问内网HTTP服务器和FTP服务器

//各端口IP地址配置如下：
[AR3]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              100.1.1.2/24         up         up        
GigabitEthernet0/0/1              172.16.13.1/30       up         up        
GigabitEthernet0/0/2              172.16.23.1/30       up         up        
LoopBack0                         33.33.33.33/32       up         up(s) 

//OSPF配置
[AR3]router id 33.33.33.33 
[AR3]ospf 1 
[AR3-ospf-1]default-route-advertise always   //引入静态路由
[AR3-ospf-1]area 0 
[AR3-ospf-1-area-0.0.0.0]authentication-mode hmac-md5 1 plain 123456   //区域认证
[AR3-ospf-1-area-0.0.0.0]network 172.16.13.1 0.0.0.0 
[AR3-ospf-1-area-0.0.0.0]network 172.16.23.1 0.0.0.0 

//默认静态路由配置
[AR3]ip route-static 0.0.0.0 0.0.0.0 100.1.1.1

//ACL + NAT配置
[AR3]acl number 2000
[AR3-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255 
[AR3-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255 
[AR3-acl-basic-2000]rule 15 permit source 192.168.30.0 0.0.0.255 
[AR3-acl-basic-2000]rule 20 permit source 192.168.40.0 0.0.0.255 
[AR3-acl-basic-2000]rule 25 deny source any

[AR3]interface GigabitEthernet0/0/0
[AR3-GigabitEthernet0/0/0]ip address 100.1.1.2 24 
[AR3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface www inside 192.168.50.1 www   //外网Client可以通过IP：100.1.1.2访问内网的HTTP服务器
[AR3-GigabitEthernet0/0/0]nat server protocol tcp global current-interface ftp inside 192.168.50.2 ftp   //外网Client可以通过IP：100.1.1.2访问内网的FTP服务器
[AR3-GigabitEthernet0/0/0]nat outbound 2000    //对数据流进行NAT

[AR3]nat alg ftp enable    //开启FTP的NAT ALG

ISP配置

//各端口IP地址配置如下：
[ISP]display ip interface brief 

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              100.1.1.1/24         up         up        
GigabitEthernet0/0/1              200.1.1.1/24         up         up

实验验证：

查看AR3

<AR1>display ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 23       Routes : 24       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0          RD   100.1.1.1       GigabitEthernet0/0/0
    33.33.33.33/32  Direct  0    0           D   127.0.0.1       LoopBack0
      100.1.1.0/24  Direct  0    0           D   100.1.1.2       GigabitEthernet0/0/0
      100.1.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
    100.1.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    172.16.12.0/30  OSPF    10   2           D   172.16.23.2     GigabitEthernet0/0/2
                    OSPF    10   2           D   172.16.13.2     GigabitEthernet0/0/1
    172.16.13.0/30  Direct  0    0           D   172.16.13.1     GigabitEthernet0/0/1
    172.16.13.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
    172.16.13.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
    172.16.23.0/30  Direct  0    0           D   172.16.23.1     GigabitEthernet0/0/2
    172.16.23.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/2
    172.16.23.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/2
   192.168.10.0/24  OSPF    10   3           D   172.16.13.2     GigabitEthernet0/0/1
   192.168.20.0/24  OSPF    10   3           D   172.16.13.2     GigabitEthernet0/0/1
   192.168.30.0/24  OSPF    10   3           D   172.16.23.2     GigabitEthernet0/0/2
   192.168.40.0/24  OSPF    10   3           D   172.16.23.2     GigabitEthernet0/0/2
   192.168.50.0/24  OSPF    10   3           D   172.16.13.2     GigabitEthernet0/0/1
  192.168.101.0/30  OSPF    10   2           D   172.16.13.2     GigabitEthernet0/0/1
  192.168.102.0/30  OSPF    10   2           D   172.16.23.2     GigabitEthernet0/0/2
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

<AR1>
*************************************************************************************
<AR1>display ospf lsdb

	 OSPF Process 1 with Router ID 33.33.33.33
		 Link State Database 

		         Area: 0.0.0.0
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    11.11.11.11     11.11.11.11       1415  48    80000012       1
 Router    22.22.22.22     22.22.22.22       1425  48    80000011       1
 Router    33.33.33.33     33.33.33.33        908  48    8000000D       1
 Network   172.16.23.2     22.22.22.22       1425  32    80000008       0
 Network   172.16.13.2     11.11.11.11       1415  32    80000007       0
 Network   172.16.12.2     22.22.22.22       1694  32    80000008       0
 Sum-Net   192.168.10.0    11.11.11.11        726  28    80000008       2
 Sum-Net   192.168.20.0    11.11.11.11        726  28    80000008       2
 Sum-Net   192.168.30.0    22.22.22.22        138  28    80000008       2
 Sum-Net   192.168.50.0    11.11.11.11       1322  28    80000007       2
 Sum-Net   192.168.102.0   22.22.22.22        299  28    80000008       1
 Sum-Net   192.168.40.0    22.22.22.22       1678  28    80000008       2
 Sum-Net   192.168.101.0   11.11.11.11        727  28    80000008       1
 

		 AS External Database
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 External  0.0.0.0         33.33.33.33        908  36    80000007       1
 
<AR1>
*************************************************************************************
<AR1>display nat server

  Nat Server Information:
  Interface  : GigabitEthernet0/0/0
    Global IP/Port     : current-interface/80(www) (Real IP : 100.1.1.2)
    Inside IP/Port     : 192.168.50.1/80(www)
    Protocol : 6(tcp)   
    VPN instance-name  : ----                            
    Acl number         : ----
    Description : ----

    Global IP/Port     : current-interface/21(ftp) (Real IP : 100.1.1.2)
    Inside IP/Port     : 192.168.50.2/21(ftp)
    Protocol : 6(tcp)   
    VPN instance-name  : ----                            
    Acl number         : ----
    Description : ----

  Total :    2
<AR1>

HTTP服务器

外网Client访问HTTP服务器

FTP服务器

外网Client访问FTP服务器

PC1

PC2

PC3

PC4

eNSP综合实验：OSPF、DHCP、NAT等技术运用

猜你喜欢