实验链接在最后
拓扑图
配置需求
部分配置代码,实验拓扑和完整配置在下方连接下载
二层交换机配置
sysname L2S1
#
undo info-center enable
#
vlan batch 10 20 30 40 50 60 70 80
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
traffic-filter inbound acl 3001
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
sysname L2S2
#
undo info-center enable
#
vlan batch 10 20 30 40 50 60 70 80
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
port link-type access
port default vlan 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30 40
sysname L2S3
#
undo info-center enable
#
vlan batch 10 20 30 40 50 60 70 80
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 50
#
interface Ethernet0/0/2
port link-type access
port default vlan 60
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50 60
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50 60
sysname L2S4
#
undo info-center enable
#
vlan batch 10 20 30 40 50 60 70 80
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
interface Ethernet0/0/1
port link-type access
port default vlan 70
#
interface Ethernet0/0/2
port link-type access
port default vlan 80
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 70 80
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 70 80
三层交换机配置
sysname L3S1
#
undo info-center enable
#
vlan batch 10 to 11 20 30 40 50 60 70 80 90
#
stp instance 1 root primary
stp instance 2 root secondary
#
dhcp enable
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.1 192.168.10.2
dns-list 114.114.114.114
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.1 192.168.20.2
dns-list 114.114.114.114
#
ip pool vlan30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.1 192.168.30.2
dns-list 114.114.114.114
#
ip pool vlan40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.1 192.168.40.2
dns-list 114.114.114.114
#
ip pool vlan50
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
excluded-ip-address 192.168.50.1 192.168.50.2
dns-list 114.114.114.114
#
ip pool vlan60
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
excluded-ip-address 192.168.60.1 192.168.60.2
dns-list 114.114.114.114
#
ip pool vlan70
gateway-list 192.168.70.254
network 192.168.70.0 mask 255.255.255.0
excluded-ip-address 192.168.70.1 192.168.70.2
dns-list 114.114.114.114
#
ip pool vlan80
gateway-list 192.168.80.254
network 192.168.80.0 mask 255.255.255.0
excluded-ip-address 192.168.80.1 192.168.80.2
dns-list 114.114.114.114
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 200
vrrp vrid 10 track interface Vlanif11 reduced 150
dhcp select global
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
vrrp vrid 20 priority 200
vrrp vrid 20 track interface Vlanif11 reduced 150
dhcp select global
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
vrrp vrid 30 priority 200
vrrp vrid 30 track interface Vlanif11 reduced 150
dhcp select global
#
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
vrrp vrid 40 priority 200
vrrp vrid 40 track interface Vlanif11 reduced 150
dhcp select global
#
interface Vlanif50
ip address 192.168.50.1 255.255.255.0
vrrp vrid 50 virtual-ip 192.168.50.254
dhcp select global
#
interface Vlanif60
ip address 192.168.60.1 255.255.255.0
vrrp vrid 60 virtual-ip 192.168.60.254
dhcp select global
#
interface Vlanif70
ip address 192.168.70.1 255.255.255.0
vrrp vrid 70 virtual-ip 192.168.70.254
dhcp select global
#
interface Vlanif80
ip address 192.168.80.1 255.255.255.0
vrrp vrid 80 virtual-ip 192.168.80.254
dhcp select global
#
interface Vlanif90
ip address 192.168.90.1 255.255.255.0
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 90
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.70.0 0.0.0.255
network 192.168.80.0 0.0.0.255
network 192.168.90.0 0.0.0.255
#
port-group 1
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
sysname L3S2
#
undo info-center enable
#
vlan batch 10 to 12 20 30 40 50 60 70 80
#
stp instance 1 root secondary
stp instance 2 root primary
#
dhcp enable
#
stp region-configuration
region-name 22tt02
revision-level 1
instance 1 vlan 10 20 30 40
instance 2 vlan 50 60 70 80
active region-configuration
#
ip pool vlan10
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.1 192.168.10.2
dns-list 114.114.114.114
#
ip pool vlan20
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.1 192.168.20.2
dns-list 114.114.114.114
#
ip pool vlan30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.1 192.168.30.2
dns-list 114.114.114.114
#
ip pool vlan40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.1 192.168.40.2
dns-list 114.114.114.114
#
ip pool vlan50
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
excluded-ip-address 192.168.50.1 192.168.50.2
dns-list 114.114.114.114
#
ip pool vlan60
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
excluded-ip-address 192.168.60.1 192.168.60.2
dns-list 114.114.114.114
#
ip pool vlan70
gateway-list 192.168.70.254
network 192.168.70.0 mask 255.255.255.0
excluded-ip-address 192.168.70.1 192.168.70.2
dns-list 114.114.114.114
#
ip pool vlan80
gateway-list 192.168.80.254
network 192.168.80.0 mask 255.255.255.0
excluded-ip-address 192.168.80.1 192.168.80.2
dns-list 114.114.114.114
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
dhcp select global
#
interface Vlanif12
ip address 192.168.12.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 192.168.20.254
dhcp select global
#
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
vrrp vrid 30 virtual-ip 192.168.30.254
dhcp select global
#
interface Vlanif40
ip address 192.168.40.2 255.255.255.0
vrrp vrid 40 virtual-ip 192.168.40.254
dhcp select global
#
interface Vlanif50
ip address 192.168.50.2 255.255.255.0
vrrp vrid 50 virtual-ip 192.168.50.254
vrrp vrid 50 priority 200
vrrp vrid 50 track interface Vlanif12 reduced 150
dhcp select global
#
interface Vlanif60
ip address 192.168.60.2 255.255.255.0
vrrp vrid 60 virtual-ip 192.168.60.254
vrrp vrid 60 priority 200
vrrp vrid 60 track interface Vlanif12 reduced 150
dhcp select global
#
interface Vlanif70
ip address 192.168.70.2 255.255.255.0
vrrp vrid 70 virtual-ip 192.168.70.254
vrrp vrid 70 priority 200
vrrp vrid 70 track interface Vlanif12 reduced 150
dhcp select global
#
interface Vlanif80
ip address 192.168.80.2 255.255.255.0
vrrp vrid 80 virtual-ip 192.168.80.254
vrrp vrid 80 priority 200
vrrp vrid 80 track interface Vlanif12 reduced 150
dhcp select global
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/23
eth-trunk 1
#
interface GigabitEthernet0/0/24
eth-trunk 1
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.60.0 0.0.0.255
network 192.168.70.0 0.0.0.255
network 192.168.80.0 0.0.0.255
network 192.168.90.0 0.0.0.255
network 192.168.12.0 0.0.0.255
#
port-group 1
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
路由器配置
sysname R1
#
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
rule 10 permit source 192.168.20.0 0.0.0.255
acl number 2001
rule 5 permit source 192.168.30.0 0.0.0.255
rule 10 permit source 192.168.40.0 0.0.0.255
#
aaa
local-user admin password cipher %$%$s_c59+PDm/$he~0>C.fYb%9!%$%$
local-user admin service-type ppp
#
nat address-group 1 99.1.1.3 99.1.1.5
nat address-group 2 99.1.1.6 99.1.1.8
#
interface Serial1/0/0
link-protocol ppp
ip address 99.1.1.1 255.255.255.240
nat server protocol icmp global 99.1.1.10 inside 192.168.90.2
nat outbound 2000 address-group 1
nat outbound 2001 address-group 2
#
interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ip address 172.16.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.11.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.12.1 255.255.255.0
#
ospf 1
default-route-advertise always
import-route rip 1
area 0.0.0.0
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
#
rip 1
undo summary
default-route originate
version 2
network 172.16.0.0
import-route ospf 1
#
ip route-static 0.0.0.0 0.0.0.0 99.1.1.2
sysname R2
#
interface Serial1/0/1
link-protocol ppp
ppp chap user admin
ppp chap password cipher %$%$v5s!S5c~c:qdMz33x!%4,"@;%$%$
ip address 172.16.1.2 255.255.255.252
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.0
#
rip 1
version 2
network 10.0.0.0
network 172.16.0.0
测试验证
pc1 访问 互联网
pc1 访问R2的环回口10.1.1.1
VLAN10、VLAN20的用户在上班的时间worktime(9:00~18:00)访问FTP服务器
该现象为bug,我现在的时间是周六,应该ping不通才对,但模拟器中却能通,配置肯定是没问题的
不允许VLAN10与VLAN20互相访问
只将FTP服务器(192.168.90.2)的FTP服务发布到互联网上,其公网IP地址为99.1.1.10
映射成功
出口路由器接口抓包
内网服务器接口抓包
实验链接
链接:https://pan.baidu.com/s/18GV_KJ4CXhcRioBuO82ZfA
提取码:6666