【思科】DHCP 、RIP、链路聚合、ACL访问控制列表综合实验

实验拓扑：

R3为网关，R4为出口路由器，并且为DHCP路由器，R5为外网一台路由器

实验要求：1.三台PC属于3个vlan

2.R1,R2做链路聚合

3.网关终结在R3,实现vlan间路由

4.c1,c2,c3通过dhcp服务器获得IP

5.只允许外网路由器R5来远程管理R3

实验步骤:

1. 首先配置R1

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#no ip routing

R1(config)#vlan 10,20,30                       建立vlan10,vlan20,vlan30

R1(config-vlan)#ex

R1(config)#int f1/1

R1(config-if)#switchport access vlan 10             f1/1划分为vlan 10

R1(config-if)#int f1/2

R1(config-if)#switchport access vlan 20             f1/2划分为vlan 20

R1(config-if)#int range f1/14 -15

R1(config-if-range)#channel-group 1 mode  on        建立链路聚合组

Creating a port-channel interface Port-channel1

*Mar  1 00:05:31.643: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:05:31.715: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

R1(config-if-range)#ex

*Mar  1 00:05:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

R1(config)#int port-channel 1

R1(config-if)#switchport mode trunk                改为trunk口

R1(config-if)#ex

R1(config)#

*Mar  1 00:05:43.063: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar  1 00:05:43.095: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar  1 00:05:43.107: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:05:43.155: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:05:43.587: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk

*Mar  1 00:05:45.091: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

R1(config)#int f1/3

R1(config-if)#switchport mode  trunk               上行口也改为trunk

*Mar  1 00:05:59.855: %DTP-5-TRUNKPORTON: Port Fa1/3 has become dot1q trunk

2.配置R2

R2#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R2(config)#no ip routing

R2(config)#vlan 10,20,30

R2(config-vlan)#ex

R2(config)#int f1/3

R2(config-if)#switchport access vlan 30

R2(config)#int range f1/14 -15

R2(config-if-range)#channel-group 1 mode on           与R1做相同配置

Creating a port-channel interface Port-channel1

*Mar  1 00:07:29.195: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:07:29.263: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:07:29.463: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk Port-channel1 VLAN1.

*Mar  1 00:07:29.463: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking Port-channel1 on VLAN1. Inconsistent port type.PVST+: restarted the forward delay timer for Port-channel1

R2(config-if-range)#ex

*Mar  1 00:07:32.147: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

R2(config)#int port-channel 1

R2(config-if)#switchport mode  trunk

R2(config-if)#ex

*Mar  1 00:07:39.463: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar  1 00:07:39.503: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar  1 00:07:39.523: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar  1 00:07:39.563: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar  1 00:07:39.991: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk

*Mar  1 00:07:41.503: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

3.配置R3

R3#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#ip routing

R3(config)#int f1/1

R3(config-if)#no sh

R3(config-if)#switchport mode trunk

R3(config-if)#ex

*Mar  1 00:08:56.415: %DTP-5-TRUNKPORTON: Port Fa1/1 has become dot1q trunk

R3(config)#vlan 10,20,30

R3(config-vlan)#ex

R3(config)#int vlan 10

*Mar  1 00:09:12.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up

R3(config-if)#ip add 192.168.10.1 255.255.255.0          vlan10网关

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4             设置DHCP中继，目标为R4接口地址

R3(config-if)#int vlan 20

R3(config-if)#ip add 192.168.10.1 255.255.255.0           vlan20网关

*Mar  1 00:09:59.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up

R3(config-if)#ip add 192.168.20.1 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4

R3(config-if)#int vlan 30

*Mar  1 00:10:13.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up

R3(config-if)#ip add 192.168.30.1 255.255.255.0             vlan30网关

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4

R3(config-if)#

R3(config-if)#ex

配置上行口f1/2

R3(config)#int f1/2

R3(config-if)#no switchport

*Mar  1 00:10:42.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/2, changed state to up

R3(config-if)#ip add 192.168.34.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ex

R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.34.4         指一条默认路由给出口路由器

4.配置R4

R4(config)#int f0/1

R4(config-if)#ip add 192.168.34.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

*Mar  1 00:11:44.315: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar  1 00:11:45.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

做3个DHCP地址池来为3个vlan 分配IP

R4(config)#ip dhcp pool v10

R4(dhcp-config)#network 192.168.10.0 /24

R4(dhcp-config)#default-router 192.168.10.1

R4(dhcp-config)#ip dhcp pool v20

R4(dhcp-config)#network 192.168.20.0 /24

R4(dhcp-config)#default-router 192.168.20.1

R4(dhcp-config)#ip dhcp pool v30

R4(dhcp-config)#network 192.168.30.0 /24

R4(dhcp-config)#default-router 192.168.30.1

R4(dhcp-config)#ex

R4(config)#int f0/0

R4(config-if)#ip add 12.0.0.1 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

R4(config)#ip route 192.168.10.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.20.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.30.0 255.255.255.0 192.168.34.3

可以验证pc是否已分配到地址

IP已经获得

配置NAT，用R4外网口上网

R4(config)#int f0/1

R4(config-if)#ip nat inside                         设置内网口

*Mar  1 01:30:41.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up

R4(config-if)#int f0/0

R4(config-if)#ip nat outside                         设置外网口

R4(config-if)#ex

R4(config)#access-list 10 permit 192.168.10.0 0.0.0.255         访问列表

R4(config)#access-list 11 permit 192.168.20.0 0.0.0.255

R4(config)#access-list 12 permit 192.168.30.0 0.0.0.255

R4(config)#ip nat inside source list 10 int f0/1 overload        应用列表

R4(config)#ip nat inside source list 11 int f0/1 overload

R4(config)#ip nat inside source list 12 int f0/1 overload

5.配置R5

R5#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R5(config)#int f0/0

R5(config-if)#ip add 12.0.0.2 255.255.255.0

R5(config-if)#no sh

R5(config-if)#ex

测试下pc能否访问外网路由器

是通的

注意：因为外网是不可能指私网的IP地址的，所以下面用动态路由RIP来模拟实验

R4

R4(config)#router rip

R4(config-router)#network 192.168.34.0

R4(config-router)#network 12.0.0.0

R5

R5(config)#router rip

R5(config-router)#

*Mar  1 00:15:51.191: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 00:15:52.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R5(config-router)#network 12.0.0.0

R5(config-router)#ex

下面，要实现只有R5能远程管理R3，这要用ACL控制列表来实现

R3(config)#int l0                       进环回口

*Mar  1 00:53:14.715: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

R3(config-if)#ip add 3.3.3.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ex

R3(config)#router rip

R3(config-router)#network 3.3.3.0

R3(config-router)#network 192.168.10.0

R3(config-router)#network 192.168.20.0

R3(config-router)#network 192.168.30.0

R3(config-router)#network 192.168.34.0

R3(config)#access-list 1 permit host 12.0.0.2

R3(config)#line vty 0 4

R3(config-line)#access-class 1 in

R3(config-line)#password abc

R3(config-line)#login

检验一下R5能telnet吗？

R4能否？

很明显，远程登录被拒绝，这样，实验目的就达到了。