拓扑图
实验要求
实验步骤
1.子网划分
按照IP地址数量,从大到小划分地址块。
| 区域 | 子网地址 | 主机地址范围 | |
|---|---|---|---|
| VLAN 50 | 2^6=64>=50 | 202.1.1.0/26 | 202.1.1.1 ~ 202.1.1.64 |
| VLAN 40 | 2^6=64>=40 | 202.1.1.64/26 | 202.1.1.64 ~ 202.1.1.128 |
| VLAN 30 | 2^5=32>=30 | 202.1.1.128/27 | 202.1.1.128 ~ 202.1.1.160 |
| VLAN 20 | 2^5=32>=20 | 202.1.1.160/27 | 202.1.1.160 ~ 202.1.1.192 |
| VLAN 10 | 2^4=16>=10 | 202.1.1.192/28 | 202.1.1.192 ~ 202.1.1.208 |
| 网段1 | 2^1=2 | 202.1.1.208/31 | 202.1.1.208 ~ 202.1.1.210 |
| 网段2 | 2^1=2 | 202.1.1.210/31 | 202.1.1.210 ~ 202.1.1.212 |
| 网段3 | 2^1=2 | 202.1.1.212/31 | 202.1.1.212 ~ 202.1.1.214 |
2.设备配置ip地址,不要忘记每个子网的掩码不同(不是常用的255.255.255.0),需要更改。
3.单臂路由,实现内网互通
S1:
#
sysname S1
#
undo info-center enable
#
vlan batch 10 20 30 40
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type access
port default vlan 20
#
interface Ethernet0/0/4
port link-type access
port default vlan 30
#
interface Ethernet0/0/5
port link-type access
port default vlan 40
#
interface Ethernet0/0/6
port link-type access
port default vlan 40R1:
#
sysname R1
#
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 202.1.1.193 255.255.255.240
arp broadcast enable
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 202.1.1.161 255.255.255.224
arp broadcast enable
#
interface GigabitEthernet0/0/0.3
dot1q termination vid 30
ip address 202.1.1.129 255.255.255.224
arp broadcast enable
#
interface GigabitEthernet0/0/0.4
dot1q termination vid 40
ip address 202.1.1.65 255.255.255.192
arp broadcast enable
#2.R2对R1进行CHAP验证
R2(认证方):
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R2
[R2]un in en
Info: Information center is disabled.
[R2]int S1/0/0
[R2-Serial1/0/0]ip add 202.1.1.210 31
[R2-Serial1/0/0]q
[R2]aaa
[R2-aaa]local-user huawei password cipher 123456
Info: Add a new user.
[R2-aaa]local-user huawei service-type ppp
[R2-aaa]q
[R2]int S1/0/0
[R2-Serial1/0/0]ppp authentication-mode chap
[R2-Serial1/0/0]ppp chap user huawei
[R2-Serial1/0/0]qR1(被认证方):
<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]int S1/0/0
[R1-Serial1/0/0]ip add 202.1.1.209 31
[R1-Serial1/0/0]ppp chap user huawei
[R1-Serial1/0/0]ppp chap password cipher 123456
[R1-Serial1/0/0]qchap认证配置完,检测R1和R2间连通性
[R2]ping 202.1.1.209
PING 202.1.1.209: 56 data bytes, press CTRL_C to break
Reply from 202.1.1.209: bytes=56 Sequence=1 ttl=255 time=100 ms
Reply from 202.1.1.209: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 202.1.1.209: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 202.1.1.209: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 202.1.1.209: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 202.1.1.209 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/36/100 ms3.R1上配置静态路由
R1:
[R1]ip route-static 0.0.0.0 0.0.0.0 202.1.1.210R2:
[R2]ip route-static 202.1.1.64 26 202.1.1.209
[R2]ip route-static 202.1.1.128 27 202.1.1.209
[R2]ip route-static 202.1.1.160 27 202.1.1.209
[R2]ip route-static 202.1.1.192 28 202.1.1.2094.OSPF配置
R2:
[R2]int s1/0/1
[R2-Serial1/0/1]ip add 202.1.1.212 31
[R2-Serial1/0/1]q
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1-area-0.0.0.0]network 202.1.1.212 0.0.0.0R3:
[R3]int s1/0/1
[R3-Serial1/0/1]ip add 202.1.1.213 31
[R3-Serial1/0/1]q
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 202.1.1.213 0.0.0.05.RIP配置和路由引入
R3:
[R3]int S1/0/0
[R3-Serial1/0/0]ip add 202.1.1.214 31
[R3-Serial1/0/0]q
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]net 202.1.1.0
[R3]rip
[R3-rip-1]import-route ospf 1 cost 2
[R3-rip-1]q
[R3]ospf
[R3-ospf-1]import-route rip 1R4:
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 202.1.1.1 26
[R4]int s1/0/0
[R4-Serial1/0/0]ip add 202.1.1.215 31
[R4-Serial1/0/0]q
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]net 202.1.1.0R2:
[R2]ospf
[R2-ospf-1]import-route static
[R2-ospf-1]import-route direct 到了这一步,全网都互通
6.搭建web服务器和DNS服务器
使用Client1访问内网Server1的IP,可获取内容
PC1可以访问两台服务器