交换式企业网络主要是通过交换机进行数据之间传输,但要跨越到外网,也离不开路由器的加持
设计技术:VLAN、STP、单臂路由、HSRP、静态路由、NAT、ACL 、GRE 、PPP
拓扑搭建
设备的扩展
| AS-1 | VLAN 99 | 10.0.99.1 | 255.255.255.0 |
| AS-2 | VLAN 99 | 10.0.99.2 | 255.255.255.0 |
| AS-3 | VLAN 99 | 10.0.99.3 | 255.255.255.0 |
| AS-4 | VLAN4 | 10.8.4.1 | 255.255.255.0 |
| AS-5 | VLAN4 | 10.8.4.2 | 255.255.255.0 |
| DS-1 | G1/0/2 | 10.0.13.1 | 255.255.255.0 |
| VLAN 10 | 10.1.10.253 | 255.255.255.0 | |
| VLAN 20 | 10.2.20.253 | 255.255.255.0 | |
| VLAN 30 | 10.3.30.253 | 255.255.255.0 | |
| VLAN 40 | 10.4.40.253 | 255.255.255.0 | |
| VLAN 99 | 10.0.99.253 | 255.255.255.0 | |
| Lookback0 | 10.1.1.1 | 255.255.255.255 | |
| DS-2 | G1/0/2 | 10.0.23.2 | 255.255.255.0 |
| VLAN 10 | 10.1.10.252 | 255.255.255.0 | |
| VLAN 20 | 10.2.20.252 | 255.255.255.0 | |
| VLAN 30 | 10.3.30.252 | 255.255.255.0 | |
| VLAN 40 | 10.4.40.252 | 255.255.255.0 | |
| VLAN 99 | 10.0.33.252 | 255.255.255.0 | |
| Lookback0 | 10.2.2.2.2 | 255.255.255.255 | |
| R-Edge | G1/0/1 | 10.0.13.3 | 255.255.255.252 |
| G0/0/1 | 10.0.23.3 | 255.255.255.252 | |
| S0/2/0 | 218.12.17.1 | 255.255.255.252 | |
| VLAN100 | 10.5.100.254 | 255.255.255.252 | |
| VLAN200 | 10.6.200.254 | 255.255.255.252 | |
| Tunnel 10 | 10.10.10.1 | 255.255.255.252 | |
| Look back | 10.3.3.3 | 255.255.255.252 | |
| L-Router | G0/0/0 | 218.12.18.1 | 255.255.255.252 |
| G0/0.4 | 10.8.4.254 | 255.255.255.0 | |
| G0/0.5 | 10.8.5.254 | 255.255.255.0 | |
| G0/0.6 | 10.8.6.254 | 255.255.255.0 | |
| G0/0.7 | 10.8.7.254 | 255.255.255.0 | |
| Tunnel 10 | 10.10.10.2 | 255.255.255.252 | |
| ISP | s0/0/0 | 218.12.17.2 | 255.255.255.252 |
| G0/2/0 | 218.12.18.2 | 255.255.255.252 | |
| Lookback | 200.200.200.200 | 255.255.255.255 | |
| web | 10.5.100.253 | 255.255.255.0 | |
| DNS | 10.5.100.252 | 255.255.255.0 | |
| EMAL | 10.6.200.252 | 255.255.255.0 | |
| FTP | 10.6.200.252 | 255.255.255.0 | |
| DHCP | 10.8.7.253 | 255.255.255.0 |
在二层设备AS-1、AS-2、AS-3配置VLAN、VTP
Switch>enable
Switch#configure
Switch(config)#hostname AS-1
AS-1(config)#vlan 10
AS-1(config-vlan)#vlan 20
AS-1(config-vlan)#vlan 30
AS-1(config-vlan)#vlan 40
AS-1(config-vlan)#vlan 99
AS-1(config-vlan)#exit
AS-1(config)#vtp mode server
AS-1(config)#vtp version 2
AS-1(config)#vtp domain CCNA
AS-1(config)#vtp password cisco
Switch>enable
Switch#configure
Switch(config)#hostname AS-2
AS-2(config)#vtp mode client
AS-2(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
AS-2(config)#vtp password cisco
Switch>enable
Switch#configure
Switch(config)#hostname AS-3
AS-3(config)#vtp mode client
AS-3(config)#vtp domain CCNA
AS-3(config)#vtp password cisco
查看VTP状态
二层设备AS-1、AS-2、AS-3配置VLAN接口、管理IP、网关
AS-1(config)#interface range gigabitEthernet 0/1-2
AS-1(config-if-range)#switchport mode trunk
AS-1(config-if-range)#switchport trunk allowed vlan 10,20,30,40,99
AS-1(config-if-range)#exit
AS-1(config)#interface vlan 99
AS-1(config-if)#ip address 10.1.99.1 255.255.255.0
AS-1(config-if)#no shutdown
AS-1(config-if)#exit
AS-1(config)#ip default-gateway 10.0.99.254
AS-1(config)#interface fastEthernet 0/1
AS-1(config-if)#switchport mode access
AS-1(config-if)#switchport access vlan 10
AS-1(config-if)#exit
AS-1(config)#interface fastEthernet 0/2
AS-1(config-if)#switchport mode access
AS-1(config-if)#switchport access vlan 20
AS-1(config-if)#exit
AS-1(config)#interface fastEthernet 0/3
AS-1(config-if)#switchport mode access
AS-1(config-if)#switchport access vlan 30
AS-1(config-if)#exit
AS-1(config)#interface fastEthernet 0/4
AS-1(config-if)#switchport mode access
AS-1(config-if)#switchport access vlan 40
AS-1(config-if)#exitAS-3(config)#interface range gigabitEthernet 0/1-2
AS-3(config-if-range)#switchport mode trunk
AS-3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,99
AS-3(config-if-range)#exit
AS-3(config)#interface vlan 99
AS-3(config-if)#ip address 10.0.99.3 255.255.255.0
AS-3(config-if)#exit
AS-3(config)#ip default-gateway 10.0.99.254
AS-3(config)#interface fastEthernet 0/1
AS-3(config-if)#switchport mode access
AS-3(config-if)#switchport access vlan 10
AS-3(config-if)#exit
AS-3(config)#interface fastEthernet 0/2
AS-3(config-if)#switchport mode access
AS-3(config-if)#switchport access vlan 20
AS-3(config-if)#exit
AS-3(config)#interface fastEthernet 0/3
AS-3(config-if)#switchport mode access
AS-3(config-if)#switchport access vlan 30
AS-3(config-if)#exit
AS-3(config)#interface fastEthernet 0/4
AS-3(config-if)#switchport mode access
AS-3(config-if)#switchport access vlan 40
AS-3(config-if)#exit二层设备AS-4、AS-5配置VLAN、Trunk
Switch>enable
Switch#configure
Switch(config)#hostname AS-4
AS-4(config)#interface range fastEthernet 0/23-24,g0/1
AS-4(config-if-range)#switchport mode trunk
AS-4(config-if-range)#switchport trunk allowed vlan 4,5,6,7
AS-4(config-if-range)#exit
AS-4(config)#vlan 4
AS-4(config-vlan)#vlan 5
AS-4(config-vlan)#vlan 6
AS-4(config-vlan)#vlan 7
AS-4(config-vlan)#exit
AS-4(config)#interface gigabitEthernet 0/1
AS-4(config-if)#switchport mode trunk
AS-4(config-if)#switchport trunk allowed vlan 4,5,6,7
AS-4(config-if)#exit
AS-4(config)#interface fastEthernet 0/1
AS-4(config-if)#switchport mode access
AS-4(config-if)#switchport access vlan 5
AS-4(config-if)#exit
AS-4(config)#interface fastEthernet 0/2
AS-4(config-if)#switchport mode access
AS-4(config-if)#switchport access vlan 6
AS-4(config-if)#exit
AS-4(config)#interface gigabitEthernet 0/2
AS-4(config-if)#switchport mode access
AS-4(config-if)#switchport access vlan 7
AS-4(config-if)#exit
AS-4(config)#interface vlan 4
AS-4(config-if)#ip address 10.8.4.1 255.255.255.0
AS-4(config-if)#no shutdown
AS-4(config-if)#exit
AS-4(config)#ip default-gateway 10.8.4.254Switch>enable
Switch#conf
Switch(config)#hostname AS-5
AS-5(config)#interface range fastEthernet 0/23-24
AS-5(config-if-range)#switchport mode trunk
AS-5(config-if-range)#switchport trunk allowed vlan 4,5,6,7
AS-5(config-if-range)#vlan 4
AS-5(config-vlan)#vlan 5
AS-5(config-vlan)#vlan 6
AS-5(config-vlan)#vlan 7
AS-5(config-vlan)#exit
AS-5(config)#interface fastEthernet 0/1
AS-5(config-if)#switchport mode access
AS-5(config-if)#switchport access vlan 5
AS-5(config-if)#exit
AS-5(config)#interface fastEthernet 0/2
AS-5(config-if)#switchport mode access
AS-5(config-if)#switchport access vlan 6
AS-5(config-if)#exit
AS-5(config)#interface vlan 4
AS-5(config-if)#ip address 10.8.4.2 255.255.255.0
AS-5(config-if)#no shutdown
AS-5(config-if)#exit
AS-5(config)#ip default-gateway 10.8.4.254配置三层设备DS-1、DS-2
Switch>enable
Switch#configure
Switch(config)#hostname DS-1
DS-1(config)#ip routing
DS-1(config)#interface gigabitEthernet 1/0/2
DS-1(config-if)#no switchport
DS-1(config-if)#ip address 10.0.13.1 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface gigabitEthernet 1/0/1
DS-1(config-if)#switchport mode trunk
DS-1(config-if)#switchport trunk allowed vlan 10,20,30,40,99
DS-1(config-if)#exit
DS-1(config)#vlan 10
DS-1(config-vlan)#vlan 20
DS-1(config-vlan)#vlan 30
DS-1(config-vlan)#vlan 40
DS-1(config-vlan)#vlan 99
DS-1(config-vlan)#exit
DS-1(config)#interface vlan 99
DS-1(config-if)#ip address 10.1.10.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface vlan 20
DS-1(config-if)#ip address 10.2.20.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface vlan 30
DS-1(config-if)#ip address 10.3.30.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface vlan 40
DS-1(config-if)#ip address 10.4.40.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface vlan 99
DS-1(config-if)#ip address 10.0.99.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface vlan 10
DS-1(config-if)#ip address 10.1.10.253 255.255.255.0
DS-1(config-if)#exit
DS-1(config)#interface loopback 0
DS-1(config-if)#ip address 10.1.1.1 255.255.255.255
Switch>enable
Switch#configure
Switch(config)#hostname DS-2
DS-2(config)#ip routing
DS-2(config)#interface gigabitEthernet 1/0/2
DS-2(config-if)#no switchport
DS-2(config-if)#ip address 10.0.23.2 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface gigabitEthernet 1/0/1
DS-2(config-if)#switchport mode trunk
DS-2(config-if)#switchport trunk allowed vlan 10,20,30,40,99
DS-2(config-if)#exit
DS-2(config)#vlan 10
DS-2(config-vlan)#vlan 20
DS-2(config-vlan)#vlan 30
DS-2(config-vlan)#vlan 40
DS-2(config-vlan)#vlan 99
DS-2(config-vlan)#exit
DS-2(config)#interface vlan 10
DS-2(config-if)#ip address 10.1.10.252 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface vlan 20
DS-2(config-if)#ip address 10.2.20.252 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface vlan 30
DS-2(config-if)#ip address 10.3.30.252 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface vlan 40
DS-2(config-if)#ip address 10.4.40.252 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface vlan 99
DS-2(config-if)#ip address 10.0.99.252 255.255.255.0
DS-2(config-if)#exit
DS-2(config)#interface loopback 0
DS-2(config-if)#ip address 10.2.2.2 255.255.255.255路由配置
Router>enable
Router#configure
Router(config)#hostname R-Edge
R-Edge(config)#exit
R-Edge#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
R-Edge(vlan)#vlan 100
VLAN 100 added:
Name: VLAN0100
R-Edge(vlan)#vlan 200
VLAN 200 added:
Name: VLAN0200
R-Edge(vlan)#exit
APPLY completed.
Exiting....
R-Edge#configure
R-Edge(config)#interface range gigabitEthernet 0/1/0-1
R-Edge(config-if-range)#switchport mode access
R-Edge(config-if-range)#switchport access vlan 100
R-Edge(config-if-range)#exit
R-Edge(config)#interface range gigabitEthernet 0/1/2-3
R-Edge(config-if-range)#switchport mode access
R-Edge(config-if-range)#switchport access vlan 200
R-Edge(config-if-range)#exit
R-Edge(config)#interface serial 0/2/0
R-Edge(config-if)#ip address 218.12.17.1 255.255.255.252
R-Edge(config-if)#no shutdown
R-Edge(config-if)#exit
R-Edge(config)#interface gigabitEthernet 0/0/0
R-Edge(config-if)#ip address 10.0.13.3 255.255.255.0
R-Edge(config-if)#no shutdown
R-Edge(config-if)#exit
R-Edge(config)#interface gigabitEthernet 0/0/1
R-Edge(config-if)#ip address 10.0.23.3 255.255.255.0
R-Edge(config-if)#no shutdown
R-Edge(config-if)#exit
R-Edge(config)#interface loopback 0
R-Edge(config-if)#ip address 10.3.3.3 255.255.255.255
R-Edge(config-if)#exit
R-Edge(config)#interface vlan 10
R-Edge(config-if)#exit
R-Edge(config)#interface vlan 100
R-Edge(config-if)#ip address 10.5.100.254 255.255.255.0
R-Edge(config-if)#exit
R-Edge(config)#interface vlan 200
R-Edge(config-if)#ip address 10.6.200.254 255.255.255.0
R-Edge(config-if)#exitRouter>enable
Router#configure
Router(config)#hostname ISP
ISP(config)#interface serial 0/0/0
ISP(config-if)#ip address 218.12.17.2 255.255.255.252
ISP(config-if)#clock rate 128000
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface gigabitEthernet 0/2/0
ISP(config-if)#ip address 218.12.18.2 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#interface loopback 0
ISP(config-if)#ip address 200.200.200.200 255.255.255.255
ISP(config-if)#exit在DS-1、DS-2上配置HSRP
DS-1(config-if)#standby 10 ip 10.1.10.254
DS-1(config-if)#standby 10 priority 105
DS-1(config-if)#standby 10 preempt
DS-1(config-if)#standby 10 track gigabitEthernet 1/0/2
DS-1(config-if)#exit
DS-1(config)#interface vlan 20
DS-1(config-if)#standby 20 ip 10.2.20.254
DS-1(config-if)#standby 20 pree
DS-1(config-if)#standby 20 preempt
DS-1(config-if)#exit
DS-1(config)#interface vlan 30
DS-1(config-if)#standby 30 ip 10.3.30.254
DS-1(config-if)#standby 30 preempt
DS-1(config-if)#standby 30 track gigabitEthernet 1/0/2
DS-1(config-if)#exit
DS-1(config)#interface vlan 40
DS-1(config-if)#standby 40 ip 10.4.40.254
DS-1(config-if)#standby 40 preempt
DS-1(config-if)#exit
DS-1(config)#interface vlan 99
DS-1(config-if)#standby 99 ip 10.0.99.254
DS-1(config-if)#standby 99 priority 105
DS-1(config-if)#standby 99 track gigabitEthernet 1/0/2
DS-1(config-if)#no shutdown
DS-1(config-if)#exitDS-2(config)#interface vlan 10
DS-2(config-if)#standby 10 ip 10.1.10.254
DS-2(config-if)#standby 10 preempt
DS-2(config-if)#exit
DS-2(config)#interface vlan 20
DS-2(config-if)#standby 20 ip 10.2.20.254
DS-2(config-if)#standby 20 priority 105
DS-2(config-if)#standby 20 preempt
DS-2(config-if)#standby 20 track gigabitEthernet 1/0/2
DS-2(config-if)#exit
DS-2(config)#interface vlan 30
DS-2(config-if)#standby 30 ip 10.3.30.254
DS-2(config-if)#standby 30 preempt
DS-2(config-if)#exit
DS-2(config)#interface vlan 40
DS-2(config-if)#standby 40 ip 10.4.40.254
DS-2(config-if)#standby 40 priority 105
DS-2(config-if)#standby 40 preempt
DS-2(config-if)#standby 40 track gigabitEthernet 1/0/2
DS-2(config-if)#exit
DS-2(config)#interface vlan 99
DS-2(config-if)#standby 99 ip 10.0.99.254
DS-2(config-if)#standby 99 preempt 配置生成树PVST
AS-4(config)#spanning-tree mode pvst
AS-4(config)#spanning-tree vlan 4,5 root primary
AS-4(config)#spanning-tree vlan 6,7 root secondary AS-5(config)#spanning-tree mode pvst
AS-5(config)#spanning-tree vlan 4,5 root primary
AS-5(config)#spanning-tree vlan 6,7 root secondaryL-Router上配置单臂路由
Router>enable
Router#configure
Router(config)#hostname L-Router
L-Router(config)#interface gigabitEthernet 0/0
L-Router(config-if)#no shutdown
L-Router(config-if)#no ip address
L-Router(config)#interface gigabitEthernet 0/0.4
L-Router(config-subif)#encapsulation dot1Q 4
L-Router(config-subif)#ip address 10.8.4.254 255.255.255.0
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.5
L-Router(config-subif)#encapsulation dot1Q 5
L-Router(config-subif)#ip address 10.8.5.254 255.255.255.0
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.6
L-Router(config-subif)#encapsulation dot1Q 6
L-Router(config-subif)#ip address 10.8.6.254 255.255.255.0
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.7
L-Router(config-subif)#encapsulation dot1Q 7
L-Router(config-subif)#ip address 10.8.7.254 255.255.255.0
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0/0
L-Router(config-if)#ip address 218.12.8.1 255.255.255.252
L-Router(config-if)#no shutdown
L-Router(config-if)#exitDS-1、DS-2上配置DHCP服务
DS-1(config)#ip dhcp pool VLAN10
DS-1(dhcp-config)#network 10.1.10.0 255.255.255.0
DS-1(dhcp-config)#default-router 10.1.10.254
DS-1(dhcp-config)#dns-server 10.5.100.252
DS-1(dhcp-config)#exit
DS-1(config)#ip dhcp pool VLAN20
DS-1(dhcp-config)#network 10.2.20.0 255.255.255.0
DS-1(dhcp-config)#default-router 10.2.20.254
DS-1(dhcp-config)#dns-server 10.5.100.252
DS-1(dhcp-config)#exit
DS-1(config)#ip dhcp pool VLAN30
DS-1(dhcp-config)#network 10.3.30.0 255.255.255.0
DS-1(dhcp-config)#default-router 10.3.30.254
DS-1(dhcp-config)#dns-server 10.5.100.252
DS-1(dhcp-config)#exit
DS-1(config)#ip dhcp pool VLAN40
DS-1(dhcp-config)#network 10.4.40.0 255.255.255.0
DS-1(dhcp-config)#default-router 10.4.40.254
DS-1(dhcp-config)#dns-server 10.5.100.252
DS-1(dhcp-config)#exit
DS-1(config)#ip dhcp excluded-address 10.1.10.101 10.1.10.254
DS-1(config)# no ip dhcp excluded-address 10.1.10.101 10.1.10.254
DS-1(config)#ip dhcp excluded-address 10.1.10.99 10.1.10.254
DS-1(config)#ip dhcp excluded-address 10.2.20.99 10.2.20.254
DS-1(config)#ip dhcp excluded-address 10.3.30.99 10.3.30.254
DS-1(config)#ip dhcp excluded-address 10.4.40.99 10.4.40.254DS-2(config)#ip dhcp pool VLAN10
DS-2(dhcp-config)#network 10.1.10.0 255.255.255.0
DS-2(dhcp-config)#default-router 10.1.10.254
DS-2(dhcp-config)#dns-server 10.5.100.252
DS-2(dhcp-config)#exit
DS-2(config)#ip dhcp pool VLAN20
DS-2(dhcp-config)#network 10.2.20.0 255.255.255.0
DS-2(dhcp-config)#default-router 10.2.20.254
DS-2(dhcp-config)#dns-server 10.5.100.252
DS-2(dhcp-config)#exit
DS-2(config)#ip dhcp pool VLAN30
DS-2(dhcp-config)#network 10.3.30.0 255.255.255.0
DS-2(dhcp-config)#default-router 10.3.30.254
DS-2(dhcp-config)#dns-server 10.5.100.252
DS-2(dhcp-config)#exit
DS-2(config)#ip dhcp pool VLAN40
DS-2(dhcp-config)#network 10.4.40.0 255.255.255.0
DS-2(dhcp-config)#default-router 10.3.30.254
DS-2(dhcp-config)#no de
DS-2(dhcp-config)#no default-router 10.3.30.254
DS-2(dhcp-config)#default-router 10.4.40.254
DS-2(dhcp-config)#dns-server 10.5.100.252
DS-2(dhcp-config)#exitL-Router配置DHCP中继
L-Router(config)#interface gigabitEthernet 0/0.5
L-Router(config-subif)#ip helper-address 10.8.7.253
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.6
L-Router(config-subif)#ip helper-address 10.8.7.253添加静态静态路由
R-Edge(config)#ip route 10.0.0.0 255.248.0.0 10.0.13.1
R-Edge(config)#ip route 10.0.0.0 255.248.0.0 10.0.23.2
R-Edge(config)#ip route 0.0.0.0 0.0.0.0 serial 0/2/0L-Router(config)#ip route 0.0.0.0 0.0.0.0 218.12.8.2DS-1(config)#ip route 0.0.0.0 0.0.0.0 10.0.13.3DS-2(config)#ip route 0.0.0.0 0.0.0.0 10.0.23.3R-Edge、L-Router配置NAT
R-Edge(config)#ip access-list standard 1
R-Edge(config-std-nacl)#permit 10.0.0.0 0.7.255.255
R-Edge(config-std-nacl)#exit
R-Edge(config)#ip nat inside source list 1 interface serial 0/2/0
R-Edge(config)#ip nat inside source static tcp 10.5.100.253 80 218.12.17.1 80
R-Edge(config)#interface gigabitEthernet 0/0/0
R-Edge(config-if)#ip nat inside
R-Edge(config-if)#exit
R-Edge(config)#interface gigabitEthernet 0/0/1
R-Edge(config-if)#ip nat inside
R-Edge(config-if)#exit
R-Edge(config)#interface vlan 100
R-Edge(config-if)#ip nat inside
R-Edge(config-if)#exit
R-Edge(config)#interface vlan 200
R-Edge(config-if)#ip nat inside
R-Edge(config-if)#exit
R-Edge(config)#interface serial 0/2/0
R-Edge(config-if)#ip nat outside
R-Edge(config-if)#exitL-Router(config)#ip nat inside source list 2 interface gigabitEthernet 0/0/0 overload
L-Router(config)#interface gigabitEthernet 0/0/0
L-Router(config-if)#ip nat outside
L-Router(config-if)#exit
L-Router(config)#interface gigabitEthernet 0/0.4
L-Router(config-subif)#ip nat inside
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.5
L-Router(config-subif)#ip nat inside
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.6
L-Router(config-subif)#ip nat inside
L-Router(config-subif)#exit
L-Router(config)#interface gigabitEthernet 0/0.7
L-Router(config-subif)#ip nat inside
L-Router(config-subif)#exit配置PPP协议CHAP认证
R-Edge(config)#username ISP password cisco
R-Edge(config)#interface serial 0/2/0
R-Edge(config-if)#encapsulation ppp
R-Edge(config-if)#ppp authentication chapISP(config)#username R-Edge password cisco
ISP(config)#interface serial 0/0/0
ISP(config-if)#encapsulation ppp
ISP(config-if)#ppp authentication chap配置GRE
R-Edge(config)#interface tunnel 10
R-Edge(config-if)#ip address 10.10.10.1
R-Edge(config-if)#ip address 10.10.10.1 255.255.255.252
R-Edge(config-if)#tunnel source serial 0/2/0L-Router(config)#interface tunnel 10
L-Router(config-if)#ip address 10.10.10.2 255.255.255.252
L-Router(config-if)#tunnel source gigabitEthernet 0/0/0
L-Router(config-if)#tunnel destination 218.12.17.1R-Edge(config)#ip route 10.8.4.0 255.255.255.0 10.10.10.2
R-Edge(config)#ip route 10.8.5.0 255.255.255.0 10.10.10.2
R-Edge(config)#ip route 10.8.6.0 255.255.255.0 10.10.10.2
R-Edge(config)#ip route 10.8.7.0 255.255.255.0 10.10.10.2L-Router(config)#ip route 10.0.0.0 255.248.0.0 10.10.10.1DHCP、DNS、FTP
依次使用PC的DHCP,自动获取IP
任意的连通性测试
注意:我们在路由器上是做了ACL的
PC61 访问WEB服务器
我们测试完连接性,我们还可以配置一下远程访问控制
DS-1、DS-2上配置Telnet
DS-1(config)#enable secret cisco
DS-1(config)#username admin secret cisco
DS-1(config)#line vty 0 5
DS-1(config-line)#transport input telnet
DS-1(config-line)#login local S-2(config)#enable secret cisoc
DS-2(config)#username admin secret cisco
DS-2(config)#line vty 0 5
DS-2(config-line)#transport input telnet
DS-2(config-line)#login local AS-1 AS-2 AS-3上配置Telnet
AS-1(config)#enable secret cisco
AS-1(config)#username admin secret cisco
AS-1(config)#line vty 0 5
AS-1(config-line)#transport input telnet
AS-1(config-line)#login local AS-2、AS-3后面路由器都是同样的操作!!
测试远程登录
那后边的也是可以这样测试。登录的时候我们是配置环回地址的,所以我们登录对应的换环回就行了
OK,这个项目大概就是这样了,还可以叫很多东西在上面,大家可以自己尝试一下哦!