DHCP+链路聚合+NAT+ACL小型实验

 

实验要求:

1.按照拓扑图上标识规划网络。

2.使用0SPF协议进程100实现ISP互通。

3.私网内PC属于VLAN1O, FTP Server属于VLAN2O,网关分

别为所连接的接入交换机，其中PC要求通过DHCP动态获取

4:私网内部所有交换机都为三层交换机，请合理规划VLAN，

5.在网关出口和汇聚交换机之间通过链路聚合手工负载分担

7.私网申请到一个公网地址: 100. 1. 10. 1/24 (网关出口)

使用相关技术实现私网内设备访问ISP

8. FTP-Server对外提供服务，ISP内Client 能够访间FIP-Server

9.为保障内网服务器安全要求PC不能访问FTPServer,请通过相关技术解决。

LSW5和LSW6配置思路：
1、创建vlan
2、进入虚拟vlan配置IP地址
3、ospf动态路由宣告并创建环回口
3、在系统视图开启dhcp功能
4、在虚拟vlan利用dhcp动态获取ip地址
5、设置链路类型，打标签，放通所有

sysname LSW5
#
vlan batch 10 20 30 40 50    //批量创建vlan
#
dhcp enable //开启DHCP
#
ospf 1 router-id 5.5.5.5  //创建OSPF 进程1area 0.0.0.0  //创建区域
#
acl number 3000  //创建ACLrule 5 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 //拒绝PC1网段访问Server网段
#
interface Vlanif10  //进入虚拟接口ip address 192.168.1.254 255.255.255.0  //配置IP地址ospf enable 1 area 0.0.0.0  //ospf宣告dhcp select interface  //开启DHCP
#
interface Vlanif30  //进入虚拟接口ip address 192.168.4.1 255.255.255.0  //配置IP地址ospf enable 1 area 0.0.0.0  //OSPF宣告
#
interface GigabitEthernet0/0/1  //进入接口port link-type trunk  //设置链路类型port trunk pvid vlan 30  //打上标签port trunk allow-pass vlan 2 to 4094 //放通所有
#
interface GigabitEthernet0/0/2  //进入接口port link-type access //设置链路类型port default vlan 10  //打上标签traffic-filter inbound acl 3000  //创建好ACL后在接口入接口应用ACL
#
interface LoopBack0  //创建环回口ip address 5.5.5.5 255.255.255.255  //配置IP地址ospf enable 1 area 0.0.0.0  //OSPF宣告

sysname LSW6
#
vlan batch 10 20 30 40 50
#
ospf 1 router-id 6.6.6.6area 0.0.0.0
#
dhcp enable
#
interface Vlanif20ip address 192.168.2.254 255.255.255.0ospf enable 1 area 0.0.0.0dhcp select interface
#
interface Vlanif40ip address 192.168.5.1 255.255.255.0ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 40port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 20
#
interface LoopBack0ip address 6.6.6.6 255.255.255.255ospf enable 1 area 0.0.0.0
#

sysname LSW3
#
vlan batch 10 20 30 40 50
#
ospf 1 router-id 3.3.3.3area 0.0.0.0
#
interface Vlanif30ip address 192.168.4.2 255.255.255.0ospf enable 1 area 0.0.0.0
#
interface Vlanif40ip address 192.168.5.2 255.255.255.0ospf enable 1 area 0.0.0.0
#
interface Vlanif50ip address 192.168.6.1 255.255.255.0ospf enable 1 area 0.0.0.0
#
interface Eth-Trunk1   //创建链路聚合1port link-type trunk  //设置端口类型port trunk pvid vlan 50 //打标签port trunk allow-pass vlan 2 to 4094  //运行所有
#
interface GigabitEthernet0/0/1eth-trunk 1  //加入链路聚合组
#
interface GigabitEthernet0/0/2eth-trunk 1  //加入链路聚合组
#
interface GigabitEthernet0/0/3port link-type trunkport trunk pvid vlan 30port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4port link-type trunkport trunk pvid vlan 40port trunk allow-pass vlan 2 to 4094
#
interface LoopBack0ip address 3.3.3.3 255.255.255.255ospf enable 1 area 0.0.0.0

出口nat配置方式：
1、将申请到的公网地址配置到出接口上
   interface GigabitEthernet0/0/2
 ip address 100.1.10.1 255.255.255.0 
2、创建ACL 2000，匹配需要转换的地址
    [AR1]acl 2000
    [AR1-acl-basic-2000]rule permit source any 
3、在出接口应用nat策略
   [AR1-GigabitEthernet0/0/2]nat outbound 2000 
4、配置缺省路由下一跳为运行商
   [AR1]ip route-static 0.0.0.0 0 100.1.10.2
5、在动态路由ospf进程中下发缺省路由
   [AR1-ospf-1]default-route-advertise

#sysname AR1
#
interface Eth-Trunk1  //创建链路聚合组undo portswitch  //将二层升级为三层使得有配置ip地址功能ip address 192.168.6.2 255.255.255.0  //配置IP地址ospf enable 1 area 0.0.0.0  //宣告
#
interface GigabitEthernet0/0/0  eth-trunk 1  //加入链路聚合组
#
interface GigabitEthernet0/0/1eth-trunk 1 //加入链路聚合组
#
interface GigabitEthernet0/0/2ip address 100.1.10.1 255.255.255.0 nat outbound 2000 //出接口做NAT地址转换时在出接口应用
#
interface LoopBack0ip address 1.1.1.1 255.255.255.255 ospf enable 1 area 0.0.0.0
#
acl 2000  //创建ACL
rule permit source any //规则运行所有
#
ospf 1 router-id 1.1.1.1 default-route-advertise //下发缺省area 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 100.1.10.2  //配置一条静态
#

#sysname AR2
#
interface GigabitEthernet0/0/0ip address 100.1.10.2 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1ip address 100.1.20.1 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 2.2.2.2 255.255.255.255 ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 2.2.2.2 default-route-advertise  //下发缺省area 0.0.0.0 
#
ip route-static 0.0.0.0 0.0.0.0 100.1.10.1  //配置一条静态
#

#sysname AR2
#
interface GigabitEthernet0/0/0ip address 100.1.20.2 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1ip address 100.1.30.254 255.255.255.0 ospf enable 1 area 0.0.0.0
#
interface LoopBack0ip address 3.3.3.3 255.255.255.255 ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 
#

 基本配置：

查看动态分配IP地址图

测试图：