作者:五柳狂少
我们先来看拓扑需求
1.SW1 和 SW2 之间的直连链路配置链路聚合
2.公司内部业务网段为 Vlan10 和 Vlan20;Vlan10 是市场部,Vlan20 是技术部,要求对 Vlan 进行命名以便识别;PC1 属于 Vlan10,PC2 属于 Vlan20,Vlan30 用于 SW1 和 SW2 建立 OSPF 邻居;Vlan111 为 SW1 和 R1 的互联 Vlan,Vlan222 为 SW2 和 R2 的互联 Vlan
3.所有交换机相连的端口配置为 Trunk,允许相关流量通过
4.交换机连接 PC 的端口配置为边缘端口
5.按图示分区域配置 OSPF 实现公司内部网络全网互通,ABR 的环回口宣告进骨干区域;业务网段不允许出现协议报文
6.R1 上配置默认路由指向互联网,并引入到 OSPF
7.R1 通过双线连接到互联网,配置 PPP-MP,并配置双向 chap 验证
8.配置 EASY IP,只有业务网段 192.168.1.0/24 和 192.168.2.0/24 的数据流可以通过 R1 访问互联网
9.R1 开启 TELNET 远程管理,使用用户 abc 登录,密码 abc,只允许技术部远程管理 R1
实验过程:
SW3:
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface Ethernet0/0/3
port link-type access
port default vlan 10
interface Ethernet0/0/4
port link-type access
port default vlan 20
vlan 10
description jsb //打上VLAN注释
vlan 20
description cwb //打上VLAN注释
SW1:
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
interface Vlanif30
ip address 10.1.21.11 255.255.255.0
interface Vlanif111
ip address 10.1.11.11 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 111
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
OSPF配置
ospf 1 router-id 10.1.1.1
silent-interface GigabitEthernet0/0/2 //静默接口 不让OSPF报文在这个接口下传输
area 0.0.0.1
network 192.168.1.254 0.0.0.0
network 192.168.2.253 0.0.0.0
network 10.1.11.11 0.0.0.0
network 10.1.21.11 0.0.0.0
network 10.1.1.1 0.0.0.0
Rth配置
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 10 to 222 //让这一条聚合链路可以通过VLAN
SW2:
接口配置
interface Vlanif10
ip address 192.168.1.253 255.255.255.0
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
interface Vlanif30
ip address 10.1.21.22 255.255.255.0
interface Vlanif222
ip address 10.1.22.22 255.255.255.0
interface Eth-Trunk1 //聚合链路
port link-type trunk
port trunk allow-pass vlan 10 to 222
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type access
interface GigabitEthernet0/0/3
eth-trunk 1
interface GigabitEthernet0/0/4
eth-trunk 1
OSPF配置
ospf 1 router-id 10.2.2.2
silent-interface GigabitEthernet0/0/1
area 0.0.0.1
network 192.168.1.253 0.0.0.0
network 192.168.2.254 0.0.0.0
network 10.1.21.22 0.0.0.0
network 10.1.22.22 0.0.0.0
network 10.2.2.2 0.0.0.0
AR1:
ACL配置
acl number 2000 //这个ACL是针对nat的
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255
rule 15 deny
acl number 2005 //这个ACL是针对TELNET
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 permit source 192.168.2.0 0.0.0.255
接口配置
interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.1.11.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.1.13.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
//利用PPP做chan双向认证
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface Mp-group0/0/1
ip address 202.100.1.1 255.255.255.0
nat outbound 2000
//ppp模式下的聚合
//远程登陆
user-interface vty 0 4
acl 2005 inbound
authentication-mode aaa
OSPF配置
ospf 1 router-id 1.1.1.1
default-route-advertise //引入缺省路由 到OSPF里面
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.12.1 0.0.0.0
network 10.1.13.1 0.0.0.0
area 0.0.0.1
network 10.1.11.1 0.0.0.0
ip route-static 0.0.0.0 0.0.0.0 202.100.1.2
AR2
接口配置
g0/0/0:10.1.12.2/24
g0/0/1:10.1.23.2/24
g0/0/2:10.1.22.2/24
lo0:2.2.2.2/32
OSPF配置
ospf 1 router-id 2.2.2。2
default-route-advertise //引入缺省路由 到OSPF里面
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.12.2 0.0.0.0
network 10.1.23.2 0.0.0.0
area 0.0.0.1
network 10.1.22.2 0.0.0.
AR3
接口配置
interface GigabitEthernet0/0/0
ip address 192.168.3.254 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.1.23.3 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.1.13.3 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
OSPF配置
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.13.3 0.0.0.0
network 10.1.23.3 0.0.0.0
network 192.168.3.254 0.0.0.0
AR Internet
interface Mp-group0/0/1
ip address 202.100.1.2 255.255.255.0
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface LoopBack0
ip address 100.1.1.1 255.255.255.255
原文:https://blog.51cto.com/14481097/2426062