ensp_简单校园网拓扑模拟
0x0 拓扑图以及需求
- 要求
- 校园网内部使用192.168.0.0 16,外网使用88.88.88.0 24
- 设置DHCP服务器以及DHCP中继
- 路由协议使用OSPF和RIP,并且两边可以互通
- 使用NAT技术,校园网访问外网IP地址使用10.10.10.3-10.10.10.9地址池
- 使用NAT技术,讲图书馆的服务以10.10.10.10的地址映射到外部
- 各个设备可以互通
0x1 各个设备配置指令
- LSW3
vlan batch 10 interface GigabitEthernet0/0/1 port link-type access port default vlan 10 interface GigabitEthernet0/0/2 port link-type access port default vlan 10 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 - LSW4
vlan batch 20 interface GigabitEthernet0/0/1 port link-type access port default vlan 10 interface GigabitEthernet0/0/2 port link-type access port default vlan 10 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 - LSW5
vlan batch 30 interface GigabitEthernet0/0/1 port link-type access port default vlan 30 interface GigabitEthernet0/0/2 port link-type access port default vlan 30 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 - LSW6
vlan batch 40 interface GigabitEthernet0/0/1 port link-type access port default vlan 40 interface GigabitEthernet0/0/2 port link-type access port default vlan 40 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 4094 - LSW1
vlan batch 10 20 30 40 100 123 to 124 dhcp enable interface Vlanif10 ip address 192.168.10.1 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.88.1 interface Vlanif20 ip address 192.168.20.1 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.88.1 interface Vlanif100 ip address 192.168.88.2 255.255.255.0 interface Vlanif123 ip address 192.168.170.2 255.255.255.0 interface Vlanif124 ip address 192.168.195.2 255.255.255.0 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/3 port link-type access port default vlan 123 interface GigabitEthernet0/0/4 port link-type access port default vlan 100 interface GigabitEthernet0/0/5 port link-type access port default vlan 124 ospf 1 router-id 192.168.0.1 area 0.0.0.0 network 192.168.0.1 0.0.0.0 network 192.168.195.0 0.0.0.255 network 192.168.88.0 0.0.0.255 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.170.0 0.0.0.255 - LSW2
vlan batch 10 20 30 40 100 123 to 124 dhcp enable interface Vlanif30 ip address 192.168.30.1 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.99.1 interface Vlanif40 ip address 192.168.40.1 255.255.255.0 dhcp select relay dhcp relay server-ip 192.168.99.1 interface Vlanif100 ip address 192.168.99.2 255.255.255.0 interface Vlanif123 ip address 192.168.190.2 255.255.255.0 interface Vlanif124 ip address 192.168.180.2 255.255.255.0 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 interface GigabitEthernet0/0/5 port link-type access port default vlan 123 interface GigabitEthernet0/0/7 port link-type access port default vlan 124 interface GigabitEthernet0/0/8 port link-type access port default vlan 100 rip 1 version 2 network 192.168.30.0 network 192.168.40.0 network 192.168.190.0 network 192.168.180.0 network 192.168.99.0 - AR7
dhcp enable ip pool dhcp1 gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 dns-list 114.114.114.114 ip pool dhcp2 gateway-list 192.168.20.1 network 192.168.20.0 mask 255.255.255.0 dns-list 114.114.114.114 ip pool dhcp3 gateway-list 192.168.30.1 network 192.168.30.0 mask 255.255.255.0 dns-list 8.8.8.8 ip pool dhcp4 gateway-list 192.168.40.1 network 192.168.40.0 mask 255.255.255.0 dns-list 8.8.8.8 interface GigabitEthernet0/0/0 ip address 192.168.88.1 255.255.255.0 dhcp select global interface GigabitEthernet0/0/1 ip address 192.168.99.1 255.255.255.0 dhcp select global ip route-static 192.168.10.0 255.255.255.0 192.168.88.2 ip route-static 192.168.20.0 255.255.255.0 192.168.88.2 ip route-static 192.168.30.0 255.255.255.0 192.168.99.2 ip route-static 192.168.40.0 255.255.255.0 192.168.99.2 - AR8
interface GigabitEthernet0/0/0 ip address 192.168.170.1 255.255.255.0 interface GigabitEthernet0/0/1 ip address 192.168.190.1 255.255.255.0 interface GigabitEthernet0/0/2 ip address 192.168.150.2 255.255.255.0 ospf 1 router-id 192.168.0.3 area 0.0.0.0 network 192.168.0.3 0.0.0.0 network 192.168.150.0 0.0.0.255 network 192.168.170.0 0.0.0.255 network 192.168.190.0 0.0.0.255 - AR9
interface GigabitEthernet0/0/0 ip address 192.168.195.1 255.255.255.0 interface GigabitEthernet0/0/1 ip address 192.168.180.1 255.255.255.0 interface GigabitEthernet0/0/2 ip address 192.168.160.2 255.255.255.0 rip 1 version 2 network 192.168.160.0 network 192.168.195.0 network 192.168.180.0 - AR9
interface GigabitEthernet0/0/0 ip address 192.168.100.1 255.255.255.0 interface GigabitEthernet0/0/1 ip address 192.168.150.1 255.255.255.0 interface GigabitEthernet0/0/2 ip address 192.168.160.1 255.255.255.0 interface GigabitEthernet4/0/0 ip address 192.168.50.1 255.255.255.0 ospf 1 router-id 192.168.0.2 default-route-advertise always cost 200 type 1 import-route rip 1 area 0.0.0.0 network 192.168.0.2 0.0.0.0 network 192.168.50.0 0.0.0.255 network 192.168.100.0 0.0.0.255 network 192.168.150.0 0.0.0.255 network 192.168.160.0 0.0.0.255 rip 1 version 2 network 192.168.160.0 import-route ospf 1 - AR2
acl number 2001 rule 5 permit source 192.168.0.0 0.0.255.255 nat address-group 1 10.10.10.3 10.10.10.9 interface GigabitEthernet0/0/0 ip address 192.168.50.2 255.255.255.0 interface GigabitEthernet0/0/1 ip address 10.10.10.1 255.255.255.0 nat server protocol tcp global 10.10.10.10 ftp inside 192.168.100.100 ftp nat server protocol tcp global 10.10.10.10 telnet inside 192.168.100.100 telnet nat server protocol tcp global 10.10.10.10 www inside 192.168.100.100 www nat outbound 2000 address-group 1 - AR8
interface GigabitEthernet0/0/0 ip address 10.10.10.2 255.255.255.0 interface GigabitEthernet0/0/1 ip address 88.88.88.1 255.255.255.0 ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
0x2 连通性测试
- DHCP地址分配PC1
- DHCP分配地址PC7
- LSW1路由学习情况
- PC1->PC5
- Client2连接服务器
- PC3访问外网
- PC3地址转化情况
- Client访问10.10.10.10
0x3 缺陷以及不足
- 没有做到ACL限制地址访问
- vlan没有达到隔离通信的效果