• 0x0 组网一拓扑图
• 0x1 组网一配置指令
• 0x2 连通性测试
• 0x3 组网二拓扑图
• 0x4 组网二配置指令
• 0x5 组网二连通性测试

0x0 组网一拓扑图

• 要求
  1. 路由器使用OSPF协议
  2. 分部的生产部只能访问总部的生产部，分部的生产部无法访问其他设备
  3. 分部的办公部可以访问分部的办公部，也可以访问总部的办公部设备

0x1 组网一配置指令

• 路由器AR21

  acl number 3000  //设置生产部的ACL
   rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.16.0 0.0.15.255 
   rule 10 deny ip
  acl number 3001  //设置办公部的ACL
   rule 5 permit ip source 172.17.0.0 0.0.255.255 destination 172.17.0.0 0.0.255.255 
   rule 10 deny ip
  interface GigabitEthernet0/0/0
   ip address 172.18.1.2 255.255.255.252 
  interface GigabitEthernet0/0/1
   ip address 172.16.36.1 255.255.255.0 
   traffic-filter inbound acl 3000 //应用ACL
  interface GigabitEthernet0/0/2 
   ip address 172.17.37.1 255.255.255.0 
   traffic-filter inbound acl 3001 //应用ACL
  ospf 1 router-id 172.18.0.3   //设置OSPF
   area 0.0.0.0 
  network 172.16.36.0 0.0.0.255 
  network 172.17.37.0 0.0.0.255 
  network 172.18.0.3 0.0.0.0 
  network 172.18.1.2 0.0.0.0 
  

• 路由器AR21

  acl number 3000 //设置生产部的ACL
   rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.16.0 0.0.15.255
   rule 10 deny ip
  acl number 3001 //设置办公部的ACL
   rule 5 permit ip source 172.17.0.0 0.0.255.255 destination 172.17.0.0 0.0.255.255
   rule 10 deny ip
  interface GigabitEthernet0/0/0
   ip address 172.18.1.2 255.255.255.252
  interface GigabitEthernet0/0/1
   ip address 172.16.36.1 255.255.255.0 
   traffic-filter inbound acl 3000 //应用ACL
  interface GigabitEthernet0/0/2
   ip address 172.17.37.1 255.255.255.0 
   traffic-filter inbound acl 3001 //应用ACL
  ospf 1 router-id 172.18.0.3 
   area 0.0.0.0 
  network 172.16.36.0 0.0.0.255 
  network 172.17.37.0 0.0.0.255 
  network 172.18.0.3 0.0.0.0 
  network 172.18.1.2 0.0.0.0 
  

• 路由器AR24

  acl number 3000
   rule 5 permit ip source 172.16.0.0 0.0.255.255 destination 172.16.0.0 0.0.255.255 
   rule 10 deny ip
  acl number 3001
   rule 5 permit ip source 172.17.0.0 0.0.255.255 destination 172.17.0.0 0.0.255.255 
   rule 10 deny ip
  interface GigabitEthernet0/0/0
   ip address 172.16.20.1 255.255.255.0 
   traffic-filter inbound acl 3000
  interface GigabitEthernet0/0/1
   ip address 172.17.21.1 255.255.255.0 
   traffic-filter inbound acl 3001
  interface GigabitEthernet0/0/2
   ip address 172.18.1.1 255.255.255.252 
  interface GigabitEthernet3/0/0
   ip address 172.18.1.5 255.255.255.252 
  ospf 1 router-id 172.18.0.1 
   area 0.0.0.0 
  network 172.16.20.0 0.0.0.255 
  network 172.17.21.0 0.0.0.255 
  network 172.18.0.1 0.0.0.0 
  network 172.18.1.1 0.0.0.0 
  network 172.18.1.5 0.0.0.0
  

0x2 连通性测试

• 分公司生产部设备访问总部生产部设备
• 分公司生产部设备访问其他部门设备和分公司生产部设备
• 分公司办公区设备访问总部办公区设备
• 分公司办公区设备访问分公司办公区设备
• 分公司办公区设备访问分公司生产部设备

0x3 组网二拓扑图

• 要求
  1. 内网可以互通，内网设备可以相互telnet
  2. 内外网可以互通，但是内网设备可以实现对外网的telnet，外网设备无法实现对内网的telnet，即单项访问

0x4 组网二配置指令

• AR22

  interface GigabitEthernet0/0/0
   ip address 192.168.3.100 255.255.255.0 
  ip route-static 10.10.10.0 255.255.255.0 192.168.3.1
  ip route-static 192.168.0.4 255.255.255.252 192.168.3.1
  ip route-static 192.168.1.0 255.255.255.0 192.168.3.1
  user-interface vty 0 4
   authentication-mode password
  

• AR29

  sysname innetAR29
  interface GigabitEthernet0/0/0
   ip address 192.168.1.100 255.255.255.0 
  ip route-static 10.10.10.0 255.255.255.0 192.168.1.1
  ip route-static 192.168.0.4 255.255.255.252 192.168.1.1
  ip route-static 192.168.3.0 255.255.255.0 192.168.1.1
  user-interface vty 0 4
   authentication-mode password 1234
  

• AR23

  interface GigabitEthernet0/0/0
   ip address 192.168.3.1 255.255.255.0 
  interface GigabitEthernet0/0/1
   ip address 192.168.0.5 255.255.255.252 
  interface GigabitEthernet0/0/2
   ip address 192.168.1.1 255.255.255.0 
  ip route-static 10.10.10.0 255.255.255.0 192.168.0.6
  

• AR28

  ip address 10.10.10.88 255.255.255.0
  ip route-static 192.168.0.4 255.255.255.252 10.10.10.1
  ip route-static 192.168.1.0 255.255.255.0 10.10.10.1
  ip route-static 192.168.3.0 255.255.255.0 10.10.10.1
  user-interface vty 0 4
   authentication-mode password 1234
  

• AR28

  ip address 10.10.10.88 255.255.255.0
  ip route-static 192.168.0.4 255.255.255.252 10.10.10.1
  ip route-static 192.168.1.0 255.255.255.0 10.10.10.1
  ip route-static 192.168.3.0 255.255.255.0 10.10.10.1
  user-interface vty 0 4
   authentication-mode password 1234
  

• AR25

  acl number 3000  
   rule 5 permit tcp source 10.10.10.0 0.0.0.255 tcp-flag ack  
   rule 10 permit tcp source 10.10.10.0 0.0.0.255 tcp-flag rst  
   rule 15 deny tcp source 10.10.10.0 0.0.0.255 
  interface GigabitEthernet0/0/0
   ip address 192.168.0.6 255.255.255.252 
  interface GigabitEthernet0/0/1
   ip address 10.10.10.1 255.255.255.0 
   traffic-filter inbound acl 3000
  ip route-static 192.168.1.0 255.255.255.0 192.168.0.5
  ip route-static 192.168.3.0 255.255.255.0 192.168.0.5
  

0x5 组网二连通性测试

• 内网设备访问外网设备（ping指令）
• 内网设备访问外网设备（telnet）
• 外网设备访问内网设备（telnet）
• 内网设备访问内网设备（telnet）