DHCP，VTP，PVST+,HSRP,ACL,NAT，和浮動路由

首先給大家道個歉，這個實驗一直沒做，最近終於做完了，詳細的配置已經發到附件裏了，大家解壓後就可看了，沒有做接入層的配置，那個很簡單，就沒做了

還有以前的問題是小凡的問題，這實驗要用真實設備做，虛擬的會出問題。

第一次打開圖片太小的話就刷新下就好了

1、所有VLAN都可以訪問FTP、WWW服務
2、除了網管區，其他VLAN不能TELNET設備（路由器、交換機）、服務器
3、只有網管區可以PING設配
4、配置MSL1、MSL2爲VTPsever
5、配置HSRP實現路由備份和VLAN負載均衡
6、在路由器上爲各VLAN做浮動路由
7、配置PAT使外網可以訪問內網WWW服務
8、配置NAT使內網用戶可以訪問外網
9、左邊的3層爲MSL1，右邊的3層交換爲MSL2

 

 

PS:附件下載有問題，我把配置發上來

 

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#line con 0
Router(config-line)#exec-t 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#int e0/0
Router(config-if)#ip add 20.0.0.1 255.255.255.0
Router(config-if)#no sh

Router(config-if)#int e1/0

Router(config-if)#ip add 192.168.0.1 255.255.255.252
Router(config-if)#no sh
Router(config-if)#int e2/0
Router(config-if)#ip add 192.168.0.5 255.255.255.252
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip router 192.168.100.0 255.255.255.0 e1/0 5
Router(config)#ip router 192.168.100.0 255.255.255.0 e2/0
Router(config)#ip router 192.168.2.0 255.255.255.0 e1/0 5
Router(config)#ip router 192.168.2.0 255.255.255.0 e2/0
Router(config)#ip router 192.168.3.0 255.255.255.0 e1/0
Router(config)#ip router 192.168.3.0 255.255.255.0 e2/0 5
Router(config)#ip router 192.168.4.0 255.255.255.0 e1/0
Router(config)#ip router 192.168.4.0 255.255.255.0 e2/0 5
Router(config)#end
//dhcp
Router(config)#ip dhcp pool vlan200
Router(dhcp-config)#network 192.168.100.0  255.255.255.0
Router(dhcp-config)#default-router 192.168.4.254
Router(dhcp-config)#lease 1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.2.250 192.168.2.254
Router(config)#ip dhcp pool vlan300
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#lease 1
Router(dhcp-config)#default-router 192.168.2.254
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.3.250 192.168.3.254
Router(config)#ip dhcp pool vlan400
Router(dhcp-config)#network 192.168.4.0 255.255.255.0
Router(dhcp-config)#lease 1
Router(dhcp-config)#default-router 192.168.4.254
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.4.250 192.168.4.254
Router(config)#access-list 1 permit 192.168.0.0 0.3.255.255      \\定義地址轉換的控制列表
Router(config)#ip nat pool isp 20.0.0.1 20.0.0.1 netmask 0.0.0.0   \\定義轉換的地址池
Router(config)#ip nat inside source list 1 pool isp            \\將指定的內部局部地址與內部全局地址池進行轉換
Router(config)#int e0/0
Router(config-if)#ip nat outside
Router(config-if)#int e1/0
Router(config-if)#ip nat inside
Router(config-if)#int e2/0
Router(config-if)#ip nat inside
Router(config-if)#end
Router(config)#ip nat inside source static tcp 192.168.100.100 80 20.0.0.1 80 \\ 端口映射，將內網服務器發佈出去

 

 

mls1>
mls1>en
mls1#vlan database
mls1(vlan)#vtp domain cz
mls1(vlan)#vtp password 123.com
mls1(vlan)#vtp server
mls1(vlan)#vtp v2-mode
mls1(vlan)#vtp pr
mls1(vlan)#vtp pruning
mls1(vlan)#vlan 100
mls1(vlan)#vlan 200
mls1(vlan)#vlan 300
mls1(vlan)#vlan 400
mls1(vlan)#exit
mls1#conf t
mls1(config)#int ra f0/1 - 4
mls1(config-if-range)#sw t en d 
mls1(config-if-range)#sw m t
mls1(config-if-range)#exit
mls1(config)#int ra f0/12 - 14
mls1(config-if-range)#sw t en d 
mls1(config-if-range)#sw m t
mls1(config-if-range)#channel-group 1 mode on
mls1(config-if-range)#exit
mls1(config)#ip access-list lan
mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255        \\允許網管區ping設配
mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo                      \\不允許其他PING設配                   
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet        \\允許192.168.2.0/24 遠程登錄192.168.1.0/24
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet        \\允許192.168.2.0/24 遠程登錄192.168.0.0/24
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21                  \\允許訪問FTP
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www                 \\允許訪問WWW
mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255                             \\不允許訪問192.168.0.0/22
mls1(config-ext-nacl)#permit ip any any
mls1(config-ext-nacl)end
mls1(config)#int f0/15
mls1(config-if)#no sw
mls1(config-if)#ip add 192.168.0.2 255.255.255.252
mls1(config-if)#no sh
mls1(config-if)#int vlan 100
mls1(config-if)#ip add 192.168.1.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 10 ip 192.168.1.254
mls1(config-if)#standby 10 priority 200
mls1(config-if)#standby 10 preempt
mls1(config-if)#standby 10 track f0/15 100
mls1(config-if)#int vlan 200
mls1(config-if)#ip add 192.168.2.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 20 ip 192.168.2.254
mls1(config-if)#standby 20 priority 200
mls1(config-if)#standby 20 preempt
mls1(config-if)#standby 20 track f0/15 100
mls1(config-if)#int vlan 300
mls1(config-if)#ip add 192.168.3.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 30 ip 192.168.3.254
mls1(config-if)#standby 30 priority 150
mls1(config-if)#standby 30 preempt
mls1(config-if)#standby 30 track f0/15 100
mls1(config-if)#int vlan 400
mls1(config-if)#ip add 192.168.4.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 40 ip 192.168.4.254
mls1(config-if)#standby 40 priority 150
mls1(config-if)#standby 40 preempt
mls1(config-if)#standby 40 track f0/15 100
mls1(config-if)#exit
mls1(config)#spanning-tree vlan 100 priority 4096
mls1(config)#spanning-tree vlan 200 priority 4096
mls1(config)#ip route 0.0.0.0 0.0.0.0 f0/15

 

mls2>
mls2>en
mls2#vlan database
mls2(vlan)#vtp domain cz
mls2(vlan)#vtp password 123.com
mls2(vlan)#vtp server
mls2(vlan)#vtp v2-mode
mls2(vlan)#vtp pr
mls2(vlan)#vtp pruning
mls2(vlan)#vlan 100
mls2(vlan)#vlan 200
mls2(vlan)#vlan 300
mls2(vlan)#vlan 400
mls2(vlan)#exit
mls2#conf t
mls2(config)#int ra f0/1 - 4
mls2(config-if-range)#sw t en d 
mls2(config-if-range)#sw m t
mls2(config-if-range)#exit
mls2(config)#int ra f0/12 - 14
mls2(config-if-range)#sw t en d 
mls2(config-if-range)#sw m t
mls2(config-if-range)#channel-group 1 mode on
mls2(config-if-range)#exit
mls1(config)#ip access-list lan
mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255        \\允許網管區ping設配
mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo                      \\不允許其他PING設配                   
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet        \\允許192.168.2.0/24 遠程登錄192.168.1.0/24
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet        \\允許192.168.2.0/24 遠程登錄192.168.0.0/24
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21                  \\允許訪問FTP
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www                 \\允許訪問WWW
mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255                             \\不允許訪問192.168.0.0/22
mls1(config-ext-nacl)#permit ip any any
mls1(config-ext-nacl)end
mls2(config)#int f0/15
mls2(config-if)#no sw
mls2(config-if)#ip add 192.168.0.2 255.255.255.252
mls2(config-if)#no sh
mls2(config-if)#int vlan 100
mls2(config-if)#ip add 192.168.100.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 10 ip 192.168.100.254
mls2(config-if)#standby 10 priority 150
mls2(config-if)#standby 10 preempt
mls2(config-if)#standby 10 track f0/15 100
mls2(config-if)#int vlan 200
mls2(config-if)#ip add 192.168.2.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 20 ip 192.168.2.254
mls2(config-if)#standby 20 priority 150
mls2(config-if)#standby 20 preempt
mls2(config-if)#standby 20 track f0/15 100
mls2(config-if)#int vlan 300
mls2(config-if)#ip add 192.168.3.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 30 ip 192.168.3.254
mls2(config-if)#standby 30 priority 200
mls2(config-if)#standby 30 preempt
mls2(config-if)#standby 30 track f0/15 100
mls2(config-if)#int vlan 400
mls2(config-if)#ip add 192.168.4.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 40 ip 192.168.4.254
mls2(config-if)#standby 40 priority 200
mls2(config-if)#standby 40 preempt
mls2(config-if)#standby 40 track f0/15 100
mls2(config-if)#exit
mls2(config)#spanning-tree vlan 300 priority 4096
mls2(config)#spanning-tree vlan 400 priority 4096
mls2(config)#ip route 0.0.0.0 0.0.0.0 f0/15