0301_互连模拟-白红宇

0301_互连模拟

阅读量：6229 次

发布时间：2019-06-21

本文共 9839 字，大约阅读时间需要 32 分钟。

拓扑图：

测试：

NORTH-R-14#sh ip na tr

Pro Inside global Inside local Outside local Outside global

udp 192.168.21.223:52813 10.10.10.50:52813 8.8.8.8:53 8.8.8.8:53

icmp192.168.21.223:1 10.10.10.50:1 192.168.21.254 192.168.21.254

udp 192.168.21.223:59348 10.10.10.50:59348 183.60.14.60:8000 183.60.14.60:8000

NORTH-R-14#

要求：

1.内网中的所有主机只能通过地址转换访问INTERNET。

2.使用两条ACL规则实现，交换机CORE-S-A上的网段ACL号使用10，交换机CORE-S-B上的网段ACL号使用30。

3.禁VLAN9和VLAN60上班时间访问外网（上班时间为周一至周五的9：00—18：00和周六的9：00—12：00）（10分）

4.禁止diannao部门访问guanli部门，但guanli部门可以访问diannao部门。（16分）

5.将内网WEB服务器发布到外网，使得外网能通过路由器的接口地址访问到内网的WEB服务器。

6.允许整个内部网络到外网的下载速率最大为2Mbps；为内网出外网时设置qos，分别为VLAN8保留20%，VLAN2保留10%的带宽，VLAN30保留800Kbps带宽。（25分）

配置文件：

hostname NORTH-R-14

aaa new-model

aaa authentication login login local

aaa authentication ppp FROMS local

aaa authentication ppp l2tp local

time-range work

periodic Weekdays 8:59 to 17:59

periodic Weekend 8:59 to 11:59

username userdce password chappass

username teluser password admin

username l2tp password l2tp

ip access-list standard 1

10 permit 172.16.1.0 0.0.0.255

20 permit 10.10.10.0 0.0.0.255

ip access-list standard 2

10 permit 10.10.10.16 0.0.0.15

ip access-list standard 8

10 permit 10.10.10.112 0.0.0.15

ip access-list standard 30

10 permit 172.16.1.128 0.0.0.63

ip access-list extended 100

10 permit ip any 10.10.10.0 0.0.0.255

20 permit ip any 192.168.100.0 0.0.0.255

30 permit ip any 2.2.14.0 0.0.0.255

40 deny ip 172.16.1.192 0.0.0.63 any time-range work

50 permit ip any any

ip local pool l2tp 192.168.200.1 192.168.200.254

vpdn enable

vpdn-group l2tp

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

l2tp tunnel authentication

l2tp tunnel password l2tp

class-map match-all vlan2

match access-group 2

class-map match-all vlan8

match access-group 8

class-map match-all vlan30

match access-group 30

policy-map 1

class vlan2

bandwidth percent 10

class vlan8

bandwidth percent 20

class vlan30

police cir 800000 80000 80000 conform-action drop exceed-action drop

interface Serial 2/0

encapsulation PPP

ppp authentication chap pap FROMS

ppp chap hostname userdte

ppp chap password chappass

ip nat inside

ip address 2.2.14.2 255.255.255.252

clock rate 64000

interface FastEthernet 0/0

ip nat outside

ip address 192.168.21.214 255.255.255.0

rate-limit input 2000000 200000 200000 conform-action continue exceed-action drop

interface FastEthernet 0/1

ip nat inside

ip access-group 100 in

ip address 192.168.100.9 255.255.255.252

service-policy output 1

interface Loopback 0

ip address 1.1.1.2 255.255.255.255

interface Loopback 10

ip address 192.168.200.1 255.255.255.0

interface Virtual-Template 1

ppp authentication pap l2tp

ip unnumbered Loopback 10

peer default ip address pool l2tp

ip nat pool connectpool 192.168.21.215 192.168.21.235 netmask 255.255.255.0

ip nat inside source list 1 pool connectpool overload

router ospf 10

router-id 1.1.1.2

redistribute rip subnets

network 2.2.14.0 0.0.0.3 area 0

default-information originate always

router rip

version 2

network 192.168.100.0

no auto-summary

redistribute ospf 10 metric 1

default-information originate

ip route 0.0.0.0 0.0.0.0 192.168.21.254

ip route 10.0.0.0 255.255.255.0 192.168.200.254

line vty 0 4

exec-timeout 0 90

end

NORTH-R-14#sh ip rou

S* 0.0.0.0/0 [1/0] via 192.168.21.254

C 1.1.1.2/32 is local host.

C 2.2.14.0/30 is directly connected, Serial 2/0

C 2.2.14.1/32 is directly connected, Serial 2/0

C 2.2.14.2/32 is local host.

S 10.0.0.0/24 [1/0] via 192.168.200.254

O E2 10.10.10.0/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.16/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.32/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.48/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.64/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.80/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.96/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.112/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.128/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.144/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

R 172.16.1.0/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.64/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.128/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.192/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

C 192.168.21.0/24 is directly connected, FastEthernet 0/0

C 192.168.21.214/32 is local host.

O E2 192.168.100.0/30 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 192.168.100.4/30 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

C 192.168.100.8/30 is directly connected, FastEthernet 0/1

C 192.168.100.9/32 is local host.

C 192.168.200.0/24 is directly connected, Loopback 10

C 192.168.200.1/32 is local host.

C 192.168.200.254/32 is directly connected, virtual-access 0

NORTH-R-14#sh ip int b

Interface IP-Address(Pri) IP-Address(Sec) Status Protocol

Serial 2/0 2.2.14.2/30 no address up up

Serial 3/0 no address no address down down

Serial 4/0 no address no address down down

FastEthernet 0/0 192.168.21.214/24 no address up up

FastEthernet 0/1 192.168.100.9/30 no address up up

Loopback 0 1.1.1.2/32 no address up up

Loopback 10 192.168.200.1/24 no address up up

Virtual-Template 1 192.168.200.1/24 no address down down

virtual-access 0 192.168.200.1/24 no address up up

NORTH-R-14#sh vp

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocID RemID Remote Name State Remote Address Port Sessions L2TP Class/

VPDN Group

2079 2 SOUTH-R-14 est 2.2.14.1 1701 1 l2tp

LocID RemID TunID Username, Intf/ State Last Chg

Vcid, Circuit

1 1 2079 l2tp,va0 est 00:03:13

hostname SOUTH-R-14

aaa new-model

aaa authentication login login local

aaa authentication ppp FROMS local

username userdte password chappass

username teluser password admin

enable password star14

l2tp-class l2tp

authentication

password l2tp

pseudowire-class l2tp

encapsulation l2tpv2

protocol l2tpv2 l2tp

ip local interface Serial 2/0

interface Serial 2/0

encapsulation PPP

ppp authentication chap pap FROMS

ppp chap hostname userdce

ppp chap password chappass

ip address 2.2.14.1 255.255.255.252

clock rate 64000

interface FastEthernet 0/0

ip address 192.168.100.1 255.255.255.252

interface FastEthernet 0/1

ip address 192.168.100.5 255.255.255.252

interface Loopback 0

ip address 1.1.1.1 255.255.255.255

interface Loopback 10

ip address 192.168.14.193 255.255.255.255

interface Virtual-ppp 1

ppp pap sent-username l2tp password l2tp

ip address 192.168.200.254 255.255.255.0

pseudowire 2.2.14.2 11 encapsulation l2tpv2 pw-class l2tp

router ospf 1

router-id 1.1.1.1

redistribute rip subnets

network 2.2.14.0 0.0.0.3 area 0

router rip

version 2

network 192.168.100.0

no auto-summary

redistribute ospf 1 metric 1

default-information originate

ip route 172.16.0.0 255.255.0.0 Virtual-ppp 1

line vty 0 4

exec-timeout 0 90

end

SOUTH-R-14#SH IP ROU

O*E2 0.0.0.0/0 [110/1] via 2.2.14.2, 09:41:15, Serial 2/0

C 1.1.1.1/32 is local host.

C 2.2.14.0/30 is directly connected, Serial 2/0

C 2.2.14.1/32 is local host.

C 2.2.14.2/32 is directly connected, Serial 2/0

R 10.10.10.0/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0