溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
實驗:
1.思路:數據包的走向
2.要求:vlan互通,VRRP 內網pat訪問外網,發布web服務器供外網訪問,
讓sw1作根交換機
1.配置sw10 創建vlan10 20 100
1端口加入vlan10 2和3端口為trunk模式
2.配置sw20 創建vlan10 20 40 100
1端口加入vlan100 3端口加入vlan40 2和4端口為trunk模式
配置vlanif 10 ip:192.168.10.254 24
vlanif20 ip:192.168.20.254 24
vlanif40 ip:192.168.40.1 24
vlanif100 ip:192.168.100.254 24
3.配置sw30 創建vlan10 20 50 100
1端口加入vlan20 3端口加入vlan50 2和4端口為trunk模式
配置vlanif 10 ip:192.168.10.253 24
vlanif20 ip:192.168.20.253 24
vlanif50 ip:192.168.50.1 24
vlanif100 ip:192.168.100.253 24
4.配置sw20 配置 vlan1的vrrp
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority150
vrrp vrid 10 track interface g0/0/3 reduce 80
vrrp vrid 10 track interface g0/0/2 reduce 80
配置 vlan100的vrrp
vrrp vrid 100 virtual-ip 192.168.100.250
vrrp vrid 100 priority150
vrrp vrid 100 track interface g0/0/3 reduce 80
vrrp vrid 100 track interface g0/0/2 reduce 80
配置 vlan20的vrrp
vrrp vrid 20 virtual-ip 192.168.20.250
5.配置sw30 配置 vlan10的vrrp
vrrp vrid 10 virtual-ip 192.168.20.250
配置 vlan20的vrrp
vrrp vrid 20 virtual-ip 192.168.20.250
vrrp vrid 20priority150
vrrp vrid 20 track interface g0/0/3 reduce 80
vrrp vrid 20 track interface g0/0/2 reduce 80
配置 vlan100的vrrp
vrrp vrid 100 virtual-ip 192.168.100.250
6.配置sw20 配置rip
rip
version2
network 192.168.10.0
network 192.168.100.0
network 192.168.20.0
network 192.168.40.0
靜態浮動路由
ip route-static 0.0.0.0 0.0.0.0 192.168.40.254
7.配置sw30 配置rip
rip
version2
network 192.168.10.0
network 192.168.20.0
network 192.168.50.0
network 192.168.100.0
靜態浮動路由
ip route-static 0.0.0.0 0.0.0.0 192.168.50.254
8.配置防火墻
interface g0
nameif inside1
no shutdown
ip address 192.168.40.254 255.255.255.0
security-level 100
interface g1
nameif inside2
no shutdown
ip address 192.168.50.254 255.255.255.0
security-level 90
interface g2
nameif outside
no shutdown
ip address 200.8.8.1 255.255.255.252
security-level 0
配置默認路由
route inside1 192.168.10.0 255.255.255.0 192.168.40.1
route inside1 192.168.100.0 255.255.255.0 192.168.40.1
route inside2 192.168.20.0 255.255.255.0 192.168.50.1
route outside 200.1.1.0 255.255.255.0 200.8.8.2
備份
route inside2 192.168.1.0 255.255.255.0 192.168.50.2
route inside2 192.168.100.0 255.255.255.0 192.168.50.2
route inside2 192.168.2.0 255.255.255.0 192.168.50.2
9.配置AR1
配置0端口ip:200.1.1.254 24
1端口ip:200.8.8.2 255.255.255.252
配置靜態浮動路由
ip route-static 0.0.0.0 0.0.0.0 200.8.8.1
10.在防火墻上配置靜態NAT
object network ob-in1
subnet 192.168.10.0 255.255.255.0
nat (inside1,outside)dynamic 119.1.1.1
object network ob-in2
subnet 192.168.20.0 255.255.255.0
nat (inside2,outside)dynamic 119.1.1.2
此時client1和clent2 都可訪問公網ftp 并抓包查看 內網地址已轉化
配置動態PAT 使公網訪問內網
object network ob-out
host 119.1.1.3
object network outside
host 200.1.1.1
nat (outside,inside1)static ob-out service tcp 80 80
配置ACL
access-list out-to-ins permit tcp any object inside1 eq http
access-group out-to-ins in interface outside
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
