实验拓扑：

R3为网关，R4为出口路由器，并且为DHCP路由器，R5为外网一台路由器

实验要求：1.三台PC属于3个vlan

2.R1,R2做链路聚合

3.网关终结在R3,实现vlan间路由

4.c1,c2,c3通过dhcp服务器获得IP

5.只允许外网路由器R5来远程管理R3，R1,R2

实验步骤:

@H_404_24@

首先配置R1

R1#conf t

Enter configuration commands,one per line. End with CNTL/Z.

R1(config)#no ip routing

R1(config)#vlan 10,20,30 建立vlan10,vlan20,vlan30

R1(config-vlan)#ex

R1(config)#int f1/1

R1(config-if)#switchport access vlan 10 f1/1划分为vlan 10

R1(config-if)#int f1/2

R1(config-if)#switchport access vlan 20 f1/2划分为vlan 20

R1(config-if)#int range f1/14 -15

R1(config-if-range)#channel-group 1 mode on 建立链路聚合组

Creating a port-channel interface Port-channel1

*Mar 1 00:05:31.643: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar 1 00:05:31.715: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

R1(config-if-range)#ex

*Mar 1 00:05:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,changed state to up

R1(config)#int port-channel 1

R1(config-if)#switchport mode trunk 改为trunk口

R1(config-if)#ex

R1(config)#

*Mar 1 00:05:43.063: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar 1 00:05:43.095: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar 1 00:05:43.107: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar 1 00:05:43.155: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar 1 00:05:43.587: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk

*Mar 1 00:05:45.091: %LINK-3-UPDOWN: Interface Port-channel1,changed state to up

R1(config)#int f1/3

R1(config-if)#switchport mode trunk 上行口也改为trunk

*Mar 1 00:05:59.855: %DTP-5-TRUNKPORTON: Port Fa1/3 has become dot1q trunk

2.配置R2

R2#conf t

Enter configuration commands,one per line. End with CNTL/Z.

R2(config)#no ip routing

R2(config)#vlan 10,30

R2(config-vlan)#ex

R2(config)#int f1/3

R2(config-if)#switchport access vlan 30

R2(config)#int range f1/14 -15

R2(config-if-range)#channel-group 1 mode on 与R1做相同配置

Creating a port-channel interface Port-channel1

*Mar 1 00:07:29.195: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar 1 00:07:29.263: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar 1 00:07:29.463: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk Port-channel1 VLAN1.

*Mar 1 00:07:29.463: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking Port-channel1 on VLAN1. Inconsistent port type.PVST+: restarted the forward delay timer for Port-channel1

R2(config-if-range)#ex

*Mar 1 00:07:32.147: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,changed state to up

R2(config)#int port-channel 1

R2(config-if)#switchport mode trunk

R2(config-if)#ex

*Mar 1 00:07:39.463: %EC-5-UNBUNDLE: Interface Fa1/14 left the port-channel Po1

*Mar 1 00:07:39.503: %EC-5-UNBUNDLE: Interface Fa1/15 left the port-channel Po1

*Mar 1 00:07:39.523: %EC-5-BUNDLE: Interface Fa1/15 joined port-channel Po1

*Mar 1 00:07:39.563: %EC-5-BUNDLE: Interface Fa1/14 joined port-channel Po1

*Mar 1 00:07:39.991: %DTP-5-TRUNKPORTON: Port Fa1/14-15 has become dot1q trunk

*Mar 1 00:07:41.503: %LINK-3-UPDOWN: Interface Port-channel1,changed state to up

3.配置R3

R3#conf t

Enter configuration commands,one per line. End with CNTL/Z.

R3(config)#ip routing

R3(config)#int f1/1

R3(config-if)#no sh

R3(config-if)#switchport mode trunk

R3(config-if)#ex

*Mar 1 00:08:56.415: %DTP-5-TRUNKPORTON: Port Fa1/1 has become dot1q trunk

R3(config)#vlan 10,30

R3(config-vlan)#ex

R3(config)#int vlan 10

*Mar 1 00:09:12.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10,changed state to up

R3(config-if)#ip add 192.168.10.1 255.255.255.0 vlan10网关

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4 设置DHCP中继，目标为R4接口地址

R3(config-if)#int vlan 20

R3(config-if)#ip add 192.168.10.1 255.255.255.0 vlan20网关

*Mar 1 00:09:59.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20,changed state to up

R3(config-if)#ip add 192.168.20.1 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4

R3(config-if)#int vlan 30

*Mar 1 00:10:13.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30,changed state to up

R3(config-if)#ip add 192.168.30.1 255.255.255.0 vlan30网关

R3(config-if)#no sh

R3(config-if)#ip helper-address 192.168.34.4

R3(config-if)#

R3(config-if)#ex

配置上行口f1/2

R3(config)#int f1/2

R3(config-if)#no switchport

*Mar 1 00:10:42.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/2,changed state to up

R3(config-if)#ip add 192.168.34.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#ex

R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.34.4 指一条默认路由给出口路由器

4.配置R4

R4(config)#int f0/1

R4(config-if)#ip add 192.168.34.4 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

*Mar 1 00:11:44.315: %LINK-3-UPDOWN: Interface FastEthernet0/1,changed state to up

*Mar 1 00:11:45.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,changed state to up

做3个DHCP地址池来为3个vlan 分配IP

R4(config)#ip dhcp pool v10

R4(dhcp-config)#network 192.168.10.0 /24

R4(dhcp-config)#default-router 192.168.10.1

R4(dhcp-config)#ip dhcp pool v20

R4(dhcp-config)#network 192.168.20.0 /24

R4(dhcp-config)#default-router 192.168.20.1

R4(dhcp-config)#ip dhcp pool v30

R4(dhcp-config)#network 192.168.30.0 /24

R4(dhcp-config)#default-router 192.168.30.1

R4(dhcp-config)#ex

R4(config)#int f0/0

R4(config-if)#ip add 12.0.0.1 255.255.255.0

R4(config-if)#no sh

R4(config-if)#ex

R4(config)#ip route 192.168.10.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.20.0 255.255.255.0 192.168.34.3

R4(config)#ip route 192.168.30.0 255.255.255.0 192.168.34.3

可以验证pc是否已分配到地址

@L_502_1@

IP已经获得

配置NAT，用R4外网口上网

R4(config)#int f0/1

R4(config-if)#ip nat inside 设置内网口

*Mar 1 01:30:41.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0,changed state to up

R4(config-if)#int f0/0

R4(config-if)#ip nat outside 设置外网口

R4(config-if)#ex

R4(config)#access-list 10 permit 192.168.10.0 0.0.0.255 访问列表

R4(config)#access-list 11 permit 192.168.20.0 0.0.0.255

R4(config)#access-list 12 permit 192.168.30.0 0.0.0.255

R4(config)#ip nat inside source list 10 int f0/1 overload 应用列表

R4(config)#ip nat inside source list 11 int f0/1 overload

R4(config)#ip nat inside source list 12 int f0/1 overload

5.配置R5

R5#conf t

Enter configuration commands,one per line. End with CNTL/Z.

R5(config)#int f0/0

R5(config-if)#ip add 12.0.0.2 255.255.255.0

R5(config-if)#no sh

R5(config-if)#ex

测试下pc能否访问外网路由器

是通的

下面，通过R5来管理R3,R2,R1，可以选择端口映射在R4的外网口来实现，但是在现网中，这种方法不是很合适，因为需要记住多个端口号。

所以，可以使用“跳板”的办法，先远程登录R4，再以R4为跳板，远程登录R3,接着R1,R2。

首先在R1,R2上做管理vlan1的IP，便于访问。

R1(config)#int vlan 1

R1(config-if)#ip add 192.168.1.10 255.255.255.0

R1(config-if)#no sh

R1(config-if)#ex

R1(config)#ip default-gateway 192.168.1.1

R1(config)#line vty 0 4

R1(config-line)#password abc

R1(config-line)#login

R2(config)#int vlan 1

R2(config-if)#ip add 192.168.1.20 255.255.255.0

R2(config-if)#no sh

R2(config-if)#ex

R2(config)#ip default-gateway 192.168.1.1

R2(config)#line vty 0 4

R2(config-line)#password abc

R2(config-line)#login

R3(config)#line vty 0 4

R3(config-line)#password abc

R3(config-line)#login

R3(config-line)#end

R3#conf t

*Mar 1 00:56:21.135: %SYS-5-CONFIG_I: Configured from console by console

R3#conf t

Enter configuration commands,one per line. End with CNTL/Z.

R3(config)#vlan 1

R3(config-vlan)#int vlan 1

R3(config-if)#ip add 192.168.1.1 255.255.255.0

R3(config-if)#no sh

注意，为安全考虑，要在R4远程登录上做ACL访问控制列表，只允许R5访问。

R4(config)#access-list 1 permit host 12.0.0.2

R4(config)#line vty 0 4

R4(config-line)#access-class 1 in

R4(config-line)#password abc

R4(config-line)#login

R4(config-line)#ex

下面可以测试了

先登录R4

继续登录R3

下面可以登录R1,R2了

都成功登录了，实验目的达到。