[Cisco] comprehensive experiment on DHCP, Rip, link aggregation, and ACL Access Control List

Tutorial topology:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/BF/wKiom1P_THjC8klUAAFlyn6ovHE323.jpg "Title =" 1.png" alt = "wkiom1p_thjc8kluaaflyn6ovhe323.jpg"/>

R3 is a gateway, R4 is an egress router, and DHCP is used. R5 is a vro on the Internet.

Lab requirements: 1. Three PCs belong to three VLANs

2. R1 and R2 are used for Link aggregation.

3. The Gateway ends at R3 to implement inter-VLAN routing.

4. C1, C2, and C3 obtain the IP address through the DHCP server

5. Allow Remote Management of vrouters R3 only.

Tutorial steps:

1. First configure r1

R1 # conf t

Enter configuration commands, one per line. End with cntl/Z.

R1 (config) # No IP routing

R1 (config) # vlan10, vlan20, and vlan30 are created for VLAN 10, 20, and 30.

R1 (config-VLAN) # ex

R1 (config) # int F1/1

R1 (config-If) # switchport access VLAN 10 F1/1 divided into VLAN 10

R1 (config-If) # int F1/2

R1 (config-If) # switchport access VLAN 20 F1/2 divided into VLAN 20

R1 (config-If) # int range F1/14-15

R1 (config-if-range) # channel-group 1 mode on

Creating a port-channel interface Port-channel1

* Mar 1 00:05:31. 643: % EC-5-BUNDLE: interface fa1/14 joined port-channel PO1

* Mar 1 00:05:31. 715: % EC-5-BUNDLE: interface fa1/15 joined port-channel PO1

R1 (config-if-range) # ex

* Mar 1 00:05:34. 591: % LINEPROTO-5-UPDOWN: Line protocol on interface Port-channel1, changed state to up

R1 (config) # int port-Channel 1

R1 (config-If) # Switch the switchport mode to the trunk Port

R1 (config-If) # ex

R1 (config )#

* Mar 1 00:05:43. 063: % EC-5-UNBUNDLE: interface fa1/14 left the port-channel PO1

* Mar 1 00:05:43. 095: % EC-5-UNBUNDLE: interface fa1/15 left the port-channel PO1

* Mar 1 00:05:43. 107: % EC-5-BUNDLE: interface fa1/15 joined port-channel PO1

* Mar 1 00:05:43. 155: % EC-5-BUNDLE: interface fa1/14 joined port-channel PO1

* Mar 1 00:05:43. 587: % DTP-5-TRUNKPORTON: Port fa1/14-15 has become dot1q trunk

* Mar 1 00:05:45. 091: % LINK-3-UPDOWN: interface Port-channel1, changed state to up

R1 (config) # int F1/3

R1 (config-If) # Switch the switchport mode trunk upstream port to trunk

* Mar 1 00:05:59. 855: % DTP-5-TRUNKPORTON: Port fa1/3 has become dot1q trunk

2. Configure r2

R2 # conf t

Enter configuration commands, one per line. End with cntl/Z.

R2 (config) # No IP routing

R2 (config) # VLAN 10, 20, 30

R2 (config-VLAN) # ex

R2 (config) # int F1/3

R2 (config-If) # switchport access VLAN 30

R2 (config) # int range F1/14-15

R2 (config-if-range) # same configuration of channel-group 1 mode on and r1

Creating a port-channel interface Port-channel1

* Mar 1 00:07:29. 195: % EC-5-BUNDLE: interface fa1/14 joined port-channel PO1

* Mar 1 00:07:29. 263: % EC-5-BUNDLE: interface fa1/15 joined port-channel PO1

* Mar 1 00:07:29. 463: % SPANTREE-7-RECV_1Q_NON_TRUNK: received 802.1Q BPDU on non trunk Port-channel1 vlan1.

* Mar 1 00:07:29. 463: % SPANTREE-7-BLOCK_PORT_TYPE: Blocking Port-channel1 on vlan1. inconsistent port type. pvst +: restarted the forward delay timer for Port-channel1

R2 (config-if-range) # ex

* Mar 1 00:07:32. 147: % LINEPROTO-5-UPDOWN: Line protocol on interface Port-channel1, changed state to up

R2 (config) # int port-Channel 1

R2 (config-If) # switchport mode trunk

R2 (config-If) # ex

* Mar 1 00:07:39. 463: % EC-5-UNBUNDLE: interface fa1/14 left the port-channel PO1

* Mar 1 00:07:39. 503: % EC-5-UNBUNDLE: interface fa1/15 left the port-channel PO1

* Mar 1 00:07:39. 523: % EC-5-BUNDLE: interface fa1/15 joined port-channel PO1

* Mar 1 00:07:39. 563: % EC-5-BUNDLE: interface fa1/14 joined port-channel PO1

* Mar 1 00:07:39. 991: % DTP-5-TRUNKPORTON: Port fa1/14-15 has become dot1q trunk

* Mar 1 00:07:41. 503: % LINK-3-UPDOWN: interface Port-channel1, changed state to up

3. Configure r3

R3 # conf t

Enter configuration commands, one per line. End with cntl/Z.

R3 (config) # IP routing

R3 (config) # int F1/1

R3 (config-If) # No sh

R3 (config-If) # switchport mode trunk

R3 (config-If) # ex

* Mar 1 00:08:56. 415: % DTP-5-TRUNKPORTON: Port fa1/1 has become dot1q trunk

R3 (config) # VLAN 10, 20, 30

R3 (config-VLAN) # ex

R3 (config) # int VLAN 10

* Mar 1 00:09:12. 307: % LINEPROTO-5-UPDOWN: Line protocol on interface vlan10, changed state to up

R3 (config-If) # IP add 192.168.10.1 255.255.0 vlan10 Gateway

R3 (config-If) # No sh

R3 (config-If) # IP helper-address 192.168.34.4 sets DHCP relay, and the target is the R4 interface address.

R3 (config-If) # int VLAN 20

R3 (config-If) # IP add 192.168.10.1 255.255.0 vlan20 Gateway

* Mar 1 00:09:59. 099: % LINEPROTO-5-UPDOWN: Line protocol on interface vlan20, changed state to up

R3 (config-If) # IP add 192.168.20.1 255.255.255.0

R3 (config-If) # No sh

R3 (config-If) # IP helper-address 192.168.34.4

R3 (config-If) # int VLAN 30

* Mar 1 00:10:13. 911: % LINEPROTO-5-UPDOWN: Line protocol on interface vlan30, changed state to up

R3 (config-If) # IP add 192.168.30.1 255.255.0 vlan30 Gateway

R3 (config-If) # No sh

R3 (config-If) # IP helper-address 192.168.34.4

R3 (config-If )#

R3 (config-If) # ex

Configure upstream port F1/2

R3 (config) # int F1/2

R3 (config-If) # No switchport

* Mar 1 00:10:42. 035: % LINEPROTO-5-UPDOWN: Line protocol on interface fastethernet1/2, changed state to up

R3 (config-If) # IP add 192.168.34.3 255.255.255.0

R3 (config-If) # No sh

R3 (config-If) # ex

R3 (config) # IP Route 0.0.0.0 0.0.0.0 192.168.34.4 indicates a default route to the egress router.

4. Configure r4

R4 (config) # int F0/1

R4 (config-If) # IP add 192.168.34.4 255.255.255.0

R4 (config-If) # No sh

R4 (config-If) # ex

* Mar 1 00:11:44. 315: % LINK-3-UPDOWN: interface fastethernet0/1, changed state to up

* Mar 1 00:11:45. 315: % LINEPROTO-5-UPDOWN: Line protocol on interface fastethernet0/1, changed state to up

Create three DHCP address pools to allocate IP addresses for the three VLANs.

R4 (config) # ip dhcp pool V10

R4 (DHCP-config) # network 192.168.10.0/24

R4 (DHCP-config) # default-router 192.168.10.1

R4 (DHCP-config) # ip dhcp pool V20

R4 (DHCP-config) # network 192.168.20.0/24

R4 (DHCP-config) # default-router 192.168.20.1

R4 (DHCP-config) # ip dhcp pool V30

R4 (DHCP-config) # network 192.168.30.0/24

R4 (DHCP-config) # default-router 192.168.30.1

R4 (DHCP-config) # ex

R4 (config) # int F0/0

R4 (config-If) # IP add 12.0.0.1 255.255.0

R4 (config-If) # No sh

R4 (config-If) # ex

R4 (config) # IP Route 192.168.10.0 255.255.255.0 192.168.34.3

R4 (config) # IP Route 192.168.20.0 255.255.255.0 192.168.34.3

R4 (config) # IP Route 192.168.30.0 255.255.255.0 192.168.34.3

Verify that the PC has been assigned to the address

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/BE/wKiom1P_QK7hQduJAAEf4Tj3QaA975.jpg "Title =" 2.png" alt = "wkiom1p_qk7hqdujaaef4tj3qaa975.jpg"/>

IP address obtained

Configure Nat and use the R4 Internet port to access the Internet

R4 (config) # int F0/1

R4 (config-If) # ip nat inside sets the Intranet Port

* Mar 1 01:30:41. 439: % LINEPROTO-5-UPDOWN: Line protocol on interface failed 0, changed state to up

R4 (config-If) # int F0/0

R4 (config-If) # Set the Internet port for ip nat outside

R4 (config-If) # ex

R4 (config) # access-List 10 permit 192.168.10.0 0.0.255 access list

R4 (config) # access-list 11 permit 192.168.20.0 0.0.255

R4 (config) # access-List 12 permit 192.168.30.0 0.0.255

R4 (config) # ip nat inside source list 10 int F0/1 overload Application List

R4 (config) # ip nat inside source list 11 int F0/1 overload

R4 (config) # ip nat inside source list 12 INT F0/1 overload

5. Configure R5

R5 # conf t

Enter configuration commands, one per line. End with cntl/Z.

R5 (config) # int F0/0

R5 (config-If) # IP add 12.0.0.2 255.255.255.0

R5 (config-If) # No sh

R5 (config-If) # ex

Test whether the PC can access the Internet vro

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/47/C0/wKioL1P_Si6ABN3kAACztgC6EPE459.jpg "Title =" 5.png" alt = "wkiol1p_si6abn3kaacztgc6epe459.jpg"/>

Yes

Note: because the Internet cannot refer to the IP address of the private network, dynamic route rip is used below to simulate the experiment.

R4

R4 (config) # router rip

R4 (config-router) # network 192.168.34.0

R4 (config-router) # network 12.0.0.0

R5

R5 (config) # router rip

R5 (config-router )#

* Mar 1 00:15:51. 191: % LINK-3-UPDOWN: interface fastethernet0/0, changed state to up

* Mar 1 00:15:52. 191: % LINEPROTO-5-UPDOWN: Line protocol on interface fastethernet0/0, changed state to up

R5 (config-router) # network 12.0.0.0

R5 (config-router) # ex

In the following example, only R5 can remotely manage R3, which must be implemented using the ACL control list.

R3 (config) # int l0 loose

* Mar 1 00:53:14. 715: % LINEPROTO-5-UPDOWN: Line protocol on interface loopback0, changed state to up

R3 (config-If) # IP add 3.3.3.3 255.255.255.0

R3 (config-If) # No sh

R3 (config-If) # ex

R3 (config) # router rip

R3 (config-router) # network 3.3.3.0

R3 (config-router) # network 192.168.10.0

R3 (config-router) # network 192.168.20.0

R3 (config-router) # network 192.168.30.0

R3 (config-router) # network 192.168.34.0

R3 (config) # access-List 1 permit host 12.0.0.2

R3 (config) # Line vty 0 4

R3 (config-line) # access-Class 1 in

R3 (config-line) # password ABC

R3 (config-line) # Login

Check whether R5 can telnet?

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/C0/wKioL1P_RGKwhe2MAACfluEwJOo253.jpg "Title =" 3.png" alt = "wkiol1p_rgkwhe2maacfluewjoo253.jpg"/>

Can R4?

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/47/C0/wKioL1P_RKzAiJurAAB206XTy4s075.jpg "Title =" 4.png" alt = "wkiol1p_rkzaijuraab206xty4s075.jpg"/>

Obviously, remote logon is rejected, so that the purpose of the experiment is achieved.

This article is from the "ne Road" blog, please be sure to keep this source http://332162926.blog.51cto.com/8831013/1546341

[Cisco] comprehensive experiment on DHCP, Rip, link aggregation, and ACL Access Control List