組網(wǎng)技術(shù)-知識(shí)概要-基于ENSP

69/69配置TelnetIP配置如圖配置，現(xiàn)在配置telnet配置vty密碼方式驗(yàn)證登錄telnet[R1]user-interfacevty04[R1-ui-vty0-4]authentication-modepasswordPleaseconfiguretheloginpassword(maximumlength16):siseAAA模式進(jìn)行配置驗(yàn)證登錄telnet用戶sise，密碼123，privilegelevel3代表優(yōu)先級(jí)為3，數(shù)值越高權(quán)限越高[R1]aaa[R1-aaa]local-usersisepasswordcipher123privilegelevel3[R1-aaa]local-usersiseservice-typetelnet[R1-aaa]quit[R1]user-interfacevty04[R1-ui-vty0-4]authentication-modeaaa配置STelnet首先配置RSA本地密鑰對(duì)[R2-GigabitEthernet0/0/0]rsalocal-key-paircreate接著創(chuàng)建新用戶用于遠(yuǎn)程登錄[R2]user-interfacevty04[R2-ui-vty0-4]authentication-modeaaa[R2-ui-vty0-4]protocolinboundssh限制該虛擬終端登錄只能用ssh[R2-ui-vty0-4]aaa[R2-aaa]local-usersisepasswordcipher123Info:Addanewuser.[R2-aaa]local-usersiseservice-typessh[R2-aaa]sshusersiseauthentication-typepassword配置SSHClient此功能用于不對(duì)服務(wù)器的RSA公鑰進(jìn)行有效性檢查[R1]sshclientfirst-timeenable拓展：配置SFTP[R2]aaa[R2-aaa]local-usersisepasswordcipher123[R2-aaa]local-usersiseservice-typessh[R2-aaa]local-usersiseprivilegelevel3[R2-aaa]local-usersiseftp-directoryflash:[R2-aaa]sshusersiseauthentication-typepassword[R2-aaa]sftpserverenable配置FTPFTPServer設(shè)置將路由器配置成FTPServer[R2-aaa]local-usersisepasswordcipher123[R2-aaa]local-usersiseservice-typeftp[R2-aaa]local-usersiseftp-directoryflash:[R2-aaa]local-usersiseprivilegelevel15電腦作為FTPClient配置ProxyARP實(shí)現(xiàn)跨網(wǎng)段通訊IP配置如圖所示此處忽略命令在R1的兩個(gè)接口上配置ProxyARP[R1]interfaceg0/0/1[R1-GigabitEthernet0/0/1]arp-proxyenable[R1-GigabitEthernet0/0/1]interfaceg0/0/2[R1-GigabitEthernet0/0/2]arp-proxyenable注意：該方法配置的arp代理，主機(jī)是不用配置網(wǎng)關(guān)的單臂路由IP配置如圖所示此處忽略命令配置Trunk，Access接口以及VLAN[S1]vlanbatch102030[S1]interfaceg0/0/2[S1-GigabitEthernet0/0/2]portlink-typetrunk[S1-GigabitEthernet0/0/2]porttrunkallow-passvlan1020[S1-GigabitEthernet0/0/2]interfaceg0/0/3[S1-GigabitEthernet0/0/3]portlink-typetrunk[S1-GigabitEthernet0/0/3]porttrunkallow-passvlan30[S1-GigabitEthernet0/0/3]interfaceg0/0/1[S1-GigabitEthernet0/0/1]portlink-typetrunk[S1-GigabitEthernet0/0/1]porttrunkallow-passvlan102030[S2]vlan10[S2-vlan10]descriptionHR[S2-vlan10]vlan20[S2-vlan20]descriptionMarket[S2-vlan20]interfacee0/0/1[S2-Ethernet0/0/1]portlink-typeaccess[S2-Ethernet0/0/1]portdefaultvlan10[S2-Ethernet0/0/1]interfacee0/0/2[S2-Ethernet0/0/2]portlink-typeaccess[S2-Ethernet0/0/2]portdefaultvlan20[S2-Ethernet0/0/2]intg0/0/2[S2-GigabitEthernet0/0/2]portlink-typetrunk[S2-GigabitEthernet0/0/2]porttrunkallow-passvlanall[S3]vlan30[S3-vlan30]descriptionManager[S3-vlan30]interfacee0/0/1[S3-Ethernet0/0/1]portlink-typeaccess[S3-Ethernet0/0/1]portdefaultvlan30[S3-Ethernet0/0/1]interfacee0/0/2[S3-Ethernet0/0/2]portlink-typetrunk[S3-Ethernet0/0/2]porttrunkallow-passvlanall配置路由器子接口和IP地址[R1]intg0/0/1.1[R1-GigabitEthernet0/0/1.1]ipaddress5424[R1-GigabitEthernet0/0/1.1]intg0/0/1.2[R1-GigabitEthernet0/0/1.2]ipaddress5424[R1-GigabitEthernet0/0/1.2]intg0/0/1.3[R1-GigabitEthernet0/0/1.3]ipaddress5424配置路由器子接口封裝VLAN[R1-GigabitEthernet0/0/1.1]dot1qterminationvid10[R1-GigabitEthernet0/0/1.1]arpbroadcastenable[R1-GigabitEthernet0/0/1.1]intg0/0/1.2[R1-GigabitEthernet0/0/1.2]dot1qterminationvid20[R1-GigabitEthernet0/0/1.2]arpbroadcastenable[R1-GigabitEthernet0/0/1.2]intg0/0/1.3[R1-GigabitEthernet0/0/1.3]dot1qterminationvid30[R1-GigabitEthernet0/0/1.3]arpbroadcastenable因?yàn)槁酚善鳠o(wú)法識(shí)別VLAN標(biāo)簽所以，必須要去標(biāo)簽（VLANIF）三層交換機(jī)實(shí)現(xiàn)VLAN間路由IP配置如圖所示此處忽略命令，以及端口間使用trunk和access配置也省略（交換機(jī)間用trunk，交換機(jī)與主機(jī)用access，交換機(jī)與路由器用trunk）在三層交換機(jī)S1配置兩個(gè)VLANIF接口，作為兩個(gè)VLAN的網(wǎng)關(guān)[S1]interfacevlanif10[S1-Vlanif10]ipaddress5424[S1-Vlanif10]interfacevlanif20[S1-Vlanif20]ipaddress5424Hybrid接口的應(yīng)用配置除PC-5外的vlan間通信[S1]vlanbatch102030[S1]interfacee0/0/2[S1-Ethernet0/0/2]porthybriduntaggedvlan20[S1-Ethernet0/0/2]porthybridpvidvlan20[S1-Ethernet0/0/2]interfacee0/0/3[S1-Ethernet0/0/3]porthybriduntaggedvlan10[S1-Ethernet0/0/3]porthybridpvidvlan10[S1-Ethernet0/0/3]interfacee0/0/1[S1-Ethernet0/0/1]porthybridtaggedvlan1020[S2]vlanbatch102030[S2]interfacee0/0/2[S2-Ethernet0/0/2]porthybriduntaggedvlan20從交換機(jī)進(jìn)來(lái)去標(biāo)[S2-Ethernet0/0/2]porthybridpvidvlan20從交換機(jī)出去分配到vlan20[S2-Ethernet0/0/2]interfacee0/0/3[S2-Ethernet0/0/3]porthybriduntaggedvlan10[S2-Ethernet0/0/3]porthybridpvidvlan10[S2-Ethernet0/0/3]interfacee0/0/1[S2-Ethernet0/0/1]porthybridtaggedvlan1020實(shí)現(xiàn)IT技術(shù)部訪問(wèn)其它VLAN[S1]interfacee0/0/4[S1-Ethernet0/0/4]porthybridpvidvlan30[S1-Ethernet0/0/4]porthybriduntaggedvlan102030[S1-Ethernet0/0/4]interfacee0/0/2[S1-Ethernet0/0/2]porthybriduntaggedvlan2030[S1-Ethernet0/0/2]interfacee0/0/3[S1-Ethernet0/0/3]porthybriduntaggedvlan1030[S1-Ethernet0/0/3]interfacee0/0/1[S1-Ethernet0/0/1]porthybridtaggedvlan102030[S2-Ethernet0/0/1]interfacee0/0/1[S2-Ethernet0/0/1]porthybridtaggedvlan102030[S2-Ethernet0/0/1]interfacee0/0/2[S2-Ethernet0/0/2]porthybriduntaggedvlan2030[S2-Ethernet0/0/2]interfacee0/0/3[S2-Ethernet0/0/3]porthybriduntaggedvlan1030生成樹(shù)RSTP配置華為交換機(jī)默認(rèn)是MSTP，所以要開(kāi)啟RSTP，stpmoderstp配置根交換機(jī)與次根交換機(jī)[S1]stprootprimary[S2]stprootsecondary配置邊緣端口[S3]interfacee0/0/1[S3-Ethernet0/0/1]stpedged-portenable[S4]interfacee0/0/1[S4-Ethernet0/0/1]stpedged-portenable服務(wù)器與交換機(jī)進(jìn)行端口配置時(shí)，服務(wù)器的入接口為access接口，且需要配置邊緣端口。作用：當(dāng)沒(méi)配置為邊緣端口時(shí)，一個(gè)接口要參與生成樹(shù)計(jì)算，要經(jīng)過(guò)Discarding和Learning狀態(tài)，30s后才最終進(jìn)入轉(zhuǎn)發(fā)狀態(tài)。最終導(dǎo)致了延遲的情況。所以為了提高網(wǎng)絡(luò)的可用性，應(yīng)當(dāng)配置邊緣端口MSTP配置IP如圖配置，以及接口混合配置配置MSTP多實(shí)例解決不足[S1]stpregion-configuration[S1-mst-region]region-namesise[S1-mst-region]revision-level1[S1-mst-region]instance1vlan10[S1-mst-region]instance2vlan20[S1-mst-region]activeregion-configuration[S2]stpregion-configuration[S2-mst-region]region-namesise[S2-mst-region]revision-level1[S2-mst-region]instance1vlan10[S2-mst-region]instance2vlan20[S2-mst-region]activeregion-configuration[S3]stpregion-configuration[S3-mst-region]region-namesise[S3-mst-region]revision-level1[S3-mst-region]instance1vlan10[S3-mst-region]instance2vlan20[S3-mst-region]activeregion-configuration配置不同實(shí)例的優(yōu)先級(jí)[S1]stpinstance1priority0[S2]stpinstance2priority0上述兩條命令等價(jià)于[S1]stpinstance1rootprimary[S2]stpinstance2rootprimary結(jié)果圖：GVRP用于動(dòng)態(tài)注冊(cè)VLAN配置GVRP單向注冊(cè)接口[S1]vlanbatch1020[S1]gvrp[S1]interfacee0/0/1[S1-Ethernet0/0/1]pla[S1-Ethernet0/0/1]pdvlan10[S1-Ethernet0/0/1]interfacee0/0/2[S1-Ethernet0/0/2]pla[S1-Ethernet0/0/2]pdvlan20[S1-GigabitEthernet0/0/1]plt[S1-GigabitEthernet0/0/1]ptallow-passvlanall[S1-GigabitEthernet0/0/1]gvrp[S2]gvrp[S2]interfaceg0/0/2[S2-GigabitEthernet0/0/2]gvrp[S2-GigabitEthernet0/0/2]plt[S2-GigabitEthernet0/0/2]ptallow-passvlanall[S2-GigabitEthernet0/0/2]interfaceg0/0/1[S2-GigabitEthernet0/0/1]gvrp[S2-GigabitEthernet0/0/1]plt[S2-GigabitEthernet0/0/1]ptallow-passvlanall[S3]gvrp[S3]interfaceg0/0/1[S3-GigabitEthernet0/0/1]gvrp[S3-GigabitEthernet0/0/1]plt[S3-GigabitEthernet0/0/1]ptallow-passvlanall[S3-GigabitEthernet0/0/1]interfaceg0/0/2[S3-GigabitEthernet0/0/2]gvrp[S3-GigabitEthernet0/0/2]plt[S3-GigabitEthernet0/0/2]ptallow-passvlanall[S4]gvrp[S4]interfaceg0/0/1[S4-GigabitEthernet0/0/1]plt[S4-GigabitEthernet0/0/1]ptallow-passvlanall[S4-GigabitEthernet0/0/1]gvrp配置GVRP雙向注冊(cè)（需要在S4上手工創(chuàng)建VLAN）[S4]vlanbatch1020[S4]interfacee0/0/1[S4-Ethernet0/0/1]portlink-typeaccess[S4-Ethernet0/0/1]portdefaultvlan10[S4-Ethernet0/0/1]interfacee0/0/2[S4-Ethernet0/0/2]portdefaultvlan20三種注冊(cè)模式GVRP有三種注冊(cè)模式，不同的模式對(duì)靜態(tài)VLAN和動(dòng)態(tài)VLAN的處理方式也不同。GVRP的三種注冊(cè)模式分別定義如下：Normal模式：允許動(dòng)態(tài)VLAN在端口上進(jìn)行注冊(cè)，同時(shí)會(huì)發(fā)送靜態(tài)VLAN和動(dòng)態(tài)VLAN的聲明消息。Fixed模式：不允許動(dòng)態(tài)VLAN在端口上注冊(cè)，只發(fā)送靜態(tài)VLAN的聲明消息。Forbidden模式：不允許動(dòng)態(tài)VLAN在端口上進(jìn)行注冊(cè)，同時(shí)刪除端口上除VLAN1外的所有VLAN，只發(fā)送VLAN1的聲明消息。SmartLink與MonitorLink的配合使用SmartLink[S1]smart-linkgroup1[S1-smlk-group1]smart-linkenable[S1-smlk-group1]interfacee0/0/3[S1-Ethernet0/0/3]stpdisable[S1-Ethernet0/0/3]interfacee0/0/4[S1-Ethernet0/0/4]stpdisable#運(yùn)行SmartLink的接口需要關(guān)閉生成樹(shù)協(xié)議[S1-Ethernet0/0/4]quit[S1]smart-linkgroup1[S1-smlk-group1]porte0/0/4master#配置該接口為主接口[S1-smlk-group1]porte0/0/3slave#配置該接口為備份接口注意：一旦主接口出故障，就會(huì)把備份接口作為主接口進(jìn)行切換，這就是Smartlink的作用配置回切時(shí)間配置回切時(shí)間30s[S1-Ethernet0/0/3]smart-linkgroup1[S1-smlk-group1]restoreenable[S1-smlk-group1]timerwtr30配置MonitorLink[S3-GigabitEthernet0/0/2]monitor-linkgroup1[S3-mtlk-group1]portg0/0/2uplink[S3-mtlk-group1]porte0/0/4downlink配置鏈路聚合（配置Trunk時(shí)，交換機(jī)的接口不能先配置為trunk接口，否則會(huì)出錯(cuò)）Eth-trunk工作模式分為手工負(fù)載分擔(dān)模式和靜態(tài)LACP模式displayeth-trunk查看聚合狀態(tài)手工負(fù)載分擔(dān)模式manualload-balance[S1]inteth-trunk1[S1-Eth-Trunk1]modemanualload-balance[S1-Eth-Trunk1]intg0/0/1[S1-GigabitEthernet0/0/1]eth-trunk1[S1-GigabitEthernet0/0/1]intg0/0/2[S1-GigabitEthernet0/0/2]eth-trunk1[S1-GigabitEthernet0/0/2]intg0/0/5[S1-GigabitEthernet0/0/5]eth-trunk1[S2]inteth-trunk1[S2-Eth-Trunk1]modemanualload-balance[S2-Eth-Trunk1]intg0/0/1[S2-GigabitEthernet0/0/1]eth-trunk1[S2-GigabitEthernet0/0/1]intg0/0/2[S2-GigabitEthernet0/0/2]eth-trunk1[S2-GigabitEthernet0/0/2]intg0/0/5[S2-GigabitEthernet0/0/5]eth-trunk1靜態(tài)LACP模式lacp-static[S1]inteth-trunk1[S1-Eth-Trunk1]modelacp-static[S1]intg0/0/1[S1-GigabitEthernet0/0/1]eth-trunk1[S1-GigabitEthernet0/0/1]intg0/0/2[S1-GigabitEthernet0/0/2]eth-trunk1[S1-GigabitEthernet0/0/2]intg0/0/5[S1-GigabitEthernet0/0/5]eth-trunk1[S2]inteth-trunk1[S2-Eth-Trunk1]modelacp-static[S2]intg0/0/1[S2-GigabitEthernet0/0/1]eth-trunk1[S2-GigabitEthernet0/0/1]intg0/0/2[S2-GigabitEthernet0/0/2]eth-trunk1[S2-GigabitEthernet0/0/2]intg0/0/5[S2-GigabitEthernet0/0/5]eth-trunk1配置優(yōu)先級(jí)選出主動(dòng)端修改系統(tǒng)優(yōu)先級(jí)，使其稱(chēng)為主動(dòng)端（值越低優(yōu)先級(jí)越高）[S1]lacppriority100補(bǔ)充：兩端選出主動(dòng)端后，兩端都會(huì)以主動(dòng)端的接口優(yōu)先級(jí)來(lái)選擇活動(dòng)接口。兩端設(shè)備選擇了一致的活動(dòng)端口，活動(dòng)鏈路組便可以建立起來(lái)，設(shè)置這些活動(dòng)鏈路來(lái)負(fù)載分擔(dān)的方式轉(zhuǎn)發(fā)數(shù)據(jù)。配置活動(dòng)接口上限閾值 [S1]interfaceeth-trunk1[S1-Eth-Trunk1]maxactive-linknumber2#設(shè)置為2在主動(dòng)端配置優(yōu)先級(jí)選擇活動(dòng)鏈路[S1]interfaceg0/0/1[S1-GigabitEthernet0/0/1]lacppriority100[S1-GigabitEthernet0/0/1]interfaceg0/0/2[S1-GigabitEthernet0/0/2]lacppriority100靜態(tài)路由配置先進(jìn)行各設(shè)備IP配置[R1]interfaceg0/0/1[R1-GigabitEthernet0/0/1]ipaddress10.09.12.124[R1-GigabitEthernet0/0/1]interfaceg0/0/2[R1-GigabitEthernet0/0/2]ipaddress10.09.1.25424[R1-GigabitEthernet0/0/2]interfaceg0/0/0[R1-GigabitEthernet0/0/0]ipaddress10.09.13.124[R2]interfaceg0/0/1[R2-GigabitEthernet0/0/1]ipaddress10.09.12.224[R2-GigabitEthernet0/0/1]interfaceg0/0/2[R2-GigabitEthernet0/0/2]ipaddress10.09.23.224[R2-GigabitEthernet0/0/2]interfaceg0/0/0[R2-GigabitEthernet0/0/0]ipaddress10.09.2.25424[R3]interfaceg0/0/1[R3-GigabitEthernet0/0/1]ipaddress10.09.3.25424[R3-GigabitEthernet0/0/1]interfaceg0/0/2[R3-GigabitEthernet0/0/2]ipaddress10.09.23.324[R3-GigabitEthernet0/0/2]interfaceg0/0/0[R3-GigabitEthernet0/0/0]ipaddress10.09.13.324配置靜態(tài)路由配置R1目的地址為/24和/24的靜態(tài)路由。默認(rèn)靜態(tài)路由優(yōu)先級(jí)為60，無(wú)需額外配置路由優(yōu)先級(jí)信息。[R1]iproute-static10.09.2.02410.09.12.2[R1]iproute-static10.09.3.02410.09.13.3配置R2目的地址為/24和/24的靜態(tài)路由。默認(rèn)靜態(tài)路由優(yōu)先級(jí)為60，無(wú)需額外配置路由優(yōu)先級(jí)信息。[R2]iproute-static10.09.1.02410.09.12.1[R2]iproute-static10.09.3.02410.09.23.3配置R3目的地址為/24和/24的靜態(tài)路由。默認(rèn)靜態(tài)路由優(yōu)先級(jí)為60，無(wú)需額外配置路由優(yōu)先級(jí)信息。[R3]iproute-static10.09.1.02410.09.13.1[R3]iproute-static10.09.2.02410.09.23.2配置備份靜態(tài)路由R2與網(wǎng)絡(luò)10.09.1.0和10.09.3.0之間交互的數(shù)據(jù)通過(guò)R2與R3間的鏈路傳輸。如果R2和R3間的鏈路發(fā)生故障，R2將不能與網(wǎng)絡(luò)10.09.3.0。但是根據(jù)拓?fù)鋱D可以看出，當(dāng)R2和R3間的鏈路發(fā)生故障時(shí)，R2還可以通過(guò)R1與R3通信。所以可以通過(guò)配置一條備份靜態(tài)路由實(shí)現(xiàn)路由的冗余備份。正常情況下，備份靜態(tài)路由不生效。當(dāng)R2和R3間的鏈路發(fā)生故障時(shí)，才使用備份靜態(tài)路由傳輸數(shù)據(jù)。配置備份靜態(tài)路由時(shí)，需要修改備份靜態(tài)路由的優(yōu)先級(jí)，確保只有主鏈路故障時(shí)才使用備份路由。本任務(wù)中，需要將備份靜態(tài)路由的優(yōu)先級(jí)修改為80。[R2]iproute-static10.09.13.010.09.12.1preference80[R2]iproute-static10.09.3.02410.09.12.1preference80[R3]iproute-static10.09.12.02410.09.13.1preference80[R3]iproute-static10.09.2.02410.09.13.1preference80配置備份缺省路由當(dāng)R1與R3間的鏈路發(fā)生故障時(shí)，R1可以使用備份缺省路由通過(guò)R2實(shí)現(xiàn)與10.09.23.3和10.09.3.0網(wǎng)絡(luò)間通信。配置兩條備份路由，確保數(shù)據(jù)來(lái)回的雙向都有路由。[R1]iproute-staticpreference80[R2]iproute-static10.09.1.02410.09.23.3preference80[R3]iproute-static10.09.12.02410.09.23.2preference80[R3]iproute-static10.09.1.02410.09.23.2preference80RIP配置水平分割:指的是RIP從某個(gè)接口接收到的路由信息,不會(huì)從該接口再發(fā)回給鄰居設(shè)備.這樣不但減少了帶寬消耗,還可以防止路由環(huán)路。在華為設(shè)備上，水平分割功能默認(rèn)情況下是開(kāi)啟的。關(guān)閉水平分割：undoripsplit-horizon觸發(fā)更新：當(dāng)路由信息發(fā)生變化時(shí)，運(yùn)行RIP設(shè)備會(huì)立即向鄰居設(shè)備發(fā)送更新報(bào)文，而不必等待定時(shí)更新，從而縮短了網(wǎng)絡(luò)收斂時(shí)間。在華為設(shè)備上，沒(méi)有相關(guān)命令能主動(dòng)關(guān)閉觸發(fā)更新的功能毒性逆轉(zhuǎn)：指的是RIP從某個(gè)接口接收到路由信息后，該路由的開(kāi)銷(xiāo)設(shè)置為16（即路由不可達(dá)），并從原接口發(fā)回鄰居設(shè)備。利用這種方式，可以清楚對(duì)方路由表中的無(wú)用路由。如果同時(shí)都配置了毒性逆轉(zhuǎn)和水平切割，水平切割行為會(huì)被毒性逆轉(zhuǎn)行為代替。在華為設(shè)備上，毒性逆轉(zhuǎn)功能默認(rèn)情況是關(guān)閉的，需要手動(dòng)打開(kāi)此功能開(kāi)啟功能：rippoison-reverseRIP與不連續(xù)子網(wǎng)以RIPv1版本為例,因?yàn)関1版本是無(wú)法關(guān)閉自動(dòng)匯總網(wǎng)絡(luò)的,而v2版是可以的，v2版只需在rip模式下使用undosummary，關(guān)閉自動(dòng)匯總即可實(shí)現(xiàn)不連續(xù)子網(wǎng)依照?qǐng)D片配置對(duì)應(yīng)設(shè)備接口IP此處省略配置RIP（V1）[R1]rip[R1-rip-1]network[R2]rip[R2-rip-1]network[R2-rip-1]network[R3]rip[R3-rip-1]network[R3-rip-1]network[R4]rip[R4-rip-1]network[R4-rip-1]network[R5]rip[R5-rip-1]network可以觀察到R3設(shè)備有兩個(gè)與的網(wǎng)段信息從而，會(huì)導(dǎo)致一邊通一邊不同的情況。配置接口的從IP地址要想不改變版本的情況下.就是要把不連續(xù)的子網(wǎng)轉(zhuǎn)變成連續(xù)的子網(wǎng),問(wèn)題就可以解決了。辦法就是給接口配置第二個(gè)IP地址，IP地址取/8主網(wǎng)的子網(wǎng)配置從IP地址，只要在常規(guī)配置IP地址的命令之后加上sub即可[R2]interfaceserial2/0/0[R2-Serial2/0/0]ipaddress24sub[R3]interfaceSerial1/0/0[R3-Serial1/0/0]ipaddress24sub[R3-Serial1/0/0]interfaceSerial1/0/1[R3-Serial1/0/1]ipaddress24sub[R3-Serial1/0/1]q[R3]rip[R3-rip-1]network[R4]interfaceSerial2/0/1[R4-Serial2/0/1]ipaddress24sub配置RIP路由附加度量值Ripmetricin命令用于在接收到路由后，給其增加一個(gè)附加度量值，再加入路由表中，使得路由表中的度量值發(fā)生變化。運(yùn)行命令會(huì)影響到本地設(shè)備和其它設(shè)備的路由選擇Ripmetricout命令用于自身路由的發(fā)布，發(fā)布時(shí)增加一個(gè)附加的度量值,但本地路由表中的度量值不會(huì)發(fā)生變化。運(yùn)行該命令不會(huì)影響本地設(shè)備的路由選擇，但是會(huì)影響其它設(shè)備的路由選擇。配置RIP[R1]rip[R1-rip-1]version2[R1-rip-1]undosummary[R1-rip-1]network[R1-rip-1]network[R2]rip[R2-rip-1]version2[R2-rip-1]undosumm [R2-rip-1]undosummary[R2-rip-1]network[R3]rip[R3-rip-1]version2 [R3-rip-1]undosummary [R3-rip-1]network[R4]rip[R4-rip-1]version2[R4-rip-1]undosummary[R4-rip-1]network[R4-rip-1]network路由表信息配置RIPMetricin[R1]interfaceg0/0/1[R1-GigabitEthernet0/0/1]ripmetricin2在R1的g0/0/1接口設(shè)置R1接收R3發(fā)送來(lái)的路由條目時(shí)增加度量值2，這樣R1會(huì)優(yōu)先1選擇R2發(fā)來(lái)的RIP路由條目，并加入路由表可以觀察到到的就只有下一跳R2，查看R1上的RIP的數(shù)據(jù)庫(kù)配置RIPMetricout為了減輕R2的負(fù)擔(dān)，所有由財(cái)務(wù)部去往市場(chǎng)部的流量都由R3來(lái)轉(zhuǎn)發(fā)在R2上的g0/0/1上使用ripmetricout2命令，設(shè)置R2在向R4發(fā)送路由條目時(shí)增加度量值2。這樣R4收到來(lái)自R2的路由度量值就會(huì)大于來(lái)自R3的路由，R4會(huì)優(yōu)選來(lái)自R3的RIP路由條目，并加入到路由表中。[R2]interfaceg0/0/1[R2-GigabitEthernet0/0/1]ripmetricout2OSPF配置disospfpeer查看ospf鄰居狀態(tài)disiprouting-tableprotocolospf查看OSPF路由條目OSPF單區(qū)域配置ip配置如上所示:ospf1中的1代表進(jìn)程為1,不打默認(rèn)也是進(jìn)程1與rip類(lèi)似[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55OSPF多區(qū)域配置各設(shè)備ip如圖配置:如R1的ip在g0/0/224,而R5的g0/0/124，最后一位就是路由器設(shè)備名的數(shù)字配置骨干區(qū)域路由器配置骨干網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R4]ospf1[R4-ospf-1]area0[R4-ospf-1-area-]network55[R4-ospf-1-area-]network55[R4-ospf-1-area-]network55配置非骨干區(qū)域路由器配置分支A非骨干網(wǎng)絡(luò)[R5]ospf1[R5-ospf-1]area1[R5-ospf-1-area-]network55[R5-ospf-1-area-]network55[R5-ospf-1-area-]network55通告分支A的相應(yīng)網(wǎng)段[R1]ospf1[R1-ospf-1]area1[R1-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area1[R3-ospf-1-area-]network55配置分支B非骨干網(wǎng)絡(luò)[R6]ospf1[R6-ospf-1]area2[R6-ospf-1-area-]network55[R6-ospf-1-area-]network55[R6-ospf-1-area-]network55通告分支B的相應(yīng)網(wǎng)段[R2]ospf1[R2-ospf-1]area2[R2-ospf-1-area-]network55[R4]ospf1[R4-ospf-1]area2[R4-ospf-1-area-]network55OSPF認(rèn)證R2為ABROSPF多區(qū)域配置[R1]ospf1[R1-ospf-1]area1[R1-ospf-1-area-]network55[R1-ospf-1-area-]network[R2]ospf1[R2-ospf-1]area1[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R2-ospf-1-area-]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network[R4]ospf1[R4-ospf-1]area1[R4-ospf-1-area-]network55[R4-ospf-1-area-]network[R5]ospf1[R5-ospf-1]area0[R5-ospf-1-area-]network55[R5-ospf-1-area-]network[R6]ospf1[R6-ospf-1]area0[R6-ospf-1-area-]network55[R6-ospf-1-area-]network檢測(cè)連通性配置公司分布OSPF區(qū)域明文認(rèn)證[R1]ospf1[R1-ospf-1]area1[R1-ospf-1-area-]authentication-modesimpleplainsiseauthentication-modesimpleplainsisesise參數(shù)為密碼參數(shù)plain代表可以使得在查看配置文件時(shí),口令均以明文方式顯示.如果不配置參數(shù),在查看配置文件時(shí),默認(rèn)會(huì)以密文方式顯示口令,即無(wú)法查看到所配置的口令原文。查看R1的ospf鄰居關(guān)系，可以觀察到其關(guān)系斷了，是因?yàn)槟壳皟H僅在R1上配置了認(rèn)證，導(dǎo)致R1和R2間的OSPF認(rèn)證不匹配故要繼續(xù)配置R2[R2]ospf1[R2-ospf-1]area1[R2-ospf-1-area-]authentication-modesimplesise同理配置R4[R4]ospf1[R4-ospf-1]area1[R4-ospf-1-area-]authentication-modesimplesise配置公司總部OSPF區(qū)域密文認(rèn)證authentication-modemd51sise3驗(yàn)證字標(biāo)識(shí)符為1配置口令為sise3[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]authentication-modemd51sise3[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]authentication-modemd51sise3[R5]ospf1[R5-ospf-1]area0[R5-ospf-1-area-]authentication-modemd51sise3[R6]ospf1[R6-ospf-1]area0[R6-ospf-1-area-]authentication-modemd51sise3配置OSPF鏈路認(rèn)證目的：為了進(jìn)一步提升R2與R4之間的OSPF網(wǎng)絡(luò)安全性，故在兩個(gè)設(shè)備之間部署了MD5驗(yàn)證模式的OSPF鏈路認(rèn)證驗(yàn)證字標(biāo)識(shí)符為1配置口令為sise5[R2]interfaceg0/0/1 [R2-GigabitEthernet0/0/1]ospfauthentication-modemd51sise5[R4]interfaceg0/0/0 [R4-GigabitEthernet0/0/0]ospfauthentication-modemd51sise5連接RIP與OSPF網(wǎng)絡(luò)公司A內(nèi)部配置RIP路由。[R1]rip1[R1-rip-1]version2[R1-rip-1]undosummary[R1-rip-1]network[R2]rip1[R2-rip-1]version2[R2-rip-1]undosummary[R2-rip-1]network[R2-rip-1]network公司B內(nèi)部配置OSPF路由[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55配置雙向路由引入[R1]ospf1[R1-ospf-1]import-routerip1[R1-ospf-1]q[R1]rip1[R1-rip-1]import-routeospf1手工配置引入時(shí)的開(kāi)銷(xiāo)值[R1]rip1[R1-rip-1]import-routeospf1cost3VRRP配置虛擬網(wǎng)關(guān)VRRP的基本配置PC-1與PC-2的網(wǎng)關(guān)地址都為54部署OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55配置VRRP協(xié)議[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid1virtual-ip54[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid1virtual-ip54VRRP的備份組號(hào)為1，配置虛擬IP為54注意：虛擬ip地址必須和當(dāng)前接口在同一網(wǎng)段不配置優(yōu)先級(jí)，默認(rèn)為100，優(yōu)先級(jí)決定路由器在備份組中的角色，優(yōu)先級(jí)高者成為Master。如果優(yōu)先級(jí)相同，比較接口的IP地址大小，較大的成為Master。0被系統(tǒng)保留，255保留給IP地址擁有者使用使R2成為master路由[R2-Ethernet1/0/1]vrrpvrid1priority120配置VRRP多備份組PC-1的網(wǎng)關(guān)為：54PC-2的網(wǎng)關(guān)為：53部署OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55配置VRRP雙備份組創(chuàng)建虛擬組1[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid1virtual-ip54[R2-Ethernet1/0/1]vrrpvrid1priority120[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid1virtual-ip54創(chuàng)建虛擬組2[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid2virtual-ip53[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid2virtual-ip53[R3-Ethernet1/0/1]vrrpvrid2priority120觀察發(fā)現(xiàn)PC-1是通過(guò)R2訪問(wèn)外網(wǎng)，PC-2是通過(guò)R3訪問(wèn)外網(wǎng)VRRP默認(rèn)為搶占模式，即優(yōu)先級(jí)高的為變成master，低的變成backup關(guān)閉搶占模式命令：

vrrpvrid1preempt-modedisable配置虛擬IP擁有者在虛擬組1中，R2為master，為了使R2始終為虛擬組1的擁有者，則將其配置成了虛擬ip擁有者，即優(yōu)先級(jí)為255修改R2接口ip[R2]interfacee1/0/1[R2-Ethernet1/0/1]ipaddress5424修改R3的優(yōu)先級(jí)[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid1priority254發(fā)現(xiàn)R3無(wú)法搶占虛擬組1的Master配置VRRP的跟蹤接口及認(rèn)證PC-1和PC-2的網(wǎng)關(guān)都為54部署OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55配置VRRP雙備份組[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid1virtual-ip54[R2-Ethernet1/0/1]vrrpvrid1priority120[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid1virtual-ip54配置上行接口監(jiān)視將上行接口R2的G0/0/0用命令關(guān)閉后[R2-GigabitEthernet0/0/0]shutdown發(fā)現(xiàn)并沒(méi)有進(jìn)行主動(dòng)的切換Master角色,此時(shí)就需要進(jìn)行配置上行接口監(jiān)視了[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid1trackinterfaceg0/0/0reduce50該配置后當(dāng)上行接口g0/0/0斷后就會(huì)自動(dòng)將優(yōu)先級(jí)減去50,從而從120變成70,而默認(rèn)的優(yōu)先級(jí)是100,即將會(huì)小于R3的優(yōu)先級(jí)從而達(dá)到切換Master角色在R2和R3上配置VRRP認(rèn)證配置MD5認(rèn)證，默認(rèn)情況下，設(shè)備對(duì)要發(fā)送的VRRP報(bào)文不進(jìn)行任何認(rèn)證處理。故可以通過(guò)配置更改VRRP的認(rèn)證模式，使VRRP對(duì)報(bào)文進(jìn)行驗(yàn)證，從而增強(qiáng)安全性[R2]interfacee1/0/1[R2-Ethernet1/0/1]vrrpvrid1authentication-modemd5huawei[R3]interfacee1/0/1[R3-Ethernet1/0/1]vrrpvrid1authentication-modemd5huaweiACL配置了ACL的網(wǎng)絡(luò)設(shè)備根據(jù)事先設(shè)定好的報(bào)文匹配規(guī)則對(duì)經(jīng)過(guò)該設(shè)備的報(bào)文進(jìn)行匹配，然后對(duì)匹配上的報(bào)文執(zhí)行事先設(shè)定好的處理動(dòng)作。這些匹配規(guī)則及相應(yīng)的處理動(dòng)作是根據(jù)具體的網(wǎng)絡(luò)需求而設(shè)定的。處理動(dòng)作的不同以及匹配規(guī)則的多樣性，使得ACL可以發(fā)揮出各種各樣的功效。ACL技術(shù)總是與防火墻（Firewall)、路由策略、QoS(QualityofService)、流量過(guò)濾（TrafficFiltering)等其他技術(shù)結(jié)合使用的。按照訪問(wèn)控制列表的用途，可以分為基本的訪問(wèn)控制列表和高級(jí)的訪問(wèn)控制列表，基本ACL可以使用報(bào)文的源IP地址、時(shí)間段信息來(lái)定義規(guī)則。編號(hào)范圍為20xx~2999一個(gè)ACL中的每一條規(guī)則都有一個(gè)相應(yīng)的編號(hào)，稱(chēng)為規(guī)則編號(hào)（rule-id)。缺省情況下，報(bào)文總是按照規(guī)則編號(hào)從小到大的順序與規(guī)則進(jìn)行匹配，缺省情況下，設(shè)備會(huì)在創(chuàng)建ACL的過(guò)程中自動(dòng)為每一條規(guī)則分配一個(gè)編號(hào)，如果將規(guī)則編號(hào)的步長(zhǎng)設(shè)定為10(注：規(guī)則編號(hào)的步長(zhǎng)的缺省值為5),則規(guī)則編號(hào)將按照10、20、30、40······這樣的規(guī)律自動(dòng)進(jìn)行分配，如果將規(guī)則編號(hào)的步長(zhǎng)設(shè)定為2.則規(guī)則編號(hào)將按照2、4、6、8······這樣的規(guī)律自動(dòng)進(jìn)行分配。步長(zhǎng)的大小反映了相鄰規(guī)則編號(hào)之間的間隔大小。間隔的存在，實(shí)際上是為了便于在兩個(gè)相鄰規(guī)則之間插入新的規(guī)則。基本ACL需求：是只能由R1的環(huán)回接口telnet連接到R4，而其它網(wǎng)絡(luò)不能連接到部署OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network[R4]ospf1[R4-ospf-1]area0[R4-ospf-1-area-]network55[R4-ospf-1-area-]network配置基本ACL控制訪問(wèn)配置Telnet相關(guān)配置[R4-ui-vty0-4]authentication-modepasswordPleaseconfiguretheloginpassword(maximumlength16):sise配置ACL[R4]acl20xx[R4-acl-basic-20xx]rule5permitsource0[R4-acl-basic-20xx]rule10denysourceany在遠(yuǎn)程接口啟用該ACL[R4]user-interfacevty04[R4-ui-vty0-4]acl20xxinbound高級(jí)ACL基本ACL需求：是只能由R1的環(huán)回接口telnet連接到R4，而其它網(wǎng)絡(luò)不能連接到部署OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R3-ospf-1-area-]network[R4]ospf1[R4-ospf-1]area0[R4-ospf-1-area-]network55[R4-ospf-1-area-]network配置基本ACL控制訪問(wèn)配置Telnet相關(guān)配置[R4-ui-vty0-4]authentication-modepasswordPleaseconfiguretheloginpassword(maximumlength16):sise配置ACL[R4]acl3000[R4-acl-adv-3000]rulepermitipsource0destination0在遠(yuǎn)程接口啟用該ACL[R4]user-interfacevty04[R4-ui-vty0-4]acl3000inbound廣域網(wǎng)串行接口有兩種協(xié)議:HDLC和PPP而PPP協(xié)議有兩種認(rèn)證方式CHAP(三次交互)和PAP(兩次交互)默認(rèn)的串行接口模式為PPP兩個(gè)接口必須都為同一協(xié)議才能進(jìn)行通訊WAN接入配置配置PPP在R2上配置默認(rèn)路由指向出口網(wǎng)關(guān)R1,并在R1上配置R2的網(wǎng)段為PC-1所在網(wǎng)絡(luò)的靜態(tài)路由，下一跳路由器為R2[R2]iproute-static[R1]iproute-static54配置HDLC[R1]interfaceSerial1/0/1 [R1-Serial1/0/1]link-protocolhdlcWarning:Theencapsulationprotocolofthelinkwillbechanged.Continue?[Y/N]:y[R3]interfaceSerial1/0/1[R3-Serial1/0/1]link-protocolhdlcWarning:Theencapsulationprotocolofthelinkwillbechanged.Continue?[Y/N]:y在R3上配置默認(rèn)路由指向出口網(wǎng)關(guān)R1,并在R1上配置目的網(wǎng)段為PC-3所在網(wǎng)絡(luò)的靜態(tài)路由，下一跳路由器為R3連接R1的S1/0/1接口。[R3]iproute-staticserial1/0/1[R1]iproute-staticserial1/0/1PPP的認(rèn)證配置OSPF[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network5[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55[R3-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55配置PPP的PAP認(rèn)證R3作為認(rèn)證路由器,R1作為被認(rèn)證路由器一在總部設(shè)備R3上使用pppauthentication-mode命令設(shè)置本端的PPP協(xié)議對(duì)對(duì)端設(shè)備的認(rèn)證方式為PAP[R3]interfaceSerial4/0/0[R3-Serial4/0/0]pppauthentication-modepap二配置認(rèn)證路由器R3的本地認(rèn)證信息[R3-Serial4/0/0]aaa使用local-user命令配置存儲(chǔ)在本地，為對(duì)端認(rèn)證方所使用的用戶名為R1@siseyu,密碼為sise。[R3-aaa]local-userR1@siseyupasswordciphersise[R3-aaa]local-userR1@siseyuservice-typeppp[R3-aaa]interfaceSerial4/0/0配置完成后需要關(guān)閉相應(yīng)的接口再打開(kāi)才有效[R3-Serial4/0/0]shutdown[R3-Serial4/0/0]undoshutdown三.配置被認(rèn)證方R1在認(rèn)證方R1上配置相關(guān)PAP認(rèn)證參數(shù)。[R1]interfaceSerial4/0/0[R1-Serial4/0/0]ppppaplocalR1@siseyupasswordciphersise配置PPP的CHAP認(rèn)證一.刪除配置好的信息刪除原有的PAP認(rèn)證配置，域名保持不變。[R3]interfaceSerial4/0/0[R3-Serial4/0/0]undopppauthentication-mode[R1]interfaceSerial4/0/0[R1-Serial4/0/0]undoppppaplocal-user二.配置認(rèn)證路由器R3的本地認(rèn)證信息在認(rèn)證設(shè)備R3的S4/0/0接口下配置PPP的認(rèn)證方式為CHAP。[R3]interfaceSerial4/0/0[R3-Serial4/0/0]pppauthentication-modeCHAP配置存儲(chǔ)在本地，對(duì)端認(rèn)證方所使用的用戶名為R1,密碼為sise。[R3]aaa[R3-aaa]local-userR1passwordciphersiseInfo:Addanewuser.[R3-aaa]local-userR1service-typeppp配置完成后，關(guān)閉R1與R3相連接口一段時(shí)間后再打開(kāi)，使鏈路重新協(xié)商。[R3]interfaceSerial4/0/0[R3-Serial4/0/0]shutdown[R3-Serial4/0/0]undoshutdown三.配置被認(rèn)證方R1在R1的S4/0/0接口下配置CHAP認(rèn)證的用戶名和密碼[R1]interfaceSerial4/0/0[R1-Serial4/0/0]pppchapuserR1[R1-Serial4/0/0]pppchappasswordciphersiseDHCP配置DHCP可以基于接口配置也可以基于全局的配置,以及在不同局域網(wǎng)內(nèi)配置DHCP時(shí)。要使用到中繼技術(shù)配置基于接口配置[R1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]ipaddress5424[R1-GigabitEthernet0/0/0]interfaceg0/0/1[R1-GigabitEthernet0/0/1]ipaddress5424基于接口配置DHCP開(kāi)啟DHCP功能[R1]dhcpenable開(kāi)啟接口的DHCP服務(wù)功能[R1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]dhcpselectinterface[R1-GigabitEthernet0/0/0]interfaceg0/0/1[R1-GigabitEthernet0/0/1]dhcpselectinterface配置基于接口的DHCPServer租期/DNS服務(wù)器地址配置DHCPServer租期,默認(rèn)為1天[R1-GigabitEthernet0/0/1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]dhcpserverleaseday2配置接口池不參與DHCP配置~0[R1-GigabitEthernet0/0/0]dhcpserverexcluded-ip-address0配置基于全局地址池的DHCP[R1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]ipaddress5424[R1-GigabitEthernet0/0/0]interfaceg0/0/1[R1-GigabitEthernet0/0/1]ipaddress5424配置基于全局地址池的DHCPServer開(kāi)啟DHCP功能[R1]dhcpenable配置全局地址池sise1使用network配置全局地址池分配的網(wǎng)段范圍為,默認(rèn)掩碼為24位。[R1]ippoolsise1[R1-ip-pool-sise1]network[R1-ip-pool-sise1]leaseday2[R1-ip-pool-sise1]gateway-list54[R1-ip-pool-sise1]excluded-ip-address5053[R1-ip-pool-sise1]dns-list[R1-ip-pool-sise1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]dhcpselectglobal配置全局地址池sise2[R1]ippoolsise2[R1-ip-pool-sise2]network[R1-ip-pool-sise2]lease [R1-ip-pool-sise2]leaseday2[R1-ip-pool-sise2]gateway-list54[R1-ip-pool-sise2]dns [R1-ip-pool-sise2]dns-list[R1-ip-pool-sise2]interfaceg0/0/1[R1-GigabitEthernet0/0/1]dhcpselectglobal配置DHCP中繼[R3]interfaceg0/0/1[R3-GigabitEthernet0/0/1]ipaddress24[R2]interfaceg0/0/0[R2-GigabitEthernet0/0/0]ipaddress24[R2-GigabitEthernet0/0/0]interfaceg0/0/1[R2-GigabitEthernet0/0/1]ipaddress24[R1]interfaceg0/0/0[R1-GigabitEthernet0/0/0]ipaddress24[R1-GigabitEthernet0/0/0]interfaceE1/0/1[R1-Ethernet1/0/1]ipaddress5424搭建OSPF網(wǎng)絡(luò)[R1]ospf1[R1-ospf-1]area0[R1-ospf-1-area-]network55[R1-ospf-1-area-]network55[R2]ospf1[R2-ospf-1]area0[R2-ospf-1-area-]network55[R2-ospf-1-area-]network55[R3]ospf1[R3-ospf-1]area0[R3-ospf-1-area-]network55配置DHCP服務(wù)