当前位置: 代码迷 >> 综合 >> 【ensp】DHCP配置
  详细解决方案

【ensp】DHCP配置

热度:86   发布时间:2023-11-30 12:33:22.0

DHCP与PPP的chap的配置

    • 第一步 搭建拓扑
    • 第二步 划分vlan,配置合理的MSTP
    • 第三步 配置IP与VRRP
    • 第四步 配置DHCP
    • 第五步 在AR2与AR6上配置CHAP
    • 第六步 配置OSPF,配置NAT
    • 第七步 配置telnet
    • 第八步 配置高级acl达成仅PC5可以telnet到AR1

实验条件:

1.合理配置IP地址
2.如图规划VLAN信息,PC1/PC2/PC3属于VLAN103,AR1属于VLAN101
3.需要合理配置MSTP,ETH-TRUNK,VRRP使网络达到最佳可用性
4.配置动态路由协议,使全网互通,私有地址不允许出现在ISP中 要求:AR3不允许配置任何路由
5.将PC5配置成DHCP服务器,所有的PC都需要通过DHCP自动获取地址。
6.AR2和AR6之间的链路上需要上CHAP认证
7.在AR1上配置telnet功能,使PC5可以使用admin1/admin1登陆到AR1上进行远程管理
8.只允许PC5 TELNET到AR1,其余所有设备都不能TELNET到AR1,但是PC5不能ping通AR1,其余的都不爱影响

第一步 搭建拓扑

在这里插入图片描述

第二步 划分vlan,配置合理的MSTP

[LSW1]vlan b  10 101 103
[LSW1]interface Eth-Trunk1
[LSW1-Eth-Trunk1]trunkport g 0/0/1 0/0/2
[LSW1-Eth-Trunk1]port link-type trunk
[LSW1-Eth-Trunk1]port trunk allow-pass vlan 101 103
[LSW1-Eth-Trunk1]interface GigabitEthernet0/0/3
[LSW1-GigabitEthernet0/0/3] port link-type trunk
[LSW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 101 103
[LSW1-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[LSW1-GigabitEthernet0/0/4] port link-type trunk
[LSW1-GigabitEthernet0/0/4] port trunk allow-pass vlan 101 103
[LSW1-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[LSW1-GigabitEthernet0/0/5] port link-type access
[LSW1-GigabitEthernet0/0/5] port default vlan 10
[LSW1-GigabitEthernet0/0/5] quit [LSW1]stp region-configuration 	//配置MSTP
[LSW1-mst-region] region-name cake    
[LSW1-mst-region] revision-level 18		
[LSW1-mst-region] instance 1 vlan 101
[LSW1-mst-region] instance 2 vlan 103
[LSW1-mst-region] active region-configuration
[LSW1-mst-region]quit
[LSW1]stp instance 1 root primary
[LSW1]stp instance 2 root secondary

此处命令为:
display current-configuration | begin int

在这里插入图片描述
在这里插入图片描述

[LSW2]vlan b 20 101 103
[LSW2]interface Eth-Trunk1
[LSW2-Eth-Trunk1]trunkport g 0/0/1 0/0/2
[LSW2-Eth-Trunk1] port link-type trunk
[LSW2-Eth-Trunk1] port trunk allow-pass vlan 101 103
[LSW2-Eth-Trunk1]interface GigabitEthernet0/0/3
[LSW2-GigabitEthernet0/0/3] port link-type trunk
[LSW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 101 103
[LSW2-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[LSW2-GigabitEthernet0/0/4] port link-type trunk
[LSW2-GigabitEthernet0/0/4] port trunk allow-pass vlan 101 103
[LSW2-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5
[LSW2-GigabitEthernet0/0/5] port link-type access
[LSW2-GigabitEthernet0/0/5] port default vlan 20
[LSW2-GigabitEthernet0/0/5]q[LSW2]stp region-configuration  //配置MSTP
[LSW2-mst-region] region-name cake
[LSW2-mst-region] revision-level 18
[LSW2-mst-region] instance 1 vlan 101
[LSW2-mst-region] instance 2 vlan 103
[LSW2-mst-region] active region-configuration
[LSW2-mst-region]quit
[LSW2]stp instance 2 root primary
[LSW2]stp instance 1 root secondary

在这里插入图片描述
在这里插入图片描述

[LSW3]vlan b 101 103
[LSW3]interface GigabitEthernet0/0/1
[LSW3-GigabitEthernet0/0/1] port link-type trunk
[LSW3-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 103
[LSW3-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[LSW3-GigabitEthernet0/0/2] port link-type trunk
[LSW3-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 103
[LSW3-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[LSW3-GigabitEthernet0/0/3] port link-type access
[LSW3-GigabitEthernet0/0/3] port default vlan 101
[LSW3-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[LSW3-GigabitEthernet0/0/4] port link-type access
[LSW3-GigabitEthernet0/0/4] port default vlan 103
[LSW3-GigabitEthernet0/0/4]quit 
[LSW3]stp region-configuration		//配置MSTP
[LSW3-mst-region] region-name cake
[LSW3-mst-region] revision-level 18
[LSW3-mst-region] instance 1 vlan 101
[LSW3-mst-region] instance 2 vlan 103
[LSW3-mst-region] active region-configuration
[LSW3-mst-region]quit

在这里插入图片描述
在这里插入图片描述

[LSW4]vlan b 101 103
[LSW4]interface GigabitEthernet0/0/1
[LSW4-GigabitEthernet0/0/1] port link-type trunk
[LSW4-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 103
[LSW4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[LSW4-GigabitEthernet0/0/2] port link-type trunk
[LSW4-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 103
[LSW4-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[LSW4-GigabitEthernet0/0/3] port link-type access
[LSW4-GigabitEthernet0/0/3] port default vlan 103
[LSW4-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4
[LSW4-GigabitEthernet0/0/4] port link-type access
[LSW4-GigabitEthernet0/0/4] port default vlan 103
[LSW4-GigabitEthernet0/0/4]quit 
[LSW4]stp region-configuration		//配置MSTP
[LSW4-mst-region] region-name cake
[LSW4-mst-region] revision-level 18
[LSW4-mst-region] instance 1 vlan 101
[LSW4-mst-region] instance 2 vlan 103
[LSW4-mst-region] active region-configuration

在这里插入图片描述
在这里插入图片描述

第三步 配置IP与VRRP

[LSW1]interface Vlanif10
[LSW1-Vlanif10] ip address 192.168.10.5 255.255.255.0	//此处ip应与对端(即ar2的0/0/0接口)IP网段相同
[LSW1-Vlanif10] interface Vlanif101
[LSW1-Vlanif101] ip address 192.168.101.252 255.255.255.0
[LSW1-Vlanif101] vrrp vrid 101 virtual-ip 192.168.101.254
[LSW1-Vlanif101] vrrp vrid 101 priority 105     //设置vrrp  vrid 101 的优先级为 105(默认为100),此时为了让LSW1成为101的master故有此条命令
[LSW1-Vlanif101]interface Vlanif103
[LSW1-Vlanif103] ip address 192.168.103.252 255.255.255.0
[LSW1-Vlanif103] vrrp vrid 103 virtual-ip 192.168.103.254[LSW2]interface Vlanif20
[LSW2-Vlanif20] ip address 192.168.20.5 255.255.255.0		//此处ip应与对端(即ar2的0/0/1接口)IP网段相同
[LSW2-Vlanif20]interface Vlanif101
[LSW2-Vlanif101] ip address 192.168.101.253 255.255.255.0
[LSW2-Vlanif101] vrrp vrid 101 virtual-ip 192.168.101.254
[LSW2-Vlanif101]interface Vlanif103
[LSW2-Vlanif103] ip address 192.168.103.253 255.255.255.0
[LSW2-Vlanif103] vrrp vrid 103 virtual-ip 192.168.103.254
[LSW2-Vlanif103] vrrp vrid 103 priority 105		 //设置vrrp  vrid 103 的优先级为 105(默认为100),此时为了让LSW2成为103的master故有此条命令

检查配置
在这里插入图片描述
在这里插入图片描述

[AR2]interface GigabitEthernet0/0/0
[AR2-GigabitEthernet0/0/0] ip address 192.168.10.2 255.255.255.0 
[AR2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[AR2-GigabitEthernet0/0/1] ip address 192.168.20.2 255.255.255.0 
[AR2-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[AR2-GigabitEthernet0/0/2] ip address 101.1.1.2 255.255.255.0 

在这里插入图片描述

[AR3]interface GigabitEthernet0/0/0
[AR3-GigabitEthernet0/0/0] ip address 101.1.1.3 255.255.255.0 
[AR3-GigabitEthernet0/0/0]interface LoopBack1
[AR3-LoopBack1] ip address 8.8.8.8 255.255.255.255 

在这里插入图片描述

第四步 配置DHCP

[PC5]dhcp en
[PC5]ip route-static 0.0.0.0 0.0.0.0 192.168.103.254		//指向网关
[PC5]ip pool VLAN101				//创建IP地址池VLAN01
[PC5-ip-pool-VLAN101]gateway-list 192.168.101.254 		//dhcp分配地址网关为192.168.101.254
[PC5-ip-pool-VLAN101]network 192.168.101.0 mask 255.255.255.0 		//dhcp分配地址网段为192.168.101.0网段	
[PC5-ip-pool-VLAN101] excluded-ip-address 192.168.101.252 192.168.101.253 		//排除地址 192.168.101.252到192.168.101.253 ----因为LSW1与LSW2已经占用了这两个地址,如果不排除,电脑获取会发生错误
[PC5-ip-pool-VLAN101]q
[PC5]ip pool VLAN103
[PC5-ip-pool-VLAN103]gateway-list 192.168.103.254 
[PC5-ip-pool-VLAN103]network 192.168.103.0 mask 255.255.255.0 
[PC5-ip-pool-VLAN103]excluded-ip-address 192.168.103.252 192.168.103.253 
[PC5-ip-pool-VLAN103]q
[PC5]interface GigabitEthernet0/0/0
[PC5-GigabitEthernet0/0/0]ip address 192.168.103.5 255.255.255.0 		//分发地址必须有个人地址
[PC5-GigabitEthernet0/0/0]dhcp select global		//启用DHCP全局地址池//为了让AR1获取PC5分发的地址,我们在LSW1和LSW2中配置中继接口
[LSW1]dhcp enable
[LSW1-Vlanif101] dhcp select relay
[LSW1-Vlanif101] dhcp relay server-ip 192.168.103.5[LSW2]dhcp enable
[LSW2-Vlanif101] dhcp select relay
[LSW2-Vlanif101] dhcp relay server-ip 192.168.103.5

此时查看pc有没有分配到IP地址
在这里插入图片描述
分配到说明DHCP配置应该没什么毛病

[AR1]dhcp enable
[AR1]interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0] ip address dhcp-alloc

在这里插入图片描述

[AR6]interface GigabitEthernet0/0/0
[AR6-GigabitEthernet0/0/0] ip address 172.16.16.254 255.255.255.0 
[AR6-GigabitEthernet0/0/0] dhcp select interface			//从接口分配ip,网关为接口ip,网段与接口网段一致
[AR6-GigabitEthernet0/0/0] dhcp server static-bind ip-address 172.16.16.16 mac-address 5489-986f-4cba 			//dhcp服务器静态绑定ip地址172.16.16.16,绑定的mac地址是5489-986f-4cba

在这里插入图片描述

第五步 在AR2与AR6上配置CHAP

[AR2]aaa
[AR2-aaa] local-user admin1 password cipher admin1
[AR2-aaa] local-user admin1 service-type ppp
[AR2-aaa]q
[AR2]interface Serial4/0/0
[AR2-Serial4/0/0] link-protocol ppp
[AR2-Serial4/0/0] ppp chap user admin1		//user与对端aaa中的user一样,此处推荐两方aaa用户名密码保持一致
[AR2-Serial4/0/0] ppp chap password cipher admin1
[AR2-Serial4/0/0] ip address 10.26.26.1 255.255.255.252 [AR6]aaa
[AR6-aaa] local-user admin1 password cipher admin1
[AR6-aaa] local-user admin1 service-type ppp
[AR6-aaa]q
[AR6]interface Serial4/0/0
[AR6-Serial4/0/0] link-protocol ppp
[AR6-Serial4/0/0] ppp chap user admin1
[AR6-Serial4/0/0] ppp chap password cipher admin1
[AR6-Serial4/0/0] ip address 10.26.26.2 255.255.255.252 
[AR6-Serial4/0/0]shutdown
[AR6-Serial4/0/0]undo shutdown		
//chap成功与否要shutdown看一下,如果shutdown过后还是双up的则配置成功

在这里插入图片描述

第六步 配置OSPF,配置NAT

[LSW1]ospf 10 
[LSW1-ospf-10] silent-interface Vlanif101
[LSW1-ospf-10] silent-interface Vlanif103
[LSW1-ospf-10] area 0.0.0.0
[LSW1-ospf-10-area-0.0.0.0]  network 192.168.10.0 0.0.0.255
[LSW1-ospf-10-area-0.0.0.0]  network 192.168.101.0 0.0.0.255
[LSW1-ospf-10-area-0.0.0.0]  network 192.168.103.0 0.0.0.255[LSW2]ospf 10
[LSW2-ospf-10] silent-interface Vlanif101
[LSW2-ospf-10] silent-interface Vlanif103
[LSW2-ospf-10] area 0.0.0.0
[LSW2-ospf-10-area-0.0.0.0]  network 192.168.20.0 0.0.0.255
[LSW2-ospf-10-area-0.0.0.0]  network 192.168.101.0 0.0.0.255
[LSW2-ospf-10-area-0.0.0.0]  network 192.168.103.0 0.0.0.255[AR2]ip route-static 0.0.0.0 0.0.0.0 101.1.1.3		//配置通往外网的默认路由
//开始配置NAT
[AR2]acl 2000  //进入acl2000。
[AR2-acl-basic-2000]rule permit source 192.168.20.0 0.0.0.255  
//允许192.168.10.0/24这个网段的主机通过。
[AR2-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255 
//允许192.168.168.20/24这个网段的主机通过。
[AR2-acl-basic-2000]rule permit source 192.168.101.0 0.0.0.255 
//允许192.168.101.0/24 这个网段的主机通过。
[AR2-acl-basic-2000]rule permit source 192.168.103.0 0.0.0.255 
//允许192.168.103.0/24 这个网段的主机通过。
[AR2-acl-basic-2000]interface g 0/0/2
[AR2-GigabitEthernet0/0/2]nat outbound 2000
//进入接口0/0/2,将acl2000允许的网段的私有ip地址转换为本接口ip地址。
[AR2-GigabitEthernet0/0/2]q
[AR2]ospf 10 
[AR2-ospf-10] default-route-advertise always		//宣告默认路由
[AR2-ospf-10] area 0.0.0.0 
[AR2-ospf-10-area-0.0.0.0]  network 10.26.26.0 0.0.0.3 
[AR2-ospf-10-area-0.0.0.0]  network 192.168.10.0 0.0.0.255 
[AR2-ospf-10-area-0.0.0.0]  network 192.168.20.0 0.0.0.255 [AR6]ospf 10 
[AR6-ospf-10] area 0.0.0.0 
[AR6-ospf-10-area-0.0.0.0]  network 10.26.26.0 0.0.0.3 
[AR6-ospf-10-area-0.0.0.0]  network 172.16.16.0 0.0.0.255 

检查邻接关系
在这里插入图片描述

测试全网连通性—此处只放了一个图,个人检查要更细致些
在这里插入图片描述
测试ip地址是否转换
在这里插入图片描述

第七步 配置telnet

[AR1]aaa
[AR1-aaa] local-user admin1 password cipher admin1
[AR1-aaa] local-user admin1 privilege level 3
[AR1-aaa] local-user admin1 service-type telnet
[AR1-aaa]q
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4] authentication-mode aaa

配置完成后测试别的路由是否能够登录到AR1上
在这里插入图片描述

第八步 配置高级acl达成仅PC5可以telnet到AR1

[AR1]acl 3000
[AR1-acl-adv-3000] rule  permit tcp source 192.168.103.5 0 destination-port eq telnet 		//允许源ip为192.168.103.5路由telnet
[AR1-acl-adv-3000] rule  deny icmp source 192.168.103.5 0 destination 192.168.101.251 0 		//不允许源ip为192.168.103.5 ping 目标IP为192.168.101.251
[AR1-acl-adv-3000] rule deny tcp destination-port eq telnet 	//除了前面允许的ip通过,其余所有想telnet的ip均不通过
[AR1-acl-adv-3000]q 
[AR1]interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0] traffic-filter inbound acl 3000

配置成功后现象应为下图:
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
实验完成。

若有不足或错误,请帮忙指出,谢谢。

  相关解决方案