路由器和交换机的综合实验⑵

上一部分说明了将基础网络拓扑搭建成功的做法，这一部分将说明各个特殊要求的配置方法

⑵ R2配置策略路由

int l0

ip add 100.0.0.1 255.255.255.0

int l1

ip add 200.0.0.1 255.255.255.0

exit

access-list 10 permit 192.168.10.0 0.0.0.255

access-list 10 permit 192.168.30.0 0.0.0.255

access-lsit 20 permit 192.168.20.0 0.0.0.255

access-list 20 permit 192.168.40.0 0.0.0.255

route-map ruijie permit 10

match ip address 10

set interface l0

match ip address 20

set interface l1

exit

int f1/0

ip policy route-map ruijie

int f1/1

ip policy route-map ruijie

exit

⑶ R2配置nat转换

access-list 99 permit 192.168.0.0 0.0.255.255

ip nat pool mudi 200.1.1.2 200.1.1.6 netmask 255.255.255.0

ip nat inside source list 99 pool mudi overload

int f1/0

ip nat inside

int f1/1

ip nat inside

int s1/0

ip nat outside

int l0

ip nat outside

int l1

ip nat outside

exit

⑷ acl配置

S1\S2:

access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.40.0 0.0.0.255

time-range worktime

periodic weekdays 08:00 to 16:00

access-list 101 permit tcp 192.168.20.0 0.0.0.255 host 192.168.10.101 eq ftp time-range worktime

access-list 101 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.101 eq ftp time-range worktime

access-list 101 permit tcp 192.168.40.0 0.0.0.255 host 192.168.10.101 eq ftp time-range worktime

access-list 101 deny tcp any host 192.168.10.101 eq ftp

access-list 101 permit ip any any

int vlan 10

ip access-group 101 in

int vlan 20

ip access-group 101 in

int vlan 30

ip access-group 101 in

int vlan 40

ip access-group 101 in

exit

R2:

time-range worktime

periodic weekdays 08:00 to 16:00

exit

access-list 50 deny 192.168.0.0 0.0.255.255 time-range worktime

access-list 50 deny 172.16.0.0 0.0.255.255 time-range worktime

access-list 10 permit any

int f1/0

ip access-group 50 in

int f1/1

ip access-group 50 in

exit

OK!!!