实验拓扑图
实验环境:
1、两台PC模拟用户端通过DHCP自动获取IP地址。
2、所有设备通过OSPF自动获取路由信息
3、客户要求餐饮网段通过ISP1出公网访问公网服务器,OA网段通过ISP2出公网访问公网服务器。
实验步骤:
核心
#sysname-1F-GL-HX#ospf1router-id.17.0.1area0.0.0.0network.17.0.00.0.0.network.17..00.0.63.area0.0.0.2network10.10.10.80.0.0.3network..55.00.0.0.#ipunreachablesenableipttl-expiresenable#dhcpenabledhcpserverforbidden-ip..55.1..55.#vlan30#vlan#vlan#vlan#dhcpserverip-poolOAgateway-list.17..1network.17..0mask...0dns-list......forbidden-ip.17..1forbidden-ip.17..#dhcpserverip-poolcanyingateway-list..55.1network..55.0mask...0dns-list......forbidden-ip..55.1forbidden-ip..55.#interfaceNULL0#interfaceVlan-interface30description.....ospfa2ipaddress10.10.10.9...#interfaceVlan-interfacedescriptionhulian--ospfa1ipaddress.17.0.1...0#interfaceVlan-interfacedescriptionbangongipaddress.17..1...0#interfaceVlan-interfacedescriptioncanyinipaddress..55.1...0#interfaceGigabitEthernet1/0/1portaccessvlan#interfaceGigabitEthernet1/0/2portaccessvlan#interfaceGigabitEthernet1/0/22portaccessvlan30#interfaceGigabitEthernet1/0/24portaccessvlan#
出口防火墙
#sysname-1F-GL-FW#ospf1router-id.17.0.2import-routedirectimport-routestaticarea0.0.0.0network.17.0.00.0.0.network..33.00.0.0.area0.0.0.2network10.10.10.80.0.0.3network..33.00.0.0.#ipunreachablesenableipttl-expiresenable#policy-based-routetesrpermitnode5if-matchacl0applynext-hop..33.1#interfaceGigabitEthernet1/0/1descriptiontoISP1ipaddress..33.64...0natoutbound#interfaceGigabitEthernet1/0/2descriptionISP2ipaddress..33.64...0natoutboundcounting#interfaceGigabitEthernet1/0/14description....ospfa2ipaddress10.10.10.10...ippolicy-based-routetesr#interfaceGigabitEthernet1/0/15portlink-moderoutedescriptionospfa1