多协议互联与NAT实现广域连接 NAT DHCP

实验要求：

1：广域网互连要求：

1. 在串行链路上使用PPP协议封装，并在R2到R3上使用PAP认证，R3到R4上使用CHAP认证；
2. 在外网路由器之间的接口上使用EIGRP协议，R1、R2、R3和R4的AS号为1000，两个服务器子网在R4上添加静态路由协议；

2：内网互连要求：

1. 在三层交换机S1和S2上配置相应的VLAN，并给VLAN配置相应的IP地址,并使用三层路由；
2. 在S1和S2之间的两个物理线路上使用链路聚合技术，形成一个TRUNK聚合链路；
3. 配置完成R4内网接口的IP地址，及S1和S2的所有接口地址，使用动态路由协议OSPF单区域（区域0）技术，进程号为100，实现内网的互连互通；

3：内外网互连要求

1. 在边缘路由器R4上指定NAT的外口和内口；
2. 做动态NAT,让VLAN 2,3,4,5的计算机能访问服务器(PC A and PC B)；

网络拓扑图：

代码：

R1:
En
Conf t
Host r1
No ip domain-lookup
Int g0/0
Ip address 62.168.3.1 255.255.255.0
No shut
Int g0/1
Ip address 62.168.1.254 255.255.255.0
No shut
Int g0/2
Ip address 62.168.10.1 255.255.255.0
No shut
Int loopback 0
Ip address 1.1.1.1 255.255.255.255
No shut
Exit
Router eigrp 1000
Network 62.168.3.0 0.0.0.255
Network 62.168.10.0 0.0.0.255
No auto-summary

R2:
En
Conf t
Host r2
No ip domain-lookup
Username r3 password cisco
Int g0/0
Ip address 62.168.3.2 255.255.255.0
No shut
Int s0/3/0
Clock rate 2000000
Ip address 62.168.8.1 255.255.255.0
encapsulation ppp
Ppp authentication pap
!PPP封装技术，并使用PAP认证方式
Ppp pap sent-username r2 password cisco
No shut
Int loopback 0
Ip address 2.2.2.2 255.255.255.255
No shut
Exit
Router eigrp 1000
Network 62.168.3.0 0.0.0.255
Network 62.168.8.0 0.0.0.255
No auto-summary

R3:
En
Conf t
Host r3
No ip domain-lookup
Username r2 password cisco
Int s0/3/0
Ip address 62.168.8.2 255.255.255.0
encapsulation ppp
Ppp authentication pap
!PPP封装技术，并使用PAP认证方式
Ppp pap sent-username r3 password cisco
No shut
Exit
Username r4 password cisco
Int s0/3/1
Ip address 202.168.9.2 255.255.255.0
encapsulation ppp
Ppp authentication chap
!PPP封装技术，并使用CHAP认证方式
No shut
Int g0/0
Ip address 182.168.3.1 255.255.255.252
No shut
Int g0/1
Ip address 182.168.2.254 255.255.255.0
No shut
Int loopback 0
Ip address 3.3.3.3 255.255.255.255
No shut
Exit
Router eigrp 1000
Network 62.168.8.0 0.0.0.255
Network 202.168.9.0 0.0.0.255
No auto-summary

R4:
En
Conf t
Host r4
No ip domain-lookup
Username r3 password cisco
Int g0/0
Ip address 62.168.10.2 255.255.255.0
No shut
Int g0/1
Ip address 192.168.4.1 255.255.255.0
No shut
Int g0/2
Ip address 192.168.7.1 255.255.255.0
No shut
Int s0/3/1
Ip address 202.168.9.1 255.255.255.0
Clock rate 64000
encapsulation ppp
Ppp authentication chap
!PPP封装技术，并使用CHAP认证方式
No shut
Int loopback 0
Ip address 4.4.4.4 255.255.255.255
No shut
Exit
Router eigrp 1000
Network 62.168.10.0 0.0.0.255
Network 202.168.9.0 0.0.0.255
No auto-summary
Exit
Router ospf 100
Network 192.168.4.0 0.0.0.255 area 0
Network 192.168.7.0 0.0.0.255 area 0
!Redistribute eigrp 1000 metric 3 subnets
Redistribute static metric 3 subnets
!Redistribute static subnets 
!也可以
Exit
Ip route 62.168.1.0 255.255.255.0 62.168.10.1
Ip route 182.168.2.0 255.255.255.0 202.168.9.2
Ip route 0.0.0.0 0.0.0.0 202.168.9.2
!默认路由去internet广域网云端，但是静态路由中的默认路由不能被引用到内网ospf中
!地址转换
!指定转换的外口
int g0/0
ip nat outside
int s0/3/1
ip nat outside
!指定转换的内口
int range g0/1-2
ip nat inside
Exit
!指定地址转换外部地址池
ip nat pool global1 62.168.10.2 62.168.10.2 netmask 255.255.255.0
!指定地址转换内部地址池
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
!执行NAT指定地址转换内部地址池
ip nat inside source list 1 pool global1 overload
!指定地址转换外部地址池
ip nat pool global2 202.168.9.3 202.168.9.5 netmask 255.255.255.0
!指定地址转换内部地址池
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 2 permit 192.168.6.0 0.0.0.255
access-list 2 permit 192.168.7.0 0.0.0.255
!执行NAT指定地址转换内部地址池
ip nat inside source list 2 pool global2 overload

S1:
En
Conf t
Host s1
No ip domain-lookup
Int range f0/3-4
Channel-group 1 mode desirable
Switchport mode access
Switchport mode trunk
Exit
Vlan 2
Exit
Vlan 3
Exit
Int vlan 1
Ip address 192.168.1.1 255.255.255.0
Int vlan 2
Ip address 192.168.2.254 255.255.255.0
Int vlan 3
Ip address 192.168.3.254 255.255.255.0
Int f0/1
No switchport
Ip address 192.168.4.2 255.255.255.0
No shut
Int f0/5
Switchport access vlan 2
Int f0/6
Switchport access vlan 3
Exit
Ip routing
Router ospf 100
Network 192.168.2.0 0.0.0.255 area 0
Network 192.168.3.0 0.0.0.255 area 0
Network 192.168.4.0 0.0.0.255 area 0
Exit
Ip route 0.0.0.0 0.0.0.0 192.168.4.1
service dhcp
!启动dhcp服务
ip dhcp excluded-address 192.168.2.254
!排除不拿来分配的地址192.168.2.254
ip dhcp pool vlan2
!建立一个地址池，名字由字母加数字构成
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
!指定客户机的网关地址
dns-server 8.8.8.8
!给定客户机dns服务器地址，8.8.8.8是google的
exit
ip dhcp excluded-address 192.168.3.254
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
dns-server 114.114.114.114
! 114.114.114.114这个是中国电信的
exit

S2:
En
Conf t
Host s2
No ip domain-lookup
Int range f0/3-4
Channel-group 1 mode desirable
Switchport mode access
Switchport mode trunk
Exit
Vlan 4
Exit
Vlan 5
Exit
Int vlan 1
Ip address 192.168.1.1 255.255.255.0
Int vlan 4
Ip address 192.168.5.254 255.255.255.0
Int vlan 5
Ip address 192.168.6.254 255.255.255.0
Int f0/1
No switchport
Ip address 192.168.7.2 255.255.255.0
No shut
Int f0/2
Switchport mode access
Switchport mode trunk
Exit
Ip routing
Router ospf 100
Network 192.168.5.0 0.0.0.255 area 0
Network 192.168.6.0 0.0.0.255 area 0
Network 192.168.7.0 0.0.0.255 area 0
Exit
Ip route 0.0.0.0 0.0.0.0 192.168.7.1

S3:
En
Conf t
Host s3
No ip domain-lookup
Vlan 4
Exit
Vlan 5
Exit
Int f0/1
Switchport mode trunk
Int f0/2
Switchport access vlan 4
Int f0/3
Switchport access vlan 5
end

在外网的每一个路由器上配置Debug ip icmp：
en
Debug ip icmp

配置结果：

S1->PC A

S1->PC B

S2->PC A and PC B

PC1:

PC2:

PC 3:

PC 4:

路由表：(以下截图是没有在S1和S2上做默认路由的结果，但是代码后来在S1和S2上做了去internet的默认路由)

S1:

S2: