HQ RTR
HQ-RTR (Cisco)¶
vmbr1 (ISP)¶
vmbr3 (HQ-SRV)¶
int gi2.100
encapsulation dot1Q 100
ip addr 192.168.1.1 255.255.255.224
ip nat inside
description HQ-SRV
no shutdown
P.S. Интерфейс gi2 необходимо включать отдельно.
vmbr3 (HQ-CLI)¶
int gi2.200
encapsulation dot1Q 200
ip addr 192.168.2.1 255.255.255.240
ip nat inside
description HQ-CLI
no shutdown
P.S. Интерфейс gi2 необходимо включать отдельно.
vmbr3 (Management / Vlan 999)¶
int gi2.999
encapsulation dot1Q 999
ip addr 192.168.9.1 255.255.255.248
description Management
no shutdown
P.S. Интерфейс gi2 необходимо включать отдельно.
Gateway¶
GRE¶
int Tunnel0
ip addr 192.168.4.1 255.255.255.240
tunnel source 172.16.1.2
tunnel destination 172.16.2.2
ip ospf authentication
ip ospf authentication-key aboba
no shutdown
OSPF¶
router ospf 1
passive-interface default
no passive-interface Tunnel0
network 192.168.1.0 0.0.0.31 area 0
network 192.168.2.0 0.0.0.15 aea 0
network 192.168.9.0 0.0.0.7 area 0
network 192.168.4.0 0.0.0.15 area 0
Никогда не добавляйте сеть 172.16.0.0 (ISP) в OSPF - это ошибка.
NAT (HQ-CLI, HQ-SRV -> ISP)¶
access-list 1 permit 192.168.1.0 0.0.0.31
access-list 1 permit 192.168.2.0 0.0.0.15
access-list 1 permit 192.168.9.0 0.0.0.7
ip nat inside source list 1 interface <интерфейс vmbr1 / gi1> overload
DHCP (HQ-CLI)¶
ip dhcp excluded-address 192.168.2.1
ip dhcp pool CLI_DHCP
network 192.168.2.0 255.255.255.240
dns-server 192.168.1.2
default-router 192.168.1.1
domain-name au-team.irpo
host 192.168.2.2
hardware-address <MAC HQ-CLI>