From fed6023ddf21ce9e57dadaf26e736cf6d9e3fe0d Mon Sep 17 00:00:00 2001
From: Noriu <mail@noriu.cn>
Date: Tue, 3 Sep 2024 17:49:09 +0800
Subject: [PATCH] =?UTF-8?q?2024=E5=B9=B49=E6=9C=883=E6=97=A5=2017:49:10?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../拓扑练习/0903_项目实战B - 内网优化.md     |  2 +-
 .../拓扑练习/0903_项目实战C - 内外网互联.md   | 95 +++++++++++++++++++
 2 files changed, 96 insertions(+), 1 deletion(-)

diff --git a/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md b/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md
index e35786d..88d58d0 100644
--- a/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md	
+++ b/B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md	
@@ -184,7 +184,7 @@
   [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
   [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
   [AR3-DHCP-ip-pool-vlan30]quit
-  [AR3-DHCP]int g0/0/1
+  [AR3-DHCP]int g0/0/0
   [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
   ```
 
diff --git a/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md b/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md
index c52f69c..dfc69a5 100644
--- a/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md	
+++ b/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md	
@@ -11,6 +11,7 @@
   - 使用ACL来定义允许那些部门和网段访问外网
   - 部署地址池NAT或者Easy-ip，实现内网主机访问外网
   - 配置VRRP的上行链路跟踪
+- 配置基于`0903_实战项目B - 内网优化.md`
 
 ### 一、IP & VLAN & Routing
 
@@ -34,5 +35,99 @@
   [AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24
   ```
 
+- **SW5**
+
+  ```
+  [SW5]vlan batch 15 16
+  [SW5]int Vlanif 15
+  [SW5-Vlanif15]ip add 192.168.15.5 24
+  [SW5-Vlanif15]quit
+  [SW5]int g0/0/4
+  [SW5-GigabitEthernet0/0/4]port link-type access
+  [SW5-GigabitEthernet0/0/4]port default vlan 15
+  [SW5-GigabitEthernet0/0/4]quit
+  [SW5]ip route-static 0.0.0.0 0 192.168.15.1
+  ```
+
+- **SW6**
+
+  ```
+  [SW6]vlan batch 15 16
+  [SW6]int Vlanif 16
+  [SW6-Vlanif16]ip add 192.168.16.6 24
+  [SW6-Vlanif16]quit
+  [SW6]int g0/0/4
+  [SW6-GigabitEthernet0/0/4]port link-type access
+  [SW6-GigabitEthernet0/0/4]port default vlan 16
+  [SW6-GigabitEthernet0/0/4]quit
+  [SW6]ip route-static 0.0.0.0 0 192.168.16.1
+  ```
+
+- **AR1**
+
+  ```
+  [AR1]ip route-static 192.168.10.0 24 192.168.15.5
+  [AR1]ip route-static 192.168.10.0 24 192.168.16.6 preference 100
+  [AR1]ip route-static 192.168.20.0 24 192.168.15.5
+  [AR1]ip route-static 192.168.20.0 24 192.168.16.6 preference 100
+  [AR1]ip route-static 192.168.30.0 24 192.168.16.6
+  [AR1]ip route-static 192.168.30.0 24 192.168.15.5 preference 100
+  [AR1]ip route-static 0.0.0.0 0 100.1.1.2
+  ```
+
+### 二、NAT
+
+- **AR1**
+
+  ```
+  [AR1]nat address-group 1 100.1.1.3 100.1.1.5
+  [AR1]acl 2000
+  [AR1-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
+  [AR1-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
+  [AR1-acl-basic-2000]rule 30 permit source 192.168.30.0 0.0.0.255
+  [AR1-acl-basic-2000]quit
+  [AR1]int g0/0/2
+  [AR1-GigabitEthernet0/0/2]nat outbound 2000 address-group 1
+  ```
+
+### 三、VRRP上行接口监控
+
+- **HX - SW5**
+
+  ```
+  [SW5]int vlan 10
+  [SW5-Vlanif10]vrrp vrid 10 track int g0/0/4 reduced 50
+  [SW5-Vlanif10]int vlan 20
+  [SW5-Vlanif20]vrrp vrid 20 track int g0/0/4 reduced 50
+  ```
+
+- **HX - SW6**
+
+  ```
+  [SW6]int Vlanif 30
+  [SW6-Vlanif30]vrrp vrid 30 track int g0/0/4 reduced 50
+  ```
+
+### 四、测试
+
+- **PC1  PING  Server1**
+
+  ```
+  PC1>ping 200.1.1.1
+  
+  Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
+  From 200.1.1.1: bytes=32 seq=1 ttl=252 time=79 ms
+  From 200.1.1.1: bytes=32 seq=2 ttl=252 time=78 ms
+  From 200.1.1.1: bytes=32 seq=3 ttl=252 time=78 ms
+  From 200.1.1.1: bytes=32 seq=4 ttl=252 time=78 ms
+  From 200.1.1.1: bytes=32 seq=5 ttl=252 time=62 ms
+  
+  --- 200.1.1.1 ping statistics ---
+    5 packet(s) transmitted
+    5 packet(s) received
+    0.00% packet loss
+    round-trip min/avg/max = 62/75/79 ms
+  ```
+