1.配置AS1和AS2两台接入层交换机
#AS1
Switch>en
Switch#conf t
Switch(config)#vlan 11
Switch(config)#vlan 22
Switch(config-vlan)#int f0/2
Switch(config-if)#switchport access vlan 11
Switch(config-if)#int f0/23
Switch(config-if)#switchport access vlan 22
#AS2
Switch>en
Switch#conf t
Switch(config)#vlan 22
Switch(config-vlan)#int f0/2
Switch(config-if)#switchport access vlan 22
2.配置CS核心交换机
#CS
Switch>en
Switch#conf t
Switch(config)#ip routing
Switch(config)#int f0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config)#int f0/2
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config)#vlan 11
Switch(config-vlan)#vlan 22
Switch(config-vlan)#vlan 100
Switch(config-vlan)#vlan 200
Switch(config-vlan)#int f0/24
Switch(config-if)#switchport access vlan 200
Switch(config-if)#int f0/6
Switch(config-if)#switchport access vlan 100
Switch(config-if)#int vlan 11
Switch(config-if)#ip address 172.16.11.1 255.255.255.0
Switch(config-if)#int vlan 22
Switch(config-if)#ip address 172.16.22.1 255.255.255.0
Switch(config-if)#int vlan 100
Switch(config-if)#ip address 172.16.100.254 255.255.255.0
Switch(config-if)#int vlan 200
Switch(config-if)#ip address 172.16.200.1 255.255.255.0
Switch(config-if)#int f0/5
Switch(config-if)#no switchport
Switch(config-if)#ip address 172.16.253.1 255.255.255.0
Switch(config)#ip route 0.0.0.0 0.0.0.0 172.16.253.2
3.配置firewall出口路由器
4.Firewall上配置映射:
5.配置ISP1、ISP2、ISP3互联网路由器
#ISP1
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.1 255.255.255.255
Router(config)#router ospf 1
Router(config-router)#network 2.0.0.0 0.0.0.7 area 0
Router(config-router)#network 3.0.0.0 0.0.0.255 area 0
Router(config-router)#network 5.0.0.0 0.0.0.255 area 0
Router(config-router)#end
Router#show ip route
#ISP2
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.2 255.255.255.255
Router(config-if)#exit
Router(config)#router ospf 1
Router(config-router)#network 5.0.0.0 0.0.0.255 area 0
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
Router(config-router)#network 8.0.0.0 0.0.0.255 area 0
Router(config-router)#network 7.0.0.0 0.0.0.3 area 0
Router(config-router)#end
Router#show ip route
#ISP3
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.3 255.255.255.255
Router(config-if)#exit
Router(config)#route ospf 1
Router(config-router)#network 3.0.0.0 0.0.0.255 area 0
Router(config-router)#network 6.0.0.0 0.0.0.255 area 0
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
6.配置Div-R公司路由器(ppp)
router-FW上:
7.配置无线接入:
AP --> Config --> Port 1 --> SSID: AP1 WPA2-PSK: 12345678
Wireless Router0 --> Config --> Wireless --> SSID: AP2 WPA2-PSK: 87654321
在两台笔记本上配置无线网卡,分别接入无线AP和无线路由器
Laptop22.3:手动配置静态 IP 地址172.16.22.3
Laptop22.3: --> config --> wireless0 --> SSID: AP1 wpa2-psk:12345678
Laptop1: --> config --> wireless0 --> SSID: AP2 wpa2-psk:87654321
–> Desktop --> Connect --> Refresh --> 选择AP2 --> Connect
8.配置PPPOE接入:
Cloud0 —> DSL —> Modem4 <-> Ethernet6
Modem5 <-> Ethernet6
ISP2上进行配置:
int f1/0
ip address 8.0.0.1 255.0.0.0
pppoe enable
ip local pool mypool 8.0.0.10 8.0.0.100
username user1 password 0 123
Router(config)#aaa new-model // 启用 AAA
Router(config)#aaa authentication ppp default group radius // 使用 Radius 对所有 PPP 用户进行身份验证
Router(config)#radius-server host 6.0.0.2 key 123 // 指定外部 AAA 服务器,设置预共享密钥
int virtual-template 1 // 定义虚拟模板
ip unnumbered f1/0 // 借用以太口地址
peer default ip address pool mypool // 设定地址池
ppp authentication chap // 设定认证方式
vpdn enable // 全局启用虚拟拨号
vpdn-group mygroup // 定义虚拟拨号组
accept-dialin // 允许拨号接入
protocol pppoe // 接入协议为pppoe
virtual-template 1 // 设定虚拟模板
Inter-Srv上:
Service —> AAA —>
Network Configuration:
pppoe 4.0.0.2 Radius 123
ppp 8.0.0.1 Radius 123
User Setup:
u1 cisco // 用于 WireLess 认证
test 123 // 用于 PC0 认证
在pc0使用PPPoE Dialer接入网络,ipconfig查看地址并ping6.0.0.2
Desktop —> PPPoE —> User Name: test Password: 123
配置无线路由器使用PPPoE接入网络
Setup —> PPPoE —> Username: u1 Password: cisco Save Settings
WireLess —> Basic WireLess Settings —> Network Name: AP2 Standard Channel: 11
—> WireLess Security —> Security Mode: WAP2 Persional AES 87654321
9.配置VPN
10.配置VOIP
a)把总部IP电话和callmanager的接入端口加入到voice vlan1
AS1:
vlan 100
int f0/1
switchport mode access
switchport access vlan 100
switchport voice vlan 1
AS2:
vlan 100
int f0/1
switchport mode access
switchport access vlan 100
switchport voice vlan 1
CS:
int f0/6
switchport mode access
switchport access vlan 100
switchport voice vlan 1
b)把分公司IP电话和Div-R向内网的接入端口加入到voice vlan1
Switch3:
int f0/1
switchport voice vlan 1
switchport mode access
int f0/24
switchport mode access
switchport voice vlan 1
c)在公司总部配置callmanager ,测试总部两部电话的连通性
CallManager:
# 配置接口
# int f0/0
# ip add 172.16.100.1 255.255.255.0
# 配置DHCP
# ip dhcp pool voice
# network 172.16.100.0 255.255.255.0
# default-router 172.16.100.1
# option 150 ip 172.16.100.1
# 配置呼叫服务
# telephone-service
# max-dn 10
# max-ephone 10
# ip source-address 172.16.100.1 port 2000
# auto assign 1 to 10
为电话配置号码
# ephone-dn 1
# number 1001
# ephone-dn 2
# number 1002
最后,
在firewall上:
access-list 103 permit ip 172.16.11.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 103 deny ip 172.16.11.0 0.0.0.255 any
access-list 103 permit ip any any
int f0/0
ip access-group 103 in
嘿嘿,后面的分公司的电话与总公司的电话相通,小编还没有搞定,将会在下一篇博文中,谢谢观看!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
