配置vlan及IP,access和trunk接口
Border
en
conf t
int g0/0
ip add 10.10.0.10 255.255.255.252
no shu
int g0/1
ip add 10.10.0.6 255.255.255.252
no shu
int s0/0/0
ip add 202.192.99.1 255.255.255.252
no shu
int s0/0/1
ip add 10.10.0.1 255.255.255.252
no shu
Core1
en
conf t
ip routing
int g1/0/1
no sw
ip add 10.10.0.17 255.255.255.252
no shu
int g1/0/2
no sw
ip add 10.10.0.21 255.255.255.252
no shu
int g1/0/3
no sw
ip add 10.10.0.25 255.255.255.252
no shu
int g1/0/24
no sw
ip add 10.10.0.9 255.255.255.252
no shu
int range g1/0/22-23
sw tr enca dot
sw mo tr
Core2
en
conf t
ip routing
int g1/0/1
no sw
ip add 10.10.0.29 255.255.255.252
no shu
int g1/0/2
no sw
ip add 10.10.0.33 255.255.255.252
no shu
int g1/0/3
no sw
ip add 10.10.0.37 255.255.255.252
no shu
int g1/0/24
no sw
ip add 10.10.0.5 255.255.255.252
no shu
int range g1/0/22-23
sw tr enca dot
sw mo tr
F1MS
en
conf t
ip routing
vlan 101
int g1/0/3
no sw
ip add 10.10.10.1 255.255.255.0
no shu
int g1/0/23
no sw
ip add 10.10.0.30 255.255.255.252
no shu
int g1/0/24
no sw
ip add 10.10.0.18 255.255.255.252
no shu
int vlan 101
ip add 10.10.11.1 255.255.255.0
no shu
int range g1/0/1-2
sw mo ac
sw ac vlan 101
F2MS
en
conf t
ip routing
vlan 201
int g1/0/23
no sw
ip add 10.10.0.34 255.255.255.252
no shu
int g1/0/24
no sw
ip add 10.10.0.22 255.255.255.252
no shu
int vlan 201
ip add 10.10.21.1 255.255.255.0
no shu
int range g1/0/1-2
sw mo ac
sw ac vlan 201
F3MS
en
conf t
ip routing
vlan 301
vlan 302
vlan 303
vlan 304
int g1/0/23
no sw
ip add 10.10.0.38 255.255.255.252
no shu
int g1/0/24
no sw
ip add 10.10.0.26 255.255.255.252
no shu
int vlan 301
ip add 10.10.31.1 255.255.255.0
no shu
int vlan 302
ip add 10.10.32.1 255.255.255.0
no shu
int vlan 303
ip add 10.10.33.1 255.255.255.0
no shu
int vlan 304
ip add 10.10.34.1 255.255.255.0
no shu
int g1/0/1
sw mo ac
sw ac vlan 301
int g1/0/2
sw mo ac
sw ac vlan 302
int g1/0/3
sw mo ac
sw ac vlan 303
int g1/0/4
sw mo ac
sw ac vlan 304
F1P1
en
conf t
vlan 101
int vlan 101
ip add 10.10.11.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 101
int g0/1
sw mo ac
sw ac vlan 101
F1P2
en
conf t
vlan 101
int vlan 101
ip add 10.10.11.3 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 101
int g0/1
sw mo ac
sw ac vlan 101
F2P1
en
conf t
vlan 201
int vlan 201
ip add 10.10.21.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 201
int g0/1
sw mo ac
sw ac vlan 201
F2P2
en
conf t
vlan 201
int vlan 201
ip add 10.10.21.3 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 201
int g0/1
sw mo ac
sw ac vlan 201
F3P1
en
conf t
vlan 301
int vlan 301
ip add 10.10.31.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 301
int g0/1
sw mo ac
sw ac vlan 301
F3P2
en
conf t
vlan 302
int vlan 302
ip add 10.10.32.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 302
int g0/1
sw mo ac
sw ac vlan 302
F3P3
en
conf t
vlan 303
int vlan 303
ip add 10.10.33.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 303
int g0/1
sw mo ac
sw ac vlan 303
F3P4
en
conf t
vlan 304
int vlan 304
ip add 10.10.34.2 255.255.255.0
no shu
int range f0/1-20
sw mo ac
sw ac vlan 304
int g0/1
sw mo ac
sw ac vlan 304
FRT
en
conf t
int s0/0/0
ip add 10.10.0.2 255.255.255.252
no shu
int g0/0
ip add 10.10.41.1 255.255.255.0
no shu
ISP
en
conf t
int s0/0/0
ip add 202.192.99.2 255.255.255.252
no shu
int g0/1
ip add 202.194.64.1 255.255.255.0
no shu
配置OSPF
Border
en
conf t
ip route 0.0.0.0 0.0.0.0 s0/0/0
route ospf 1
route 1.1.1.1
net 10.10.0.8 0.0.0.3 area 0
net 202.192.99.0 0.0.0.3 area 0
net 10.0.0.4 0.0.0.3 area 0
net 10.10.0.0 0.0.0.3 area 0
default o
Core1
en
conf t
route ospf 1
route 2.2.2.1
net 10.10.0.8 0.0.0.3 area 0
net 10.10.0.16 0.0.0.3 area 0
net 10.10.0.20 0.0.0.3 area 0
net 10.10.0.24 0.0.0.3 area 0
Core2
en
conf t
route ospf 1
route 2.2.2.2
net 10.10.0.4 0.0.0.3 area 0
net 10.10.0.28 0.0.0.3 area 0
net 10.10.0.32 0.0.0.3 area 0
net 10.10.0.36 0.0.0.3 area 0
F1MS
en
conf t
route ospf 1
route 3.3.3.1
net 10.10.0.16 0.0.0.3 area 0
net 10.10.0.28 0.0.0.3 area 0
net 10.10.10.0 0.0.0.255 area 0
net 10.10.11.0 0.0.0.255 area 0
F2MS
en
conf t
route ospf 1
route 3.3.3.2
net 10.10.0.20 0.0.0.3 area 0
net 10.10.0.32 0.0.0.3 area 0
net 10.10.21.0 0.0.0.255 area 0
F3MS
en
conf t
route ospf 1
route 3.3.3.3
net 10.10.0.24 0.0.0.3 area 0
net 10.10.0.36 0.0.0.3 area 0
net 10.10.31.0 0.0.0.255 area 0
net 10.10.32.0 0.0.0.255 area 0
net 10.10.33.0 0.0.0.255 area 0
net 10.10.34.0 0.0.0.255 area 0
FRT
en
conf t
route ospf 1
route 5.5.5.1
net 10.10.0.0 0.0.0.3 area 0
net 10.10.41.0 0.0.0.255 area 0
配置NAT
Border
en
conf t
ip nat inside source static 10.10.10.11 202.192.99.3
ip nat pool HAHA 202.192.99.10 202.192.99.60 netmask 255.255.255.192
access-list 1 permit any
ip nat inside source list 1 pool HAHA overload
int s0/0/0
ip nat outside
int g0/0
ip nat inside
int s0/0/1
ip nat inside
配置DHCP
FRT
en
conf t
ip dhcp excluded-add 10.10.41.1 10.10.41.9
ip dhcp pool F4
net 10.10.41.0 255.255.255.0
default-route 10.10.41.1
domain-name ujn.edu
dns- 10.10.10.12
DHCP中继
F1MS
en
conf t
int vlan 101
ip help 10.10.10.11
F2MS
en
conf t
int vlan 201
ip help 10.10.10.11
F3MS
en
conf t
int vlan 301
ip help 10.10.10.11
int vlan 302
ip help 10.10.10.11
int vlan 303
ip help 10.10.10.11
int vlan 304
ip help 10.10.10.11
配置以太链路聚合
Core1
en
conf t
int range g1/0/22-23
channel-pro pagp
channel-gr 1 mo desirable
Core2
en
conf t
int range g1/0/22-23
channel-pro pagp
channel-gr 1 mo desirable
配置远程控制ACL-telnet-ssh
可路由设备
en
conf t
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
不可路由设备
F1P1||F1P2
en
conf t
ip default-gateway 10.10.11.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
F2P1||F2P2
en
conf t
ip default-gateway 10.10.21.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
F3P1
en
conf t
ip default-gateway 10.10.31.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
F3P2
en
conf t
ip default-gateway 10.10.32.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
F3P3
en
conf t
ip default-gateway 10.10.33.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
F3P4
en
conf t
ip default-gateway 10.10.34.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
FSW
en
conf t
ip default-gateway 10.10.41.1
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
line vty 0 15
password vty
access-class 99 in
配置ppp协议
Border
en
conf t
hostname border
username fr pass ppp
int s0/0/1
encap ppp
ppp authen chap
FR
en
conf t
hostname fr
username border pass ppp
int s0/0/0
encap ppp
ppp authen chap
配置路由身份认证(端口认证)
//**************参考指令************
en
conf t
int s0/0/0
ip ospf authentication
ip ospf authentication-key ospf
//********************************
F1MS||F2MS||F3MS
en
conf t
int g1/0/23
ip ospf authentication
ip ospf authentication-key ospf
int g1/0/24
ip ospf authentication
ip ospf authentication-key ospf
Core1||Core2
en
conf t
int g1/0/1
ip ospf authentication
ip ospf authentication-key ospf
int g1/0/2
ip ospf authentication
ip ospf authentication-key ospf
int g1/0/3
ip ospf authentication
ip ospf authentication-key ospf
int g1/0/24
ip ospf authentication
ip ospf authentication-key ospf
FRT
en
conf t
int s0/0/0
ip ospf authentication
ip ospf authentication-key ospf
Border
en
conf t
int s0/0/1
ip ospf authentication
ip ospf authentication-key ospf
int s0/0/0
ip ospf authentication
ip ospf authentication-key ospf
int g0/0
ip ospf authentication
ip ospf authentication-key ospf
int g0/1
ip ospf authentication
ip ospf authentication-key ospf
禁止驻外办事处访问总部内网,允许访问总部www服务和外网
创建ACL
access-list 110 permit ip host 10.10.41.2 10.10.32.0 0.0.0.255
access-list 110 permit tcp 10.10.41.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
access-list 110 permit tcp 10.10.41.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 443
access-list 110 deny ip 10.10.41.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 110 permit ip any any
应用ACL
int s0/0/1
ip access-group 110 in
SSH远程访问网络设备。
F1P1
en
conf t
host F1P1
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F1P2
en
conf t
host F1P2
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F2P1
en
conf t
host F2P1
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F2P2
en
conf t
host F2P2
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F3P1
en
conf t
host F3P1
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F3P2
en
conf t
host F3P2
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F3P3
en
conf t
host F3P3
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
F3P4
en
conf t
host F3P4
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input ssh
login
//****可路由设备ssh和密码配置****************
en
conf t
host ***
username admin pass ssh
ip domain-name ujn.edu.cn
crypto key generate rsa
1024
access-list 99 permit 10.10.32.0 0.0.0.255
enable password enable
ip ssh version 2
line vty 0 15
password vty
access-class 99 in
transport input ssh
login
//***************************