https://pan.baidu.com/s/1Px_f9kQp0OG5JLwufysIqg
提取码:hfnv
需求:
1、stp、eth-trunk
2、vlan、trunk、hybrid
3、ospf(authetication)、route-static
4、dhcp
5、acl、nat
6、ftp、telnet、ssh、aaa
7、三层交换机路由
8、在r1上开启环回接口lo:1.1.1.1/32
9、文件系统命令dir,copy,move,cd.....
10、nat server(分支上做)
运营商配置:
R1配置:
sys
sysname szzb
#设置名称为深圳总部
ftp server enable
# acl
acl number 3000
rule 5 deny tcp source 200.1.1.0 0.0.0.255 destination 201.1.1.3 0
#拒绝200.1.1.0网段
rule 10 permit ip
aaa
authentication-scheme szzb_authe
authorization-scheme szzb_autho
domain ftp
authentication-scheme szzb_authe
authorization-scheme szzb_autho
domain telnet
authentication-scheme szzb_authe
authorization-scheme szzb_autho
domain ssh
authentication-scheme szzb_authe
authorization-scheme szzb_autho
local-user ftp@ftp password cipher 123456
local-user ftp@ftp privilege level 15
local-user ftp@ftp ftp-directory flash:
local-user ftp@ftp service-type ftp
local-user ssh@ssh password cipher 123456
local-user ssh@ssh privilege level 15
local-user ssh@ssh service-type ssh
local-user telnet@telnet password cipher 123456
local-user telnet@telnet privilege level 15
local-user telnet@telnet service-type telnet
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 13.1.1.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 201.1.1.1 255.255.255.0
traffic-filter outbound acl 3000
ospf authentication-mode md5 1 cipher 123456
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 0.0.0.0 255.255.255.255
network 1.1.1.1 0.0.0.0
stelnet server enable
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
R2配置:
sys
sysname R2
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 24.1.1.2 255.255.255.0
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 0.0.0.0 255.255.255.255
R3配置
sys
sysname R3
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 0.0.0.0 255.255.255.255R4配置
sys
sysname R4
interface GigabitEthernet0/0/0
ip address 24.1.1.4 255.255.255.0
interface GigabitEthernet0/0/1
ip address 34.1.1.4 255.255.255.0
interface GigabitEthernet0/0/2
ip address 200.1.1.1 255.255.255.0
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 0.0.0.0 255.255.255.255
ip route-static 192.168.1.0 24 200.1.1.2深圳总部配置:
SW1配置:
sys
sysname sw1
vlan batch 2 to 3 100
stp mode rstp
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
eth-trunk 1
interface GigabitEthernet0/0/2
eth-trunk 1
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094SW2配置:
sys
sysname sw2
vlan batch 2 to 3 100
stp mode rstp
interface Vlanif1
ip address 201.1.1.2 255.255.255.0
ospf authentication-mode md5 1 cipher 123456
interface Vlanif2
ip address 172.16.2.254 255.255.255.0
interface Vlanif3
ip address 172.16.3.254 255.255.255.0
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
eth-trunk 1
interface GigabitEthernet0/0/2
eth-trunk 1
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ospf 1 router-id 201.201.201.201
area 0.0.0.0
network 201.1.1.0 0.0.0.255
network 172.16.0.0 0.0.255.255SW3配置:
sys
sysname sw3
vlan batch 2 to 3 100
stp mode rstp
interface Ethernet0/0/1
port link-type access
port default vlan 2
interface Ethernet0/0/2
port link-type access
port default vlan 3
interface Ethernet0/0/3
port hybrid pvid vlan 3
port hybrid untagged vlan 3 100
interface Ethernet0/0/4
port hybrid pvid vlan 2
port hybrid untagged vlan 2 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094SW4配置:
sys
sysname sw4
vlan batch 2 to 3 100
stp mode rstp
interface Ethernet0/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 2 to 3 100
interface Ethernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 2 to 3 100
interface Ethernet0/0/3
interface Ethernet0/0/4
port hybrid pvid vlan 2
port hybrid untagged vlan 2 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094成都分支:
R5配置:
sys
sysname cdfz
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0/0
ip address 200.1.1.2 255.255.255.0
nat server protocol tcp global 200.1.1.3 ftp inside 192.168.1.2 ftp
nat outbound 2000
dhcp enable
ip pool dhcp
gateway-list 192.168.1.254
network 192.168.1.0
interface GigabitEthernet0/0/1
ip address 192.168.1.254 255.255.255.0
dhcp select global
ip route-static 0.0.0.0 0.0.0.0 200.1.1.1
测试:pc1 能ping pc5
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
