网络配置.docx
- 文档编号:15808202
- 上传时间:2023-07-08
- 格式:DOCX
- 页数:16
- 大小:59.44KB
网络配置.docx
《网络配置.docx》由会员分享,可在线阅读,更多相关《网络配置.docx(16页珍藏版)》请在冰点文库上搜索。
网络配置
网络拓扑图
一、保证全网互通
1.1、使直连互通(192.168.1.1->192.168.1.2)
RT1配置:
为路由配置ip地址:
[RT1]intG0/0/1
[RT1-GigabitEthernet0/0/1]ipadd192.168.1.124
[RT1-GigabitEthernet0/0/1]intG0/0/2
[RT1-GigabitEthernet0/0/2]ipadd192.168.3.124
SW1配置:
为交换机配置IP地址(交换机的地址需要在先换分vlan然后在vlan中配置)
划分Vlan:
[SW1]vlan1000
[SW1-vlan1000]vlan1001
[SW1-vlan1001]vlan10
[SW1-vlan10]vlan20
[SW1-vlan20]vlan30
进入Vlan配置IP地址:
Vlan1000:
[SW1]intvlan1000
[SW1-Vlan-interface1000]ipadd192.168.1.224
Vlan1001:
[SW1]intvlan1001
[SW1-Vlan-interface1001]ipadd192.168.2.124
使Vlan属于某个端口:
[SW1]intE0/4/0
[SW1-Ethernet0/4/0]portaccessvlan1000
测试结果:
[SW1-Ethernet0/4/0]ping-a192.168.1.2192.168.1.1
PING192.168.1.1:
56databytes,pressCTRL_Ctobreak
Replyfrom192.168.1.1:
bytes=56Sequence=1ttl=255time=44ms
Replyfrom192.168.1.1:
bytes=56Sequence=2ttl=255time=5ms
Replyfrom192.168.1.1:
bytes=56Sequence=3ttl=255time=15ms
Replyfrom192.168.1.1:
bytes=56Sequence=4ttl=255time=20ms
Replyfrom192.168.1.1:
bytes=56Sequence=5ttl=255time=15ms
---192.168.1.1pingstatistics---
5packet(s)transmitted
5packet(s)received
0.00%packetloss
round-tripmin/avg/max=5/19/44ms
1.2、使直连互通(192.168.3.1->192.168.3.2)
SW2配置:
划分Vlan
[SW2]vlan1000
[SW2-vlan1000]vlan1001
[SW2-vlan1001]vlan10
[SW2-vlan10]vlan20
[SW2-vlan20]vlan30
进入Vlan配置IP地址:
Vlan1000:
[SW2-vlan30]intvlan1000
[SW2-Vlan-interface1000]ipadd192.168.3.224
Vlan1001:
[SW2-Vlan-interface1000]intvlan1001
[SW2-Vlan-interface1001]ipadd192.168.2.224
使Vlan属于某个端口:
[SW2-Ethernet0/4/0]portaccessvlan1000
测试结果:
[SW2-Ethernet0/4/0]ping-a192.168.3.2192.168.3.1
PING192.168.3.1:
56databytes,pressCTRL_Ctobreak
Replyfrom192.168.3.1:
bytes=56Sequence=1ttl=255time=50ms
Replyfrom192.168.3.1:
bytes=56Sequence=2ttl=255time=24ms
Replyfrom192.168.3.1:
bytes=56Sequence=3ttl=255time=30ms
Replyfrom192.168.3.1:
bytes=56Sequence=4ttl=255time=4ms
Replyfrom192.168.3.1:
bytes=56Sequence=5ttl=255time=20ms
---192.168.3.1pingstatistics---
5packet(s)transmitted
5packet(s)received
0.00%packetloss
round-tripmin/avg/max=4/25/50ms
1.3、链路聚合(192.168.2.1->192.168.2.2)
SW1配置:
[SW1]intBridge-Aggregation1
[SW1]intE0/4/2
[SW1-Ethernet0/4/2]portlink-aggregationgroup1
[SW1-Ethernet0/4/2]inte0/4/1
[SW1-Ethernet0/4/1]portlink-aggregationgroup1
[SW1]intBridge-Aggregation1
[SW1-Bridge-Aggregation1]portlink-typetrunk
[SW1-Bridge-Aggregation1]porttrunkpermitvlan1001
SW2配置:
[SW2]interfaceBridge-Aggregation1
[SW2]intE0/4/1
[SW2-Ethernet0/4/1]portlink-aggregationgroup1
[SW2-Ethernet0/4/1]intE0/4/2
[SW2-Ethernet0/4/2]portlink-aggregationgroup1
[SW2]intBridge-Aggregation1
[SW2-Bridge-Aggregation1]portlink-typetrunk
[SW2-Bridge-Aggregation1]porttrunkpermitvlan1001
测试结果:
[SW1-Bridge-Aggregation1]ping-a192.168.2.1192.168.2.2
PING192.168.2.2:
56databytes,pressCTRL_Ctobreak
Replyfrom192.168.2.2:
bytes=56Sequence=1ttl=255time=340ms
Replyfrom192.168.2.2:
bytes=56Sequence=2ttl=255time=174ms
Replyfrom192.168.2.2:
bytes=56Sequence=3ttl=255time=174ms
Replyfrom192.168.2.2:
bytes=56Sequence=4ttl=255time=154ms
Requesttimeout
---192.168.2.2pingstatistics---
5packet(s)transmitted
4packet(s)received
20.00%packetloss
round-tripmin/avg/max=154/210/340ms
1.4、将Vlan10、Vlan20、Vlan30设置到相应端口:
SW1配置:
[SW1]intvlan10
[SW1-Vlan-interface10]ipadd10.0.0.124
[SW1-Vlan-interface20]intvlan30
[SW1-Vlan-interface30]ipadd30.0.0.124
[SW1-Vlan-interface30]intE0/4/3
[SW1-Ethernet0/4/3]portaccessvlan30
[SW1-Ethernet0/4/3]intE0/4/4
[SW1-Ethernet0/4/4]portaccessvlan10
SW2配置:
[SW2]intvlan20
[SW2-Vlan-interface20]ipadd20.0.0.124
[SW2-Vlan-interface20]intE0/4/3
[SW2-Ethernet0/4/3]portaccessvlan20
1.5、设置OSPF:
SW1:
[SW1]ospf1
[SW1-ospf-1]area0
[SW1-ospf-1-area-0.0.0.0]network192.168.1.00.0.0.255
[SW1-ospf-1-area-0.0.0.0]network192.168.2.00.0.0.255
[SW1-ospf-1-area-0.0.0.0]network10.0.0.00.0.0.255
[SW1-ospf-1-area-0.0.0.0]network30.0.0.00.0.0.255
查看配置
[SW1-ospf-1-area-0.0.0.0]disth
#
area0.0.0.0
network192.168.1.00.0.0.255
network192.168.2.00.0.0.255
network10.0.0.00.0.0.255
network30.0.0.00.0.0.255
#
[SW1-ospf-1-area-0.0.0.0]disospfpeer
OSPFProcess1withRouterID192.168.2.1
NeighborBriefInformation
Area:
0.0.0.0
RouterIDAddressPriDead-TimeInterfaceState
192.168.3.1192.168.1.1128Vlan1000Full/DR
192.168.3.2192.168.2.2136Vlan1001Full/BDR
SW2:
[SW2]ospf1
[SW2-ospf-1]area0
[SW2-ospf-1-area-0.0.0.0]network192.168.3.00.0.0.255
[SW2-ospf-1-area-0.0.0.0]network192.168.2.00.0.0.255
查看配置:
[SW2-ospf-1-area-0.0.0.0]disth
#
area0.0.0.0
network192.168.3.00.0.0.255
network192.168.2.00.0.0.255
network20.0.0.00.0.0.255
#
[SW2-ospf-1-area-0.0.0.0]disospfpeer
OSPFProcess1withRouterID192.168.3.2
NeighborBriefInformation
Area:
0.0.0.0
RouterIDAddressPriDead-TimeInterfaceState
192.168.3.1192.168.3.1136Vlan1000Full/DR
192.168.2.1192.168.2.1130Vlan1001Full/DR
[SW2-ospf-1-area-0.0.0.0]disiprouting-table
RoutingTables:
Public
Destinations:
7Routes:
8
Destination/MaskProtoPreCostNextHopInterface
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
192.168.1.0/24OSPF102192.168.3.1Vlan1000
OSPF102192.168.2.1Vlan1001
192.168.2.0/24Direct00192.168.2.2Vlan1001
192.168.2.2/32Direct00127.0.0.1InLoop0
192.168.3.0/24Direct00192.168.3.2Vlan1000
192.168.3.2/32Direct00127.0.0.1InLoop0
测试结果:
[SW2-Ethernet0/4/3]ping-a20.0.0.130.0.0.1
PING30.0.0.1:
56databytes,pressCTRL_Ctobreak
Replyfrom30.0.0.1:
bytes=56Sequence=1ttl=255time=130ms
Replyfrom30.0.0.1:
bytes=56Sequence=2ttl=255time=155ms
Replyfrom30.0.0.1:
bytes=56Sequence=3ttl=255time=164ms
Replyfrom30.0.0.1:
bytes=56Sequence=4ttl=255time=185ms
Replyfrom30.0.0.1:
bytes=56Sequence=5ttl=255time=164ms
---30.0.0.1pingstatistics---
5packet(s)transmitted
5packet(s)received
0.00%packetloss
round-tripmin/avg/max=130/159/185ms
RT1:
[RT1]ospf1
[RT1-ospf-1]area0
[RT1-ospf-1-area-0.0.0.0]network192.168.1.00.0.0.255
[RT1-ospf-1-area-0.0.0.0]network192.168.3.00.0.0.255
二、接入外网
2.1、设置ACL:
RT1:
为RT1添加IP地址:
[RT1-GigabitEthernet0/0/0]ipadd14.0.0.124
为RT1设置ACL
[RT1]aclnumber2000
[RT1-acl-basic-2000]rulepermitsource10.0.0.10.0.0.255
[RT1-acl-basic-2000]rulepermitsource20.0.0.10.0.0.255
[RT1-acl-basic-2000]intG0/0/0
[RT1-GigabitEthernet0/0/0]natoutbound2000
2.2、设置静态路由
SW1:
[SW1]iproute-static14.0.0.0255.255.255.0192.168.1.1
测试结果:
[SW1]ping-a10.0.0.114.0.0.2
PING14.0.0.2:
56databytes,pressCTRL_Ctobreak
Replyfrom14.0.0.2:
bytes=56Sequence=1ttl=254time=40ms
Replyfrom14.0.0.2:
bytes=56Sequence=2ttl=254time=30ms
Replyfrom14.0.0.2:
bytes=56Sequence=3ttl=254time=5ms
Replyfrom14.0.0.2:
bytes=56Sequence=4ttl=254time=30ms
Replyfrom14.0.0.2:
bytes=56Sequence=5ttl=254time=5ms
---14.0.0.2pingstatistics---
5packet(s)transmitted
5packet(s)received
0.00%packetloss
round-tripmin/avg/max=5/22/40ms
SW2:
[SW2]iproute-static14.0.0.0255.255.255.0192.168.3.1
测试结果:
[SW2]ping-a20.0.0.114.0.0.2
PING14.0.0.2:
56databytes,pressCTRL_Ctobreak
Replyfrom14.0.0.2:
bytes=56Sequence=1ttl=254time=4ms
Replyfrom14.0.0.2:
bytes=56Sequence=2ttl=254time=15ms
Replyfrom14.0.0.2:
bytes=56Sequence=3ttl=254time=30ms
Replyfrom14.0.0.2:
bytes=56Sequence=4ttl=254time=24ms
Replyfrom14.0.0.2:
bytes=56Sequence=5ttl=254time=30ms
---14.0.0.2pingstatistics---
5packet(s)transmitted
5packet(s)received
0.00%packetloss
round-tripmin/avg/max=4/20/30ms
2.3、为RT2配置IP地址
[RT2]intG0/0/0
[RT2-GigabitEthernet0/0/0]ipadd14.0.0.224
三、公网互通
TR1:
[RT1]intG0/0/3
[RT1-GigabitEthernet0/0/3]ipadd12.0.0.124
[RT1]iproute-static23.0.0.0255.255.255.012.0.0.2
RT3:
建IP地址:
[RT3]intG0/0/0
[RT3-GigabitEthernet0/0/0]ipadd12.0.0.224
[RT3-GigabitEthernet0/0/0]intG0/0/1
[RT3-GigabitEthernet0/0/1]ipadd23.0.0.224
RT4:
[RT4]intG0/0/0
[RT4-GigabitEthernet0/0/0]ipadd23.0.0.324
[RT4-GigabitEthernet0/0/0]intG0/0/1
[RT4-GigabitEthernet0/0/1]ipadd40.0.0.124
[RT4-GigabitEthernet0/0/1]qu
[RT4]iproute-static12.0.0.1255.255.255.023.0.0.2
测试结果:
[RT1]ping-a12.0.0.123.0.0.3
PING23.0.0.3:
56databytes,pressCTRL_Ctobreak
Replyfrom23.0.0.3:
bytes=56Sequence=1ttl=254time=21ms
Requesttimeout
Requesttimeout
Replyfrom23.0.0.3:
bytes=56Sequence=4ttl=254time=10ms
Replyfrom23.0.0.3:
bytes=56Sequence=5ttl=254time=10ms
---23.0.0.3pingstatistics---
5packet(s)transmitted
3packet(s)received
40.00%packetloss
round-tripmin/avg/max=10/13/21ms
四、建IPSEC、VPN
建立ipsec和VPN
RT4
创建acl
[RT4]aclnumber3000
[RT4-acl-adv-3000]rulepermitipsource40.0.0.00.0.0.255destination30.0.0.00.0.0.255
创建ipsecproposal(安全提议)
[RT4]ipsecproposalr1
[RT4-ipsec-proposal-r1]transformesp
[RT4-ipsec-proposal-r1]espauthentication-algorithmsha1
[RT4-ipsec-proposal-r1]espencryption-algorithm3des
[RT4-ipsec-proposal-r1]encapsulation-modetunnel
创建ike
[RT4]ikepeerr3
[RT4-ike-peer-r3]pre-shared-key123
[RT4-ike-peer-r3]remote-address12.0.0.1
创建ipspolicy(创建IP安全策略)
[RT4]ipspolicy110isakmp
[RT4-ipsec-policy-isakmp-1-10]securityacl3000
[RT4-ipsec-policy-isakmp-1-10]ike-peerr3
[RT4-ipsec-policy-isakmp-1-10]proposalr1
将安全策略应用到指定端口
[RT4]intg0/0/0
[RT4-GigabitEthernet0/0/0]ipsecpolicy1
RT1:
创建acl
[RT1]aclnumber3000
[RT1-acl-adv-3000]rulepermitipsource30.0.0.00.0.0.255destination40.0.0.00.0.0.255
创建ipsecproposal(安全提议)
[RT1]
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络 配置