实验要求:
① 企业内网划分多个vlan ,减少广播域大小,提高网络稳定性
② 用户的网关配置在核心交换机
③ 所有用户均为自动获取ip地址
④ 确保sw1是根桥,配置相关技术使得接入交换机连接终端接口收敛迅速
⑤ 出口配置NAT(连接R3-ISP),并确保所有用户都可以访问百度。
⑥ 企业总部和分支采用PPP 广域网链路连接。并采用CHAP对链路做认证。
⑦ 企业总部和分支采用ospf 路由协议连接。
⑧ 企业所有设备,在任何位置都可以被telnet远程管理,管理vlan999,IP192.168.255.0/24
R1(出口设备)sysname R1
#
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user test password cipher 123
local-user test service-type ppp
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
interface Serial4/0/0
link-protocol ppp
ppp authentication-mode chap
description to shanghai_R2_S4/0/0
ip address 192.168.253.1 255.255.255.0
#
interface Serial4/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
description R1_G0/0/0-SW1_G0/0/24
ip address 192.168.254.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.248
nat server protocol tcp global 12.1.1.2 www inside 192.168.200.2 www
nat outbound 2000
#
ospf 1
area 0.0.0.0
network 192.168.253.0 0.0.0.255
network 192.168.254.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.6
ip route-static 192.168.0.0 255.255.0.0 192.168.254.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
return
SW1(核心)sysname SW1
#
undo info-center enable
#
vlan batch 10 20 200 800 999
#
dhcp enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114
#
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
#
interface Vlanif800
ip address 192.168.254.1 255.255.255.0
#
interface Vlanif999
ip address 192.168.255.1 255.255.255.0
#
interface Eth-Trunk1
description SW1_Eth-trunk1-SW3Eth-Trunk3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200 999
#
interface Eth-Trunk4
description SW1_Eth-trunk4-SW2_Eth-Trunk2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 999
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
eth-trunk 1
#
interface GigabitEthernet0/0/21
eth-trunk 4
#
interface GigabitEthernet0/0/22
eth-trunk 1
#
interface GigabitEthernet0/0/23
eth-trunk 4
#
interface GigabitEthernet0/0/24
description SW1_G0/0/24-R1_G0/0/0
port link-type access
port default vlan 800
#
ospf 1
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.200.0 0.0.0.255
network 192.168.254.0 0.0.0.255
network 192.168.255.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.254.2
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW2(汇聚)sysname SW2
#
undo info-center enable
#
vlan batch 10 20 999
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif999
ip address 192.168.255.2 255.255.255.0
#
interface Eth-Trunk2
description SW2_Eth-Trunk2-SW1_Eth-Trunk4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 999
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
description SW2_G0/0/2-SW4_E0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 999
#
interface GigabitEthernet0/0/3
description SW2_G0/0/3-SW5_E0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 999
#
interface GigabitEthernet0/0/23
eth-trunk 2
#
interface GigabitEthernet0/0/24
eth-trunk 2
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW3(汇聚)sysname SW3
#
undo info-center enable
#
vlan batch 200 999
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif999
ip address 192.168.255.3 255.255.255.0
#
interface Eth-Trunk3
description SW3_Eth-Trunk3-SW1_Eth_Trunk1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200 999
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/2
description g0/0/2-dataes_server
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 20 999
stp edged-port enable
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/17
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/20
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 200
stp edged-port enable
#
interface GigabitEthernet0/0/23
eth-trunk 3
#
interface GigabitEthernet0/0/24
eth-trunk 3
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW4(接入)sysname SW4
#
undo info-center enable
#
vlan batch 10 999
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif999
ip address 192.168.255.4 255.255.255.0
#
interface Ethernet0/0/1
description SW4_E0/0/1-SW2_G0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 999
#
interface Ethernet0/0/2
description PC1
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/3
description PC3
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/5
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/6
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/7
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/8
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/9
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/10
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/11
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/12
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/13
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/14
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/15
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/16
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/17
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/18
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/19
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/20
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/21
port link-type access
port default vlan 10
stp edged-port enable
#
interface Ethernet0/0/22
port link-type access
port default vlan 10
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.2
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
SW5(接入)sysname SW5
#
undo info-center enable
#
vlan batch 20 999
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user aaa password cipher 123
local-user aaa privilege level 3
local-user aaa service-type telnet
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif999
ip address 192.168.255.5 255.255.255.0
#
interface Ethernet0/0/1
description SW5_E0/0/1-SW2_G0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 999
#
interface Ethernet0/0/2
description PC2
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/3
description PC4
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/4
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/5
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/6
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/7
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/8
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/9
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/10
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/11
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/12
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/13
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/14
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/15
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/16
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/17
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/18
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/19
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/20
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/21
port link-type access
port default vlan 20
stp edged-port enable
#
interface Ethernet0/0/22
port link-type access
port default vlan 20
stp edged-port enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.2
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
#
return
PC3sysname PC3
#
undo info-center enable
#
dhcp enable
#
interface Ethernet0/0/1
ip address dhcp-alloc
#
return
PC4sysname PC4
#
undo info-center enable
#
dhcp enable
#
interface Ethernet0/0/1
ip address dhcp-alloc
#
return
命令翻译
#调整当前设备为根桥 优先级为0
stp root primary = stp root primary
#配置边缘端口
stp edged-port enable
#核心设备上的默认路由
ip route-static 0.0.0.0 0 192.168.254.2
#出口路由的默认路由
ip route-static 0.0.0.0 0 12.1.1.6
#出口设备上的回包路由
ip route-static 192.168.0.0 16 192.168.254.1
#创建acl2000
acl number 2000
#允许源事192.168.0.0网段的IP
rule 5 permit source 192.168.0.0 0.0.255.255
#出口nat转换,在出方向引用acl2000
nat outbound 2000
#将内网服务器的80端口映射成公网地址12.1.1.2的80端口
nat server protocol tcp global 12.1.1.2 www inside 192.168.200.2 www
#本地端
#进入aaa
aaa
#创建ppp用户和密码
local-user test password cipher 123
#设置test用户的服务类型是ppp
local-user test service-type ppp
#进入serial端口
inter Serial 4/0/0
#配置ppp认证模式为chap
ppp authentication-mode chap
#对端
#进入serial进口
int Serial 4/0/0
#配置ppp拨号账户
ppp chap user test
#配置ppp拨号密码
ppp chap password cipher 123
#进入aaa
aaa
#创建账户aaa权限级别3级密码是123
local-user aaa privilege level 3 password cipher 123
#aaa用户类型为telnet
local-user aaa service-type telnet
#进入vty接口
user-interface vty 0 4
#认证模式为aaa
authentication-mode aaa
| 
网络安全
发布于:2021-07-26 13:42
|
阅读数:343
|
评论:0
QQ好友和群
QQ空间
