思科网络配置

思科网络配置

Vlan简单划分

---------------------------sw1配置
en
conf t
vlan 10
exit
vlan 20
exit
​
end
show vlan
​
en
conf t
interface fa0/1
switchport mode access
switchport access vlan 10
exit
interface fa0/10
switchport mode access
switchport access vlan 20
​
exit
​
interface g0/1
switchport mode trunk
switchport trunk allowed vlan all
​
-----sw2
en
conf t
vlan 10
exit
vlan 20
exit
​
end
show vlan
​
en
conf t
interface fa0/1
switchport mode access
switchport access vlan 10
exit
​
interface fa0/10
switchport mode access
switchport access vlan 20
​
exit
interface g0/1
switchport mode trunk
switchport trunk allowed vlan all

 

静态路由简单划分

------------------R1
en
config t
interface e0/0/0
no shutdown
ip address 192.168.1.254 255.255.255.0
exit
​
interface fa0/0
no shutdown
ip address 12.12.12.1 255.255.255.0
exit
​
ip route 172.16.1.0 255.255.255.0
end
​
write
​
-----------------R2
​
en
config t
interface e0/0/0
no shutdown
ip address 172.16.1.254 255.255.255.0
exit
​
interface fa0/0
no shutdown
ip address 12.12.12.2 255.255.255.0
exit
​
ip route 192.168.1.0 255.255.255.0
end
​
write

单臂路由简单配置

image-20210820205158025

----------------------单臂路由
实验问题点:注意配置网关
​
----------------router
en
conf t
interface fa0/0
no shutdown
interface fa0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
exit
​
interface fa0/0
no shutdown
interface fa0/0.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
exit
​
----------------switch
--配置fa0/1和fa0/11和fa0/24
en
conf t
vlan 10
vlan 20
exit
interface fa0/1
no shutdown
switchport mode access
switchport access vlan 10
exit
​
interface fa0/11
no shutdown
switchport mode access
switchport access vlan 10
exit
​
interface fa0/24
no shutdown
switchport mode trunk
switchport trunk allowed vlan all
exit

路由汇总及默认路由配置

image-20210820205638142

 

-----------------------路由汇总及默认路由,从右往左依次,R1,R2,R3
---R1
en
conf t
interface fa0/0
ip address 192.168.1.254 255.255.255.0
no shutdown
exit
​
interface fa0/1
ip address 12.12.12.1 255.255.255.0
no shutdown
exit
​
ip route 76.12.0.0 255.255.0.0 12.12.12.2
​
​
​
---R2
​
en
conf t
​
interface fa0/1
ip address 12.12.12.2 255.255.255.0
no shutdown
exit
​
interface fa0/0
ip address 76.12.16.133 255.255.255.252
no shutdown
exit
​
ip route 192.168.1.0 255.255.255.0 12.12.12.1
ip route 76.12.32.0 255.255.255.0 76.12.16.134
ip route 76.12.96.0 255.255.255.0 76.12.16.134
​
​
---R3
en
conf t
​
interface fa0/0
ip address 76.12.16.134 255.255.255.252
no shutdown
exit
​
interface e0/2/0
ip address 76.12.96.254 255.255.255.0
no shutdown
exit
​
​
interface e0/0/0
ip address 76.12.32.254 255.255.255.0
no shutdown
exit
​
ip route 192.168.1.0 255.255.255.0 76.12.16.133
ip route 12.12.12.0 255.255.255.0 76.12.16.133

三层交换与路由器通信

---------------------三层交换与路由器通信
----sw1
en
conf t
vlan 10
vlan 20
exit
​
int vlan 10
ip address 192.168.10.254 255.255.255.0
exit
int vlan 20
ip address 192.168.20.254 255.255.255.0
exit
​
int fa0/1
switchport mode access
switchport access vlan 10
exit
​
int fa0/11
switchport mode access
switchport access vlan 20
exit
​
int fa0/24
no switchport
ip address 10.10.10.1 255.255.255.0
no shutdown
exit
​
ip routing
​
----R1
en
conf t
inter fa0/0
no shutdown
ip address 10.10.10.2 255.255.255.0
exit
do show ip route
ip route 192.168.0.0 255.255.0.0 10.10.10.1
exit
​

RIP

 

---------------------RIP
------sw1
en
conf t
vlan 10
exit
vlan 20
exit
vlan 30
exit
vlan 40
exit
​
inter fa0/2
switchport mode access
switchport access vlan 10
exit
​
inter fa0/3
switchport mode access
switchport access vlan 20
exit
​
inter fa0/4
switchport mode access
switchport access vlan 30
exit
​
inter fa0/5
switchport mode access
switchport access vlan 40
exit
​
inter fa0/1
switchport mode trunk
switchport trunk allowed vlan all
exit
​
-----R0
en
conf t
hostname R0
​
inter f0/1
inter f0/1.10
encapsulation dot1Q 10
ip address 1.1.1.1 255.255.255.0
exit
​
inter f0/1
inter f0/1.20
encapsulation dot1Q 20
ip address 2.2.2.1 255.255.255.0
exit
​
inter f0/1
inter f0/1.30
encapsulation dot1Q 30
ip address 3.3.3.1 255.255.255.0
exit
​
inter f0/1
inter f0/1.40
encapsulation dot1Q 40
ip address 172.16.1.254 255.255.255.0
exit
​
inter f0/0
ip address 12.12.12.2 255.255.255.0
exit
​
------R1
en
conf t
hostname R1
​
inter f0/0
ip address 192.168.1.254 255.255.255.0
exit
​
inter fa0/1
ip address 12.12.12.1 255.255.255.0
exit
​
​
​
----R1 :rip
​
​
router rip
version 2
network 192.168.1.0
network 12.12.12.0
exit
​
----R0:rip
​
router rip
version 2
network 3.3.3.0
network 2.2.2.0
network 1.1.1.0
network 172.16.1.0
network 12.12.12.0
exit

 

OSPF

 

------------------------OSPF,从右往左配置
---sw1
en
conf t
hostname sw1
​
vlan 10
vlan 20
vlan 30
vlan 40
exit
​
inter fa 0/2
switchport mode access
switchport access vlan 10
exit
​
inter fa 0/3
switchport mode access
switchport access vlan 20
exit
​
inter fa 0/4
switchport mode access
switchport access vlan 30
exit
​
inter fa 0/5
switchport mode access
switchport access vlan 40
exit
​
inter fa0/1
switchport mode trunk
switchport trunk allowed vlan all
exit
​
---R1
en
conf t
hostname R1
​
interface fa0/1
interface fa0/1.10
encapsulation dot1Q 10
ip address 1.1.1.1 255.255.255.0
exit
​
​
interface fa0/1
interface fa0/1.20
encapsulation dot1Q 20
ip address 2.2.2.1 255.255.255.0
exit
​
​
interface fa0/1
interface fa0/1.30
encapsulation dot1Q 30
ip address 3.3.3.1 255.255.255.0
exit
​
​
interface fa0/1
interface fa0/1.40
encapsulation dot1Q 40
ip address 172.16.1.254 255.255.255.0
exit
​
interface fa0/0
no shutdown
ip address 12.12.12.1 255.255.255.0
exit
​
router ospf 8
router-id 1.1.1.1
​
network 1.1.1.0 0.0.0.255 area 0
network 2.2.2.0 0.0.0.255 area 0
network 3.3.3.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
network 12.12.12.0 0.0.0.255 area 0
​
​
​
---R2
en
conf t
hostname R2
​
interface fa0/1
no shutdown
ip address 192.168.1.254 255.255.255.0
exit
​
interface fa0/0
no shutdown
ip address 12.12.12.2 255.255.255.0
exit
​
---ospf
​
---ospf
router ospf 8
router-id 2.2.2.2
network 192.168.1.0 0.0.0.255 area 0
network 12.12.12.0 0.0.0.255 area 0
​

标准acl

--------------------------------------------标准acl
---r0
en
conf t
hostname r0
​
interface fa0/0
ip address 192.168.10.1 255.255.255.0
no shutdown
exit
​
interface fa0/1
ip address 76.12.16.133 255.255.255.252
no shutdown
exit
​
ip route 76.12.32.0 255.255.255.0
​
---r1
en
conf t
hostname r0
​
interface fa0/0
ip address 76.12.32.254 255.255.255.0
no shutdown
exit
​
interface fa0/1
ip address 76.12.16.134 255.255.255.252
no shutdown
exit
​
ip route 192.168.10.0 255.255.255.0
​
---标准访问控制:允许10.100访问服务器,不允许10.1访问
en
conf t
access-list 5 permit 192.168.10.100 0.0.0.0
access-list 5 deny host 192.168.10.1
​
interface fa0/1
ip access-group 5 in
​
​

扩展ACL

-------------------------------扩展acl,使用默认路由连接
---R0
en
conf t
hostname R0

interface fa0/0
ip address 192.168.10.1 255.255.255.0
no shutdown
exit


interface fa0/1
ip address 76.12.16.133 255.255.255.252
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.134

---扩展acl离源近,所以选在r0
access-list 101 deny icmp host 192.168.10.1 host 76.12.32.1
access-list 101 permit tcp host 192.168.10.1 host 76.12.32.1 eq ?

access-list 101 permit tcp host 192.168.10.1 host 76.12.32.1 eq www

interface fa0/1
ip access-group 101 out
exit

end
write
---R1
en
conf t
hostname R1

interface fa0/1
ip address 76.12.16.134 255.255.255.252
no shutdown
exit

interface fa0/0
ip address 76.12.32.254 255.255.255.0
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.133
exit

end
write

源nat与目标nat

----------------------------源nat与目标nat
---R_Lan
en
conf t
hostname R_Lan

interface fa0/1
ip address 76.12.16.138 255.255.255.248
no shutdown
exit

interface fa0/0
ip address 192.168.20.254 255.255.255.0
no shutdown
exit

interface e0/0/0
ip address 192.168.10.254 255.255.255.0
no shutdown
exit

ip route 76.12.0.0 255.255.0.0 76.12.16.137

---nat转换,考虑地址可用问题,76.12.16.0/29,还剩:139,140可用

ip nat inside source static 192.168.10.1 76.12.16.139

ip nat inside source static tcp 192.168.20.1 80 76.12.16.140 80


interface e0/0/0
ip nat inside


interface fa0/1
ip nat outside

do show ip nat translations






interface fa0/0
ip nat inside
exit


---R_internet
en
conf t
hostname R_internet

interface fa0/1
ip address 76.12.16.137 255.255.255.248
no shutdown
exit

interface fa0/0
ip address 76.12.96.254 255.255.255.0
no shutdown
exit

interface e0/0/0
ip address 76.12.32.254 255.255.255.0
no shutdown
exit


ip route 192.168.0.0 255.255.0.0 76.12.16.138

动态nat

 

--------------------------------------动态nat,同网段
----r0
en
conf t
hostname r0

interface fa0/0
ip address 192.168.10.254 255.255.255.0
no shutdown
exit

interface fa0/1
ip address 76.12.16.138 255.255.255.248
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.137

---nat配置

access-list 8 permit 192.168.10.0 0.0.0.255

ip nat pool ac_eq 76.12.16.139 76.12.16.142 netmask 255.255.255.248

ip nat inside source list 8 pool ac_eq

interface fa 0/1
ip nat outside
exit

interface fa0/0
ip nat inside
exit



----r1
en
conf t
hostname r1

interface fa0/1
ip address 76.12.16.137 255.255.255.248
no shutdown
exit

interface fa0/0
ip address 76.12.96.254 255.255.255.0
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.138

动态nat单臂

--------------------------------------动态nat,单臂
----sw0
en
conf t
hostname sw0
vlan 10
vlan 20
exit

interface fa0/1
switchport mode access
switchport access vlan 10
exit

interface fa0/2
switchport mode access
switchport access vlan 20
exit

interface fa0/24
switchport mode trunk
switchport trunk allowed vlan all
exit
----r0
en
conf t
hostname r0

interface fa0/0
no shutdown
interface fa0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
exit
interface fa0/0.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
exit

interface fa0/1
ip address 76.12.16.138 255.255.255.248
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.137

---nat配置

access-list 6 permit 192.168.20.0 0.0.0.255

ip nat pool ac_db 76.12.16.139 76.12.16.142 netmask 255.255.255.248


ip nat inside source list 6 pool ac_db

interface fa 0/1
ip nat outside
exit

interface fa0/0.20
ip nat inside
exit



----r1
en
conf t
hostname r1

interface fa0/1
ip address 76.12.16.137 255.255.255.248
no shutdown
exit

interface fa0/0
ip address 76.12.96.254 255.255.255.0
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 76.12.16.138

 

综合实验

 

一端口配置

二静态路由,主机之间可以ping,且可以访问server0http服务

三acl:保证pc0-2能访问http服务
pc3不能访问http服务,但pc3可以pingserver0地址

四配置nat。是被acl限制的pc3可以重新访问服务器80端口业务,
五acl扩展。使pc2无法访问192.168.10.0/24,pc3不受影响(所有设备改为自己名字:如zhangsan-R1)


---------------------------------------------------------
----------------------一端口配置
---wangxin_sw1
en
conf t
hostname wangxin_sw1

vlan 40
vlan 50
exit

interface fa0/1
switchport mode access
switchport access vlan 40
exit

interface fa0/2
switchport mode access
switchport access vlan 50
exit

interface fa0/3
switchport mode trunk
switchport trunk allowed vlan all
exit



---wangxin_R1
en
conf t
hostname wangxin_R1

interface g0/1
no shutdown
inter g0/1.40
en do 40
ip address 76.12.96.254 255.255.255.0
exit

interface g0/1
inter g0/1.50
en do 50
ip address 76.12.32.254 255.255.255.0
exit

interface g0/0
ip address 12.12.12.2 255.255.255.0
no shutdown
exit



---------静态路由

ip route 0.0.0.0 0.0.0.0 12.12.12.1

---wangxin_R2
en
conf t
hostname wangxin_R2

interface g0/0
ip address 192.168.40.2 255.255.255.0
no shutdown
exit

interface g0/1
ip address 12.12.12.1 255.255.255.0
no shutdown
exit

---------静态路由

ip route 76.12.0.0 255.255.0.0 12.12.12.2
ip route 192.168.0.0 255.255.0.0 192.168.40.1

---wangxin_sw2
en
conf t
hostname wangxin_sw2

vlan 10
exit

interface  fa0/1
switchport mode access
switchport access vlan 10
exit

interface  fa0/2
switchport mode trunk
switchport trunk allowed vlan all
exit

---wangxin_sw3
en
conf t
hostname wangxin_sw3

vlan 20
exit

interface  fa0/2
switchport mode access
switchport access vlan 20
exit

interface  fa0/1
switchport mode trunk
switchport trunk allowed vlan all
exit

---wangxin_scjh0
en
conf t
hostname wangxin_scjh0

vlan 10
vlan 20
vlan 30

exit

int vlan 10
ip address 192.168.10.254 255.255.255.0
exit

int vlan 20
ip address 192.168.20.254 255.255.255.0
exit

int vlan 30
ip address 192.168.30.254 255.255.255.0
exit

interface fa0/1
switchport trunk encapsulation dot1q 
switchport mode trunk
exit

interface fa0/3
switchport trunk encapsulation dot1q 
switchport mode trunk
exit

interface fa0/2

switchport mode access
switchport access vlan 30
exit

interface fa0/4
no switchport
ip address 192.168.40.1 255.255.255.0
exit

---------静态路由

ip routing
ip route 76.12.0.0 255.255.0.0 192.168.40.2

--------三acl,配置在出口,进口的话会影响第四题的扩展nat

access-list 101 deny tcp host 76.12.32.1 host 192.168.30.1 eq 80
access-list 101 permit icmp host 76.12.32.1 host 192.168.30.1
access-list 101 permit ip any any

int g0/0
ip access-group 101 out


--------四配置nat

 

posted @ 2021-08-21 11:34  EpheSeren  阅读(749)  评论(0编辑  收藏  举报