某大型网络的配置实例.docx
《某大型网络的配置实例.docx》由会员分享,可在线阅读,更多相关《某大型网络的配置实例.docx(26页珍藏版)》请在冰豆网上搜索。
某大型网络的配置实例
某大型网络的配置实例
说明:
这是一个比较综合的实例,从拓扑图上可以看出,它所包含的设备和技术。
以下对这个例子作些说明希望能够和各位网友交流。
1.对于内部局域网,选用Cisco的Catalyst6506作为中心交换机,二级交换采用Catalyst3500,同时为了说明Trunk,又加了一个Catalyst2900作为三级交换,对于终端连接用了Catalyst1900交换机,这样就可以在Catalyst6506与Catalyst3500之间以及Catalyst3500与Catalyst2900之间建立Trunk,实现跨交换机的VLAN。
注:
Catalyst2900系列如果要实现Trunk,软件必须是企业版的,关于类似疑问可以至疑难杂谈栏目。
2.对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了DDN、ISDN、FrameRelay、E1线路等。
3.本例给出设备的基本配置。
4.对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由.
5.在本例的帧中继配置中,运用了IPUnnumbered,可以节省地址资源,有兴趣可以注意一下
在网关有关*作说明讲行很多,但很少有实例,这个配置例我想对于许多入门的朋友启发不少,我也希望这么的帖子与大家共享和交流一下!
配置实例
VLAN划分问题:
对于交换设备本例中划到VLAN1中,而对于外连设备的所有以太网端口,均划到VLAN2中,下面给出各VLAN的名称和网关地址,本例划分8个VLAN.
VLANIDVLANNameGateway
VLAN1Bluestudy110.1.0.1/16
VLAN2Bluestudy210.2.0.1/16
VLAN3Bluestudy310.3.0.1/16
VLAN4Bluestudy410.4.0.1/16
VLAN5Bluestudy510.5.0.1/16
VLAN6Bluestudy610.6.0.1/16
VLAN7Bluestudy710.7.0.1/16
VLAN8Bluestudy810.8.0.1/16
Catalyst6506的配置
Enterpassword:
enable
Enterpassword:
configt
setsystemnameBluestudy
settime10/30/20009:
30:
00
setpassword
setenablepass
setinterfacesc010.1.0.2/16
setiproutedefault10.1.0.1
setipdnsserver10.1.0.100
setipdnsdomain
setipdnsenable
setvtpdomainbluestudymodeserver
setvlan1nameBluestudy1
setvlan2nameBluestudy2
setvlan3nameBluestudy3
setvlan4nameBluestudy4
setvlan5nameBluestudy5
setvlan6nameBluestudy6
setvlan7nameBluestudy7
setvlan8nameBluestudy8
setportnegotiation2/1-8enable
setportname2/1-8GEC802.1QTrunk
settrunk2/1-8desirabledot1q
setportspeed2/1-81000
setvlan13/1-48
对于6506的交换机方面的配置只需做出Trunk即可,因为要实现跨交换机之间的虚网,下面配置6506的路由模块,因为6506的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:
Session15
详情请见6506路由设置.
Catalyst6506RSM模块的配置
(enable)session15
TryingRouter-15...
ConnectedtoRouter-15.
Escapecharacteris'^]'.
enable
configureterminal
hostnamebluestudy
enablepasswordpassword
linevty06
passwordsecret_word
ipdomain-name
ipname-server10.1.0.100
interfacevlan1
ipaddress10.1.0.1255.255.0.0
noshutdown
interfacevlan2
ipaddress10.2.0.1255.255.0.0
noshutdown
interfacevlan3
ipaddress10.3.0.1255.255.0.0
noshutdown
interfacevlan4
ipaddress10.4.0.1255.255.0.0
noshutdown
interfacevlan5
ipaddress10.5.0.1255.255.0.0
noshutdown
interfacevlan6
ipaddress10.6.0.1255.255.0.0
noshutdown
interfacevlan7
ipaddress10.7.0.1255.255.0.0
noshutdown
interfacevlan8
ipaddress10.8.0.1255.255.0.0
noshutdown
routerrip
version2
network10.0.0.0
iproute0.0.0.00.0.0.010.2.0.12
iproute192.168.2.0255.255.255.010.2.0.13
iproute192.168.3.0255.255.255.24010.2.0.11
iproute192.168.4.0255.255.255.010.2.0.11
iproute192.168.5.0255.255.255.010.2.0.11
iproute192.168.6.0255.255.255.010.2.0.11
copyrunning-configstartup-config
Buildingconfiguration...
[OK]
这里给出的是单纯的命令行,略去了一些默认状况的设置.
Catalyst3500的配置
Catalyst3500的配置
!
version12.0
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
servicepassword-encryption
!
hostnamebluestudy
!
enablepasswordpassword
!
usernamebluestudypasswordpassword
usernametestpasswordpassword
!
省略端口的显示
!
interfaceGigabitEthernet0/1
switchporttrunkencapsulationdot1q
switchportmodetrunk
!
interfaceGigabitEthernet0/2
!
interfaceVLAN1
ipaddress10.1.0.4255.255.0.0
iphelper-address10.1.0.100
ipdirected-broadcast
noiproute-cache
!
ipdefault-gateway10.1.0.1
interfaceEthernet1/1(与2900对接)
switchporttrunkencapsulationdot1q
switchportmodetrunk
!
interfaceEthernet1/2(与1900A对接)
switchportaccessVLAN3
noshut
!
interfaceEthernet1/3(与1900B对接)
switchportaccessVLAN4
noshut
!
snmp-serverengineIDlocal000000090200000216BE4E80
snmp-servercommunitypublicRO
snmp-servercommunityprivateRW
snmp-serverchassis-id0x17
(打开简单的网络管理,便于以后,Cisco网管软件识别和管理)
!
linecon0
loginlocal
transportinputnone
stopbits1
linevty04
loginlocal
linevty515
login
!
end
Catalyst2900的配置
Catalyst2900的配置
2900的配置与3500的相似,命令如下
hostnamebluestudy
!
enablepasswordpassword
!
usernamebluestudypasswordpassword
usernametestpasswordpassword
!
省略端口的显示
!
interfaceEthernet0/1(与3500对接)
switchporttrunkencapsulationdot1q
switchportmodetrunk
!
interfaceVLAN1
ipaddress10.1.0.3255.255.0.0
iphelper-address10.1.0.100
ipdirected-broadcast
noiproute-cache
!
ipdefault-gateway10.1.0.1
!
interfaceEthernet0/2(与1900C对接)
switchportaccessVLAN5
noshut
!
interfaceEthernet0/3(与1900D对接)
switchportaccessVLAN6
noshut
!
snmp-serverengineIDlocal000000090200000216BE4E80
snmp-servercommunitypublicRO
snmp-servercommunityprivateRW
snmp-serverchassis-id0x17
!
linecon0
loginlocal
transportinputnone
stopbits1
linevty04
loginlocal
linevty515
login
!
end
CiscoCatalyst1900的配置
CiscoCatalyst1900的配置
对于1900的配置就相对容易得多了
只需在enable状态下键入Setup就会进入配置向导
给出交换机的
IP地址:
10.3.0.5
掩码:
255.255.0.0
网关:
10.3.0.1
就可以了,另外应该打开简单的网络管理协议SNMP
snmp-servercommunitypublicRO
snmp-servercommunityprivateRW
即可
PIX520A的基本配置
PIXVersion4.2(4)
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepasswordpasswordencrypted
passwdpasswordencrypted
hostnamepix_A
fixupprotocolftp21
fixupprotocolhttp80
fixupprotocolsmtp25
fixupprotocolh3231720
fixupprotocolrsh514
fixupprotocolsqlnet1521
names
nofailover
failovertimeout0:
00:
00
failoveripaddressoutside0.0.0.0
failoveripaddressinside0.0.0.0
pagerlines24
nologgingconsole
loggingmonitordebugging
loggingbuffereddebugging
nologgingtrap
loggingfacility20
interfaceethernet0auto
interfaceethernet1auto
ipaddressoutside192.168.0.1255.255.255.252
ipaddressinside10.2.0.13255.255.0.0
arptimeout14400
nat(inside)0192.168.0.0255.255.255.252
ripoutsidepassive
noripoutsidedefault
noripinsidepassive
ripinsidedefault
routeoutside192.168.2.0255.255.255.0192.168.0.2
routeinside0.0.0.00.0.0.010.2.0.1
timeoutxlate3:
00:
00conn1:
00:
00udp0:
02:
00
timeoutrpc0:
10:
00h3230:
05:
00
timeoutuauth0:
05:
00absolut
esnmp-servercommunitypublicRO
snmp-servercommunityprivateRW
telnet10.2.0.200255.255.255.255
telnettimeout15
mtuoutside1500
mtuinside1500
floodguard0
Cisco2610A的配置
Cisco2610A的配置
Currentconfiguration:
!
version11.3
servicetimestampsdebuguptime
servicetimestampsloguptime
servicepassword-encryption
!
hostname2610A
!
enablepasswordpassword
!
usernamebluestudypasswordpassword
noipdomain-lookup!
!
interfaceEthernet0/0
ipaddress192.168.0.2255.255.255.252
noshut
!
interfaceSerial0/0
ipaddress192.168.0.5255.255.255.252
noshut
!
interfaceSerial0/1
noipaddress
shutdown
!
iproute0.0.0.00.0.0.0192.168.0.1
iproute192.168.2.0255.255.255.0192.168.0.6
!
snmp-servercommunitypublicRO
snmp-servercommunityprivateRW
!
linecon0
lineaux0
linevty04
loginlocal
!
noschedulerallocate
end
Cisco1603的配置
Currentconfiguration:
!
version12.0
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepassword-encryption
!
hostname1603
!
enablesecretpassword
enablepasswordpassword
!
memory-sizeiomem25
ipsubnet-zero
!
interfaceSerial0
ipaddress192.168.0.6255.255.255.252
noipdirected-broadcast
!
interfaceEthernet0
ipaddress192.168.2.1255.255.255.0
noipunreachables
noipdirected-broadcast
!
ipclassless
iproute0.0.0.00.0.0.0s0
noiphttpserver
!
snmp-servercommunitypublicRO
snmp-servercommunityprivateRW
!
linecon0
passwordpassword
transportinputnone
lineaux0
linevty04
passwordpassword
login
!
noschedulerallocate
end
PIX520B的基本配置
PIXVersion4.2(4)
nameifethernet0outsidesecurity0
nameifethernet1insidesecurity100
enablepasswordpasswordencrypted
passwdpasswordencrypted
hostnamepix520_B
fixupprotocolftp21
fixupprotocolhttp80
fixupprotocolsmtp25
fixupprotocolh3231720
fixupprotocolrsh514
fixupprotocolsqlnet1521
names
nofailover
failovertimeout0:
00:
00
failoveripaddressoutside0.0.0.0
failoveripaddressinside0.0.0.0
pagerlines24
nologgingconsole
nologgingmonitor
nologgingbuffered
nologgingtrap
loggingfacility20
interfaceethernet0auto
interfaceethernet1auto
ipaddressoutside202.108.66.97255.255.255.248
ipaddressinside10.2.0.12255.255.0.0
arptimeout14400
global(outside)1202.108.66.100
nat(inside)10.0.0.00.0.0.000
noripoutsidepassive
noripoutsidedefault
noripinsidepassive
noripinsidedefault
routeoutside0.0.0.00.0.0.0202.109.77.98
timeoutxlate3:
00:
00conn1:
00:
00udp0:
02:
00
timeoutrpc0:
10:
00h3230:
05:
00
timeoutuauth0:
05:
00absolute
nosnmp-serverlocation
nosnmp-servercontact
snmp-servercommunitypublic
nosnmp-serverenabletraps
telnet10.2.0.200255.255.255.255
telnettimeout15
mtuoutside1500
mtuinside1500
floodguard0
Cisco2610B的配置
Currentconfiguration:
!
version11.3
servicetimestampsdebuguptime
servicetimestampsloguptime
servicepassword-encryption
!
hostname2610B
!
ena