某大型网络的配置实例.docx

某大型网络的配置实例.docx

《某大型网络的配置实例.docx》由会员分享，可在线阅读，更多相关《某大型网络的配置实例.docx（26页珍藏版）》请在冰豆网上搜索。

某大型网络的配置实例

某大型网络的配置实例

说明:

这是一个比较综合的实例，从拓扑图上可以看出，它所包含的设备和技术。

以下对这个例子作些说明希望能够和各位网友交流。

1.对于内部局域网，选用Cisco的Catalyst6506作为中心交换机，二级交换采用Catalyst3500，同时为了说明Trunk，又加了一个Catalyst2900作为三级交换，对于终端连接用了Catalyst1900交换机，这样就可以在Catalyst6506与Catalyst3500之间以及Catalyst3500与Catalyst2900之间建立Trunk，实现跨交换机的VLAN。

注：

Catalyst2900系列如果要实现Trunk，软件必须是企业版的，关于类似疑问可以至疑难杂谈栏目。

2.对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了DDN、ISDN、FrameRelay、E1线路等。

3.本例给出设备的基本配置。

4.对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由.

5.在本例的帧中继配置中,运用了IPUnnumbered,可以节省地址资源,有兴趣可以注意一下

在网关有关*作说明讲行很多，但很少有实例，这个配置例我想对于许多入门的朋友启发不少，我也希望这么的帖子与大家共享和交流一下！

配置实例

VLAN划分问题:

对于交换设备本例中划到VLAN1中,而对于外连设备的所有以太网端口,均划到VLAN2中,下面给出各VLAN的名称和网关地址,本例划分8个VLAN.

VLANIDVLANNameGateway

VLAN1Bluestudy110.1.0.1/16

VLAN2Bluestudy210.2.0.1/16

VLAN3Bluestudy310.3.0.1/16

VLAN4Bluestudy410.4.0.1/16

VLAN5Bluestudy510.5.0.1/16

VLAN6Bluestudy610.6.0.1/16

VLAN7Bluestudy710.7.0.1/16

VLAN8Bluestudy810.8.0.1/16

Catalyst6506的配置

Enterpassword:

enable

Enterpassword:

configt

setsystemnameBluestudy

settime10/30/20009:

30:

00

setpassword

setenablepass

setinterfacesc010.1.0.2/16

setiproutedefault10.1.0.1

setipdnsserver10.1.0.100

setipdnsdomain

setipdnsenable

setvtpdomainbluestudymodeserver

setvlan1nameBluestudy1

setvlan2nameBluestudy2

setvlan3nameBluestudy3

setvlan4nameBluestudy4

setvlan5nameBluestudy5

setvlan6nameBluestudy6

setvlan7nameBluestudy7

setvlan8nameBluestudy8

setportnegotiation2/1-8enable

setportname2/1-8GEC802.1QTrunk

settrunk2/1-8desirabledot1q

setportspeed2/1-81000

setvlan13/1-48

对于6506的交换机方面的配置只需做出Trunk即可,因为要实现跨交换机之间的虚网,下面配置6506的路由模块,因为6506的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:

Session15

详情请见6506路由设置.

Catalyst6506RSM模块的配置

（enable）session15

TryingRouter-15...

ConnectedtoRouter-15.

Escapecharacteris'^]'.

enable

configureterminal

hostnamebluestudy

enablepasswordpassword

linevty06

passwordsecret_word

ipdomain-name

ipname-server10.1.0.100

interfacevlan1

ipaddress10.1.0.1255.255.0.0

noshutdown

interfacevlan2

ipaddress10.2.0.1255.255.0.0

noshutdown

interfacevlan3

ipaddress10.3.0.1255.255.0.0

noshutdown

interfacevlan4

ipaddress10.4.0.1255.255.0.0

noshutdown

interfacevlan5

ipaddress10.5.0.1255.255.0.0

noshutdown

interfacevlan6

ipaddress10.6.0.1255.255.0.0

noshutdown

interfacevlan7

ipaddress10.7.0.1255.255.0.0

noshutdown

interfacevlan8

ipaddress10.8.0.1255.255.0.0

noshutdown

routerrip

version2

network10.0.0.0

iproute0.0.0.00.0.0.010.2.0.12

iproute192.168.2.0255.255.255.010.2.0.13

iproute192.168.3.0255.255.255.24010.2.0.11

iproute192.168.4.0255.255.255.010.2.0.11

iproute192.168.5.0255.255.255.010.2.0.11

iproute192.168.6.0255.255.255.010.2.0.11

copyrunning-configstartup-config

Buildingconfiguration...

[OK]

这里给出的是单纯的命令行,略去了一些默认状况的设置.

Catalyst3500的配置

Catalyst3500的配置

!

version12.0

noservicepad

servicetimestampsdebuguptime

servicetimestampsloguptime

servicepassword-encryption

!

hostnamebluestudy

!

enablepasswordpassword

!

usernamebluestudypasswordpassword

usernametestpasswordpassword

!

省略端口的显示

!

interfaceGigabitEthernet0/1

switchporttrunkencapsulationdot1q

switchportmodetrunk

!

interfaceGigabitEthernet0/2

!

interfaceVLAN1

ipaddress10.1.0.4255.255.0.0

iphelper-address10.1.0.100

ipdirected-broadcast

noiproute-cache

!

ipdefault-gateway10.1.0.1

interfaceEthernet1/1（与2900对接）

switchporttrunkencapsulationdot1q

switchportmodetrunk

!

interfaceEthernet1/2（与1900A对接）

switchportaccessVLAN3

noshut

!

interfaceEthernet1/3（与1900B对接）

switchportaccessVLAN4

noshut

!

snmp-serverengineIDlocal000000090200000216BE4E80

snmp-servercommunitypublicRO

snmp-servercommunityprivateRW

snmp-serverchassis-id0x17

（打开简单的网络管理，便于以后，Cisco网管软件识别和管理）

!

linecon0

loginlocal

transportinputnone

stopbits1

linevty04

loginlocal

linevty515

login

!

end

Catalyst2900的配置

Catalyst2900的配置

2900的配置与3500的相似,命令如下

hostnamebluestudy

!

enablepasswordpassword

!

usernamebluestudypasswordpassword

usernametestpasswordpassword

!

省略端口的显示

!

interfaceEthernet0/1（与3500对接）

switchporttrunkencapsulationdot1q

switchportmodetrunk

!

interfaceVLAN1

ipaddress10.1.0.3255.255.0.0

iphelper-address10.1.0.100

ipdirected-broadcast

noiproute-cache

!

ipdefault-gateway10.1.0.1

!

interfaceEthernet0/2（与1900C对接）

switchportaccessVLAN5

noshut

!

interfaceEthernet0/3（与1900D对接）

switchportaccessVLAN6

noshut

!

snmp-serverengineIDlocal000000090200000216BE4E80

snmp-servercommunitypublicRO

snmp-servercommunityprivateRW

snmp-serverchassis-id0x17

!

linecon0

loginlocal

transportinputnone

stopbits1

linevty04

loginlocal

linevty515

login

!

end

CiscoCatalyst1900的配置

CiscoCatalyst1900的配置

对于1900的配置就相对容易得多了

只需在enable状态下键入Setup就会进入配置向导

给出交换机的

IP地址:

10.3.0.5

掩码:

255.255.0.0

网关:

10.3.0.1

就可以了,另外应该打开简单的网络管理协议SNMP

snmp-servercommunitypublicRO

snmp-servercommunityprivateRW

即可

PIX520A的基本配置

PIXVersion4.2（4）

nameifethernet0outsidesecurity0

nameifethernet1insidesecurity100

enablepasswordpasswordencrypted

passwdpasswordencrypted

hostnamepix_A

fixupprotocolftp21

fixupprotocolhttp80

fixupprotocolsmtp25

fixupprotocolh3231720

fixupprotocolrsh514

fixupprotocolsqlnet1521

names

nofailover

failovertimeout0:

00:

00

failoveripaddressoutside0.0.0.0

failoveripaddressinside0.0.0.0

pagerlines24

nologgingconsole

loggingmonitordebugging

loggingbuffereddebugging

nologgingtrap

loggingfacility20

interfaceethernet0auto

interfaceethernet1auto

ipaddressoutside192.168.0.1255.255.255.252

ipaddressinside10.2.0.13255.255.0.0

arptimeout14400

nat（inside）0192.168.0.0255.255.255.252

ripoutsidepassive

noripoutsidedefault

noripinsidepassive

ripinsidedefault

routeoutside192.168.2.0255.255.255.0192.168.0.2

routeinside0.0.0.00.0.0.010.2.0.1

timeoutxlate3:

00:

00conn1:

00:

00udp0:

02:

00

timeoutrpc0:

10:

00h3230:

05:

00

timeoutuauth0:

05:

00absolut

esnmp-servercommunitypublicRO

snmp-servercommunityprivateRW

telnet10.2.0.200255.255.255.255

telnettimeout15

mtuoutside1500

mtuinside1500

floodguard0

Cisco2610A的配置

Cisco2610A的配置

Currentconfiguration:

!

version11.3

servicetimestampsdebuguptime

servicetimestampsloguptime

servicepassword-encryption

!

hostname2610A

!

enablepasswordpassword

!

usernamebluestudypasswordpassword

noipdomain-lookup!

!

interfaceEthernet0/0

ipaddress192.168.0.2255.255.255.252

noshut

!

interfaceSerial0/0

ipaddress192.168.0.5255.255.255.252

noshut

!

interfaceSerial0/1

noipaddress

shutdown

!

iproute0.0.0.00.0.0.0192.168.0.1

iproute192.168.2.0255.255.255.0192.168.0.6

!

snmp-servercommunitypublicRO

snmp-servercommunityprivateRW

!

linecon0

lineaux0

linevty04

loginlocal

!

noschedulerallocate

end

Cisco1603的配置

Currentconfiguration:

!

version12.0

servicetimestampsdebuguptime

servicetimestampsloguptime

noservicepassword-encryption

!

hostname1603

!

enablesecretpassword

enablepasswordpassword

!

memory-sizeiomem25

ipsubnet-zero

!

interfaceSerial0

ipaddress192.168.0.6255.255.255.252

noipdirected-broadcast

!

interfaceEthernet0

ipaddress192.168.2.1255.255.255.0

noipunreachables

noipdirected-broadcast

!

ipclassless

iproute0.0.0.00.0.0.0s0

noiphttpserver

!

snmp-servercommunitypublicRO

snmp-servercommunityprivateRW

!

linecon0

passwordpassword

transportinputnone

lineaux0

linevty04

passwordpassword

login

!

noschedulerallocate

end

PIX520B的基本配置

PIXVersion4.2（4）

nameifethernet0outsidesecurity0

nameifethernet1insidesecurity100

enablepasswordpasswordencrypted

passwdpasswordencrypted

hostnamepix520_B

fixupprotocolftp21

fixupprotocolhttp80

fixupprotocolsmtp25

fixupprotocolh3231720

fixupprotocolrsh514

fixupprotocolsqlnet1521

names

nofailover

failovertimeout0:

00:

00

failoveripaddressoutside0.0.0.0

failoveripaddressinside0.0.0.0

pagerlines24

nologgingconsole

nologgingmonitor

nologgingbuffered

nologgingtrap

loggingfacility20

interfaceethernet0auto

interfaceethernet1auto

ipaddressoutside202.108.66.97255.255.255.248

ipaddressinside10.2.0.12255.255.0.0

arptimeout14400

global（outside）1202.108.66.100

nat（inside）10.0.0.00.0.0.000

noripoutsidepassive

noripoutsidedefault

noripinsidepassive

noripinsidedefault

routeoutside0.0.0.00.0.0.0202.109.77.98

timeoutxlate3:

00:

00conn1:

00:

00udp0:

02:

00

timeoutrpc0:

10:

00h3230:

05:

00

timeoutuauth0:

05:

00absolute

nosnmp-serverlocation

nosnmp-servercontact

snmp-servercommunitypublic

nosnmp-serverenabletraps

telnet10.2.0.200255.255.255.255

telnettimeout15

mtuoutside1500

mtuinside1500

floodguard0

Cisco2610B的配置

Currentconfiguration:

!

version11.3

servicetimestampsdebuguptime

servicetimestampsloguptime

servicepassword-encryption

!

hostname2610B

!

ena