网络配置.docx

1、网络配置网络拓扑图一、保证全网互通11、使直连互通（192.168.1.1-192.168.1.2）RT1配置：为路由配置ip地址：RT1int G0/0/1RT1-GigabitEthernet0/0/1ip add 192.168.1.1 24RT1-GigabitEthernet0/0/1int G0/0/2RT1-GigabitEthernet0/0/2ip add 192.168.3.1 24SW1配置：为交换机配置IP地址（交换机的地址需要在先换分vlan然后在vlan中配置）划分Vlan：SW1vlan 1000SW1-vlan1000vlan 1001SW1-vlan1001v

2、lan 10SW1-vlan10vlan 20SW1-vlan20vlan 30进入Vlan配置IP地址：Vlan1000：SW1int vlan 1000SW1-Vlan-interface1000ip add 192.168.1.2 24Vlan1001：SW1int vlan 1001SW1-Vlan-interface1001ip add 192.168.2.1 24使Vlan属于某个端口：SW1int E0/4/0SW1-Ethernet0/4/0port access vlan 1000测试结果：SW1-Ethernet0/4/0ping -a 192.168.1.2 192.16

3、8.1.1 PING 192.168.1.1: 56 data bytes, press CTRL_C to break Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=44 ms Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=5 ms Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=15 ms Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255

4、 time=20 ms Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=15 ms - 192.168.1.1 ping statistics - 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 5/19/44 ms12、使直连互通（192.168.3.1-192.168.3.2）SW2配置：划分VlanSW2vlan 1000SW2-vlan1000vlan 1001SW2-vlan1001vlan 1

5、0SW2-vlan10vlan 20SW2-vlan20vlan 30进入Vlan配置IP地址：Vlan1000：SW2-vlan30int vlan 1000SW2-Vlan-interface1000ip add 192.168.3.2 24Vlan1001：SW2-Vlan-interface1000int vlan 1001SW2-Vlan-interface1001ip add 192.168.2.2 24使Vlan属于某个端口：SW2-Ethernet0/4/0port access vlan 1000测试结果：SW2-Ethernet0/4/0ping -a 192.168.3.

6、2 192.168.3.1 PING 192.168.3.1: 56 data bytes, press CTRL_C to break Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=24 ms Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=30 ms Reply from 192.168.3.1: bytes=56 Sequence=

7、4 ttl=255 time=4 ms Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=20 ms - 192.168.3.1 ping statistics - 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 4/25/50 ms13、链路聚合（192.168.2.1-192.168.2.2）SW1配置：SW1int Bridge-Aggregation 1SW1int E0/4/2SW1-Ethern

8、et0/4/2port link-aggregation group 1SW1-Ethernet0/4/2int e0/4/1SW1-Ethernet0/4/1port link-aggregation group 1SW1int Bridge-Aggregation 1SW1-Bridge-Aggregation1port link-type trunkSW1-Bridge-Aggregation1port trunk permit vlan 1001SW2配置：SW2interface Bridge-Aggregation 1SW2int E0/4/1SW2-Ethernet0/4/1po

9、rt link-aggregation group 1SW2-Ethernet0/4/1int E0/4/2SW2-Ethernet0/4/2port link-aggregation group 1SW2int Bridge-Aggregation 1SW2-Bridge-Aggregation1port link-type trunk SW2-Bridge-Aggregation1port trunk permit vlan 1001测试结果：SW1-Bridge-Aggregation1ping -a 192.168.2.1 192.168.2.2 PING 192.168.2.2: 5

10、6 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=255 time=340 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=255 time=174 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=255 time=174 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=255 time=154 ms Request

11、time out - 192.168.2.2 ping statistics - 5 packet(s) transmitted 4 packet(s) received 20.00% packet lossround-trip min/avg/max = 154/210/340 ms1.4、将Vlan 10、Vlan 20、Vlan 30设置到相应端口:SW1配置：SW1int vlan 10 SW1-Vlan-interface10ip add 10.0.0.1 24SW1-Vlan-interface20int vlan 30 SW1-Vlan-interface30ip add 30.

12、0.0.1 24SW1-Vlan-interface30int E0/4/3 SW1-Ethernet0/4/3port access vlan 30SW1-Ethernet0/4/3int E0/4/4 SW1-Ethernet0/4/4port access vlan 10SW2配置：SW2int vlan 20SW2-Vlan-interface20ip add 20.0.0.1 24SW2-Vlan-interface20int E0/4/3SW2-Ethernet0/4/3port access vlan 201.5、设置OSPF：SW1：SW1ospf 1SW1-ospf-1are

13、a 0SW1-ospf-1-area-0.0.0.0network 192.168.1.0 0.0.0.255SW1-ospf-1-area-0.0.0.0network 192.168.2.0 0.0.0.255SW1-ospf-1-area-0.0.0.0network 10.0.0.0 0.0.0.255 SW1-ospf-1-area-0.0.0.0network 30.0.0.0 0.0.0.255查看配置SW1-ospf-1-area-0.0.0.0dis th# area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.

14、2.0 0.0.0.255 network 10.0.0.0 0.0.0.255 network 30.0.0.0 0.0.0.255#SW1-ospf-1-area-0.0.0.0dis ospf peer OSPF Process 1 with Router ID 192.168.2.1 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead-Time Interface State 192.168.3.1 192.168.1.1 1 28 Vlan1000 Full/DR 192.168.3.2 192.16

15、8.2.2 1 36 Vlan1001 Full/BDRSW2：SW2ospf 1SW2-ospf-1area 0SW2-ospf-1-area-0.0.0.0network 192.168.3.0 0.0.0.255SW2-ospf-1-area-0.0.0.0network 192.168.2.0 0.0.0.255查看配置：SW2-ospf-1-area-0.0.0.0dis th# area 0.0.0.0 network 192.168.3.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.0.0.0 0.0.0.255#SW2

16、-ospf-1-area-0.0.0.0dis ospf peer OSPF Process 1 with Router ID 192.168.3.2 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead-Time Interface State 192.168.3.1 192.168.3.1 1 36 Vlan1000 Full/DR 192.168.2.1 192.168.2.1 1 30 Vlan1001 Full/DRSW2-ospf-1-area-0.0.0.0dis ip routing-table

17、Routing Tables: Public Destinations : 7 Routes : 8Destination/Mask Proto Pre Cost NextHop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0192.168.1.0/24 OSPF 10 2 192.168.3.1 Vlan1000 OSPF 10 2 192.168.2.1 Vlan1001192.168.2.0/24 Direct 0 0 192.168.2.2 Vlan10

18、01192.168.2.2/32 Direct 0 0 127.0.0.1 InLoop0192.168.3.0/24 Direct 0 0 192.168.3.2 Vlan1000192.168.3.2/32 Direct 0 0 127.0.0.1 InLoop0测试结果：SW2-Ethernet0/4/3ping -a 20.0.0.1 30.0.0.1 PING 30.0.0.1: 56 data bytes, press CTRL_C to break Reply from 30.0.0.1: bytes=56 Sequence=1 ttl=255 time=130 ms Reply

19、 from 30.0.0.1: bytes=56 Sequence=2 ttl=255 time=155 ms Reply from 30.0.0.1: bytes=56 Sequence=3 ttl=255 time=164 ms Reply from 30.0.0.1: bytes=56 Sequence=4 ttl=255 time=185 ms Reply from 30.0.0.1: bytes=56 Sequence=5 ttl=255 time=164 ms - 30.0.0.1 ping statistics - 5 packet(s) transmitted 5 packet

20、(s) received 0.00% packet lossround-trip min/avg/max = 130/159/185 msRT1：RT1ospf 1RT1-ospf-1area 0RT1-ospf-1-area-0.0.0.0network 192.168.1.0 0.0.0.255RT1-ospf-1-area-0.0.0.0network 192.168.3.0 0.0.0.255二、接入外网2.1、设置ACL：RT1：为RT1添加IP地址：RT1-GigabitEthernet0/0/0ip add 14.0.0.1 24为RT1设置ACLRT1acl number 20

21、00RT1-acl-basic-2000rule permit source 10.0.0.1 0.0.0.255RT1-acl-basic-2000rule permit source 20.0.0.1 0.0.0.255RT1-acl-basic-2000int G0/0/0RT1-GigabitEthernet0/0/0nat outbound 20002.2、设置静态路由 SW1：SW1ip route-static 14.0.0.0 255.255.255.0 192.168.1.1测试结果：SW1ping -a 10.0.0.1 14.0.0.2 PING 14.0.0.2: 56

22、 data bytes, press CTRL_C to break Reply from 14.0.0.2: bytes=56 Sequence=1 ttl=254 time=40 ms Reply from 14.0.0.2: bytes=56 Sequence=2 ttl=254 time=30 ms Reply from 14.0.0.2: bytes=56 Sequence=3 ttl=254 time=5 ms Reply from 14.0.0.2: bytes=56 Sequence=4 ttl=254 time=30 ms Reply from 14.0.0.2: bytes

23、=56 Sequence=5 ttl=254 time=5 ms - 14.0.0.2 ping statistics - 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/22/40 msSW2：SW2ip route-static 14.0.0.0 255.255.255.0 192.168.3.1测试结果：SW2ping -a 20.0.0.1 14.0.0.2 PING 14.0.0.2: 56 data bytes, press CTRL_C to bre

24、ak Reply from 14.0.0.2: bytes=56 Sequence=1 ttl=254 time=4 ms Reply from 14.0.0.2: bytes=56 Sequence=2 ttl=254 time=15 ms Reply from 14.0.0.2: bytes=56 Sequence=3 ttl=254 time=30 ms Reply from 14.0.0.2: bytes=56 Sequence=4 ttl=254 time=24 ms Reply from 14.0.0.2: bytes=56 Sequence=5 ttl=254 time=30 m

25、s - 14.0.0.2 ping statistics - 5 packet(s) transmitted 5 packet(s) received 0.00% packet lossround-trip min/avg/max = 4/20/30 ms2.3、为RT2配置IP地址RT2int G0/0/0RT2-GigabitEthernet0/0/0ip add 14.0.0.2 24三、公网互通TR1：RT1int G0/0/3RT1-GigabitEthernet0/0/3ip add 12.0.0.1 24RT1ip route-static 23.0.0.0 255.255.25

26、5.0 12.0.0.2RT3:建IP地址：RT3int G0/0/0RT3-GigabitEthernet0/0/0ip add 12.0.0.2 24RT3-GigabitEthernet0/0/0int G0/0/1RT3-GigabitEthernet0/0/1ip add 23.0.0.2 24RT4:RT4int G0/0/0RT4-GigabitEthernet0/0/0ip add 23.0.0.3 24RT4-GigabitEthernet0/0/0int G0/0/1RT4-GigabitEthernet0/0/1ip add 40.0.0.1 24RT4-GigabitE

27、thernet0/0/1quRT4ip route-static 12.0.0.1 255.255.255.0 23.0.0.2测试结果：RT1ping -a 12.0.0.1 23.0.0.3 PING 23.0.0.3: 56 data bytes, press CTRL_C to break Reply from 23.0.0.3: bytes=56 Sequence=1 ttl=254 time=21 ms Request time out Request time out Reply from 23.0.0.3: bytes=56 Sequence=4 ttl=254 time=10

28、 ms Reply from 23.0.0.3: bytes=56 Sequence=5 ttl=254 time=10 ms - 23.0.0.3 ping statistics - 5 packet(s) transmitted 3 packet(s) received 40.00% packet loss round-trip min/avg/max = 10/13/21 ms四、建IPSEC、VPN建立ipsec和VPNRT4创建aclRT4acl number 3000RT4-acl-adv-3000rule permit ip source 40.0.0.0 0.0.0.255 d

29、estination 30.0.0.0 0.0.0.255创建ipsec proposal（安全提议）RT4ipsec proposal r1RT4-ipsec-proposal-r1transform espRT4-ipsec-proposal-r1esp authentication-algorithm sha1RT4-ipsec-proposal-r1esp encryption-algorithm 3desRT4-ipsec-proposal-r1encapsulation-mode tunnel创建ikeRT4ike peer r3RT4-ike-peer-r3pre-shared-

30、key 123RT4-ike-peer-r3remote-address 12.0.0.1创建ips policy（创建IP安全策略）RT4ips policy 1 10 isakmpRT4-ipsec-policy-isakmp-1-10security acl 3000RT4-ipsec-policy-isakmp-1-10ike-peer r3RT4-ipsec-policy-isakmp-1-10proposal r1将安全策略应用到指定端口RT4int g0/0/0RT4-GigabitEthernet0/0/0ipsec policy 1RT1：创建aclRT1acl number 3000RT1-acl-adv-3000rule permit ip source 30.0.0.0 0.0.0.255 destination 40.0.0.0 0.0.0.255创建ipsec proposal（安全提议）RT1