网络配置.docx - 冰点文库

资源描述

网络配置.docx

《网络配置.docx》由会员分享，可在线阅读，更多相关《网络配置.docx（16页珍藏版）》请在冰点文库上搜索。

网络配置.docx

网络配置

网络拓扑图

一、保证全网互通

1．1、使直连互通（192.168.1.1->192.168.1.2）

RT1配置：

为路由配置ip地址：

[RT1]intG0/0/1

[RT1-GigabitEthernet0/0/1]ipadd192.168.1.124

[RT1-GigabitEthernet0/0/1]intG0/0/2

[RT1-GigabitEthernet0/0/2]ipadd192.168.3.124

SW1配置：

为交换机配置IP地址（交换机的地址需要在先换分vlan然后在vlan中配置）

划分Vlan：

[SW1]vlan1000

[SW1-vlan1000]vlan1001

[SW1-vlan1001]vlan10

[SW1-vlan10]vlan20

[SW1-vlan20]vlan30

进入Vlan配置IP地址：

Vlan1000：

[SW1]intvlan1000

[SW1-Vlan-interface1000]ipadd192.168.1.224

Vlan1001：

[SW1]intvlan1001

[SW1-Vlan-interface1001]ipadd192.168.2.124

使Vlan属于某个端口：

[SW1]intE0/4/0

[SW1-Ethernet0/4/0]portaccessvlan1000

测试结果：

[SW1-Ethernet0/4/0]ping-a192.168.1.2192.168.1.1

PING192.168.1.1:

56databytes,pressCTRL_Ctobreak

Replyfrom192.168.1.1:

bytes=56Sequence=1ttl=255time=44ms

Replyfrom192.168.1.1:

bytes=56Sequence=2ttl=255time=5ms

Replyfrom192.168.1.1:

bytes=56Sequence=3ttl=255time=15ms

Replyfrom192.168.1.1:

bytes=56Sequence=4ttl=255time=20ms

Replyfrom192.168.1.1:

bytes=56Sequence=5ttl=255time=15ms

---192.168.1.1pingstatistics---

5packet（s）transmitted

5packet（s）received

0.00%packetloss

round-tripmin/avg/max=5/19/44ms

1．2、使直连互通（192.168.3.1->192.168.3.2）

SW2配置：

划分Vlan

[SW2]vlan1000

[SW2-vlan1000]vlan1001

[SW2-vlan1001]vlan10

[SW2-vlan10]vlan20

[SW2-vlan20]vlan30

进入Vlan配置IP地址：

Vlan1000：

[SW2-vlan30]intvlan1000

[SW2-Vlan-interface1000]ipadd192.168.3.224

Vlan1001：

[SW2-Vlan-interface1000]intvlan1001

[SW2-Vlan-interface1001]ipadd192.168.2.224

使Vlan属于某个端口：

[SW2-Ethernet0/4/0]portaccessvlan1000

测试结果：

[SW2-Ethernet0/4/0]ping-a192.168.3.2192.168.3.1

PING192.168.3.1:

56databytes,pressCTRL_Ctobreak

Replyfrom192.168.3.1:

bytes=56Sequence=1ttl=255time=50ms

Replyfrom192.168.3.1:

bytes=56Sequence=2ttl=255time=24ms

Replyfrom192.168.3.1:

bytes=56Sequence=3ttl=255time=30ms

Replyfrom192.168.3.1:

bytes=56Sequence=4ttl=255time=4ms

Replyfrom192.168.3.1:

bytes=56Sequence=5ttl=255time=20ms

---192.168.3.1pingstatistics---

5packet（s）transmitted

5packet（s）received

0.00%packetloss

round-tripmin/avg/max=4/25/50ms

1．3、链路聚合（192.168.2.1->192.168.2.2）

SW1配置：

[SW1]intBridge-Aggregation1

[SW1]intE0/4/2

[SW1-Ethernet0/4/2]portlink-aggregationgroup1

[SW1-Ethernet0/4/2]inte0/4/1

[SW1-Ethernet0/4/1]portlink-aggregationgroup1

[SW1]intBridge-Aggregation1

[SW1-Bridge-Aggregation1]portlink-typetrunk

[SW1-Bridge-Aggregation1]porttrunkpermitvlan1001

SW2配置：

[SW2]interfaceBridge-Aggregation1

[SW2]intE0/4/1

[SW2-Ethernet0/4/1]portlink-aggregationgroup1

[SW2-Ethernet0/4/1]intE0/4/2

[SW2-Ethernet0/4/2]portlink-aggregationgroup1

[SW2]intBridge-Aggregation1

[SW2-Bridge-Aggregation1]portlink-typetrunk

[SW2-Bridge-Aggregation1]porttrunkpermitvlan1001

测试结果：

[SW1-Bridge-Aggregation1]ping-a192.168.2.1192.168.2.2

PING192.168.2.2:

56databytes,pressCTRL_Ctobreak

Replyfrom192.168.2.2:

bytes=56Sequence=1ttl=255time=340ms

Replyfrom192.168.2.2:

bytes=56Sequence=2ttl=255time=174ms

Replyfrom192.168.2.2:

bytes=56Sequence=3ttl=255time=174ms

Replyfrom192.168.2.2:

bytes=56Sequence=4ttl=255time=154ms

Requesttimeout

---192.168.2.2pingstatistics---

5packet（s）transmitted

4packet（s）received

20.00%packetloss

round-tripmin/avg/max=154/210/340ms

1.4、将Vlan10、Vlan20、Vlan30设置到相应端口:

SW1配置：

[SW1]intvlan10

[SW1-Vlan-interface10]ipadd10.0.0.124

[SW1-Vlan-interface20]intvlan30

[SW1-Vlan-interface30]ipadd30.0.0.124

[SW1-Vlan-interface30]intE0/4/3

[SW1-Ethernet0/4/3]portaccessvlan30

[SW1-Ethernet0/4/3]intE0/4/4

[SW1-Ethernet0/4/4]portaccessvlan10

SW2配置：

[SW2]intvlan20

[SW2-Vlan-interface20]ipadd20.0.0.124

[SW2-Vlan-interface20]intE0/4/3

[SW2-Ethernet0/4/3]portaccessvlan20

1.5、设置OSPF：

SW1：

[SW1]ospf1

[SW1-ospf-1]area0

[SW1-ospf-1-area-0.0.0.0]network192.168.1.00.0.0.255

[SW1-ospf-1-area-0.0.0.0]network192.168.2.00.0.0.255

[SW1-ospf-1-area-0.0.0.0]network10.0.0.00.0.0.255

[SW1-ospf-1-area-0.0.0.0]network30.0.0.00.0.0.255

查看配置

[SW1-ospf-1-area-0.0.0.0]disth

area0.0.0.0

network192.168.1.00.0.0.255

network192.168.2.00.0.0.255

network10.0.0.00.0.0.255

network30.0.0.00.0.0.255

[SW1-ospf-1-area-0.0.0.0]disospfpeer

OSPFProcess1withRouterID192.168.2.1

NeighborBriefInformation

Area:

0.0.0.0

RouterIDAddressPriDead-TimeInterfaceState

192.168.3.1192.168.1.1128Vlan1000Full/DR

192.168.3.2192.168.2.2136Vlan1001Full/BDR

SW2：

[SW2]ospf1

[SW2-ospf-1]area0

[SW2-ospf-1-area-0.0.0.0]network192.168.3.00.0.0.255

[SW2-ospf-1-area-0.0.0.0]network192.168.2.00.0.0.255

查看配置：

[SW2-ospf-1-area-0.0.0.0]disth

area0.0.0.0

network192.168.3.00.0.0.255

network192.168.2.00.0.0.255

network20.0.0.00.0.0.255

[SW2-ospf-1-area-0.0.0.0]disospfpeer

OSPFProcess1withRouterID192.168.3.2

NeighborBriefInformation

Area:

0.0.0.0

RouterIDAddressPriDead-TimeInterfaceState

192.168.3.1192.168.3.1136Vlan1000Full/DR

192.168.2.1192.168.2.1130Vlan1001Full/DR

[SW2-ospf-1-area-0.0.0.0]disiprouting-table

RoutingTables:

Public

Destinations:

7Routes:

Destination/MaskProtoPreCostNextHopInterface

127.0.0.0/8Direct00127.0.0.1InLoop0

127.0.0.1/32Direct00127.0.0.1InLoop0

192.168.1.0/24OSPF102192.168.3.1Vlan1000

OSPF102192.168.2.1Vlan1001

192.168.2.0/24Direct00192.168.2.2Vlan1001

192.168.2.2/32Direct00127.0.0.1InLoop0

192.168.3.0/24Direct00192.168.3.2Vlan1000

192.168.3.2/32Direct00127.0.0.1InLoop0

测试结果：

[SW2-Ethernet0/4/3]ping-a20.0.0.130.0.0.1

PING30.0.0.1:

56databytes,pressCTRL_Ctobreak

Replyfrom30.0.0.1:

bytes=56Sequence=1ttl=255time=130ms

Replyfrom30.0.0.1:

bytes=56Sequence=2ttl=255time=155ms

Replyfrom30.0.0.1:

bytes=56Sequence=3ttl=255time=164ms

Replyfrom30.0.0.1:

bytes=56Sequence=4ttl=255time=185ms

Replyfrom30.0.0.1:

bytes=56Sequence=5ttl=255time=164ms

---30.0.0.1pingstatistics---

5packet（s）transmitted

5packet（s）received

0.00%packetloss

round-tripmin/avg/max=130/159/185ms

RT1：

[RT1]ospf1

[RT1-ospf-1]area0

[RT1-ospf-1-area-0.0.0.0]network192.168.1.00.0.0.255

[RT1-ospf-1-area-0.0.0.0]network192.168.3.00.0.0.255

二、接入外网

2.1、设置ACL：

RT1：

为RT1添加IP地址：

[RT1-GigabitEthernet0/0/0]ipadd14.0.0.124

为RT1设置ACL

[RT1]aclnumber2000

[RT1-acl-basic-2000]rulepermitsource10.0.0.10.0.0.255

[RT1-acl-basic-2000]rulepermitsource20.0.0.10.0.0.255

[RT1-acl-basic-2000]intG0/0/0

[RT1-GigabitEthernet0/0/0]natoutbound2000

2.2、设置静态路由

SW1：

[SW1]iproute-static14.0.0.0255.255.255.0192.168.1.1

测试结果：

[SW1]ping-a10.0.0.114.0.0.2

PING14.0.0.2:

56databytes,pressCTRL_Ctobreak

Replyfrom14.0.0.2:

bytes=56Sequence=1ttl=254time=40ms

Replyfrom14.0.0.2:

bytes=56Sequence=2ttl=254time=30ms

Replyfrom14.0.0.2:

bytes=56Sequence=3ttl=254time=5ms

Replyfrom14.0.0.2:

bytes=56Sequence=4ttl=254time=30ms

Replyfrom14.0.0.2:

bytes=56Sequence=5ttl=254time=5ms

---14.0.0.2pingstatistics---

5packet（s）transmitted

5packet（s）received

0.00%packetloss

round-tripmin/avg/max=5/22/40ms

SW2：

[SW2]iproute-static14.0.0.0255.255.255.0192.168.3.1

测试结果：

[SW2]ping-a20.0.0.114.0.0.2

PING14.0.0.2:

56databytes,pressCTRL_Ctobreak

Replyfrom14.0.0.2:

bytes=56Sequence=1ttl=254time=4ms

Replyfrom14.0.0.2:

bytes=56Sequence=2ttl=254time=15ms

Replyfrom14.0.0.2:

bytes=56Sequence=3ttl=254time=30ms

Replyfrom14.0.0.2:

bytes=56Sequence=4ttl=254time=24ms

Replyfrom14.0.0.2:

bytes=56Sequence=5ttl=254time=30ms

---14.0.0.2pingstatistics---

5packet（s）transmitted

5packet（s）received

0.00%packetloss

round-tripmin/avg/max=4/20/30ms

2.3、为RT2配置IP地址

[RT2]intG0/0/0

[RT2-GigabitEthernet0/0/0]ipadd14.0.0.224

三、公网互通

TR1：

[RT1]intG0/0/3

[RT1-GigabitEthernet0/0/3]ipadd12.0.0.124

[RT1]iproute-static23.0.0.0255.255.255.012.0.0.2

RT3:

建IP地址：

[RT3]intG0/0/0

[RT3-GigabitEthernet0/0/0]ipadd12.0.0.224

[RT3-GigabitEthernet0/0/0]intG0/0/1

[RT3-GigabitEthernet0/0/1]ipadd23.0.0.224

RT4:

[RT4]intG0/0/0

[RT4-GigabitEthernet0/0/0]ipadd23.0.0.324

[RT4-GigabitEthernet0/0/0]intG0/0/1

[RT4-GigabitEthernet0/0/1]ipadd40.0.0.124

[RT4-GigabitEthernet0/0/1]qu

[RT4]iproute-static12.0.0.1255.255.255.023.0.0.2

测试结果：

[RT1]ping-a12.0.0.123.0.0.3

PING23.0.0.3:

56databytes,pressCTRL_Ctobreak

Replyfrom23.0.0.3:

bytes=56Sequence=1ttl=254time=21ms

Requesttimeout

Replyfrom23.0.0.3:

bytes=56Sequence=4ttl=254time=10ms

Replyfrom23.0.0.3:

bytes=56Sequence=5ttl=254time=10ms

---23.0.0.3pingstatistics---

5packet（s）transmitted

3packet（s）received

40.00%packetloss

round-tripmin/avg/max=10/13/21ms

四、建IPSEC、VPN

建立ipsec和VPN

RT4

创建acl

[RT4]aclnumber3000

[RT4-acl-adv-3000]rulepermitipsource40.0.0.00.0.0.255destination30.0.0.00.0.0.255

创建ipsecproposal（安全提议）

[RT4]ipsecproposalr1

[RT4-ipsec-proposal-r1]transformesp

[RT4-ipsec-proposal-r1]espauthentication-algorithmsha1

[RT4-ipsec-proposal-r1]espencryption-algorithm3des

[RT4-ipsec-proposal-r1]encapsulation-modetunnel

创建ike

[RT4]ikepeerr3

[RT4-ike-peer-r3]pre-shared-key123

[RT4-ike-peer-r3]remote-address12.0.0.1

创建ipspolicy（创建IP安全策略）

[RT4]ipspolicy110isakmp

[RT4-ipsec-policy-isakmp-1-10]securityacl3000

[RT4-ipsec-policy-isakmp-1-10]ike-peerr3

[RT4-ipsec-policy-isakmp-1-10]proposalr1

将安全策略应用到指定端口

[RT4]intg0/0/0

[RT4-GigabitEthernet0/0/0]ipsecpolicy1

RT1：

创建acl

[RT1]aclnumber3000

[RT1-acl-adv-3000]rulepermitipsource30.0.0.00.0.0.255destination40.0.0.00.0.0.255

创建ipsecproposal（安全提议）

[RT1]

展开阅读全文