實驗目標
1實現VLAN的統一配置和管理
2配置鏈路備份從而實現網絡的高可用性
3配置OSPF使尋址更高效並選擇最優路徑
4配置NAT實現內部與外部的通訊
5配置IPSEC ***實現站點與站點的安全通訊
配置步鄹
1. 配置VTP實現VLAN的統一配置和管理(配置VTP前要先配置TRUNK口,VTP在服務器上配置)
測試:在客戶端用show vlan-switch
2. 配置PVST(指定主根橋,次根橋,上行鏈路,速端口,以太網通道)
測試:在非根橋上用show spanning-tree bri
3. 在三層交換機上起路由並配置路由接口,配置VLAN的IP(實現不同VLAN間的通信)
4. 配置OSPF
測試:用show ip route
5. 配置HSRP(虛擬IP,優先級,佔先權,端口跟蹤—只有活躍的一方配)
測試:用show standby bri
6. 配置NAT
測試:用show ip nat translation
7. 配置***
相關配置命令
R1
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
host R1
int s0/0
ip add 201.0.0.1 255.255.255.0
no shut
exit
int lo0
ip add 7.7.7 .7 255.255.255.0
no shut
exit
access-list 1 permit 7.7.7 .0 0.0.0.255
route-map fornat permit 10
match ip add 1
exit
ip nat inside source route-map fornat interface s0/0 overload
int s0/0
ip nat outside
exit
int lo0
ip nat inside
exit
ip route 0.0.0 .0 0.0.0.0 s0/0
crypto isakmp enable
crypto isakmp policy 10
hash md5
authentication pre-share
encryption des
exit
crypto isakmp key 0 qqq111,,, address 202.0.0.1
crypto ipsec transform-set for*** esp-des esp-md5-hmac
exit
crypto ipsec profile site2site
set transform-set for***
interface tunnel 0
ip add 5.5.5 .6 255.255.255.0
tunnel source s0/0
tunnel destination 202.0.0.1
tunnel protection ipsec profile site2site
no shut
exit
router ospf 500
network 7.7.7 .7 0.0.0.0 area 2
network 5.5.5 .6 0.0.0.0 area 2
R2
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
host R2
int s0/0
ip add 201.0.0.2 255.255.255.0
clock rate 64000
no shut
exit
int s0/1
ip add 202.0.0.2 255.255.255.0
clock rate 64000
no shut
R3
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
host R3
int s0/1
ip add 202.0.0.1 255.255.255.0
no shut
exit
int lo0
ip add 1.1.1 .1 255.255.255.0
no shut
exit
int s0/0
ip add 192.168.10.9 255.255.255.252
no shut
exit
int f1/0
ip add 192.168.10.1 255.255.255.252
no shut
exit
int f2/0
ip add 192.168.10.5 255.255.255.252
no shut
exit
access-list 1 permit 192.168.0.0 0.0.255.255
route-map fornat permit 10
match ip add 1
exit
ip nat inside source route-map fornat interface s0/1 overload
int s0/1
ip nat outside
exit
int s0/0
ip nat inside
int f1/0
ip nat inside
exit
int f2/0
ip nat inside
exit
ip route 0.0.0 .0 0.0.0.0 s0/1
crypto isakmp enable
crypto isakmp policy 10
hash md5
authentication pre-share
encryption des
exit
crypto isakmp key 0 qqq111,,, address 201.0.0.1
crypto ipsec transform-set for*** esp-des esp-md5-hmac
exit
crypto ipsec profile site2site
set transform-set for***
interface tunnel 0
ip add 5.5.5 .5 255.255.255.0
tunnel source s0/1
tunnel destination 201.0.0.1
tunnel protection ipsec profile site2site
no shut
exit
router ospf 400
network 1.1.1 .1 0.0.0.0 area 0
network 192.168.10.1 0.0.0 .0 area 0
network 192.168.10.5 0.0.0 .0 area 0
network 192.168.10.9 0.0.0 .0 area 1
network 5.5.5 .5 0.0.0.0 area 2
R4
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int s0/0
ip add 192.168.10.10 255.255.255.252
no shut
exit
int lo0
ip add 6.6.6 .6 255.255.255.252
no shut
exit
ip route 0.0.0 .0 0.0.0.0 s0/0
router ospf 300
network 192.168.10.10 0.0.0 .0 area 1
network 6.6.6 .6 0.0.0.0 area 1
sw1
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int range fastethernet 0/1 - 15
swit mode trunk
exit
int f0/0
no sw
ip add 192.168.10.2 255.255.255.252
no shut
end
vlan data
vtp domain test
vtp ser
vtp pass 111111
vtp prun
vlan 2
vlan 3
vlan 4
vlan 5
exit
conf t
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root sec
spanning-tree vlan 4 root primary
spanning-tree vlan 5 root sec
int range f 0/14 - 15
channel-group 1 mode on
exit
int vlan 2
ip add 192.168.2.254 255.255.255.0
no shut
exit
int vlan 3
ip add 192.168.3.254 255.255.255.0
no shut
exit
int vlan 4
ip add 192.168.4.254 255.255.255.0
no shut
exit
int vlan 5
ip add 192.168.5.254 255.255.255.0
no shut
exit
ip route 0.0.0 .0 0.0.0.0 f 0/0
router ospf 100
network 192.168.10.2 0.0.0 .0 area 0
network 192.168.2.254 0.0.0 .0 area 0
network 192.168.3.254 0.0.0 .0 area 0
network 192.168.4.254 0.0.0 .0 area 0
network 192.168.5.254 0.0.0 .0 area 0
exit
int vlan 2
no ip redirects
standby 50 ip 192.168.2.1
standby 50 priority 100
standby 50 preempt
standby 50 track f0/0 20
exit
int vlan 3
no ip redirects
standby 51 ip 192.168.3.1
standby 51 priority 100
standby 51 preempt
standby 51 track f0/0 20
exit
int vlan 4
no ip redirects
standby 52 ip 192.168.4.1
standby 52 priority 100
standby 52 preempt
standby 52 track f0/0 20
exit
int vlan 5
no ip redirects
standby 53 ip 192.168.5.1
standby 53 priority 100
standby 53 preempt
standby 53 track f0/0 20
end
sw2
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int range fastethernet 0/1 - 15
swit mode trunk
exit
int f0/0
no sw
ip add 192.168.10.6 255.255.255.252
no shut
end
vlan data
vtp domain test
vtp ser
vtp pass 111111
vtp prun
vlan 2
vlan 3
vlan 4
vlan 5
exit
conf t
spanning-tree vlan 3 root primary
spanning-tree vlan 2 root sec
spanning-tree vlan 5 root primary
spanning-tree vlan 4 root sec
int range f 0/14 - 15
channel-group 1 mode on
exit
int vlan 2
ip add 192.168.2.253 255.255.255.0
no shut
exit
int vlan 3
ip add 192.168.3.253 255.255.255.0
no shut
exit
int vlan 4
ip add 192.168.4.253 255.255.255.0
no shut
exit
int vlan 5
ip add 192.168.5.253 255.255.255.0
no shut
exit
ip route 0.0.0 .0 0.0.0.0 f 0/0
router ospf 200
network 192.168.10.6 0.0.0 .0 area 0
network 192.168.2.253 0.0.0 .0 area 0
network 192.168.3.253 0.0.0 .0 area 0
network 192.168.4.253 0.0.0 .0 area 0
network 192.168.5.253 0.0.0 .0 area 0
exit
int vlan 2
no ip redirects
standby 50 ip 192.168.2.1
standby 50 priority 90
standby 50 preempt
exit
int vlan 3
no ip redirects
standby 51 ip 192.168.3.1
standby 51 priority 90
standby 51 preempt
exit
int vlan 4
no ip redirects
standby 52 ip 192.168.4.1
standby 52 priority 90
standby 52 preempt
exit
int vlan 5
no ip redirects
standby 53 ip 192.168.5.1
standby 53 priority 90
standby 53 preempt
end
sw3
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int range fastethernet 0/1 - 2
swit mode trunk
end
vlan data
vtp domain test
vtp cli
vtp pass 111111
exit
SW4
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int range fastethernet 0/1 - 2
swit mode trunk
end
vlan data
vtp domain test
vtp cli
vtp pass 111111
exit
SW5
en
config t
no ip http server
no ip domain-loo
line con 0
loggin syn
no exec-t
end
conf t
int range fastethernet 0/1 - 2
swit mode trunk
end
vlan data
vtp domain test
vtp cli
vtp pass 111111
exit