搜索

热门关键字: WINDOWS 操作系统 局域网 搜索引擎 网站推广 windows7 虚拟主机 域名注册
当前位置: 主页 > 网络知识 > CISCO技术 > Cisco认证:三层网络案例分析

Cisco认证:三层网络案例分析

时间:2009-11-6来源:互联网 点击:

  目的:让不同的vlan 之间可以互相通讯。
  IP规划
  vlna ID ip网段vlan网关
  vlan 1 172.16.1.0/24 172.16.1.7-9 vlan 2 172.16.2.0/24 172.16.2.252-254 vlan 3 172.16.3.0/24 172.16.3.252-254 vlan 4 172.16.4.0/24 172.16.4.252-254 vlan 5 172.16.5.0/24 172.16.5.252-254 vlan 6 172.16.6.0/24 172.16.6.252-254 vlan 7 172.16.7.0/24 172.16.7.252-254 vlan 8 172.16.8.0/24 172.16.8.252-254 vlan 9 172.16.9.0/24 172.16.9.252-254
  路由器配置
  一、cisco路由器配置:
  Enable
  Configure terminal
  Service password-encryption
  Hostname cisco1721
  Enable secret 654321
  Enable password 123456
  ip subnet-zero
  ip name-server 202.96.134.133 202.96.172.218
  interface fastethernet 0
  ip address 61.142.221.5 255.255.255.240
  speed auto
  no shutdown
  interface serial 0
  ip unnumbered fastethernet 0
  encapsulation ppp
  no fair-queue
  bandwidth 2048
  no shutdown
  exit
  ip classless
  ip route 0.0.0.0 0.0.0.0 serial 0
  no ip http server
  line con 0
  line aux 0
  line vty 0 4
  password 12345678
  login
  no scheduler allocate
  end
  copy running-config startup-config
  reload
  请注意NAT等是在防火墙设置的。
  防火墙配置
  Enable
  Config t
  Interface ethernet0 100full
  Interface ethernet1 100full
  Interface ethernet2 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security50
  Enable password 654321 encrypted
  Password 123456 encrypted
  Hostname pix515e
  Domain-name abc.com
  Fixup protocol pop3 110
  Names
  Object-group service DMZ tcp
  Port-object eq https
  Port-object eq www
  Port-object eq smtp
  Port-object eq pop3
  Port-object eq ftp
  Access-list outside permit tcp any 61.142.221.0 255.255.255.240 object-group DMZ Ip address outside 61.142.221.6 255.255.255.240 Ip address inside 172.16.9.250 255.255.255.0 Ip address DMZ 172.18.1.254 255.255.255.0 Global (outside) 1 61.142.221.1-61.142.221.4 netmask 255.255.255.0
  Global(outside)1 interface
  Nat (inside) 1 172.16.0.0 255.255.0.0 Static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 Static (DMZ,outside) 61.142.221.8 172.18.1.8 netmask 255.255.255.2555 Static (DMZ,outside) 61.142.221.9 172.18.1.9 netmask 255.255.255.2555 Static (DMZ,outside) 61.142.221.10 172.18.1.10 netmask 255.255.255.2555
  Access-group outside in interface outside
  Route outside 0.0.0.0 0.0.0.0 61.142.221.5 Route inside 172.16.0.0 255.255.0.0 172.16.9.254
  http server enable
  http 172.16.0.0 255.255.0.0 inside telnet 172.16.0.0 255.255.0.0 inside ssh 172.16.0.0 255.255.0.0 inside
  交换机配置
  一、Catalyst 4006-s3交换机配置:
  Enable
  Configure terminal
  service pad
  service password-encryption
  hostname c4006-s3
  enable password 123456.
  Enable secret 654321
  Ip subnet-zero
  Ip name-server 172.16.8.1 172.16.8.2
  ip routing
  Exit
  Vlan database
  Vtp mode server
  Vtp domain centervtp
  Vlan 2 name vlan2
  Vlan 3 name vlan3
  Vlan 4 name vlan4
  Vlan 5 name vlan5
  Vlan 6 name vlan6
  Vlan 7 name vlan7
  Vlan 8 name vlan8
  Vlan 9 name vlan9
  Exit

站长资讯网
. TAG: CISCO 网络 认证
推荐内容最近更新人气排行
关于我们 | 友情链接 | 网址推荐 | 常用资讯 | 网站地图 | RSS | 留言

站长资讯网 做中国最丰富的资讯网站 沪ICP备05004089号