思科校园网搭建及配置综合小型实验
2024-01-03 14:43:15
思科校园网搭建及配置综合小型实验
实验拓扑
配置步骤
配置聚合链路
hostname Core_SW1
!
interface Port-channel1 // 进入聚合接口
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
!
interface range FastEthernet0/8-9 //进入多个接口视图下
channel-group 1 mode on //绑定聚合端口
hostname Core_SW2
!
interface Port-channel1 // 进入聚合接口
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
!
interface range FastEthernet0/8-9 //进入多个接口视图下
channel-group 1 mode on //绑定聚合端口
配置VTP,vlan域模板
core_sw1
vtp domain sike //配置vtp域
vtp mode server //服务器模式
vtp password 123456 //认证密码
core_sw2
vtp domain sike //配置vtp域
vtp mode client //服务器模式
vtp password 123456 //认证密码
//sw1--->sw6都需要配置以上命令,才可以正常从core_sw1上获取相应的vlan
//show vtp status:查看交换机vtp配置模式
第一步 配置二层VLAN
core_sw1
vlan10
vlan20
vlan30
vlan40
vlan50
vlan60
vlan70
!
interface range FastEthernet0/8-9 //进入多个接口视图下
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
!
interface range FastEthernet0/2-7 //进入多个接口视图下
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
core_sw2
interface range FastEthernet0/8-9 //进入多个接口视图下
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
!
interface range FastEthernet0/2-7 //进入多个接口视图下
switchport trunk encapsulation dot1q //改变封装模式
switchport mode trunk //接口模式改变为trunk
!
interface FastEthernet0/10
switchport access vlan 70 //将接口划入vlan70
switchport mode access //接口模式改变为access
hostname SW_1
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
SW2
hostname SW_2
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
SW3
hostname SW_3
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
SW4
hostname SW_4
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 40
switchport mode access
SW5
hostname SW_5
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 50
switchport mode access
SW6
hostname SW_6
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 60
switchport mode access
第二步 配置生成树
core_sw1
spanning-tree mode pvst //生成树模式为pvst 思科私有协议
spanning-tree vlan 10,20,30 priority 24576 //配置成vlan10 20 30 的主根桥
spanning-tree vlan 40,50,60 priority 28672 //配置成vlan40 50 60 为次根桥
core_sw2
spanning-tree mode pvst
spanning-tree vlan 40,50,60 priority 24576
spanning-tree vlan 10,20,30 priority 28672
show spanning-tree active //查看交换机生成树根位置
第三步 配置相关IP地址
core_sw1
!
ip routing //思科交换机配置IP地址,一定要启用路由功能
!
interface FastEthernet0/1
no switchport //启用接口
ip address 192.168.2.2 255.255.255.0
!
interface Vlan10
ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
!
interface Vlan30
ip address 192.168.30.254 255.255.255.0
!
interface Vlan40
ip address 192.168.40.254 255.255.255.0
!
interface Vlan50
ip address 192.168.50.254 255.255.255.0
!
interface Vlan60
ip address 192.168.60.254 255.255.255.0
core_sw2
!
ip routing
!
interface FastEthernet0/1
no switchport
ip address 192.168.3.2 255.255.255.0
!
interface Vlan10
ip address 192.168.10.253 255.255.255.0
!
interface Vlan20
ip address 192.168.20.253 255.255.255.0
!
interface Vlan30
ip address 192.168.30.253 255.255.255.0
!
interface Vlan40
ip address 192.168.40.253 255.255.255.0
!
interface Vlan50
ip address 192.168.50.253 255.255.255.0
!
interface Vlan60
ip address 192.168.60.253 255.255.255.0
!
interface Vlan70
ip address 192.168.70.252 255.255.255.0
FW1
hostname FW1
!
interface GigabitEthernet1/1
nameif untrust //划入到那个区域
security-level 0 //区域等级,大的可以访问小的
ip address 192.168.4.2 255.255.255.0
!
interface GigabitEthernet1/2
nameif trust_1
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif trust_2
security-level 100
ip address 192.168.3.1 255.255.255.0
CK_Router 出口路由器
hostname CK-Router
!
interface GigabitEthernet0/0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0/0/0
ip address 200.10.10.1 255.255.255.252
clock rate 64000 //思科串行链路中,这个时钟配置一定要做
ISP
hostname ISP-R
!
interface FastEthernet0/0
ip address 200.10.20.1 255.255.255.240
!
interface Serial0/2/0
ip address 200.10.10.2 255.255.255.252
第四步 配置DHCP及DHCP中继
core_sw1
interface Vlan 20,30,40,50,60
ip helper-address 192.168.10.1
//这种是使用DHCP服务器来进行配置的,相对简单很多 下次分享出使用路由器来做DHCP的方法
core_sw2
//上同
-
服务器配置IP地址
-
配置DHCP地址池
-
完成后点击保存,然后查看PC是否都可以正确的获得到IP地址
第五步 配置三层的网关冗余协议 双机热备及OSPF
core_sw1
!
interface Vlan10
standby 10 ip 192.168.10.252 //配置双机热备(类似华为的vrrp) 思科的默认优先级也是100
standby 10 priority 120 //配置优先级
standby 10 preempt //配置抢占模式
standby 10 track FastEthernet0/1 //检查上层接口是否还可用
!
interface Vlan20
standby 20 ip 192.168.20.252
standby 20 priority 120
standby 20 preempt
standby 20 track FastEthernet0/1
!
interface Vlan30
standby 30 ip 192.168.30.252
standby 30 priority 120
standby 30 preempt
standby 30 track FastEthernet0/1
!
interface Vlan40
standby 40 ip 192.168.40.252
standby 40 track FastEthernet0/1
!
interface Vlan50
standby 50 ip 192.168.50.252
standby 50 track FastEthernet0/1
!
interface Vlan60
standby 60 ip 192.168.60.252
standby 60 track FastEthernet0/1
!
router ospf 10
network 192.168.2.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 192.168.60.0 0.0.0.255 area 0
core_sw2
interface Vlan10
standby 10 ip 192.168.10.252
standby 10 track FastEthernet0/1
!
interface Vlan20
standby 20 ip 192.168.20.252
standby 20 track FastEthernet0/1
!
interface Vlan30
standby 30 ip 192.168.30.252
standby 30 track FastEthernet0/1
!
interface Vlan40
standby 40 ip 192.168.40.252
standby 40 priority 120
standby 40 preempt
standby 40 track FastEthernet0/1
!
interface Vlan50
standby 50 ip 192.168.50.252
standby 50 priority 120
standby 50 preempt
standby 50 track FastEthernet0/1
!
interface Vlan60
standby 60 ip 192.168.60.252
standby 60 priority 120
standby 60 preempt
standby 60 track FastEthernet0/1
!
router ospf 10
network 192.168.3.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 192.168.60.0 0.0.0.255 area 0
network 192.168.70.0 0.0.0.255 area 0
FW
router ospf 10
network 192.168.2.0 255.255.255.0 area 0
network 192.168.3.0 255.255.255.0 area 0
network 192.168.4.0 255.255.255.0 area 0
CK_Router 出口路由
router ospf 10
network 192.168.4.0 0.0.0.255 area 0
default-information originate //路由器可以给下面的设备下发默认路由
//show ip ospf neighbor 查看OSPF邻居关系
第六步 配置静态路由,NAT地址转换及其他配置完善
- 配置防火墙的其他放行的相关命令
access-list fangxing extended permit ip any any
!
access-group fangxing in interface trust_1
access-group fangxing out interface trust_1
access-group fangxing in interface trust_2
access-group fangxing out interface trust_2
- 配置NAT地址转换
CK_Router
!
interface GigabitEthernet0/0
ip nat inside
!
interface Serial0/0/0
ip nat outside
!
access-list 1 permit any //前缀列表匹配所有的地址
!
//
ip nat pool DZC 200.10.10.1 200.10.10.1 netmask 255.255.255.252 //配置地址池
ip nat inside source list 1 pool DZC overload //(端口转换) 使用地址池的地址进行nat转换
//做一个NAT地址一对一映射
ip nat inside source static udp 192.168.10.2 53 200.10.10.100 53
ip route 0.0.0.0 0.0.0.0 200.10.10.2 //写默认路由,访问外网
//show ip nat translations 查看nat转换记录
- 由于需要做公网的一对一映射,这里ISP就需要写一条默认路由指向自己的网关
ip route 200.10.10.100 255.255.255.255 200.10.10.1
-
至此内网的设备已经可以全部访问到公网了,自行测试
-
配置让设备可以telnet
core_sw1
line vty 0 4
password wml
privilege level 15
core_sw2
line vty 0 4
password wml
privilege level 15
FW
line vty 0 4
password wml
privilege level 15
优化配置
让食堂不能访问 服务器,教学楼,办公楼,图书馆
core sw2上
access-list 101 deny ip 源ip 反掩码 目标ip 反掩码
access-list 101 permit ip any any 思科默认是拒绝所有的,其他没有匹配上以上规则的则全部放行
进入到接口 int vlan 50
ip access-group 101 in 进方向调入此规则
配置测试
PC都可以正确获取到ip地址并且可以访问外网用户
PC可以通过域名访问百度服务器
- 一定要配置正确的DNS地址,并且确保DNS服务器是打开并且正常配置的
所有PC之间都可以互相通信
- 其他PC可自行测试
其他说明
-
无线路由器需要手动配置ip地址用于和上联通信
-
配置无线路由器的wifi名称和密码
-
笔记本需要配置无线网卡,才可以连接无线网
-
笔记本连接无线
文章来源:https://blog.csdn.net/qq_33794290/article/details/135356271
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!