大型网配置实例.doc-道客多多_道客多多docduoduo.com

资源描述

1、某大型网络的配置实例（的确不错）说明: 这是一个比较综合的实例，从拓扑图上可以看出，它所包含的设备和技术。以下对这个例子作些说明希望能够和各位网友交流。 1.对于内部局域网，选用 Cisco 的 Catalyst 6506 作为中心交换机，二级交换采用 Catalyst 3500，同时为了说明 Trunk，又加了一个 Catalyst 2900 作为三级交换，对于终端连接用了 Catalyst 1900 交换机，这样就可以在 Catalyst 6506与 Catalyst 3500 之间以及 Catalyst 3500 与 Catalyst 2900 之间建立 Trunk，实现跨交换机的 VL

2、AN。注：Catalyst 2900 系列如果要实现 Trunk，软件必须是企业版的，关于类似疑问可以至疑难杂谈栏目。 2.对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了 DDN、 ISDN、 Frame Relay、 E1 线路等。 3.本例给出设备的基本配置。 4.对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由. 5.在本例的帧中继配置中,运用了 IP Unnumbered ,可以节省地址资源, 有兴趣可以注意一下在网关有关操作说明讲行很多，但很少有实例，这个配置例我想对于许多入门的朋友启发不少，我也希望这么的帖子与大家共享

3、和交流一下！配置实例 VLAN 划分问题: 对于交换设备本例中划到 VLAN 1 中, 而对于外连设备的所有以太网端口,均划到VLAN 2 中,下面给出各 VLAN 的名称和网关地址,本例划分 8 个 VLAN. VLAN ID VLAN Name Gateway VLAN 1 Bluestudy 1 10.1.0.1/16 VLAN 2 Bluestudy 2 10.2.0.1/16 VLAN 3 Bluestudy 3 10.3.0.1/16 VLAN 4 Bluestudy 4 10.4.0.1/16 VLAN 5 Bluestudy 5 10.5.0.1/16 VLAN 6 Blues

4、tudy 6 10.6.0.1/16 VLAN 7 Bluestudy 7 10.7.0.1/16 VLAN 8 Bluestudy 8 10.8.0.1/16 Catalyst 6506 的配置 Enter password: enable Enter password: config t set system name Bluestudy set time 10/30/2000 9:30:00 set password set enablepass set interface sc0 10.1.0.2/16 set ip route default 10.1.0.1 set ip dns

5、server 10.1.0.100 set ip dns domain set ip dns enable set vtp domain bluestudy mode server set vlan 1 name Bluestudy 1 set vlan 2 name Bluestudy 2 set vlan 3 name Bluestudy 3 set vlan 4 name Bluestudy 4 set vlan 5 name Bluestudy 5 set vlan 6 name Bluestudy 6 set vlan 7 name Bluestudy 7 set vlan 8 n

6、ame Bluestudy 8 set port negotiation 2/1-8 enable set port name 2/1-8 GEC 802.1Q Trunk set trunk 2/1-8 desirable dot1q set port speed 2/1-8 1000 set vlan 1 3/1-48 对于 6506 的交换机方面的配置只需做出 Trunk 即可 ,因为要实现跨交换机之间的虚网,下面配置 6506 的路由模块,因为 6506 的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15 详情请见 6506 路由设置. Catalyst

7、 6506RSM 模块的配置 (enable) session 15 Trying Router-15. Connected to Router-15. Escape character is . enable configure terminal hostname bluestudy enable password password line vty 0 6 password secret_word ip domain-name ip name-server 10.1.0.100 interface vlan 1 ip address 10.1.0.1 255.255.0.0 no shu

8、tdown interface vlan 2 ip address 10.2.0.1 255.255.0.0 no shutdown interface vlan 3 ip address 10.3.0.1 255.255.0.0 no shutdown interface vlan 4 ip address 10.4.0.1 255.255.0.0 no shutdown interface vlan 5 ip address 10.5.0.1 255.255.0.0 no shutdown interface vlan 6 ip address 10.6.0.1 255.255.0.0 n

9、o shutdown interface vlan 7 ip address 10.7.0.1 255.255.0.0 no shutdown interface vlan 8 ip address 10.8.0.1 255.255.0.0 no shutdown router rip version 2 network 10.0.0.0 ip route 0.0.0.0 0.0.0.0 10.2.0.12 ip route 192.168.2.0 255.255.255.0 10.2.0.13 ip route 192.168.3.0 255.255.255.240 10.2.0.11 ip

10、 route 192.168.4.0 255.255.255.0 10.2.0.11 ip route 192.168.5.0 255.255.255.0 10.2.0.11 ip route 192.168.6.0 255.255.255.0 10.2.0.11 copy running-config startup-config Building configuration. Catalyst 3500 的配置 Catalyst 3500 的配置 ! version 12.0 no service pad service timestamps debug uptime service ti

11、mestamps log uptime service password-encryption ! hostname bluestudy ! enable password password ! username bluestudy password password username test password password ! 省略端口的显示 ! interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/2 !

12、interface VLAN1 ip address 10.1.0.4 255.255.0.0 ip helper-address 10.1.0.100 ip directed-broadcast no ip route-cache ! ip default-gateway 10.1.0.1 interface Ethernet1/1(与 2900 对接) switchport trunk encapsulation dot1q switchport mode trunk ! interface Ethernet1/2(与 1900 A 对接) switchport access VLAN 3

13、 no shut ! interface Ethernet1/3(与 1900 B 对接) switchport access VLAN 4 no shut ! snmp-server engineID local 000000090200000216BE4E80 snmp-server community public RO snmp-server community private RW snmp-server chassis-id 0x17 (打开简单的网络管理，便于以后，Cisco 网管软件识别和管理) ! line con 0 login local transport input

14、none stopbits 1 line vty 0 4 login local line vty 5 15 login ! endCatalyst 2900 的配置 Catalyst 2900 的配置 2900 的配置与 3500 的相似,命令如下 hostname bluestudy ! enable password password ! username bluestudy password password username test password password ! 省略端口的显示 ! interface Ethernet0/1(与 3500 对接) switchport t

15、runk encapsulation dot1q switchport mode trunk ! interface VLAN1 ip address 10.1.0.3 255.255.0.0 ip helper-address 10.1.0.100 ip directed-broadcast no ip route-cache ! ip default-gateway 10.1.0.1 ! interface Ethernet0/2(与 1900 C 对接) switchport access VLAN 5 no shut ! interface Ethernet0/3(与 1900 D 对

16、接) switchport access VLAN 6 no shut ! snmp-server engineID local 000000090200000216BE4E80 snmp-server community public RO snmp-server community private RW snmp-server chassis-id 0x17 ! line con 0 login local transport input none stopbits 1 line vty 0 4 login local line vty 5 15 login ! end Cisco Cat

17、alyst 1900 的配置 Cisco Catalyst 1900 的配置对于 1900 的配置就相对容易得多了只需在 enable 状态下键入 Setup 就会进入配置向导给出交换机的 IP 地址:10.3.0.5 掩码:255.255.0.0 网关:10.3.0.1 就可以了,另外应该打开简单的网络管理协议 SNMP snmp-server community public RO snmp-server community private RW 即可 PIX 520A 的基本配置 PIX Version 4.2(4) nameif ethernet0 outside securit

18、y0 nameif ethernet1 inside security100 enable password password encrypted passwd password encrypted hostname pix_A fixup protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521 names no failover failover timeout 0:00:00

19、 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 pager lines 24 no logging console logging monitor debugging logging buffered debugging no logging trap logging facility 20 interface ethernet0 auto interface ethernet1 auto ip address outside 192.168.0.1 255.255.255.252 ip addre

20、ss inside 10.2.0.13 255.255.0.0 arp timeout 14400 nat (inside ) 0 192.168.0.0 255.255.255.252 rip outside passive no rip outside default no rip inside passive rip inside default route outside 192.168.2.0 255.255.255.0 192.168.0.2 route inside 0.0.0.0 0.0.0.0 10.2.0.1 timeout xlate 3:00:00 conn 1:00:

21、00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolut esnmp-server community public RO snmp-server community private RW telnet 10.2.0.200 255.255.255.255 telnet timeout 15 mtu outside 1500 mtu inside 1500 floodguard 0Cisco 2610A 的配置 Cisco 2610A 的配置 Current configuration: ! ve

22、rsion 11.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 2610A ! enable password password ! username bluestudy password password no ip domain-lookup! ! interface Ethernet0/0 ip address 192.168.0.2 255.255.255.252 no shut ! interface Serial0/0 ip

23、 address 192.168.0.5 255.255.255.252 no shut ! interface Serial0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip route 192.168.2.0 255.255.255.0 192.168.0.6 ! snmp-server community public RO snmp-server community private RW ! line con 0 line aux 0 line vty 0 4 login local ! no sch

24、eduler allocate end Cisco 1603 的配置 Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 1603 ! enable secret password enable password password ! memory-size iomem 25 ip subnet-zero ! interface Serial0 ip address

25、 192.168.0.6 255.255.255.252 no ip directed-broadcast ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 no ip unreachables no ip directed-broadcast ! ip classless ip route 0.0.0.0 0.0.0.0 s0 no ip http server ! snmp-server community public RO snmp-server community private RW ! line con 0 pa

26、ssword password transport input none line aux 0 line vty 0 4 password password login ! no scheduler allocate end PIX 520B 的基本配置 PIX Version 4.2(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password password encrypted passwd password encrypted hostname pix520_B fix

27、up protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521 names no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 pager lines 24 no logging console no logging m

28、onitor no logging buffered no logging trap logging facility 20 interface ethernet0 auto interface ethernet1 auto ip address outside 202.108.66.97 255.255.255.248 ip address inside 10.2.0.12 255.255.0.0 arp timeout 14400 global (outside) 1 202.108.66.100 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 no rip outs

29、ide passive no rip outside default no rip inside passive no rip inside default route outside 0.0.0.0 0.0.0.0 202.109.77.98 timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute no snmp-server location no snmp-server contact snmp-server communi

30、ty public no snmp-server enable traps telnet 10.2.0.200 255.255.255.255 telnet timeout 15 mtu outside 1500 mtu inside 1500 floodguard 0 Cisco 2610B 的配置 Current configuration: ! version 11.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 2610B ! e

31、nable password password ! username bluestudy password password no ip domain-lookup! ! interface Ethernet0/0 ip address 202.108.66.98 255.255.255.248 no shut ! interface Serial0/0 ip address 202.108.8.1 255.255.255.252 no shut ! interface Serial0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 20

32、2.108.8.2 ! snmp-server community public RO snmp-server community private RW ! line con 0 line aux 0 line vty 0 4 login local ! no scheduler allocate end Cisco 2610c 的配置 version 11.2 service udp-small-servers service tcp-small-servers ! hostname 2610C ! enable secret cisco ! ip subnet-zero no ip dom

33、ain-lookup ! ip address-pool local isdn switch-type basic-net3 interface Ethernet0 ip address 10.2.0.11 255.255.0.0 ! interface Serial0 no ip address encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial0.1 point-to-point description Frame Relay to bluestudy1 ip unnumbered Ethernet0

34、 frame-relay interface-dlci 10 ! interface Serial0.2 point-to-point description Frame Relay to bluestudy2 ip unnumbered Ethernet0 frame-relay interface-dlci 11 ! interface BRI1/0 no ip address shutdown isdn switch-type basic-net3 ! interface BRI1/1 ip address 192.168.3.1 255.255.255.240 encapsulatio

35、n ppp timeout absolute 60 0 dialer idle-timeout 3600 dialer-group 1 isdn switch-type basic-net3 peer default ip address pool default ppp authentication chap pap callin ! interface BRI1/2 no ip address encapsulation ppp shutdown isdn switch-type basic-net3 ! interface BRI1/3 no ip address encapsulati

36、on ppp shutdown isdn switch-type basic-net3 no peer default ip address ! ip local pool default 192.168.3.3 192.168.3.14 ip http server ip classless ip route 192.168.5.0 255.255.255.0 serial0.1 ip route 192.168.4.0 255.255.255.0 serial0.2 ip route 0.0.0.0 0.0.0.0 10.2.0.1 ! access-list 1 permit any d

37、ialer-list 1 protocol ip list 1 line con 0 password console login line aux 0 line vty 0 4 password telnet login ! end Cisco 1720A 的配置 version 11.2 service udp-small-servers service tcp-small-servers hostname bluestudy1 ! enable secret cisco ! ip subnet-zero no ip domain-lookup ! interface Fastethern

38、et0 ip address 192.168.5.1 255.255.255.0 ! interface Serial0 no ip address encapsulation frame-relay ! interface Serial0.1 point-to-point description Frame Relay to bluestudy ip unnumbered Ethernet0 frame-relay interface-dlci 10 ! ip http server ip classless ip route 0.0.0.0 0.0.0.0 serial0.1 ! line

39、 con 0 password console login line aux 0 line vty 0 4 password bluestudy1 login ! end Cisco 1720B 的配置 version 11.2 service udp-small-servers service tcp-small-servers hostname bluestudy1 ! enable secret cisco ! ip subnet-zero no ip domain-lookup ! interface Fastethernet0 ip address 192.168.4.1 255.2

40、55.255.0 ! interface Serial0 no ip address encapsulation frame-relay ! interface Serial0.1 point-to-point description Frame Relay to bluestudy ip unnumbered Ethernet0 frame-relay interface-dlci 11 ! ip http server ip classless ip route 0.0.0.0 0.0.0.0 serial0.1 ! line con 0 password console login line aux 0 line vty 0 4 password bluestudy2 login ! end

展开阅读全文