经典的三层网络技术分析

知识贡献 - 浏览360次

伴读书童

经典的三层网络技术分析

经典的三层网络案例分析。

目的：让不同的vlan 之间可以互相通讯。

IP规划
vlna ID ip网段 vlan网关
vlan 1 172.16.1.0/24 172.16.1.7-9
vlan 2 172.16.2.0/24 172.16.2.252-254
vlan 3 172.16.3.0/24 172.16.3.252-254
vlan 4 172.16.4.0/24 172.16.4.252-254
vlan 5 172.16.5.0/24 172.16.5.252-254
vlan 6 172.16.6.0/24 172.16.6.252-254
vlan 7 172.16.7.0/24 172.16.7.252-254
vlan 8 172.16.8.0/24 172.16.8.252-254
vlan 9 172.16.9.0/24 172.16.9.252-254

路由器配置

一、cisco路由器配置：
Enable
Configure terminal
Service password-encryption
Hostname cisco1721
Enable secret 654321
Enable password 123456
ip subnet-zero
ip name-server 202.96.134.133 202.96.172.218
interface fastethernet 0
ip address 61.142.221.5 255.255.255.240
speed auto
no shutdown
interface serial 0
ip unnumbered fastethernet 0
encapsulation ppp
no fair-queue
bandwidth 2048
no shutdown
exit
ip classless
ip route 0.0.0.0 0.0.0.0 serial 0
no ip http server
line con 0
line aux 0
line vty 0 4
password 12345678
login
no scheduler allocate
end
copy running-config startup-config
reload
请注意NAT等是在防火墙设置的．

防火墙配置

Enable
Config t
Interface ethernet0 100full
Interface ethernet1 100full
Interface ethernet2 100full

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50

Enable password 654321 encrypted
Password 123456 encrypted
Hostname pix515e
Domain-name abc.com
Fixup protocol pop3 110
Names

Object-group service DMZ tcp
Port-object eq https
Port-object eq www
Port-object eq smtp
Port-object eq pop3
Port-object eq ftp
Access-list outside permit tcp any 61.142.221.0 255.255.255.240 object-group DMZ
Ip address outside 61.142.221.6 255.255.255.240
Ip address inside 172.16.9.250 255.255.255.0
Ip address DMZ 172.18.1.254 255.255.255.0
Global (outside) 1 61.142.221.1-61.142.221.4 netmask 255.255.255.0
Global (outside) 1 interface
Nat (inside) 1 172.16.0.0 255.255.0.0
Static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.255.0.0
Static (DMZ,outside) 61.142.221.8 172.18.1.8 netmask 255.255.255.2555
Static (DMZ,outside) 61.142.221.9 172.18.1.9 netmask 255.255.255.2555
Static (DMZ,outside) 61.142.221.10 172.18.1.10 netmask 255.255.255.2555
Access-group outside in interface outside
Route outside 0.0.0.0 0.0.0.0 61.142.221.5
Route inside 172.16.0.0 255.255.0.0 172.16.9.254
http server enable
http 172.16.0.0 255.255.0.0 inside
telnet 172.16.0.0 255.255.0.0 inside
ssh 172.16.0.0 255.255.0.0 inside

交换机配置

一、Catalyst 4006-s3交换机配置：
Enable
Configure terminal
service pad
service password-encryption
hostname c4006-s3
enable password 123456.
Enable secret 654321
Ip subnet-zero
Ip name-server 172.16.8.1 172.16.8.2
ip routing
Exit
Vlan database
Vtp mode server
Vtp domain centervtp
Vlan 2 name vlan2
Vlan 3 name vlan3
Vlan 4 name vlan4
Vlan 5 name vlan5
Vlan 6 name vlan6
Vlan 7 name vlan7
Vlan 8 name vlan8
Vlan 9 name vlan9
Exit

Configure terminal
Interface port-channel 1
Interface gigabitethernet 2/1
channel-group 1 mode on
Interface gigabitethernet 2/2
channel-group 1 mode on
Interface gigabitethernet 2/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

interface gigabitethernet 2/3
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

interface gigabitethernet 2/4
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

interface gigbitethernet 2/5
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

interface gigbitethernet 2/6
switchport mode trunk
switchport trunk encapsulation dotlq
switchprot trunk allowed vlan all

interface gigbitethernet 2/7
switchport access vlan 9
no shutdown

interface range gigabitethernet 2/8 ? 20
switchport mode access
switchport access vlan 8
no shutdown
spanning-tree portfast

interface gigabitethernet 3/1
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

interface gigabitethernet 3/2
switchport mode trunk
switchport trunk encapsulation dotlq
switchport trunk allowed vlan all

spanning-tree vlan 1-9 root primary
spanning-tree backbonefast

interface vlan 1
ip address 172.16.1.7 255.255.255.0
no shutdown
standby 1 ip 172.16.1.9
standby 1 priority 110 preempt

interface vlan 2
ip address 172.16.2.252 255.255.255.0
no shutdown
standby 2 ip 172.16.2.254
standby 2 priority 110 preempt
interface vlan 3
ip address 172.16.3.252 255.255.255.0
no shutdown
standby 3 ip 172.16.3.254
standby 3 priority 110 preempt

interface vlan 4
ip address 172.16.4.252 255.255.255.0
no shutdown
standby 4 ip 172.16.4.254
standby 4 priority 110 preempt

interface vlan 5
ip address 172.16.5.252 255.255.255.0
no shutdown
standby 5 ip 172.16.5.254
standby 5 priority 110 preempt