构建小型网络配置实例
小弟最近搭建一个公司网,有什么不足的地方,望前辈多指点下,谢谢R1配置
en
conf t
int f0/0
ip add 10.254.2.2 255.255.255.252
no shu
int f1/0
ip add 10.254.2.10 255.255.255.252
no shu
int s2/0
ip add 10.20.254.1 255.255.255.252
no shu
exit
router ospf 1
router-id 1.1.1.1
network 10.20.254.0 0.0.0.3 area 1
network 10.254.2.0 0.0.0.3 area 0
network 10.254.2.8 0.0.0.3 area 0
R2配置
en
conf t
int s1/0
ip add 10.20.254.2 255.255.255.252
no shu
int f0/0
ip add 10.20.8.254 255.255.255.0
no shu
exit
router ospf 1
router-id 2.2.2.2
network 10.20.8.0 0.0.0.255 area 1
network 10.20.254.0 0.0.0.3 area 1
R3配置
en
conf t
int f0/0
ip add 210.142.47.45 255.255.255.252
no shu
int f1/0
ip add 219.44.5.21 255.255.255.252
no shu
R4配置
en
conf t
int f0/0
ip add 10.100.88.1 255.255.255.0
no shu
exit
no ip routing
ip default-gateway 10.100.88.254
S1配置
en
conf t
int ra f0/2 - 3
sw mo tr
int ra f0/14 - 15
sw mo tr
channel-group 1 mode on
end
vlan da
vtp domain aa
vtp server
vlan 22
vlan 101
vlan 33
exit
conf t
int vlan 101
ip add 10.10.101.252 255.255.255.0
no shu
standby 101 ip 10.10.101.254
standby 101 priority 200
standby 101 preempt
standby 101 tr f0/0
int vlan 33
ip add 10.10.33.252 255.255.255.0
no shu
standby 33 ip 10.10.33.254
standby 33 priority 200
standby 33 preempt
standby 33 tr f0/0
int vlan 22
ip add 219.44.6.28 255.255.255.240
no shu
standby 22 ip 219.44.6.30
standby 22 preempt
exit
spanning-tree vlan 101 root primary
spanning-tree vlan 33 root primary
spanning-tree vlan 22 root secondary
int f0/0
no sw
ip address 10.10.254.1 255.255.255.252
no shu
int f0/1
no sw
ip address 10.254.2.1 255.255.255.252
no shu
exit
ip route 0.0.0.0 0.0.0.0 10.10.254.2
router ospf 1
S2配置
en
conf t
int ra f0/2 - 3
sw mo tr
int ra f0/14 - 15
sw mo tr
channel-group 1 mode on
end
vlan da
vtp domain aa
vtp client
exit
conf t
int vlan 101
ip add 10.10.101.253 255.255.255.0
no shu
standby 101 ip 10.10.101.254
standby 101 preempt
int vlan 33
ip add 10.10.33.253 255.255.255.0
no shu
standby 33 ip 10.10.33.254
standby 33 preempt
int vlan 22
ip add 219.44.6.29 255.255.255.240
no shu
standby 22 ip 219.44.6.30
standby 22 priority 200
standby 22 preempt
standby 22 tr f0/0
exit
spanning-tree vlan 22 root primary
spanning-tree vlan 101 root secondary
spanning-tree vlan 33 root secondary
int f0/0
no sw
ip address 10.10.254.5 255.255.255.252
no shu
int f0/1
no sw
ip address 10.254.2.9 255.255.255.252
no shu
exit
ip route 0.0.0.0 0.0.0.0 10.10.254.6
router ospf 1
router-id 4.4.4.4
network 10.10.101.0 0.0.0.255 area 100
network 10.10.254.4 0.0.0.3 area 100
network 10.254.2.8 0.0.0.3 area 0
network 219.44.6.16 0.0.0.15 area 100
area 100 nssa
default-information originate metric 10 metric-type 1
redistribute connected subnets metric-type 1
exit
S3配置
en
conf t
int f0/15
sw mo tr
end
vlan da
vtp domain bb
vtp server
vlan 88
vlan 55
exit
conf t
int f0/2
sw acc vlan 88
int f0/3
sw acc vlan 55
int f0/0
sw acc vlan 55
int f0/1
sw acc vlan 88
exit
S4配置
en
conf t
int f0/15
sw mo tr
end
vlan da
vtp domain bb
vtp client
exit
conf t
int f0/0
sw acc vlan 88
int vlan 55
ip add 10.10.55.32 255.255.255.0
no shu
exit
S5配置
en
conf t
int ra f0/1 - 2
sw mo tr
end
vlan da
vtp domain aa
vtp client
exit
conf t
int f0/3
sw acc vlan 101
end
S6配置
en
conf t
int ra f0/1 - 2
sw mo tr
end
vlan da
vtp domain aa
vtp client
exit
conf t
int f0/3
sw acc vlan 33
int f0/4
sw acc vlan 22
end
ASA1配置
en
conf t
int e0/1
nameif inside
ip add 10.100.88.254 255.255.255.0
no shu
int e0/0
nameif outside
ip add 210.142.47.46 255.255.255.252
no shu
exit
route outside 0 0 210.142.47.45
access-list 100 permit icmp any any
access-group 100 in int outside
nat (inside) 1 0 0
global (outside) 1 int
nat (inside) 0 access-list 100
cry is enable outside
cry is policy 1
authentication pre-share
enc aes
hash md5
group 2
exit
cry is key cisco add 219.44.5.22
access-list 101 extended permit ip 10.100.88.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 101 extended permit ip 10.100.88.0 255.255.255.0 10.10.88.0 255.255.255.0
crypto ipsec transform-set ciscoset esp-aes esp-md5-hmac
crypto map ciscomap 1 match address 101
crypto map ciscomap 1 set peer 219.44.5.22
crypto map ciscomap 1 set transform-set ciscoset
crypto map ciscomap interface outside
crypto isakmp enable outside
nat (inside) 0 access-list 101
ASA2配置
en
conf t
int e0/0
nameif outside
ip add 219.44.5.22 255.255.255.252
no shu
int e0/4
nameif inside1
security-level 100
ip add 10.10.254.2 255.255.255.252
no shu
int e0/3
nameif inside2
security-level 100
ip add 10.10.254.6 255.255.255.252
no shu
int e0/1
nameif dmz1
security-level 50
ip add 10.10.55.254 255.255.255.0
no shu
int e0/2
nameif dmz2
security-level 50
ip add 10.10.88.254 255.255.255.0
no shu
exit
route outside 0.0.0.0 0.0.0.0 219.44.5.21 1
route inside2 10.10.0.0 255.255.0.0 10.10.254.5 1
route inside1 10.10.0.0 255.255.0.0 10.10.254.1 100
route inside1 10.10.1.0 255.255.255.0 10.10.254.1 1
route inside2 10.10.1.0 255.255.255.0 10.10.254.5 100
route inside2 10.10.33.0 255.255.255.0 10.10.254.5 1
route inside1 10.10.33.0 255.255.255.0 10.10.254.1 100
route inside1 10.10.101.0 255.255.255.0 10.10.254.1 1
route inside2 10.10.101.0 255.255.255.0 10.10.254.5 100
route inside1 10.20.0.0 255.255.0.0 10.10.254.1 1
route inside2 10.20.0.0 255.255.0.0 10.10.254.5 100
route inside2 219.44.6.16 255.255.255.240 10.10.254.5 1
route inside1 219.44.6.16 255.255.255.240 10.10.254.1 100
access-list 100 permit icmp any any
access-group 100 in interface outside
access-group 100 in interface dmz1
access-group 100 in interface dmz2
nat (inside1) 1 0 0
nat (inside2) 1 0 0
global (outside) 1 int
nat (inside1) 0 access-list 100
access-list 110 permit ip 10.20.8.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.20.8.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.101.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.101.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.33.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.33.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 219.44.6.16 255.255.255.240 10.10.55.0 255.255.255.0
access-list 110 permit ip 219.44.6.16 255.255.255.240 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.254.0 255.255.255.252 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.254.4 255.255.255.252 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.254.0 255.255.255.252 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.254.4 255.255.255.252 10.10.88.0 255.255.255.0
nat (inside1) 0 access-list 110
cry is enable outside
cry is policy 1
authentication pre-share
enc aes
hash md5
group 2
exit
cry is key cisco add 210.142.47.46
access-list 101 extended permit ip 10.10.88.0 255.255.255.0 10.100.88.0 255.255.255.0
access-list 101 extended permit ip 10.10.55.0 255.255.255.0 10.100.88.0 255.255.255.0
crypto ipsec transform-set ciscoset esp-aes esp-md5-hmac
crypto map ciscomap 1 match address 101
crypto map ciscomap 1 set peer 210.142.47.46
crypto map ciscomap 1 set transform-set ciscoset
crypto map ciscomap interface outside
crypto isakmp enable outside
username cisco password cisco
webvpn
enable outside
svc image disk0:/sslclient-win-1.1.3.173.pkg
svc enable
ip local pool vpn_pool 192.168.1.1-192.168.1.200
access-list split_tunnel permit ip 10.10.88.0 255.255.255.0 any
access-list split_tunnel permit ip 10.10.55.0 255.255.255.0 any
group-policy vpn_group_policy internal
group-policy vpn_group_policy attributes
vpn-tunnel-protocol webvpn svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
webvpn
svc ask enable
exit
exit
tunnel-group vpn_group type webvpn
tunnel-group vpn_group general-attributes
address-pool vpn_pool
default-group-policy vpn_group_policy
tunnel-group vpn_group webvpn-attributes
group-alias groups enable
webvpn
tunnel-group-list enable
ACL配置综合
access-list 110 permit ip 10.20.8.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.20.8.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.101.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.101.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.33.0 255.255.255.0 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.33.0 255.255.255.0 10.10.88.0 255.255.255.0
access-list 110 permit ip 219.44.6.16 255.255.255.240 10.10.55.0 255.255.255.0
access-list 110 permit ip 219.44.6.16 255.255.255.240 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.254.0 255.255.255.252 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.254.4 255.255.255.252 10.10.55.0 255.255.255.0
access-list 110 permit ip 10.10.254.0 255.255.255.252 10.10.88.0 255.255.255.0
access-list 110 permit ip 10.10.254.4 255.255.255.252 10.10.88.0 255.255.255.0
实际生活中小型企业很少用到ospf admin 发表于 2012-6-15 18:09 static/image/common/back.gif
实际生活中小型企业很少用到ospf
我们这几天正在就业培训,我感觉我们的花架子太多了,好多都不了解
恩恩,好好学基础知识 微机原理闹危机,随机过程随机过,实变函数学十遍,汇编语言不会编! 不要在一棵树上吊死,在附近几棵树上多试试死几次~ 真是 收益 匪浅 纳尼,不懂
页:
[1]