1、iangi 实战推荐:某大型思科网络的配置实例编者按:这是一个比较综合的实例,从拓扑图上可以看出,它所包含的设备和技术。以下对这个例子作些说明希望能够和各位网友交流。 1.对于内部局域网,选用 Cisco 的 Catalyst 6506 作为中心交换机,二级交换采用 Catalyst 3500,同时为了说明 Trunk,又加了一个 Catalyst 2900 作为三级交换,对于终端连接用了 Catalyst 1900 交换机,这样就可以在Catalyst 6506 与 Catalyst 3500 之间以及 Catalyst 3500 与 Catalyst 2900 之间建立 Trunk,实现跨
2、交换机的 VLAN。 注:Catalyst 2900 系列如果要实现 Trunk,软件必须是企业版的,关于类似疑问可以至疑难杂谈栏目。 2.对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了 DDN、 ISDN、 Frame Relay、 E1 线路等。 3.本例给出设备的基本配置。 4.对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由. 5.在本例的帧中继配置中,运用了 IP Unnumbered ,可以节省地址资源,有兴趣可以注意一下 在网关有关*作说明讲行很多,但很少有实例,这个配置例我想对于许多入门的朋友启发不少,我也希望这么的帖
3、子与大家共享和交流一下!配置实例 VLAN 划分问题: 对于交换设备本例中划到 VLAN 1 中,而对于外连设备的所有以太网端口,均划到 VLAN 2 中,下面给出各 VLAN 的名称和网关地址,本例划分 8 个 VLAN. VLAN ID VLAN Name Gateway VLAN 1 Bluestudy 1 10.1.0.1/16 VLAN 2 Bluestudy 2 10.2.0.1/16 VLAN 3 Bluestudy 3 10.3.0.1/16 VLAN 4 Bluestudy 4 10.4.0.1/16 VLAN 5 Bluestudy 5 10.5.0.1/16 VLAN 6
4、 Bluestudy 6 10.6.0.1/16 VLAN 7 Bluestudy 7 10.7.0.1/16 VLAN 8 Bluestudy 8 10.8.0.1/16 Catalyst 6506 的配置 Enter password: enable Enter password: config t set system name Bluestudy set time 10/30/2000 9:30:00 set password set enablepass set interface sc0 10.1.0.2/16 set ip route default 10.1.0.1 set i
5、p dns server 10.1.0.100 set ip dns domain set ip dns enable set vtp domain bluestudy mode server set vlan 1 name Bluestudy 1 set vlan 2 name Bluestudy 2 set vlan 3 name Bluestudy 3 set vlan 4 name Bluestudy 4 set vlan 5 name Bluestudy 5 set vlan 6 name Bluestudy 6 set vlan 7 name Bluestudy 7 set vl
6、an 8 name Bluestudy 8 set port negotiation 2/1-8 enable set port name 2/1-8 GEC 802.1Q Trunk set trunk 2/1-8 desirable dot1q set port speed 2/1-8 1000 set vlan 1 3/1-48 对于 6506 的交换机方面的配置只需做出 Trunk 即可,因为要实现跨交换机之间的虚网,下面配置 6506 的路由模块,因为 6506 的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15 详情请见 6506 路由设置. Cata
7、lyst 6506RSM 模块的配置 (enable) session 15 Trying Router-15. Connected to Router-15. Escape character is . enable configure terminal hostname bluestudy enable password password line vty 0 6 password secret_word ip domain-name ip name-server 10.1.0.100 interface vlan 1 ip address 10.1.0.1 255.255.0.0 no
8、 shutdown interface vlan 2 ip address 10.2.0.1 255.255.0.0 no shutdown interface vlan 3 ip address 10.3.0.1 255.255.0.0 no shutdown interface vlan 4 ip address 10.4.0.1 255.255.0.0 no shutdown interface vlan 5 ip address 10.5.0.1 255.255.0.0 no shutdown interface vlan 6 ip address 10.6.0.1 255.255.0
9、.0 no shutdown interface vlan 7 ip address 10.7.0.1 255.255.0.0 no shutdown interface vlan 8 ip address 10.8.0.1 255.255.0.0 no shutdown router rip version 2 network 10.0.0.0 ip route 0.0.0.0 0.0.0.0 10.2.0.12 ip route 192.168.2.0 255.255.255.0 10.2.0.13 ip route 192.168.3.0 255.255.255.240 10.2.0.1
10、1 ip route 192.168.4.0 255.255.255.0 10.2.0.11 ip route 192.168.5.0 255.255.255.0 10.2.0.11 ip route 192.168.6.0 255.255.255.0 10.2.0.11 copy running-config startup-config Building configuration. OK 这里给出的是单纯的命令行,略去了一些默认状况的设置. Catalyst 3500 的配置 Catalyst 3500 的配置 ! version 12.0 no service pad service
11、timestamps debug uptime service timestamps log uptime service password-encryption ! hostname bluestudy ! enable password password ! username bluestudy password password username test password password ! 省略端口的显示 ! interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk
12、 ! interface GigabitEthernet0/2 ! interface VLAN1 ip address 10.1.0.4 255.255.0.0 ip helper-address 10.1.0.100 ip directed-broadcast no ip route-cache ! ip default-gateway 10.1.0.1 interface Ethernet1/1(与 2900 对接) switchport trunk encapsulation dot1q switchport mode trunk ! interface Ethernet1/2(与 1
13、900 A 对接) switchport access VLAN 3 no shut ! interface Ethernet1/3(与 1900 B 对接) switchport access VLAN 4 no shut ! snmp-server engineID local 000000090200000216BE4E80 snmp-server community public RO snmp-server community private RW snmp-server chassis-id 0x17 (打开简单的网络管理,便于以后,Cisco 网管软件识别和管理) ! line
14、con 0 login local transport input none stopbits 1 line vty 0 4 login local line vty 5 15 login ! endCatalyst 2900 的配置 Catalyst 2900 的配置 2900 的配置与 3500 的相似,命令如下 hostname bluestudy ! enable password password ! username bluestudy password password username test password password ! 省略端口的显示 ! interface E
15、thernet0/1(与 3500 对接) switchport trunk encapsulation dot1q switchport mode trunk ! interface VLAN1 ip address 10.1.0.3 255.255.0.0 ip helper-address 10.1.0.100 ip directed-broadcast no ip route-cache ! ip default-gateway 10.1.0.1 ! interface Ethernet0/2(与 1900 C 对接) switchport access VLAN 5 no shut
16、! interface Ethernet0/3(与 1900 D 对接) switchport access VLAN 6 no shut ! snmp-server engineID local 000000090200000216BE4E80 snmp-server community public RO snmp-server community private RW snmp-server chassis-id 0x17 ! line con 0 login local transport input none stopbits 1 line vty 0 4 login local l
17、ine vty 5 15 login ! endCisco Catalyst 1900 的配置 Cisco Catalyst 1900 的配置 对于 1900 的配置就相对容易得多了 只需在 enable 状态下键入 Setup 就会进入配置向导 给出交换机的 IP 地址:10.3.0.5 掩码:255.255.0.0 网关:10.3.0.1 就可以了,另外应该打开简单的网络管理协议 SNMP snmp-server community public RO snmp-server community private RW 即可 PIX 520A 的基本配置 PIX Version 4.2(4)
18、 nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password password encrypted passwd password encrypted hostname pix_A fixup protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521 names no
19、failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 pager lines 24 no logging console logging monitor debugging logging buffered debugging no logging trap logging facility 20 interface ethernet0 auto interface ethernet1 auto ip address outside 192
20、.168.0.1 255.255.255.252 ip address inside 10.2.0.13 255.255.0.0 arp timeout 14400 nat (inside ) 0 192.168.0.0 255.255.255.252 rip outside passive no rip outside default no rip inside passive rip inside default route outside 192.168.2.0 255.255.255.0 192.168.0.2 route inside 0.0.0.0 0.0.0.0 10.2.0.1
21、 timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolut esnmp-server community public RO snmp-server community private RW telnet 10.2.0.200 255.255.255.255 telnet timeout 15 mtu outside 1500 mtu inside 1500 floodguard 0Cisco 2610A 的配置 Cisco 2610
22、A 的配置 Current configuration: ! version 11.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname 2610A ! enable password password ! username bluestudy password password no ip domain-lookup! ! interface Ethernet0/0 ip address 192.168.0.2 255.255.255.252
23、 no shut ! interface Serial0/0 ip address 192.168.0.5 255.255.255.252 no shut ! interface Serial0/1 no ip address shutdown ! ip route 0.0.0.0 0.0.0.0 192.168.0.1 ip route 192.168.2.0 255.255.255.0 192.168.0.6 ! snmp-server community public RO snmp-server community private RW ! line con 0 line aux 0
24、line vty 0 4 login local ! no scheduler allocate end Cisco 1603 的配置 Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 1603 ! enable secret password enable password password ! memory-size iomem 25 ip subnet-ze
25、ro ! interface Serial0 ip address 192.168.0.6 255.255.255.252 no ip directed-broadcast ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 no ip unreachables no ip directed-broadcast ! ip classless ip route 0.0.0.0 0.0.0.0 s0 no ip http server ! snmp-server community public RO snmp-server community private RW ! line con 0 password password transport input none line aux 0 line vty 0 4 password password login ! no scheduler allocate end