配置实例
VLAN划分问题:
对于交换设备本例中划到VLAN 1中,而对于外连设备的所有以太网端口,均划到VLAN 2中,下面给出各VLAN的名称和网关地址,本例划分8个VLAN.
VLAN ID VLAN Name Gateway
VLAN 1 Bluestudy 1 10.1.0.1/16
VLAN 2 Bluestudy 2 10.2.0.1/16
VLAN 3 Bluestudy 3 10.3.0.1/16
VLAN 4 Bluestudy 4 10.4.0.1/16
VLAN 5 Bluestudy 5 10.5.0.1/16
VLAN 6 Bluestudy 6 10.6.0.1/16
VLAN 7 Bluestudy 7 10.7.0.1/16
VLAN 8 Bluestudy 8 10.8.0.1/16
Catalyst 6506 的配置
Enter password:
enable
Enter password:
config t
set system name Bluestudy
set time 10/30/2000 9:30:00
set password
set enablepass
set interface sc0 10.1.0.2/16
set ip route default 10.1.0.1
set ip dns server 10.1.0.100
set ip dns domain bluestudy.com
set ip dns enable
set vtp domain bluestudy mode server
set vlan 1 name Bluestudy 1
set vlan 2 name Bluestudy 2
set vlan 3 name Bluestudy 3
set vlan 4 name Bluestudy 4
set vlan 5 name Bluestudy 5
set vlan 6 name Bluestudy 6
set vlan 7 name Bluestudy 7
set vlan 8 name Bluestudy 8
set port negotiation 2/1-8 enable
set port name 2/1-8 GEC 802.1Q Trunk
set trunk 2/1-8 desirable dot1q
set port speed 2/1-8 1000
set vlan 1 3/1-48
对于6506的交换机方面的配置只需做出Trunk即可,因为要实现跨交换机之间的虚网,下面配置6506的路由模块,因为6506的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15
详情请见 6506 路由设置.
Catalyst 6506RSM模块的配置
(enable) session 15
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
enable
configure terminal
hostname bluestudy
enable password password
line vty 0 6
password secret_word
ip domain-name bluestudy.com
ip name-server 10.1.0.100
interface vlan 1
ip address 10.1.0.1 255.255.0.0
no shutdown
interface vlan 2
ip address 10.2.0.1 255.255.0.0
no shutdown
interface vlan 3
ip address 10.3.0.1 255.255.0.0
no shutdown
interface vlan 4
ip address 10.4.0.1 255.255.0.0
no shutdown
interface vlan 5
ip address 10.5.0.1 255.255.0.0
no shutdown
interface vlan 6
ip address 10.6.0.1 255.255.0.0
no shutdown
interface vlan 7
ip address 10.7.0.1 255.255.0.0
no shutdown
interface vlan 8
ip address 10.8.0.1 255.255.0.0
no shutdown
router rip
version 2
network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.2.0.12
ip route 192.168.2.0 255.255.255.0 10.2.0.13
ip route 192.168.3.0 255.255.255.240 10.2.0.11
ip route 192.168.4.0 255.255.255.0 10.2.0.11
ip route 192.168.5.0 255.255.255.0 10.2.0.11
ip route 192.168.6.0 255.255.255.0 10.2.0.11
copy running-config startup-config
Building configuration...
[OK]
这里给出的是单纯的命令行,略去了一些默认状况的设置. Catalyst 3500 的配置
Catalyst 3500 的配置
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 10.1.0.4 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
interface Ethernet1/1(与2900对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/2(与1900 A对接)
switchport access VLAN 3
no shut
!
interface Ethernet1/3(与1900 B对接)
switchport access VLAN 4
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
(打开简单的网络管理,便于以后,Cisco 网管软件识别和管理)
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
end
Catalyst 2900 的配置
Catalyst 2900 的配置
2900的配置与3500的相似,命令如下
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface Ethernet0/1(与3500对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface VLAN1
ip address 10.1.0.3 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
!
interface Ethernet0/2(与1900 C对接)
switchport access VLAN 5
no shut
!
interface Ethernet0/3(与1900 D对接)
switchport access VLAN 6
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
end
Cisco Catalyst 1900 的配置
Cisco Catalyst 1900 的配置
对于1900的配置就相对容易得多了
只需在enable 状态下键入 Setup 就会进入配置向导
给出交换机的
IP地址:10.3.0.5
掩码:255.255.0.0
网关:10.3.0.1
就可以了,另外应该打开简单的网络管理协议SNMP
snmp-server community public RO
snmp-server community private RW
即可
PIX 520A的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix_A
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
logging monitor debugging
logging buffered debugging
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 192.168.0.1 255.255.255.252
ip address inside 10.2.0.13 255.255.0.0
arp timeout 14400
nat (inside ) 0 192.168.0.0 255.255.255.252
rip outside passive
no rip outside default
no rip inside passive
rip inside default
route outside 192.168.2.0 255.255.255.0 192.168.0.2
route inside 0.0.0.0 0.0.0.0 10.2.0.1
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolut
esnmp-server community public RO
snmp-server community private RW
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0
Cisco 2610A 的配置
Cisco 2610A 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610A
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 192.168.0.2 255.255.255.252
no shut
!
interface Serial0/0
ip address 192.168.0.5 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.6
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
end
Cisco 1603的配置
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 1603
!
enable secret password
enable password password
!
memory-size iomem 25
ip subnet-zero
!
interface Serial0
ip address 192.168.0.6 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
no ip unreachables
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 s0
no ip http server
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
password password
transport input none
line aux 0
line vty 0 4
password password
login
!
no scheduler allocate
end
PIX 520B的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix520_B
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.108.66.97 255.255.255.248
ip address inside 10.2.0.12 255.255.0.0
arp timeout 14400
global (outside) 1 202.108.66.100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 202.109.77.98
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0
Cisco 2610B 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610B
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 202.108.66.98 255.255.255.248
no shut
!
interface Serial0/0
ip address 202.108.8.1 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 202.108.8.2
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
end
Cisco 2610c 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
!
hostname 2610C
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
ip address-pool local
isdn switch-type basic-net3
interface Ethernet0
ip address 10.2.0.11 255.255.0.0
!
interface Serial0
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy1
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
interface Serial0.2 point-to-point
description Frame Relay to bluestudy2
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
interface BRI1/0
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/1
ip address 192.168.3.1 255.255.255.240
encapsulation ppp
timeout absolute 60 0
dialer idle-timeout 3600
dialer-group 1
isdn switch-type basic-net3
peer default ip address pool default
ppp authentication chap pap callin
!
interface BRI1/2
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
no peer default ip address
!
ip local pool default 192.168.3.3 192.168.3.14
ip http server
ip classless
ip route 192.168.5.0 255.255.255.0 serial0.1
ip route 192.168.4.0 255.255.255.0 serial0.2
ip route 0.0.0.0 0.0.0.0 10.2.0.1
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
line con 0
password console
login
line aux 0
line vty 0 4
password telnet
login
!
end
Cisco 1720A 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.5.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy1
login
!
end
Cisco 1720B 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy2
login
!
end
