园区网的搭建

2022-06-24  本文已影响0人  我在等你回复可你没回
image.png

保存配置的命令:

save all test.cfg

步骤一.配置STP和Eth_Trunk

核心设备LSW1:

stp root primary

边缘设备LSW2 3 4 5:

port-group group-member e0/0/1 to e0/0/22
stp edged-port enable

边缘交换机与核心交换机建立Eth-Trunk
例如LSW2建立Eth-Trunk

interface Eth-Trunk 2
mode lacp-static
trunkport gi 0/0/1 0/0/2
stp cost 10000

步骤二.设置vlan

接入层是access

vlan batch 10 20
port link-type access
port default vlan 10

接入层交换机干路设置:

interface Eth-Trunk 3
port link-type trunk
port trunk allow-pass  vlan  all

核心层交换机干路设置:

port-group group-member Eth-Trunk 2 to Eth-Trunk 5
port link-type trunk
port trunk allow-pass  vlan  all

步骤三:配置网关

配置vlan10网关,其他类似

interface Vlanif 10
ip address 192.168.10.1 24

interface Vlanif 20
ip address 192.168.20.1 24

interface Vlanif 30
ip address 192.168.30.1 24

interface Vlanif 40
ip address 192.168.40.1 24

interface Vlanif 200
ip address 192.168.200.1 24

核心交换机S1和出口路由R1的对接

S1:
vlan 800
q
interface gi 0/0/24
port link-type access
port default vlan 800
q
interface Vlanif 800
ip address 192.168.254.2 24

步骤四:DHCP配置

dhcp enable

销售部1和销售部2
ip pool XiaoShou_1
network 192.168.10.0 mask 24
gateway-list 192.168.10.1
dns-list 114.114.114.114 8.8.8.8

ip pool XiaoShou_2
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
dns-list 114.114.114.114 8.8.8.8

财务部
ip pool CaiWu
network 192.168.30.0 mask 24
gateway-list 192.168.30.1
dns-list 114.114.114.114 8.8.8.8

技术部
ip pool JiShu
network 192.168.40.0 mask 24
gateway-list 192.168.40.1
dns-list 114.114.114.114 8.8.8.8

对应vlanif要配置

interface Vlanif 10
dhcp select global

interface Vlanif 20
dhcp select global

interface Vlanif 30
dhcp select global

interface Vlanif 40
dhcp select global

步骤五.设置NAT

配置核心交换机的静态路由到出口路由

ip route-static 0.0.0.0 0 192.168.254.1

出口路由器配置路由到运营商路由器

ip route-static 0.0.0.0 0 12.1.1.6

出口路由器配置路由到内网

ip route-static 192.168.0.0 16 192.168.254.2

配置出口路由器nat

#设置访问控制列表
acl 2000
rule permit source 192.168.0.0 0.0.255.255
interface gi 0/0/1
nat outbound 2000

步骤六.服务器端口映射

nat server protocol tcp global 12.1.1.2 inside 192.168.200.10

步骤七.ACL

让服务器192.168.200.20只能让vlan30的用户能够访问

acl 3000
rule permit ip source 192.168.30.0 0.0.0.255 destination 192.168.200.20 0
rule deny ip source any destination 192.168.200.20

步骤八.telnet管理

配置telnet

telnet server enable
aaa
local-user aa privilege level 3 password  cipher 123
local-user aa service-type telnet 
q
user-interface vty 0 4
authentication-mode aaa

增加vlan999作为管理vlan,接入层路由器还需要配置ip和路由

vlan 999
interface Vlanif 999
ip address 192.168.253.1 24

vlan 999
interface Vlanif 999
ip address 192.168.253.2 24

vlan 999
interface Vlanif 999
ip address 192.168.253.3 24

vlan 999
interface Vlanif 999
ip address 192.168.253.4 24

vlan 999
interface Vlanif 999
ip address 192.168.253.5 24
ip route-static 0.0.0.0 0 192.168.253.1

#交换机配置缺省路由,用于回包
ip route-static 0.0.0.0 0 192.168.253.1
上一篇下一篇

猜你喜欢

热点阅读