您的当前位置:首页正文

大型网络实施经典案例(拓扑图及详细配置)

2020-12-23 来源:易榕旅网


1

中型企业网络构建案例 配置文档

设置VTP

Sw_6509_1#conf t

Sw_6509_1(config)#vtp domain cisco

Sw_6509_1(config)#vtp mode server

Sw_6509_2#conf t

2

Sw_6509_2(config)#vtp domain cisco

Sw_6509_2(config)#vtp mode client

Sw_2950_fi1_1#conf t

Sw_2950_fi1_1(config)#vtp domain cisco

Sw_2950_fi1_1(config)#vtp mode client

Sw_2950_fi3_1#conf t

Sw_2950_fi3_1(config)#vtp domain cisco

Sw_2950_fi3_1(config)#vtp mode client

Sw_2950_fi5_1#conf t

Sw_2950_fi5_1(config)#vtp domain cisco

Sw_2950_fi5_1(config)#vtp mode client

Sw_2950_fi7_1#conf t

Sw_2950_fi7_1(config)#vtp domain cisco

3

Sw_2950_fi7_1(config)#vtp mode client

配置中继

Sw_6509_1(config)#int g3/1

Sw_6509_1(config-if)#switchport

Sw_6509_1(config-if)#switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_1(config)#int g3/2

Sw_6509_1(config-if)#switchport

Sw_6509_1(config-if)#switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_1(config)#int g3/3

Sw_6509_1(config-if)#switchport

Sw_6509_1(config-if)#switchport mode trunk

4

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_1(config)#int g3/4

Sw_6509_1(config-if)#switchport

Sw_6509_1(config-if)#switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_1(config)#int g3/5

Sw_6509_1(config-if)#switchport

Sw_6509_1(config-if)#switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config)#int g3/1

Sw_6509_2(config-if)#switchport

Sw_6509_2(config-if)#switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

5

Sw_6509_2(config)#int g3/2

Sw_6509_2(config-if)#switchport

Sw_6509_2(config-if)#switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config)#int g3/3

Sw_6509_2(config-if)#switchport

Sw_6509_2(config-if)#switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config)#int g3/4

Sw_6509_2(config-if)#switchport

Sw_6509_2(config-if)#switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config)#int g3/5

6

Sw_6509_2(config-if)#switchport

Sw_6509_2(config-if)#switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

在楼层交换机上配置

Sw_2950_fl1_1(config)#int g0/1

Sw_2950_fl1_1(config-if)#switchport mode trunk

Sw_2950_fl1_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl1_1(config)#int g0/2

Sw_2950_fl1_1(config-if)#switchport mode trunk

Sw_2950_fl1_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl3_1(config)#int g0/1

Sw_2950_fl3_1(config-if)#switchport mode trunk

Sw_2950_fl3_1(config-if)#switchport trunk encapsulation dot1q

7

Sw_2950_fl3_1(config)#int g0/2

Sw_2950_fl3_1(config-if)#switchport mode trunk

Sw_2950_fl3_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl5_1(config)#int g0/1

Sw_2950_fl5_1(config-if)#switchport mode trunk

Sw_2950_fl5_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl5_1(config)#int g0/2

Sw_2950_fl5_1(config-if)#switchport mode trunk

Sw_2950_fl5_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl7_1(config)#int g0/1

Sw_2950_fl7_1(config-if)#switchport mode trunk

Sw_2950_fl7_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl7_1(config)#int g0/2

8

Sw_2950_fl7_1(config-if)#switchport mode trunk

Sw_2950_fl7_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl9_1(config)#int g0/1

Sw_2950_fl9_1(config-if)#switchport mode trunk

Sw_2950_fl9_1(config-if)#switchport trunk encapsulation dot1q

Sw_2950_fl9_1(config)#int g0/2

Sw_2950_fl9_1(config-if)#switchport mode trunk

Sw_2950_fl9_1(config-if)#switchport trunk encapsulation dot1q

配置以太通道

Sw_6509_1(config)#int g3/15

Sw_6509_1(config-if)# switchport

Sw_6509_1(config-if)# switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

9

Sw_6509_1(config-if)#channel-group 1 mode desirable

Sw_6509_1(config)#int g3/16

Sw_6509_1(config-if)# switchport

Sw_6509_1(config-if)# switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_1(config-if)#channel-group 1 mode desirable

Sw_6509_1(config-if)#int port-channel 1

Sw_6509_1(config-if)# switchport

Sw_6509_1(config-if)# switchport mode trunk

Sw_6509_1(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config)#int g3/15

Sw_6509_2(config-if)# switchport

Sw_6509_2(config-if)# switchport mode trunk

10

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config-if)#channel-group 1 mode desirable

Sw_6509_2(config)#int g3/16

Sw_6509_2(config-if)# switchport

Sw_6509_2(config-if)# switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

Sw_6509_2(config-if)#channel-group 1 mode desirable

Sw_6509_2(config-if)#int port-channel 1

Sw_6509_2(config-if)# switchport

Sw_6509_2(config-if)# switchport mode trunk

Sw_6509_2(config-if)#switchport trunk encapsulation dot1q

创建VLAN

Sw_6509_1#vlan database

11

Sw_6509_1(vlan)#vlan 2 name manage

Sw_6509_1(vlan)#vlan 11 name finance

Sw_6509_1(vlan)#vlan 12 name techniqy

Sw_6509_1(vlan)#vlan 13 name sales

Sw_6509_1(vlan)#vlan 14 name server

Sw_6509_1(vlan)#vlan 15 name edge

设置生成树

Sw_6509_1(config)#spanning-tree vlan 2 root primary

Sw_6509_1(config)#spanning-tree vlan 11 root primary

Sw_6509_1(config)#spanning-tree vlan 12 root primary

Sw_6509_1(config)#spanning-tree vlan 13 root secondary

Sw_6509_1(config)#spanning-tree vlan 14 root secondary

Sw_6509_1(config)#spanning-tree vlan 15 root secondary

12

Sw_6509_1(config)#spanning-tree vlan 2 root secondary

Sw_6509_1(config)#spanning-tree vlan 11 root secondary

Sw_6509_1(config)#spanning-tree vlan 12 root secondary

Sw_6509_1(config)#spanning-tree vlan 13 root primary

Sw_6509_1(config)#spanning-tree vlan 14 root primary

Sw_6509_1(config)#spanning-tree vlan 15 root primary

Sw_2950_fl1_1(conf ig)#int fa0/1

Sw_2950_fl1_1(conf ig)#switchport mode access

Sw_2950_fl1_1(conf ig)#switchport access vlan 11

Sw_2950_fl1_1(conf ig)#int fa0/2

Sw_2950_fl1_1(conf ig)#switchport mode access

Sw_2950_fl1_1(conf ig)#switchport access vlan 12

Sw_2950_fl1_1(conf ig)#int fa0/3

13

Sw_2950_fl1_1(conf ig)#switchport mode access

Sw_2950_fl1_1(conf ig)#switchport access vlan 13

Sw_2950_fl3_1(conf ig)#int fa0/1

Sw_2950_fl3_1(conf ig)#switchport mode access

Sw_2950_fl3_1(conf ig)#switchport access vlan 11

Sw_2950_fl3_1(conf ig)#int fa0/2

Sw_2950_fl3_1(conf ig)#switchport mode access

Sw_2950_fl3_1(conf ig)#switchport access vlan 12

Sw_2950_fl3_1(conf ig)#int fa0/3

Sw_2950_fl3_1(conf ig)#switchport mode access

Sw_2950_fl3_1(conf ig)#switchport access vlan 13

Sw_2950_fl5_1(conf ig)#int fa0/1

Sw_2950_fl5_1(conf ig)#switchport mode access

14

Sw_2950_fl5_1(conf ig)#switchport access vlan 11

Sw_2950_fl5_1(conf ig)#int fa0/2

Sw_2950_fl5_1(conf ig)#switchport mode access

Sw_2950_fl5_1(conf ig)#switchport access vlan 12

Sw_2950_fl5_1(conf ig)#int fa0/3

Sw_2950_fl5_1(conf ig)#switchport mode access

Sw_2950_fl5_1(conf ig)#switchport access vlan 13

Sw_2950_fl7_1(conf ig)#int fa0/1

Sw_2950_fl7_1(conf ig)#switchport mode access

Sw_2950_fl7_1(conf ig)#switchport access vlan 11

Sw_2950_fl7_1(conf ig)#int fa0/2

Sw_2950_fl7_1(conf ig)#switchport mode access

Sw_2950_fl7_1(conf ig)#switchport access vlan 12

15

Sw_2950_fl7_1(conf ig)#int fa0/3

Sw_2950_fl7_1(conf ig)#switchport mode access

Sw_2950_fl7_1(conf ig)#switchport access vlan 13

Sw_2950_fl9_1(conf ig)#int fa0/1

Sw_2950_fl9_1(conf ig)#switchport mode access

Sw_2950_fl9_1(conf ig)#switchport access vlan 11

Sw_2950_fl9_1(conf ig)#int fa0/2

Sw_2950_fl9_1(conf ig)#switchport mode access

Sw_2950_fl9_1(conf ig)#switchport access vlan 12

Sw_2950_fl9_1(conf ig)#int fa0/3

Sw_2950_fl9_1(conf ig)#switchport mode access

Sw_2950_fl9_1(conf ig)#switchport access vlan 13

配置三层交换

16

Sw_6509_1(config)#int vlan 2

Sw_6509_1(config-if)#ip add 192.168.2.252 255.255.255.0

Sw_6509_1(config)#int vlan 11

Sw_6509_1(config-if)#ip add 192.168.11.252 255.255.255.0

Sw_6509_1(config)#int vlan 12

Sw_6509_1(config-if)#ip add 192.168.12.252 255.255.255.0

Sw_6509_1(config)#int vlan 13

Sw_6509_1(config-if)#ip add 192.168.13.252 255.255.255.0

Sw_6509_1(config)#int vlan 14

Sw_6509_1(config-if)#ip add 192.168.14.252 255.255.255.0

Sw_6509_1(config)#int vlan 15

Sw_6509_1(config-if)#ip add 192.168.15.252 255.255.255.0

Sw_6509_2(config)#int vlan 2

17

Sw_6509_2(config-if)#ip add 192.168.2.253 255.255.255.0

Sw_6509_2(config)#int vlan 11

Sw_6509_2(config-if)#ip add 192.168.11.253 255.255.255.0

Sw_6509_2(config)#int vlan 12

Sw_6509_2(config-if)#ip add 192.168.12.253 255.255.255.0

Sw_6509_2(config)#int vlan 13

Sw_6509_2(config-if)#ip add 192.168.13.253 255.255.255.0

Sw_6509_2(config)#int vlan 14

Sw_6509_2(config-if)#ip add 192.168.14.253 255.255.255.0

Sw_6509_2(config)#int vlan 15

Sw_6509_2(config-if)#ip add 192.168.15.253 255.255.255.0

配置HSRP

Sw_6509_1#int vlan 2

18

Sw_6509_1(config-if)#standby 1 ip 192.168.2.251

Sw_6509_1(config-if)#standby 1 priority 150

Sw_6509_1#int vlan 11

Sw_6509_1(config-if)#standby 2 ip 192.168.11.251

Sw_6509_1(config-if)#standby 2 priority 150

Sw_6509_1#int vlan 12

Sw_6509_1(config-if)#standby 3 ip 192.168.12.251

Sw_6509_1(config-if)#standby 3 priority 150

Sw_6509_1#int vlan 13

Sw_6509_1(config-if)#standby 4 ip 192.168.13.251

Sw_6509_1(config-if)#standby 4 priority 150

Sw_6509_1#int vlan 14

Sw_6509_1(config-if)#standby 5 ip 192.168.14.251

19

Sw_6509_1(config-if)#standby 5 priority 150

Sw_6509_1#int vlan 15

Sw_6509_1(config-if)#standby 6 ip 192.168.15.251

Sw_6509_1(config-if)#standby 6 priority 150

Sw_6509_2#int vlan 2

Sw_6509_2(config-if)#standby 1 ip 192.168.2.251

Sw_6509_2#int vlan 11

Sw_6509_2(config-if)#standby 2 ip 192.168.11.251

Sw_6509_2#int vlan 12

Sw_6509_2(config-if)#standby 3 ip 192.168.12.251

Sw_6509_2#int vlan 13

Sw_6509_2(config-if)#standby 4 ip 192.168.13.251

Sw_6509_2#int vlan 14

20

Sw_6509_2(config-if)#standby 5 ip 192.168.14.251

Sw_6509_2#int vlan 15

Sw_6509_2(config-if)#standby 6 ip 192.168.15.251

配置路由

Sw_6509_1(config)#ip route 192.168.20.0 255.255.255.0 192.168.15.4

Sw_6509_1(config)#ip route 192.168.30.0 255.255.255.0 192.168.15.4

Sw_6509_1(config)#ip route 0.0.0.0 0.0.0.0 192.168.15.1

Sw_6509_2(config)#ip route 192.168.20.0 255.255.255.0 192.168.15.4

Sw_6509_2(config)#ip route 192.168.30.0 255.255.255.0 192.168.15.4

Sw_6509_2(config)#ip route 0.0.0.0 0.0.0.0 192.168.15.1

RT_WAN配置(广域网路由器)

RT_WAN(config)#int fa0/0

RT_WAN(config-if)#ip add 192.168.15.2 255.255.255.0

21

RT_WAN(config-if)#standby 1 ip 192.168.15.4

RT_WAN(config-if)#standby 1 priority 150

RT_WAN(config)#controller E1 1/0

RT_WAN(config-if)#no sh

RT_WAN(config-if)#framing no-crc4

配置CE1/PRI接口的帧校验格式,不进行帧校验为crc4

RT_WAN(config-if)#channel-group 0 timeslot 1-4

RT_WAN(config-if)#channel-group 1 timeslot 5-8

进行时隙的划分,将1~4时隙捆绑为0组,5~8时隙捆绑为1组,0组和1组分别对应下面的虚拟串口s 1/0:0和s 1/0:1

RT_WAN(config-if)#int s 1/0:0

RT_WAN(config-if)#no sh

RT_WAN(config-if)#encapsulation ppp

RT_WAN(config-if)#ip add 192.168.1.1 255.255.255.252

22

RT_WAN(config-if)#int s 1/0:1

RT_WAN(config-if)#no sh

RT_WAN(config-if)#encapsulation ppp

RT_WAN(config-if)#ip add 192.168.1.5 255.255.255.252

RT_WAN(config)#ip route 192.168.20.0 255.255.255.0 s 1/0:0

RT_WAN(config)#ip route 192.168.30.0 255.255.255.0 s 1/0:1

RT_WAN(config)#ip route 192.168.2.0 255.255.255.0 192.168.15.251

RT_WAN(config)#ip route 192.168.11.0 255.255.255.0 192.168.15.251

RT_WAN(config)#ip route 192.168.12.0 255.255.255.0 192.168.15.251

RT_WAN(config)#ip route 192.168.13.0 255.255.255.0 192.168.15.251

RT_WAN(config)#ip route 192.168.14.0 255.255.255.0 192.168.15.251

RT_WAN(config)#snmp-server community public RO

RT_WAN(config)#no snmp-server location

23

RT_WAN(config)#no snmp-server contact

配置RT_REMOTE(远程访问服务器)

RT_REMOTE(config)#username RT_FZ1 passowrd cisco

RT_REMOTE(config)#username RT_FZ2 passowrd cisco

RT_REMOTE(config)#int fa0/0

RT_REMOTE(config-if)#ip add 192.168.15.3 255.255.255.0

RT_REMOTE(config-if)#standby 1 ip 192.168.15.4

RT_REMOTE(config-if)#controller E1 1/0

RT_REMOTE(config-if)#framing no-crc4

RT_REMOTE(config-if)#linecode hdb3

指定ISDN PRI 的线路编码格式为hdb3

RT_REMOTE(config-if)#pri-group timeslots 1-31

把PRI接口划分为31个信道,其中第16个信道(对应逻辑接口为s 0/0:15)是管理信道.

24

RT_REMOTE(config-if)#int s 0/0:15

RT_REMOTE(config-if)#no sh

RT_REMOTE(config-if)#ip unnumbered fa0/0

RT_REMOTE(config-if)#encapsulation ppp

RT_REMOTE(config-if)#dialer-group 1

指定本接口属于拔组1,注意组号与下面定义的dialer-list 1对应

RT_REMOTE(config-if)#isdn switch-type primary-net5

RT_REMOTE(config-if)#isdn incoming-voice modem

将模拟modem呼叫转接到内部数字modem来处理

RT_REMOTE(config-if)#peer default ip address pool isdnpool

为拔入的ISDN呼叫从地址池isdnpool中分配IP地址

RT_REMOTE(config-if)#ppp authentication pap

RT_REMOTE(config-if)#int group-async1

25

RT_REMOTE(config-if)#ip unnumbered fa0/0

RT_REMOTE(config-if)#encapsulation ppp

建立一个异步拔号组,用于接收模拟modem呼叫

RT_REMOTE(config-if)#async mode interactive

指定异步串口建立链路的方式dedicate 直接模式、interactive 交互模式RT_REMOTE(config-if)#peer default ip address pool pstnpool

为拔入的模拟呼叫从地址池pstnpool中分配ip地址

RT_REMOTE(config-if)#ppp quthentication pap if-needed

RT_REMOTE(config-if)#group-range 33 62

指定此模拟拔号组对应的端口

RT_REMOTE(config)#no dialer-list 1

RT_REMOTE(config)#dialer-list protocol ip permit

为拔号组1指定激活拔号的条件,这里所有的IP访问都可以激活拔号

26

RT_REM(config)#ip local pool isdnpool 192.168.15.201 192.168.15.220

RT_REM(config)#ip local pool pstnpool 192.168.15.221 192.168.15.240

RT_REMOT(config)#ip route 192.168.2.0 255.255.255.0 192.168.15.251

RT_REMO(config)#ip route 192.168.11.0 255.255.255.0 192.168.15.251

RT_REMO(config)#ip route 192.168.12.0 255.255.255.0 192.168.15.251

RT_REMO(config)#ip route 192.168.13.0 255.255.255.0 192.168.15.251

RT_REMO(config)#ip route 192.168.14.0 255.255.255.0 192.168.15.251

RT_REMOTE(config)#snmp-server community public RO

RT_REMOTE(config)#no snmp-server location

RT_REMOTE(config)#no snmp-server contact

RT_REMOTE(config)#line 33 62

进入modem 口线路模式

RT_REMOTE(config-line)#autoselect during-login

27

配置为自动登录

RT_REMOTE(config-line)#autoselect ppp

配置为自动选择ppp协议

RT_REMOTE(config-line)#login local

配置为使用本地数据库进行认证

RT_REMOTE(config-line)#modem inout

配置端口为允许拔入和拔出

RT_REMOTE(config-line)#modem autoconfigure discovery

自动识别modem

RT_REMOTE(config-line)#qutocommand ppp default

连通后自动执行ppp命令

配置RT_FZ1(分支机构1)

RT_FZ1(config)#username RT_REMOTE password cisco

28

RT_FZ1(config)#chat-script dialout “”“AT”TIMEOUT 30 OK“ATDT\\T”TIMEOUT 30 CONNECT\\c

定义拔号脚本“dialout”

RT_FZ1(config)#int fa0/0

RT_FZ1(config-if)#ip add 192.168.20.254 255.255.255.0

RT_FZ1(config-if)#int s0/0

RT_FZ1(config-if)#encapsulation ppp

RT_FZ1(config-if)#ip add 192.168.1.2 255.255.255.252

RT_FZ1(config-if)#int async 1

进入异步接口

RT_FZ1(config-if)#ip address negotiated

自动协商IP地址

RT_FZ1(config-if)#encpsulation ppp

RT_FZ1(config-if)#async mode interactive

29

RT_FZ1(config-if)#dialer in-band

设定接口为按需拔号(DDR)

RT_FZ1(config-if)#dialer string 68001000

RT_FZ1(config-if)#ppp authentication pap

RT_FZ1(config-if)#ppp pap sent-username TR_FZ1 password cisco

RT_FZ1(config-if)#no dialer-list 1

RT_FZ1(config-if)#dialer-list 1 protocol ip permit

RT_FZ1(config)#ip route 0.0.0.0 0.0.0.0 s0/0 1

RT_FZ1(config)#ip route 0.0.0.0 0.0.0.0 async1 200

RT_FZ1(config)#line 1

RT_FZ1(config-line)#autoselect during-login

RT_FZ1(config-line)#autoselect ppp

RT_FZ1(config-line)#modem inout

30

RT_FZ1(config-line)#modem autoconfigure discovery

RT_FZ1(config-line)#autocommand ppp

RT_FZ1(config-line)#script dialer dialout

指定拔出所用的脚本dialout

RT_FZ1(config-line)#transport input all

RT_FZ1(config-line)#flowcontrol hardware

配置RT_FZ2(分支机构2)

RT_FZ2(config)#username RT_REMOTE password cisco

RT_FZ2(config)#chat-script dialout “”“AT”TIMEOUT 30 OK“ATDT\\T”TIMEOUT 30 CONNECT\\c

RT_FZ2(config)#int fa0/0

RT_FZ2(config-if)#ip add 192.168.30.254 255.255.255.0

RT_FZ2(config-if)#int s0/0

RT_FZ2(config-if)#encapsulation ppp

31

RT_FZ2(config-if)#ip add 192.168.1.6 255.255.255.252

RT_FZ2(config-if)#int async 1

RT_FZ2(config-if)#ip address negotiated

RT_FZ2(config-if)#encpsulation ppp

RT_FZ2(config-if)#async mode interactive

RT_FZ2(config-if)#dialer in-band

RT_FZ2(config-if)#dialer string 68001000

RT_FZ2(config-if)#ppp authentication pap

RT_FZ2(config-if)#ppp pap sent-username TR_FZ1 password cisco

RT_FZ2(config-if)#no dialer-list 1

RT_FZ2(config-if)#dialer-list 1 protocol ip permit

RT_FZ2(config)#ip route 0.0.0.0 0.0.0.0 s0/0 1

RT_FZ2(config)#ip route 0.0.0.0 0.0.0.0 async1 200

32

RT_FZ2(config)#line 1

RT_FZ2(config-line)#autoselect during-login

RT_FZ2(config-line)#autoselect ppp

RT_FZ2(config-line)#modem inout

RT_FZ2(config-line)#modem autoconfigure discovery

RT_FZ2(config-line)#autocommand ppp

RT_FZ2(config-line)#script dialer dialout

RT_FZ1(config-line)#transport input all

RT_FZ1(config-line)#flowcontrol hardware

配置防火墙PIX_515(安全设备)

Pix_515(config)#nameif ethernet0 outside security 0

Pix_515(config)#nameif ethernet1 inside security 100

Pix_515(config)#nameif ethernet2 dmz security 50

33

Pix_515(config)#interface ethernet0 auot

Pix_515(config)#interface ethernet1 auot

Pix_515(config)#interface ethernet2 auot

启用内外接口和dmz接口

Pix_515(config)#ip address outside 202.106.11.225 255.255.255.240

Pix_515(config)#ip address inside 192.168.15.1 255.255.255.0

Pix_515(config)#ip address dmz 192.168.16.5 255.255.255.0

设置内外接口地址

Pix_515(config)#global (outside) 1 202.106.11.229-202.106.11.233

设置全局复用地址

Pix_515(config)#global (outside) 1 202.106.11.234

单个PAT地址

Pix_515(config)#static (dmz,outside) 202.106.11.235 192.168.16.1 netmask 255.255.255.255

34

Pix_515(config)#static (dmz,outside) 202.106.11.236 192.168.16.2 netmask 255.255.255.255

Pix_515(config)#static (dmz,outside) 202.106.11.237 192.168.16.3 netmask 255.255.255.255

将服务器映射到外网

Pix_515(config)#static (inside,dmz) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

Pix_515(config)#static (inside,dmz) 192.168.11.0 192.168.11.0 netmask 255.255.255.0

Pix_515(config)#static (inside,dmz) 192.168.12.0 192.168.12.0 netmask 255.255.255.0

Pix_515(config)#static (inside,dmz) 192.168.13.0 192.168.13.0 netmask 255.255.255.0

Pix_515(config)#static (inside,dmz) 192.168.14.0 192.168.14.0 netmask 255.255.255.0

Pix_515(config)#static (inside,dmz) 192.168.15.0 192.168.15.0 netmask 255.255.255.0

35

内网访问服务器时不做地址转换

Pix_515(config)#nat (inside) 1 0 0

所有内网地址访问外网进行地址转换

Pix_515(config)#access-list allowin permit tcp any host 202.106.11.235 eq http

Pix_515(config)#access-list allowin permit tcp any host 202.106.11.236 eq smtp

Pix_515(config)#access-list allowin permit tcp any host 202.106.11.237 eq domain

Pix_515(config)#access-list allowin permit udp any host 202.106.11.237 eq domain

允许外部任何地址对dmz区的服务器进行相应的访问

Pix_515(config)#access-list allowin in interface outside

将访问控制列表应用到防火墙的外口上

Pix_515(config)#route outside 0.0.0.0 0.0.0.0 202.106.11.226

36

Pix_515(config)#route inside 192.168.0.0 255.255.0.0 192.168.15.251

配置RT_INTERNET(设置接入internet 路由器)

RT_INTERNET(config)#int fa0/0

RT_INTERNET(config-if)#ip address 202.106.11.226 255.255.255.240

RT_INTERNET(config)#int s0/0

RT_INTERNET(config-if)#ip address 192.168.1.1 255.255.255.252

RT_INTERNET(config-if)#encapsulation ppp

RT_INTERNET(config)#ip route 0.0.0.0 0.0.0.0 s0/0

RT_INTERNET(config)#snmp-server community prublic RO

RT_INTERNET(config)#no snmp-server location

RT_INTERNET(config)#no snmp-server contact

37

因篇幅问题不能全部显示,请点此查看更多更全内容