云计算融合网络摆设实例
这是我当年参加的网络比赛的练习标题,我将其分享出来。模块一:云计算融合网络摆设
CII网络公司总部设有研发、市场、供应链、售后等4个部分,统一进行IP地址及业务资源的规划和分配。公司总部及亚太地域的网络拓扑结构如图所示。
其中两台S6000交换机(用S5750-E代替)编号为S4、S5,用于服务器高速接入;两台S5750编号为S2、S3,作为总部的核心交换机;两台RSR20路由器编号为R2、R3,作为总部的核心路由器,一台EG2000(用RSR20代替)编号为EG1,作为总部互联网出口网关1。一台S2910编号为S1,作为总部接入交换机;一台RSR20路由器编号为R1,作为分支机构路由器,一台EG2000(用RSR20代替)编号为EG2,作为分部互联网出口网关2。一台S5750编号为S6作为分部核心交换机,一台S2910编号为S7,作为分部接入交换机。3台AP520编号为AP1,AP2,AP3分别作为总部与分部的无线接入点。
https://img-blog.csdnimg.cn/direct/8e92fe4b56834341b2475dfcd9aeece9.png
请根据拓扑图及网络物理连接表完成装备的连线。
装备互联规范主要对各种网络装备的互联进行规范界说,在项目实行中,如用户无特殊要求,应根据规范要求进行各级网络装备的互联,统一现场装备互联界面,结合规范的线缆标签使用,使网络结构清晰明了,方便后续的维护。如下“表1-8 网络物理连接表”。
表1-8网络物理连接表
源设备名称 设备接口 接口描述 目标设备名称 设备接口
S1 Gi0/1 Con_To_PC1 PC1
S1 Gi0/5 Con_To_PC2 PC2
S1 Gi0/21 Con_To_AP1 AP1
S1 Gi0/22 Con_To_AP2 AP2
S1 Gi0/23 Con_To_S2_Gi0/1 S2 Gi0/1
S1 Gi0/24 Con_To_S3_Gi0/1 S3 Gi0/1
S2 Gi0/1 Con_To_S1_Gi0/23 S1 Gi0/23
S2 Gi0/2 Con_To_S3_Gi0/2 S3 Gi0/2
S2 Gi0/3 Con_To_S3_Gi0/3 S3 Gi0/3
S2 Gi0/4 Con_To_R2_Gi0/0 R2 Gi0/0
S2 Gi0/5 Con_To_AC1_Gi0/1 AC1 Gi0/1
S3 Gi0/1 Con_To_S1_Gi0/24 S1 Gi0/24
S3 Gi0/2 Con_To_S2_Gi0/2 S2 Gi0/2
S3 Gi0/3 Con_To_S2_Gi0/3 S2 Gi0/3
S3 Gi0/4 Con_To_R3_Gi0/0 R3 Gi0/0
S3 Gi0/5 Con_To_AC2_Gi0/1 AC2 Gi0/1
R2 FA1/1 Con_To_S4_Gi0/1 S4 Gi0/1
R2 Gi0/0 Con_To_S2_Gi0/4 S2 Gi0/4
R2 Gi0/1 Con_To_EG1_Gi0/1 EG1 Gi0/0
R2 S2/0 Con_To_R1_S2/0 R1 S2/0
R2 S3/0 Con_To_R3_S3/0 R3 S3/0
R3 FA1/1 Con_To_S5_Gi0/1 S5 Gi0/1
R3 Gi0/0 Con_To_S3_Gi0/4 S3 Gi0/4
R3 Gi0/1 Con_To_EG1_Gi0/1 EG1 Gi0/1
R3 S2/0 Con_To_R1_S3/0 R1 S3/0
R3 S3/0 Con_To_R2_S3/0 R2 S3/0
S4 Gi0/1 Con_To_R2_FA1/1 R2 FA1/1
S4 Gi0/2 Con_To_S5_Gi0/2 S5 Gi0/2
S4 Gi0/5 Con_To_Cloud_M 云平台(主用)
S4 Gi0/23 S5 Gi0/23
S4 Gi0/24 S5 Gi0/24
S5 Gi0/1 Con_To_R3_FA1/1 R3 FA1/1
S5 Gi0/2 Con_To_S4_Gi0/2 S4 Gi0/2
S5 Gi0/5 Con_To_Cloud_B 云平台(备用)
S5 Gi0/23 S4 Gi0/23
S5 Gi0/24 S4 Gi0/24
R1 S2/0 Con_To_R2_S2/0 R2 S2/0
R1 S3/0 Con_To_R3_S2/0 R3 S2/0
R1 Gi0/0 Con_To_S6_Gi0/1 S6 Gi0/1
R1 Gi0/1 Con_To_EG2_Gi0/0 EG2 Gi0/0
S6 Gi0/1 Con_To_R1_Gi0/0 R1 Gi0/0
S6 Gi0/2 Con_To_AP3_Gi0/0 AP3 Gi0/0
S6 Gi0/3 Con_To_S7_Gi0/24 S7 Gi0/24
S7 Gi0/1 Con_To_PC3 PC3
S7 Gi0/24 Con_To_S6_Gi0/3 S6 Gi0/3
EG1 GI0/1 Con_To_R2_Gi0/1 R2 Gi0/1
EG1 GI0/2 Con_To_R3_Gi0/1 R3 Gi0/1
EG1 GI0/3 Con_To_EG2_Gi0/3 EG2 GI0/3
EG2 GI0/1 Con_To_R1_Gi0/1 R1 Gi0/1
EG2 GI0/3 Con_To_EG1_Gi0/3 EG1 GI0/3
公司有4个不同业务部分和分部,彼此间必要互联互通,同时也必要对某些业务进行互访限制。别的,各业务对网络可靠性要求较高,要求网络核心地区发生故障时的停止时间尽可能短。另有,网络摆设时要考虑到网络的可管理性,并公道使用网络资源。
[*]虚拟局域网及IPv4地址摆设
为了淘汰广播,必要规划并设置VLAN。具体要求如下:
(1)设置公道,Trunk链路上不允许不必要VLAN的数据流畅过。
(2)为节省IP资源,隔离广播风暴、病毒攻击,控制端口二层互访,在分部S6、S7交换机使用Private Vlan。
(3)为隔离网络中部分终端用户间的二层互访,在交换机S1上使用端口保护。
(4)根据上述信息及表1-9、表1-10,在各装备上完成VLAN设置和端口分配以及IPv4地址。
表1-9网络装备名称表
拓扑图中设备名称 配置主机名(hostname名)
S1 ZB-S2910-01
S2 ZB-S5750-01
S3 ZB-S5750-02
S4 ZB-VSU-S6000
S5 ZB-VSU-S6000
S6 FB-S5750-01
S7 FB-2910-01
R1 FB-RSR20-01
R2 ZB-RSR20-01
R3 ZB-RSR20-02
AC1 ZB-WS6008-01
AC2 ZB-WS6008-02
EG1 ZB-EG2000-01
EG2 FB-EG2000-01
AP1 ZB-AP520-01
AP2 ZB-AP520-02
AP3 FB-AP520-01
表1-10 IPv4地址分配表
设备 接口或VLAN VLAN名称 二层或三层规划(XX代表工位号) 说明
S1 VLAN10 Res Gi0/1至Gi0/4 研发
VLAN20 Sales Gi0/5至Gi0/8 市场
VLAN30 Supply Gi0/9至Gi0/12 供应链
VLAN40 Service Gi0/13至Gi0/16 售后
VLAN50 AP Gi0/21至Gi0/22 无线AP
VLAN100 Manage 192.XX.100.4/24 设备管理VLAN
S2 VLAN10 Res 192.XX.10.252/24 研发
VLAN20 Sales 192.XX.20.252/24 市场
VLAN30 Supply 192.XX.30.252/24 供应链
VLAN40 Service 192.XX.40.252/24 售后
VLAN50 AP 192.XX.50.252/24 无线AP
VLAN100 Manage 192.XX.100.252/24 设备管理VLAN
Gi0/4 10.XX.0.1/30
Gi0/5 TRUNK 互联AC
LoopBack 0 11.XX.0.202/32
S3 VLAN10 Res 192.XX.10.253/24 研发
VLAN20 Sales 192.XX.20.253/24 市场
VLAN30 Supply 192.XX.30.253/24 供应链
VLAN40 Service 192.XX.40.253/24 售后
VLAN50 AP 192.XX.50.253/24 无线AP
VLAN100 Manage 192.XX.100.253/24 设备管理VLAN
Gi0/4 10.XX.0.5/30
Gi0/5 TRUNK 互联AC
LoopBack 0 11.XX.0.203/32
AC1 LoopBack 0 11.XX.0.204/32
VLAN60 Wiressless 192.XX.60.252/24 无线用户
Vlan100 Manage 192.XX.100.2/24 管理与互联VLAN
AC2 LoopBack 0 11.XX.0.205/32
VLAN60 Wiressless 192.XX.60.253/24 无线用户
Vlan100 Manage 192.XX.100.3/24 管理与互联VLAN
S4 VLAN100 Con_To_Cloud 193.XX.0.1/30 互联云平台
Gi0/1 10.XX.0.9/30
LoopBack 0 11.XX.0.45/32
S5 VLAN100 Con_To_Cloud 193.XX.0.1/30 互联云平台(备用)
Gi0/1 10.XX.0.13/30
LoopBack 0 11.XX.0.45/32
EG1 GI0/2 195.XX.0.1/24 与EG2互联
GI0/0 10.XX.0.34/30
GI0/1 10.XX.0.38/30
LoopBack 0 11.XX.0.11/32
EG2 GI0/2 195.XX.0.2/24 与EG1互联
GI0/0 10.XX.0.42/30
LoopBack 0 11.XX.0.12/32
R1 S2/0 10.XX.0.17/30
S2/1 10.XX.0.21/30
Gi0/0 10.XX.0.25/30
Gi0/1 10.XX.0.41/30
LoopBack 0 11.XX.0.1/32
R2 Gi0/0 10.XX.0.2/30
FA1/1(vlan100) 10.XX.0.10/30 SVI接口互联
Gi0/1 10.XX.0.33/30
S2/0 10.XX.0.18/30
S3/0 10.XX.0.29/30
LoopBack 0 11.XX.0.2/32
R3 Gi0/0 10.XX.0.6/30
FA1/1(vlan100) 10.XX.0.14/30 SVI接口互联
Gi0/1 10.XX.0.37/30
S2/0 10.XX.0.22/30
S3/0 10.XX.0.30/30
LoopBack 0 11.XX.0.3/32
S6 Gi0/1 10.XX.0.26/30
VLAN10 Pvlan 194.XX.10.254/24 分部有线用户
VLAN20 Wireless_user 194.XX.20.254/24 分部无线用户
VLAN30 AP 194.XX.30.254/24 分部无线AP
VLAN100 Manage 194.XX.100.254/24 设备管理VLAN
LoopBack 0 11.XX.0.6/32
S7 VLAN10 Pvlan Primaty vlan
VLAN11 Community_vlan Gi0/1至Gi0/4 community vlan
VLAN12 Isolated_vlan Gi0/5至Gi0/8 isolated vlan
VLAN100 Manage 194.XX.100.1/24 设备管理VLAN
PC机 PC1 自动获取
PC2 192.XX.20.2/24
PC3 194.XX.10.2/24
[*]MSTP及VRRP摆设
在总部交换机S2、S3上设置MSTP防止二层环路;要求所有数据流颠末S2转发,S2失效时颠末S3转发。所设置的参数要求如下:
(1)region-name为ruijie;
(2)revision版本为1;
(3)实例值为1;
(4)S2作为实例中的主根, S3作为实例中的从根。
(5)在S2和S3上设置VRRP,实现主机的网关冗余。所设置的参数要求如表1-11。
表1-11 S2和S3的VRRP参数表
VLAN VRRP备份组号(VRID) VRRP虚拟IP
VLAN10 10 192.xx.10.254
VLAN20 20 192.xx.20.254
VLAN30 30 192.xx.30.254
VLAN40 40 192.xx.40.254
VLAN50 50 192.xx.50.254
VLAN100(交换机间) 100 192.xx.100.254
(6)S2作为所有主机的实际网关,S3作为所有主机的备份网关;其中各VRRP组中高优先级设置为150,低优先级设置为120。
[*] DHCP中继与安全
在交换机S2、S3上设置DHCP中继,对VLAN10以内的用户进行中继,使得总部PC1用户使用DHCP Relay方式获取IP地址。具体要求如下:
(1)DHCP服务器搭建于R2上;
(2)为了防止DHCP服务器诱骗及用户私设静态IP地址,在S1交换机摆设DHCP Snooping功能。
[*] 网络装备虚拟化
两台核心交换机通过VSU虚拟化为一台装备进行管理,从而实现高可靠性。当恣意交换机或板卡故障时,都能保障能够实现装备、链路切换,保护客户业务。
(1)规划S4和S5间的Gi0/23-24端口作为VSL链路,使用VSU技能实现网络装备虚拟化。其中S4为主,S5为备;
(2)规划S4和S5间的Gi0/2端口作为双主机检测链路,设置基于BFD的双主机检,当VSL的所有物理链路都异常断开时,备机会切换成主机,从而保障网络正常;
(3)主装备:Domain id:1,switch id:1,priority 200, description:S2910-24GT4XS-E-1;
(4)备装备:Domain id:1,switch id:2,priority 150, description:S2910-24GT4XS-E-2。
[*] 路由协议摆设
因历史缘故原由,总部使用静态路由、OSPF多协议组网。其中S2、S3、S4、S5、R2、R3使用OSPF协议,R2、R3与总部出口网关及分部R1间使用静态路由协议,分部使用静态路由协议。要求网络具有安全性、稳定性。具体要求如下:
(1)OSPF历程号为10,规划多地区0(S2、S3、R2、R3)、地区1(S4、S5、R2、R3);
(2)R2、R3互联链路规划入地区0;
(3)要求业务网段中不出现协议报文;
(4)要求所有路由协议都发布具体网段;
(5)为了管理方便,必要发布Loopback地址;
(6)优化OSPF相干设置,以只管加速OSPF收敛;
(7)重发布路由进OSPF中使用类型1;
(8)采用浮动静态路由,主静态路由优先级为10,备份静态路由优先级为100。
注意:(S4/S5必要重发布云平台(172.16.0.0/22)静态路由至总部内网)。
[*] 广域网链路设置与安全摆设
总部路由器与分部路由器间属于广域网链路,其中R1-R2间所租用线路带宽为2M,R1-R3间所租用线路带宽为1M。R2-R3间线路带宽为2M。总部路由器与分部路由器间属于广域网链路。必要使用PPP进行安全保护。PPP的具体要求如下:
(1)使用CHAP协议;
(2)单向认证,用户名+验证口令方式,R1为认证客户端,R2、R3为认证服务端;
(3)用户名和暗码均为ruijie。
[*] 路由选路摆设
考虑到从分部到总部有两条广域网线路,且其带宽不一样。以是规划R1-R2间为主线路,R1-R3间为备线路。别的总部局域网到互联网数据,经规划R2-EG1为主线路,R3-EG1为备线路。根据以上需求,在路由器上进行公道的路由协议设置。具体要求如下:
(1)修改链路或接口开销COST值,且其值必须为5或10;
(2)总部用户区与互联网互通主路径规划为:S1-S2-R2-EG1;
(3)总部与分部互通主路径为:S1-S2-R2-R1或(S4/S5)-R2-R1;
(4)主链路故障可无缝切换到备用链路上;
(5)要求来回数据流同等。
[*] PBR设置与摆设
考虑到分部到总部间有2条广域网线路,为公道使用带宽,规划从分部去往总部的SSH数据通过R1-R2的线路转发,从分部去往总部的WEB数据通过R1-R3的线路转发。为到达上述目标,采用PBR来实现。具体要求如下:
(1)Route-map计谋名为fenliu;
(2)分部去往总部的SSH数据由ACL101来界说;
(3)分部去往总部的WEB数据由ACL102来界说。
[*] QoS摆设
为了防止大量用户不停突发的数据导致网络拥挤,必须对接入的用户流量加以限制。所设置的参数要求如下
(1)总部装备S1的Gi0/1至Gi0/16接口处方向设置接口限速,限速10M/S;
(2)分部装备R1做流量整形,G0/0接口对接收的报文进行流量控制,下行报文流量不能凌驾1Mbps,如果凌驾流量限制则将违规报文抛弃。
模块二:移动互联网络组建与优化
为满足“互联网+”时代下,员工移动办公的发展趋势,公司总部与分部均必要规划和摆设移动互联无线网络,同时为保证无线用户安全、可靠的访问互联网,我们必要进行无线网络安全及性能优化设置,确保员工有良好的上网体验。
[*]无线网络基础摆设
(1)使用AC为总部无线用户DHCP 服务器,使用(S2/S3)为总部AP的DHCP 服务器,S2分配地址范围为其网段的1至100,S3分配地址为其网段的101至200。使用S6为分部无线用户与AP DHCP服务器,为其终端主动分配地址;
(2)创建总部 SSID 为 Ruijie-ZB_XX(XX代表工位号),AP-Group为ZB,总部无线用户关联SSID后可主动获取地址;
(3)创建分部 SSID 为 Ruijie-FB_XX(XX代表工位号),AP-Group为FB,分部无线用户关联SSID后可主动获取地址;
(4)调解信道使得总部AP间信道不冲突。
[*]AC热备摆设
AC1为主用,AC2为备用。AP与AC1、AC2均创建隧道,当AP与AC1失去连接时能无缝切换至AC2并提供服务。
[*]无线安全摆设
具体设置参数如下:
(1)无线用户接入无线网络时必要采用基于 WPA2 加密方式,其口令为 XXX(现场提供);
(2)为制止无线网络被非法用户通过SSID搜索到,并创建非法连接,必要禁用AP广播SSID,隐蔽无线SSID;
(3)为了防御无线局域网ARP诱骗影响用户上网体验,设置无线环境ARP诱骗防御功能。
[*]无线性能优化
(1)关闭低速率(1M,6M)应用接入;
(2)装备总部无线用户启用会合转发模式,各分公司无线用户启用本地转发模式。
模块三:网络空间安全摆设
公司总部与分部无线用户必要通过独立的互联网线路访问外网资源,同时针对访问资源进行用户身份认证与信息审计监督,别的满足出差在外的员工可以访问总部内部服务器资源,需针对出口用户提供长途VPN功能。
[*]出口NAT摆设
具体设置参数如下:
(1)总部与分部出口网关上设置访问控制列表ACL 110,仅允许无线用户与研发部分在周一到周五的上班时间通过NAPT访问互联网,NAPT映射到互联网接口上;
(2)在总部EG上设置,使公司总部核心交换R2(11.XX.0.2)(XX代表工位号)装备的SSH服务可以通过互联网被访问,从互联网访问的地址是195.XX.0.20(XX代表工位号)。
[*]VPN摆设
分部R1至R2、R3两条专线均发生故障时确保分部可正常访问总部服务器区,要求在总部与分部EG上启用IPSEC VPN创建IPSEC隧道,实现总部与分部有线用户数据互通及加密处理。VPN必要采用隧道模式、预共享暗码为 123456,加密认证方式为 ESP-DES、ESP-HASH-MD5 ,DH使用组1,与此同时总部关闭WEB认证功能。
[*]装备与网络管理摆设
(1)为路由器开启SSH服务端功能,用户名和暗码为admin,暗码为明文类型;
(2)为交换机开启Telnet功能,对所有Telnet用户采用本地认证的方式。创建本地用户,设定用户名和暗码为admin,暗码为明文类型。
具体摆设实行
方法:同时在每台装备上使用show running-config命令,查看对应装备的设置信息。
S1
hostname S1
redundancy
auto-sync time-period 3600
auto-sync standard
switchover timeout 4000
vlan 1
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50
vlan 100
username admin password admin
no service password-encryption
ip dhcp snooping
spanning-tree mst configuration
revision 1
name ruijie
instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
instance 1 vlan 10, 20, 30, 40, 50, 100
spanning-tree
interface GigabitEthernet 0/1
switchport access vlan 10
ip verify source port-security
arp-check
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/2
switchport access vlan 10
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/3
switchport access vlan 10
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/4
switchport access vlan 10
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/5
switchport access vlan 20
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/6
switchport access vlan 20
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/7
switchport access vlan 20
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/8
switchport access vlan 20
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/9
switchport access vlan 30
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/10
switchport access vlan 30
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/11
switchport access vlan 30
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/12
switchport access vlan 30
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/13
switchport access vlan 40
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/14
switchport access vlan 40
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/15
switchport access vlan 40
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/16
switchport access vlan 40
rate-limit input 10000 1024
rate-limit output 10000 1024
interface GigabitEthernet 0/17
interface GigabitEthernet 0/18
interface GigabitEthernet 0/19
interface GigabitEthernet 0/20
interface GigabitEthernet 0/21
switchport access vlan 50
interface GigabitEthernet 0/22
switchport access vlan 50
interface GigabitEthernet 0/23
switchport mode trunk
ip dhcp snooping trust
interface GigabitEthernet 0/24
switchport mode trunk
ip dhcp snooping trust
interface VLAN 100
no ip proxy-arp
ip address 192.26.100.4 255.255.255.0
line con 0
line vty 0 4
login local
end
S2
hostname S2
redundancy
auto-sync time-period 3600
auto-sync standard
switchover timeout 4000
vlan 1
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50
vlan 100
username admin password admin
no service password-encryption
service dhcp
ip helper-address 10.168.0.2
ip dhcp excluded-address 192.168.50.101 192.168.50.254
ip dhcp pool appool
option 138 ip 11.168.0.204
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
spanning-tree mst configuration
revision 1
name ruijie
instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
instance 1 vlan 10, 20, 30, 40, 50, 100
spanning-tree mst 1 priority 4096
spanning-tree
interface GigabitEthernet 0/1
switchport mode trunk
interface GigabitEthernet 0/2
port-group 1
interface GigabitEthernet 0/3
port-group 1
interface GigabitEthernet 0/4
no switchport
ip ospf network point-to-point
ip ospf cost 5
no ip proxy-arp
ip address 10.168.0.1 255.255.255.252
interface GigabitEthernet 0/5
switchport mode trunk
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
interface GigabitEthernet 0/8
interface GigabitEthernet 0/9
interface GigabitEthernet 0/10
interface GigabitEthernet 0/11
interface GigabitEthernet 0/12
interface GigabitEthernet 0/13
interface GigabitEthernet 0/14
interface GigabitEthernet 0/15
interface GigabitEthernet 0/16
interface GigabitEthernet 0/17
interface GigabitEthernet 0/18
interface GigabitEthernet 0/19
interface GigabitEthernet 0/20
interface GigabitEthernet 0/21
interface GigabitEthernet 0/22
interface GigabitEthernet 0/23
interface GigabitEthernet 0/24
interface AggregatePort 1
switchport mode trunk
interface Loopback 0
ip address 11.168.0.202 255.255.255.255
interface VLAN 10
no ip proxy-arp
ip address 192.168.10.252 255.255.255.0
vrrp 10 priority 150
vrrp 10 ip 192.168.10.254
interface VLAN 20
no ip proxy-arp
ip address 192.168.20.252 255.255.255.0
vrrp 20 priority 150
vrrp 20 ip 192.168.20.254
interface VLAN 30
no ip proxy-arp
ip address 192.168.30.252 255.255.255.0
vrrp 30 priority 150
vrrp 30 ip 192.168.30.254
interface VLAN 40
no ip proxy-arp
ip address 192.168.40.252 255.255.255.0
vrrp 40 priority 150
vrrp 40 ip 192.168.40.254
interface VLAN 50
no ip proxy-arp
ip address 192.168.50.252 255.255.255.0
vrrp 50 priority 150
vrrp 50 ip 192.168.50.254
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.252 255.255.255.0
vrrp 100 priority 150
vrrp 100 ip 192.168.100.254
router ospf 10
passive-interface VLAN 10
passive-interface VLAN 20
passive-interface VLAN 30
passive-interface VLAN 40
passive-interface VLAN 50
passive-interface VLAN 100
network 10.168.0.0 0.0.0.3 area 0
network 11.168.0.202 0.0.0.0 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
ip route 10.168.0.16 255.255.255.252 10.168.0.2
ip route 10.168.0.36 255.255.255.252 10.168.0.2
ip route 11.168.0.204 255.255.255.255 192.168.100.2
ip route 11.168.0.205 255.255.255.255 192.168.100.253
ip route 194.168.30.0 255.255.255.0 10.168.0.2
line con 0
line vty 0 4
login local
end
S3
hostname S3
redundancy
auto-sync time-period 3600
auto-sync standard
switchover timeout 4000
vlan 1
vlan 10
name Res
vlan 20
name Sales
vlan 30
name Supply
vlan 40
name Service
vlan 50
name Ap
vlan 100
name Manage
no service password-encryption
service dhcp
ip helper-address 10.168.0.2
ip dhcp excluded-address 192.168.50.1
ip dhcp excluded-address 192.168.50.1 192.168.50.100
ip dhcp excluded-address 192.168.50.201 192.168.50.255
ip dhcp pool S3
option 138 ip 11.168.0.204
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
spanning-tree mst configuration
revision 1
name ruijie
instance 0 vlan 1-9, 11-19, 21-29, 31-39, 41-49, 51-99, 101-4094
instance 1 vlan 10, 20, 30, 40, 50, 100
spanning-tree mst 1 priority 8192
spanning-tree
interface GigabitEthernet 0/1
switchport mode trunk
interface GigabitEthernet 0/2
port-group 1
interface GigabitEthernet 0/3
port-group 1
interface GigabitEthernet 0/4
no switch
ip ospf network point-to-point
ip ospf cost 10
no ip proxy-arp
ip address 10.168.0.5 255.255.255.252
interface GigabitEthernet 0/5
switchport mode trunk
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
interface GigabitEthernet 0/8
interface GigabitEthernet 0/9
interface GigabitEthernet 0/10
interface GigabitEthernet 0/11
interface GigabitEthernet 0/12
interface GigabitEthernet 0/13
interface GigabitEthernet 0/14
interface GigabitEthernet 0/15
interface GigabitEthernet 0/16
interface GigabitEthernet 0/17
interface GigabitEthernet 0/18
interface GigabitEthernet 0/19
interface GigabitEthernet 0/20
interface GigabitEthernet 0/21
interface GigabitEthernet 0/22
interface GigabitEthernet 0/23
interface GigabitEthernet 0/24
interface AggregatePort 1
switchport mode trunk
interface Loopback 0
ip address 11.168.0.203 255.255.255.255
interface VLAN 10
no ip proxy-arp
ip address 192.168.10.253 255.255.255.0
vrrp 10 priority 120
vrrp 10 ip 192.168.10.254
interface VLAN 20
no ip proxy-arp
ip address 192.168.20.253 255.255.255.0
vrrp 20 priority 120
vrrp 20 ip 192.168.20.254
interface VLAN 30
no ip proxy-arp
ip address 192.168.30.253 255.255.255.0
vrrp 30 priority 120
vrrp 30 ip 192.168.30.254
interface VLAN 40
no ip proxy-arp
ip address 192.168.40.253 255.255.255.0
vrrp 40 priority 120
vrrp 40 ip 192.168.40.254
interface VLAN 50
no ip proxy-arp
ip address 192.168.50.253 255.255.255.0
vrrp 50 priority 120
vrrp 50 ip 192.168.50.254
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.253 255.255.255.0
vrrp 100 priority 120
vrrp 100 ip 192.168.100.254
router ospf 10
passive-interface VLAN 10
passive-interface VLAN 20
passive-interface VLAN 30
passive-interface VLAN 40
passive-interface VLAN 50
passive-interface VLAN 100
network 10.128.0.4 0.0.0.3 area 0
network 11.128.0.203 0.0.0.0 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
ip route 11.168.0.204 255.255.255.255 192.168.100.252
line con 0
line vty 0 4
login
end
S4/S5(做的堆叠,两台当一台用)
hostname VSU
redundancy
auto-sync time-period 3600
auto-sync standard
switchover timeout 4000
vlan 1
vlan 100
no service password-encryption
interface GigabitEthernet 1/0/1
no switchport
ip ospf network point-to-point
no ip proxy-arp
ip address 10.168.0.9 255.255.255.252
interface GigabitEthernet 1/0/2
no switchport
no ip proxy-arp
no lldp enable
interface GigabitEthernet 1/0/3
interface GigabitEthernet 1/0/4
interface GigabitEthernet 1/0/5
interface GigabitEthernet 1/0/6
interface GigabitEthernet 1/0/7
interface GigabitEthernet 1/0/8
interface GigabitEthernet 1/0/9
interface GigabitEthernet 1/0/10
interface GigabitEthernet 1/0/11
interface GigabitEthernet 1/0/12
interface GigabitEthernet 1/0/13
interface GigabitEthernet 1/0/14
interface GigabitEthernet 1/0/15
interface GigabitEthernet 1/0/16
interface GigabitEthernet 1/0/17
interface GigabitEthernet 1/0/18
interface GigabitEthernet 1/0/19
interface GigabitEthernet 1/0/20
interface GigabitEthernet 1/0/21
interface GigabitEthernet 1/0/22
interface GigabitEthernet 1/0/23
interface GigabitEthernet 1/0/24
interface GigabitEthernet 2/0/1
no switchport
ip ospf network point-to-point
no ip proxy-arp
ip address 10.168.0.13 255.255.255.252
interface GigabitEthernet 2/0/2
no switchport
no ip proxy-arp
no lldp enable
interface GigabitEthernet 2/0/3
interface GigabitEthernet 2/0/4
interface GigabitEthernet 2/0/5
interface GigabitEthernet 2/0/6
interface GigabitEthernet 2/0/7
interface GigabitEthernet 2/0/8
interface GigabitEthernet 2/0/9
interface GigabitEthernet 2/0/10
interface GigabitEthernet 2/0/11
interface GigabitEthernet 2/0/12
interface GigabitEthernet 2/0/13
interface GigabitEthernet 2/0/14
interface GigabitEthernet 2/0/15
interface GigabitEthernet 2/0/16
interface GigabitEthernet 2/0/17
interface GigabitEthernet 2/0/18
interface GigabitEthernet 2/0/19
interface GigabitEthernet 2/0/20
interface GigabitEthernet 2/0/21
interface GigabitEthernet 2/0/22
interface GigabitEthernet 2/0/23
interface GigabitEthernet 2/0/24
interface Loopback 0
ip address 11.168.0.45 255.255.255.255
interface Loopback 1
ip address 172.16.0.1 255.255.252.0
interface VLAN 100
no ip proxy-arp
ip address 193.168.0.1 255.255.255.252
switch virtual domain 1
dual-active detection bfd
dual-active bfd interface GigabitEthernet 1/0/2
dual-active bfd interface GigabitEthernet 2/0/2
router ospf 10
network 10.168.0.8 0.0.0.3 area 1
network 10.168.0.12 0.0.0.3 area 1
network 11.168.0.45 0.0.0.0 area 1
ip route 10.168.0.16 255.255.255.252 10.168.0.10
ip route 10.168.0.20 255.255.255.252 10.168.0.14
line con 0
line vty 0 4
login
end
S6
hostname S6
redundancy
auto-sync time-period 3600
auto-sync standard
switchover timeout 4000
diagnostic bootup level bypass
vlan 1
vlan 10
name Pvlan
private-vlan primary
private-vlan association add 11-12
vlan 11
private-vlan community
vlan 12
private-vlan isolated
vlan 20
name Wirelessuser
vlan 30
name AP
vlan 100
name Manage
username admin password admin
no service password-encryption
service dhcp
ip dhcp pool client
network 194.168.20.0 255.255.255.0
default-router 194.168.20.254
ip dhcp pool Wireless
option 138 ip 11.26.0.204
network 194.168.30.0 255.255.255.0
default-router 194.168.30.254
interface GigabitEthernet 0/1
no switchport
no ip proxy-arp
ip address 10.168.0.26 255.255.255.252
interface GigabitEthernet 0/2
switchport mode trunk
switchport trunk native vlan 30
interface GigabitEthernet 0/3
switchport mode trunk
interface GigabitEthernet 0/4
interface GigabitEthernet 0/5
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
interface GigabitEthernet 0/8
interface GigabitEthernet 0/9
interface GigabitEthernet 0/10
interface GigabitEthernet 0/11
interface GigabitEthernet 0/12
interface GigabitEthernet 0/13
interface GigabitEthernet 0/14
interface GigabitEthernet 0/15
interface GigabitEthernet 0/16
interface GigabitEthernet 0/17
interface GigabitEthernet 0/18
interface GigabitEthernet 0/19
interface GigabitEthernet 0/20
interface GigabitEthernet 0/21
interface GigabitEthernet 0/22
interface GigabitEthernet 0/23
switchport mode trunk
interface GigabitEthernet 0/24
interface Loopback 0
ip address 11.168.0.6 255.255.255.255
interface VLAN 10
no ip proxy-arp
ip address 194.168.10.254 255.255.255.0
private-vlan mapping add 11-12
interface VLAN 20
no ip proxy-arp
ip address 194.168.20.254 255.255.255.0
interface VLAN 30
no ip proxy-arp
ip address 194.168.30.254 255.255.255.0
interface VLAN 100
no ip proxy-arp
ip address 194.168.100.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.168.0.25
line con 0
line vty 0 4
login local
end
R1
hostname R1
webmaster level 0 username admin password 7 04361c0b370d
diffserv domain default
no cwmp
route-map fenliu permit 10
match ip address 101
set ip next-hop 10.168.0.18
route-map fenliu permit 20
match ip address 102
set ip next-hop 10.168.0.22
route-map fenliu permit 30
vlan 1
username admin password admin
no service password-encryption
control-plane
control-plane protocol
acpp bw-rate 1250 bw-burst-rate 2500
control-plane manage
port-filter
arp-car 5
acpp bw-rate 1250 bw-burst-rate 2500
control-plane data
glean-car 5
acpp bw-rate 1250 bw-burst-rate 2500
web-auth mac-check enable
enable service ssh-server
enable service web-server http
enable service web-server https
interface Serial 2/0
encapsulation PPP
ppp chap hostname ruijie
ppp chap password ruijie
ip address 10.168.0.17 255.255.255.252
clock rate 64000
interface Serial 2/1
encapsulation PPP
ppp chap hostname ruijie
ppp chap password ruijie
ip address 10.168.0.21 255.255.255.252
interface GigabitEthernet 0/0
ip address 10.168.0.25 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet 0/1
ip address 10.168.0.41 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet 0/2
duplex auto
speed auto
interface GigabitEthernet 0/3
duplex auto
speed auto
interface GigabitEthernet 1/0
interface GigabitEthernet 1/1
interface GigabitEthernet 1/2
interface GigabitEthernet 1/3
interface GigabitEthernet 1/4
interface GigabitEthernet 1/5
interface GigabitEthernet 1/6
interface GigabitEthernet 1/7
interface GigabitEthernet 1/8
interface GigabitEthernet 1/9
interface GigabitEthernet 1/10
interface GigabitEthernet 1/11
interface GigabitEthernet 1/12
interface GigabitEthernet 1/13
interface GigabitEthernet 1/14
interface GigabitEthernet 1/15
interface GigabitEthernet 1/16
interface GigabitEthernet 1/17
interface GigabitEthernet 1/18
interface GigabitEthernet 1/19
interface GigabitEthernet 1/20
interface GigabitEthernet 1/21
interface GigabitEthernet 1/22
interface GigabitEthernet 1/23
interface Loopback 0
ip address 11.168.0.1 255.255.255.255
interface VLAN 1
ip address 192.168.1.1 255.255.255.0
ip route 10.168.0.0 255.255.255.252 10.168.0.18
ip route 10.168.0.4 255.255.255.252 10.168.0.18
ip route 11.168.0.204 255.255.255.255 10.168.0.18 10
ip route 11.168.0.204 255.255.255.255 10.168.0.22 100
ip route 11.168.0.205 255.255.255.255 10.168.0.18 10
ip route 11.168.0.205 255.255.255.255 10.168.0.22 100
ip route 172.16.0.0 255.255.252.0 10.168.0.18 10
ip route 172.16.0.0 255.255.252.0 10.168.0.22 100
ip route 192.168.10.0 255.255.255.0 10.168.0.18 10
ip route 192.168.10.0 255.255.255.0 10.168.0.22 100
ip route 192.168.20.0 255.255.255.0 10.168.0.18 10
ip route 192.168.20.0 255.255.255.0 10.168.0.22 100
ip route 192.168.30.0 255.255.255.0 10.168.0.18 10
ip route 192.168.30.0 255.255.255.0 10.168.0.22 100
ip route 192.168.40.0 255.255.255.0 10.168.0.18 10
ip route 192.168.40.0 255.255.255.0 10.168.0.22 100
ip route 192.168.60.0 255.255.255.0 10.168.0.18 10
ip route 192.168.60.0 255.255.255.0 10.168.0.22 100
ip route 193.168.0.0 255.255.255.252 10.168.0.18 10
ip route 193.168.0.0 255.255.255.252 10.168.0.22 100
ip route 194.168.0.0 255.255.0.0 10.168.0.26
ip route 194.168.10.0 255.255.255.0 10.168.0.26
ip route 195.168.0.0 255.255.255.0 10.168.0.42
ref parameter 75 100
line con 0
line vty 0 4
transport input ssh
login local
end
R2
hostname R2
webmaster level 0 username admin password 7 073f07221c1c
vlan 1
vlan 100
username admin password admin
username ruijie password ruijie
no service password-encryption
service dhcp
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
control-plane
control-plane protocol
no acpp
control-plane manage
no port-filter
no arp-car
no acpp
control-plane data
no glean-car
no acpp
enable service ssh-server
enable service web-server http
enable service web-server https
interface Serial 2/0
encapsulation PPP
ppp authentication chap
ip address 10.168.0.18 255.255.255.252
interface Serial 3/0
encapsulation PPP
ip ospf network point-to-point
ip address 10.168.0.29 255.255.255.252
interface FastEthernet 1/0
interface FastEthernet 1/1
switchport access vlan 100
interface FastEthernet 1/2
interface FastEthernet 1/3
interface FastEthernet 1/4
interface FastEthernet 1/5
interface FastEthernet 1/6
interface FastEthernet 1/7
interface FastEthernet 1/8
interface FastEthernet 1/9
interface FastEthernet 1/10
interface FastEthernet 1/11
interface FastEthernet 1/12
interface FastEthernet 1/13
interface FastEthernet 1/14
interface FastEthernet 1/15
interface FastEthernet 1/16
interface FastEthernet 1/17
interface FastEthernet 1/18
interface FastEthernet 1/19
interface FastEthernet 1/20
interface FastEthernet 1/21
interface FastEthernet 1/22
interface FastEthernet 1/23
interface GigabitEthernet 0/0
ip ospf network point-to-point
ip ospf cost 5
ip address 10.168.0.2 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet 0/1
ip address 10.168.0.33 255.255.255.252
duplex auto
speed auto
interface Loopback 0
ip address 11.168.0.2 255.255.255.255
interface VLAN 100
ip address 10.168.0.10 255.255.255.252
router ospf 10
redistribute static metric-type 1 subnets
network 10.168.0.0 0.0.0.3 area 0
network 10.168.0.8 0.0.0.3 area 1
network 10.168.0.28 0.0.0.3 area 0
network 11.168.0.2 0.0.0.0 area 0
ip route 10.168.0.24 255.255.255.252 10.168.0.17
ip route 11.168.0.1 255.255.255.255 10.168.0.17
ip route 11.168.0.204 255.255.255.255 10.168.0.1
ip route 11.168.0.205 255.255.255.255 10.168.0.1
ip route 172.16.0.0 255.255.252.0 10.168.0.9
ip route 194.168.10.0 255.255.255.0 10.168.0.34
ip route 194.168.30.0 255.255.255.0 10.168.0.17
ip route 195.168.0.0 255.255.255.0 10.168.0.34
ref parameter 75 140
line con 0
line aux 0
line vty 0 4
transport input ssh
login local
end
R3
hostname R3
vlan 1
vlan 100
username admin password admin
username ruijie password ruijie
no service password-encryption
control-plane
control-plane protocol
no acpp
control-plane manage
no port-filter
no arp-car
no acpp
control-plane data
no glean-car
no acpp
enable service ssh-server
enable service web-server http
enable service web-server https
interface Serial 2/0
encapsulation PPP
ppp authentication chap
ip address 10.168.0.22 255.255.255.252
clock rate 64000
interface Serial 3/0
encapsulation PPP
ip ospf network point-to-point
ip address 10.168.0.30 255.255.255.252
clock rate 64000
interface FastEthernet 1/0
interface FastEthernet 1/1
switchport access vlan 100
interface FastEthernet 1/2
interface FastEthernet 1/3
interface FastEthernet 1/4
interface FastEthernet 1/5
interface FastEthernet 1/6
interface FastEthernet 1/7
interface FastEthernet 1/8
interface FastEthernet 1/9
interface FastEthernet 1/10
interface FastEthernet 1/11
interface FastEthernet 1/12
interface FastEthernet 1/13
interface FastEthernet 1/14
interface FastEthernet 1/15
interface FastEthernet 1/16
interface FastEthernet 1/17
interface FastEthernet 1/18
interface FastEthernet 1/19
interface FastEthernet 1/20
interface FastEthernet 1/21
interface FastEthernet 1/22
interface FastEthernet 1/23
interface GigabitEthernet 0/0
ip ospf network point-to-point
ip ospf cost 10
ip address 10.168.0.6 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet 0/1
ip address 10.168.0.37 255.255.255.252
duplex auto
speed auto
interface Loopback 0
ip address 11.168.0.3 255.255.255.255
interface VLAN 100
ip address 10.168.0.14 255.255.255.252
router ospf 10
redistribute static metric-type 1 subnets
network 10.168.0.4 0.0.0.3 area 0
network 10.168.0.12 0.0.0.3 area 1
network 10.168.0.28 0.0.0.3 area 0
network 11.168.0.3 0.0.0.0 area 0
ip route 10.168.0.24 255.255.255.252 10.168.0.17
ip route 10.168.0.24 255.255.255.252 10.168.0.21
ip route 11.168.0.1 255.255.255.255 10.168.0.21
ip route 11.168.0.204 255.255.255.255 10.168.0.5
ip route 11.168.0.205 255.255.255.255 10.168.0.5
ip route 172.16.0.0 255.255.252.0 10.168.0.13
ip route 194.168.10.0 255.255.255.0 10.168.0.38
ip route 194.168.30.0 255.255.255.0 10.168.0.21
ip route 195.168.0.0 255.255.255.0 10.168.0.38
ref parameter 75 140
line con 0
line aux 0
line vty 0 4
transport input ssh
login local
end
AC1
hostname AC1
wlan-config 1 Ruijie-ZB_176
ssid-code utf-8
no enable-broad-ssid
wlan-config 2 Ruijie-FB_176
ssid-code utf-8
no enable-broad-ssid
tunnel local
ap-group FB
interface-mapping 2 20 ap-wlan-id 1
ap-group ZB
interface-mapping 1 60 ap-wlan-id 1
ap-group default
ap-config all
ac-controller
country CN
802.11g network rate 1 disabled
802.11g network rate 2 disabled
802.11g network rate 5 disabled
802.11g network rate 6 disabled
802.11g network rate 9 supported
802.11g network rate 11 mandatory
802.11g network rate 12 supported
802.11g network rate 18 supported
802.11g network rate 24 supported
802.11g network rate 36 supported
802.11g network rate 48 supported
802.11g network rate 54 supported
802.11b network rate 1 disabled
802.11b network rate 2 disabled
802.11b network rate 5 disabled
802.11b network rate 11 mandatory
802.11a network rate 6 disabled
802.11a network rate 9 supported
802.11a network rate 12 mandatory
802.11a network rate 18 supported
802.11a network rate 24 mandatory
802.11a network rate 36 supported
802.11a network rate 48 supported
802.11a network rate 54 supported
ip dhcp snooping
no identify-application enable
no cwmp
service dhcp
ip dhcp pool Wireless
network 192.168.60.0 255.255.255.0
default-router 192.168.60.254
install 0 WS6008
sysmac c470.abe7.386b
enable service web-server http
enable service web-server https
webmaster level 0 username admin password 7 06073a0e261b
no service password-encryption
redundancy
link-check disable
nfpp
wids
frn
vlan 1
vlan 60
name Wireless
vlan 100
name Manage
interface GigabitEthernet 0/1
switchport mode trunk
ip dhcp snooping trust
interface GigabitEthernet 0/2
interface GigabitEthernet 0/3
interface GigabitEthernet 0/4
interface GigabitEthernet 0/5
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
interface GigabitEthernet 0/8
interface Loopback 0
ip address 11.168.0.204 255.255.255.255
interface VLAN 1
interface VLAN 60
ip address 192.168.60.252 255.255.255.0
vrrp 1 ip 192.168.60.254
vrrp 1 priority 150
interface VLAN 100
ip address 192.168.100.2 255.255.255.0
wlan hot-backup 11.168.0.205
context 1
priority level 1
wlan hot-backup enable
wlansec 1
security rsn enable
security rsn ciphers aes enable
security rsn akm psk enable
security rsn akm psk set-key ascii 12345678
arp-check
ip verify source port-security
ip route 0.0.0.0 0.0.0.0 192.168.100.252
line console 0
line vty 0 4
login
end
EG1
interface GigabitEthernet 0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface GigabitEthernet 0/1
ip address 10.168.0.34 255.255.255.252
ip nat inside
interface GigabitEthernet 0/2
ip address 10.168.0.38 255.255.255.252
ip nat inside
interface GigabitEthernet 0/3
ip address 195.168.0.1 255.255.255.0
crypto map mymap
interface GigabitEthernet 0/4
interface GigabitEthernet 0/5
interface GigabitEthernet 0/6
interface GigabitEthernet 0/7
interface GigabitEthernet 0/8
interface GigabitEthernet 0/9
interface Loopback 0
ip address 11.168.0.11 255.255.255.255
interface SSLVPN 0
interface SSLVPN 1
app route switch
app route mode new-flow
ip nat pool ssh prefix-length 24
address 195.168.0.20 195.168.0.20 match interface GigabitEthernet 0/1
ip nat outside source list 111 pool ssh
ip nat inside source list 1 pool nat_pool overload
ip nat inside source list 110 interface GigabitEthernet 0/3 overload
ip route 10.168.0.0 255.255.255.252 10.168.0.33
ip route 192.168.10.0 255.255.255.0 10.168.0.33 10
ip route 192.168.10.0 255.255.255.0 10.168.0.37 100
ip route 192.168.20.0 255.255.255.0 10.168.0.33 10
ip route 192.168.20.0 255.255.255.0 10.168.0.37 100
ip route 192.168.30.0 255.255.255.0 10.168.0.33 10
ip route 192.168.30.0 255.255.255.0 10.168.0.37 100
ip route 192.168.40.0 255.255.255.0 10.168.0.33 10
ip route 192.168.40.0 255.255.255.0 10.168.0.37 100
ip route 192.168.60.0 255.255.255.0 10.168.0.33 10
ip route 192.168.60.0 255.255.255.0 10.168.0.37 100
ip route 194.168.10.0 255.255.255.0 195.168.0.2
line console 0
line vty 0 4
login
end
EG2
hostname EG2
vlan 1
no service password-encryption
ip access-list extended 110
10 permit ip 194.168.20.0 0.0.0.255 195.168.0.0 0.0.0.255 time-range working_time
ip access-list extended 112
10 permit ip 194.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
control-plane
control-plane protocol
no acpp
control-plane manage
no port-filter
no arp-car
no acpp
control-plane data
no glean-car
no acpp
enable service web-server http
enable service web-server https
crypto isakmp policy 1
encryption 3des
authentication pre-share
hash md5
crypto isakmp key 7 151b5f72467e7a address 195.168.0.1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 1 ipsec-isakmp
set peer 195.168.0.1
set transform-set myset
match address 112
interface FastEthernet 1/0
interface FastEthernet 1/1
interface FastEthernet 1/2
interface FastEthernet 1/3
interface FastEthernet 1/4
interface FastEthernet 1/5
interface FastEthernet 1/6
interface FastEthernet 1/7
interface FastEthernet 1/8
interface FastEthernet 1/9
interface FastEthernet 1/10
interface FastEthernet 1/11
interface FastEthernet 1/12
interface FastEthernet 1/13
interface FastEthernet 1/14
interface FastEthernet 1/15
interface FastEthernet 1/16
interface FastEthernet 1/17
interface FastEthernet 1/18
interface FastEthernet 1/19
interface FastEthernet 1/20
interface FastEthernet 1/21
interface FastEthernet 1/22
interface FastEthernet 1/23
interface GigabitEthernet 0/0
ip nat outside
ip address 195.168.0.2 255.255.255.0
crypto map mymap
duplex auto
speed auto
interface GigabitEthernet 0/1
ip nat inside
ip address 10.168.0.42 255.255.255.252
duplex auto
speed auto
interface Loopback 0
ip address 11.168.0.12 255.255.255.255
ip nat inside source list 110 interface GigabitEthernet 0/0 overload
ip route 10.168.0.24 255.255.255.252 10.168.0.41
ip route 192.168.20.0 255.255.255.0 195.168.0.1
ip route 194.168.10.0 255.255.255.0 10.168.0.41
ip route 194.168.20.0 255.255.255.0 10.168.0.41
ref parameter 75 140
line con 0
line aux 0
line vty 0 4
login
End
终极路由情况
https://img-blog.csdnimg.cn/direct/913ee5f6a6e24ce39e1179cdb098de90.png
https://img-blog.csdnimg.cn/direct/325ef7e8955943f791446f91bde207ab.png
https://img-blog.csdnimg.cn/direct/079b2acd541b4503988ccdcf41097b1e.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]