前往顾页
以后地位: 主页 > 精通Office > 其他教程 >

DHCP,VTP,PVST+,HSRP,ACL,NAT,和浮动路由 比较

时候:2015-08-31 21:31来源:知行网www.zhixing123.cn 编辑:麦田守望者

1、所有VLAN都可以拜候FTP、WWW办事
2、除网管区,其他VLAN不克不及TELNET装备(路由器、互换机)、办事器
3、只需网管区可以PING设配
4、建设MSL1、MSL2为VTPsever
5、建设HSRP实现路由备份和VLAN负载均衡
6、在路由器上为各VLAN做浮动路由
7、建设NAT使外网可以拜候内网WWW办事
8、建设PAT使内网用户可以拜候外网
9、左边的3层为MSL1,右边的3层互换为MSL2

 

 

PS:附件下载有问题,我把建设发下去

 

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain lookup
Router(config)#line con 0
Router(config-line)#exec-t 0 0
Router(config-line)#logg sy
Router(config-line)#exit
Router(config)#int e0/0
Router(config-if)#ip add 20.0.0.1 255.255.255.0
Router(config-if)#no
Router(config-if)#int e1/0
Router(config-if)#ip add 192.168.0.1 255.255.255.252
Router(config-if)#no sh
Router(config-if)#int e2/0
Router(config-if)#ip add 192.168.0.5 255.255.255.252
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip router 192.168.100.0 255.255.255.0 e1/0 5
Router(config)#ip router 192.168.100.0 255.255.255.0 e2/0
Router(config)#ip router 192.168.2.0 255.255.255.0 e1/0 5
Router(config)#ip router 192.168.2.0 255.255.255.0 e2/0
Router(config)#ip router 192.168.3.0 255.255.255.0 e1/0
Router(config)#ip router 192.168.3.0 255.255.255.0 e2/0 5
Router(config)#ip router 192.168.4.0 255.255.255.0 e1/0
Router(config)#ip router 192.168.4.0 255.255.255.0 e2/0 5
Router(config)#end
//dhcp
Router(config)#ip dhcp pool vlan200
Router(dhcp-config)#network 192.168.100.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.4.254
Router(dhcp-config)#lease 1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.2.250 192.168.2.254
Router(config)#ip dhcp pool vlan300
Router(dhcp-config)#network 192.168.2.0 255.255.255.0
Router(dhcp-config)#lease 1
Router(dhcp-config)#default-router 192.168.2.254
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.3.250 192.168.3.254
Router(config)#ip dhcp pool vlan400
Router(dhcp-config)#network 192.168.4.0 255.255.255.0
Router(dhcp-config)#lease 1
Router(dhcp-config)#default-router 192.168.4.254
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 192.168.4.250 192.168.4.254
Router(config)#access-list 1 permit 192.168.0.0 0.3.255.255 \\定义地点转换的节制列表
Router(config)#ip nat pool isp 20.0.0.1 20.0.0.1 netmask 0.0.0.0 \\定义转换的地点池
Router(config)#ip nat inside source list 1 pool isp \\将指定的外部部分地点与外部全局地点池进行转换
Router(config)#int e0/0
Router(config-if)#ip nat outside
Router(config-if)#int e1/0
Router(config-if)#ip nat inside
Router(config-if)#int e2/0
Router(config-if)#ip nat inside
Router(config-if)#end
Router(config)#ip nat inside source static tcp 192.168.100.100 80 20.0.0.1 80 \\ 端口映照,将内网办事器公布出去

 

 

mls1>
mls1>en
mls1#vlan database
mls1(vlan)#vtp domain cz
mls1(vlan)#vtp password 123.com
mls1(vlan)#vtp server
mls1(vlan)#vtp v2-mode
mls1(vlan)#vtp pr
mls1(vlan)#vtp pruning
mls1(vlan)#vlan 100
mls1(vlan)#vlan 200
mls1(vlan)#vlan 300
mls1(vlan)#vlan 400
mls1(vlan)#exit
mls1#conf t
mls1(config)#int ra f0/1 – 4
mls1(config-if-range)#sw t en d
mls1(config-if-range)#sw m t
mls1(config-if-range)#exit
mls1(config)#int ra f0/12 – 14
mls1(config-if-range)#sw t en d
mls1(config-if-range)#sw m t
mls1(config-if-range)#channel-group 1 mode on
mls1(config-if-range)#exit
mls1(config)#ip access-list lan
mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 \\许可网管区ping设配
mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo \\不许可其他PING设配
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet \\许可192.168.2.0/24 长途登录192.168.1.0/24
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet \\许可192.168.2.0/24 长途登录192.168.0.0/24
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21 \\许可拜候FTP
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www \\许可拜候WWW
mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255 \\不许可拜候192.168.0.0/22
mls1(config-ext-nacl)#permit ip any any
mls1(config-ext-nacl)end
mls1(config)#int f0/15
mls1(config-if)#no sw
mls1(config-if)#ip add 192.168.0.2 255.255.255.252
mls1(config-if)#no sh
mls1(config-if)#int vlan 100
mls1(config-if)#ip add 192.168.1.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 10 ip 192.168.1.254
mls1(config-if)#standby 10 priority 200
mls1(config-if)#standby 10 preempt
mls1(config-if)#standby 10 track f0/15 100
mls1(config-if)#int vlan 200
mls1(config-if)#ip add 192.168.2.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 20 ip 192.168.2.254
mls1(config-if)#standby 20 priority 200
mls1(config-if)#standby 20 preempt
mls1(config-if)#standby 20 track f0/15 100
mls1(config-if)#int vlan 300
mls1(config-if)#ip add 192.168.3.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 30 ip 192.168.3.254
mls1(config-if)#standby 30 priority 150
mls1(config-if)#standby 30 preempt
mls1(config-if)#standby 30 track f0/15 100
mls1(config-if)#int vlan 400
mls1(config-if)#ip add 192.168.4.251 255.255.255.0
mls1(config-if)#ip helper-address 192.168.0.1
mls1(config-if)#no sh
mls1(config-if)#ip access-group lan in
mls1(config-if)#standby 40 ip 192.168.4.254
mls1(config-if)#standby 40 priority 150
mls1(config-if)#standby 40 preempt
mls1(config-if)#standby 40 track f0/15 100
mls1(config-if)#exit
mls1(config)#spanning-tree vlan 100 priority 4096
mls1(config)#spanning-tree vlan 200 priority 4096
mls1(config)#ip route 0.0.0.0 0.0.0.0 f0/15

 

mls2>
mls2>en
mls2#vlan database
mls2(vlan)#vtp domain cz
mls2(vlan)#vtp password 123.com
mls2(vlan)#vtp server
mls2(vlan)#vtp v2-mode
mls2(vlan)#vtp pr
mls2(vlan)#vtp pruning
mls2(vlan)#vlan 100
mls2(vlan)#vlan 200
mls2(vlan)#vlan 300
mls2(vlan)#vlan 400
mls2(vlan)#exit
mls2#conf t
mls2(config)#int ra f0/1 – 4
mls2(config-if-range)#sw t en d
mls2(config-if-range)#sw m t
mls2(config-if-range)#exit
mls2(config)#int ra f0/12 – 14
mls2(config-if-range)#sw t en d
mls2(config-if-range)#sw m t
mls2(config-if-range)#channel-group 1 mode on
mls2(config-if-range)#exit
mls1(config)#ip access-list lan
mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 \\许可网管区ping设配
mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo \\不许可其他PING设配
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet \\许可192.168.2.0/24 长途登录192.168.1.0/24
mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet \\许可192.168.2.0/24 长途登录192.168.0.0/24
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21 \\许可拜候FTP
mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www \\许可拜候WWW
mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255 \\不许可拜候192.168.0.0/22
mls1(config-ext-nacl)#permit ip any any
mls1(config-ext-nacl)end
mls2(config)#int f0/15
mls2(config-if)#no sw
mls2(config-if)#ip add 192.168.0.2 255.255.255.252
mls2(config-if)#no sh
mls2(config-if)#int vlan 100
mls2(config-if)#ip add 192.168.100.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 10 ip 192.168.100.254
mls2(config-if)#standby 10 priority 150
mls2(config-if)#standby 10 preempt
mls2(config-if)#standby 10 track f0/15 100
mls2(config-if)#int vlan 200
mls2(config-if)#ip add 192.168.2.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 20 ip 192.168.2.254
mls2(config-if)#standby 20 priority 150
mls2(config-if)#standby 20 preempt
mls2(config-if)#standby 20 track f0/15 100
mls2(config-if)#int vlan 300
mls2(config-if)#ip add 192.168.3.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 30 ip 192.168.3.254
mls2(config-if)#standby 30 priority 200
mls2(config-if)#standby 30 preempt
mls2(config-if)#standby 30 track f0/15 100
mls2(config-if)#int vlan 400
mls2(config-if)#ip add 192.168.4.252 255.255.255.0
mls2(config-if)#ip helper-address 192.168.0.5
mls2(config-if)#no sh
mls2(config-if)#ip access-group lan in
mls2(config-if)#standby 40 ip 192.168.4.254
mls2(config-if)#standby 40 priority 200
mls2(config-if)#standby 40 preempt
mls2(config-if)#standby 40 track f0/15 100
mls2(config-if)#exit
mls2(config)#spanning-tree vlan 300 priority 4096
mls2(config)#spanning-tree vlan 400 priority 4096
mls2(config)#ip route 0.0.0.0 0.0.0.0 f0/15

------分开线----------------------------
标签(Tag):无线路由器 路由器 路由器设置 无线路由器设置
------分开线----------------------------
保举内容
猜你感兴趣