Loading... <div>首先给大家道个歉,这个实验一直没做,最近终于做完了,详细的配置已经发到附件里了,大家解压后就可看了,没有做接入层的配置,那个很简单,就没做了</div> <div>还有以前的问题是小凡的问题,这实验要用真实设备做,虚拟的会出问题。</div> <div><span>第一次打开图片太小的话就刷新下就好了</span></div> <div><img onclick="window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)" src="http://img1.51cto.com/attachment/201101/152633913.jpg" border="0" alt="" width="650" style=""></div> <div>1、所有VLAN都可以访问FTP、WWW服务<!--more--> 2、除了网管区,其他VLAN不能TELNET设备(路由器、交换机)、服务器 3、只有网管区可以PING设配 4、配置MSL1、MSL2为VTPsever 5、配置HSRP实现路由备份和VLAN负载均衡 6、在路由器上为各VLAN做浮动路由 7、配置NAT使外网可以访问内网WWW服务 8、配置PAT使内网用户可以访问外网 9、左边的3层为MSL1,右边的3层交换为MSL2</div> <div> </div> <div> </div> <div>PS:附件下载有问题,我把配置发上来</div> <div> </div> <div>Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no ip domain lookup Router(config)#line con 0 Router(config-line)#exec-t 0 0 Router(config-line)#logg sy Router(config-line)#exit Router(config)#int e0/0 Router(config-if)#ip add 20.0.0.1 255.255.255.0 Router(config-if)#no Router(config-if)#int e1/0 Router(config-if)#ip add 192.168.0.1 255.255.255.252 Router(config-if)#no sh Router(config-if)#int e2/0 Router(config-if)#ip add 192.168.0.5 255.255.255.252 Router(config-if)#no sh Router(config-if)#exit Router(config)#ip router 192.168.100.0 255.255.255.0 e1/0 5 Router(config)#ip router 192.168.100.0 255.255.255.0 e2/0 Router(config)#ip router 192.168.2.0 255.255.255.0 e1/0 5 Router(config)#ip router 192.168.2.0 255.255.255.0 e2/0 Router(config)#ip router 192.168.3.0 255.255.255.0 e1/0 Router(config)#ip router 192.168.3.0 255.255.255.0 e2/0 5 Router(config)#ip router 192.168.4.0 255.255.255.0 e1/0 Router(config)#ip router 192.168.4.0 255.255.255.0 e2/0 5 Router(config)#end //dhcp Router(config)#ip dhcp pool vlan200 Router(dhcp-config)#network 192.168.100.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.4.254 Router(dhcp-config)#lease 1 Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address 192.168.2.250 192.168.2.254 Router(config)#ip dhcp pool vlan300 Router(dhcp-config)#network 192.168.2.0 255.255.255.0 Router(dhcp-config)#lease 1 Router(dhcp-config)#default-router 192.168.2.254 Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address 192.168.3.250 192.168.3.254 Router(config)#ip dhcp pool vlan400 Router(dhcp-config)#network 192.168.4.0 255.255.255.0 Router(dhcp-config)#lease 1 Router(dhcp-config)#default-router 192.168.4.254 Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address 192.168.4.250 192.168.4.254 Router(config)#access-list 1 permit 192.168.0.0 0.3.255.255 \\定义地址转换的控制列表 Router(config)#ip nat pool isp 20.0.0.1 20.0.0.1 netmask 0.0.0.0 \\定义转换的地址池 Router(config)#ip nat inside source list 1 pool isp \\将指定的内部局部地址与内部全局地址池进行转换 Router(config)#int e0/0 Router(config-if)#ip nat outside Router(config-if)#int e1/0 Router(config-if)#ip nat inside Router(config-if)#int e2/0 Router(config-if)#ip nat inside Router(config-if)#end Router(config)#ip nat inside source static tcp 192.168.100.100 80 20.0.0.1 80 \\ 端口映射,将内网服务器发布出去</div> <div> </div> <div> </div> <div>mls1> mls1>en mls1#vlan database mls1(vlan)#vtp domain cz mls1(vlan)#vtp password 123.com mls1(vlan)#vtp server mls1(vlan)#vtp v2-mode mls1(vlan)#vtp pr mls1(vlan)#vtp pruning mls1(vlan)#vlan 100 mls1(vlan)#vlan 200 mls1(vlan)#vlan 300 mls1(vlan)#vlan 400 mls1(vlan)#exit mls1#conf t mls1(config)#int ra f0/1 - 4 mls1(config-if-range)#sw t en d mls1(config-if-range)#sw m t mls1(config-if-range)#exit mls1(config)#int ra f0/12 - 14 mls1(config-if-range)#sw t en d mls1(config-if-range)#sw m t mls1(config-if-range)#channel-group 1 mode on mls1(config-if-range)#exit mls1(config)#ip access-list lan mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 \\允许网管区ping设配 mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo \\不允许其他PING设配 mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet \\允许192.168.2.0/24 远程登录192.168.1.0/24 mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet \\允许192.168.2.0/24 远程登录192.168.0.0/24 mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21 \\允许访问FTP mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www \\允许访问WWW mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255 \\不允许访问192.168.0.0/22 mls1(config-ext-nacl)#permit ip any any mls1(config-ext-nacl)end mls1(config)#int f0/15 mls1(config-if)#no sw mls1(config-if)#ip add 192.168.0.2 255.255.255.252 mls1(config-if)#no sh mls1(config-if)#int vlan 100 mls1(config-if)#ip add 192.168.1.251 255.255.255.0 mls1(config-if)#ip helper-address 192.168.0.1 mls1(config-if)#no sh mls1(config-if)#ip access-group lan in mls1(config-if)#standby 10 ip 192.168.1.254 mls1(config-if)#standby 10 priority 200 mls1(config-if)#standby 10 preempt mls1(config-if)#standby 10 track f0/15 100 mls1(config-if)#int vlan 200 mls1(config-if)#ip add 192.168.2.251 255.255.255.0 mls1(config-if)#ip helper-address 192.168.0.1 mls1(config-if)#no sh mls1(config-if)#ip access-group lan in mls1(config-if)#standby 20 ip 192.168.2.254 mls1(config-if)#standby 20 priority 200 mls1(config-if)#standby 20 preempt mls1(config-if)#standby 20 track f0/15 100 mls1(config-if)#int vlan 300 mls1(config-if)#ip add 192.168.3.251 255.255.255.0 mls1(config-if)#ip helper-address 192.168.0.1 mls1(config-if)#no sh mls1(config-if)#ip access-group lan in mls1(config-if)#standby 30 ip 192.168.3.254 mls1(config-if)#standby 30 priority 150 mls1(config-if)#standby 30 preempt mls1(config-if)#standby 30 track f0/15 100 mls1(config-if)#int vlan 400 mls1(config-if)#ip add 192.168.4.251 255.255.255.0 mls1(config-if)#ip helper-address 192.168.0.1 mls1(config-if)#no sh mls1(config-if)#ip access-group lan in mls1(config-if)#standby 40 ip 192.168.4.254 mls1(config-if)#standby 40 priority 150 mls1(config-if)#standby 40 preempt mls1(config-if)#standby 40 track f0/15 100 mls1(config-if)#exit mls1(config)#spanning-tree vlan 100 priority 4096 mls1(config)#spanning-tree vlan 200 priority 4096 mls1(config)#ip route 0.0.0.0 0.0.0.0 f0/15</div> <div> </div> <div> mls2> mls2>en mls2#vlan database mls2(vlan)#vtp domain cz mls2(vlan)#vtp password 123.com mls2(vlan)#vtp server mls2(vlan)#vtp v2-mode mls2(vlan)#vtp pr mls2(vlan)#vtp pruning mls2(vlan)#vlan 100 mls2(vlan)#vlan 200 mls2(vlan)#vlan 300 mls2(vlan)#vlan 400 mls2(vlan)#exit mls2#conf t mls2(config)#int ra f0/1 - 4 mls2(config-if-range)#sw t en d mls2(config-if-range)#sw m t mls2(config-if-range)#exit mls2(config)#int ra f0/12 - 14 mls2(config-if-range)#sw t en d mls2(config-if-range)#sw m t mls2(config-if-range)#channel-group 1 mode on mls2(config-if-range)#exit mls1(config)#ip access-list lan mls1(config-ext-nacl)#permit icmp 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 \\允许网管区ping设配 mls1(config-ext-nacl)#deny icmp any 192.168.0.0 0.0.0.255 echo \\不允许其他PING设配 mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 eq telnet \\允许192.168.2.0/24 远程登录192.168.1.0/24 mls1(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.255 192.168.0.0 eq telnet \\允许192.168.2.0/24 远程登录192.168.0.0/24 mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq 21 \\允许访问FTP mls1(config-ext-nacl)#permit tcp any 192.168.100.0 0.0.3.255 eq www \\允许访问WWW mls1(config-ext-nacl)#deny ip any 192.168.0.0 0.0.3.255 \\不允许访问192.168.0.0/22 mls1(config-ext-nacl)#permit ip any any mls1(config-ext-nacl)end mls2(config)#int f0/15 mls2(config-if)#no sw mls2(config-if)#ip add 192.168.0.2 255.255.255.252 mls2(config-if)#no sh mls2(config-if)#int vlan 100 mls2(config-if)#ip add 192.168.100.252 255.255.255.0 mls2(config-if)#ip helper-address 192.168.0.5 mls2(config-if)#no sh mls2(config-if)#ip access-group lan in mls2(config-if)#standby 10 ip 192.168.100.254 mls2(config-if)#standby 10 priority 150 mls2(config-if)#standby 10 preempt mls2(config-if)#standby 10 track f0/15 100 mls2(config-if)#int vlan 200 mls2(config-if)#ip add 192.168.2.252 255.255.255.0 mls2(config-if)#ip helper-address 192.168.0.5 mls2(config-if)#no sh mls2(config-if)#ip access-group lan in mls2(config-if)#standby 20 ip 192.168.2.254 mls2(config-if)#standby 20 priority 150 mls2(config-if)#standby 20 preempt mls2(config-if)#standby 20 track f0/15 100 mls2(config-if)#int vlan 300 mls2(config-if)#ip add 192.168.3.252 255.255.255.0 mls2(config-if)#ip helper-address 192.168.0.5 mls2(config-if)#no sh mls2(config-if)#ip access-group lan in mls2(config-if)#standby 30 ip 192.168.3.254 mls2(config-if)#standby 30 priority 200 mls2(config-if)#standby 30 preempt mls2(config-if)#standby 30 track f0/15 100 mls2(config-if)#int vlan 400 mls2(config-if)#ip add 192.168.4.252 255.255.255.0 mls2(config-if)#ip helper-address 192.168.0.5 mls2(config-if)#no sh mls2(config-if)#ip access-group lan in mls2(config-if)#standby 40 ip 192.168.4.254 mls2(config-if)#standby 40 priority 200 mls2(config-if)#standby 40 preempt mls2(config-if)#standby 40 track f0/15 100 mls2(config-if)#exit mls2(config)#spanning-tree vlan 300 priority 4096 mls2(config)#spanning-tree vlan 400 priority 4096 mls2(config)#ip route 0.0.0.0 0.0.0.0 f0/15</div> Last modification:October 6, 2023 © Allow specification reprint Support Appreciate the author AliPayWeChat Like 如果觉得我的文章对你有用,请随意赞赏