某大型网络的配置实例

说明:

这是一个比较综合的实例，从拓扑图上可以看出，它所包含的设备和技术。以下对这个例子作些说明希望能够和各位网友交流。

1.对于内部局域网，选用Cisco的Catalyst 6506作为中心交换机，二级交换采用Catalyst 3500，同时为了说明Trunk，又加了一个Catalyst 2900 作为三级交换，对于终端连接用了Catalyst 1900交换机，这样就可以在Catalyst 6506与Catalyst 3500之间以及Catalyst 3500与Catalyst 2900 之间建立Trunk，实现跨交换机的VLAN。

注：Catalyst 2900系列如果要实现Trunk，软件必须是企业版的，关于类似疑问可以至疑难杂谈栏目。

2.对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了DDN、 ISDN、 Frame Relay、 E1 线路等。

3.本例给出设备的基本配置。

4.对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由.

5.在本例的帧中继配置中,运用了IP Unnumbered ,可以节省地址资源,有兴趣可以注意一下



配置实例

VLAN划分问题:

对于交换设备本例中划到VLAN 1中,而对于外连设备的所有以太网端口,均划到VLAN 2中,下面给出各VLAN的名称和网关地址,本例划分8个VLAN.

VLAN ID VLAN Name Gateway

VLAN 1 Bluestudy 1 10.1.0.1/16

VLAN 2 Bluestudy 2 10.2.0.1/16

VLAN 3 Bluestudy 3 10.3.0.1/16

VLAN 4 Bluestudy 4 10.4.0.1/16

VLAN 5 Bluestudy 5 10.5.0.1/16

VLAN 6 Bluestudy 6 10.6.0.1/16

VLAN 7 Bluestudy 7 10.7.0.1/16

VLAN 8 Bluestudy 8 10.8.0.1/16

Catalyst 6506 的配置

Enter password:

enable

Enter password:

config t

set system name Bluestudy

set time 10/30/2000 9:30:00

set password

set enablepass

set interface sc0 10.1.0.2/16

set ip route default 10.1.0.1

set ip dns server 10.1.0.100

set ip dns domain bluestudy.com

set ip dns enable

set vtp domain bluestudy mode server

set vlan 1 name Bluestudy 1

set vlan 2 name Bluestudy 2

set vlan 3 name Bluestudy 3

set vlan 4 name Bluestudy 4

set vlan 5 name Bluestudy 5

set vlan 6 name Bluestudy 6

set vlan 7 name Bluestudy 7

set vlan 8 name Bluestudy 8

set port negotiation 2/1-8 enable

set port name 2/1-8 GEC 802.1Q Trunk

set trunk 2/1-8 desirable dot1q

set port speed 2/1-8 1000

set vlan 1 3/1-48

对于6506的交换机方面的配置只需做出Trunk即可,因为要实现跨交换机之间的虚网,下面配置6506的

路由模块,因为6506的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15

详情请见 6506 路由设置.

Catalyst 6506RSM模块的配置

(enable) session 15

Trying Router-15...

Connected to Router-15.

Escape character is '^]'.

enable

configure terminal

hostname bluestudy

enable password password

line vty 0 6

password secret_word

ip domain-name bluestudy.com

ip name-server 10.1.0.100

interface vlan 1

ip address 10.1.0.1 255.255.0.0

no shutdown

interface vlan 2

ip address 10.2.0.1 255.255.0.0

no shutdown

interface vlan 3

ip address 10.3.0.1 255.255.0.0

no shutdown

interface vlan 4

ip address 10.4.0.1 255.255.0.0

no shutdown

interface vlan 5

ip address 10.5.0.1 255.255.0.0

no shutdown

interface vlan 6

ip address 10.6.0.1 255.255.0.0

no shutdown

interface vlan 7

ip address 10.7.0.1 255.255.0.0

no shutdown

interface vlan 8

ip address 10.8.0.1 255.255.0.0

no shutdown

router rip

version 2

network 10.0.0.0

ip route 0.0.0.0 0.0.0.0 10.2.0.12

ip route 192.168.2.0 255.255.255.0 10.2.0.13

ip route 192.168.3.0 255.255.255.240 10.2.0.11

ip route 192.168.4.0 255.255.255.0 10.2.0.11

ip route 192.168.5.0 255.255.255.0 10.2.0.11

ip route 192.168.6.0 255.255.255.0 10.2.0.11

copy running-config startup-config

Building configuration...

[OK]

这里给出的是单纯的命令行,略去了一些默认状况的设置.

Catalyst 3500 的配置

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname bluestudy

!

enable password password

!

username bluestudy password password

username test password password

!

省略端口的显示

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface VLAN1

ip address 10.1.0.4 255.255.0.0

ip helper-address 10.1.0.100

ip directed-broadcast

no ip route-cache

!

ip default-gateway 10.1.0.1

interface Ethernet1/1(与2900对接)

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Ethernet1/2(与1900 A对接)

switchport access VLAN 3

no shut

!

interface Ethernet1/3(与1900 B对接)

switchport access VLAN 4

no shut

!

snmp-server engineID local 000000090200000216BE4E80

snmp-server community public RO

snmp-server community private RW

snmp-server chassis-id 0x17

(打开简单的网络管理，便于以后，Cisco 网管软件识别和管理）

!

line con 0

login local

transport input none

stopbits 1

line vty 0 4

login local

line vty 5 15

login

!

end

Catalyst 2900 的配置

2900的配置与3500的相似,命令如下

hostname bluestudy

!

enable password password

!

username bluestudy password password

username test password password

!

省略端口的显示

!

interface Ethernet0/1(与3500对接)

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface VLAN1

ip address 10.1.0.3 255.255.0.0

ip helper-address 10.1.0.100

ip directed-broadcast

no ip route-cache

!

ip default-gateway 10.1.0.1

!

interface Ethernet0/2(与1900 C对接)

switchport access VLAN 5

no shut

!

interface Ethernet0/3(与1900 D对接)

switchport access VLAN 6

no shut

!

snmp-server engineID local 000000090200000216BE4E80

snmp-server community public RO

snmp-server community private RW

snmp-server chassis-id 0x17

!

line con 0

login local

transport input none

stopbits 1

line vty 0 4

login local

line vty 5 15

login

!

end

Cisco Catalyst 1900 的配置

对于1900的配置就相对容易得多了

只需在enable 状态下键入 Setup 就会进入配置向导

给出交换机的

IP地址:10.3.0.5

掩码:255.255.0.0

网关:10.3.0.1

就可以了,另外应该打开简单的网络管理协议SNMP

snmp-server community public RO

snmp-server community private RW

即可

PIX 520A的基本配置

PIX Version 4.2(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password password encrypted

passwd password encrypted

hostname pix_A

fixup protocol ftp 21

fixup protocol http 80

fixup protocol smtp 25

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

names

no failover

failover timeout 0:00:00

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

pager lines 24

no logging console

logging monitor debugging

logging buffered debugging

no logging trap

logging facility 20

interface ethernet0 auto

interface ethernet1 auto

ip address outside 192.168.0.1 255.255.255.252

ip address inside 10.2.0.13 255.255.0.0

arp timeout 14400

nat (inside ) 0 192.168.0.0 255.255.255.252

rip outside passive

no rip outside default

no rip inside passive

rip inside default

route outside 192.168.2.0 255.255.255.0 192.168.0.2

route inside 0.0.0.0 0.0.0.0 10.2.0.1

timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolut

esnmp-server community public RO

snmp-server community private RW

telnet 10.2.0.200 255.255.255.255

telnet timeout 15

mtu outside 1500

mtu inside 1500

floodguard 0

Cisco 2610A 的配置

Current configuration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname 2610A

!

enable password password

!

username bluestudy password password

no ip domain-lookup!

!

interface Ethernet0/0

ip address 192.168.0.2 255.255.255.252

no shut

!

interface Serial0/0

ip address 192.168.0.5 255.255.255.252

no shut

!

interface Serial0/1

no ip address

shutdown

!

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.2.0 255.255.255.0 192.168.0.6

!

snmp-server community public RO

snmp-server community private RW

!

line con 0

line aux 0

line vty 0 4

login local

!

no scheduler allocate

end

Cisco 1603的配置

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 1603

!

enable secret password

enable password password

!

memory-size iomem 25

ip subnet-zero

!

interface Serial0

ip address 192.168.0.6 255.255.255.252

no ip directed-broadcast

!

interface Ethernet0

ip address 192.168.2.1 255.255.255.0

no ip unreachables

no ip directed-broadcast

!

ip classless

ip route 0.0.0.0 0.0.0.0 s0

no ip http server

!

snmp-server community public RO

snmp-server community private RW

!

line con 0

password password

transport input none

line aux 0

line vty 0 4

password password

login

!

no scheduler allocate

end

PIX 520B的基本配置

PIX Version 4.2(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password password encrypted

passwd password encrypted

hostname pix520_B

fixup protocol ftp 21

fixup protocol http 80

fixup protocol smtp 25

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

names

no failover

failover timeout 0:00:00

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

pager lines 24

no logging console

no logging monitor

no logging buffered

no logging trap

logging facility 20

interface ethernet0 auto

interface ethernet1 auto

ip address outside 202.108.66.97 255.255.255.248

ip address inside 10.2.0.12 255.255.0.0

arp timeout 14400

global (outside) 1 202.108.66.100

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

route outside 0.0.0.0 0.0.0.0 202.109.77.98

timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

telnet 10.2.0.200 255.255.255.255

telnet timeout 15

mtu outside 1500

mtu inside 1500

floodguard 0

Cisco 2610B 的配置

Current configuration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname 2610B

!

enable password password

!

username bluestudy password password

no ip domain-lookup!

!

interface Ethernet0/0

ip address 202.108.66.98 255.255.255.248

no shut

!

interface Serial0/0

ip address 202.108.8.1 255.255.255.252

no shut

!

interface Serial0/1

no ip address

shutdown

!

ip route 0.0.0.0 0.0.0.0 202.108.8.2

!

snmp-server community public RO

snmp-server community private RW

!

line con 0

line aux 0

line vty 0 4

login local

!

no scheduler allocate

end

Cisco 2610c 的配置

version 11.2

service udp-small-servers

service tcp-small-servers

!

hostname 2610C

!

enable secret cisco

!

ip subnet-zero

no ip domain-lookup

!

ip address-pool local

isdn switch-type basic-net3

interface Ethernet0

ip address 10.2.0.11 255.255.0.0

!

interface Serial0

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

description Frame Relay to bluestudy1

ip unnumbered Ethernet0

frame-relay interface-dlci 10

!

interface Serial0.2 point-to-point

description Frame Relay to bluestudy2

ip unnumbered Ethernet0

frame-relay interface-dlci 11

!

interface BRI1/0

no ip address

shutdown

isdn switch-type basic-net3

!

interface BRI1/1

ip address 192.168.3.1 255.255.255.240

encapsulation ppp

timeout absolute 60 0

dialer idle-timeout 3600

dialer-group 1

isdn switch-type basic-net3

peer default ip address pool default

ppp authentication chap pap callin

!

interface BRI1/2

no ip address

encapsulation ppp

shutdown

isdn switch-type basic-net3

!

interface BRI1/3

no ip address

encapsulation ppp

shutdown

isdn switch-type basic-net3

no peer default ip address

!

ip local pool default 192.168.3.3 192.168.3.14

ip http server

ip classless

ip route 192.168.5.0 255.255.255.0 serial0.1

ip route 192.168.4.0 255.255.255.0 serial0.2

ip route 0.0.0.0 0.0.0.0 10.2.0.1

!

access-list 1 permit any

dialer-list 1 protocol ip list 1

line con 0

password console

login

line aux 0

line vty 0 4

password telnet

login

!

end

Cisco 1720A 的配置

　

version 11.2

service udp-small-servers

service tcp-small-servers

hostname bluestudy1

!

enable secret cisco

!

ip subnet-zero

no ip domain-lookup

!

interface Fastethernet0

ip address 192.168.5.1 255.255.255.0

!

interface Serial0

no ip address

encapsulation frame-relay

!

interface Serial0.1 point-to-point

description Frame Relay to bluestudy

ip unnumbered Ethernet0

frame-relay interface-dlci 10

!

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 serial0.1

!

line con 0

password console

login

line aux 0

line vty 0 4

password bluestudy1

login

!

end

Cisco 1720B 的配置

version 11.2

service udp-small-servers

service tcp-small-servers

hostname bluestudy1

!

enable secret cisco

!

ip subnet-zero

no ip domain-lookup

!

interface Fastethernet0

ip address 192.168.4.1 255.255.255.0

!

interface Serial0

no ip address

encapsulation frame-relay

!

interface Serial0.1 point-to-point

description Frame Relay to bluestudy

ip unnumbered Ethernet0

frame-relay interface-dlci 11

!

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 serial0.1

!

line con 0

password console

login

line aux 0

line vty 0 4

password bluestudy2

login

!

end