多平台统一管理软件接口,如何实现多平台统一管理软件接口
279
2022-10-01
实验案例三(实验的例子)
实验案例三(实验的例子)
实验目的
掌握大中型园区网络的部署
实验拓扑
网络规划如下
设备 | IP地址 | |||
R1 | e0/0:172.16.12.1 | e0/1:172.16.13.1 | loopback 0:1.1.1.1 | |
CS1 | e0/0-1:172.16.23.2 | e0/2:172.16.24.2 | e0/3:172.16.25.2 | e1/0:172.16.12.2 |
CS2 | e0/0-1:172.16.23.3 | e0/2:172.16.35.3 | e0/3:172.16.34.3 | e1/0:172.16.13.3 |
DS1 | 0/2:172.16.24.4 | e1/0:172.16.34.4 | vlan 10:192.168.10.252 | vlan 20:192.168.20.252 |
vlan 30:192.168.30.252 | vlan 40:192.168.40.252 | |||
DS2 | e0/2:172.16.35.5 | e1/0:172.16.25.5 | vlan 10:192.168.10.253 | vlan 20:192.168.20.253 |
vlan 30:192.168.30.253 | vlan 40:192.168.40.253 | |||
四台电脑 | DHCP获取IP地址 |
一、安全管理(只展示在R1上的配置)
依据图中拓扑,为全网设备关闭域名解析、并在 Console 和 VTY 线路下关闭线路超时并开启输出同步。
R1(config)#no ip domain-lookup R1(config)#line console 0R1(config-line)#logging synchronous R1(config-line)#exec-timeout 0 0R1(config-line)#exitR1(config)#line vty 0 4R1(config-line)#logging synchronous R1(config-line)#exec-timeout 0 0R1(config-line)#exit
为实现安全远程登录,要求在设备 R1 上创建本地用户名 bdqn,密码 benet,并只允许 3 个管理员同时远程登录 ,其中管理员地址分别为 192.168.10.1~192.168.10.3;要只运行 SSH 协议进行登录,并且关闭其他虚拟终端线路。
R1(config)#username bdqn privilege 15 password benetR1(config)#line vty 0 2R1(config-line)#login local R1(config-line)#exitR1(config)#access-list 1 permit host 192.168.10.1 R1(config)#access-list 1 permit host 192.168.10.2R1(config)#access-list 1 permit host 192.168.10.3R1(config)#line vty 0 2R1(config-line)#transport input sshR1(config-line)#access-class 1 in R1(config-line)#exitR1(config)#line vty 3 4R1(config-line)#transport input none R1(config-line)#exit
在设备 R1 设置 banner,要求当远程登录时可以看到“THIS IS BENETLAB Lab*CS1”
R1(config)#banner login ##THIS IS BENETLAB#
在 R2 上关闭 HTTP 服务,开启 HTTPS 服务并调用本地认证
R1(config)#no ip server R1(config)#ip secure-server
在 R1 的 E0/0 上关闭 CDP 服务
R1(config)#no cdp run
二、交换技术
trunk技术
DS1的配置
DS1(config)#interface range ethernet 0/0-1 , ethernet 0/3 , ethernet 1/1DS1(config-if-range)#switchport trunk encapsulation dot1q DS1(config-if-range)#switchport mode trunk DS1(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40DS1(config-if-range)#exit
DS2的配置
DS2(config)#interface range ethernet 0/0-1 , ethernet 0/3 , ethernet 1/1DS2(config-if-range)#switchport trunk encapsulation dot1q DS2(config-if-range)#switchport mode trunk DS2(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40DS2(config-if-range)#exit
AS1的配置
AS1(config)#interface range ethernet 0/0-1AS1(config-if-range)#switchport trunk encapsulation dot1q AS1(config-if-range)#switchport mode trunk AS1(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40AS1(config-if-range)#exit
AS2的配置
AS2(config)#interface range ethernet 0/0-1AS2(config-if-range)#switchport trunk encapsulation dot1q AS2(config-if-range)#switchport mode trunk AS2(config-if-range)#switchport trunk allowed vlan 1,10,20,30,40AS2(config-if-range)#exit
vtp技术
DS1的配置
DS1(config)#vtp domain bdqnChanging VTP domain name from NULL to bdqnDS1(config)#vtp password benetSetting device VTP password to benetDS1(config)#vtp pruning Pruning switched onDS1(config)#vtp mode server
DS2的配置
DS2(config)#vtp domain bdqnChanging VTP domain name from NULL to bdqnDS2(config)#vtp mode client Setting device to VTP Client mode for VLANS.DS2(config)#vtp password benet
AS1的配置
AS1(config)#vtp domain bdqnDomain name already set to bdqn.AS1(config)#vtp mode client Setting device to VTP Client mode for VLANS.AS1(config)#vtp password benetSetting device VTP password to benet
AS2的配置
AS2(config)#vtp domain bdqnDomain name already set to bdqn.AS2(config)#vtp mode client Setting device to VTP Client mode for VLANS.AS2(config)#vtp password benetSetting device VTP password to benet
DS1创建vlan
DS1(config)#vlan 10,20,30,40DS1(config-vlan)#exit
AS1将接口加入vlan
AS1(config)#interface ethernet 0/2AS1(config-if)#switchport mode accAS1(config-if)#switchport access vlan 10AS1(config-if)#exitAS1(config)#interface ethernet 0/3 AS1(config-if)#switchport mode acc AS1(config-if)#switchport access vlan 20AS1(config-if)#exit
AS2将接口加入vlan
AS2(config)#interface ethernet 0/2AS2(config-if)#switchport mode access AS2(config-if)#switchport access vlan 30AS2(config-if)#exitAS2(config)#interface ethernet 0/3 AS2(config-if)#switchport mode access AS2(config-if)#switchport access vlan 40AS2(config-if)#exit
hsrp技术
DS1的配置
DS1(config)#spanning-tree mode mst DS1(config)#spanning-tree mst configuration DS1(config-mst)#revision 1DS1(config-mst)#name chengjie DS1(config-mst)#instance 1 vlan 10,30DS1(config-mst)#instance 2 vlan 20,40DS1(config-mst)#exitDS1(config)#spanning-tree mst 1 root primary DS1(config)#spanning-tree mst 2 root secondary
DS2的配置
DS2(config)#spanning-tree mst configuration DS2(config-mst)#revision 1DS2(config-mst)#name chengjieDS2(config-mst)#instance 1 vlan 10,30DS2(config-mst)#instance 2 vlan 20,40DS2(config-mst)#exit DS2(config)#spanning-tree mst 1 root secondary DS2(config)#spanning-tree mst 2 root primary
AS1的配置
AS1(config)#spanning-tree mode mstAS1(config)#spanning-tree mst configuration AS1(config-mst)#revision 1AS1(config-mst)#name chengjie AS1(config-mst)#instance 1 vlan 10,30AS1(config-mst)#instance 2 vlan 20,40AS1(config-mst)#exit
AS2的配置
AS2(config)#spanning-tree mode mstAS2(config)#spanning-tree mst configuration AS2(config-mst)#revision 1 AS2(config-mst)#name chengjieAS2(config-mst)#instance 1 vlan 10,30AS2(config-mst)#instance 2 vlan 20,40AS2(config-mst)#exit
DS1配置虚接口
DS1(config)#interface vlan 10DS1(config-if)#ip address 192.168.10.252 255.255.255.0DS1(config-if)#standby 10 ip 192.168.10.254DS1(config-if)#standby 10 priority 110DS1(config-if)#standby 10 preempt DS1(config-if)#exitDS1(config)#interface vlan 10 DS1(config-if)#no shutdown DS1(config-if)#exittDS1(config)#interface vlan 20DS1(config-if)#ip address 192.168.20.252 255.255.255.0DS1(config-if)#standby 20 ip 192.168.20.254DS1(config-if)#standby 20 priority 90DS1(config-if)#standby 20 preempt DS1(config-if)#no shutdown DS1(config-if)#exitDS1(config)#interface vlan 30DS1(config-if)#ip address 192.168.30.252 255.255.255.0DS1(config-if)#standby 30 ip 192.168.30.254DS1(config-if)#standby 30 ip 192.168.30.254DS1(config-if)#standby 30 priority 110DS1(config-if)#stDS1(config-if)#standby 30 preDS1(config-if)#standby 30 preempt DS1(config-if)#exitDS1(config)#interface vlan 40DS1(config-if)# ip address 192.168.40.252 255.255.255.0DS1(config-if)#standby 40 ip 192.168.40.254DS1(config-if)#standby 40 priority 90DS1(config-if)#standby 40 preempt DS1(config-if)#no shutdown DS1(config-if)#exit
DS2配置虚接口
DS2(config)#interface Vlan10DS2(config-if)# ip address 192.168.10.253 255.255.255.0DS2(config-if)# standby 10 ip 192.168.10.254DS2(config-if)# standby 10 priority 90DS2(config-if)# standby 10 preemptDS2(config-if)# no shutdownDS2(config-if)#DS2(config-if)#interface Vlan20DS2(config-if)# ip address 192.168.20.253 255.255.255.0DS2(config-if)# standby 20 ip 192.168.20.254DS2(config-if)# standby 20 priority 110DS2(config-if)# standby 20 preemptDS2(config-if)#no shutdownDS2(config-if)#DS2(config-if)#interface Vlan30DS2(config-if)# ip address 192.168.30.253 255.255.255.0DS2(config-if)# standby 30 ip 192.168.30.254DS2(config-if)# standby 30 priority 90DS2(config-if)# standby 30 preemptDS2(config-if)#no shutdownDS2(config-if)#DS2(config-if)#interface Vlan40DS2(config-if)# ip address 192.168.40.253 255.255.255.0DS2(config-if)# standby 40 ip 192.168.40.254DS2(config-if)# standby 40 priority 110DS2(config-if)# standby 40 preemptDS2(config-if)#no shutdown
dhcp技术
在路由器R1上部署
R1(config)#interface loopback 0R1(config-if)#ip address 1.1.1.1 255.255.255.255 R1(config-if)#no shutdown R1(config-if)#exitR1(config)#ip dhcp pool vlan10 R1(dhcp-config)#network 192.168.10.0 /24 R1(dhcp-config)#default-router 192.168.10.254 R1(dhcp-config)#dns-server 8.8.8.8 114.114.114.114R1(dhcp-config)#exitR1(config)#ip dhcp pool vlan20 R1(dhcp-config)#network 192.168.20.0 /24 R1(dhcp-config)#default-router 192.168.20.254 R1(dhcp-config)#dns-server 8.8.8.8 114.114.114.114R1(dhcp-config)#exitR1(config)#ip dhcp pool vlan30 R1(dhcp-config)#network 192.168.30.0 /24 R1(dhcp-config)#default-router 192.168.30.254 R1(dhcp-config)#dns-server 8.8.8.8 114.114.114.114R1(dhcp-config)#exit R1(config)#ip dhcp pool vlan40 R1(dhcp-config)#network 192.168.40.0 /24 R1(dhcp-config)#default-router 192.168.40.254 R1(dhcp-config)#dns-server 8.8.8.8 114.114.114.114R1(dhcp-config)#exit
DS1配置DHCP中继
DS1(config)#interface vlan 10DS1(config-if)#ip helper-address 1.1.1.1DS1(config-if)#exitDS1(config)#interface vlan 20 DS1(config-if)#ip helper-address 1.1.1.1DS1(config-if)#exit DS1(config)#interface vlan 30 DS1(config-if)#ip helper-address 1.1.1.1DS1(config-if)#exit DS1(config)#interface vlan 40 DS1(config-if)#ip helper-address 1.1.1.1DS1(config-if)#exit
DS2配置DHCP中继
DS2(config)#interface vlan 10DS2(config-if)#ip helper-address 1.1.1.1DS2(config-if)#exitDS2(config)#interface vlan 20 DS2(config-if)#ip helper-address 1.1.1.1DS2(config-if)#exit DS2(config)#interface vlan 30 DS2(config-if)#ip helper-address 1.1.1.1DS2(config-if)#exit DS2(config)#interface vlan 40 DS2(config-if)#ip helper-address 1.1.1.1DS2(config-if)#exit
Etherchannel 技术
DS1配置二层链路聚合技术
DS1(config)#interface range ethernet 0/0-1DS1(config-if-range)#channel-group 1 mode onCreating a port-channel interface Port-channel 1DS1(config-if-range)#exitDS1(config)#interface port-channel 1DS1(config-if)#switchport trunk encapsulation dot1q DS1(config-if)#switchport mode trunk DS1(config-if)#switchport trunk allowed vlan 1,10,20,30,40DS1(config-if)#exit
DS2配置二层链路聚合技术
DS2(config)#interface range ethernet 0/0-1DS2(config-if-range)#channel-group 1 mode onCreating a port-channel interface Port-channel 1DS2(config-if-range)#exitDS2(config)#interface port-channel 1 DS2(config-if)#switchport trunk encapsulation dot1q DS2(config-if)#switchport mode trunk DS2(config-if)#switchport trunk allowed vlan 1,10,20,30,40DS2(config-if)#exit
CS1配置三层链路聚合技术
CS1(config)#interface port-channel 1CS1(config-if)#no switchport CS1(config-if)#ip address 172.16.23.2 255.255.255.0CS1(config-if)#no shutdown CS1(config-if)#exitCS1(config)#interface range ethernet 0/0-1CS1(config-if-range)#channel-group 1 mode on CS1(config-if-range)#no shutdown CS1(config-if-range)#exit
CS2配置三层链路聚合技术
CS2(config)#interface port-channel 1CS2(config-if)#no switchport CS2(config-if)#ip address 172.16.23.3 255.255.255.0CS2(config-if)#no shutdown CS2(config-if)#exitCS2(config)#interface range ethernet 0/0-1CS2(config-if-range)#channel-group 1 mode on CS2(config-if-range)#no shutdown CS2(config-if-range)#exit
BPDU保护 技术
AS1的配置
AS1(config)#interface range ethernet 0/2-3AS1(config-if-range)#spanning-tree bpduguard enable AS1(config-if-range)#exitAS1(config)#errdisable recovery cause bpduguard AS1(config)#errdisable recovery interval 30
AS2的配置
AS2(config)#interface range ethernet 0/2-3AS2(config-if-range)#spanning-tree bpduguard enable AS2(config-if-range)#exitAS2(config)#errdisable recovery cause bpduguard AS2(config)#errdisable recovery interval 30
三、路由技术(配置OSPF)
配置IP地址
R1的配置
R1(config)#interface ethernet 0/0R1(config-if)#duplex full R1(config-if)#ip address 172.16.12.1 255.255.255.0R1(config-if)#no shutdown R1(config-if)#exitR1(config)#interface ethernet 0/1R1(config-if)#duplex full R1(config-if)#ip address 172.16.13.1 255.255.255.0R1(config-if)#no shutdown R1(config-if)#exit
CS1的配置
CS1(config)#interface ethernet 1/0CS1(config-if)#no switchport CS1(config-if)#ip address 172.16.12.2 255.255.255.0CS1(config-if)#no shutdown CS1(config-if)#exitCS1(config)#interface ethernet 0/2CS1(config-if)#no switchport CS1(config-if)#ip address 172.16.24.2 255.255.255.0CS1(config-if)#no shutdown CS1(config-if)#exitCS1(config)#interface ethernet 0/3 CS1(config-if)#no switchport CS1(config-if)#ip address 172.16.25.2 255.255.255.0CS1(config-if)#no shutdown CS1(config-if)#exit
CS2的配置
CS2(config)#interface ethernet 1/0CS2(config-if)#no switchport CS2(config-if)#ip address 172.16.13.3 255.255.255.0CS2(config-if)#no shutdown CS2(config-if)#exitCS2(config)#interface ethernet 0/2 CS2(config-if)#no switchport CS2(config-if)#ip address 172.16.35.3 255.255.255.0CS2(config-if)#no shutdown CS2(config-if)#exitCS2(config)#interface ethernet 0/3 CS2(config-if)#no switchport CS2(config-if)#ip address 172.16.34.3 255.255.255.0CS2(config-if)#no shutdown CS2(config-if)#exit
DS1的配置
DS1(config)#interface ethernet 0/2DS1(config-if)#no switchport DS1(config-if)#ip address 172.16.24.4 255.255.255.0DS1(config-if)#no shutdown DS1(config-if)#exitDS1(config)#interface ethernet 1/0DS1(config-if)#no switchport DS1(config-if)#ip address 172.16.34.4 255.255.255.0DS1(config-if)#no shutdown DS1(config-if)#ex
DS2的配置
DS2(config)#interface ethernet 0/2DS2(config-if)#no switchport DS2(config-if)#ip address 172.16.35.5 255.255.255.0DS2(config-if)#no shutdown DS2(config-if)#exitDS2(config)#interface ethernet 1/0DS2(config-if)#no switchport DS2(config-if)#ip address 172.16.25.5 255.255.255.0DS2(config-if)#no shutdown DS2(config-if)#exit
配置OSPF宣告路由
R1的配置
R1(config)#router ospf 1R1(config-router)#network 1.1.1.1 0.0.0.0 area 0R1(config-router)#network 172.16.12.0 0.0.0.255 area 0R1(config-router)#network 172.16.13.0 0.0.0.255 area 0R1(config-router)#default-information originate always R1(config-router)#exit
CS1的配置
CS1(config)#router ospf 1 CS1(config-router)#router-id 2.2.2.2CS1(config-router)#network 172.16.12.0 0.0.0.255 area 0CS1(config-router)#network 172.16.23.0 0.0.0.255 area 0CS1(config-router)#network 172.16.25.0 0.0.0.255 area 10CS1(config-router)#network 192.16.24.0 0.0.0.255 area 10CS1(config-router)#exit
CS2的配置
CS2(config)#router ospf 1CS2(config-router)#router-id 3.3.3.3CS2(config-router)#network 172.16.13.0 0.0.0.255 area 0CS2(config-router)#network 172.16.23.0 0.0.0.255 area 0CS2(config-router)#network 172.16.35.0 0.0.0.255 area 20CS2(config-router)#network 172.16.34.0 0.0.0.255 area 20CS2(config-router)#exit
DS1的配置
DS1(config)#router ospf 1DS1(config-router)#router-id 4.4.4.4DS1(config-router)#network 172.16.24.0 0.0.0.255 area 10DS1(config-router)#network 172.16.34.0 0.0.0.255 area 20DS1(config-router)#redistribute connected subnets DS1(config-router)#exit
DS2的配置
DS2(config)#router ospf 1 DS2(config-router)#router-id 5.5.5.5DS2(config-router)#network 172.16.35.0 0.0.0.255 area 20DS2(config-router)#network 172.16.25.0 0.0.0.255 area 10DS2(config-router)#redistribute connected subnets DS2(config-router)#exit
Port-Security 技术
AS1的配置
AS1(config)#interface range ethernet 0/2-3AS1(config-if-range)#switchport port-security mac-address sticky AS1(config-if-range)#switchport port-security maximum 2AS1(config-if-range)#switchport port-security violation shutdown AS1(config-if-range)#exitAS1(config)#errdisable recovery cause psecure-violation AS1(config)#errdisable recovery interval 30
AS2的配置
AS2(config)#interface range ethernet 0/2-3AS2(config-if-range)#switchport port-security AS2(config-if-range)#switchport port-security mac-address sticky AS2(config-if-range)#switchport port-security maximum 2 AS2(config-if-range)#switchport port-security violation shutdown AS2(config-if-range)#exitAS2(config)#errdisable recovery cause psecure-violation AS2(config)#errdisable recovery interval 30
IOU8配置自动获取
IOU8(config)#interface ethernet 0/0IOU8(config-if)#ip address dhcpIOU8(config-if)#duplex full IOU8(config-if)#no shutdown IOU8(config-if)#exit
自动获取地址如下
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~