多平台统一管理软件接口,如何实现多平台统一管理软件接口
232
2022-10-14
三层架构学习笔记
三层架构学习笔记
实验要求:
① 企业内网划分多个vlan ,减少广播域大小,提高网络稳定性
② 用户的网关配置在核心交换机
③ 所有用户均为自动获取ip地址
④ 确保sw1是根桥,配置相关技术使得接入交换机连接终端接口收敛迅速
⑤ 出口配置NAT(连接R3-ISP),并确保所有用户都可以访问百度。
⑥ 企业总部和分支采用PPP 广域网链路连接。并采用CHAP对链路做认证。
⑦ 企业总部和分支采用ospf 路由协议连接。
⑧ 企业所有设备,在任何位置都可以被telnet远程管理,管理vlan999,IP192.168.255.0/24
R1(出口设备)
sysname R1 # acl number 2000 rule 5 permit source 192.168.0.0 0.0.255.255 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user test password cipher 123 local-user test service-type ppp local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # interface Serial4/0/0 link-protocol ppp ppp authentication-mode chap description to shanghai_R2_S4/0/0 ip address 192.168.253.1 255.255.255.0 # interface Serial4/0/1 link-protocol ppp # interface GigabitEthernet0/0/0 description R1_G0/0/0-SW1_G0/0/24 ip address 192.168.254.2 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 12.1.1.1 255.255.255.248 nat server protocol tcp global 12.1.1.2 inside 192.168.200.2 www nat outbound 2000 # ospf 1 area 0.0.0.0 network 192.168.253.0 0.0.0.255 network 192.168.254.0 0.0.0.255 # ip route-static 0.0.0.0 0.0.0.0 12.1.1.6 ip route-static 192.168.0.0 255.255.0.0 192.168.254.1 # user-interface con 0 authentication-mode password user-interface vty 0 4 authentication-mode aaa user-interface vty 16 20 # return
SW1(核心)
sysname SW1 # undo info-center enable # vlan batch 10 20 200 800 999 # dhcp enable # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user admin password simple admin local-user admin service-type http # interface Vlanif10 ip address 192.168.10.1 255.255.255.0 dhcp select interface dhcp server dns-list 114.114.114.114 # interface Vlanif20 ip address 192.168.20.1 255.255.255.0 dhcp select interface dhcp server dns-list 114.114.114.114 # interface Vlanif200 ip address 192.168.200.1 255.255.255.0 # interface Vlanif800 ip address 192.168.254.1 255.255.255.0 # interface Vlanif999 ip address 192.168.255.1 255.255.255.0 # interface Eth-Trunk1 description SW1_Eth-trunk1-SW3Eth-Trunk3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 999 # interface Eth-Trunk4 description SW1_Eth-trunk4-SW2_Eth-Trunk2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 999 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 eth-trunk 1 # interface GigabitEthernet0/0/21 eth-trunk 4 # interface GigabitEthernet0/0/22 eth-trunk 1 # interface GigabitEthernet0/0/23 eth-trunk 4 # interface GigabitEthernet0/0/24 description SW1_G0/0/24-R1_G0/0/0 port link-type access port default vlan 800 # ospf 1 area 0.0.0.0 network 192.168.10.0 0.0.0.255 network 192.168.20.0 0.0.0.255 network 192.168.200.0 0.0.0.255 network 192.168.254.0 0.0.0.255 network 192.168.255.0 0.0.0.255 # ip route-static 0.0.0.0 0.0.0.0 192.168.254.2 # user-interface con 0 user-interface vty 0 4 authentication-mode aaa # return
SW2(汇聚)
sysname SW2 # undo info-center enable # vlan batch 10 20 999 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user admin password simple admin local-user admin service-type http # interface Vlanif999 ip address 192.168.255.2 255.255.255.0 # interface Eth-Trunk2 description SW2_Eth-Trunk2-SW1_Eth-Trunk4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 20 999 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 description SW2_G0/0/2-SW4_E0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 999 # interface GigabitEthernet0/0/3 description SW2_G0/0/3-SW5_E0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 999 # interface GigabitEthernet0/0/23 eth-trunk 2 # interface GigabitEthernet0/0/24 eth-trunk 2 # ip route-static 0.0.0.0 0.0.0.0 192.168.255.1 # user-interface con 0 user-interface vty 0 4 authentication-mode aaa # return
SW3(汇聚)
sysname SW3 # undo info-center enable # vlan batch 200 999 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user admin password simple admin local-user admin service-type http # interface Vlanif999 ip address 192.168.255.3 255.255.255.0 # interface Eth-Trunk3 description SW3_Eth-Trunk3-SW1_Eth_Trunk1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 999 # interface GigabitEthernet0/0/1 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/2 description g0/0/2-dataes_server port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 20 999 stp edged-port enable # interface GigabitEthernet0/0/4 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/5 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/6 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/7 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/8 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/9 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/10 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/11 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/12 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/13 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/14 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/15 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/16 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/17 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/18 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/19 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/20 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/21 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/22 port link-type access port default vlan 200 stp edged-port enable # interface GigabitEthernet0/0/23 eth-trunk 3 # interface GigabitEthernet0/0/24 eth-trunk 3 # ip route-static 0.0.0.0 0.0.0.0 192.168.255.1 # user-interface con 0 user-interface vty 0 4 authentication-mode aaa # return
SW4(接入)
sysname SW4 # undo info-center enable # vlan batch 10 999 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user admin password simple admin local-user admin service-type http # interface Vlanif999 ip address 192.168.255.4 255.255.255.0 # interface Ethernet0/0/1 description SW4_E0/0/1-SW2_G0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 999 # interface Ethernet0/0/2 description PC1 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/3 description PC3 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/4 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/5 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/6 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/7 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/8 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/9 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/10 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/11 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/12 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/13 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/14 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/15 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/16 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/17 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/18 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/19 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/20 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/21 port link-type access port default vlan 10 stp edged-port enable # interface Ethernet0/0/22 port link-type access port default vlan 10 stp edged-port enable # ip route-static 0.0.0.0 0.0.0.0 192.168.255.2 # user-interface con 0 user-interface vty 0 4 authentication-mode aaa # return
SW5(接入)
sysname SW5 # undo info-center enable # vlan batch 20 999 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user aaa password cipher 123 local-user aaa privilege level 3 local-user aaa service-type telnet local-user admin password simple admin local-user admin service-type http # interface Vlanif999 ip address 192.168.255.5 255.255.255.0 # interface Ethernet0/0/1 description SW5_E0/0/1-SW2_G0/0/3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 999 # interface Ethernet0/0/2 description PC2 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/3 description PC4 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/4 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/5 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/6 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/7 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/8 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/9 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/10 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/11 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/12 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/13 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/14 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/15 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/16 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/17 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/18 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/19 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/20 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/21 port link-type access port default vlan 20 stp edged-port enable # interface Ethernet0/0/22 port link-type access port default vlan 20 stp edged-port enable # ip route-static 0.0.0.0 0.0.0.0 192.168.255.2 # user-interface con 0 user-interface vty 0 4 authentication-mode aaa # return
PC3
sysname PC3 # undo info-center enable # dhcp enable # interface Ethernet0/0/1 ip address dhcp-alloc # return
PC4
sysname PC4 # undo info-center enable # dhcp enable # interface Ethernet0/0/1 ip address dhcp-alloc # return
命令翻译
#调整当前设备为根桥 优先级为0 stp root primary = stp root primary #配置边缘端口 stp edged-port enable #核心设备上的默认路由 ip route-static 0.0.0.0 0 192.168.254.2 #出口路由的默认路由 ip route-static 0.0.0.0 0 12.1.1.6 #出口设备上的回包路由 ip route-static 192.168.0.0 16 192.168.254.1 #创建acl2000 acl number 2000 #允许源事192.168.0.0网段的IP rule 5 permit source 192.168.0.0 0.0.255.255 #出口nat转换,在出方向引用acl2000 nat outbound 2000 #将内网服务器的80端口映射成公网地址12.1.1.2的80端口 nat server protocol tcp global 12.1.1.2 inside 192.168.200.2 #本地端 #进入aaa aaa #创建ppp用户和密码 local-user test password cipher 123 #设置test用户的服务类型是ppp local-user test service-type ppp #进入serial端口 inter Serial 4/0/0 #配置ppp认证模式为chap ppp authentication-mode chap #对端 #进入serial进口 int Serial 4/0/0 #配置ppp拨号账户 ppp chap user test #配置ppp拨号密码 ppp chap password cipher 123 #进入aaa aaa #创建账户aaa权限级别3级密码是123 local-user aaa privilege level 3 password cipher 123 #aaa用户类型为telnet local-user aaa service-type telnet #进入vty接口 user-interface vty 0 4 #认证模式为aaa authentication-mode aaa
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~