真实项目 | 大型网络的整个安装与配置全过程(思科命令)
真实项目 | 大型网络的整个安装与配置全过程(思科命令)
网络技术联盟站
发布于 2019-07-23 10:34:14
发布于 2019-07-23 10:34:14
这是一个比较综合的实例,从拓扑图上可以看出,它所包含的设备和技术。以下对这个例子作些说明。
对于内部局域网,选用 Cisco 的 Catalyst 6506 作为中心交换机,二级交换采用 Catalyst 3500,同时为了说明 Trunk,又加了一个 Catalyst 2900 作为三级交换,对于终端连接用了 Catalyst 1900 交换机,这样就可以在 Catalyst 6506 与 Catalyst 3500 之间以及 Catalyst 3500 与 Catalyst 2900 之间建立 Trunk,实现跨交换机的 VLAN。
注:Catalyst 2900 系列如果要实现 Trunk,软件必须是企业版的。
对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了 DDN、 ISDN、 Frame Relay、 E1 线路
等。
本例给出设备的基本配置。
对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由.
在本例的帧中继配置中,运用了 IP Unnumbered ,可以节省地址资源,有兴趣可以注意一下。
网络拓扑:
VLAN 划分问题
对于交换设备本例中划到 VLAN 1 中,而对于外连设备的所有以太网端口,均划到 VLAN 2 中,下面给出各
VLAN 的名称和网关地址,本例划分 8 个 VLAN.
VLAN ID VLAN Name Gateway
VLAN 1 Bluestudy 1 10.1.0.1/16
VLAN 2 Bluestudy 2 10.2.0.1/16
VLAN 3 Bluestudy 3 10.3.0.1/16
VLAN 4 Bluestudy 4 10.4.0.1/16
VLAN 5 Bluestudy 5 10.5.0.1/16
VLAN 6 Bluestudy 6 10.6.0.1/16
VLAN 7 Bluestudy 7 10.7.0.1/16
VLAN 8 Bluestudy 8 10.8.0.1/16Catalyst 6506 的配置
Enter password:
enable
Enter password:
config t
set system name Bluestudy
set time 10/30/2000 9:30:00
set password
set enablepass
set interface sc0 10.1.0.2/16
set ip route default 10.1.0.1
set ip dns server 10.1.0.100
set ip dns domain bluestudy.com
set ip dns enable
set vtp domain bluestudy mode server
set vlan 1 name Bluestudy 1
set vlan 2 name Bluestudy 2
set vlan 3 name Bluestudy 3
set vlan 4 name Bluestudy 4
set vlan 5 name Bluestudy 5
set vlan 6 name Bluestudy 6Catalyst 6506的配置
set vlan 7 name Bluestudy 7
set vlan 8 name Bluestudy 8
set port negotiation 2/1-8 enable
set port name 2/1-8 GEC 802.1Q Trunk
set trunk 2/1-8 desirable dot1q
set port speed 2/1-8 1000
set vlan 1 3/1-48对于 6506 的交换机方面的配置只需做出 Trunk 即可,因为要实现跨交换机之间的虚网,下面配置 6506 的路
由模块,因为 6506 的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15 ,详情请见6506 路由设置.
Catalyst 6506RSM 模块的配置
(enable) session 15
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
enable
configure terminal
hostname bluestudy
enable password password
line vty 0 6
password secret_word
ip domain-name bluestudy.com
ip name-server 10.1.0.100
interface vlan 1
ip address 10.1.0.1 255.255.0.0
no shutdown
interface vlan 2
ip address 10.2.0.1 255.255.0.0
no shutdown
interface vlan 3
ip address 10.3.0.1 255.255.0.0
no shutdown
interface vlan 4
ip address 10.4.0.1 255.255.0.0
no shutdown
interface vlan 5
ip address 10.5.0.1 255.255.0.0
no shutdown
interface vlan 6
ip address 10.6.0.1 255.255.0.0
no shutdown
interface vlan 7
ip address 10.7.0.1 255.255.0.0
no shutdown
interface vlan 8
ip address 10.8.0.1 255.255.0.0
no shutdown
router rip
version 2
network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.2.0.12
ip route 192.168.2.0 255.255.255.0 10.2.0.13
ip route 192.168.3.0 255.255.255.240 10.2.0.11
ip route 192.168.4.0 255.255.255.0 10.2.0.11
ip route 192.168.5.0 255.255.255.0 10.2.0.11
ip route 192.168.6.0 255.255.255.0 10.2.0.11
copy running-config startup-config
Building configuration...
[OK]这里给出的是单纯的命令行,略去了一些默认状况的设置.
Catalyst 3500 的配置
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 10.1.0.4 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
interface Ethernet1/1(与 2900 对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/2(与 1900 A 对接)
switchport access VLAN 3
no shut
!
interface Ethernet1/3(与 1900 B 对接)
switchport access VLAN 4
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
(打开简单的网络管理,便于以后,Cisco 网管软件识别和管理)
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
endCatalyst 2900 的配置
2900 的配置与 3500 的相似,命令如下
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface Ethernet0/1(与 3500 对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface VLAN1
ip address 10.1.0.3 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
!
interface Ethernet0/2(与 1900 C 对接)
switchport access VLAN 5
no shut
!
interface Ethernet0/3(与 1900 D 对接)
switchport access VLAN 6
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
endCisco Catalyst 1900 的配置
对于 1900 的配置就相对容易得多了
只需在 enable 状态下键入 Setup 就会进入配置向导
给出交换机的
IP 地址:10.3.0.5
掩码:255.255.0.0
网关:10.3.0.1
就可以了,另外应该打开简单的网络管理协议 SNMP
snmp-server community public RO
snmp-server community private RW即可
PIX 520A 的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix_A
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
logging monitor debugging
logging buffered debugging
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 192.168.0.1 255.255.255.252
ip address inside 10.2.0.13 255.255.0.0
arp timeout 14400
nat (inside ) 0 192.168.0.0 255.255.255.252
rip outside passive
no rip outside default
no rip inside passive
rip inside default
route outside 192.168.2.0 255.255.255.0 192.168.0.2
route inside 0.0.0.0 0.0.0.0 10.2.0.1
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolut
esnmp-server community public RO
snmp-server community private RW
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0Cisco 2610A 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610A
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 192.168.0.2 255.255.255.252
no shut
!
interface Serial0/0
ip address 192.168.0.5 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.6
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
endCisco 1603 的配置
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 1603
!
enable secret password
enable password password
!
memory-size iomem 25
ip subnet-zero
!
interface Serial0
ip address 192.168.0.6 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
no ip unreachables
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 s0
no ip http server
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
password password
transport input none
line aux 0
line vty 0 4
password password
login
!
no scheduler allocate
endPIX 520B 的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix520_B
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.108.66.97 255.255.255.248
ip address inside 10.2.0.12 255.255.0.0
arp timeout 14400
global (outside) 1 202.108.66.100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 202.109.77.98
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0Cisco 2610B 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610B
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 202.108.66.98 255.255.255.248
no shut
!
interface Serial0/0
ip address 202.108.8.1 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 202.108.8.2
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
endCisco 2610c 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
!
hostname 2610C
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
ip address-pool local
isdn switch-type basic-net3
interface Ethernet0
ip address 10.2.0.11 255.255.0.0
!
interface Serial0
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy1
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
interface Serial0.2 point-to-point
description Frame Relay to bluestudy2
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
interface BRI1/0
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/1
ip address 192.168.3.1 255.255.255.240
encapsulation ppp
timeout absolute 60 0
dialer idle-timeout 3600
dialer-group 1
isdn switch-type basic-net3
peer default ip address pool default
ppp authentication chap pap callin
!
interface BRI1/2
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
no peer default ip address
!
ip local pool default 192.168.3.3 192.168.3.14
ip http server
ip classless
ip route 192.168.5.0 255.255.255.0 serial0.1
ip route 192.168.4.0 255.255.255.0 serial0.2
ip route 0.0.0.0 0.0.0.0 10.2.0.1
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
line con 0
password console
login
line aux 0
line vty 0 4
password telnet
login
!
endCisco 1720A 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.5.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy1
login
!
endCisco 1720B 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy2
login
!
end
Lucent MAX 6000对于阵列式访问服务器(朗讯的 MAX 6000),可以起到小型 ISP 的作用,如果作了 Callback 的配置,那么员工就可以在家里也能够登陆到公司的网络。而且,因为 E1 线路通常是包月的,因此,可以省去员工的上网费用,当然也可以通过计费费软件,适当收费,实现以网养网。
对于其配置只要将大于 30 个 IP 地址加入地址池中,然后将所有路由指向中心交换机即可。
对于 MAX6000 的配置,通常是菜单形式的,可以根据向导进行配置。
在此,省略其配置。但是,以前遇到一个问题,MAX 6000 接入中心交换机(3Com 3500)时,将其路由指向 3500,而 3500 也将拨入用户网络指向 MAX 6000,但是产生如下现象
现象如下:
1.由 MAX6000 拨入的 192.168.6.0 网络与内部网络 10.0.0.0 通讯正常,但是却不能与其他专线连接的网络
(如:192.168.2.0)通讯.而路由指向与上述相同.
2.中心交换机是6500的时候,这些问题就解决了,怀疑是3500的错误,但是,当将MAX 6000的网络指向2610
A,同时,2610 A 也将路由指向 MAX 6000,在 MAX 6000 上 Traceroute 却连 192.168.0.6 都到不了.最终的解决办法就是,将 192.168.6.0/24 改成 10.2.8.0/16,即给拨入用户直接分配内部地址,这就不存在路由问题了,所以,都可以正常通讯,不知是何原因.
网络管理
对于 Cisco 的网管软件的使用上是比较简单的。
在安装 CWSI 时,只要给出一个种子点的 IP 地址(如:中心交换机的 IP:10.1.0.2)就可以了,在安装完软件以后,利用自动搜寻功能就可以找到网络中连接的 Cisco 设备了。同时,也要选择相应的数据库,对于PIX 520、Catalyst 6500、Catalyst 3500 等要向代理要补丁包。因为没有补丁包网管软件连 6500 的模块都不能识别。至于一些应用功能,只要参照使用手册看看就可以了。但是,前提就是要安装 HP OpenView 等操作平台对于 CiscoView 的功能要简单得多,前台也可以安装 SNMPS而 Cwsi 包含 Cisco View。
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2019-06-03,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读