某大型网络的配置实例58642

1、某大型网络的配置实例(cisco catalyst 6506/3500/2900)说明这是一个比较综合的实例，从拓扑图上可以看出，它所包含的设备和技术。以下 对这个例子作些说明。1. 对于内部局域网，选用cisco的catalyst 6506作为中心交换机，二级交换采用catalyst 3500,同时为了说明trunk,又加了一个catalyst 2900作为三级交换，对于终端连接用了 catalyst 1900交换机，这样就可以在catalyst 6506与catalyst 3500 之间以及 catalyst 3500 与 catalyst 2900 之间建立 trunk,实 现跨交换机的

2、vlan。注：catalyst 2900系列如果要实现trunk,软件必须是企业版的，关于类似疑问 可以至疑难杂谈栏目。2. 对于外连上,主要是专线连接和拨号访问，当然种类比较多包括了 ddn、 isdn、frame relay、e1 线路等。3. 本例给出设备的基本配置。4. 对于多设备的连接问题，值得注意的是路由问题,本实例外连部分采用静态路由而内 部局域网采用动态路由.5. 在本例的帧中继配置中,运用了 ip unnumbered，可以节省地址资源，有兴趣可以 注意一下网络拓展图m.远程分部m.ct 2$ie bct 1w3按号云*.». it/* cig 2(11 cm.im

3、j.vitcisce 2$lt am/w血*.!/ytkeiietba1>巴土如 fix 52t afix 52t bn.tr ivw|30 b+d萍刿式访|iooomai.e.vnnmrrytttims_j：ataly«t $5kcatalyst 1900 d/linaecatalyst 1900 cuaw nu$catalyst 1900 b(ruiocatalyst 1900all.xt.vm(*ui»/16/16/16/16/16/16vlan划分问

4、题对于交换设备本例中划到vlan 1中，而对于外连设备的所有以太网端口,均划到vlan 2中，下面给出各vlan的名称和网关地址，本例划分8个vlan.vlan id vlan name gatewayvlan 1 bluestudy 1vlan 2 bluestudy 2vlan 3 bluestudy 3vlan 4 bluestudy 4vlan 5 bluestudy 5vlan 6 bluestudy 6vlan 7 bluestudy 7 /16vlan 8 bluestudy 8 /16catalyst 6506 的配置enter password

5、: <return> enableenter password: <return> config tset system name bluestudy set time 10/30/2000 9:30:00 set password<return>v n ew_log i n_passwo rd >v n ew_log i n_passwo rd > set enablepass<return> <new_enable_password><new_enable_password>set interface sc

6、o /16set ip route default set ip dns server 00set ip dns domain set ip dns enableset vtp domain bluestudy mode serverset vlan 1n ameset vlan 2n ameset vlan 3n ameset vlan 4n ameset vlan 5n ameset vlan 6n ameset vlan 7n ameset vlan 8n amebluestudy 1bluestudy 2bluestudy 3bluest

7、udy 4bluestudy 5bluestudy 6bluestudy 7bluestudy 8set port negotiation 2/1 -8 enableset port name 2/1-8 gec 802.1 q trunk set trunk 2/1-8 desirable dotlqset port speed 2/1-8 1000 set vlan 1 3/1-48对于6506的交换机方面的配置只需做岀trunk即可，因为要实现跨交换机之间的虚网，下面配置6506的路由模块，因为6506的路由模块现在与管理引擎模块集成在了一起，所以，默认命令是:session 15，详情

8、请见6506路由设置.catalyst 6506rsm模块的配置 (enable) session 15trying router-15. connected to router-15. escape character is "' enable configure terminal hostname bluestudy enable password password line vty 0 6password secret_wordip domain-name ip name-server 00 interface vlan 1ip address 10.1

9、.0.1 no shutdowninterface vlan 2ip address no shutdowninterface vlan 3ip address no shutdown interface vlan 4ip address no shutdowninterface vlan 5ip address no shutdown interface vlan 6ip address 10.6.0.

10、1 no shutdowninterface vlan 7ip address no shutdowninterface vlan 8ip address no shutdownrouter ripversion 2network ip route 2ip route 3ip route 40 1i

11、p route 1ip route 1ip route 1 copy running-config startup-configbuilding configuration.ok这里给出的是单纯的命令行，略去了一些默认状况的设置.catalyst 3500 的配置iversion 12.0no service padservice timestamps debug uptimeservice

12、timestamps log uptimeservice password-encryptionihostname bluestudy enable password passworduser name bluestudy password password username test password passwordi省略端口的显示iinterface gigabitetherneto/1switchport trunk encapsulation dotlq switchport mode trunkiinterface gigabitetherneto/2iinterface vlan

13、1ip address ip helper-address 00ip directed-broadcastno ip route-cacheiip default-gateway interface ethernet1/1 （与 2900 对接）switchport trunk encapsulation dotlq switchport mode trunkiinterface ethernet1/2（与 1900 a 对接）switchport access vlan 3no shutinterface etherne

14、t1/3（与 1900 b 对接）switchport access vlan 4no shutisnmp-server engineld local000000090200000216be4e80snmp-server community public rosnmp-server community private rwsnmp-server chassis-id 0x17（打开简单的网络管理，便于以后，cisco网管软件识别和管理）line con 0login localtransport input nonestopbits 1line vty 0 4login localline v

15、ty 5 15loginiendcatalyst 2900 的配置2900的配置与3500的相似，命令如下hostname bluestudyenable password passwordiusername bluestudy password passwordusername test password passwordinterface etherneto/1 （与 3500 对接） switchport trunk encapsulation dotlq switchport mode trunkiinterface vlan1ip address 255.255.0

16、.0ip helper-address 00ip directed-broadcastno ip route-cacheiip default-gateway iinterface ethernet0/2（与 1900 c 对接）switchport access vlan 5no shutiinterface ethemeto/3（与 1900 d 对接）switchport access vlan 6no shutisnmp-server engineld local 000000090200000216be4e80 snmp-server communit

17、y public ro snmp-server community private rw snmp-server chassis-id 0x17 line con 0 login local transport input none stopbits 1 line vty 0 4 login local line vty 5 15 loginiendcisco catalyst 1900 的配置对于1900的配置就相对容易得多了只需在enable状态下键入setup就会进入配置向导 给出交换机的ip 地址:掩码:网关:就可以了,另外应该打开

18、简单的网络管理协议snmpsnmp-server community public ro snmp-server community private rw即可pix 520a的基本配置pix version 4.2(4)nameif etherneto outside securityo nameif ethernetl inside securityl 00 enable password password encrypted passwd password encrypted host name pix_afixup protocol ftp 21fixup protocol http 8

19、0fixup protocol smtp 25fixup protocol h323 1720fixup protocol rsh 514fixup protocol sqlnet 1521namesno failoverfailover timeout 0:00:00failover ip address outside failover ip address inside pager lines 24no logging con solelogging monitor debugginglogging buffered debuggingno logging

20、traplogging facility 20interface etherneto autointerface ethernetl autoip address outside 52ip address inside 3 arp timeout 14400nat (inside ) 0 52rip outside passiveno rip outside defaultno rip in side passiverip inside defaultrou

21、te outside route inside timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00timeout rpc 0:10:00 h323 0:05:00timeout uauth 0:05:00 absolut esnmp-server community public ro snmp-server community private rw telnet 00 55telnet t

22、imeout 15mtu outside 1500mtu inside 1500floodguard 0cisco 2610a 的配置current configuration:iversion 11.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryptionihostname 2610aienable password password username bluestudy password password no ip domain-lookup!interface eth

23、erneto/oip address 52no shutiinterface serialo/oip address 52no shutiinterface serialo/1no ip addressshutdowniip route ip route isnmp-server community public rosnmp-server community priv

24、ate rwline aux 0 line vty 0 4login localino scheduler allocateendcisco 1603的配置current configuration:iversion 12.0service timestamps debug uptime service timestamps log uptime no service password-encryptionihostname 1603ienable secret password enable password password memory-size iomem 25ip subnet-ze

25、roiinterface serialoip address 52 no ip directed-broadcastiinterface ethernetoip address no ip unreachablesno ip directed-broadcastiip classlessip route sono ip http serverisnmp-server community public rosnmp-server community private

26、rwpassword passwordtransport input noneline aux 0line vty 0 4password passwordloginino scheduler allocateendpix 520b的基本配置pix version 4.2(4)nameif etherneto outside securityo nameif ethernetl inside securityl 00 enable password password encrypted passwd password encrypted hostname pix520_bfixup proto

27、col ftp 21fixup protocol http 80fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514fixup protocol sqlnet 1521namesno failoverfailover timeout 0:00:00failover ip address outside failover ip address inside pager lines 24no logging consoleno logging monitorno logging bu

28、fferedno logging traplogging facility 20interface etherneto autointerface ethernetl autoip address outside 7 48ip address inside 2 arp timeout 14400global (outside) 1 00nat (inside) 1 0 0 no rip outside passive no rip outside de

29、faultno rip in side passiveno rip in side defaultroute outside 8timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00timeout uauth 0:05:00 absoluteno snmp-server locationno snmp-server contactsnmp-server community publicno snmp-server enable trap

30、stelnet 00 55telnet timeout 15mtu outside 1500mtu inside 1500floodguard 0cisco 261 ob 的配置current configuration: version 11.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryptionihostname 261 obienable password passwordiusername bluestudy passwor

31、d passwordno ip domain-lookup!iinterface etherneto/oip address 8 48 no shutiinterface serialo/oip address 52no shutiinterface serialo/1no ip addressshutdow n ip route isnmp-server community public rosnmp-server community pr

32、ivate rwiline con 0line aux 0line vty 0 4login localino scheduler allocateendcisco 2610c 的配置version 11.2service udp-small-serversservice tcp-small-serversihostname 2610cienable secret cisco ip sub net-zerono ip domain-lookup ip address-pool localisdn switch-type basic-net3interface ethernetoip addre

33、ss 1 iinterface serialono ip addressencapsulation frame-relay frame-relay imi-type ansiiinterface serialo.1 point-to-point description frame relay to bluestudyl ip unnumbered etherneto frame-relay interface-dlci 10iinterface serialo.2 point-to-point description frame relay to blue

34、study2 ip unnumbered etherneto frame-relay interface-dlci 11iinterface br11/0no ip addressshutdownisdn switch-type basic-net3 interface bri1/1 ip address 40 encapsulation ppptimeout absolute 60 0dialer idle-timeout 3600dialer-group 1isdn switch-type basic-net3peer default ip

35、 address pool defaultppp authentication chap pap calliniinterface br11/2no ip addressencapsulation pppshutdownisdn switch-type basic-net3iinterface br11/3no ip addressencapsulation pppshutdownisdn switch-type basic-net3 no peer default ip address ip local pool default 4ip http

36、 serverip classlessip route serialo.1ip route serial0.2ip route iaccess-list 1 permit anydialer-list 1 protocol ip list 1line con 0password console loginline aux 0line vty 0 4password telnetloginiendcisco 1720a 的配置version 11

37、.2service udp-small-serversservice tcp-small-servershost name bluestudyl enable secret cisco ip subnet-zerono ip domain-lookupiinterface fastethernetoip address iinterface serialono ip addressencapsulation frame-relayiinterface serialo.1 point-to-point description frame rela

38、y to bluestudy ip unnumbered etherneto frame-relay interface-dlci 10iip http serverip classlessip route serialo.1iline con 0password consoleloginline aux 0line vty 0 4password bluestudylloginiendcisco 1720b 的配置version 11.2service udp-small-serversservice tcp-small-servershostname bluestudylienable secret ciscoiip subnet-zerono ip domain-lookupiinterface fastethernetoip address 1