《查看物理连结工作环境网络设备工作是否合格》由会员分享,可在线阅读,更多相关《查看物理连结工作环境网络设备工作是否合格(14页珍藏版)》请在金锄头文库上搜索。
1、r2(config)#spanning-tree vlan 20 root secondaryr4(config)#spanning-tree uplinkfast r4(config)#int range f0/7 -8r4(config-if-range)#spanning-tree portfast r4(config-if-range)#end11.5 HSRP配置r2#conf tr2(config)#int vlan 10r2(config-if)#ip add 192.168.10.10 255.255.255.0r2(config-if)#no shr2(config-if)#
2、standby 1 ip 192.168.10.1r2(config-if)#standby 1 priority 200r2(config-if)#standby 1 preer2(config-if)#standby 1 track fastEthernet 0/0 80r2(config-if)#int vlan 20r2(config-if)#ip add 192.168.20.10 255.255.255.0r2(config-if)#no shr2(config-if)#standby 2 ip 192.168.20.1r2(config-if)#standby 2 priorit
3、y 150r2(config-if)#standby 2 preempt r2(config-if)#endr3#conf tr3(config)#int vlan 10r3(config-if)#ip add 192.168.10.11 255.255.255.0r3(config-if)#no shr3(config-if)#standby 1 ip 192.168.10.1r3(config-if)#standby 1 priority 150r3(config-if)#standby 1 preempt r3(config-if)#int vlan 20r3(config-if)#ip
4、 add 192.168.20.11 255.255.255.0r3(config-if)#no shr3(config-if)#standby 2 ip 192.168.20.1r3(config-if)#standby 2 priority 200r3(config-if)#standby 2 preempt r3(config-if)#standby 2 track fastEthernet 0/0 80r3(config-if)#end11.6 OSPF配置r1#conf tr1(config)#router ospf 65r1(config-router)#network 172.1
5、6.0.0 255.255.255.252 a 0r1(config-router)#network 172.16.0.4 255.255.255.252 a 0r1(config-router)#network 172.16.0.8 255.255.255.252 a 0r1(config-router)#endr2#conf tr2(config)#router ospf 65r2(config-router)#net 192.168.10.0 0.0.0.255 a 0r2(config-router)#network 192.168.20.0 0.0.0.255 a 0r2(confi
6、g-router)#network 172.16.0.0 0.0.0.3 a 0r2(config-router)#endr3#conf tr3(config)#router ospf 65r3(config-router)#network 192.168.10.0 0.0.0.255 a 0r3(config-router)#network 192.168.20.0 0.0.0.255 a 0r3(config-router)#network 172.16.0.4 255.255.255.252 a 0r3(config-router)#end11.7 NAT配置r1(config)#int
7、 e0/0r1(config-if)#ip nat outsider1(config-if)#int e0/1r1(config-if)#ip nat insider1(config-if)#int s1/0r1(config-if)#ip nat insider1(config-if)#int e0/2r1(config-if)#ip nat insider1(config)#access-list 100 permit ip any anyr1(config-if)#ip nat inside sou list 100 pool d6z overlor1(config)#ip nat po
8、ol d6z 102.0.0.4 102.0.0.4 netmask 255.255.255.0r1(config)#ip nat inside source static tcp 192.168.10.100 23 102.0.0.411.8 VPN配置1:ipsec vpn配置r1#conf tr1(config)#crypto isakmp policy 10r1(config-isakmp)#authentication pre-share r1(config-isakmp)#group 2r1(config-isakmp)#hash md5 r1(config-isakmp)#exi
9、tr1(config)#crypto ipsec transform-set myset esp-des esp-md5-hmacr1(cfg-crypto-trans)#exit r1(config)#crypto keyring ciscor1(conf-keyring)#pre-shared-key address 103.0.0.2 key d6zr1(conf-keyring)#exitr1(config)#$ 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 r1(config)#crypto isakmp pr
10、ofile ipsecr1(conf-isa-prof)#match identity add 103.0.0.2r1(conf-isa-prof)#keyring ciscor1(conf-isa-prof)#exitr1(config)#crypto map bj 1 ipsec-isakmpr1(config-crypto-map)#match address 100 r1(config-crypto-map)#set transform-set mysetr1(config-crypto-map)#set peer 103.0.0.2r1(config-crypto-map)#set
11、isakmp-profile ipsecr1(config-crypto-map)#exitr1(config)#int e0/1 r1(config-if)#crypto map bjr1(config-if)#endr3#conf tr3(config)#crypto isakmp policy 10r3(config-isakmp)#authentication pre-share r3(config-isakmp)#group 2r3(config-isakmp)#hash md5 r3(config-isakmp)#exitr3(config)#crypto ipsec transf
12、orm-set myset esp-des esp-md5-hmacr3(cfg-crypto-trans)#exit r3(config)#crypto keyring ciscor3(conf-keyring)#pre-shared-key address 102.0.0.2 key d6zr3(conf-keyring)#exitr3(config)#$ 100 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 r3(config)#crypto isakmp profile ipsecr3(conf-isa-prof)#ma
13、tch identity add 102.0.0.2r3(conf-isa-prof)#keyring ciscor3(conf-isa-prof)#exitr3(config)#crypto map bj 1 ipsec-isakmpr3(config-crypto-map)#match address 100 r3(config-crypto-map)#set transform-set mysetr3(config-crypto-map)#set peer 102.0.0.2r3(config-crypto-map)#set isakmp-profile ipsecr3(config-c
14、rypto-map)#exitr3(config)#int e0/0 r3(config-if)#crypto map bjr3(config-if)#end测试2 easy VPN配置r1(config)#crypto isak policy 10r1(config-isakmp)#auth pr1(config-isakmp)#hash md5r1(config-isakmp)#g 2r1(config-isakmp)#exitr1(config)#cry ipse transform-set myset esp-d esp-md5-hmac r1(cfg-crypto-trans)#ex
15、itr1(config)#crypto isakmp client configuration group vpnd6zr1(config-isakmp-group)#key d6zr1(config-isakmp-group)#pool vpnpoolr1(config-isakmp-group)#dns 172.16.1.2r1(config-isakmp-group)#exitr1(config)#ip local pool vpnpool 192.168.5.1 192.168.5.100r1(config)#username d6z pass gymr1(config)#aaa newr1(config)#aaa authen login vpnclient localr1(config)#aaa author network vpngroup localr1(config)#crypto isak profile easy r1(conf-isa-prof)#match identity group vpnd6zr1(conf-isa-prof)#cli