实验目标
1实现VLAN的统一配置和管理
2配置链路备份从而实现网络的高可用性
3配置OSPF使寻址更高效并选择最优路径
4配置NAT实现内部与外部的通讯
5配置IPSEC ×××实现站点与站点的安全通讯
 
                
                            配置步鄹
1.     配置VTP实现VLAN的统一配置和管理(配置VTP前要先配置TRUNK口,VTP在服务器上配置)
测试:在客户端用show vlan-switch
2.     配置PVST指定主根桥,次根桥,上行链路,速端口,以太网通道)
测试:在非根桥上用show spanning-tree bri
3.     在三层交换机上起路由并配置路由接口,配置VLANIP(实现不同VLAN间的通信)
4.     配置OSPF
测试:用show ip route
5.     配置HSRP(虚拟IP,优先级,占先权,端口跟踪只有活跃的一方配)
测试:用show standby bri
6.     配置NAT
测试:用show ip nat translation
7.     配置×××
 
                        相关配置命令
 
R1
 
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  host R1
  int s0/0
  ip add 201.0.0.1 255.255.255.0
  no shut
  exit
  int lo0
  ip add 7.7.7.7 255.255.255.0
  no shut
  exit
  access-list 1 permit 7.7.7.0 0.0.0.255
  route-map fornat permit 10
  match ip add 1
  exit
  ip nat inside source route-map fornat interface s0/0 overload
  int s0/0
  ip nat outside
  exit
  int lo0
  ip nat inside
  exit
  ip route 0.0.0.0 0.0.0.0 s0/0
  crypto isakmp enable
  crypto isakmp policy 10
  hash md5
  authentication pre-share
  encryption des
  exit
  crypto isakmp key 0 qqq111,,, address 202.0.0.1
  crypto ipsec transform-set for*** esp-des esp-md5-hmac
  exit
  crypto ipsec profile site2site
  set transform-set for***
  interface tunnel 0
  ip add 5.5.5.6 255.255.255.0
  tunnel source s0/0
  tunnel destination 202.0.0.1
  tunnel protection ipsec profile site2site
  no shut
  exit
  router ospf 500
  network 7.7.7.7 0.0.0.0 area 2
  network 5.5.5.6 0.0.0.0 area 2
 
  R2
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  host R2
  int s0/0
  ip add 201.0.0.2 255.255.255.0
  clock rate 64000
  no shut
  exit
  int s0/1
  ip add 202.0.0.2 255.255.255.0
  clock rate 64000
  no shut
 
  R3
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  host R3
  int s0/1
  ip add 202.0.0.1 255.255.255.0
  no shut
  exit
  int lo0
  ip add 1.1.1.1 255.255.255.0
  no shut
  exit
  int s0/0
  ip add 192.168.10.9 255.255.255.252
  no shut
  exit
  int f1/0
  ip add 192.168.10.1 255.255.255.252
  no shut
  exit
  int f2/0
  ip add 192.168.10.5 255.255.255.252
  no shut
  exit
  access-list 1 permit 192.168.0.0 0.0.255.255
  route-map fornat permit 10
  match ip add 1
  exit
  ip nat inside source route-map fornat interface s0/1 overload
  int s0/1
  ip nat outside
  exit
  int s0/0
  ip nat inside
  int f1/0
  ip nat inside
  exit
  int f2/0
  ip nat inside
  exit
  ip route 0.0.0.0 0.0.0.0 s0/1
  crypto isakmp enable
  crypto isakmp policy 10
  hash md5
  authentication pre-share
  encryption des
  exit
  crypto isakmp key 0 qqq111,,, address 201.0.0.1
  crypto ipsec transform-set for*** esp-des esp-md5-hmac
  exit
  crypto ipsec profile site2site
  set transform-set for***
  interface tunnel 0
  ip add 5.5.5.5 255.255.255.0
  tunnel source s0/1
  tunnel destination 201.0.0.1
  tunnel protection ipsec profile site2site
  no shut
  exit
  router ospf 400
  network 1.1.1.1 0.0.0.0 area 0
  network 192.168.10.1 0.0.0.0 area 0
  network 192.168.10.5 0.0.0.0 area 0
  network 192.168.10.9 0.0.0.0 area 1
  network 5.5.5.5 0.0.0.0 area 2
 
  R4
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int s0/0
  ip add 192.168.10.10 255.255.255.252
  no shut
  exit
  int lo0
  ip add 6.6.6.6 255.255.255.252
  no shut
  exit
  ip route 0.0.0.0 0.0.0.0 s0/0
  router ospf 300
  network 192.168.10.10 0.0.0.0 area 1
  network 6.6.6.6 0.0.0.0 area 1
 
  sw1
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int range fastethernet 0/1 - 15
  swit mode trunk
  exit
  int f0/0
  no sw
  ip add 192.168.10.2 255.255.255.252
  no shut
  end
  vlan data
  vtp domain test
  vtp ser
  vtp pass 111111
  vtp prun
  vlan 2
  vlan 3
  vlan 4
  vlan 5
  exit
  conf t
  spanning-tree vlan 2 root primary
  spanning-tree vlan 3 root sec
  spanning-tree vlan 4 root primary
  spanning-tree vlan 5 root sec
  int range f 0/14 - 15
  channel-group 1 mode on
  exit
  int vlan 2
  ip add 192.168.2.254 255.255.255.0
  no shut
  exit
  int vlan 3
  ip add 192.168.3.254 255.255.255.0
  no shut
  exit
  int vlan 4
  ip add 192.168.4.254 255.255.255.0
  no shut
  exit
  int vlan 5
  ip add 192.168.5.254 255.255.255.0
  no shut
  exit
  ip route 0.0.0.0 0.0.0.0 f0/0
  router ospf 100
  network 192.168.10.2 0.0.0.0 area 0
  network 192.168.2.254 0.0.0.0 area 0
  network 192.168.3.254 0.0.0.0 area 0
  network 192.168.4.254 0.0.0.0 area 0
  network 192.168.5.254 0.0.0.0 area 0
  exit
  int vlan 2
  no ip redirects
  standby 50 ip 192.168.2.1
  standby 50 priority 100
  standby 50 preempt
  standby 50 track f0/0 20
  exit
  int vlan 3
  no ip redirects
  standby 51 ip 192.168.3.1
  standby 51 priority 100
  standby 51 preempt
  standby 51 track f0/0 20
  exit
  int vlan 4
  no ip redirects
  standby 52 ip 192.168.4.1
  standby 52 priority 100
  standby 52 preempt
  standby 52 track f0/0 20
  exit
  int vlan 5
  no ip redirects
  standby 53 ip 192.168.5.1
  standby 53 priority 100
  standby 53 preempt
  standby 53 track f0/0 20
  end
 
 
  sw2
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int range fastethernet 0/1 - 15
  swit mode trunk
  exit
  int f0/0
  no sw
  ip add 192.168.10.6 255.255.255.252
  no shut
  end
  vlan data
  vtp domain test
  vtp ser
  vtp pass 111111
  vtp prun
  vlan 2
  vlan 3
  vlan 4
  vlan 5
  exit
  conf t
  spanning-tree vlan 3 root primary
  spanning-tree vlan 2 root sec
  spanning-tree vlan 5 root primary
  spanning-tree vlan 4 root sec
  int range f 0/14 - 15
  channel-group 1 mode on
  exit
  int vlan 2
  ip add 192.168.2.253 255.255.255.0
  no shut
  exit
  int vlan 3
  ip add 192.168.3.253 255.255.255.0
  no shut
  exit
  int vlan 4
  ip add 192.168.4.253 255.255.255.0
  no shut
  exit
  int vlan 5
  ip add 192.168.5.253 255.255.255.0
  no shut
  exit
  ip route 0.0.0.0 0.0.0.0 f0/0
  router ospf 200
  network 192.168.10.6 0.0.0.0 area 0
  network 192.168.2.253 0.0.0.0 area 0
  network 192.168.3.253 0.0.0.0 area 0
  network 192.168.4.253 0.0.0.0 area 0
  network 192.168.5.253 0.0.0.0 area 0
  exit
  int vlan 2
  no ip redirects
  standby 50 ip 192.168.2.1
  standby 50 priority 90
  standby 50 preempt
  exit
  int vlan 3
  no ip redirects
  standby 51 ip 192.168.3.1
  standby 51 priority 90
  standby 51 preempt
  exit
  int vlan 4
  no ip redirects
  standby 52 ip 192.168.4.1
  standby 52 priority 90
  standby 52 preempt
  exit
  int vlan 5
  no ip redirects
  standby 53 ip 192.168.5.1
  standby 53 priority 90
  standby 53 preempt
  end
 
  sw3
 
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int range fastethernet 0/1 - 2
  swit mode trunk
  end
  vlan data
  vtp domain test
  vtp cli
  vtp pass 111111
  exit
 
  SW4
 
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int range fastethernet 0/1 - 2
  swit mode trunk
  end
  vlan data
  vtp domain test
  vtp cli
  vtp pass 111111
  exit
 
  SW5
 
  en
  config t
  no ip http server
  no ip domain-loo
  line con 0
  loggin syn
  no exec-t
  end
  conf t
  int range fastethernet 0/1 - 2
  swit mode trunk
  end
  vlan data
  vtp domain test
  vtp cli
  vtp pass 111111
  exit