Cisco组网实例

案例描述典型中小企业组网实例，申请一个公网IP和10M带宽，一台CISCO路由器，WEB服务器，文件服务器，FTP服务器等，客户端办公电脑，300台左右，多部门划分VLAN，用ACL控制各部门访问权限，配置网络打印机。

解决方案1,配置Routera).配置接口Interface fastethernet0/1Ip address 172.27.0.1 255.255.255.252Duplex autoSpeed autoIp nat insideNo shutdownInterface fastethernet0/2Ip address 202.103.0.117 255.255.255.248Duplex autoSpeed autoIp nat outsideNo shutdownb)配置路由ip route 0.0.0.0 0.0.0.0 202.103.0.117c).配置过载ip nat inside source list 110 interface FastEthernet0/2 overloadaccess-list 110 permit ip 172.27.0.0 0.0.255.255 anyd).配置端口映射Ip nat inside source static tcp 172.27.2.1 80 202.103.0.117 80 映射WEB服务器Ip nat inside source static tcp 172.27.2.2 21 202.102.0.117 21 映射FTP 服务器文件服务器 172.27.2.3 只提供企业内网使用，不配置端口映射2，配置Core switch CISCO 4503a)配置VTPVTP Version : 2Configuration Revision : 7Maximum VLANs supported locally : 1005Number of existing VLANs : 9VTP Operating Mode : ServerVTP Domain Name : OAVTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : Enabledb) 配置VLANcore-sw#vlan database 进入vlan配置模式core-sw (vlan)#vtp domain OA 设置vtp管理域名称OAcore-sw (vlan)#vtp server 设置交换机为服务器模式core-sw (vlan)#vlan 2 name guanli 创建VLAN2,命名为管理core-sw (vlan)#vlan 10 name shichang 创建VLAN 10，命名为市场core-sw (vlan)#vlan 11 name caiwucore-sw (vlan)#vlan 12 name shejicore-sw (vlan)#vlan 13 name netprintercore-sw (vlan)#vlan 20 name server配置CORE-SW管理IPcore-sw(config)#interface vlan 2core-sw(config-if)#ip address 172.27.254.254 255.255.255.0 配置各个VLAN 网关IPcore-sw(config)#interface vlan 10core-sw(config-if)#ip address 172.27.47.254 255.255.255.0core-sw(config)#interface vlan 11core-sw(config-if)#ip address 172.27.45.254 255.255.255.0core-sw(config)#interface vlan 12core-sw(config-if)#ip address 172.27.46.254 255.255.255.0core-sw(config)#interface vlan 13core-sw(config-if)#ip address 172.27.31.254 255.255.255.0core-sw(config)#interface vlan 20core-sw(config-if)#ip address 172.27.2.254 255.255.255.0 将CORE-SW上的端口根据需要划分至各个VLANc) 配置ACL 应用在各个部门VLAN接口上，控制各部门互访access-list 10 permit 172.27.2.0 0.0.0.255access-list 10 permit 172.27.31.0 0.0.0.255access-list 10 deny 172.27.0.0 0.0.255.255access-list 10 permit anyaccess-list 10 应用于VLAN 10 OUT方向上，市场部内部可以互访，可以访问服务器网段和网络打印机网段，但不能访问财务部和设计部所在网段access-list 11 permit 172.27.2.0 0.0.0.255access-list 11 permit 172.27.31.0 0.0.0.255access-list 11 permit 172.27.47.0 0.0.0.255access-list 11 deny 172.27.0.0 0.0.255.255access-list 11 permit anyaccess-list 11应用在VLAN 11 OUT方向上，财务部内部可以互访问，可以访问服务器网段和网络打印机网络，可以访问市场部网段，但不能访问设计部网段设计部VLAN 12 ，网络打印机 VLAN 13，服务器 VLAN 20 可以访问任意网段，应用访问列表access-list 101 在in的方向上，封掉常见病毒端口，（可以根据实际需要将此ACL应用于任一接口）access-list 101 deny tcp any any eq 1068access-list 101 deny tcp any any eq 2046access-list 101 deny udp any any eq 2046access-list 101 deny tcp any any eq 4444access-list 101 deny udp any any eq 4444access-list 101 deny tcp any any eq 1434access-list 101 deny udp any any eq 1434access-list 101 deny tcp any any eq 5554access-list 101 deny tcp any any eq 9996access-list 101 deny tcp any any eq 6881access-list 101 deny tcp any any eq 6882access-list 101 deny tcp any any eq 16881access-list 101 deny udp any any eq 5554access-list 101 deny udp any any eq 9996access-list 101 deny udp any any eq 6881access-list 101 deny udp any any eq 6882access-list 101 deny udp any any eq 16881access-list 101 permit ip any anyd).配置OSPF!router ospf 100log-adjacency-changesnetwork 172.27.0.0 0.0.255.255 area 0default-information originate!3.配置接入层交换机 CISCO 2950a)配置VTPVTP Version : 2Configuration Revision : 7Maximum VLANs supported locally : 1005Number of existing VLANs : 9VTP Operating Mode : ClientVTP Domain Name : OAVTP Pruning Mode : Enabled 打开VTP修剪VTP V2 Mode : EnabledVTP Traps Generation : Enabledb) 配置VLANsw1#vlan database 进入vlan配置模式sw1 (vlan)#vtp domain OA 设置vtp管理域名称OAsw1 (vlan)#vtp server 设置交换机为服务器模式配置接入层交换机管理IPSw1(config)#interface vlan 2Sw1(config-if)#ip address 172.27.254.1 255.255.255.0Sw2(config)#interface vlan 2Sw2(config-if)#ip address 172.27.254.2 255.255.255.0 将接入层交换机各端口根据需要，划入各个VLAN例：Sw1(config)#interface fa0/1Sw1(config-if)#swi access vlan 12Sw2(config)#interface range fa0/1 - 10Sw2(config-if)# swi access vlan 134.配置办公电脑市场部办公电脑IP：172.27.47.1子网：255.255.255.0网关：172.27.47.254DNS：202.10.20.30 注：配置所有地区的电信DNS服务器即可202.10.22.33为了加强对办公电脑的管理，采用固定IP地址的方法，对人员，电脑，IP，MAC 地址进行登记，可以安装一台监控PC，使用SNIFFER软件比外网出口进行监控，发现IP异常，就可以找到使用人。

cisco模拟器之------交换机、路由器、vlan的综合实例主要实现功能：a）位于路由器同⼀侧的不同⽹段的主机之间实现通信。

b) 位于不同路由器的主机之间实现通信。

⽹络拓扑图：命令配置：switch0的配置：Switch（config）#vlan 11 //划分⼦⽹11Switch（config-vlan）#name T11Switch（config-vlan）#no shutdownexitSwitch（config）#vlan 22 //划分⼦⽹22Switch（config-vlan）#name T22Switch（config-vlan）#no shutdownexitSwitch（config）#interface fastethernet 0/1Switch (congfig-if)#switchport mode trunk //把0/1接⼝设为trunk模式Switch (config-if)#no shutdownSwitch (config-if)#exitSwitch（config）#interface fastethernet 0/2 //把0/2接⼝划分给⼦⽹11Switch (congfig-if)#switchport access vlan 11Switch (config-if)#no shutdownSwitch (config-if)#exitSwitch（config）#interface fastethernet 0/3Switch (congfig-if)#switchport access vlan 22 //把0/3接⼝划分给⼦⽹22Switch (config-if)#no shutdownSwitch (config-if)#exitSwitch1的配置：Switch（config）# vlan 11Switch（config-vlan）#name T11Switch（config-vlan）#no shutdownexitSwitch（config）# vlan 22Switch（config-vlan）#name T22Switch（config-vlan）#no shutdownexitSwitch（config）#interface fastethernet 0/1Switch (congfig-if)#switchport mode trunkSwitch (config-if)#no shutdownSwitch (config-if)#exitSwitch（config）#interface fastethernet 0/2Switch (congfig-if)#switchport access vlan 11Switch (config-if)#no shutdownSwitch (config-if)#exitSwitch（config）#interface fastethernet 0/3Switch (congfig-if)#switchport access vlan 22Switch (config-if)#no shutdownSwitch (config-if)#exitRouter0的配置：Switch (config)#int f0/1.1 //在0/1接⼝下划分⼦接⼝0/1.1Switch (config)#int f0/1.2 //在0/1接⼝下划分⼦接⼝0/1.2Switch（config）#interface fastethernet 0/1.1 //配置⼦接⼝0/1.1的路由信息Switch (congfig-subif)#encapsulation dot1Q 11 //单臂路由Switch (config-subif)#ip address 192.168.48.1 255.255.255.0Switch (config-subif)#exitSwitch（config）#interface fastethernet 0/1.2 //配置⼦接⼝0/1.2的路由信息Switch (congfig-subif)#encapsulation dot1Q 22 //单臂路由Switch (config-subif)#ip address 192.168.49.1 255.255.255.0Switch (config-subif)#exitSwitch（config）#interface fastethernet 0/1Switch (congfig-subif)#no shutdownSwitch (congfig-subif)#exitSwitch (congfig)#interface fastethernet 0/0 //配置接⼝0/0的路由信息Switch (config-subif)#ip address 192.168.127.1 255.255.255.0Switch (congfig-subif)#no shutdownSwitch (congfig-subif)#exitSwitch (config)#ip route 192.168.64.0 255.255.255.0 192.168.127.2 //配置静态路由协议Switch (config)#ip route 192.168.72.0 255.255.255.0 192.168.127.2Switch (config)#exitRouter1的配置：Switch (config)#int f0/1.1Switch (config)#int f0/1.2Switch（config）#interface fastethernet 0/1.1Switch (congfig-subif)#encapsulation dot1Q 11Switch (config-subif)#ip address 192.168.64.1 255.255.255.0Switch (config-subif)#exitSwitch（config）#interface fastethernet 0/1.2Switch (congfig-subif)#encapsulation dot1Q 22Switch (config-subif)#ip address 192.168.72.1 255.255.255.0Switch (config-subif)#exitSwitch（config）#interface fastethernet 0/1Switch (congfig-subif)#no shutdownSwitch (congfig-subif)#exitSwitch (congfig)#interface fastethernet 0/0Switch (config-subif)#ip address 192.168.127.2 255.255.255.0Switch (congfig-subif)#no shutdownSwitch (congfig-subif)#exitSwitch (config)#ip route 192.168.48.0 255.255.255.0 192.168.127.1Switch (config)#ip route 192.168.49.0 255.255.255.0 192.168.127.1Switch (config)#exit分别给各台主机配置ip以及其他信息：结果每台主机都可以通信。

Cisco 路由器的基本配置百余例[连载]目录1.用户通过DDN专线接入ISP2.远程用户拨号连入局域网3.远程用户间对拨4.Cisco HSRP的配置5.Cisco 2500系列升级指南6.路由器初始配置向导7.ISDN 拨号备份8.CISCO路由器的一般配置与调试9.Cisco 路由器寄存器配置10.Cisco HSRP的最新配置实录11.Cisco router show interface e012.将Cisco 路由器配成X.25交换机13.策略路由配置实例14.关于Flash格式化操作的尝试15.关于定时访问列表的操作16.show Intface 与 show ip intface 的操作17.Cisco路由器配置实例(反转多路复用的妙用)18.调试路由器做中继代理的小插曲(1)19.调试路由器做中继代理的小插曲(2)20.Cisco As 5800 ppp_Authentication Config21.Cisco 2621 adsl config22.Cisco Catalyst 4003 的第三层配置23.AS 5300 配置实例24.Cisco 路由器基本配置命令25.DHCP 配置26.神奇恢复Cisco路由器口令27.焊了几条CONSOLE线28.网络配置与IP路由实例29.用Cisco路由器实现异网路由30.通信接口及调制解调器31.Cisco 路由器VOIP 设置命令详解32.配置Cisco路由器中的Modem33.一份关于EASE-IP的配置34.怎样实现路由器回拨电话35.路由上配trunk全过程36.CISCO7200路由器MultiChannel配置介绍37.3620上同时配置了8个口BRI和8个内置MODEM用作拔入38.BGP+Eigrp Configurition39.3662+isdn pri作为拨号服务器40.ADSL 非固定IP配置41.基于源地址的策略路由(new ver)42.通过Xmodem升级2610的IOS实例（02/4/3）43.完整的VOIP应用实例（02/4/7）44.一个3640的VOIP配置（02/4/7）45.浅谈路由器的安全配置（02/4/7）46.路由器配成桥的实例（02/4/7）47.CISCO 2505路由器HUB端口的安全性配置48.Cisco ADSL 配置说明49.Cisco 2620路由器的配置与维护50.Cisco 路由器在UNIX 下的备份恢复和更新51.ISDN PRI DDR配置实例52.ISDN 拨号备份的示例53.NAT 和 PAT 的应用配置54.NT下Cisco 2620拨号访问服务器的建立55.show controller e1 命令详解56.Cisco 路由器Callback 配置示例57.复杂的VOIP配置58.关键业务数据包优先发送及其在Cisco路由器中的实现59.广域网路由基本技术60.解决CISCO路由器Y2K的快捷方法61.利用Cisco2611路由器实现类163拨号拨入、拨出功能62.配置 IPSec - 路由器到PIX防火墙63.桥接技术巧解路由器配置IP问题64.双机热备的全面配置示例65.用路由器构建网络安全体系66.远程异步登陆Cisco 路由器67.路由器内的安全认证68.Call Back 命令解析69.张家口交通局及其收费站信息化案例70.APPN配置方法(包括DLSW)71.Cisco 2511 拨入配置72.SNA透过帧中继传输实例73.通过SSH实现Cisco路由器登录74.一个Snapshot配置的实例75.一个典型的PRI信令落地网关的配置（基于AS5300）76.一个典型的R2(中国一号)信令上车网关的配置（基于AS5300）77.Cisco 路由器动态和静态地址转换78.两端口路由器地址转换的例子79.Cat 6509 NAT 实例80.实战手记之高级NAT（Checkpoint）81.实战手记之PPOE+NAT82.代理服务器、路由器配置案例83.配置Cisco 路由器中的Modem84.Cisco 路由器AUX 背对背配置实例85.Cisco 路由器备份配置语句说明86.MPLS 配置实例87.Tunnel的具体配置88.IP Sec VPN 配置实例89.STM-1的配置及有关SDH90.透明桥的配置实例91.VOIP 配置解析92.CISCO7200路由器MultiChannel配置介绍93.Call Back 配置语句解析94.3550 配置清单95.3550 EMI DHCP 服务器配置96.3640的CE1划分绑定及做3层97.3640 远程接入配置98.Cisco 2500 远程接入服务器配置99.Cisco 路由器安全基础100.BGP 配置案例101.Cisco 7010 与 5509的HSRP配置实例102.IP 路由协议的配置实例103.7206路由器升级104.7500路由器升级105.7507路由器内存升级106.在IOS环境下配置DHCP服务(6500)107.Native IOS 使用心得1.用户通过DDN专线接入ISP对于一个局域网的外连,有很多种方式DDN专线就是其中的一种（具体外连方式请见网络基础部分）.在下面的实例中介绍了蓝色家园内部局域网接入当地ISP的配置.蓝色家园内部局域网：10.1.8.0/24蓝色家园路由器的Ethernet 0:10.1.8.1/24Serial 0: 192.168.0.1/30ISP路由器Serial 0: 192. 168.0.2/30具体拓扑图如下:也许Cisco操作系统的玄虚性以及其在市场中的占有率,决定了人们对其技术的一种仰慕,甚至想把自己的技术奋斗目标与Cisco 绑定.但是,技术总归是技术,一切都是从头开始的.下面给出蓝色家园路由器的基本配置1.route>en 进入特权状态2.route#config t 通过端口进行配置3.在配置状态下给出E0/S0的IP地址#int e0/0#ip add 10.1.8.1 255.255.255.0#no shut#int s0/0#ip add 192.168.0.1 255.255.255. 252#en ppp (允许在专线上发送ppp包,如果不写,对于两端都是Cisco路由器是没问题的,会默认为Cisco 自己的打包方式)# no shut4.给出蓝色家园到ISP的路由,因为蓝色家园只有一个出路,所以给出静态路由#ip route 0.0.0.0 0.0.0.0 192. 168.0.2或者#ip route 0.0.0.0 0.0.0.0 seri al 05.为了保证远程管理的Telnet 必须给出登陆用户#line vty 0 4#password bluegarden6.Ctrl+Z退出特权配置状态wr将配置写入路由器即可当然以上只是一个基本配置,能够保证数据通道的畅通.但是并没有充分利用路由器的功能,例如:NAT、安全等等。

思科交换机vrrpmstp配置实例一、组网需求1、witcha、witchb选用两台锐捷的5750；witchc、hwichd选用锐捷的3750和37602、全网共有两个业务vlan,为vlan10、vlan203、Switcha、witchb都分别对两vlan起用两vrrp组，实现两组的业务的负载分担和备份。

4、Switcha、witchb、witchc、witchd都起用mtp多生成数协议，并且所有设备都属于同一个mt域，且实例映射一致（vlan10映射实例1、vlan20映射实例2其他vlan映射默认实例0）。

5、Vlan10业务以witcha为根桥；vlan20业务以witchb为根桥；实现阻断网络环路，并能实现不同vlan数据流负载分担功能。

二、组网图三、配置步骤Switcha配置：1#howrunBuildingconfiguration...Currentconfiguration:1651byte!verionRGNOS10.2.00(2),Releae(29287)(TueDec2520:39:14CST2007-ngcf49)hotname1co-operateenable!!!vlan1!vlan10!vlan20!!noervicepaword-encryption!panning-tree开启生成树（默认为mtp）panning-treemtconfiguration进入mt配置模式reviion1指定MSTreviionnumber为1nameregion1指定mt配置名称intance0vlan1-9,11-19,21-4094缺省情况下vlan都属于实例0intance1vlan10手工指定vlan10属于实例1intance2vlan20手工指定vlan20属于实例2panning-treemt1priority0指定实例1的优先级为0（为根桥）panning-treemt2priority4096指定实例2的优先级为4096interfaceGigabitEthernet0/1witchportaccevlan10配置g0/1属于vlan10! interfaceGigabitEthernet0/2witchportaccevlan20配置g0/2属于vlan20!interfaceGigabitEthernet0/3!..interfaceGigabitEthernet0/24设置g0/24为trunk接口且允许vlan10/20通过witchportmodetrunk!interfaceVLAN10创建vlan10vi接口ipaddre192.168.10.1255.255.255.0配置ip地址vrrp1priority120配置vrrp组1优先级为120vrrp1ip192.168.10.254配置vrrp组1虚拟ip地址为192.168.10.254!interfaceVLAN20创建vlan20vi接口ipaddre192.168.20.1255.255.255.0配置ip地址vrrp2ip192.168.20.254配置vrrp组2虚拟ip地址为192.168.20.254默认vrrp组的优先级为100默认不显示!linecon0linevty04login1#howvlanVLANNameStatuPort-------------------------------------------------------------------------------1VLAN0001STATICGi0/3,Gi0/4,Gi0/5,Gi0/6Gi0/7,Gi0/8,Gi0/9,Gi0/10Gi0/11,Gi0/12,Gi0/13,Gi0/14Gi0/15,Gi0/16,Gi0/17,Gi0/18Gi0/19,Gi0/20,Gi0/21,Gi0/22Gi0/23,Gi0/2410VLAN0010STATICGi0/1,Gi0/2420VLAN0020STATICGi0/2,Gi0/24Switchb配置：2#howrunBuildingconfiguration...Currentconfiguration:1607byte!verionRGNOS10.2.00(2),Releae(27932)(ThuDec1310:32:09CST2007-ngcf31)hotname2!!!vlan1!vlan10!vlan20!!noervicepaword-encryption!panning-treepanning-treemtconfigurationreviion1nameregion1intance0vlan1-9,11-19,21-4094intance1vlan10intance2vlan20panning-treemt1priority4096panning-treemt2priority0interfaceGigabitEthernet0/1witchportaccevlan10!interfaceGigabitEthernet0/2witchportaccevlan20!..interfaceGigabitEthernet0/24witchportmodetrunk! interfaceVLAN10ipaddre192.168.10.2255.255.255.0vrrp1ip192.168.10.254!interfaceVLAN20ipaddre192.168.20.2255.255.255.0vrrp2priority120vrrp2ip192.168.20.254!linecon0linevty04login!!end2#howvlanVLANNameStatuPort--------------------------------------------------------------------------------1VLAN0001STATICGi0/3,Gi0/4,Gi0/5,Gi0/6Gi0/7,Gi0/8,Gi0/9,Gi0/10Gi0/11,Gi0/12,Gi0/13,Gi0/14Gi0/15,Gi0/16,Gi0/17,Gi0/18Gi0/19,Gi0/20,Gi0/21,Gi0/22Gi0/23,Gi0/2410VLAN0010STATICGi0/1,Gi0/2420VLAN0020STATICGi0/2,Gi0/24Switchc配置：3#howrunBuildingconfiguration...Currentconfiguration:1540byte!verionRGNOS10.2.00(2),Releae(28794)(FriDec2109:27:15CST2007-ngcf32)hotname3!vlan10!!ervicepaword-encryption!panning-treepanning-treemtconfigurationreviion1nameregion1intance0vlan1-9,11-19,21-4094intance1vlan10intance2vlan20 panning-treemt1priority0panning-treemt2priority4096interfaceFatEthernet0/1witchportaccevlan10!interfaceFatEthernet0/2witchportaccevlan10!..interfaceGigabitEthernet0/25!interfaceGigabitEthernet0/26!interfaceGigabitEthernet0/27!interfaceGigabitEthernet0/28!interfaceVLAN10ipaddre192.168.10.3255.255.255.0!iproute0.0.0.00.0.0.0192.168.10.254!!linecon0linevty04loginSwitchd配置：Buildingconfiguration...Currentconfiguration:1066byte!verionRGNOS10.2.00(2),Releae(27932)(ThuDec1310:31:41CST2007-ngcf32)hotname4!vlan1!vlan20!!noervicepaword-encryption!panning-treepanning-treemtconfigurationreviion1nameregion1intance0vlan1-9,11-19,21-4094intance1vlan10intance2vlan20panning-treemt1priority4096panning-treemt2priority0interfaceGigabitEthernet0/1witchportaccevlan20!interfaceGigabitEthernet0/2witchportaccevlan20!..interfaceGigabitEthernet0/12!interfaceVLAN20ipaddre192.168.20.3255.255.255.0!!!!iproute0.0.0.00.0.0.0192.168.20.254!!linecon0linevty04login!四、查看vrrp、mtp信息Switcha信息：1#howvrrp查看vrrp信息VLAN10-Group1StateiMaterVirtualIPaddrei192.168.10.254configuredVirtualMACaddrei0000. 5e00.0101Advertiementintervali1ecPreemptionienabledmindelayi0ecP riorityi120MaterRouteri192.168.10.1(local),priorityi120MaterAdvertiemen tintervali1ecMaterDownintervali3ecVLAN20-Group2StateiBackup VirtualIPaddrei192.168.20.254configuredVirtualMACaddrei0000. 5e00.0102Advertiementintervali1ecPreemptionienabledmindelayi0ecP riorityi100MaterRouteri192.168.20.2,priorityi120MaterAdvertiementinterv ali1ecMaterDownintervali3ec1#1#1#1#howpanning-treeinterfacegigabitEthernet0/1查看g0/1接口tp 状态信息PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.00d0.f836.ed70PortDeignatedPort:800 1PortForwardTranition:6PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:deignatedPort######MST1vlanmapped:10PortState:forwardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:0001.00d0.f823.ef82PortDeignatedPort:800 1PortForwardTranition:5PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:rootPort######MST2vlanmapped:20PortState:forwardingPortPriority:128 PortDeignatedRoot:0002.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:1002.00d0.f836.ed70PortDeignatedPort:800 1PortForwardTranition:4PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:deignatedPort1#1#1#howpanning-treeinterfacegigabitEthernet0/2查看g0/2接口tp 状态信息PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.00d0.f836.ed70PortDeignatedPort:800 2PortForwardTranition:5PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST1vlanmapped:10PortState:forwardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:0001.00d0.f836.ed70PortDeignatedPort:800 2PortForwardTranition:4PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST2vlanmapped:20PortState:dicardingPortPriority:128 PortDeignatedRoot:0002.001a.a909.8fe0PortDeignatedCot:0 PortDeignatedBridge:0002.00d0.f8d7.ae12PortDeignatedPort:8002 PortForwardTranition:3PortAdminPathCot:20000PortOperPathCot: 20000PortRole:alternatePort1#1#1#howpanning-treeinterfacegigabitEthernet0/24g0/24接口tp状态信息PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.001a.a909.8fe0PortDeignatedPort:801 8PortForwardTranition:5PortAdminPathCot:20000PortOperPathCot:200 00PortRole:rootPort######MST1vlanmapped:10PortState:forwardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:0001.00d0.f836.ed70PortDeignatedPort:801 8PortForwardTranition:5PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST2vlanmapped:20PortState:forwardingPortPriority:128 PortDeignatedRoot:0002.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:0002.001a.a909.8fe0PortDeignatedPort:801 8PortForwardTranition:4PortAdminPathCot:20000PortOperPathCot:200 00PortRole:rootPort1#Switchb信息：2#howvrrpVLAN10-Group1StateiBackupVirtualIPaddrei192.168.10.254configuredVirtualMACaddrei0000. 5e00.0101Advertiementintervali1ecPreemptionienabledmindelayi0ecP riorityi100MaterRouteri192.168.10.1,priorityi120MaterAdvertiementinterv ali1ecMaterDownintervali3ecVLAN20-Group2StateiMaterVirtualIPaddrei192.168.20.254configuredVirtualMACaddrei0000. 5e00.0102Advertiementintervali1ecPreemptionienabledmindelayi0ecP riorityi120MaterRouteri192.168.20.2(local),priorityi120MaterAdvertiemen tintervali1ecMaterDownintervali3ec2#2#2#2#2#2#2#howpanning-treeinterfacegigabitEthernet0/1PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.001a.a909.8fe0PortDeignatedPort:800 1PortForwardTranition:1PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:deignatedPort######MST1vlanmapped:10PortState:forwardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:0001.00d0.f823.ef82PortDeignatedPort:800 2PortForwardTranition:2PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:rootPort######MST2vlanmapped:20PortState:forwardingPortPriority:128PortDeignatedBridge:0002.001a.a909.8fe0PortDeignatedPort:800 1PortForwardTranition:1PortAdminPathCot:200000PortOperPathCot:20 0000PortRole:deignatedPort2#2#2#2#howpanning-treeinterfacegigabitEthernet0/2PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.001a.a909.8fe0PortDeignatedPort:800 2PortForwardTranition:1PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST1vlanmapped:10PortState:forwardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:1001.001a.a909.8fe0PortDeignatedPort:800 2PortForwardTranition:2PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST2vlanmapped:20PortState:forwardingPortPriority:128PortDeignatedBridge:0002.001a.a909.8fe0PortDeignatedPort:800 2PortForwardTranition:1PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort2#2#2#2#2#howpanning-treeinterfacegigabitEthernet0/24PortAdminPortFat:DiabledPortOperPortFat:DiabledPortAdminAuto Edge:EnabledPortOperAutoEdge:DiabledPortAdminLinkType:auto PortOperLinkType:point-to-pointPortBPDUGuard:DiabledPortBPDUFilter:Diabled######MST0vlanmapped:1-9,11-19,21-4094PortState:forwardingPortPriority:128PortDeignatedRoot:8000.001a.a909.8fe0PortDeignatedCot:0PortDeignatedBridge:8000.001a.a909.8fe0PortDeignatedPort:801 8PortForwardTranition:1PortAdminPathCot:20000PortOperPathCot:200 00PortRole:deignatedPort######MST1vlanmapped:10PortState:dicardingPortPriority:128 PortDeignatedRoot:0001.00d0.f823.ef82PortDeignatedCot:0PortDeignatedBridge:0001.00d0.f836.ed70PortDeignatedPort:801 8PortForwardTranition:1PortAdminPathCot:20000PortOperPathCot:200 00PortRole:alternatePort。

Cisco 2811企业网络配置案例网络, Cisco, 企业一、DHCP服务1．全局地址池地址池名称：global地址段：192.168.0.0 255.255.255.0默认网关：192.168.0.1DNS：202.106.0.20，202.106.116.1地址租期：3天ip dhcp pool globalnetwork 192.168.0.0 255.255.255.0default-router 192.168.0.1dns-server 202.106.0.20 202.106.116.1lease 32．固定地址池为每个员工建立一个DHCP 地址池，并根据员工姓名对地址池进行命名，根据MAC地址进行IP地址分配，如：ip dhcp pool staffnameAhost 192.168.0.11 255.255.255.0client-identifier 0108.0046.0ef8.aeip dhcp pool staffnameBhost 192.168.0.12 255.255.255.0client-identifier 0100.115b.518c.a2注意，在MAC地址前面多了个01，然后每4位用一个点分隔。

3．未分配的IP地址地址段：192.168.0.60 到192.168.0.254ip dhcp excluded-address 192.168.0.60 192.168.0.254二设置IP地址与MAC地址绑定绑定特权IP地址与MAC地址的关系，保证特权IP不被占用。

arp 192.168.0.2 0000.e897.444c ARPAarp 192.168.0.3 0000. 00e8.9734 ARPA…………绑定其他IP地址与MAC地址的关系，保证IP不被盗用。

arp 192.168.0.9 ef00.abcd.4444 ARPA……………………arp 192.168.0.254 ef00.abcd.4444 ARPA三、PAT转换访问控制列表100的策略：允许192.168.0.2、192.168.0.3、192.168.0.4、192.168.0.5、192.168.0.6、192.168.0.7、192.168.0.8七个特权地址任意访问公网。

二层交换机配置案例（配置2层交换机可远程管理）：Switch>Switch>en进入特权模式Switch#config进入全局配置模式Switch(config)#hostname2ceng更改主机名为2ceng2ceng(config)#interfacevlan1进入VLAN12ceng(config-if)#noshut激活VLAN12ceng(config-if)#exit退出到全局配置模式2ceng(config)#interfacevlan2创建VLAN22ceng(config-if)#noshut激活VLAN22ceng(config-if)#exit退出到全局配置模式2ceng(config)#interfacevlan3创建VLAN32ceng(config-if)#noshut激活VLAN32ceng(config-if)#ipaddress2ceng(config-if)#exit2ceng(config)#interfacerangefa0/1-122ceng(config-if-range)#exit2ceng(config)#interfacerangefa0/13-23telnet2ceng(config)#exit2ceng#wr保存配置Buildingconfiguration...[OK]三层（或多层）交换机配置实例：Switch>Switch>enSwitch#configConfiguringfromterminal,memory,ornetwork[terminal]? Enterconfigurationcommands,oneperline.EndwithCNTL/Z. Switch(config)#hostname3ceng3ceng(config)#interfacevlan13ceng(config-if)#noshut3ceng(config-if)#exit3ceng(config)#interfacevlan23ceng(config-if)#noshut3ceng(config-if)#exit3ceng(config)#interfacevlan33ceng(config-if)#noshut3ceng(config-if)#ipaddress3ceng(config-if)#descriptionguanli描述vlan3为管理3ceng(config-if)#exit3ceng(config)#interfacerangefa0/1-123ceng(config-if-range)#switchportmodeaccess3ceng(config-if-range)#switchaccessvlan13ceng(config-if-range)#exit3ceng(config)#interfacerangefa0/13-243ceng(config-if-range)#switchaccessvlan23ceng(config-if-range)#exit3ceng(config)#ipdhcppoolvlan1设置VLAN1DHCP3ceng(dhcp-config)#network设置DHCP的网段3ceng(dhcp-config)#dns-server设置3ceng(dhcp-config)#default-router设置3ceng(dhcp-config)#exit3ceng(config)#ipdhcppoolvlan23ceng(dhcp-config)#network3ceng(dhcp-config)#dns-server3ceng(config)#exit3ceng#wrBuildingconfiguration...[OK]。