|
说明
这是一个比较综合的实例,从拓扑图上可以看出,它所包含的设备和技术。以下对这个例子作些说明。
对于内部局域网,选用Cisco的Catalyst 6506作为中心交换机,二级交换采用Catalyst 3500,同时为了说明Trunk,又加了一个Catalyst 2900 作为三级交换,对于终
端连接用了Catalyst 1900交换机,这样就可以在Catalyst 6506与Catalyst 3500之间以及Catalyst 3500与Catalyst 2900 之间建立Trunk,实现跨交换机的VLAN。
注:Catalyst 2900系列如果要实现Trunk,软件必须是企业版的。
对于外连上,主要是专线连接和拨号访问,当然种类比较多.包括了DDN、 ISDN、 Frame Relay、 E1 线路等。
本例给出设备的基本配置。
对于多设备的连接问题,值得注意的是路由问题,本实例外连部分采用静态路由而内部局域网采用动态路由. 在本例的帧中继配置中,运用了IP Unnumbered ,可以节省地址资源,有兴趣可以注意一下。
网络拓扑:
VLAN划分问题
对于交换设备本例中划到VLAN 1中,而对于外连设备的所有以太网端口,均划到VLAN 2中,下面给出各VLAN的名称和网关地址,本例划分8个VLAN.
VLAN ID VLAN Name Gateway
VLAN 1 Bluestudy 1 10.1.0.1/16
VLAN 2 Bluestudy 2 10.2.0.1/16
VLAN 3 Bluestudy 3 10.3.0.1/16
VLAN 4 Bluestudy 4 10.4.0.1/16
VLAN 5 Bluestudy 5 10.5.0.1/16
VLAN 6 Bluestudy 6 10.6.0.1/16
VLAN 7 Bluestudy 7 10.7.0.1/16
VLAN 8 Bluestudy 8 10.8.0.1/16
Catalyst 6506 的配置
Enter password:
enable
Enter password:
config t
set system name Bluestudy
set time 10/30/2000 9:30:00
set password
set enablepass
set interface sc0 10.1.0.2/16
set ip route default 10.1.0.1
set ip dns server 10.1.0.100
set ip dns domain bluestudy.com
set ip dns enable
set vtp domain bluestudy mode server
set vlan 1 name Bluestudy 1
set vlan 2 name Bluestudy 2
set vlan 3 name Bluestudy 3
set vlan 4 name Bluestudy 4
set vlan 5 name Bluestudy 5
set vlan 6 name Bluestudy 6
set vlan 7 name Bluestudy 7
set vlan 8 name Bluestudy 8
set port negotiation 2/1-8 enable
set port name 2/1-8 GEC 802.1Q Trunk
set trunk 2/1-8 desirable dot1q
set port speed 2/1-8 1000
set vlan 1 3/1-48
对于6506的交换机方面的配置只需做出Trunk即可,因为要实现跨交换机之间的虚网,下面配置6506的路由模块,因为6506的路由模块现在与管理引擎模块集成在了一起,所以,默认命令是:Session 15 ,详情请见 6506 路由设置.
Catalyst 6506RSM模块的配置
(enable) session 15
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
enable
configure terminal
hostname bluestudy
enable password password
line vty 0 6
password secret_word
ip domain-name bluestudy.com
ip name-server 10.1.0.100
interface vlan 1
ip address 10.1.0.1 255.255.0.0
no shutdown
interface vlan 2
ip address 10.2.0.1 255.255.0.0
no shutdown
interface vlan 3
ip address 10.3.0.1 255.255.0.0
no shutdown
interface vlan 4
ip address 10.4.0.1 255.255.0.0
no shutdown
interface vlan 5
ip address 10.5.0.1 255.255.0.0
no shutdown
interface vlan 6
ip address 10.6.0.1 255.255.0.0
no shutdown
interface vlan 7
ip address 10.7.0.1 255.255.0.0
no shutdown
interface vlan 8
ip address 10.8.0.1 255.255.0.0
no shutdown
router rip
version 2
network 10.0.0.0
ip route 0.0.0.0 0.0.0.0 10.2.0.12
ip route 192.168.2.0 255.255.255.0 10.2.0.13
ip route 192.168.3.0 255.255.255.240 10.2.0.11
ip route 192.168.4.0 255.255.255.0 10.2.0.11
ip route 192.168.5.0 255.255.255.0 10.2.0.11
ip route 192.168.6.0 255.255.255.0 10.2.0.11
copy running-config startup-config
Building configuration...
[OK]
这里给出的是单纯的命令行,略去了一些默认状况的设置.
Catalyst 3500 的配置
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 10.1.0.4 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
interface Ethernet1/1(与2900对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/2(与1900 A对接)
switchport access VLAN 3
no shut
!
interface Ethernet1/3(与1900 B对接)
switchport access VLAN 4
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
(打开简单的网络管理,便于以后,Cisco 网管软件识别和管理)
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
end
Catalyst 2900 的配置
2900的配置与3500的相似,命令如下
hostname bluestudy
!
enable password password
!
username bluestudy password password
username test password password
!
省略端口的显示
!
interface Ethernet0/1(与3500对接)
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface VLAN1
ip address 10.1.0.3 255.255.0.0
ip helper-address 10.1.0.100
ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.1.0.1
!
interface Ethernet0/2(与1900 C对接)
switchport access VLAN 5
no shut
!
interface Ethernet0/3(与1900 D对接)
switchport access VLAN 6
no shut
!
snmp-server engineID local 000000090200000216BE4E80
snmp-server community public RO
snmp-server community private RW
snmp-server chassis-id 0x17
!
line con 0
login local
transport input none
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
end
Cisco Catalyst 1900 的配置
对于1900的配置就相对容易得多了
只需在enable 状态下键入 Setup 就会进入配置向导
给出交换机的
IP地址:10.3.0.5
掩码:255.255.0.0
网关:10.3.0.1
就可以了,另外应该打开简单的网络管理协议SNMP
snmp-server community public RO
snmp-server community private RW
即可
PIX 520A的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix_A
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
logging monitor debugging
logging buffered debugging
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 192.168.0.1 255.255.255.252
ip address inside 10.2.0.13 255.255.0.0
arp timeout 14400
nat (inside ) 0 192.168.0.0 255.255.255.252
rip outside passive
no rip outside default
no rip inside passive
rip inside default
route outside 192.168.2.0 255.255.255.0 192.168.0.2
route inside 0.0.0.0 0.0.0.0 10.2.0.1
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolut
esnmp-server community public RO
snmp-server community private RW
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0
Cisco 2610A 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610A
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 192.168.0.2 255.255.255.252
no shut
!
interface Serial0/0
ip address 192.168.0.5 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.2.0 255.255.255.0 192.168.0.6
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
end
Cisco 1603的配置
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 1603
!
enable secret password
enable password password
!
memory-size iomem 25
ip subnet-zero
!
interface Serial0
ip address 192.168.0.6 255.255.255.252
no ip directed-broadcast
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
no ip unreachables
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 s0
no ip http server
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
password password
transport input none
line aux 0
line vty 0 4
password password
login
!
no scheduler allocate
end
PIX 520B的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix520_B
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.108.66.97 255.255.255.248
ip address inside 10.2.0.12 255.255.0.0
arp timeout 14400
global (outside) 1 202.108.66.100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 202.109.77.98
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0
Cisco 2610B 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610B
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 202.108.66.98 255.255.255.248
no shut
!
interface Serial0/0
ip address 202.108.8.1 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 202.108.8.2
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
end
Cisco 2610c 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
!
hostname 2610C
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
ip address-pool local
isdn switch-type basic-net3
interface Ethernet0
ip address 10.2.0.11 255.255.0.0
!
interface Serial0
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy1
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
interface Serial0.2 point-to-point
description Frame Relay to bluestudy2
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
interface BRI1/0
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/1
ip address 192.168.3.1 255.255.255.240
encapsulation ppp
timeout absolute 60 0
dialer idle-timeout 3600
dialer-group 1
isdn switch-type basic-net3
peer default ip address pool default
ppp authentication chap pap callin
!
interface BRI1/2
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
no peer default ip address
!
ip local pool default 192.168.3.3 192.168.3.14
ip http server
ip classless
ip route 192.168.5.0 255.255.255.0 serial0.1
ip route 192.168.4.0 255.255.255.0 serial0.2
ip route 0.0.0.0 0.0.0.0 10.2.0.1
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
line con 0
password console
login
line aux 0
line vty 0 4
password telnet
login
!
end
Cisco 1720A 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.5.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy1
login
!
end
Cisco 1720B 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy2
login
!
end
Lucent MAX 6000
对于阵列式访问服务器(朗讯的MAX 6000),可以起到小型ISP的作用,如果作了Callback的配置,那么员工就可以在家里也能够登陆到公司的网络。而且,因为E1线路通常是包月的,因此,可以省去员工的上网费用,当然也可以通过计费费软件,适当收费,实现以网养网。
对于其配置只要将大于30个IP地址加入地址池中,然后将所有路由指向中心交换机即可。
对于MAX6000的配置,通常是菜单形式的,可以根据向导进行配置。
在此,省略其配置。
但是,以前遇到一个问题,MAX 6000接入中心交换机(3Com 3500)时,将其路由指向3500,而3500也将拨入用户网络指向MAX 6000,但是产生如下现象
现象如下:
1.由MAX6000拨入的192.168.6.0网络与内部网络10.0.0.0 通讯正常,但是却不能与其他专线连接的网络(如:192.168.2.0)通讯.而路由指向与上述相同.
2.中心交换机是6500的时候,这些问题就解决了,怀疑是3500的错误,但是,当将MAX 6000的网络指向2610 A,同时,2610 A也将路由指向MAX 6000,在MAX 6000上Traceroute却连192.168.0.6都到不了.最终的解决办法就是,将192.168.6.0/24改成10.2.8.0/16,即给拨入用户直接分配内部地址,这就不存在路由问题了,所以,都可以正常通讯,不知是何原因.
网络管理
对于Cisco的网管软件的使用上是比较简单的。
在安装CWSI时,只要给出一个种子点的IP地址(如:中心交换机的IP:10.1.0.2)就可以了,在安装完软件以后,利用自动搜寻功能就可以找到网络中连接的Cisco设备了。同时,也要选择相应的数据库,对于PIX 520、Catalyst 6500、Catalyst 3500等要向代理要补丁包。因为没有补丁包网管软件连6500的模块都不能识别。
至于一些应用功能,只要参照使用手册看看就可以了。
但是,前提就是要安装 HP OpenView 等操作平台
对于CiscoView 的功能要简单得多,前台也可以安装SNMPS
而Cwsi 包含Cisco View。
|
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)