打印

一个典型的配置案例

本主题由网络小菜鸟于 2008-12-21 00:52 移动

cliffy

道者

Rank: 5 Rank: 5

UID: 81510
帖子: 406
精华: 0
积分: 1741
威望: 644
金币: 2754
奖学金: 24
宣传币: 0
贡献值: 6
下载值: 1056
是否在职
阅读权限: 50
注册时间: 2008-3-27

热忱奖金牛座忠诚勋章奖

1^# 大中小发表于 2008-8-5 16:18 只看该作者

一个典型的配置案例

一，二楼交换机配置
1#2#_cisco2950#show run
Building configuration...
Current configuration : 1927 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 1#2#_cisco2950
!
enable password jyjxs
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 2
!
interface FastEthernet0/9
switchport access vlan 2
!
interface FastEthernet0/10
switchport access vlan 2
!
interface FastEthernet0/11
switchport access vlan 2
!
interface FastEthernet0/12
switchport access vlan 2
!
interface FastEthernet0/13
switchport access vlan 2
!
interface FastEthernet0/14
switchport access vlan 2
!
interface FastEthernet0/15
switchport access vlan 2
!
interface FastEthernet0/16
switchport access vlan 2
!
interface FastEthernet0/17
switchport access vlan 2
!
interface FastEthernet0/18
switchport access vlan 2
!
interface FastEthernet0/19
switchport access vlan 2
!
interface FastEthernet0/20
switchport access vlan 2
!
interface FastEthernet0/21
switchport access vlan 2
!
interface FastEthernet0/22
switchport access vlan 2
!
interface FastEthernet0/23
switchport access vlan 2
!
interface FastEthernet0/24
switchport access vlan 2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 192.168.2.2 255.255.255.192
no ip route-cache
!
interface Vlan3
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
privilege level 15
password jyjxs
login
line vty 5 15
login
!
!
end
三，四楼交换机配置：
3#4#_cisco2950#show run
Building configuration...
Current configuration : 1927 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3#4#_cisco2950
!
enable password jyjxs
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 3
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
switchport access vlan 3
!
interface FastEthernet0/4
switchport access vlan 3
!
interface FastEthernet0/5
switchport access vlan 3
!
interface FastEthernet0/6
switchport access vlan 3
!
interface FastEthernet0/7
switchport access vlan 3
!
interface FastEthernet0/8
switchport access vlan 3
!
interface FastEthernet0/9
switchport access vlan 3
!
interface FastEthernet0/10
switchport access vlan 3
!
interface FastEthernet0/11
switchport access vlan 3
!
interface FastEthernet0/12
switchport access vlan 3
!
interface FastEthernet0/13
switchport access vlan 3
!
interface FastEthernet0/14
switchport access vlan 3
!
interface FastEthernet0/15
switchport access vlan 3
!
interface FastEthernet0/16
switchport access vlan 3
!
interface FastEthernet0/17
switchport access vlan 3
!
interface FastEthernet0/18
switchport access vlan 3
!
interface FastEthernet0/19
switchport access vlan 3
!
interface FastEthernet0/20
switchport access vlan 3
!
interface FastEthernet0/21
switchport access vlan 3
!
interface FastEthernet0/22
switchport access vlan 3
!
interface FastEthernet0/23
switchport access vlan 3
!
interface FastEthernet0/24
switchport access vlan 3
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
interface Vlan3
ip address 192.168.3.2 255.255.255.192
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
privilege level 15
password jyjxs
login
line vty 5 15
login
!
!
end
核心交换机cisco3560配置：
SX_JYJ_cisco3560#
SX_JYJ_cisco3560#
SX_JYJ_cisco3560#show run
Building configuration...
Current configuration : 1989 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SX_JYJ_cisco3560
!
enable password jyjxs
!
username SX_JYJ_cisco3560
username sxjyj password 0 jyjxs
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 3
!
interface FastEthernet0/6
switchport access vlan 3
!
interface FastEthernet0/7
switchport access vlan 4
!
interface FastEthernet0/8
switchport access vlan 4
!
interface FastEthernet0/9
switchport access vlan 4
!
interface FastEthernet0/10
switchport access vlan 4
!
interface FastEthernet0/11
switchport access vlan 4
!
interface FastEthernet0/12
switchport access vlan 4
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description TO_ShangLian
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
description TO_1#2#BanGong
ip address 192.168.2.1 255.255.255.192
!
interface Vlan3
description TO_3#4#BanGong
ip address 192.168.3.1 255.255.255.192
!
interface Vlan4
description TO_FuWuQiQuan
ip address 192.168.4.1 255.255.255.192
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
privilege level 15
password jyjxs
login
line vty 5
no login
line vty 6 15
login
!
end

H3C18-23-1路由器配置：
Username:jyjsx
Password:
<Quidway>dis curr
#
sysname Quidway
#
connection-limit disable
connection-limit default action deny
connection-limit default amount 50 20
#
web set-package force flash:/http.zip
#
ip http acl 2000
#
ip http remote-port 8888
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
local-user jyjsx
password cipher 3HB+Ma2$V7/Q=^Q`MAF4<1!!
service-type telnet
level 3
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.255.255
rule 1 deny
#
acl number 3333
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
rule 14 deny udp destination-port eq 1433
rule 15 deny tcp destination-port eq 4444
rule 16 deny tcp destination-port eq 9996
rule 17 deny tcp destination-port eq 5554
rule 18 deny udp destination-port eq 9996
rule 19 deny udp destination-port eq 5554
rule 20 deny tcp destination-port eq 137
rule 21 deny tcp destination-port eq 138
rule 22 deny tcp destination-port eq 1025
rule 23 deny udp destination-port eq 1025
rule 24 deny tcp destination-port eq 9995
rule 25 deny udp destination-port eq 9995
rule 26 deny tcp destination-port eq 1068
rule 27 deny udp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
rule 29 deny udp destination-port eq 1023
rule 30 permit icmp icmp-type echo
rule 31 permit icmp icmp-type echo-reply
rule 32 permit icmp icmp-type ttl-exceeded
rule 33 deny icmp
#
interface Ethernet1/0
ip address 220.180.8.154 255.255.255.252
firewall packet-filter 3333 inbound
nat outbound 2001
nat server protocol tcp global 220.180.8.154 ftp inside 192.168.4.18 ftp
nat server protocol tcp global 220.180.8.154 www inside 192.168.4.18 www
#
interface Ethernet2/0
ip address dhcp-alloc
#
interface Ethernet3/0
ip address 192.168.1.1 255.255.0.0
#
interface Ethernet4/0
ip address dhcp-alloc
#
interface NULL0
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 220.180.8.153 preference 60
ip route-static 192.168.2.0 255.255.255.192 192.168.1.254 preference 60
ip route-static 192.168.3.0 255.255.255.192 192.168.1.254 preference 60
ip route-static 192.168.4.0 255.255.255.192 192.168.1.254 preference 60
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
set authentication password cipher 3HB+Ma2$V7/Q=^Q`MAF4<1!!
#
return