NA阶段综合练习
公司有三个部门:生产部门【黄色】(150人)、综合部门【粉色】(60人)、IT部门【红色】(15人)。现搭建网络有以下要求:
- 所有PC自动获取IP地址后可以正常上网。
- 不同部门之间的广播报文需要被隔离。
- 其中生产部门要求高可靠性
- 仅运维部网络管理员可以管理所有网络设备
- 提高互联网出口的可靠性,申请两条线路上网(电信为主、移动为备)。
解答
- 所有PC自动获取IP地址后可以正常上网。【生产部门可靠性包含在内】
设备的基础配置
R1
//R1 [R1]INT G0/0/1 [R1-GigabitEthernet0/0/1]IP ADD 13.1.1.1 24 [R1]INT G0/0/0 [R1-GigabitEthernet0/0/0]IP ADD 12.1.1.1 24 [R1]INT G2/0/0 [R1-GigabitEthernet2/0/0]IP ADD 10.12.12.1 24 [R1]INT G0/0/2 [R1-GigabitEthernet0/0/2]IP ADD 10.11.11.1 24
R2
[R2]INT G0/0/1 [R2-GigabitEthernet0/0/1]IP ADD 12.1.1.2 24 [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 24.1.1.1 24
R3
[R3]int g0/0/1 [R3-GigabitEthernet0/0/1]ip add 13.1.1.2 24 [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 34.1.1.1 24
R4
[R4]int g0/0/0 [R4-GigabitEthernet0/0/0]ip add 24.1.1.2 24 [R4]int g0/0/1 [R4-GigabitEthernet0/0/1]ip add 34.1.1.2 24
DHCP配置
//配置IP地址 [DHCP]int g0/0/0 [DHCP-GigabitEthernet0/0/0]ip add 10.4.1.2 24 //开启DHCP服务 [DHCP]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. //创建vlan 10 的地址池名称为Vlan10 [DHCP]ip pool vlan10 Info: It's successful to create an IP address pool. //Vlan10地址池DHCP进行配置 [DHCP-ip-pool-vlan10]dis this [V200R003C00] # ip pool vlan10 gateway-list 10.1.10.254 network 10.1.10.0 mask 255.255.255.0 excluded-ip-address 10.1.10.252 10.1.10.253 dns-list 114.114.114.114 //创建vlan 20 的地址池名称为Vlan20 [DHCP]ip pool vlan20 Info: It's successful to create an IP address pool. //Vlan20地址池DHCP进行配置 [DHCP-ip-pool-vlan20]dis this [V200R003C00] # ip pool vlan20 gateway-list 10.1.20.254 network 10.1.20.0 mask 255.255.255.0 excluded-ip-address 10.1.20.252 10.1.20.253 dns-list 114.114.114.114 //创建vlan 30 的地址池名称为Vlan30 [DHCP]ip pool vlan30 Info: It's successful to create an IP address pool. //Vlan30地址池DHCP进行配置 [DHCP-ip-pool-vlan30]dis this [V200R003C00] # ip pool vlan30 gateway-list 10.2.30.254 network 10.2.30.0 mask 255.255.255.0 dns-list 114.114.114.114 //创建vlan 40 的地址池名称为Vlan40 [DHCP]ip pool vlan40 Info: It's successful to create an IP address pool. //Vlan40地址池DHCP进行配置 [DHCP-ip-pool-vlan40]dis this [V200R003C00] # ip pool vlan40 gateway-list 10.2.40.254 network 10.2.40.0 mask 255.255.255.0 dns-list 114.114.114.114
//接口开启DHCP全局模式
[DHCP]int g0/0/0
[DHCP-GigabitEthernet0/0/0]dhcp select global//开启DHCP中继器
//SW3中继器配置
[SW3]dhcp enable
[SW3]int vlan 10
[SW3-Vlanif10]dhcp select relay
[SW3-Vlanif10]dhcp relay server-ip 10.4.1.2
[SW3]int vlan 20
[SW3-Vlanif20]dhcp select relay
[SW3-Vlanif20]dhcp relay server-ip 10.4.1.2
//SW4中继器配置
[SW4]dhcp enable
[SW4]int vlan 10
[SW4-Vlanif10]dhcp select relay
[SW4-Vlanif10]dhcp relay server-ip 10.4.1.2
[SW4]int vlan 20
[SW4-Vlanif20]dhcp select relay
[SW4-Vlanif20]dhcp relay server-ip 10.4.1.2
//SW5开启中继
[SW5]int Vlanif 30
[SW5-Vlanif30]dhcp select relay
[SW5-Vlanif30]dhcp relay server-ip 10.4.1.2
//单臂路由开启中继
[R6]dhcp enable
[R6]int g0/0/2.1
[R6-GigabitEthernet0/0/2.1]dhcp select relay
[R6-GigabitEthernet0/0/2.1]dhcp relay server-ip 10.4.1.2
二层交换机端口改trunk口,三层交换机与路由器相连接的端口改access口
SW1
//关闭STP
[SW1]stp disable
Warning: The global STP state will be changed. Continue? [Y/N]y
Info: This operation may take a few seconds. Please wait for a moment...done.
//核心层中间两条线为冗余线路,接口全都为trunk口 [SW1]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type trunk [SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all [SW1]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type trunk [SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all //核心层其他接口为acees口 [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 111 [SW1]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 41 [SW1]int g0/0/5 [SW1-GigabitEthernet0/0/5]port link-type access [SW1-GigabitEthernet0/0/5]port default vlan 113 [SW1]int g0/0/6 [SW1-GigabitEthernet0/0/6]port link-type access [SW1-GigabitEthernet0/0/6]port default vlan 114 [SW1]int g0/0/7 [SW1-GigabitEthernet0/0/7]port link-type access [SW1-GigabitEthernet0/0/7]port default vlan 215 [SW1]int g0/0/8 [SW1-GigabitEthernet0/0/8]port link-type access [SW1-GigabitEthernet0/0/8]port default vlan 315 [SW1]dis port vlan Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/1 access 113 - GigabitEthernet0/0/2 access 41 - GigabitEthernet0/0/3 trunk 1 1-4094 GigabitEthernet0/0/4 trunk 1 1-4094 GigabitEthernet0/0/5 access 113 - GigabitEthernet0/0/6 access 114 - GigabitEthernet0/0/7 access 215 - GigabitEthernet0/0/8 access 315 -
//创建VLAN [SW1]vlan batch 41 111 113 114 215 315 //配置SVI 41 ip地址 [SW1]int vlan 41 [SW1-Vlanif41]ip add 10.4.1.1 24 //配置SVI 111 ip地址 [SW1]int vlan 111 [SW1-Vlanif111]ip add 10.11.11.2 24 //配置SVI 113 ip地址 [SW1]int vlan 113 [SW1-Vlanif113]ip add 10.1.13.1 24 //配置SVI 114 ip地址 [SW1]int vlan 114 [SW1-Vlanif114]ip add 10.1.14.1 24 //配置SVI 215 ip地址 [SW1]int vlan 215 [SW1-Vlanif215]ip add 10.2.15.1 24 //配置SVI 315 ip地址 [SW1]int vlan 315 [SW1-Vlanif315]ip add 10.3.15.1 24
SW2
//关闭stp
[SW2]stp disab
Warning: The global STP state will be changed. Continue? [Y/N]y
Info: This operation may take a few seconds. Please wait for a moment...done.//核心层中间两条线为冗余线路,接口全都为trunk口 [SW2]int g0/0/3 [SW2-GigabitEthernet0/0/3]port link-type trunk [SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all [SW2]int g0/0/4 [SW2-GigabitEthernet0/0/4]port link-type trunk [SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all //核心层其他接口为acees口 [SW2]int g0/0/1 [SW2-GigabitEthernet0/0/1]port link-type access [SW2-GigabitEthernet0/0/1]port default vlan 121 [SW2]int g0/0/2 [SW2-GigabitEthernet0/0/2]port link-type access [SW2-GigabitEthernet0/0/2]port default vlan 123 [SW2]int g0/0/5 [SW2-GigabitEthernet0/0/5]port link-type access [SW2-GigabitEthernet0/0/5]port default vlan 124 [SW2]int g0/0/6 [SW2-GigabitEthernet0/0/6]port link-type access [SW2-GigabitEthernet0/0/6]port default vlan 225 [SW2]int g0/0/7 [SW2-GigabitEthernet0/0/7]port link-type access [SW2-GigabitEthernet0/0/7]port default vlan 325 [SW2]dis port vlan Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/1 access 121 - GigabitEthernet0/0/2 access 123 - GigabitEthernet0/0/3 trunk 1 1-4094 GigabitEthernet0/0/4 trunk 1 1-4094 GigabitEthernet0/0/5 access 124 - GigabitEthernet0/0/6 access 225 - GigabitEthernet0/0/7 access 325 -
//创建VLAN [SW2]vlan batch 121 123 124 225 325 //配置SVI 121 ip地址 [SW2]int vlan 121 [SW2-Vlanif121]ip add 10.12.12.2 24 //配置SVI 123 ip地址 [SW2]int vlan 123 [SW2-Vlanif123]ip add 10.1.23.1 24 //配置SVI 124 ip地址 [SW2]int vlan 124 [SW2-Vlanif124]ip add 10.1.24.1 24 //配置SVI 225 ip地址 [SW2]int vlan 225 [SW2-Vlanif225]ip add 10.2.25.1 24 //配置SVI 325 ip地址 [SW2]int vlan 325 [SW2-Vlanif325]ip add 10.3.25.1 24
SW3
//创建VLAN [SW3]vlan batch 10 20 113 123 //配置SVI 113 ip地址 [SW3]int vlan 113 [SW3-Vlanif113]ip add 10.1.13.2 24 //配置SVI 123 ip地址 [SW3]int vlan 123 [SW3-Vlanif123]ip add 10.1.23.2 24 //配置SVI 10 ip地址 [SW3]interface vlan 10 [SW3-Vlanif10]ip add 10.1.10.252 24 //配置VRRP VRID 10 为master [SW3-Vlanif10]vrrp vrid 10 virtual-ip 10.1.10.254 [SW3-Vlanif10]vrrp vrid 10 priority 11 //VRPP缺陷设置 [SW3-Vlanif10]vrrp vrid 10 track interface g0/0/1 reduced 20 [SW3-Vlanif10]vrrp vrid 10 track interface g0/0/2 reduced 20 //配置SVI 20 ip地址 [SW3]int vlan 20 [SW3-Vlanif20]ip add 10.1.20.252 24 //配置VRRP VRID 20 [SW3]int vlan 20 [SW3-Vlanif20]vrrp vrid 20 virtual-ip 10.1.20.254
//G001接口设置接口类型为access [SW3-GigabitEthernet0/0/1]dis this # interface GigabitEthernet0/0/1 port link-type access port default vlan 113 # return //G002接口设置接口类型为access [SW3-GigabitEthernet0/0/2]dis this # interface GigabitEthernet0/0/2 port link-type access port default vlan 123 # return //配置聚合接口聚合g005与g004 [SW3]int Eth-Trunk 11 [SW3-Eth-Trunk11]mode lacp-static [SW3-Eth-Trunk11]trunkport g0/0/4 [SW3-Eth-Trunk11]trunkport g0/0/5 //聚合接口Eth-trunk 11 设置为trunk口 [SW3]int Eth-Trunk 11 [SW3-Eth-Trunk11]dis this interface Eth-Trunk11 port link-type trunk port trunk allow-pass vlan 2 to 4094 mode lacp-static //g005修改为trunk口 [SW3]int g0/0/5 [SW3-GigabitEthernet0/0/5]port link-type trunk [SW3-GigabitEthernet0/0/5]port trunk allow-pass vlan all
SW4
//创建VLAN [SW4]vlan batch 10 20 114 215 //配置SVI 10 ip地址 [SW4]int vlan 10 [SW4-Vlanif10]ip add 10.1.10.253 24 //配置VRRP VRID 10 [SW4-Vlanif10]vrrp vrid 10 virtual-ip 10.1.10.254 //配置SVI 20 ip地址 [SW4]int vlan 20 [SW4-Vlanif20]ip add 10.1.20.253 24 //配置VRRP VRID 20 master [SW4-Vlanif20]vrrp vrid 20 virtual-ip 10.1.20.254 [SW4-Vlanif20]vrrp vrid 20 priority 110 //VRPP缺陷设置 [SW4-Vlanif20]vrrp vrid 20 track interface g0/0/1 reduced 20 [SW4-Vlanif20]vrrp vrid 20 track interface g0/0/2 reduced 20 //配置SVI 114 ip地址 [SW4]int vlan 114 [SW4-Vlanif114]ip add 10.1.14.2 24 //配置SVI 124 ip地址 [SW4]int vlan 124 [SW4-Vlanif124]ip add 10.1.24.2 24
//G001接口设置接口类型为access [SW4-GigabitEthernet0/0/1]dis this # interface GigabitEthernet0/0/1 port link-type access port default vlan 114 # return //G002接口设置接口类型为access [SW4-GigabitEthernet0/0/2]dis this # interface GigabitEthernet0/0/2 port link-type access port default vlan 124 # return //配置聚合接口聚合g005与g004 [SW4]int Eth-Trunk 11 [SW4-Eth-Trunk11]mode lacp-static [SW4-Eth-Trunk11]trunkport g0/0/3 [SW4-Eth-Trunk11]trunkport g0/0/4 //聚合接口Eth-trunk 11 设置为trunk口 [SW4]int Eth-Trunk 11 [SW4-Eth-Trunk11]port link-type trunk [SW4-Eth-Trunk11]port trunk allow-pass vlan all //g005修改为trunk口 [SW4]int g0/0/5 [SW4-GigabitEthernet0/0/5]port link-type trunk [SW4-GigabitEthernet0/0/5]port trunk allow-pass vlan all
查看VRRP的状态
SW5
//创建VLAN [SW5]vlan batch 30 215 225 //配置SVI 30 ip地址 [SW5]int vlan 30 [SW5-Vlanif30]ip add 10.2.30.254 24 //配置SVI 215 ip地址 [SW5]int vlan 215 [SW5-Vlanif215]ip add 10.2.15.2 24 //配置SVI 225 ip地址 [SW5]int vlan 225 [SW5-Vlanif225]ip add 10.2.25.2 24
//g001修改为access口 [SW5-GigabitEthernet0/0/1]dis this # interface GigabitEthernet0/0/1 port link-type access port default vlan 215 # return //g002修改为access口 [SW5-GigabitEthernet0/0/2]dis this # interface GigabitEthernet0/0/2 port link-type access port default vlan 225 # return //g003修改为trunk口 [SW5]int g0/0/5 [SW5-GigabitEthernet0/0/5]port link-type trunk [SW5-GigabitEthernet0/0/5]port trunk allow-pass vlan all
R6单臂路由与SW8
//单臂路由操作 //与SW相连接的接口 [R6]int g0/0/2 [R6-GigabitEthernet0/0/2]undo shutdown Info: Interface GigabitEthernet0/0/2 is not shutdown. //配置虚拟接口为VLAN40的网关 [R6]int g0/0/2.1 [R6-GigabitEthernet0/0/2.1]dot1q ter vid 40 [R6-GigabitEthernet0/0/2.1]ip add 10.2.40.254 24 [R6-GigabitEthernet0/0/2.1]arp broadcast enable //R6g000配置IP地址 [R6]int g0/0/0 [R6-GigabitEthernet0/0/0]ip add 10.3.15.2 24 //R6g001配置IP地址 [R6]int g0/0/1 [R6-GigabitEthernet0/0/1]ip add 10.3.25.2 24 //与单臂路由R6相连接的SW8操作 //SW8创建VLAN 40 [SW8]vlan 40 //修改与单臂路由相连接的接口为trunk口 [SW8]int e0/0/1 [SW8-Ethernet0/0/1]port link-type trunk [SW8-Ethernet0/0/1]port trunk allow-pass vlan all //修改e0/0/2为access接口,允许通过VLAN 40 [SW8]int e0/0/2 [SW8-Ethernet0/0/2]port link-type access [SW8-Ethernet0/0/2]port default vlan 40
SW6
//创建VLAN 10 20 [SW6]vlan batch 10 20 //e001接口为trunk接口 [SW6]int e0/0/1 [SW6-Ethernet0/0/1]port link-type trunk [SW6-Ethernet0/0/1]port trunk allow-pass vlan all //e002接口为trunk接口 [SW6]int e0/0/2 [SW6-Ethernet0/0/2]port link-type trunk [SW6-Ethernet0/0/2]port trunk allow-pass vlan all //e003接口为access接口,允许通过10 [SW6]int e0/0/3 [SW6-Ethernet0/0/3]port link-type access [SW6-Ethernet0/0/3]port default vlan 10 //e004接口为access接口,允许通过20 [SW6]int e0/0/4 [SW6-Ethernet0/0/4]port link-type access [SW6-Ethernet0/0/4]port default vlan 20
SW7
//创建VLAN 30 [SW7]vlan 30 //e001接口为trunk接口 [SW7]int e0/0/1 [SW7-Ethernet0/0/1]port link-type trunk [SW7-Ethernet0/0/1]port trunk allow-pass vlan all //e002接口为access接口,允许通过30 [SW7]int e0/0/2 [SW7-Ethernet0/0/2]port link-type access [SW7-Ethernet0/0/2]port default vlan 30
配置OSPF 全网通,ACL,nat实现内网PC机访问外网
R1上配置两条默认路由,以电信为主要出口 //R1 [R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2 preference 10 [R1]ip route-static 0.0.0.0 0 13.1.1.2 //OSPF1 [R1]ospf [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]network 10.11.11.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]network 10.12.12.0 0.0.0.255 R1配置本地内部网络下发默认路由 [R1]ospf [R1-ospf-1]default-route-advertise R1作为出口需要做NAT [R1]acl name NAT 2000 [R1-acl-basic-NAT]rule 10 permit source 10.1.10.0 0.0.0.255 [R1-acl-basic-NAT]rule 20 permit source 10.1.20.0 0.0.0.255 [R1-acl-basic-NAT]rule 30 permit source 10.2.30.0 0.0.0.255 [R1-acl-basic-NAT]rule 40 permit source 10.2.40.0 0.0.0.255 [R1-acl-basic-NAT]rule 50 deny //出接口开启 [R1-acl-basic-NAT]int g0/0/1 [R1-GigabitEthernet0/0/1]nat outbound 2000 [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]nat outbound 2000 OSPF2运行在设备R2,R3,R4之间 //R2 [R2]ospf 2 [R2-ospf-2]area 0 [R2-ospf-2-area-0.0.0.0]network 24.1.1.0 0.0.0.255 [R2-ospf-2-area-0.0.0.0]network 12.1.1.0 0.0.0.255 //修改连接模式为P-2-P [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ospf network-type p2p //R3 [R3]ospf 2 [R3-ospf-2]area 0 [R3-ospf-2-area-0.0.0.0]network 34.1.1.0 0.0.0.255 [R3-ospf-2-area-0.0.0.0]network 13.1.1.0 0.0.0.255 //修改连接模式为P-2-P [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ospf network-type p2p //R4 [R4]int l 0 [R4-LoopBack0]ip add 114.114.114.114 32 [R4]ospf 2 [R4-ospf-2]area 0 [R4-ospf-2-area-0.0.0.0]network 34.1.1.0 0.0.0.255 [R4-ospf-2-area-0.0.0.0]network 24.1.1.0 0.0.0.255 [R4-ospf-2-area-0.0.0.0]network 114.114.114.114 0.0.0.0 //修改连接模式为P-2-P [R4]int g0/0/0 [R4-GigabitEthernet0/0/0]ospf ne [R4-GigabitEthernet0/0/0]ospf network-type p2p [R4]int g0/0/1 [R4-GigabitEthernet0/0/1]ospf network-type p2p //DHCP [DHCP]ospf [DHCP-ospf-1]area 0 [DHCP-ospf-1-area-0.0.0.0]network 10.4.1.0 0.0.0.255 //SW1 [SW1]ospf [SW1-ospf-1]area 0 [SW1-ospf-1-area-0.0.0.0]network 10.11.11.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 10.3.15.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 10.2.15.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 10.4.1.0 0.0.0.255 //SW2 [SW2]ospf [SW2-ospf-1]area 0 [SW2-ospf-1-area-0.0.0.0]network 10.12.12.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 10.2.25.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 10.3.25.0 0.0.0.255 //SW3 [SW3]ospf [SW3-ospf-1]area 0 [SW3-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255 [SW3-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255 [SW3-ospf-1-area-0.0.0.0]network 10.1.10.0 0.0.0.255 //SW4 [SW4]ospf [SW4-ospf-1]area 0 [SW4-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255 [SW4-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255 [SW4-ospf-1-area-0.0.0.0]network 10.1.20.0 0.0.0.255 //SW5 [SW5]ospf [SW5-ospf-1]area 0 [SW5-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255 [SW5-ospf-1-area-0.0.0.0]network 10.2.25.0 0.0.0.255 [SW5-ospf-1-area-0.0.0.0]network 10.2.30.0 0.0.0.255 //单臂路由 [R6]ospf [R6-ospf-1]area 0 [R6-ospf-1-area-0.0.0.0]network 10.2.25.0 0.0.0.255 [R6-ospf-1-area-0.0.0.0]network 10.3.25.0 0.0.0.255 [R6-ospf-1-area-0.0.0.0]network 10.2.40.0 0.0.0.255
测试网络联通
PC4>ping 114.114.114.114 Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break From 114.114.114.114: bytes=32 seq=1 ttl=251 time=94 ms From 114.114.114.114: bytes=32 seq=2 ttl=251 time=63 ms --- 114.114.114.114 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 63/78/94 ms
仅运维部网络管理员可以管理所有网络设备
把这些loopback都宣告ospf,ospfRID使用这个管理地址,前面就应该做
//所有设备都配置loopback口,router为单数1.1.1.1 ,switch为双数11.11.11.11
//R1
[R1]int l 0
[R1-LoopBack0]ip add 1.1.1.1 32
//SW1
[SW1]int l 0
[SW1-LoopBack0]ip add 11.11.11.11 32
//SW2
[SW2]int l 0
[SW2-LoopBack0]ip add 12.12.12.12 32
//SW3
[SW3]int l 0
[SW3-LoopBack0]ip add 13.13.13.13 32
//SW4
[SW4]int l 0
[SW4-LoopBack0]ip add 14.14.14.14 32
//SW5
[SW5]int l 0
[SW5-LoopBack0]ip add 15.15.15.15 32
//SW6
[SW6]int l 0
[SW6-LoopBack0]ip add 16.16.16.16 32
//SW7
[SW7]int l 0
[SW7-LoopBack0]ip add 17.17.17.17 32
//SW8
[SW8]int l 0
[SW8-LoopBack0]ip add 18.18.18.18 32
//DHCP
[DHCP]int l 0
[DHCP-LoopBack0]ip add 5.5.5.5 32
//单臂路由
[R6]int l 0
[R6-LoopBack0]ip add 6.6.6.6 32
只想让IP部的运维人员进行管理设备,那么每一台设备都要写acl
acl name yunwei 2001
rule 10 permit source 10.2.30.0 0.0.0.255
rule 20 deny
每台设备都设置telnet,在远程接口下进行调用ACL
user-interface vty 0 4 authentication-mode aaa aaa local-user kk password cipher 123 privilege 15 local-user kk service-type telnet //在[RX-ui-vty0-4]接口下调用ACL,这种方式才可以 user-interface vty 0 4 [RX-ui-vty0-4]acl 2001 inbound
继续阅读
我的微信
这是我的微信扫一扫
评论