switchport mode trunk no shutdown exit interface aggregateport 1 //´´½¨¾ÛºÏ½Ó¿ÚAGI switchport mode access switchport mode trunk //ÅäÖÃAGģʽΪtrunk exit interface range fa 0/1-2 //½øÈë½Ó¿Ú0/1ºÍ0/2 port-group 1 //ÅäÖýӿÚ0/1ºÍ0/2ÊôÓÚAGI exit spanning-tree //¿ªÆôÉú³ÉÊ÷ÐÒé spanning-tree mode rstp //Ö¸¶¨Éú³ÉÊ÷ÐÒéµÄÀàÐÍΪRSTP interface vlan 40 //ÅäÖÃSVI ip address 172.16.40.1 255.255.255.0 no shutdown exit interface vlan 50 ip address 172.16.50.1 255.255.255.0 no shutdown exit interface vlan 60 ip address 172.16.60.1 255.255.255.0 no shutdown exit interface fa 0/24 no switchport ip address 20.2.2.2 255.255.255.0 no shutdown exit
interface fa 0/6 no switchport ip address 192.168.1.1 255.255.255.0 no shutdown exit ip route 0.0.0.0 0.0.0.0 20.2.2.1 inter range fa 0/5-23 //½øÈëÒ»×é¶Ë¿ÚµÄÅäÖÃģʽ switchport mode access switchport port-security //ÅäÖý»»»»úµÄ¶Ë¿Ú°²È«¹¦ÄÜ switchport port-security maximum 4 //ÉèÖÃ×î´óÔÊÐíÁ¬½ÓÊýÁ¿Îª4 switchport port-security violation shutdown //ÅäÖð²È«Î¥ÀýµÄ´¦Àí·½Ê½Îªshutdown exit inter vlan 10 standby 2 priority 200 //ÅäÖÃÓÅÏȼ¶ standby 2 ip 172.16.10.254 //ÅäÖÃvrrp×éºÍÐéÄâ·ÓÉÆ÷µÄIPµØÖ· inter vlan 20 standby 2 priority 160 //ÅäÖÃÓÅÏȼ¶ standby 2 ip 172.16.20.254 //ÅäÖÃvrrp×éºÍÐéÄâ·ÓÉÆ÷µÄIPµØÖ· inter vlan 30 standby 2 priority 120 //ÅäÖÃÓÅÏȼ¶ standby 2 ip 172.16.30.254 //ÅäÖÃvrrp×éºÍÐéÄâ·ÓÉÆ÷µÄIPµØÖ· Exit access-list 101 permit tcp 172.16.10.0 0.0.0.255 172.16.70.0 0.0.0.255 eq ftp //ÔÊÐí172.16.10.0Íø¶Î·ÃÎÊ172.16.70.0Íø¶ÎÉÏTCPÐÒéµÄFTP·þÎñÆ÷ access-list 101 deny tcp any 172.16.70.0 0.0.0.255 eq ftp //¾Ü¾øÈκÎÖ÷»ú·ÃÎÊ172.16.70.0Íø¶ÎÉÏTCPÐÒéµÄFTP·þÎñÆ÷ access-list 101 permit tcp any 172.16.70.0 0.0.0.255 eq www //ÔÊÐíÈκÎÖ÷»ú·ÃÎÊ172.16.70.0Íø¶ÎÉÏTCPÐÒéµÄFTP·þÎñÆ÷
access-list 101 permit ip any any interface fa0/6 //°Ñ±àºÅΪ101µÄÀ©Õ¹·ÃÎÊ¿ØÖÆÁбíÓ¦Óõ½fa0/6¶Ë¿Ú ip access-group 101 out exit config t Hostname r1 interface fa 0/0 //ÔÚÌØȨģʽϽøÈëF0/0¿Ú ip address 10.1.1.1 255.255.255.0 //¸øF0/0ÅäÖÃIPµØÖ· no shutdown exit interface fa 0/1 ip address 20.2.2.1 255.255.255.0 no shutdown exit interface se 0/1/0 //ÔÚÌØȨģʽϽøÈëS0/1/0¿Ú R1£¨×¢£º´Ë´úip address 172.16.1.1 255.255.255.0 //¸øS0/1/0ÅäÖÃIPµØÖ· ÂëÔÚÌØȨģclock rate 64000 //ÉèÖÃʱÖÓͬ²½ ʽÏÂÊäÈ룩 no shutdown exit router rip //´´½¨RIP·Óɽø³Ì version 2 //Æô¶¯RIP°æ±¾2½ø³Ì network 10.0.0.0 //·¢²¼×Ô¼ºËù¹ØÁªµÄÍøÂç network 20.0.0.0 //·¢²¼×Ô¼ºËù¹ØÁªµÄÍøÂç network 172.16.1.0 //·¢²¼×Ô¼ºËù¹ØÁªµÄÍøÂç ip route 0.0.0.0 0.0.0.0 10.1.1.2 //ÅäÖÃÒ»Ìõµ½´ïIPΪ10.1.1.2µÄÈÏ·ÓÉ ip route 0.0.0.0 0.0.0.0 20.2.2.2 //ÅäÖÃÒ»Ìõµ½´ïIPΪ20.2.2.2µÄĬÈÏ·ÓÉ ip route 0.0.0.0 0.0.0.0 172.16.1.2 username R2 password 0 123 //ÒÔ¶Ô·½µÄÖ÷»úÃû×÷ΪÓû§Ãû,ÃÜÂëΪ123 interface s0/1/0
encapsulation ppp //°Ñ¸Ã½Ó¿Ú·âװΪPPPÐÒé ppp authentication pap // PPPÆôÓÃPAP·½Ê½ÈÏÖ¤ config t Hostname r2 interface se 0/1/0 //ÔÚÌØȨģʽϽøÈëS0/1/0¿Ú ip address 100.1.1.1 255.255.255.0 //¸øS0/1/0ÅäÖÃIPµØÖ· clock rate 64000 no shutdown exit interface se 0/0/0 ip address 172.16.1.2 255.255.255.0 no shutdown exit crypto isakmp policy 10 // ipsecµÚÒ»½×¶Î£¬¶¨ÒåISAKMP²ßÂÔ R2£¨×¢£º´Ë´úencryption 3des //¼ÓÃÜ·½·¨Ê¹ÓÃ3des ÂëÔÚÌØȨģhash md5 //É¢ÁÐË㷨ʹÓÃmd5 ʽÏÂÊäÈ룩 authentication pre-share //ÈÏÖ¤·½·¨Ê¹ÓÃÔ¤¹²ÏíÃÜÔ¿ crypto isakmp key hx address 200.1.1.2 //½«ISAKMPÔ¤¹²ÏíÃÜÔ¿ºÍ¶ÔµÈÌå¹ØÁª£¬Ô¤¹²ÏíÃÜԿΪ¡°hx¡±¡£ crypto ipsec transform-set tim esp-3des esp-md5-hmac //ÉèÖÃipsecת»»(½»»»)¼¯¡£ access-list 101 permit ip 172.16.1.0 0.0.0.255 202.100.10.0 0.0.0.255 //´´½¨¸ÐÐËȤÊý¾ÝÁ÷ crypto map tom 10 ipsec-isakmp //ipsecµÚ¶þ½×¶Î,ÉèÖüÓÃÜͼ match address 101 set peer 200.1.1.2 //¼ÓÔظÐÐËȤÁ÷ set transform-set tim //ÉèÖöԵÈÌåµØÖ· interface se 0/1/0 crypto map tom //ÔÚ½Ó¿ÚÉÏÓ¦ÓüÓÃÜͼ router rip //´´½¨RIP·Óɽø³Ì
Ïà¹ØÍƼö£º
loading