ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.12.2 设置DHCP服务器IP
VPN (GRE) int t0
ip add 172.168.10.1 255.255.255.0 给T0配IP
t so s0/2 源,路由的出接口
t de 192.168.23.3 目的,对端的出接口IP,注意,要可达 t key 123456 T0口密码,两端要一致 exit
ip route 192.168.20.0 255.255.255.0 t0 用T0口写一条要到达网段的静态路由
int t0
ip add 172.168.10.3 255.255.255.0 t so s0/1
t de 192.168.12.1 t key 123456 exit
ip route 192.168.10.0 255.255.255.0 t0
VPN (IPSEC) R1
crypto ipsec transform-set SHENMA 设置转换集
transform-type esp-des esp-md5-hmac 转换集的加密方式
ip access-list extended 100 匹配感兴趣流
permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
crypto map HAN 10 ipsec-isakmp
set peer 192.168.23.3 设置对等体
set transform-set SHENMA 关联转换集 match address 100 关联感兴趣流
interface Serial0/2 进接口调用 crypto map HAN R3
crypto ipsec transform-set SHENMA 设置转换集
transform-type esp-des esp-md5-hmac 转换集的加密方式,两端要一致
ip access-list extended 100 匹配感兴趣流
permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
crypto map HAN 10 ipsec-isakmp
set peer 192.168.12.1 设置对等体
set transform-set SHENMA 关联转换集 match address 100 关联感兴趣流
interface Serial0/1 进接口调用 crypto map HAN
VPN (IKE)
crypto isakmp key SHENMA 192.168.23.3 255.255.255.0 设置公共用密钥 crypto isakmp policy 10 设置IKE策略 hash md5 au pre enc des group 1
lifetime 86400
crypto ipsec transform-set SHENMA 设置转换集 transform-type esp-Des esp-Md5-hmac
ip access-list extended 100 匹配感兴趣流
permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0
crypto map SHENMA 10 ipsec-isakmp 设置IPSEC加密映射 set peer 192.168.23.3
set transform-set SHENMA match address 100
int s0/2 调用到接口 crypto map SHENMA
QOS int g0/4
ip add 192.168.10.1 255.255.255.0 no shut
int g0/6
ip add 192.168.20.1 255.255.255.0 no shut int s0/1
ip add 192.168.12.1 255.255.255.0 phy spe 64000 no shut
ip route 0.0.0.0 0.0.0.0 192.168.12.2
ip access-list ex 1 定义ACL抓取流量
permit ip 192.168.10.0 255.255.255.0 2.2.2.0 255.255.255.0 ip access-list ex 2
permit ip 192.168.20.0 255.255.255.0 2.2.2.0 255.255.255.0
priority 1 protocol ip high list 1 写一个IP协议的优先列表,调用ACL 1里面的地址,级别为HIGH
priority 1 protocol ip low list 2 写一个IP协议的优先列表,调用ACL 2里面的地址,级别为LOW
int s0/1 进接口调用 priority 1 交换
banner motd 系统登录标题
telnet
telnet-server enable 开启TELNET
telnet-server max-connection 16 最大连接数 ssh
username ssh password 0 123456 ssh-server enable 开启SSH ssh-server timeout 60 连接超时时间
ssh-server max-connection 16 最大连接数 ssh-server authentication-retries 5 重连次数 ssh-server host-key create rsa 创建新的主机密钥
vrrp
1,首先要给所有的VLAN配上IP INT VLAN 10
IP ADD 192.168.10.1 255.255.255.0 NO SHUT
2,创建一个VRRP组 ROUTER VRRP 10
VIRTUAL-IP 192.168.10.254 给虚拟IP INT VLAN 10 关联VLAN
PRIORITY 120 给优先级(默认100) ENABLE 激活 STP SW1
spanning-tree 开启STP
spanning-tree mode mstp 改为MSTP模式 spanning-tree mst configurtaion 配置域 name shenma 域名
revision-level 3 修正级别
instance 1 vlan 10;20 在实例里面关联VLAN instance 2 vlan 30;40 exit
spanning-tree mst 1 priority 4096 给实例配置优先级,越小的级别越高 spanning-tree mst 2 priority 8192 SW2
spanning-tree 开启STP
spanning-tree mode mstp 改为MSTP模式 spanning-tree mst configurtaion 配置域 name shenma 域名
revision-level 3 修正级别
instance 1 vlan 10;20 在实例里面关联VLAN instance 2 vlan 30;40 exit
spanning-tree mst 1 priority 8192 给实例配置优先级,越小的级别越高 spanning-tree mst 2 priority 4096
SW21
spanning-tree 开启STP
spanning-tree mode mstp 改为MSTP模式 spanning-tree mst configurtaion 配置域 name shenma 域名
revision-level 3 修正级别
instance 1 vlan 10;20 在实例里面关联VLAN
instance 2 vlan 30;40
AM端口安全 am enable int e1/0/1 am port
am mac-ip-pool 0000.1111.2222 192.168.10.1
端口镜像
monitor session 1 source int e1/0/1 both monitor session 1 destination int e1/0/15 RIP
Router rip
Net 192.168.1.0/24
Router os 1
Net 192.168.1.0 0.0.0.255 ar 0 Acl
Firewall enable Ip access-list ex 100
Per ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
单臂路由 R1 int g0/5 no shut
interface GigaEthernet0/5.1 encapsulation dot1Q 100
ip address 192.168.10.1 255.255.255.0
interface GigaEthernet0/5.2 encapsulation dot1Q 200
ip address 192.168.20.1 255.255.255.0
interface GigaEthernet0/5.3 encapsulation dot1Q 300
ip address 192.168.30.1 255.255.255.0