作者:五柳狂少
我们先来看拓扑需求Direct link between the link configuration and SW2 polymerization 1.SW1
2. The internal segment of business and Vlan10 Vlan20; Vlan10 market portion, Vlan20 technical unit required to be named to identify Vlan; PC1 belonging Vlan10, PC2 belong Vlan20, Vlan30 for OSPF adjacencies are established SW1 and SW2; SW1 and R1 VLAN 111 is interconnected Vlan, Vlan222 Internet and R2 is SW2 of Vlan
3. configure all ports connected to the switch is Trunk, the relevant traffic allowed through
4 connected to the switch PC port is configured as an edge port
5. Follow the picture and sub-regional configure OSPF achieve the company's internal network the whole network interoperability, ABR announce the loopback interface into the backbone area; business segment does not allow protocol packets
to configure the default route 6.R1 point to the Internet, and introduced into the OSPF
7.R1 two-wire connection to the Internet, the configuration PPP-MP, and configure the bidirectional authentication chap
8. configuration EASY IP, and 192.168.2.0/24 192.168.1.0/24 data only service segment R1 stream can be accessed via the Internet
9.R1 open TELNET remote management, user login abc, abc password, allowing only R1 remote management technology
Experimental procedure:
SW3 are:
interface Ethernet0 / 0 /. 1
Port Link-type Trunk
Port VLAN 10 Trunk 20 is the allow-Pass
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
interface Ethernet0/0/3
port link-type access
port default vlan 10
Ethernet0 interface / 0 /. 4
Port-type Link Access
Port VLAN 20 is default
VLAN 10
Description JSB and the VLAN // NOTE
VLAN 20 is
Description CWB and the VLAN // NOTE
SW1:
interface Vlanif10
ip address 192.168.1.254 255.255.255.0
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
interface Vlanif30
ip address 10.1.21.11 255.255.255.0
interface Vlanif111
ip address 10.1.11.11 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 111
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
OSPF configuration
OSPF-Router ID. 1 10.1.1.1
Silent-interface the GigabitEthernet0 / 0/2 // keep silent Interface OSPF packets transmitted at this interface in
Area 0.0.0.1
Network 192.168.1.254 0.0.0.0
Network 192.168.2.253 0.0.0.0
10.1.11.11 0.0.0.0 Network
Network 10.1.21.11 0.0.0.0
Network 10.1.1.1 0.0.0.0
Rth configuration
interface Trunk1 the Eth-
Port-type Link Trunk
Port VLAN Trunk Pass the allow-222 // 10 to make this link may be polymerized by a VLAN
SW2:
Interface Configuration
interface Vlanif10
ip address 192.168.1.253 255.255.255.0
interface Vlanif20
ip address 192.168.2.254 255.255.255.0
interface Vlanif30
ip address 10.1.21.22 255.255.255.0
interface Vlanif222
ip address 10.1.22.22 255.255.255.0
interface Eth-Trunk1 //聚合链路
port link-type trunk
port trunk allow-pass vlan 10 to 222
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type access
interface GigabitEthernet0/0/3
eth-trunk 1
interface GigabitEthernet0/0/4
eth-trunk 1
OSPF配置
ospf 1 router-id 10.2.2.2
silent-interface GigabitEthernet0/0/1
area 0.0.0.1
network 192.168.1.253 0.0.0.0
network 192.168.2.254 0.0.0.0
network 10.1.21.22 0.0.0.0
network 10.1.22.22 0.0.0.0
network 10.2.2.2 0.0.0.0
AR1:
ACL configuration
acl number 2000 // The ACL is for the nat
rule Source 5 in permit 192.168.1.0 0.0.0.255
rule 10 in permit 192.168.2.0 0.0.0.255 Source
rule 15 deny
acl 2005 // Number The ACL is for this TELNET
rule 5 Source 192.168.1.0 0.0.0.255 the permit
rule Source 10 the permit 192.168.2.0 0.0.0.255
Interface Configuration
interface the GigabitEthernet0 / 0/0
IP address 255.255.255.0 10.1.12.1
interface GigabitEthernet0/0/1
ip address 10.1.11.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.1.13.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
// do chan mutual authentication by the PPP
interface serial1 / 0/0
Link Protocol PPP-
PPP CHAP authentication-MODE
PPP CHAP User ZZW
PPP CHAP password cipher 123
PPP-MP Mp Group 0/0/1
interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
Mp-GROUP0 interface / 0 /. 1
IP address 202.100.1.1 255.255.255.0
NAT outbound 2000
// polymerization in the mode ppp
// remote access
the User-interface vty 0 4
acl 2005 inbound
authentication-the MODE aaa
OSPF configuration
OSPF-Router ID. 1 1.1.1.1
default-route-advertise // default route into which OSPF
Area 0.0.0.0
Network 1.1.1.1 0.0.0.0
Network 10.1.12.1 0.0.0.0
Network 10.1.13.1 0.0.0.0
Area 0.0.0.1
Network 10.1.11.1 0.0.0.0
ip route-static 0.0.0.0 0.0.0.0 202.100.1.2
AR2
interface configuration
G0 / 0/0: 10.1.12.2/24
G0 / 0 /. 1: 10.1.23.2/24
G0 / 0/2: 10.1.22.2/24
lo0: 2.2.2.2/32
OSPF configuration
OSPF-Router ID. 1 2.2.2.2
default-route-advertise // default route into which OSPF
Area 0.0.0.0
Network 2.2.2.2 0.0.0.0
Network 10.1.12.2 0.0.0.0
Network 10.1.23.2 0.0. 0.0
Area 0.0.0.1
Network 10.1.22.2 0.0.0.
AR3
interface configuration
interface the GigabitEthernet0 / 0/0
IP address 192.168.3.254 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.1.23.3 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.1.13.3 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
OSPF配置
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.13.3 0.0.0.0
network 10.1.23.3 0.0.0.0
network 192.168.3.254 0.0.0.0
AR Internet
interface Mp-group0/0/1
ip address 202.100.1.2 255.255.255.0
interface Serial1/0/0
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface Serial1/0/1
link-protocol ppp
ppp authentication-mode chap
ppp chap user zzw
ppp chap password cipher 123
ppp mp Mp-group 0/0/1
interface LoopBack0
ip address 100.1.1.1 255.255.255.255