匿名
尚未登入
登入
頂極製作所
搜尋
檢視 緯育 2026-0608 的原始碼
出自頂極製作所
命名空間
頁面
討論
更多
更多
頁面操作
閱讀
檢視原始碼
歷史
←
緯育 2026-0608
由於下列原因,您沒有權限進行編輯此頁面的動作:
您請求的操作只有這個群組的使用者能使用:
管理員
您可以檢視並複製此頁面的原始碼。
== 完整設定表 == * Client IP / Gateway ** Switch VLAN ** Access Port ** Trunk ** Router-on-a-stick ** Router Interface ** Static / Floating Static Route ** OSPF ** Default Route ** NAT / PAT ** Static NAT ** IPSec VPN ** ACL ** 最終驗證 === 一、終端設備 IP / Gateway 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | Client IP | S1 管理 IP | 狀態:完成<br>VLAN:99<br>IP:10.1.99.101<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>輸入指令:<br><code>conf t</code><br><code>interface vlan 99</code><br><code>ip address 10.1.99.101 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>ip default-gateway 10.1.99.254</code><br><br> |- | Client IP | S2 管理 IP | 狀態:完成<br>VLAN:99<br>IP:10.1.99.102<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>輸入指令:<br><code>conf t</code><br><code>interface vlan 99</code><br><code>ip address 10.1.99.102 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>ip default-gateway 10.1.99.254</code><br><br> |- | Client IP | Mgmt Server | 狀態:完成<br>IP:10.1.99.100<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.99.100</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.1.99.254</code> |- | Client IP | VLAN12-RD1 | 狀態:完成<br>部門:RD<br>VLAN:12<br>IP:10.1.12.17<br>Mask:255.255.255.240<br>Gateway:10.1.12.30<br>接線位置:S1 Fa0/11<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.12.17</code><br><code>Subnet Mask: 255.255.255.240</code><br><code>Default Gateway: 10.1.12.30</code> |- | Client IP | VLAN12-RD2 | 狀態:完成<br>部門:RD<br>VLAN:12<br>IP:10.1.12.18<br>Mask:255.255.255.240<br>Gateway:10.1.12.30<br>接線位置:S2 Fa0/11<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.12.18</code><br><code>Subnet Mask: 255.255.255.240</code><br><code>Default Gateway: 10.1.12.30</code> |- | Client IP | VLAN13-Sales1 | 狀態:完成<br>部門:Sales<br>VLAN:13<br>IP:10.1.13.25<br>Mask:255.255.255.248<br>Gateway:10.1.13.30<br>接線位置:S1 Fa0/15<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.13.25</code><br><code>Subnet Mask: 255.255.255.248</code><br><code>Default Gateway: 10.1.13.30</code> |- | Client IP | VLAN13-Sales2 | 狀態:完成<br>部門:Sales<br>VLAN:13<br>IP:10.1.13.26<br>Mask:255.255.255.248<br>Gateway:10.1.13.30<br>接線位置:S2 Fa0/15<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.13.26</code><br><code>Subnet Mask: 255.255.255.248</code><br><code>Default Gateway: 10.1.13.30</code> |- | Client IP | VLAN14-IT | 狀態:完成<br>部門:IT<br>VLAN:14<br>IP:10.1.14.65<br>Mask:255.255.255.224<br>Gateway:10.1.14.94<br>接線位置:S2 Fa0/19<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.14.65</code><br><code>Subnet Mask: 255.255.255.224</code><br><code>Default Gateway: 10.1.14.94</code> |- | Client IP | R2-Private | 狀態:完成<br>角色:Private Server<br>IP:172.16.100.101<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.101</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code> |- | Client IP | R2-DMZ | 狀態:完成<br>角色:DMZ Server<br>IP:172.16.100.102<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br>Static NAT 對應:171.69.233.209<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.102</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code> |- | Client IP | R2-Other | 狀態:完成<br>角色:Other Server<br>IP:172.16.100.103<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.103</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code> |- | Client IP | R3-PC1 | 狀態:完成<br>IP:10.3.1.10<br>Mask:255.255.255.0<br>Gateway:10.3.1.254<br>用途:IPSec VPN 遠端目的端<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.3.1.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.3.1.254</code> |- | Client IP | R3-PC2 | 狀態:完成<br>IP:10.3.2.10<br>Mask:255.255.255.0<br>Gateway:10.3.2.254<br>用途:Static / Floating Static Route 測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.3.2.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.3.2.254</code> |- | Client IP | R6-PC5 | 狀態:完成<br>IP:10.5.0.10<br>Mask:255.255.255.0<br>Gateway:10.5.0.254<br>用途:R6 PAT 測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.5.0.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.5.0.254</code> |- | Client IP | R6-PC6 | 狀態:完成<br>IP:10.6.0.10<br>Mask:255.255.255.0<br>Gateway:10.6.0.254<br>用途:IPSec VPN 本端來源<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.6.0.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.6.0.254</code> |- | Client IP | Internet WWW | 狀態:完成<br>IP:200.200.200.200<br>Mask:255.255.255.0<br>Gateway:200.200.200.254<br>用途:NAT / PAT 連外測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 200.200.200.200</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 200.200.200.254</code> |- | Client IP | Internet User | 狀態:完成<br>IP:201.201.201.201<br>Mask:255.255.255.0<br>Gateway:201.201.201.254<br>用途:Static NAT 外部測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 201.201.201.201</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 201.201.201.254</code> |} ---- === 二、Switch VLAN / Access Port / Trunk 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | VLAN | S1 建立 VLAN | 狀態:完成<br>VLAN12:RD<br>VLAN13:sales<br>VLAN14:IT<br>VLAN99:MGMT<br><br>輸入指令:<br><code>conf t</code><br><code>vlan 12</code><br><code>name RD</code><br><code>vlan 13</code><br><code>name sales</code><br><code>vlan 14</code><br><code>name IT</code><br><code>vlan 99</code><br><code>name MGMT</code><br><br> |- | VLAN | S2 建立 VLAN | 狀態:完成<br>VLAN12:RD<br>VLAN13:sales<br>VLAN14:IT<br>VLAN99:MGMT<br><br>輸入指令:<br><code>conf t</code><br><code>vlan 12</code><br><code>name RD</code><br><code>vlan 13</code><br><code>name sales</code><br><code>vlan 14</code><br><code>name IT</code><br><code>vlan 99</code><br><code>name MGMT</code><br><br> |- | Access Port | S1 Access Port | 狀態:完成<br>Fa0/11:VLAN12<br>Fa0/15:VLAN13<br>Fa0/21:VLAN99<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/11</code><br><code>switchport mode access</code><br><code>switchport access vlan 12</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/15</code><br><code>switchport mode access</code><br><code>switchport access vlan 13</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/21</code><br><code>switchport mode access</code><br><code>switchport access vlan 99</code><br><code>no shutdown</code><br><br> |- | Access Port | S2 Access Port | 狀態:完成<br>Fa0/11:VLAN12<br>Fa0/15:VLAN13<br>Fa0/19:VLAN14<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/11</code><br><code>switchport mode access</code><br><code>switchport access vlan 12</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/15</code><br><code>switchport mode access</code><br><code>switchport access vlan 13</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/19</code><br><code>switchport mode access</code><br><code>switchport access vlan 14</code><br><code>no shutdown</code><br><br> |- | Trunk | S1 to S2 | 狀態:完成<br>Trunk Port:Fa0/23 - 24<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface range fa0/23 - 24</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br> |- | Trunk | S2 to S1 | 狀態:完成<br>Trunk Port:Fa0/23 - 24<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface range fa0/23 - 24</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br> |- | Trunk | S1 to R1 | 狀態:完成<br>S1 Fa0/5 連接 R1 Fa0/0<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/5</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br> |} ---- === 三、Router-on-a-stick / Router 介面設定 (含等價網路平衡設定)=== {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | Router-on-a-stick | R1 Fa0/0 | 狀態:完成<br>用途:Trunk 母介面,不設定 IP<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>no shutdown</code><br><br> |- | Router-on-a-stick | R1 Fa0/0.2 | 狀態:完成<br>VLAN:12<br>Gateway:10.1.12.30/28<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.2</code><br><code>encapsulation dot1Q 12</code><br><code>ip address 10.1.12.30 255.255.255.240</code><br><br> |- | Router-on-a-stick | R1 Fa0/0.3 | 狀態:完成<br>VLAN:13<br>Gateway:10.1.13.30/29<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.3</code><br><code>encapsulation dot1Q 13</code><br><code>ip address 10.1.13.30 255.255.255.248</code><br><br> |- | Router-on-a-stick | R1 Fa0/0.4 | 狀態:完成<br>VLAN:14<br>Gateway:10.1.14.94/27<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.4</code><br><code>encapsulation dot1Q 14</code><br><code>ip address 10.1.14.94 255.255.255.224</code><br><br> |- | Router-on-a-stick | R1 Fa0/0.99 | 狀態:完成<br>VLAN:99<br>Gateway:10.1.99.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.99</code><br><code>encapsulation dot1Q 99</code><br><code>ip address 10.1.99.254 255.255.255.0</code><br><br> |- | Serial | R1 Serial0/0/0 | 狀態:完成<br>連線:R1 to R2<br>IP:192.168.123.1/30<br>Bandwidth:128K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.1 255.255.255.252</code><br><code>bandwidth 128</code><br><code>no shutdown</code><br><br> |- | Serial | R1 Serial0/0/1 | 狀態:完成<br>連線:R1 to R3<br>IP:192.168.123.5/30<br>Bandwidth:64K<br>Clock rate:64000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.5 255.255.255.252</code><br><code>bandwidth 64</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><br> |- | Internet | R1 Serial0/1/1 | 狀態:完成<br>連線:R1 to Internet Router<br>IP:193.16.1.254/30<br>用途:NAT outside、VPN peer<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/1/1</code><br><code>ip address 193.16.1.254 255.255.255.252</code><br><code>no shutdown</code><br><br> |- | Router Interface | R2 Fa0/0 | 狀態:完成<br>用途:Server 區 Gateway<br>IP:172.16.100.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 172.16.100.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |- | Serial | R2 Serial0/0/0 | 狀態:完成<br>連線:R2 to R1<br>IP:192.168.123.2/30<br>Bandwidth:128K<br>Clock rate:128000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.2 255.255.255.252</code><br><code>bandwidth 128</code><br><code>clock rate 128000</code><br><code>no shutdown</code><br><br> |- | Serial | R2 Serial0/0/1 | 狀態:完成<br>連線:R2 to R3<br>IP:192.168.123.9/30<br>Bandwidth:128K<br>Clock rate:128000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.9 255.255.255.252</code><br><code>bandwidth 128</code><br><code>clock rate 128000</code><br><code>no shutdown</code><br><br> |- | Router Interface | R3 Fa0/0 | 狀態:完成<br>用途:R3-PC1 Gateway<br>IP:10.3.1.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 10.3.1.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |- | Router Interface | R3 Fa0/1 | 狀態:完成<br>用途:R3-PC2 Gateway<br>IP:10.3.2.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip address 10.3.2.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |- | Serial | R3 Serial0/0/0 | 狀態:完成<br>連線:R3 to R1<br>IP:192.168.123.6/30<br>Bandwidth:64K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.6 255.255.255.252</code><br><code>bandwidth 64</code><br><code>no shutdown</code><br><br> |- | Serial | R3 Serial0/0/1 | 狀態:完成<br>連線:R3 to R2<br>IP:192.168.123.10/30<br>Bandwidth:128K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.10 255.255.255.252</code><br><code>bandwidth 128</code><br><code>no shutdown</code><br><br> |- | Router Interface | R6 Fa0/1 | 狀態:完成<br>用途:R6-PC5 Gateway、PAT inside<br>IP:10.5.0.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip address 10.5.0.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |- | Router Interface | R6 Fa0/0 | 狀態:完成<br>用途:R6-PC6 Gateway、VPN protected LAN<br>IP:10.6.0.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 10.6.0.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |- | Internet | R6 Serial0/0/0 | 狀態:完成<br>連線:R6 to Internet Router<br>IP:193.16.6.254/30<br>用途:NAT outside、VPN peer<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 193.16.6.254 255.255.255.252</code><br><code>no shutdown</code><br><br> |- | Internet Router | Internet Router 介面 | 狀態:完成<br>To R1:193.16.1.253/30<br>To R6:193.16.6.253/30<br>Internet WWW Gateway:200.200.200.254/24<br>Internet User Gateway:201.201.201.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 193.16.1.253 255.255.255.252</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>ip address 193.16.6.253 255.255.255.252</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/0</code><br><code>ip address 200.200.200.254 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/1</code><br><code>ip address 201.201.201.254 255.255.255.0</code><br><code>no shutdown</code><br><br> |} ---- === 四、Static Route / Floating Static Route / OSPF 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | Static Route | R1 to 10.3.2.0/24 主路由 | 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.6<br>AD:1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.6</code><br><br> |- | Floating Static Route | R1 to 10.3.2.0/24 備援路由 | 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.2<br>AD:2<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.2 2</code><br><br> |- | Static Route | R2 to 10.3.2.0/24 | 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.10<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.10</code><br><br> |- | Static Route | R2 to VLAN14 | 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.1</code><br><br> |- | Static Route | R3 to VLAN14 主路由 | 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.5<br>AD:1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.5</code><br><br> |- | Floating Static Route | R3 to VLAN14 備援路由 | 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.9<br>AD:2<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.9 2</code><br><br> |- | OSPF | R1 OSPF | 狀態:完成<br>Process ID:1<br>Router ID:192.168.99.1<br>主要方式:network 指令使用子網段<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.1 255.255.255.255</code><br><code>exit</code><br><code>router ospf 1</code><br><code>router-id 192.168.99.1</code><br><code>passive-interface default</code><br><code>no passive-interface serial0/0/0</code><br><code>no passive-interface serial0/0/1</code><br><code>network 192.168.123.0 0.0.0.3 area 0</code><br><code>network 192.168.123.4 0.0.0.3 area 0</code><br><code>network 10.1.12.16 0.0.0.15 area 0</code><br><code>network 10.1.13.24 0.0.0.7 area 0</code><br><code>network 10.1.99.0 0.0.0.255 area 0</code><br><code>network 192.168.99.1 0.0.0.0 area 0</code><br><br> |- | OSPF | R2 OSPF | 狀態:完成<br>Process ID:2<br>Router ID:192.168.99.2<br>主要方式:network 指令使用直連介面 IP<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.2 255.255.255.255</code><br><code>exit</code><br><code>router ospf 2</code><br><code>router-id 192.168.99.2</code><br><code>network 192.168.123.2 0.0.0.0 area 0</code><br><code>network 192.168.123.9 0.0.0.0 area 0</code><br><code>network 172.16.100.254 0.0.0.0 area 2</code><br><code>network 192.168.99.2 0.0.0.0 area 2</code><br><code>passive-interface fa0/0</code><br><br> |- | OSPF | R3 OSPF | 狀態:完成<br>Process ID:3<br>Router ID:192.168.99.3<br>主要方式:interface mode 啟動 OSPF<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.3 255.255.255.255</code><br><code>ip ospf 3 area 3</code><br><code>exit</code><br><code>interface fa0/0</code><br><code>ip ospf 3 area 3</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>ip ospf 3 area 0</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>ip ospf 3 area 0</code><br><code>exit</code><br><code>router ospf 3</code><br><code>router-id 192.168.99.3</code><br><code>passive-interface fa0/0</code><br><br> |- | OSPF Cost | Serial bandwidth | 狀態:完成<br>R1-R2:128K<br>R2-R3:128K<br>R1-R3:64K<br><br>R1 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 128</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 64</code><br><br><br><br>R2 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 128</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 128</code><br><br><br><br>R3 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 64</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 128</code><br><br> |- | Default Route | R1 Default Route | 狀態:完成<br>Default Route:0.0.0.0/0<br>Next-hop:193.16.1.253<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 0.0.0.0 0.0.0.0 193.16.1.253</code><br><br> |- | OSPF Default | R1 宣告 Default Route | 狀態:完成<br>目的:讓 R2 / R3 學到 O*E2 0.0.0.0/0<br><br>輸入指令:<br><code>conf t</code><br><code>router ospf 1</code><br><code>default-information originate</code><br><br> |- | Default Route | R6 Default Route | 狀態:完成<br>Default Route:0.0.0.0/0<br>Next-hop:193.16.6.253<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 0.0.0.0 0.0.0.0 193.16.6.253</code><br><br> |} ---- === 五、NAT / PAT / Static NAT 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | PAT | R1 VLAN12 PAT | 狀態:完成<br>Inside:Fa0/0.2<br>Outside:Serial0/1/1<br>ACL:10<br>Source:10.1.12.16/28<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.2</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>access-list 10 permit 10.1.12.16 0.0.0.15</code><br><code>ip nat inside source list 10 interface serial0/1/1 overload</code><br><br> |- | PAT | R6-PC5 PAT | 狀態:完成<br>Inside:Fa0/1<br>Outside:Serial0/0/0<br>ACL:10<br>Source:10.5.0.0/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>ip nat outside</code><br><code>exit</code><br><code>access-list 10 permit 10.5.0.0 0.0.0.255</code><br><code>ip nat inside source list 10 interface serial0/0/0 overload</code><br><br> |- | Dynamic NAT | R1 VLAN13 Dynamic NAT | 狀態:完成<br>Inside:Fa0/0.3<br>Outside:Serial0/1/1<br>ACL:20<br>Pool:171.69.233.210 - 171.69.233.222<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.3</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>no access-list 20</code><br><code>no ip nat inside source list 20 pool netpool</code><br><code>no ip nat pool netpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240</code><br><code>access-list 20 permit 10.1.13.24 0.0.0.7</code><br><code>ip nat pool natpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240</code><br><code>ip nat inside source list 20 pool natpool</code><br><br> |- | NAT Return Route | Internet Router | 狀態:完成<br>目的:回指 NAT 公有 IP 池<br>Public Pool:171.69.233.208/28<br>Next-hop:193.16.1.254<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 171.69.233.208 255.255.255.240 193.16.1.254</code><br><br> |- | Static NAT | R1 R2-DMZ Static NAT | 狀態:完成<br>Inside local:172.16.100.102<br>Inside global:171.69.233.209<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>no ip nat inside source static 172.16.100.103 171.69.233.209</code><br><code>ip nat inside source static 172.16.100.102 171.69.233.209</code><br><br> |} ---- === 六、IPSec VPN 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | VPN Phase 1 | R1 IKE Policy | 狀態:完成<br>Peer:193.16.6.254<br>PSK:SeCrEt<br>Encryption:3DES<br>Hash:SHA<br>DH Group:2<br>Lifetime:86400<br><br>輸入指令:<br><code>conf t</code><br><code>crypto isakmp policy 10</code><br><code>encr 3des</code><br><code>hash sha</code><br><code>authentication pre-share</code><br><code>group 2</code><br><code>lifetime 86400</code><br><code>exit</code><br><code>crypto isakmp key SeCrEt address 193.16.6.254</code><br><br> |- | VPN Phase 2 | R1 Crypto Map | 狀態:完成<br>Transform-set:ts16<br>Crypto ACL:110<br>Local:10.3.1.0/24<br>Remote:10.6.0.0/24<br>Peer:193.16.6.254<br><br>輸入指令:<br><code>conf t</code><br><code>crypto ipsec transform-set ts16 esp-aes 128 esp-md5-hmac</code><br><code>no access-list 110</code><br><code>access-list 110 permit ip 10.3.1.0 0.0.0.255 10.6.0.0 0.0.0.255</code><br><code>crypto map map16 10 ipsec-isakmp</code><br><code>set peer 193.16.6.254</code><br><code>set transform-set ts16</code><br><code>match address 110</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>crypto map map16</code><br><br> |- | VPN Phase 1 | R6 IKE Policy | 狀態:完成<br>Peer:193.16.1.254<br>PSK:SeCrEt<br>Encryption:3DES<br>Hash:SHA<br>DH Group:2<br>Lifetime:86400<br><br>輸入指令:<br><code>conf t</code><br><code>crypto isakmp policy 10</code><br><code>encr 3des</code><br><code>hash sha</code><br><code>authentication pre-share</code><br><code>group 2</code><br><code>lifetime 86400</code><br><code>exit</code><br><code>crypto isakmp key SeCrEt address 193.16.1.254</code><br><br> |- | VPN Phase 2 | R6 Crypto Map | 狀態:完成<br>Transform-set:ts61<br>Crypto ACL:110<br>Local:10.6.0.0/24<br>Remote:10.3.1.0/24<br>Peer:193.16.1.254<br><br>輸入指令:<br><code>conf t</code><br><code>crypto ipsec transform-set ts61 esp-aes 128 esp-md5-hmac</code><br><code>no access-list 110</code><br><code>access-list 110 permit ip 10.6.0.0 0.0.0.255 10.3.1.0 0.0.0.255</code><br><code>crypto map map61 10 ipsec-isakmp</code><br><code>set peer 193.16.1.254</code><br><code>set transform-set ts61</code><br><code>match address 110</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>crypto map map61</code><br><br> |- | VPN 查修備註 | R6 重掛 Crypto Map | 狀態:備註<br>用途:若 ACL 110 有 match,但 encaps / decaps 仍為 0,可重掛 crypto map 後重新 ping 觸發。<br><br>查修指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>no crypto map map61</code><br><code>crypto map map61</code><br><br> |} ---- === 七、Extended ACL 100 / SSH ACL 設定 === {| class="wikitable" style="width:100%;" ! style="width:12%;" | 階段 ! style="width:18%;" | 設備 / 項目 ! 設定內容與輸入指令 |- | Extended ACL | R2 ACL 100 | 狀態:完成<br>套用介面:R2 Fa0/0<br>方向:out<br>R2-Private:172.16.100.101<br>R2-DMZ:172.16.100.102<br><br>輸入指令:<br><code>conf t</code><br><code>no access-list 100</code><br><code>access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 20</code><br><code>access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 21</code><br><code>access-list 100 deny ip 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0</code><br><code>access-list 100 deny ip 10.0.0.0 0.255.255.255 172.16.100.101 0.0.0.0</code><br><code>access-list 100 permit tcp any 172.16.100.102 0.0.0.0 eq 80</code><br><code>access-list 100 permit icmp any 172.16.100.102 0.0.0.0</code><br><code>access-list 100 deny ip any 172.16.100.102 0.0.0.0</code><br><code>interface fa0/0</code><br><code>ip access-group 100 out</code><br><br> |- | SSH ACL | R3 SSH 管理限制 | 狀態:完成<br>目的:只允許 VLAN14 IT SSH 到 R3<br>Username:user<br>Password:123<br>Domain:ckc.com<br>RSA:1024<br>ACL:12<br>Allowed Source:10.1.14.64/27<br><br>輸入指令:<br><code>conf t</code><br><code>username user password 123</code><br><code>ip domain-name ckc.com</code><br><code>crypto key generate rsa</code><br><code>1024</code><br><code>ip ssh version 2</code><br><code>access-list 12 permit 10.1.14.64 0.0.0.31</code><br><code>line vty 0 5</code><br><code>login local</code><br><code>transport input ssh</code><br><code>access-class 12 in</code><br><code>exit</code><br><code>line vty 6 15</code><br><code>transport input none</code><br><code>exit</code><br><br> |} == 人工智慧 Prompt ==
返回到「
緯育 2026-0608
」。
* [[檔案:2000-Dragon-30.png|15px]] [[附近走走]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[應用程式]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[郵遞區號]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[作品紀錄]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[攝影相簿]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[網路書籤]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[網路照片]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[星艦日誌]]<br> * [[檔案:2000-Dragon-30.png|15px]] [[Privacy_Policy|隱私政策]]<br>
附近走走
應用程式
郵遞區號
作品紀錄
攝影相簿
網路書籤
網路照片
星艦日誌
隱私政策
首頁
wiki工具
wiki工具
特殊頁面
頁面工具
頁面工具
使用者頁面工具
更多
連結至此的頁面
相關變更
頁面資訊
頁面日誌
