「緯育 2026-0608」修訂間的差異
出自頂極製作所
(→R6) |
(→R6) |
||
| 行 320: | 行 320: | ||
== R6 == | == R6 == | ||
* no ip domain-lookup | * no ip domain-lookup | ||
* | * hostname R6 | ||
* Loopback0 | |||
* | |||
** interface loopback0 | ** interface loopback0 | ||
** ip address 192.168.99.6 255.255.255.255 | ** ip address 192.168.99.6 255.255.255.255 | ||
** exit | ** exit | ||
* Fa0/1 | |||
** interface fastEthernet0/1 | |||
** ip address 10.5.0.254 255.255.255.0 | |||
** no shutdown | |||
* Fa0/0 | |||
** interface fastEthernet0/0 | |||
** ip address 10.6.0.254 255.255.255.0 | |||
** no shutdown | |||
* Serial 0/0/0 | |||
** interface serial0/0/0 | |||
** description WAN_to_Internet | |||
** ip address 193.16.6.254 255.255.255.252 | |||
** no shutdown | |||
** exit | |||
* Internet Router 對面:193.16.6.253/30 | |||
* R6 指令集: | |||
* R6-PC5 | * R6-PC5 | ||
** interface fastEthernet0/1 | ** interface fastEthernet0/1 | ||
| 行 356: | 行 358: | ||
** exit | ** exit | ||
** ip route 0.0.0.0 0.0.0.0 193.16.6.253 | ** ip route 0.0.0.0 0.0.0.0 193.16.6.253 | ||
** | |||
=== 單機設定 === | |||
* R6-PC5:10.5.0.10/24 | |||
** IP Address:10.5.0.10 | |||
** Subnet Mask:255.255.255.0 | |||
** Default Gateway:10.5.0.254 | |||
* R6-PC6:10.6.0.10/24 | |||
** IP Address:10.6.0.10 | |||
** Subnet Mask:255.255.255.0 | |||
** Default Gateway:10.6.0.254 | |||
== Internet == | == Internet == | ||
於 2026年5月12日 (二) 11:24 的修訂
S1
- VLAN12
- vlan 12
- name RD
- VLAN13
- vlan 13
- name sales
- VLAN99
- vlan 99
- name MGMT
- interface vlan 99
- switchport mode access
- switchport access vlan 99
- no shutdown
- exit
- interface vlan 99
- ip address 10.1.99.101 255.255.255.0
- no shutdown
- trunk allowed VLAN
- interface range fa0/23 - 24
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
- ip default-gateway 10.1.99.254
- exit
- S1 to R1 Trunk
- configure terminal
- interface fa0/5
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
- exit
- interface fa0/21
- switchport mode access
- switchport access vlan 99
- no shutdown
單機設定
- S1 網管 IP
- 10.1.99.101
- 255.255.255.0
- 10.1.99.254
- VLAN12-RD1
- 10.1.12.17
- 255.255.255.240
- 10.1.12.30
- VLAN13-Sales1
- 10.1.13.25
- 255.255.255.248
- 10.1.13.30
- VLAN14-IT
- 10.1.14.65
- 255.255.255.224
- 10.1.14.94
- Mgmt Server IP
- 10.1.99.100
- 255.255.255.0
- 10.1.99.254
S2
- VLAN12
- vlan 12
- name RD
- Fa0/11
- interface fa0/11
- switchport mode access
- switchport access vlan 12
- no shutdown
- VLAN13
- vlan 13
- name sales
- VLAN99
- vlan 99
- name MGMT
- exit
- interface vlan 99
- ip address 10.1.99.102 255.255.255.0
- no shutdown
- exit
- ip default-gateway 10.1.99.254
- trunk allowed VLAN
- interface range fa0/23 - 24
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
單機設定
- S2 IP
- 10.1.99.102
- 255.255.255.0
- 10.1.99.254
- VLAN12-RD2
- 10.1.12.18
- 255.255.255.240
- 10.1.12.30
- VLAN13-Sales2
- 10.1.13.26
- 255.255.255.248
- 10.1.13.30
- VLAN14-IT
- 10.1.14.65
- 255.255.255.224
- 10.1.14.94
R1
- no ip domain-lookup
- Fa0/0
- interface fa0/0
- no shutdown
- Serial 0/0/0
- interface serial0/0/0
- bandwidth 128
- Serial 0/0/1
- interface serial0/0/1
- ip address 192.168.123.5 255.255.255.252
- bandwidth 64
- clock rate 64000
- no shutdown
- exit
- router ospf 1
- no passive-interface serial0/0/1
- network 192.168.123.4 0.0.0.3 area 0
- 子介面
- interface fa0/0.2
- encapsulation dot1Q 12
- ip address 10.1.12.30 255.255.255.240
- interface fa0/0.3
- encapsulation dot1Q 13
- ip address 10.1.13.30 255.255.255.248
- interface fa0/0.4
- encapsulation dot1Q 14
- ip address 10.1.14.94 255.255.255.224
- interface fa0/0.99
- encapsulation dot1Q 99
- ip address 10.1.99.254 255.255.255.0
- no shutdown
- R1 to R3 靜態路由
- ip route 10.3.2.0 255.255.255.0 192.168.123.6
- exit
- R1 to R2 靜態路由備援
- ip route 10.3.1.0 255.255.255.0 192.168.123.2 2
- exit
- OSPF
- Loopback0
- 192.168.99.1 255.255.255.255
- router ospf 1
- router-id 192.168.99.1
- passive-interface default
- no passive-interface serial0/0/0
- no passive-interface serial0/0/1
- network 192.168.123.0 0.0.0.3 area 0
- network 192.168.123.4 0.0.0.3 area 0
- network 10.1.12.16 0.0.0.15 area 0
- network 10.1.13.24 0.0.0.7 area 0
- network 10.1.99.0 0.0.0.255 area 0
- network 192.168.99.1 0.0.0.0 area 0
- R1 把 VLAN99 加入 OSPF Area 0
- router ospf 1
- network 10.1.99.0 0.0.0.255 area 0
- 對接 Internet
- interface serial0/1/1
- ip address 193.16.1.254 255.255.255.252
- no shutdown
- end
- write
R2
- no ip domain-lookup
- R2 to R3
- interface s0/0/1
- ip address 192.168.123.9 255.255.255.252
- bandwidth 128
- clock rate 128000
- no shutdown
- exit
- Fa0/0
- interface fa0/0
- ip address 172.16.100.254 255.255.255.0
- no shutdown
- exit
- R2 to R3 靜態路由備援
- ip route 10.3.1.0 255.255.255.0 192.168.123.10
- ip route 10.3.2.0 255.255.255.0 192.168.123.10
- 滿足VLAN 14 IT 的路由:ip route 10.1.14.64 255.255.255.224 192.168.123.1
- exit
- OSPF
- interface loopback0
- ip address 192.168.99.2 255.255.255.255
- router ospf 2
- router-id 192.168.99.2
- network 192.168.123.2 0.0.0.0 area 0
- network 192.168.123.9 0.0.0.0 area 0
- network 172.16.100.254 0.0.0.0 area 2
- network 192.168.99.2 0.0.0.0 area 2
- passive-interface fa0/0
- 等價路由特別設定
- interface serial0/0/0
- bandwidth 128000
- exit
- interface serial0/0/1
- bandwidth 128000
- no shutdown
- exit
- router ospf 2
- network 192.168.123.9 0.0.0.0 area 0
- no passive-interface serial0/0/1
單機設定
- R2-Server1
- 172.16.100.101
- 255.255.255.0
- 172.16.100.254
- R2-Server2
- 172.16.100.102
- 255.255.255.0
- 172.16.100.254
- R2-Private
- 172.16.100.103
- 255.255.255.0
- 172.16.100.254
R3
- no ip domain-lookup
- Serial 0/0/1
- interface serial0/0/1
- no shutdown
- R3 to R2
- interface s0/0/1
- ip address 192.168.123.10 255.255.255.252
- no shutdown
- R3 to R1 靜態路由
- ip route 10.1.14.64 255.255.255.224 192.168.123.5
- R1 to R3 靜態路由備援
- ip route 10.1.14.64 255.255.255.224 192.168.123.9 2
- exit
- Fa0/0
- interface fa0/0
- ip address 10.3.1.254 255.255.255.0
- ip ospf 3 area 0
- no shutdown
- end
- F0/1
- interface fa0/1
- ip address 10.3.2.254 255.255.255.0
- no shutdown
- end
- OSPF
- interface loopback0
- ip address 192.168.99.3 255.255.255.255
- ip ospf 3 area 3
- exit
- router ospf 3
- router-id 192.168.99.3
- Serial 0/0/0
- interface serial0/0/0
- no shutdown
- ip ospf 3 area 0
- exit
- R3 Serial 加入 Area 0
- interface serial0/0/0
- ip address 192.168.123.6 255.255.255.252
- bandwidth 64
- no shutdown
- ip ospf 3 area 0
- exit
- interface serial0/0/1
- ip address 192.168.123.10 255.255.255.252
- bandwidth 128
- ip ospf 3 area 0
- no shutdown
- R3 OSPF process
- router ospf 3
- passive-interface fa0/0
- 接上 Internet Router 要補:
- ip route 10.5.0.0 255.255.255.0 192.168.123.5
- ip route 10.6.0.0 255.255.255.0 192.168.123.5
- ip route 0.0.0.0 0.0.0.0 192.168.123.5
- end
- 等價路由特別設定
- interface serial0/0/0
- bandwidth 64
- exit
- interface serial0/0/1
- bandwidth 128
- exit
單機設定
- R3-PC1
- 10.3.2.10
- 255.255.255.0
- 10.3.2.254
- R3-PC2
- 10.3.2.10
- 255.255.255.0
- 10.3.2.254
ACL
- ACL 設定條件
- 把 telnet 改成 SSH 連線。
- 只允許 IT 部門 (也就是 VLAN 14 的網段 10.1.14.64/27) 使用 SSH 遠端連入。
- 到該網路設備做網管,可同時允許 6 條 SSH sessions 連入 R3。
- SSH 條件:
- username user
- password 123
- 網址 ckc.com
- crypto 1024
- ACL 指令
- username user password 123
- ip domain-name ckc.com
- crypto key generate rsa
- 1024
- ip ssh version 2
- access-list 12 permit 10.1.14.64 0.0.0.31
- line vty 0 5
- login local
- transport input ssh
- access-class 12 in
- exit
- line vty 6 15
- transport input none
- exit
- end
R6
- no ip domain-lookup
- hostname R6
- Loopback0
- interface loopback0
- ip address 192.168.99.6 255.255.255.255
- exit
- Fa0/1
- interface fastEthernet0/1
- ip address 10.5.0.254 255.255.255.0
- no shutdown
- Fa0/0
- interface fastEthernet0/0
- ip address 10.6.0.254 255.255.255.0
- no shutdown
- Serial 0/0/0
- interface serial0/0/0
- description WAN_to_Internet
- ip address 193.16.6.254 255.255.255.252
- no shutdown
- exit
- Internet Router 對面:193.16.6.253/30
- R6 指令集:
- R6-PC5
- interface fastEthernet0/1
- ip address 10.5.0.254 255.255.255.0
- no shutdown
- exit
- R6-PC6
- interface fastEthernet0/0
- ip address 10.6.0.254 255.255.255.0
- no shutdown
- exit
- 對接 R1
- interface serial0/0/0
- ip address 193.16.6.254 255.255.255.252
- no shutdown
- exit
- ip route 0.0.0.0 0.0.0.0 193.16.6.253
單機設定
- R6-PC5:10.5.0.10/24
- IP Address:10.5.0.10
- Subnet Mask:255.255.255.0
- Default Gateway:10.5.0.254
- R6-PC6:10.6.0.10/24
- IP Address:10.6.0.10
- Subnet Mask:255.255.255.0
- Default Gateway:10.6.0.254
Internet
- no ip domain-lookup
- hostname Internet
- 對接 R6
- interface serial0/0/1
- ip address 193.16.6.253 255.255.255.252
- clock rate 64000
- no shutdown
- exit
- Internet_WWW
- interface fastEthernet0/0
- ip address 200.200.200.254 255.255.255.0
- no shutdown
- exit
- Internet_User
- interface fastEthernet0/1
- ip address 201.201.201.254 255.255.255.0
- no shutdown
- exit
- 對接 R1
- interface serial0/0/0
- ip address 193.16.1.253 255.255.255.252
- clock rate 64000
- no shutdown
- exit
- 各段路由
- ip route 10.1.12.16 255.255.255.240 193.16.1.254
- ip route 10.1.13.24 255.255.255.248 193.16.1.254
- ip route 10.1.14.64 255.255.255.224 193.16.1.254
- ip route 10.1.99.0 255.255.255.0 193.16.1.254
- ip route 10.3.1.0 255.255.255.0 193.16.1.254
- ip route 10.3.2.0 255.255.255.0 193.16.1.254
- ip route 172.16.100.0 255.255.255.0 193.16.1.254
- ip route 192.168.99.0 255.255.255.0 193.16.1.254
- ip route 10.5.0.0 255.255.255.0 193.16.6.254
- ip route 10.6.0.0 255.255.255.0 193.16.6.254
- do write
- Internet WWW
- IP Address:200.200.200.200
- Subnet Mask:255.255.255.0
- Default Gateway:200.200.200.254
- Internet User
- IP Address:201.201.201.201
- Subnet Mask:255.255.255.0
- Default Gateway:201.201.201.254
