「緯育 2026-0608」修訂間的差異

出自頂極製作所
→‎R6
標籤手動回退
 
(未顯示同一使用者於中間所作的 84 次修訂)
行 1: 行 1:
== S2 ==
== 完整設定表 ==
* S2 IP
* Client IP / Gateway
** 10.1.99.102
** Switch VLAN
** 255.255.255.0
** Access Port
** 10.1.99.254
** Trunk
* VLAN12-RD2
** Router-on-a-stick
** 10.1.12.18
** Router Interface
** 255.255.255.240
** Static / Floating Static Route
** 10.1.12.30
** OSPF
* VLAN13-Sales2
** Default Route
** 10.1.13.26
** NAT / PAT
** 255.255.255.248
** Static NAT
** 10.1.13.30
** IPSec VPN
* VLAN14-IT
** ACL
** 10.1.14.65
** 最終驗證
** 255.255.255.224
** 10.1.14.94


== S1 ==
=== 一、終端設備 IP / Gateway 設定 ===
* S1 網管 IP
** 10.1.99.101
** 255.255.255.0
** 10.1.99.254
* VLAN12-RD1
** 10.1.12.17
** 255.255.255.240
** 10.1.12.30
* VLAN13-Sales1
** 10.1.13.25
** 255.255.255.248
** 10.1.13.30
* Mgmt Server IP
** 10.1.99.100
** 255.255.255.0
** 10.1.99.254


== R1 ==
{| class="wikitable" style="width:100%;"
* no ip domain-lookup
! style="width:12%;" | 階段
* Loopback0:192.168.99.1
! style="width:18%;" | 設備 / 項目
* Fa0/0
! 設定內容與輸入指令
** interface fa0/0
|-
** no shutdown
| Client IP
*子介面
| S1 管理 IP
** interface fa0/0.2
| 狀態:完成<br>VLAN:99<br>IP:10.1.99.101<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>輸入指令:<br><code>conf t</code><br><code>interface vlan 99</code><br><code>ip address 10.1.99.101 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>ip default-gateway 10.1.99.254</code><br><br>
** encapsulation dot1Q 12
|-
** ip address 10.1.12.30 255.255.255.240
| Client IP
** interface fa0/0.3
| S2 管理 IP
** encapsulation dot1Q 13
| 狀態:完成<br>VLAN:99<br>IP:10.1.99.102<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>輸入指令:<br><code>conf t</code><br><code>interface vlan 99</code><br><code>ip address 10.1.99.102 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>ip default-gateway 10.1.99.254</code><br><br>
** ip address 10.1.13.30 255.255.255.248
|-
** interface fa0/0.4
| Client IP
** encapsulation dot1Q 14
| Mgmt Server
** ip address 10.1.14.94 255.255.255.224
| 狀態:完成<br>IP:10.1.99.100<br>Mask:255.255.255.0<br>Gateway:10.1.99.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.99.100</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.1.99.254</code>
** interface fa0/0.99
|-
** encapsulation dot1Q 99
| Client IP
** ip address 10.1.99.254 255.255.255.0
| VLAN12-RD1
| 狀態:完成<br>部門:RD<br>VLAN:12<br>IP:10.1.12.17<br>Mask:255.255.255.240<br>Gateway:10.1.12.30<br>接線位置:S1 Fa0/11<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.12.17</code><br><code>Subnet Mask: 255.255.255.240</code><br><code>Default Gateway: 10.1.12.30</code>
|-
| Client IP
| VLAN12-RD2
| 狀態:完成<br>部門:RD<br>VLAN:12<br>IP:10.1.12.18<br>Mask:255.255.255.240<br>Gateway:10.1.12.30<br>接線位置:S2 Fa0/11<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.12.18</code><br><code>Subnet Mask: 255.255.255.240</code><br><code>Default Gateway: 10.1.12.30</code>
|-
| Client IP
| VLAN13-Sales1
| 狀態:完成<br>部門:Sales<br>VLAN:13<br>IP:10.1.13.25<br>Mask:255.255.255.248<br>Gateway:10.1.13.30<br>接線位置:S1 Fa0/15<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.13.25</code><br><code>Subnet Mask: 255.255.255.248</code><br><code>Default Gateway: 10.1.13.30</code>
|-
| Client IP
| VLAN13-Sales2
| 狀態:完成<br>部門:Sales<br>VLAN:13<br>IP:10.1.13.26<br>Mask:255.255.255.248<br>Gateway:10.1.13.30<br>接線位置:S2 Fa0/15<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.13.26</code><br><code>Subnet Mask: 255.255.255.248</code><br><code>Default Gateway: 10.1.13.30</code>
|-
| Client IP
| VLAN14-IT
| 狀態:完成<br>部門:IT<br>VLAN:14<br>IP:10.1.14.65<br>Mask:255.255.255.224<br>Gateway:10.1.14.94<br>接線位置:S2 Fa0/19<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.1.14.65</code><br><code>Subnet Mask: 255.255.255.224</code><br><code>Default Gateway: 10.1.14.94</code>
|-
| Client IP
| R2-Private
| 狀態:完成<br>角色:Private Server<br>IP:172.16.100.101<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.101</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code>
|-
| Client IP
| R2-DMZ
| 狀態:完成<br>角色:DMZ Server<br>IP:172.16.100.102<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br>Static NAT 對應:171.69.233.209<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.102</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code>
|-
| Client IP
| R2-Other
| 狀態:完成<br>角色:Other Server<br>IP:172.16.100.103<br>Mask:255.255.255.0<br>Gateway:172.16.100.254<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 172.16.100.103</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 172.16.100.254</code>
|-
| Client IP
| R3-PC1
| 狀態:完成<br>IP:10.3.1.10<br>Mask:255.255.255.0<br>Gateway:10.3.1.254<br>用途:IPSec VPN 遠端目的端<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.3.1.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.3.1.254</code>
|-
| Client IP
| R3-PC2
| 狀態:完成<br>IP:10.3.2.10<br>Mask:255.255.255.0<br>Gateway:10.3.2.254<br>用途:Static / Floating Static Route 測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.3.2.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.3.2.254</code>
|-
| Client IP
| R6-PC5
| 狀態:完成<br>IP:10.5.0.10<br>Mask:255.255.255.0<br>Gateway:10.5.0.254<br>用途:R6 PAT 測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.5.0.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.5.0.254</code>
|-
| Client IP
| R6-PC6
| 狀態:完成<br>IP:10.6.0.10<br>Mask:255.255.255.0<br>Gateway:10.6.0.254<br>用途:IPSec VPN 本端來源<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 10.6.0.10</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 10.6.0.254</code>
|-
| Client IP
| Internet WWW
| 狀態:完成<br>IP:200.200.200.200<br>Mask:255.255.255.0<br>Gateway:200.200.200.254<br>用途:NAT / PAT 連外測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 200.200.200.200</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 200.200.200.254</code>
|-
| Client IP
| Internet User
| 狀態:完成<br>IP:201.201.201.201<br>Mask:255.255.255.0<br>Gateway:201.201.201.254<br>用途:Static NAT 外部測試<br><br>設定位置:Desktop → IP Configuration<br><code>IP Address: 201.201.201.201</code><br><code>Subnet Mask: 255.255.255.0</code><br><code>Default Gateway: 201.201.201.254</code>
|}


----


* 對接 Internet
=== 二、Switch VLAN / Access Port / Trunk 設定 ===
** interface serial0/1/1
** ip address 193.16.1.254 255.255.255.252
** no shutdown
** end
** write


== R2 ==
{| class="wikitable" style="width:100%;"
* no ip domain-lookup
! style="width:12%;" | 階段
* Loopback0:192.168.99.2
! style="width:18%;" | 設備 / 項目
* Fa0/0
! 設定內容與輸入指令
** interface fa0/0
|-
** ip address 172.16.100.254 255.255.255.0
| VLAN
** no shutdown
| S1 建立 VLAN
** exit
| 狀態:完成<br>VLAN12:RD<br>VLAN13:sales<br>VLAN14:IT<br>VLAN99:MGMT<br><br>輸入指令:<br><code>conf t</code><br><code>vlan 12</code><br><code>name RD</code><br><code>vlan 13</code><br><code>name sales</code><br><code>vlan 14</code><br><code>name IT</code><br><code>vlan 99</code><br><code>name MGMT</code><br><br>
* R2-Server1
|-
** 172.16.100.101
| VLAN
** 255.255.255.0
| S2 建立 VLAN
** 172.16.100.254
| 狀態:完成<br>VLAN12:RD<br>VLAN13:sales<br>VLAN14:IT<br>VLAN99:MGMT<br><br>輸入指令:<br><code>conf t</code><br><code>vlan 12</code><br><code>name RD</code><br><code>vlan 13</code><br><code>name sales</code><br><code>vlan 14</code><br><code>name IT</code><br><code>vlan 99</code><br><code>name MGMT</code><br><br>
* R2-Server2
|-
** 172.16.100.102
| Access Port
** 255.255.255.0
| S1 Access Port
** 172.16.100.254
| 狀態:完成<br>Fa0/11:VLAN12<br>Fa0/15:VLAN13<br>Fa0/21:VLAN99<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/11</code><br><code>switchport mode access</code><br><code>switchport access vlan 12</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/15</code><br><code>switchport mode access</code><br><code>switchport access vlan 13</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/21</code><br><code>switchport mode access</code><br><code>switchport access vlan 99</code><br><code>no shutdown</code><br><br>
* R2-Private
|-
** 172.16.100.103
| Access Port
** 255.255.255.0
| S2 Access Port
** 172.16.100.254
| 狀態:完成<br>Fa0/11:VLAN12<br>Fa0/15:VLAN13<br>Fa0/19:VLAN14<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/11</code><br><code>switchport mode access</code><br><code>switchport access vlan 12</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/15</code><br><code>switchport mode access</code><br><code>switchport access vlan 13</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/19</code><br><code>switchport mode access</code><br><code>switchport access vlan 14</code><br><code>no shutdown</code><br><br>
|-
| Trunk
| S1 to S2
| 狀態:完成<br>Trunk Port:Fa0/23 - 24<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface range fa0/23 - 24</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br>
|-
| Trunk
| S2 to S1
| 狀態:完成<br>Trunk Port:Fa0/23 - 24<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface range fa0/23 - 24</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br>
|-
| Trunk
| S1 to R1
| 狀態:完成<br>S1 Fa0/5 連接 R1 Fa0/0<br>Allowed VLAN:12,13,14,99<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/5</code><br><code>switchport mode trunk</code><br><code>switchport trunk allowed vlan 12,13,14,99</code><br><code>no shutdown</code><br><br>
|}


== R3 ==
----
* no ip domain-lookup
* Loopback0:192.168.99.3
* Fa0/0
** interface fa0/0
** ip address 10.3.1.254 255.255.255.0
** no shutdown
** end
* F0/1
** interface fa0/1
** ip address 10.3.2.254 255.255.255.0
** no shutdown
** end
* R3-PC
** 10.3.2.10
** 255.255.255.0
** 10.3.2.254
* R3-PC2
** 10.3.2.10
** 255.255.255.0
** 10.3.2.254
* 接上 Internet Router 要補:
** ip route 10.5.0.0 255.255.255.0 192.168.123.5
** ip route 10.6.0.0 255.255.255.0 192.168.123.5
** ip route 0.0.0.0 0.0.0.0 192.168.123.5
** end


== R6 ==
=== 三、Router-on-a-stick / Router 介面設定 (含等價網路平衡設定)===
* no ip domain-lookup
* Loopback0:192.168.99.6/32
* Fa0/1:10.5.0.254/24
* R6 Fa0/0:10.6.0.254/24
* R6-PC5:10.5.0.10/24
** IP Address:10.5.0.10
** Subnet Mask:255.255.255.0
** Default Gateway:10.5.0.254
* R6-PC6:10.6.0.10/24
** IP Address:10.6.0.10
** Subnet Mask:255.255.255.0
** Default Gateway:10.6.0.254
* R6 Serial0/0/0:193.16.6.254/30
* Internet Router 對面:193.16.6.253/30
* R6 指令集:
** hostname R6
** interface loopback0
** ip address 192.168.99.6 255.255.255.255
** exit
* R6-PC5
** interface fastEthernet0/1
** ip address 10.5.0.254 255.255.255.0
** no shutdown
** exit
* R6-PC6
** interface fastEthernet0/0
** ip address 10.6.0.254 255.255.255.0
** no shutdown
** exit
* 對接 R1
** interface serial0/0/0
** ip address 193.16.6.254 255.255.255.252
** no shutdown
** exit
** ip route 0.0.0.0 0.0.0.0 193.16.6.253
** do write


== Internet ==
{| class="wikitable" style="width:100%;"
* hostname Internet
! style="width:12%;" | 階段
* 對接 R6
! style="width:18%;" | 設備 / 項目
** interface serial0/0/1
! 設定內容與輸入指令
** ip address 193.16.6.253 255.255.255.252
|-
** clock rate 64000
| Router-on-a-stick
** no shutdown
| R1 Fa0/0
** exit
| 狀態:完成<br>用途:Trunk 母介面,不設定 IP<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>no shutdown</code><br><br>
* Internet_WWW
|-
** interface fastEthernet0/0
| Router-on-a-stick
** ip address 200.200.200.254 255.255.255.0
| R1 Fa0/0.2
** no shutdown
| 狀態:完成<br>VLAN:12<br>Gateway:10.1.12.30/28<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.2</code><br><code>encapsulation dot1Q 12</code><br><code>ip address 10.1.12.30 255.255.255.240</code><br><br>
** exit
|-
* Internet_User
| Router-on-a-stick
** interface fastEthernet0/1
| R1 Fa0/0.3
** ip address 201.201.201.254 255.255.255.0
| 狀態:完成<br>VLAN:13<br>Gateway:10.1.13.30/29<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.3</code><br><code>encapsulation dot1Q 13</code><br><code>ip address 10.1.13.30 255.255.255.248</code><br><br>
** no shutdown
|-
** exit
| Router-on-a-stick
* 對接 R1
| R1 Fa0/0.4
** interface serial0/0/0
| 狀態:完成<br>VLAN:14<br>Gateway:10.1.14.94/27<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.4</code><br><code>encapsulation dot1Q 14</code><br><code>ip address 10.1.14.94 255.255.255.224</code><br><br>
** ip address 193.16.1.253 255.255.255.252
|-
** clock rate 64000
| Router-on-a-stick
** no shutdown
| R1 Fa0/0.99
** exit
| 狀態:完成<br>VLAN:99<br>Gateway:10.1.99.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.99</code><br><code>encapsulation dot1Q 99</code><br><code>ip address 10.1.99.254 255.255.255.0</code><br><br>
* 各段路由
|-
** ip route 10.1.12.16 255.255.255.240 193.16.1.254
| Serial
** ip route 10.1.13.24 255.255.255.248 193.16.1.254
| R1 Serial0/0/0
** ip route 10.1.14.64 255.255.255.224 193.16.1.254
| 狀態:完成<br>連線:R1 to R2<br>IP:192.168.123.1/30<br>Bandwidth:128K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.1 255.255.255.252</code><br><code>bandwidth 128</code><br><code>no shutdown</code><br><br>
** ip route 10.1.99.0 255.255.255.0 193.16.1.254
|-
** ip route 10.3.1.0 255.255.255.0 193.16.1.254
| Serial
** ip route 10.3.2.0 255.255.255.0 193.16.1.254
| R1 Serial0/0/1
** ip route 172.16.100.0 255.255.255.0 193.16.1.254
| 狀態:完成<br>連線:R1 to R3<br>IP:192.168.123.5/30<br>Bandwidth:64K<br>Clock rate:64000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.5 255.255.255.252</code><br><code>bandwidth 64</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><br>
** ip route 192.168.99.0 255.255.255.0 193.16.1.254
|-
** ip route 10.5.0.0 255.255.255.0 193.16.6.254
| Internet
** ip route 10.6.0.0 255.255.255.0 193.16.6.254
| R1 Serial0/1/1
** do write
| 狀態:完成<br>連線:R1 to Internet Router<br>IP:193.16.1.254/30<br>用途:NAT outside、VPN peer<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/1/1</code><br><code>ip address 193.16.1.254 255.255.255.252</code><br><code>no shutdown</code><br><br>
* Internet WWW
|-
** IP Address:200.200.200.200
| Router Interface
** Subnet Mask:255.255.255.0
| R2 Fa0/0
** Default Gateway:200.200.200.254
| 狀態:完成<br>用途:Server 區 Gateway<br>IP:172.16.100.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 172.16.100.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
* Internet User
|-
** IP Address:201.201.201.201
| Serial
** Subnet Mask:255.255.255.0
| R2 Serial0/0/0
** Default Gateway:201.201.201.254
| 狀態:完成<br>連線:R2 to R1<br>IP:192.168.123.2/30<br>Bandwidth:128K<br>Clock rate:128000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.2 255.255.255.252</code><br><code>bandwidth 128</code><br><code>clock rate 128000</code><br><code>no shutdown</code><br><br>
|-
| Serial
| R2 Serial0/0/1
| 狀態:完成<br>連線:R2 to R3<br>IP:192.168.123.9/30<br>Bandwidth:128K<br>Clock rate:128000<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.9 255.255.255.252</code><br><code>bandwidth 128</code><br><code>clock rate 128000</code><br><code>no shutdown</code><br><br>
|-
| Router Interface
| R3 Fa0/0
| 狀態:完成<br>用途:R3-PC1 Gateway<br>IP:10.3.1.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 10.3.1.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
|-
| Router Interface
| R3 Fa0/1
| 狀態:完成<br>用途:R3-PC2 Gateway<br>IP:10.3.2.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip address 10.3.2.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
|-
| Serial
| R3 Serial0/0/0
| 狀態:完成<br>連線:R3 to R1<br>IP:192.168.123.6/30<br>Bandwidth:64K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 192.168.123.6 255.255.255.252</code><br><code>bandwidth 64</code><br><code>no shutdown</code><br><br>
|-
| Serial
| R3 Serial0/0/1
| 狀態:完成<br>連線:R3 to R2<br>IP:192.168.123.10/30<br>Bandwidth:128K<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/1</code><br><code>ip address 192.168.123.10 255.255.255.252</code><br><code>bandwidth 128</code><br><code>no shutdown</code><br><br>
|-
| Router Interface
| R6 Fa0/1
| 狀態:完成<br>用途:R6-PC5 Gateway、PAT inside<br>IP:10.5.0.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip address 10.5.0.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
|-
| Router Interface
| R6 Fa0/0
| 狀態:完成<br>用途:R6-PC6 Gateway、VPN protected LAN<br>IP:10.6.0.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0</code><br><code>ip address 10.6.0.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
|-
| Internet
| R6 Serial0/0/0
| 狀態:完成<br>連線:R6 to Internet Router<br>IP:193.16.6.254/30<br>用途:NAT outside、VPN peer<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 193.16.6.254 255.255.255.252</code><br><code>no shutdown</code><br><br>
|-
| Internet Router
| Internet Router 介面
| 狀態:完成<br>To R1:193.16.1.253/30<br>To R6:193.16.6.253/30<br>Internet WWW Gateway:200.200.200.254/24<br>Internet User Gateway:201.201.201.254/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip address 193.16.1.253 255.255.255.252</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>ip address 193.16.6.253 255.255.255.252</code><br><code>clock rate 64000</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/0</code><br><code>ip address 200.200.200.254 255.255.255.0</code><br><code>no shutdown</code><br><code>exit</code><br><code>interface fa0/1</code><br><code>ip address 201.201.201.254 255.255.255.0</code><br><code>no shutdown</code><br><br>
|}
 
----
 
=== 四、Static Route / Floating Static Route / OSPF 設定 ===
 
{| class="wikitable" style="width:100%;"
! style="width:12%;" | 階段
! style="width:18%;" | 設備 / 項目
! 設定內容與輸入指令
|-
| Static Route
| R1 to 10.3.2.0/24 主路由
| 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.6<br>AD:1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.6</code><br><br>
|-
| Floating Static Route
| R1 to 10.3.2.0/24 備援路由
| 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.2<br>AD:2<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.2 2</code><br><br>
|-
| Static Route
| R2 to 10.3.2.0/24
| 狀態:完成<br>Destination:10.3.2.0/24<br>Next-hop:192.168.123.10<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.3.2.0 255.255.255.0 192.168.123.10</code><br><br>
|-
| Static Route
| R2 to VLAN14
| 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.1</code><br><br>
|-
| Static Route
| R3 to VLAN14 主路由
| 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.5<br>AD:1<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.5</code><br><br>
|-
| Floating Static Route
| R3 to VLAN14 備援路由
| 狀態:完成<br>Destination:10.1.14.64/27<br>Next-hop:192.168.123.9<br>AD:2<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 10.1.14.64 255.255.255.224 192.168.123.9 2</code><br><br>
|-
| OSPF
| R1 OSPF
| 狀態:完成<br>Process ID:1<br>Router ID:192.168.99.1<br>主要方式:network 指令使用子網段<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.1 255.255.255.255</code><br><code>exit</code><br><code>router ospf 1</code><br><code>router-id 192.168.99.1</code><br><code>passive-interface default</code><br><code>no passive-interface serial0/0/0</code><br><code>no passive-interface serial0/0/1</code><br><code>network 192.168.123.0 0.0.0.3 area 0</code><br><code>network 192.168.123.4 0.0.0.3 area 0</code><br><code>network 10.1.12.16 0.0.0.15 area 0</code><br><code>network 10.1.13.24 0.0.0.7 area 0</code><br><code>network 10.1.99.0 0.0.0.255 area 0</code><br><code>network 192.168.99.1 0.0.0.0 area 0</code><br><br>
|-
| OSPF
| R2 OSPF
| 狀態:完成<br>Process ID:2<br>Router ID:192.168.99.2<br>主要方式:network 指令使用直連介面 IP<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.2 255.255.255.255</code><br><code>exit</code><br><code>router ospf 2</code><br><code>router-id 192.168.99.2</code><br><code>network 192.168.123.2 0.0.0.0 area 0</code><br><code>network 192.168.123.9 0.0.0.0 area 0</code><br><code>network 172.16.100.254 0.0.0.0 area 2</code><br><code>network 192.168.99.2 0.0.0.0 area 2</code><br><code>passive-interface fa0/0</code><br><br>
|-
| OSPF
| R3 OSPF
| 狀態:完成<br>Process ID:3<br>Router ID:192.168.99.3<br>主要方式:interface mode 啟動 OSPF<br><br>輸入指令:<br><code>conf t</code><br><code>interface loopback0</code><br><code>ip address 192.168.99.3 255.255.255.255</code><br><code>ip ospf 3 area 3</code><br><code>exit</code><br><code>interface fa0/0</code><br><code>ip ospf 3 area 3</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>ip ospf 3 area 0</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>ip ospf 3 area 0</code><br><code>exit</code><br><code>router ospf 3</code><br><code>router-id 192.168.99.3</code><br><code>passive-interface fa0/0</code><br><br>
|-
| OSPF Cost
| Serial bandwidth
| 狀態:完成<br>R1-R2:128K<br>R2-R3:128K<br>R1-R3:64K<br><br>R1 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 128</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 64</code><br><br><br><br>R2 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 128</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 128</code><br><br><br><br>R3 輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>bandwidth 64</code><br><code>exit</code><br><code>interface serial0/0/1</code><br><code>bandwidth 128</code><br><br>
|-
| Default Route
| R1 Default Route
| 狀態:完成<br>Default Route:0.0.0.0/0<br>Next-hop:193.16.1.253<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 0.0.0.0 0.0.0.0 193.16.1.253</code><br><br>
|-
| OSPF Default
| R1 宣告 Default Route
| 狀態:完成<br>目的:讓 R2 / R3 學到 O*E2 0.0.0.0/0<br><br>輸入指令:<br><code>conf t</code><br><code>router ospf 1</code><br><code>default-information originate</code><br><br>
|-
| Default Route
| R6 Default Route
| 狀態:完成<br>Default Route:0.0.0.0/0<br>Next-hop:193.16.6.253<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 0.0.0.0 0.0.0.0 193.16.6.253</code><br><br>
|}
 
----
 
=== 五、NAT / PAT / Static NAT 設定 ===
 
{| class="wikitable" style="width:100%;"
! style="width:12%;" | 階段
! style="width:18%;" | 設備 / 項目
! 設定內容與輸入指令
|-
| PAT
| R1 VLAN12 PAT
| 狀態:完成<br>Inside:Fa0/0.2<br>Outside:Serial0/1/1<br>ACL:10<br>Source:10.1.12.16/28<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.2</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>access-list 10 permit 10.1.12.16 0.0.0.15</code><br><code>ip nat inside source list 10 interface serial0/1/1 overload</code><br><br>
|-
| PAT
| R6-PC5 PAT
| 狀態:完成<br>Inside:Fa0/1<br>Outside:Serial0/0/0<br>ACL:10<br>Source:10.5.0.0/24<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/1</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>ip nat outside</code><br><code>exit</code><br><code>access-list 10 permit 10.5.0.0 0.0.0.255</code><br><code>ip nat inside source list 10 interface serial0/0/0 overload</code><br><br>
|-
| Dynamic NAT
| R1 VLAN13 Dynamic NAT
| 狀態:完成<br>Inside:Fa0/0.3<br>Outside:Serial0/1/1<br>ACL:20<br>Pool:171.69.233.210 - 171.69.233.222<br><br>輸入指令:<br><code>conf t</code><br><code>interface fa0/0.3</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>no access-list 20</code><br><code>no ip nat inside source list 20 pool netpool</code><br><code>no ip nat pool netpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240</code><br><code>access-list 20 permit 10.1.13.24 0.0.0.7</code><br><code>ip nat pool natpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240</code><br><code>ip nat inside source list 20 pool natpool</code><br><br>
|-
| NAT Return Route
| Internet Router
| 狀態:完成<br>目的:回指 NAT 公有 IP 池<br>Public Pool:171.69.233.208/28<br>Next-hop:193.16.1.254<br><br>輸入指令:<br><code>conf t</code><br><code>ip route 171.69.233.208 255.255.255.240 193.16.1.254</code><br><br>
|-
| Static NAT
| R1 R2-DMZ Static NAT
| 狀態:完成<br>Inside local:172.16.100.102<br>Inside global:171.69.233.209<br><br>輸入指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>ip nat inside</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>ip nat outside</code><br><code>exit</code><br><code>no ip nat inside source static 172.16.100.103 171.69.233.209</code><br><code>ip nat inside source static 172.16.100.102 171.69.233.209</code><br><br>
|}
 
----
 
=== 六、IPSec VPN 設定 ===
 
{| class="wikitable" style="width:100%;"
! style="width:12%;" | 階段
! style="width:18%;" | 設備 / 項目
! 設定內容與輸入指令
|-
| VPN Phase 1
| R1 IKE Policy
| 狀態:完成<br>Peer:193.16.6.254<br>PSK:SeCrEt<br>Encryption:3DES<br>Hash:SHA<br>DH Group:2<br>Lifetime:86400<br><br>輸入指令:<br><code>conf t</code><br><code>crypto isakmp policy 10</code><br><code>encr 3des</code><br><code>hash sha</code><br><code>authentication pre-share</code><br><code>group 2</code><br><code>lifetime 86400</code><br><code>exit</code><br><code>crypto isakmp key SeCrEt address 193.16.6.254</code><br><br>
|-
| VPN Phase 2
| R1 Crypto Map
| 狀態:完成<br>Transform-set:ts16<br>Crypto ACL:110<br>Local:10.3.1.0/24<br>Remote:10.6.0.0/24<br>Peer:193.16.6.254<br><br>輸入指令:<br><code>conf t</code><br><code>crypto ipsec transform-set ts16 esp-aes 128 esp-md5-hmac</code><br><code>no access-list 110</code><br><code>access-list 110 permit ip 10.3.1.0 0.0.0.255 10.6.0.0 0.0.0.255</code><br><code>crypto map map16 10 ipsec-isakmp</code><br><code>set peer 193.16.6.254</code><br><code>set transform-set ts16</code><br><code>match address 110</code><br><code>exit</code><br><code>interface serial0/1/1</code><br><code>crypto map map16</code><br><br>
|-
| VPN Phase 1
| R6 IKE Policy
| 狀態:完成<br>Peer:193.16.1.254<br>PSK:SeCrEt<br>Encryption:3DES<br>Hash:SHA<br>DH Group:2<br>Lifetime:86400<br><br>輸入指令:<br><code>conf t</code><br><code>crypto isakmp policy 10</code><br><code>encr 3des</code><br><code>hash sha</code><br><code>authentication pre-share</code><br><code>group 2</code><br><code>lifetime 86400</code><br><code>exit</code><br><code>crypto isakmp key SeCrEt address 193.16.1.254</code><br><br>
|-
| VPN Phase 2
| R6 Crypto Map
| 狀態:完成<br>Transform-set:ts61<br>Crypto ACL:110<br>Local:10.6.0.0/24<br>Remote:10.3.1.0/24<br>Peer:193.16.1.254<br><br>輸入指令:<br><code>conf t</code><br><code>crypto ipsec transform-set ts61 esp-aes 128 esp-md5-hmac</code><br><code>no access-list 110</code><br><code>access-list 110 permit ip 10.6.0.0 0.0.0.255 10.3.1.0 0.0.0.255</code><br><code>crypto map map61 10 ipsec-isakmp</code><br><code>set peer 193.16.1.254</code><br><code>set transform-set ts61</code><br><code>match address 110</code><br><code>exit</code><br><code>interface serial0/0/0</code><br><code>crypto map map61</code><br><br>
|-
| VPN 查修備註
| R6 重掛 Crypto Map
| 狀態:備註<br>用途:若 ACL 110 有 match,但 encaps / decaps 仍為 0,可重掛 crypto map 後重新 ping 觸發。<br><br>查修指令:<br><code>conf t</code><br><code>interface serial0/0/0</code><br><code>no crypto map map61</code><br><code>crypto map map61</code><br><br>
|}
 
----
 
=== 七、Extended ACL 100 / SSH ACL 設定 ===
 
{| class="wikitable" style="width:100%;"
! style="width:12%;" | 階段
! style="width:18%;" | 設備 / 項目
! 設定內容與輸入指令
|-
| Extended ACL
| R2 ACL 100
| 狀態:完成<br>套用介面:R2 Fa0/0<br>方向:out<br>R2-Private:172.16.100.101<br>R2-DMZ:172.16.100.102<br><br>輸入指令:<br><code>conf t</code><br><code>no access-list 100</code><br><code>access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 20</code><br><code>access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 21</code><br><code>access-list 100 deny ip 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0</code><br><code>access-list 100 deny ip 10.0.0.0 0.255.255.255 172.16.100.101 0.0.0.0</code><br><code>access-list 100 permit tcp any 172.16.100.102 0.0.0.0 eq 80</code><br><code>access-list 100 permit icmp any 172.16.100.102 0.0.0.0</code><br><code>access-list 100 deny ip any 172.16.100.102 0.0.0.0</code><br><code>interface fa0/0</code><br><code>ip access-group 100 out</code><br><br>
|-
| SSH ACL
| R3 SSH 管理限制
| 狀態:完成<br>目的:只允許 VLAN14 IT SSH 到 R3<br>Username:user<br>Password:123<br>Domain:ckc.com<br>RSA:1024<br>ACL:12<br>Allowed Source:10.1.14.64/27<br><br>輸入指令:<br><code>conf t</code><br><code>username user password 123</code><br><code>ip domain-name ckc.com</code><br><code>crypto key generate rsa</code><br><code>1024</code><br><code>ip ssh version 2</code><br><code>access-list 12 permit 10.1.14.64 0.0.0.31</code><br><code>line vty 0 5</code><br><code>login local</code><br><code>transport input ssh</code><br><code>access-class 12 in</code><br><code>exit</code><br><code>line vty 6 15</code><br><code>transport input none</code><br><code>exit</code><br><br>
|}

於 2026年6月8日 (一) 00:58 的最新修訂

完整設定表

  • Client IP / Gateway
    • Switch VLAN
    • Access Port
    • Trunk
    • Router-on-a-stick
    • Router Interface
    • Static / Floating Static Route
    • OSPF
    • Default Route
    • NAT / PAT
    • Static NAT
    • IPSec VPN
    • ACL
    • 最終驗證

一、終端設備 IP / Gateway 設定

階段 設備 / 項目 設定內容與輸入指令
Client IP S1 管理 IP 狀態:完成
VLAN:99
IP:10.1.99.101
Mask:255.255.255.0
Gateway:10.1.99.254

輸入指令:
conf t
interface vlan 99
ip address 10.1.99.101 255.255.255.0
no shutdown
exit
ip default-gateway 10.1.99.254

Client IP S2 管理 IP 狀態:完成
VLAN:99
IP:10.1.99.102
Mask:255.255.255.0
Gateway:10.1.99.254

輸入指令:
conf t
interface vlan 99
ip address 10.1.99.102 255.255.255.0
no shutdown
exit
ip default-gateway 10.1.99.254

Client IP Mgmt Server 狀態:完成
IP:10.1.99.100
Mask:255.255.255.0
Gateway:10.1.99.254

設定位置:Desktop → IP Configuration
IP Address: 10.1.99.100
Subnet Mask: 255.255.255.0
Default Gateway: 10.1.99.254
Client IP VLAN12-RD1 狀態:完成
部門:RD
VLAN:12
IP:10.1.12.17
Mask:255.255.255.240
Gateway:10.1.12.30
接線位置:S1 Fa0/11

設定位置:Desktop → IP Configuration
IP Address: 10.1.12.17
Subnet Mask: 255.255.255.240
Default Gateway: 10.1.12.30
Client IP VLAN12-RD2 狀態:完成
部門:RD
VLAN:12
IP:10.1.12.18
Mask:255.255.255.240
Gateway:10.1.12.30
接線位置:S2 Fa0/11

設定位置:Desktop → IP Configuration
IP Address: 10.1.12.18
Subnet Mask: 255.255.255.240
Default Gateway: 10.1.12.30
Client IP VLAN13-Sales1 狀態:完成
部門:Sales
VLAN:13
IP:10.1.13.25
Mask:255.255.255.248
Gateway:10.1.13.30
接線位置:S1 Fa0/15

設定位置:Desktop → IP Configuration
IP Address: 10.1.13.25
Subnet Mask: 255.255.255.248
Default Gateway: 10.1.13.30
Client IP VLAN13-Sales2 狀態:完成
部門:Sales
VLAN:13
IP:10.1.13.26
Mask:255.255.255.248
Gateway:10.1.13.30
接線位置:S2 Fa0/15

設定位置:Desktop → IP Configuration
IP Address: 10.1.13.26
Subnet Mask: 255.255.255.248
Default Gateway: 10.1.13.30
Client IP VLAN14-IT 狀態:完成
部門:IT
VLAN:14
IP:10.1.14.65
Mask:255.255.255.224
Gateway:10.1.14.94
接線位置:S2 Fa0/19

設定位置:Desktop → IP Configuration
IP Address: 10.1.14.65
Subnet Mask: 255.255.255.224
Default Gateway: 10.1.14.94
Client IP R2-Private 狀態:完成
角色:Private Server
IP:172.16.100.101
Mask:255.255.255.0
Gateway:172.16.100.254

設定位置:Desktop → IP Configuration
IP Address: 172.16.100.101
Subnet Mask: 255.255.255.0
Default Gateway: 172.16.100.254
Client IP R2-DMZ 狀態:完成
角色:DMZ Server
IP:172.16.100.102
Mask:255.255.255.0
Gateway:172.16.100.254
Static NAT 對應:171.69.233.209

設定位置:Desktop → IP Configuration
IP Address: 172.16.100.102
Subnet Mask: 255.255.255.0
Default Gateway: 172.16.100.254
Client IP R2-Other 狀態:完成
角色:Other Server
IP:172.16.100.103
Mask:255.255.255.0
Gateway:172.16.100.254

設定位置:Desktop → IP Configuration
IP Address: 172.16.100.103
Subnet Mask: 255.255.255.0
Default Gateway: 172.16.100.254
Client IP R3-PC1 狀態:完成
IP:10.3.1.10
Mask:255.255.255.0
Gateway:10.3.1.254
用途:IPSec VPN 遠端目的端

設定位置:Desktop → IP Configuration
IP Address: 10.3.1.10
Subnet Mask: 255.255.255.0
Default Gateway: 10.3.1.254
Client IP R3-PC2 狀態:完成
IP:10.3.2.10
Mask:255.255.255.0
Gateway:10.3.2.254
用途:Static / Floating Static Route 測試

設定位置:Desktop → IP Configuration
IP Address: 10.3.2.10
Subnet Mask: 255.255.255.0
Default Gateway: 10.3.2.254
Client IP R6-PC5 狀態:完成
IP:10.5.0.10
Mask:255.255.255.0
Gateway:10.5.0.254
用途:R6 PAT 測試

設定位置:Desktop → IP Configuration
IP Address: 10.5.0.10
Subnet Mask: 255.255.255.0
Default Gateway: 10.5.0.254
Client IP R6-PC6 狀態:完成
IP:10.6.0.10
Mask:255.255.255.0
Gateway:10.6.0.254
用途:IPSec VPN 本端來源

設定位置:Desktop → IP Configuration
IP Address: 10.6.0.10
Subnet Mask: 255.255.255.0
Default Gateway: 10.6.0.254
Client IP Internet WWW 狀態:完成
IP:200.200.200.200
Mask:255.255.255.0
Gateway:200.200.200.254
用途:NAT / PAT 連外測試

設定位置:Desktop → IP Configuration
IP Address: 200.200.200.200
Subnet Mask: 255.255.255.0
Default Gateway: 200.200.200.254
Client IP Internet User 狀態:完成
IP:201.201.201.201
Mask:255.255.255.0
Gateway:201.201.201.254
用途:Static NAT 外部測試

設定位置:Desktop → IP Configuration
IP Address: 201.201.201.201
Subnet Mask: 255.255.255.0
Default Gateway: 201.201.201.254

二、Switch VLAN / Access Port / Trunk 設定

階段 設備 / 項目 設定內容與輸入指令
VLAN S1 建立 VLAN 狀態:完成
VLAN12:RD
VLAN13:sales
VLAN14:IT
VLAN99:MGMT

輸入指令:
conf t
vlan 12
name RD
vlan 13
name sales
vlan 14
name IT
vlan 99
name MGMT

VLAN S2 建立 VLAN 狀態:完成
VLAN12:RD
VLAN13:sales
VLAN14:IT
VLAN99:MGMT

輸入指令:
conf t
vlan 12
name RD
vlan 13
name sales
vlan 14
name IT
vlan 99
name MGMT

Access Port S1 Access Port 狀態:完成
Fa0/11:VLAN12
Fa0/15:VLAN13
Fa0/21:VLAN99

輸入指令:
conf t
interface fa0/11
switchport mode access
switchport access vlan 12
no shutdown
exit
interface fa0/15
switchport mode access
switchport access vlan 13
no shutdown
exit
interface fa0/21
switchport mode access
switchport access vlan 99
no shutdown

Access Port S2 Access Port 狀態:完成
Fa0/11:VLAN12
Fa0/15:VLAN13
Fa0/19:VLAN14

輸入指令:
conf t
interface fa0/11
switchport mode access
switchport access vlan 12
no shutdown
exit
interface fa0/15
switchport mode access
switchport access vlan 13
no shutdown
exit
interface fa0/19
switchport mode access
switchport access vlan 14
no shutdown

Trunk S1 to S2 狀態:完成
Trunk Port:Fa0/23 - 24
Allowed VLAN:12,13,14,99

輸入指令:
conf t
interface range fa0/23 - 24
switchport mode trunk
switchport trunk allowed vlan 12,13,14,99
no shutdown

Trunk S2 to S1 狀態:完成
Trunk Port:Fa0/23 - 24
Allowed VLAN:12,13,14,99

輸入指令:
conf t
interface range fa0/23 - 24
switchport mode trunk
switchport trunk allowed vlan 12,13,14,99
no shutdown

Trunk S1 to R1 狀態:完成
S1 Fa0/5 連接 R1 Fa0/0
Allowed VLAN:12,13,14,99

輸入指令:
conf t
interface fa0/5
switchport mode trunk
switchport trunk allowed vlan 12,13,14,99
no shutdown

三、Router-on-a-stick / Router 介面設定 (含等價網路平衡設定)

階段 設備 / 項目 設定內容與輸入指令
Router-on-a-stick R1 Fa0/0 狀態:完成
用途:Trunk 母介面,不設定 IP

輸入指令:
conf t
interface fa0/0
no shutdown

Router-on-a-stick R1 Fa0/0.2 狀態:完成
VLAN:12
Gateway:10.1.12.30/28

輸入指令:
conf t
interface fa0/0.2
encapsulation dot1Q 12
ip address 10.1.12.30 255.255.255.240

Router-on-a-stick R1 Fa0/0.3 狀態:完成
VLAN:13
Gateway:10.1.13.30/29

輸入指令:
conf t
interface fa0/0.3
encapsulation dot1Q 13
ip address 10.1.13.30 255.255.255.248

Router-on-a-stick R1 Fa0/0.4 狀態:完成
VLAN:14
Gateway:10.1.14.94/27

輸入指令:
conf t
interface fa0/0.4
encapsulation dot1Q 14
ip address 10.1.14.94 255.255.255.224

Router-on-a-stick R1 Fa0/0.99 狀態:完成
VLAN:99
Gateway:10.1.99.254/24

輸入指令:
conf t
interface fa0/0.99
encapsulation dot1Q 99
ip address 10.1.99.254 255.255.255.0

Serial R1 Serial0/0/0 狀態:完成
連線:R1 to R2
IP:192.168.123.1/30
Bandwidth:128K

輸入指令:
conf t
interface serial0/0/0
ip address 192.168.123.1 255.255.255.252
bandwidth 128
no shutdown

Serial R1 Serial0/0/1 狀態:完成
連線:R1 to R3
IP:192.168.123.5/30
Bandwidth:64K
Clock rate:64000

輸入指令:
conf t
interface serial0/0/1
ip address 192.168.123.5 255.255.255.252
bandwidth 64
clock rate 64000
no shutdown

Internet R1 Serial0/1/1 狀態:完成
連線:R1 to Internet Router
IP:193.16.1.254/30
用途:NAT outside、VPN peer

輸入指令:
conf t
interface serial0/1/1
ip address 193.16.1.254 255.255.255.252
no shutdown

Router Interface R2 Fa0/0 狀態:完成
用途:Server 區 Gateway
IP:172.16.100.254/24

輸入指令:
conf t
interface fa0/0
ip address 172.16.100.254 255.255.255.0
no shutdown

Serial R2 Serial0/0/0 狀態:完成
連線:R2 to R1
IP:192.168.123.2/30
Bandwidth:128K
Clock rate:128000

輸入指令:
conf t
interface serial0/0/0
ip address 192.168.123.2 255.255.255.252
bandwidth 128
clock rate 128000
no shutdown

Serial R2 Serial0/0/1 狀態:完成
連線:R2 to R3
IP:192.168.123.9/30
Bandwidth:128K
Clock rate:128000

輸入指令:
conf t
interface serial0/0/1
ip address 192.168.123.9 255.255.255.252
bandwidth 128
clock rate 128000
no shutdown

Router Interface R3 Fa0/0 狀態:完成
用途:R3-PC1 Gateway
IP:10.3.1.254/24

輸入指令:
conf t
interface fa0/0
ip address 10.3.1.254 255.255.255.0
no shutdown

Router Interface R3 Fa0/1 狀態:完成
用途:R3-PC2 Gateway
IP:10.3.2.254/24

輸入指令:
conf t
interface fa0/1
ip address 10.3.2.254 255.255.255.0
no shutdown

Serial R3 Serial0/0/0 狀態:完成
連線:R3 to R1
IP:192.168.123.6/30
Bandwidth:64K

輸入指令:
conf t
interface serial0/0/0
ip address 192.168.123.6 255.255.255.252
bandwidth 64
no shutdown

Serial R3 Serial0/0/1 狀態:完成
連線:R3 to R2
IP:192.168.123.10/30
Bandwidth:128K

輸入指令:
conf t
interface serial0/0/1
ip address 192.168.123.10 255.255.255.252
bandwidth 128
no shutdown

Router Interface R6 Fa0/1 狀態:完成
用途:R6-PC5 Gateway、PAT inside
IP:10.5.0.254/24

輸入指令:
conf t
interface fa0/1
ip address 10.5.0.254 255.255.255.0
no shutdown

Router Interface R6 Fa0/0 狀態:完成
用途:R6-PC6 Gateway、VPN protected LAN
IP:10.6.0.254/24

輸入指令:
conf t
interface fa0/0
ip address 10.6.0.254 255.255.255.0
no shutdown

Internet R6 Serial0/0/0 狀態:完成
連線:R6 to Internet Router
IP:193.16.6.254/30
用途:NAT outside、VPN peer

輸入指令:
conf t
interface serial0/0/0
ip address 193.16.6.254 255.255.255.252
no shutdown

Internet Router Internet Router 介面 狀態:完成
To R1:193.16.1.253/30
To R6:193.16.6.253/30
Internet WWW Gateway:200.200.200.254/24
Internet User Gateway:201.201.201.254/24

輸入指令:
conf t
interface serial0/0/0
ip address 193.16.1.253 255.255.255.252
clock rate 64000
no shutdown
exit
interface serial0/0/1
ip address 193.16.6.253 255.255.255.252
clock rate 64000
no shutdown
exit
interface fa0/0
ip address 200.200.200.254 255.255.255.0
no shutdown
exit
interface fa0/1
ip address 201.201.201.254 255.255.255.0
no shutdown

四、Static Route / Floating Static Route / OSPF 設定

階段 設備 / 項目 設定內容與輸入指令
Static Route R1 to 10.3.2.0/24 主路由 狀態:完成
Destination:10.3.2.0/24
Next-hop:192.168.123.6
AD:1

輸入指令:
conf t
ip route 10.3.2.0 255.255.255.0 192.168.123.6

Floating Static Route R1 to 10.3.2.0/24 備援路由 狀態:完成
Destination:10.3.2.0/24
Next-hop:192.168.123.2
AD:2

輸入指令:
conf t
ip route 10.3.2.0 255.255.255.0 192.168.123.2 2

Static Route R2 to 10.3.2.0/24 狀態:完成
Destination:10.3.2.0/24
Next-hop:192.168.123.10

輸入指令:
conf t
ip route 10.3.2.0 255.255.255.0 192.168.123.10

Static Route R2 to VLAN14 狀態:完成
Destination:10.1.14.64/27
Next-hop:192.168.123.1

輸入指令:
conf t
ip route 10.1.14.64 255.255.255.224 192.168.123.1

Static Route R3 to VLAN14 主路由 狀態:完成
Destination:10.1.14.64/27
Next-hop:192.168.123.5
AD:1

輸入指令:
conf t
ip route 10.1.14.64 255.255.255.224 192.168.123.5

Floating Static Route R3 to VLAN14 備援路由 狀態:完成
Destination:10.1.14.64/27
Next-hop:192.168.123.9
AD:2

輸入指令:
conf t
ip route 10.1.14.64 255.255.255.224 192.168.123.9 2

OSPF R1 OSPF 狀態:完成
Process ID:1
Router ID:192.168.99.1
主要方式:network 指令使用子網段

輸入指令:
conf t
interface loopback0
ip address 192.168.99.1 255.255.255.255
exit
router ospf 1
router-id 192.168.99.1
passive-interface default
no passive-interface serial0/0/0
no passive-interface serial0/0/1
network 192.168.123.0 0.0.0.3 area 0
network 192.168.123.4 0.0.0.3 area 0
network 10.1.12.16 0.0.0.15 area 0
network 10.1.13.24 0.0.0.7 area 0
network 10.1.99.0 0.0.0.255 area 0
network 192.168.99.1 0.0.0.0 area 0

OSPF R2 OSPF 狀態:完成
Process ID:2
Router ID:192.168.99.2
主要方式:network 指令使用直連介面 IP

輸入指令:
conf t
interface loopback0
ip address 192.168.99.2 255.255.255.255
exit
router ospf 2
router-id 192.168.99.2
network 192.168.123.2 0.0.0.0 area 0
network 192.168.123.9 0.0.0.0 area 0
network 172.16.100.254 0.0.0.0 area 2
network 192.168.99.2 0.0.0.0 area 2
passive-interface fa0/0

OSPF R3 OSPF 狀態:完成
Process ID:3
Router ID:192.168.99.3
主要方式:interface mode 啟動 OSPF

輸入指令:
conf t
interface loopback0
ip address 192.168.99.3 255.255.255.255
ip ospf 3 area 3
exit
interface fa0/0
ip ospf 3 area 3
exit
interface serial0/0/0
ip ospf 3 area 0
exit
interface serial0/0/1
ip ospf 3 area 0
exit
router ospf 3
router-id 192.168.99.3
passive-interface fa0/0

OSPF Cost Serial bandwidth 狀態:完成
R1-R2:128K
R2-R3:128K
R1-R3:64K

R1 輸入指令:
conf t
interface serial0/0/0
bandwidth 128
exit
interface serial0/0/1
bandwidth 64



R2 輸入指令:
conf t
interface serial0/0/0
bandwidth 128
exit
interface serial0/0/1
bandwidth 128



R3 輸入指令:
conf t
interface serial0/0/0
bandwidth 64
exit
interface serial0/0/1
bandwidth 128

Default Route R1 Default Route 狀態:完成
Default Route:0.0.0.0/0
Next-hop:193.16.1.253

輸入指令:
conf t
ip route 0.0.0.0 0.0.0.0 193.16.1.253

OSPF Default R1 宣告 Default Route 狀態:完成
目的:讓 R2 / R3 學到 O*E2 0.0.0.0/0

輸入指令:
conf t
router ospf 1
default-information originate

Default Route R6 Default Route 狀態:完成
Default Route:0.0.0.0/0
Next-hop:193.16.6.253

輸入指令:
conf t
ip route 0.0.0.0 0.0.0.0 193.16.6.253

五、NAT / PAT / Static NAT 設定

階段 設備 / 項目 設定內容與輸入指令
PAT R1 VLAN12 PAT 狀態:完成
Inside:Fa0/0.2
Outside:Serial0/1/1
ACL:10
Source:10.1.12.16/28

輸入指令:
conf t
interface fa0/0.2
ip nat inside
exit
interface serial0/1/1
ip nat outside
exit
access-list 10 permit 10.1.12.16 0.0.0.15
ip nat inside source list 10 interface serial0/1/1 overload

PAT R6-PC5 PAT 狀態:完成
Inside:Fa0/1
Outside:Serial0/0/0
ACL:10
Source:10.5.0.0/24

輸入指令:
conf t
interface fa0/1
ip nat inside
exit
interface serial0/0/0
ip nat outside
exit
access-list 10 permit 10.5.0.0 0.0.0.255
ip nat inside source list 10 interface serial0/0/0 overload

Dynamic NAT R1 VLAN13 Dynamic NAT 狀態:完成
Inside:Fa0/0.3
Outside:Serial0/1/1
ACL:20
Pool:171.69.233.210 - 171.69.233.222

輸入指令:
conf t
interface fa0/0.3
ip nat inside
exit
interface serial0/1/1
ip nat outside
exit
no access-list 20
no ip nat inside source list 20 pool netpool
no ip nat pool netpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240
access-list 20 permit 10.1.13.24 0.0.0.7
ip nat pool natpool 171.69.233.210 171.69.233.222 netmask 255.255.255.240
ip nat inside source list 20 pool natpool

NAT Return Route Internet Router 狀態:完成
目的:回指 NAT 公有 IP 池
Public Pool:171.69.233.208/28
Next-hop:193.16.1.254

輸入指令:
conf t
ip route 171.69.233.208 255.255.255.240 193.16.1.254

Static NAT R1 R2-DMZ Static NAT 狀態:完成
Inside local:172.16.100.102
Inside global:171.69.233.209

輸入指令:
conf t
interface serial0/0/0
ip nat inside
exit
interface serial0/1/1
ip nat outside
exit
no ip nat inside source static 172.16.100.103 171.69.233.209
ip nat inside source static 172.16.100.102 171.69.233.209

六、IPSec VPN 設定

階段 設備 / 項目 設定內容與輸入指令
VPN Phase 1 R1 IKE Policy 狀態:完成
Peer:193.16.6.254
PSK:SeCrEt
Encryption:3DES
Hash:SHA
DH Group:2
Lifetime:86400

輸入指令:
conf t
crypto isakmp policy 10
encr 3des
hash sha
authentication pre-share
group 2
lifetime 86400
exit
crypto isakmp key SeCrEt address 193.16.6.254

VPN Phase 2 R1 Crypto Map 狀態:完成
Transform-set:ts16
Crypto ACL:110
Local:10.3.1.0/24
Remote:10.6.0.0/24
Peer:193.16.6.254

輸入指令:
conf t
crypto ipsec transform-set ts16 esp-aes 128 esp-md5-hmac
no access-list 110
access-list 110 permit ip 10.3.1.0 0.0.0.255 10.6.0.0 0.0.0.255
crypto map map16 10 ipsec-isakmp
set peer 193.16.6.254
set transform-set ts16
match address 110
exit
interface serial0/1/1
crypto map map16

VPN Phase 1 R6 IKE Policy 狀態:完成
Peer:193.16.1.254
PSK:SeCrEt
Encryption:3DES
Hash:SHA
DH Group:2
Lifetime:86400

輸入指令:
conf t
crypto isakmp policy 10
encr 3des
hash sha
authentication pre-share
group 2
lifetime 86400
exit
crypto isakmp key SeCrEt address 193.16.1.254

VPN Phase 2 R6 Crypto Map 狀態:完成
Transform-set:ts61
Crypto ACL:110
Local:10.6.0.0/24
Remote:10.3.1.0/24
Peer:193.16.1.254

輸入指令:
conf t
crypto ipsec transform-set ts61 esp-aes 128 esp-md5-hmac
no access-list 110
access-list 110 permit ip 10.6.0.0 0.0.0.255 10.3.1.0 0.0.0.255
crypto map map61 10 ipsec-isakmp
set peer 193.16.1.254
set transform-set ts61
match address 110
exit
interface serial0/0/0
crypto map map61

VPN 查修備註 R6 重掛 Crypto Map 狀態:備註
用途:若 ACL 110 有 match,但 encaps / decaps 仍為 0,可重掛 crypto map 後重新 ping 觸發。

查修指令:
conf t
interface serial0/0/0
no crypto map map61
crypto map map61

七、Extended ACL 100 / SSH ACL 設定

階段 設備 / 項目 設定內容與輸入指令
Extended ACL R2 ACL 100 狀態:完成
套用介面:R2 Fa0/0
方向:out
R2-Private:172.16.100.101
R2-DMZ:172.16.100.102

輸入指令:
conf t
no access-list 100
access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 20
access-list 100 permit tcp 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0 eq 21
access-list 100 deny ip 10.1.12.16 0.0.0.15 172.16.100.101 0.0.0.0
access-list 100 deny ip 10.0.0.0 0.255.255.255 172.16.100.101 0.0.0.0
access-list 100 permit tcp any 172.16.100.102 0.0.0.0 eq 80
access-list 100 permit icmp any 172.16.100.102 0.0.0.0
access-list 100 deny ip any 172.16.100.102 0.0.0.0
interface fa0/0
ip access-group 100 out

SSH ACL R3 SSH 管理限制 狀態:完成
目的:只允許 VLAN14 IT SSH 到 R3
Username:user
Password:123
Domain:ckc.com
RSA:1024
ACL:12
Allowed Source:10.1.14.64/27

輸入指令:
conf t
username user password 123
ip domain-name ckc.com
crypto key generate rsa
1024
ip ssh version 2
access-list 12 permit 10.1.14.64 0.0.0.31
line vty 0 5
login local
transport input ssh
access-class 12 in
exit
line vty 6 15
transport input none
exit

取自「https://www.acmex.cc/index.php?title=緯育_2026-0608&oldid=7471