緯育 2026-0608
出自頂極製作所
S1
- VLAN12
- vlan 12
- name RD
- VLAN13
- vlan 13
- name sales
- VLAN14
- vlan 14
- name IT
- VLAN99
- vlan 99
- name MGMT
- exit
- interface vlan 99
- ip address 10.1.99.101 255.255.255.0
- no shutdown
- exit
- trunk allowed VLAN
- interface range fa0/23 - 24
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
- exit
- ip default-gateway 10.1.99.254
- S1 to R1 Trunk
- configure terminal
- interface fa0/5
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
- exit
- Fa0/21
- interface fa0/21
- switchport mode access
- switchport access vlan 99
- no shutdown
- Fa0/11
- interface fa0/11
- switchport mode access
- switchport access vlan 12
- no shutdown
- exit
- Fa0/15
- interface fa0/15
- switchport mode access
- switchport access vlan 13
- no shutdown
- exit
單機設定
- S1 網管 IP
- 10.1.99.101
- 255.255.255.0
- 10.1.99.254
- VLAN12-RD1
- 10.1.12.17
- 255.255.255.240
- 10.1.12.30
- VLAN13-Sales1
- 10.1.13.25
- 255.255.255.248
- 10.1.13.30
- Mgmt Server IP
- 10.1.99.100
- 255.255.255.0
- 10.1.99.254
S2
- VLAN12
- vlan 12
- name RD
- Fa0/11
- interface fa0/11
- switchport mode access
- switchport access vlan 12
- no shutdown
- VLAN13
- vlan 13
- name sales
- VLAN14
- vlan 14
- name IT
- VLAN99
- vlan 99
- name MGMT
- exit
- interface vlan 99
- ip address 10.1.99.102 255.255.255.0
- no shutdown
- exit
- ip default-gateway 10.1.99.254
- trunk allowed VLAN
- interface range fa0/23 - 24
- switchport mode trunk
- switchport trunk allowed vlan 12,13,14,99
- no shutdown
- Fa0/15
- interface fa0/15
- switchport mode access
- switchport access vlan 13
- no shutdown
- exit
- Fa0/19
- interface fa0/19
- switchport mode access
- switchport access vlan 14
- no shutdown
- exit
單機設定
- S2 IP
- 10.1.99.102
- 255.255.255.0
- 10.1.99.254
- VLAN12-RD2
- 10.1.12.18
- 255.255.255.240
- 10.1.12.30
- VLAN13-Sales2
- 10.1.13.26
- 255.255.255.248
- 10.1.13.30
- VLAN14-IT
- 10.1.14.65
- 255.255.255.224
- 10.1.14.94
R1
- no ip domain-lookup
- Fa0/0
- interface fa0/0
- no shutdown
- Serial 0/0/0
- interface serial0/0/0
- ip address 192.168.123.1 255.255.255.252
- bandwidth 128
- no shutdown
- exit
- Serial 0/0/1
- interface serial0/0/1
- ip address 192.168.123.5 255.255.255.252
- bandwidth 64
- clock rate 64000
- no shutdown
- exit
- router ospf 1
- no passive-interface serial0/0/1
- network 192.168.123.4 0.0.0.3 area 0
- 子介面
- interface fa0/0.2
- encapsulation dot1Q 12
- ip address 10.1.12.30 255.255.255.240
- interface fa0/0.3
- encapsulation dot1Q 13
- ip address 10.1.13.30 255.255.255.248
- interface fa0/0.4
- encapsulation dot1Q 14
- ip address 10.1.14.94 255.255.255.224
- interface fa0/0.99
- encapsulation dot1Q 99
- ip address 10.1.99.254 255.255.255.0
- no shutdown
- R1 to R3 靜態路由
- ip route 10.3.2.0 255.255.255.0 192.168.123.6
- exit
- R1 to R2 靜態路由備援
- ip route 10.3.2.0 255.255.255.0 192.168.123.2 2
- exit
- OSPF
- Loopback0
- interface loopback0
- 192.168.99.1 255.255.255.255
- router ospf 1
- router-id 192.168.99.1
- passive-interface default
- no passive-interface serial0/0/0
- no passive-interface serial0/0/1
- network 192.168.123.0 0.0.0.3 area 0
- network 192.168.123.4 0.0.0.3 area 0
- network 10.1.12.16 0.0.0.15 area 0
- network 10.1.13.24 0.0.0.7 area 0
- network 192.168.99.1 0.0.0.0 area 0
- R1 把 VLAN99 加入 OSPF Area 0
- router ospf 1
- network 10.1.99.0 0.0.0.255 area 0
- 對接 Internet
- interface serial0/1/1
- ip address 193.16.1.254 255.255.255.252
- no shutdown
- exit
- ip route 0.0.0.0 0.0.0.0 193.16.1.253
R2
- no ip domain-lookup
- R2 to R3
- interface s0/0/1
- ip address 192.168.123.9 255.255.255.252
- bandwidth 128
- clock rate 128000
- no shutdown
- exit
- R2 to R1
- interface serial0/0/0
- ip address 192.168.123.2 255.255.255.252
- bandwidth 128
- no shutdown
- exit
- Fa0/0
- interface fa0/0
- ip address 172.16.100.254 255.255.255.0
- no shutdown
- exit
- R2 支援 VLAN14 ↔ R3-PC2 備援路徑的靜態路由
- ip route 10.3.2.0 255.255.255.0 192.168.123.10
- 滿足VLAN 14 IT 的路由:ip route 10.1.14.64 255.255.255.224 192.168.123.1
- exit
- OSPF
- interface loopback0
- ip address 192.168.99.2 255.255.255.255
- router ospf 2
- router-id 192.168.99.2
- network 192.168.123.2 0.0.0.0 area 0
- network 192.168.123.9 0.0.0.0 area 0
- network 172.16.100.254 0.0.0.0 area 2
- network 192.168.99.2 0.0.0.0 area 2
- passive-interface fa0/0
- 等價路由特別設定
- interface serial0/0/0
- bandwidth 128
- exit
- interface serial0/0/1
- bandwidth 128
- no shutdown
- exit
- router ospf 2
- network 192.168.123.9 0.0.0.0 area 0
- no passive-interface serial0/0/1
單機設定
- R2-Server1
- 172.16.100.101
- 255.255.255.0
- 172.16.100.254
- R2-Server2
- 172.16.100.102
- 255.255.255.0
- 172.16.100.254
- R2-Private
- 172.16.100.103
- 255.255.255.0
- 172.16.100.254
R3
- no ip domain-lookup
- R3 to R1 靜態路由
- ip route 10.1.14.64 255.255.255.224 192.168.123.5
- R3 to VLAN14 靜態路由備援
- ip route 10.1.14.64 255.255.255.224 192.168.123.9 2
- exit
- Fa0/0
- interface fa0/0
- ip address 10.3.1.254 255.255.255.0
- ip ospf 3 area 0
- no shutdown
- end
- F0/1
- interface fa0/1
- ip address 10.3.2.254 255.255.255.0
- no shutdown
- end
- OSPF
- interface loopback0
- ip address 192.168.99.3 255.255.255.255
- ip ospf 3 area 3
- exit
- router ospf 3
- router-id 192.168.99.3
- R3 Serial 加入 Area 0
- interface serial0/0/0
- ip address 192.168.123.6 255.255.255.252
- bandwidth 64
- no shutdown
- ip ospf 3 area 0
- exit
- interface serial0/0/1
- ip address 192.168.123.10 255.255.255.252
- bandwidth 128
- ip ospf 3 area 0
- no shutdown
- R3 OSPF process
- router ospf 3
- passive-interface fa0/0
- 接上 Internet Router 要補:
- ip route 10.5.0.0 255.255.255.0 192.168.123.5
- ip route 10.6.0.0 255.255.255.0 192.168.123.5
- ip route 0.0.0.0 0.0.0.0 192.168.123.5
- end
- 等價路由特別設定
- interface serial0/0/0
- bandwidth 64
- exit
- interface serial0/0/1
- bandwidth 128
- exit
單機設定
- R3-PC1
- 10.3.1.10
- 255.255.255.0
- 10.3.1.254
- R3-PC2
- 10.3.2.10
- 255.255.255.0
- 10.3.2.254
ACL
- ACL 設定條件
- 把 telnet 改成 SSH 連線。
- 只允許 IT 部門 (也就是 VLAN 14 的網段 10.1.14.64/27) 使用 SSH 遠端連入。
- 到該網路設備做網管,可同時允許 6 條 SSH sessions 連入 R3。
- SSH 條件:
- username user
- password 123
- 網址 ckc.com
- crypto 1024
- ACL 指令
- username user password 123
- ip domain-name ckc.com
- crypto key generate rsa
- 1024
- ip ssh version 2
- access-list 12 permit 10.1.14.64 0.0.0.31
- line vty 0 5
- login local
- transport input ssh
- access-class 12 in
- exit
- line vty 6 15
- transport input none
- exit
- end
R6
- no ip domain-lookup
- hostname R6
- Loopback0
- interface loopback0
- ip address 192.168.99.6 255.255.255.255
- exit
- Internet Router 對面:193.16.6.253/30
- R6 指令集:
- Fa0/1
- interface fastEthernet0/1
- ip address 10.5.0.254 255.255.255.0
- no shutdown
- exit
- Fa0/0
- interface fastEthernet0/0
- ip address 10.6.0.254 255.255.255.0
- no shutdown
- exit
- 對接 Internet Router
- interface serial0/0/0
- ip address 193.16.6.254 255.255.255.252
- no shutdown
- exit
- ip route 0.0.0.0 0.0.0.0 193.16.6.253
單機設定
- R6-PC5:10.5.0.10/24
- IP Address:10.5.0.10
- Subnet Mask:255.255.255.0
- Default Gateway:10.5.0.254
- R6-PC6:10.6.0.10/24
- IP Address:10.6.0.10
- Subnet Mask:255.255.255.0
- Default Gateway:10.6.0.254
Internet
- no ip domain-lookup
- hostname Internet
- 對接 R6
- interface serial0/0/1
- ip address 193.16.6.253 255.255.255.252
- clock rate 64000
- no shutdown
- exit
- Internet_WWW
- interface fastEthernet0/0
- ip address 200.200.200.254 255.255.255.0
- no shutdown
- exit
- Internet_User
- interface fastEthernet0/1
- ip address 201.201.201.254 255.255.255.0
- no shutdown
- exit
- 對接 R1
- interface serial0/0/0
- ip address 193.16.1.253 255.255.255.252
- clock rate 64000
- no shutdown
- exit
單機設定
- Internet WWW
- IP Address:200.200.200.200
- Subnet Mask:255.255.255.0
- Default Gateway:200.200.200.254
- Internet User
- IP Address:201.201.201.201
- Subnet Mask:255.255.255.0
- Default Gateway:201.201.201.254
