加入收藏 | 设为首页 | 会员中心 | 我要投稿 | RSS
您当前的位置:首页 > 交换技术 > 交换配置

思科三层交换配置清单与案例

时间:2012-04-11 17:11:06  来源:网络  作者:佚名
     网络基本情况

网络拓扑结构为:中心交换机采用Cisco Catalyst 4006-S3,Supervisor Engine III G引擎位于第1插槽,用于实现三层交换;1块24口1000Base-T模块位于第2插槽,用于连接网络服务器;1块6端口1000Base-X模块位于第3插槽,用于连接6台骨干交换机。一台交换机采用Cisco Catalyst 3550-24-EMI,并安装1块1000Base-X GBIC千兆模块。一台交换机采用Cisco Catalyst 3550-24-SMI,也安装1块1000Base-X GBIC千兆模块。另外四台交换机采用Cisco Catalyst 2950G-24-SMI,安装1块1000Base-T GBIC千兆模块。所有服务器划分为一个VLAN,即VLAN 50。四台Catalyst 2950G-24-SMI交换机也只划分为一个VLAN,分别为VLAN 60、VLAN 70、VLAN 80和VLAN 90。

Catalyst 3550-24-EMI划分为4个VLAN,分别为VLAN 10、VLAN 20、VLAN 30和VLAN 40。Catalyst 3550-24-SMI划分2个VLAN,分别为VLAN 60和VLAN 80,与另外两台Catalyst 2950G-24-SMI交换机分别位于同一VLAN。

实例分析

由于所有Catalyst 2950G交换机都是一个独立的VLAN,因此,必须先在这些交换机上创建VLAN(VLAN 60~VLAN 90),并将所有端口都指定至该VLAN。然后,再在Catalyst 4006交换机相应端口上分别创建VLAN。Catalyst 4006的1000Base-X端口分别与各Catalyst 2950G的1000Base-X端口连接。其中,

GigabitEthernet3/2端口连接至1号Catalyst 2950交换机(VLAN 60),GigabitEthernet3/3端口连接至2号Catalyst 2950交换机(VLAN 70),GigabitEthernet3/4端口连接至3号Catalyst 2950交换机(VLAN 80),GigabitEthernet3/5端口连接至4号Catalyst 2950交换机(VLAN 90),GigabitEthernet3/6端口连接至6号楼交换机(VLAN 80)。由于在Catalyst 3550-24-EMI上划分有4个VLAN(VLAN 10~VLAN 40),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/1端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。

同样,在Catalyst 3550-24-SMI上划分有2个VLAN(VLAN 60和VLAN 80),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/6端口连接,因此,必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。

 另外,所有服务器均连接至Catalyst 4006的1000Base-T模块,并单独成为一个VLAN(VLAN 90),因此,也必须为这些交换机创建一个VLAN,并将所有端口指定至该VLAN。需要注意的是,考虑到网络管理的需要,也可以剩余几个RJ-45端口 (如21至24端口)不指定至任何VLAN,从而便于连接网络管理设备。默认状态下,所有端口都属于VLAN1,而且也只有在VLAN1中才能实现对网络中所有设备的管理。

配置清单

●Cisco Catalyst 4006交换机配置清单

Current configuration : 5594 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice compress-config!hostname hsnc!boot system bootflash:cat4000-is-mz.121-8a.EW1.binno logging consoleenable secret level 1 5 $1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/!ip subnet-zero!!!interface GigabitEthernet1/1no snmp trap link-status!--不为Supervisor Engine III G引擎中的1000Base-X插槽指定VLANinterface GigabitEthernet1/2no snmp trap link-status!!interface GigabitEthernet2/1switchport access vlan 50no snmp trap link-status!--将端口GigabitEthernet2/1指定至VLAN 50!interface GigabitEthernet2/2switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/3switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/4switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/5switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/6switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/7switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/8switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/9switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/10switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/11switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/12switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/13switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/14switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/15switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/16switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/17switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/18switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/19switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/20switchport access vlan 50no snmp trap link-status!--不将GigabitEthernet2/20~24指定至任何VLAN!interface GigabitEthernet3/1switchport trunk encapsulation dot1q!--启用802.1Q Trunk封装协议,即在该端口创建Trunkswitchport trunk allowed vlan 1-80!--允许vlan 1-90在该中继线通讯!--可以拒绝或允许某个VLAN访问该Trunk!--确保未被授权的VLAN通过该Trunk,实现VLAN的访问安全switchport mode trunk!--将该端口设置为Trunk description netcenterno snmp trap link-status!interface GigabitEthernet3/2switchport access vlan 60no snmp trap link-status!--将端口GigabitEthernet3/2指定至VLAN 60!interface GigabitEthernet3/3switchport access vlan 70no snmp trap link-status!--将端口GigabitEthernet3/3指定至VLAN 70!interface GigabitEthernet3/4switchport access vlan 80no snmp trap link-status!--将端口GigabitEthernet3/4指定至VLAN 80!interface GigabitEthernet3/5switchport access vlan 90no snmp trap link-status!--将端口GigabitEthernet3/5指定至VLAN 90!interface GigabitEthernet3/6switchport trunk encapsulation dot1q!--启用802.1Q Trunk封装协议,即在该端口创建Trunkswitchport trunk allowed vlan 1-80!--允许vlan 1-90在该中继线通讯!--可以拒绝或允许某个VLAN访问该Trunk!--从而确保未被授权的VLAN通过该Trunk,实现VLAN访问安全switchport mode trunk!--将该端口设置为Trunk description netcenterno snmp trap link-status!interface Vlan1description netmangerno ip address!!--对VLAN1进行描述interface Vlan10description network centerno ip address!--对VLAN2进行描述!interface Vlan20description computer centerno ip address!interface Vlan30description network labno ip address!interface Vlan40description huaxuelouno ip address!interface Vlan50description wulilouno ip address!interface Vlan60description shengwulouno ip address!interface Vlan70description zhongwenxino ip address!interface Vlan80description tushuguanno ip address!!line con 0stopbits 1line vty 0 4password aaalogin!            end

●Cisco Catalyst 3550-EMI配置清单



Building configuration.Current configuration : 4055 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname office!enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1!ip subnet-zero!!spanning-tree extend system-id!!!interface FastEthernet0/1switchport access vlan 10!--将端口FastEthernet0/1指定至VLAN 10no ip address!interface FastEthernet0/2switchport access vlan 10no ip address!interface FastEthernet0/3switchport access vlan 10no ip address!interface FastEthernet0/4switchport access vlan 10no ip address!interface FastEthernet0/5switchport access vlan 10no ip address!interface FastEthernet0/6switchport access vlan 20no ip address!--将端口FastEthernet0/6指定至VLAN 20!interface FastEthernet0/7switchport access vlan 20no ip address!interface FastEthernet0/8switchport access vlan 20no ip address!interface FastEthernet0/9switchport access vlan 20no ip address!interface FastEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 30no ip address!--将端口FastEthernet0/6指定至VLAN 30!interface FastEthernet0/12switchport access vlan 30no ip address!interface FastEthernet0/13switchport access vlan 30no ip address!interface FastEthernet0/14switchport access vlan 30no ip address!nterface FastEthernet0/15switchport access vlan 30no ip address!interface FastEthernet0/16switchport access vlan 30no ip address!interface FastEthernet0/17switchport access vlan 30no ip address!interface FastEthernet0/18switchport access vlan 30no ip address!interface FastEthernet0/19switchport access vlan 40ip address!--将端口FastEthernet0/6指定至VLAN 40!interface FastEthernet0/20witchport access vlan 40no ip address!interface FastEthernet0/21switchport access vlan 40no ip address!interface FastEthernet0/22switchport access vlan 30no ip address!interface FastEthernet0/23switchport access vlan 40no ip address!interface FastEthernet0/24switchport access vlan 40no ip address!interface GigabitEthernet0/1switchport trunk encapsulation dot1q!--启用802.1Q Trunk封装协议,即在该端口创建Trunkswitchport trunk allowed vlan 1-80!--允许vlan 1-80在该中继线通讯itchport mode trunk!--将该端口设置为Trunk no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.12 255.255.255.0!--LAN1指定IP地址no ip route-cacheno ip mroute-cache!ip classless ip http server!!!!line con 0line vty 0 4password aaaloginline vty 5 15login!            end

●Cisco Catalyst 3550-SMI配置清单



Building configuration.Current configuration : 4055 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname office!enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1!ip subnet-zero!!spanning-tree extend system-id!!!interface FastEthernet0/1switchport access vlan 60!--将端口FastEthernet0/1指定至VLAN 60no ip address!interface FastEthernet0/2switchport access vlan 60no ip address!interface FastEthernet0/3switchport access vlan 60no ip address!interface FastEthernet0/4switchport access vlan 60no ip address!interface FastEthernet0/5switchport access vlan 60no ip address!interface FastEthernet0/6switchport access vlan 20no ip address!--将端口FastEthernet0/6指定至VLAN 20!interface FastEthernet0/7switchport access vlan 20no ip address!interface FastEthernet0/8switchport access vlan 20no ip address!interface FastEthernet0/9switchport access vlan 20no ip address!interface FastEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 80no ip address!--将端口FastEthernet0/6指定至VLAN 80!interface FastEthernet0/12switchport access vlan 80no ip address!interface FastEthernet0/13switchport access vlan 80no ip address!interface FastEthernet0/14switchport access vlan 80no ip address!interface FastEthernet0/15switchport access vlan 80no ip addressinterface FastEthernet0/16switchport access vlan 80no ip address!interface FastEthernet0/17switchport access vlan 80no ip address!interface FastEthernet0/18switchport access vlan 80no ip address!interface FastEthernet0/19switchport access vlan 80no ip address!--将端口FastEthernet0/6指定至VLAN 80!interface FastEthernet0/20switchport access vlan 80no ip address!interface FastEthernet0/21switchport access vlan 80no ip address!interface FastEthernet0/22switchport access vlan 80no ip address!interface FastEthernet0/23switchport access vlan 80no ip address!interface FastEthernet0/24switchport access vlan 80no ip address!interface GigabitEthernet0/1switchport trunk encapsulation dot1q!--启用802.1Q Trunk封装协议,即在该端口创建Trunkswitchport trunk allowed vlan 1-80!--允许vlan 1-80在该中继线通讯switchport mode trunk!--从将该端口设置为Trunk no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.13 255.255.255.0!--为LAN1指定IP地址no ip route-cacheno ip mroute-cache!ip classlessip http server!!!!line con 0line vty 0 4password aaaloginline vty 5 15login!            end

●Cisco Catalyst 2950G配置清单

四台Cisco Catalyst 2950G的配置基本相同,下面仅列出VLAN 60的配置情况。



Building configuration.Current configuration : 2143 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname msl!enable password aaa!ip subnet-zero!!spanning-tree extend system-id!!interface FastEthernet0/1switchport access vlan 60no ip address!interface FastEthernet0/2switchport access vlan 60no ip address!interface FastEthernet0/3switchport access vlan 60no ip address!interface FastEthernet0/4switchport access vlan 60no ip address!interface FastEthernet0/5switchport access vlan 60no ip address!interface FastEthernet0/6switchport access vlan 60no ip address!interface FastEthernet0/7switchport access vlan 60no ip address!interface FastEthernet0/8switchport access vlan 60no ip address!interface FastEthernet0/9switchport access vlan 60no ip address!interface FastEthernet0/10switchport access vlan 60no ip address!interface FastEthernet0/11switchport access vlan 60no ip address!interface FastEthernet0/12switchport access vlan 60no ip address!interface FastEthernet0/13switchport access vlan 60no ip address!interface FastEthernet0/14switchport access vlan 60no ip address!interface FastEthernet0/15switchport access vlan 60no ip address!interface FastEthernet0/16switchport access vlan 60no ip address!interface FastEthernet0/17switchport access vlan 60no ip address!interface FastEthernet0/18switchport access vlan 60no ip address!interface FastEthernet0/19switchport access vlan 60no ip address!interface FastEthernet0/20switchport access vlan 60no ip address!interface FastEthernet0/21switchport access vlan 60no ip address!interface FastEthernet0/22switchport access vlan 60no ip address!interface FastEthernet0/23switchport access vlan 60no ip address!interface FastEthernet0/24switchport access vlan 60no ip address!interface GigabitEthernet0/1no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.10 255.255.255.0!ip classlessip http server!!!!line con 0line vty 0 4password aaaloginline vty 5 15login!            end

以下内容 ancy 由撰写

经典的三层网络案例分析。改进中。。。新加很多先进技术噢!新增路由器的配置。

经典的三层网络案例分析。

目的:让不同的vlan 之间可以互相通讯。

IP规划

vlna ID ip网段 vlan网关



vlan 1 172.16.1.0/24 172.16.1.7-9vlan 2 172.16.2.0/24 172.16.2.252-254vlan 3 172.16.3.0/24 172.16.3.252-254vlan 4 172.16.4.0/24 172.16.4.252-254vlan 5 172.16.5.0/24 172.16.5.252-254vlan 6 172.16.6.0/24 172.16.6.252-254vlan 7 172.16.7.0/24 172.16.7.252-254vlan 8 172.16.8.0/24 172.16.8.252-254            vlan 9 172.16.9.0/24 172.16.9.252-254

拓朴图见最后面

器配置

cisco路由器配置:

EnableConfigure terminalService password-encryptionHostname cisco1721Enable secret 654321Enable password 123456ip subnet-zeroip name-server 202.96.134.133 202.96.172.218interface fastethernet 0ip address 61.142.221.5 255.255.255.240speed autono shutdowninterface serial 0ip unnumbered fastethernet 0encapsulation pppno fair-queuebandwidth 2048no shutdownexitip classlessip route 0.0.0.0 0.0.0.0 serial 0no ip http serverline con 0line aux 0line vty 0 4password 12345678loginno scheduler allocate            end

●Cisco Catalyst 3550-EMI配置清单



Building configuration.Current configuration : 4055 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname office!enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1!ip subnet-zero!!spanning-tree extend system-id!!!interface FastEthernet0/1switchport access vlan 10!--将端口FastEthernet0/1指定至VLAN 10no ip address!interface FastEthernet0/2switchport access vlan 10no ip address!interface FastEthernet0/3switchport access vlan 10no ip address!interface FastEthernet0/4switchport access vlan 10no ip address!interface FastEthernet0/5switchport access vlan 10no ip address!interface FastEthernet0/6switchport access vlan 20no ip address!--将端口FastEthernet0/6指定至VLAN 20!interface FastEthernet0/7switchport access vlan 20no ip address!interface FastEthernet0/8switchport access vlan 20no ip address!interface FastEthernet0/9switchport access vlan 20no ip address!interface FastEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 30no ip address!--将端口FastEthernet0/6指定至VLAN 30!interface FastEthernet0/12switchport access vlan 30no ip address!interface FastEthernet0/13switchport access vlan 30no ip address!interface FastEthernet0/14switchport access vlan 30no ip address!nterface FastEthernet0/15switchport access vlan 30no ip address!interface FastEthernet0/16switchport access vlan 30no ip address!interface FastEthernet0/17switchport access vlan 30no ip address!interface FastEthernet0/18switchport access vlan 30no ip address!interface FastEthernet0/19switchport access vlan 40ip address!--将端口FastEthernet0/6指定至VLAN 40!interface FastEthernet0/20witchport access vlan 40no ip address!interface FastEthernet0/21switchport access vlan 40no ip address!interface FastEthernet0/22switchport access vlan 30no ip address!interface FastEthernet0/23switchport access vlan 40no ip address!interface FastEthernet0/24switchport access vlan 40no ip address!interface GigabitEthernet0/1switchport trunk encapsulation dot1q!--启用802.1Q Trunk封装协议,即在该端口创建Trunkswitchport trunk allowed vlan 1-80!--允许vlan 1-80在该中继线通讯itchport mode trunk!--将该端口设置为Trunk no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.12 255.255.255.0!--LAN1指定IP地址no ip route-cacheno ip mroute-cache!ip classless ip http server!!!!line con 0line vty 0 4password aaaloginline vty 5 15login!            end

来顶一下
返回首页
返回首页
发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表
推荐资讯
OSPF虚链路 配置实例 + 详细验证过程
OSPF虚链路 配置实例
浅析布线标签标识的要求
浅析布线标签标识的要
如何让无线路由实现限时封堵网络应用
如何让无线路由实现限
路由器To路由器:双路由器连接设置
路由器To路由器:双路由
相关文章
栏目更新
栏目热门