1.配置AS1和AS2兩臺接入層交換機
#AS1
Switch>en
Switch#conf t
Switch(config)#vlan 11
Switch(config)#vlan 22
Switch(config-vlan)#int f0/2
Switch(config-if)#switchport access vlan 11
Switch(config-if)#int f0/23
Switch(config-if)#switchport access vlan 22
#AS2
Switch>en
Switch#conf t
Switch(config)#vlan 22
Switch(config-vlan)#int f0/2
Switch(config-if)#switchport access vlan 22
2.配置CS核心交換機
#CS
Switch>en
Switch#conf t
Switch(config)#ip routing
Switch(config)#int f0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config)#int f0/2
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config)#vlan 11
Switch(config-vlan)#vlan 22
Switch(config-vlan)#vlan 100
Switch(config-vlan)#vlan 200
Switch(config-vlan)#int f0/24
Switch(config-if)#switchport access vlan 200
Switch(config-if)#int f0/6
Switch(config-if)#switchport access vlan 100
Switch(config-if)#int vlan 11
Switch(config-if)#ip address 172.16.11.1 255.255.255.0
Switch(config-if)#int vlan 22
Switch(config-if)#ip address 172.16.22.1 255.255.255.0
Switch(config-if)#int vlan 100
Switch(config-if)#ip address 172.16.100.254 255.255.255.0
Switch(config-if)#int vlan 200
Switch(config-if)#ip address 172.16.200.1 255.255.255.0
Switch(config-if)#int f0/5
Switch(config-if)#no switchport
Switch(config-if)#ip address 172.16.253.1 255.255.255.0
Switch(config)#ip route 0.0.0.0 0.0.0.0 172.16.253.2
3.配置firewall出口路由器
4.Firewall上配置映射:
5.配置ISP1、ISP2、ISP3互聯網路由器
#ISP1
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.1 255.255.255.255
Router(config)#router ospf 1
Router(config-router)#network 2.0.0.0 0.0.0.7 area 0
Router(config-router)#network 3.0.0.0 0.0.0.255 area 0
Router(config-router)#network 5.0.0.0 0.0.0.255 area 0
Router(config-router)#end
Router#show ip route
#ISP2
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.2 255.255.255.255
Router(config-if)#exit
Router(config)#router ospf 1
Router(config-router)#network 5.0.0.0 0.0.0.255 area 0
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
Router(config-router)#network 8.0.0.0 0.0.0.255 area 0
Router(config-router)#network 7.0.0.0 0.0.0.3 area 0
Router(config-router)#end
Router#show ip route
#ISP3
Router(config)#int loopback 0
Router(config-if)#ip address 10.0.0.3 255.255.255.255
Router(config-if)#exit
Router(config)#route ospf 1
Router(config-router)#network 3.0.0.0 0.0.0.255 area 0
Router(config-router)#network 6.0.0.0 0.0.0.255 area 0
Router(config-router)#network 4.0.0.0 0.0.0.255 area 0
6.配置Div-R公司路由器(ppp)
router-FW上:
7.配置無線接入:
AP --> Config --> Port 1 --> SSID: AP1 WPA2-PSK: 12345678
Wireless Router0 --> Config --> Wireless --> SSID: AP2 WPA2-PSK: 87654321
在兩臺筆記本上配置無線網卡,分別接入無線AP和無線路由器
Laptop22.3:手動配置靜態 IP 地址172.16.22.3
Laptop22.3: --> config --> wireless0 --> SSID: AP1 wpa2-psk:12345678
Laptop1: --> config --> wireless0 --> SSID: AP2 wpa2-psk:87654321
–> Desktop --> Connect --> Refresh --> 選擇AP2 --> Connect
8.配置PPPOE接入:
Cloud0 —> DSL —> Modem4 <-> Ethernet6
Modem5 <-> Ethernet6
ISP2上進行配置:
int f1/0
ip address 8.0.0.1 255.0.0.0
pppoe enable
ip local pool mypool 8.0.0.10 8.0.0.100
username user1 password 0 123
Router(config)#aaa new-model // 啓用 AAA
Router(config)#aaa authentication ppp default group radius // 使用 Radius 對所有 PPP 用戶進行身份驗證
Router(config)#radius-server host 6.0.0.2 key 123 // 指定外部 AAA 服務器,設置預共享密鑰
int virtual-template 1 // 定義虛擬模板
ip unnumbered f1/0 // 借用以太口地址
peer default ip address pool mypool // 設定地址池
ppp authentication chap // 設定認證方式
vpdn enable // 全局啓用虛擬撥號
vpdn-group mygroup // 定義虛擬撥號組
accept-dialin // 允許撥號接入
protocol pppoe // 接入協議爲pppoe
virtual-template 1 // 設定虛擬模板
Inter-Srv上:
Service —> AAA —>
Network Configuration:
pppoe 4.0.0.2 Radius 123
ppp 8.0.0.1 Radius 123
User Setup:
u1 cisco // 用於 WireLess 認證
test 123 // 用於 PC0 認證
在pc0使用PPPoE Dialer接入網絡,ipconfig查看地址並ping6.0.0.2
Desktop —> PPPoE —> User Name: test Password: 123
配置無線路由器使用PPPoE接入網絡
Setup —> PPPoE —> Username: u1 Password: cisco Save Settings
WireLess —> Basic WireLess Settings —> Network Name: AP2 Standard Channel: 11
—> WireLess Security —> Security Mode: WAP2 Persional AES 87654321
9.配置VPN
10.配置VOIP
a)把總部IP電話和callmanager的接入端口加入到voice vlan1
AS1:
vlan 100
int f0/1
switchport mode access
switchport access vlan 100
switchport voice vlan 1
AS2:
vlan 100
int f0/1
switchport mode access
switchport access vlan 100
switchport voice vlan 1
CS:
int f0/6
switchport mode access
switchport access vlan 100
switchport voice vlan 1
b)把分公司IP電話和Div-R向內網的接入端口加入到voice vlan1
Switch3:
int f0/1
switchport voice vlan 1
switchport mode access
int f0/24
switchport mode access
switchport voice vlan 1
c)在公司總部配置callmanager ,測試總部兩部電話的連通性
CallManager:
# 配置接口
# int f0/0
# ip add 172.16.100.1 255.255.255.0
# 配置DHCP
# ip dhcp pool voice
# network 172.16.100.0 255.255.255.0
# default-router 172.16.100.1
# option 150 ip 172.16.100.1
# 配置呼叫服務
# telephone-service
# max-dn 10
# max-ephone 10
# ip source-address 172.16.100.1 port 2000
# auto assign 1 to 10
爲電話配置號碼
# ephone-dn 1
# number 1001
# ephone-dn 2
# number 1002
最後,
在firewall上:
access-list 103 permit ip 172.16.11.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 103 deny ip 172.16.11.0 0.0.0.255 any
access-list 103 permit ip any any
int f0/0
ip access-group 103 in
嘿嘿,後面的分公司的電話與總公司的電話相通,小編還沒有搞定,將會在下一篇博文中,謝謝觀看!