sys
sysname accessA
ip unreachables enable
ip ttl-expires enable
# 創建vlan
vlan 10
vlan 20
int g1/0/1
port link-type access
port access vlan 10
int g1/0/2
port link-type access
port access vlan 20
# trunk 鏈路
int g1/0/3
port link-type trunk
port trunk permit vlan all
access B
sys
sysname accessB
ip unreachables enable
ip ttl-expires enable
創建vlan
vlan 10
vlan 20
int g1/0/1
port link-type access
port access vlan 20
int g1/0/2
port link-type access
port access vlan 10
trunk 鏈路
int g1/0/3
port link-type trunk
port trunk permit vlan all
core
sys
sysname core
ip unreachables enable
ip ttl-expires enable
# 創建vlan
vlan 10
vlan 20
# trunk 鏈路
int g1/0/3
port link-type trunk
port trunk permit vlan all
# trunk 鏈路
int g1/0/4
port link-type trunk
port trunk permit vlan all
# 鏈路聚合
int Bridge-Aggregation 1
quit
int g1/0/1
port link-aggregation group 1
int g1/0/2
port link-aggregation group 1
# 鏈路聚合配置trunk
port link-type trunk
port trunk permit vlan all
# telnet 配置,爲了能夠訪問,需要先添加個ip
int vlan 10
ip address 192.168.10.10 24
telnet server enable
line vty 0 15
authentication-mode password
set authentication password simple wlgc
inside 路由器
sys
sysname inside
ip unreachables enable
ip ttl-expires enable
# 鏈路聚合,整理要注意路由和交換機的命令不同
int route-Aggregation 1
quit
int g5/1
port link-aggregation group 1
int g5/0
port link-aggregation group 1
# 子接口 單臂路由 配置
int Route-Aggregation 1.10
vlan-type dot1q vid 10
ip address 192.168.10.254 24
int Route-Aggregation 1.20
vlan-type dot1q vid 20
ip address 192.168.20.254 24
# 對外ip
int g0/0
ip address 10.1.1.2 24
int s1/0
ip address 20.1.1.20 24
# 默認路由
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2
# nat 配置
acl advanced name nat
rule 5 permit ip source 192.168.0.0 0.0.255.255 destination any
int g0/0
nat outbound name nat
# 策略路由pbr internet2
acl advanced name pbr-internet2
# 這句是爲了防止將內網互ping的流量,也轉發出去,造成內網ping不同的情況
rule 3 deny ip source 192.168.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
rule 5 permit ip source 192.168.20.0 0.0.0.255 destination any
policy-based-route pbr-internet2 node 5
if-match acl name pbr-internet2
apply next-hop 20.1.1.2
# 啓用策略路由,這裏需要注意,是在聚合的子接口上進行,並非nat出接口
int Route-Aggregation1.20
ip policy-based-route pbr-internet2
undo ip fast-forwarding load-sharing
quit
# telnet 配置
acl advanced 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
quit
telnet server enable
telnet server acl 3000
line vty 0 15
authentication-mode password
set authentication password simple wlgc
互聯網部分
internet
sys
sysname internet
ip unreachables enable
ip ttl-expires enable
# ip 配置
int g0/1
[ip address 13.1.1.1 24
int g0/0
ip address 10.1.1.1 24
# ospf 配置
ospf 100
# 重發布直連接口
import-route direct
area 0
network 13.1.1.0 0.0.0.255
internet2
sys
sysname internet2
ip unreachables enable
ip ttl-expires enable
int g0/2
ip address 23.1.1.2 24
int s1/0
ip address 20.1.1.2 24
# ospf 配置
ospf 100
# 重發布直連接口(s1/0)
import-route direct
area 0
network 23.1.1.0 0.0.0.255
remote(3.3.3.3)
sys
sysname remote
ip unreachables enable
ip ttl-expires enable
int LoopBack 0
ip address 3.3.3.3 32
int g0/1
ip address 13.1.1.3 24
int g0/0
ip address 23.1.1.3 24
# ospf 配置
ospf 100
area 0
network 13.1.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
network 23.1.1.0 0.0.0.255