最美情侣中文字幕电影,在线麻豆精品传媒,在线网站高清黄,久久黄色视频

歡迎光臨散文網(wǎng) 會員登陸 & 注冊

HCL基礎(chǔ)實驗(vrrp+mstp+ospf+ipsec vpn+鏈路聚合)

2022-04-05 18:17 作者:尐德  | 我要投稿

SW1

?

sys

sys SW1

vlan 10

vlan 20

vlan 30

vlan 40

quit

stp region-configuration

region-name mstp

?instance 1 vlan 10 30

?instance 2 vlan 20 40

?active region-configuration


?stp instance 1 root primary

?stp instance 2 root secondary

?stp global enable


interface Bridge-Aggregation1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface Vlan-interface10

?ip add 192.168.10.1 255.255.255.0

?vrrp vrid 10 virtual-ip 192.168.10.254

?vrrp vrid 10 priority 254

?vrrp vrid 10 preempt-mode delay 5


interface Vlan-interface20

?ip add 192.168.20.1 255.255.255.0

?vrrp vrid 20 virtual-ip 192.168.20.254

?vrrp vrid 20 preempt-mode delay 5


interface Vlan-interface30

?ip add 192.168.30.1 255.255.255.0

?vrrp vrid 30 virtual-ip 192.168.30.254

?vrrp vrid 30 priority 254

?vrrp vrid 30 preempt-mode delay 5


interface Vlan-interface40

?ip add 192.168.40.1 255.255.255.0

?vrrp vrid 40 virtual-ip 192.168.40.254

?vrrp vrid 40 preempt-mode delay 5


interface Vlan-interface100

?ip add 100.1.1.1 255.255.255.0


interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/2

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/3

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/4

?port access vlan 100


interface GigabitEthernet1/0/47

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40

?port link-aggregation group 1


interface GigabitEthernet1/0/48

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40

?port link-aggregation group 1


ospf 1

?area 0

?network 100.1.1.0 0.0.0.255

?network 192.168.10.0 0.0.0.255

?network 192.168.20.0 0.0.0.255

?network 192.168.30.0 0.0.0.255

?network 192.168.40.0 0.0.0.255

?

?

SW2

sys

sys SW2

vlan 10

vlan 20

vlan 30

vlan 40

vlan 101


stp region-configuration

region-name mstp

?instance 1 vlan 10 30

?instance 2 vlan 20 40

?active region-configuration


?stp instance 1 root secondary

?stp instance 2 root primary

?stp global enable


interface Bridge-Aggregation1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface Vlan-interface10

?ip add 192.168.10.2 255.255.255.0

?vrrp vrid 10 virtual-ip 192.168.10.254

?vrrp vrid 10 preempt-mode delay 5


interface Vlan-interface20

?ip add 192.168.20.2 255.255.255.0

?vrrp vrid 20 virtual-ip 192.168.20.254

?vrrp vrid 20 priority 254

?vrrp vrid 20 preempt-mode delay 5


interface Vlan-interface30

?ip add 192.168.30.2 255.255.255.0

?vrrp vrid 30 virtual-ip 192.168.30.254

?vrrp vrid 30 preempt-mode delay 5


interface Vlan-interface40

?ip add 192.168.40.2 255.255.255.0

?vrrp vrid 40 virtual-ip 192.168.40.254

?vrrp vrid 40 priority 254

?vrrp vrid 40 preempt-mode delay 5


interface Vlan-interface101

?ip add 101.1.1.1 255.255.255.0



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/2

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/3

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/4

?port access vlan 101




interface GigabitEthernet1/0/47

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40

?port link-aggregation group 1


interface GigabitEthernet1/0/48

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40

?port link-aggregation group 1


ospf 1

?area 0.0.0.0

?network 101.1.1.0 0.0.0.255

?network 192.168.20.0 0.0.0.255

?network 192.168.30.0 0.0.0.255

?network 192.168.40.0 0.0.0.255

?

?

SW3

system-view

?sysname SW3

vlan 10

vlan 20

vlan 30

vlan 40




stp region-configuration

region-name mstp

?instance 1 vlan 10 30

?instance 2 vlan 20 40

?active region-configuration




interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/3

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


?

?

SW4

system-view

?sysname SW4

vlan 10

vlan 20

vlan 30

vlan 40




stp region-configuration

region-name mstp

?instance 1 vlan 10 30

?instance 2 vlan 20 40

?active region-configuration




interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/3

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


?

?

SW5

system-view

?sysname SW5

vlan 10

vlan 20

vlan 30

vlan 40





stp region-configuration

region-name mstp

?instance 1 vlan 10 30

?instance 2 vlan 20 40

?active region-configuration



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40


interface GigabitEthernet1/0/3

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40

?

?

SW6


system-view

?sysname SW6

vlan 10

vlan 20

vlan 30

vlan 40



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port access vlan 10

?

?


SW7

system-view

?sysname SW7

vlan 10

vlan 20

vlan 30

vlan 40



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port access vlan 20


?

?

SW8

system-view

?sysname SW8

vlan 10

vlan 20

vlan 30

vlan 40



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port access vlan 30

?

?

SW9

system-view

?sysname SW9

vlan 10

vlan 20

vlan 30

vlan 40



interface GigabitEthernet1/0/1

?port link-type trunk

?port trunk permit vlan 1 10 20 30 40



interface GigabitEthernet1/0/2

?port access vlan 40


?

??

?

R1

sys

sys R1


interface GigabitEthernet0/0

?ip add 200.1.1.1 255.255.255.0



interface GigabitEthernet0/1

?ip add 100.1.1.2 255.255.255.0


interface GigabitEthernet0/2

?ip add 101.1.1.2 255.255.255.0



ospf 1

?area 0.0.0.0

?network 100.1.1.0 0.0.0.255

?network 101.1.1.0 0.0.0.255

?network 200.1.1.0 0.0.0.255

?

?

R2


sys

sys R2



interface GigabitEthernet0/0

?ip add 200.1.1.2 255.255.255.0


interface GigabitEthernet0/1

?ip add 201.1.1.2 255.255.255.0



ospf 1

?area 0.0.0.0

?network 172.16.1.0 0.0.0.255

?network 200.1.1.0 0.0.0.255

?network 201.1.1.0 0.0.0.255

?

?

R3

sys

sys R3



interface GigabitEthernet0/0

?ip add 201.1.1.3 255.255.255.0


interface GigabitEthernet0/1

?ip add 172.16.1.254 255.255.255.0



ospf 1

?area 0.0.0.0

?network 172.16.1.0 0.0.0.255

?network 201.1.1.0 0.0.0.255





VPN部分配置命令

R1的配置:


//配置感興趣流,匹配VPN流量

acl advanced 3000

rule 0 permit ip source 192.168.10.1 0.0.0.255 destination 172.16.1.0 0.0.0.255

quit

//配置acl,匹配連接外網(wǎng)流量

acl advanced 3005

?rule 0 deny ip source 192.168.10.0 0.0.0.255 destination 172.16.1.0 0.0.0.255 //拒絕VPN流量,對于VPN流量不做NAT轉(zhuǎn)換

?rule 5 permit ip source 192.168.10.0 0.0.0.255

?quit

//內(nèi)網(wǎng)網(wǎng)關(guān)的默認路由,指向公網(wǎng)路由器

ip route-static 0.0.0.0 0 200.1.1.2

//創(chuàng)建ike proposal,由于ike提議的參數(shù)有默認值,本實驗就直接使用默認值,所以創(chuàng)建ike提議后,便直接退出了

ike proposal 1

quit

//創(chuàng)建預(yù)共享密鑰

ike keychain r3

pre-shared-key address 201.1.1.3 key simple 123

quit

//創(chuàng)建ike模板,指定源和目的地址、ike提議、預(yù)共享密鑰

ike profile r3

proposal 1

keychain r3

local-identity address 200.1.1.1

match remote identity address 201.1.1.3

quit

//創(chuàng)建ipsec轉(zhuǎn)換集,指定安全協(xié)議及其認證、加密算法

ipsec transform-set r3

encapsulation-mode tunnel //可不配置,默認為隧道模式

protocol esp //可不配置,默認安全協(xié)議為esp

esp authentication-algorithm md5

esp encryption-algorithm des-cbc

quit

//創(chuàng)建ipsec策略

ipsec policy r3 1 isakmp

security acl 3000

ike-profile r3

transform-set r3

remote-address 201.1.1.3

quit

//將ipsec策略應(yīng)用在接口g0/1

int g0/0

ipsec apply policy r3

//在g0/0口上做esay-ip

nat outbound 3005



R3的配置:

//R3的ipsec配置和R1的相差不大,因此就不解釋了


ip route-static 0.0.0.0 0 201.1.1.2

acl advance 3000

rule 0 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

quit

acl advanced 3005

?rule 0 deny ip source 172.16.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

?rule 5 permit ip source 172.16.1.0 0.0.0.255

?quit

ike proposal 1

quit

ike keychain r1

pre-shared-key address 200.1.1.1 key simple 123

quit

ike profile r1

proposal 1

keychain r1

local-identity address 201.1.1.3

match remote identity address 200.1.1.1

quit

ipsec transform-set r1

encapsulation-mode tunnel

protocol esp

esp authentication-algorithm md5

esp encryption-algorithm des-cbc

quit

ipsec policy r1 1 isakmp

security acl 3000

transform-set r1

ike-profile r1

remote-address 200.1.1.1

int g0/0

ipsec apply policy r1

nat outbound 3005







標簽:

HCL基礎(chǔ)實驗(vrrp+mstp+ospf+ipsec vpn+鏈路聚合)的評論 (共 條)

分享到微博請遵守國家法律
晴隆县| 临猗县| 大姚县| 从江县| 雅安市| 舟曲县| 天台县| 苗栗县| 新化县| 通化县| 沛县| 泾阳县| 潞城市| 新乐市| 临沧市| 天全县| 景宁| 玛曲县| 临汾市| 清涧县| 扎鲁特旗| 雷州市| 团风县| 平塘县| 建湖县| 如东县| 温泉县| 邵阳县| 广东省| 儋州市| 黑水县| 罗定市| 泽库县| 永善县| 余江县| 曲阳县| 鹤岗市| 巧家县| 教育| 盐山县| 兴安盟|