ccnp大型企业综合案例分析

这个项目主要实现思路关键点之独孤九剑:

Ip地址的规范

接口对应表的整理

主次关系的整理

分清楚什么是二层技术什么是三层技术

对于相同的预配置先在记事本写好,利用crt直接粘贴复制,这样节省时间和提高效率。

几种交换协议的一句话理解:

Vtp 是用来简化vlan 的配置,思科专有。公有GVRP.

Vtp 配置方法:两台交换机之间用trunk 相连,配置服务端与客户端,配置相同的密码,

域名,版本。服务器配置版本高于客户机。

Stp pvst mst 生成树,快速生成树,多生成树。

生成树是用来防止二层环路,三层环路用路由协议来防环。原理是通过阻塞一条链路来防环。

Pvst 工程中主要用来对不同vlan 做冗余备份。

Mst 是pvst 的升级版,通过不同实例给vlan 做冗余备分。

HSRR VRRP GLBP 是用来给网关提供冗余备份。

通过使作几个不同的组达到给不同vlan 提供冗余备份作用。

Ospf rip eigrp 将不同的vlan 的子网消息宣告出去。

如果trunk 有两线,一定要放到二层组中。

具体代码如下:

1)路由交换预配置

en

clock set 8:00:00 28 june 2016   \\记住这个在现实生活中非常重要,因为很多时间不对的话

查看日志信息可能会有问题

conf t

host r1

clock timezone GTM 8   \\设置时区

line c 0   \\进入控制台

logg sy   \\日志同步,以免日志把正常输入打乱

no ip domain-lookup  \\关掉域名解析功能,不然打错命令会等待30秒

enable password [email protected]  \\明文密码

enable secret [email protected]  \\密文密码更安全,同时明文密码无效

username luliechu privilege 3 secret [email protected]  \\本地用户名和密码并且赋予权限

line vty 0 4  \\开启远程终端

password [email protected]  \\vty密码

login  local  \\允许登录方式为本地用户验证

end

write  \\保存配置命令

R2

en

clock set 8:00:00 28 june 2016

conf t

host r2

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU1

en

clock set 8:00:00 28 june 2016

conf t

host SW1

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU2

en

clock set 8:00:00 28 june 2016

conf t

host SW2

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU3

en

clock set 8:00:00 28 june 2016

conf t

host SW3

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU4

en

clock set 8:00:00 28 june 2016

conf t

host SW4

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU5

en

clock set 8:00:00 28 june 2016

conf t

host SW5

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

IOU6

en

clock set 8:00:00 28 june 2016

conf t

host SW6

clock timezone GTM 8

line c 0

logg sy

no ip domain-lookup

enable password [email protected]

enable secret [email protected]

username luliechu privilege 3 secret [email protected]

line vty 0 4

password [email protected]

login  local

end

write

2)将交换机所有需要加入到tr链路的端口加入进来

Iou1

//把所需使用vtp协议的端口线路更改为trunk模式

en

conf t

int rang f0/1-8

sw tr en d   //在pt中不需要,真实环境和iou中都要加

sw mo tr

//创建vtp并把这台交换机设为server模式

conf t

vtp dom ccie

vtp mod server

vtp pruning  // //在pt中不支持这命令,真实环境和iou中都支持这样节省带宽开销

End

//创建vlan

conf t

vlan 10

vlan 20

vlan 30

vlan 40

vlan 50

vlan 60

vlan 70

vlan 80

Vlan 100

End

//创建管理地址,方便管理员管理

conf t

int vlan 100

ip add 192.168.9.1 255.255.255.0

no shut

End

//设置vtp版本密码(为了安全起见)

conf t

vtp pass [email protected]

vtp ver 2

End

//创建二层组,使用以太网端口聚合技术,实现高速负载分流

conf t

int rang f0/1-4

Channel-protocol lacp

channel-g 1 mode active

end

//Mst 是pvst 的升级版,通过不同实例给vlan 做冗余备分。创建了两个实例1 2,分别将vlan10-80加入到对应实例,并设置主从,实现不同实例的冗余备份

conf t

spanning-tree mode mst      //在pt中不支持mst,只能用rstp来实现了,现实生活和iou上都支持

spanning-tree mst configu

instance 1 vlan 10,20,30,40

revision 1

instance 2 vlan 50,60,70,80

revision 1

exit

spanning-tree mst 1 root primary

spanning-tree mst 2 root secondary

End

En

Conf t

Spanning-tree  mode rap

spanning-tree  vlan 10,20,30,40 root primary

spanning-tree  vlan 50,60,70,80 root seconday

End

//为不同vlan划分网关,实现不同vlan基于三层交换机的路由互通

conf t

int vlan 10

ip add 192.168.1.2 255.255.255.0

no shut

int vlan 20

ip add 192.168.2.2 255.255.255.0

no shut

int vlan 30

ip add 192.168.3.2 255.255.255.0

no shut

int vlan 40

ip add 192.168.4.2 255.255.255.0

no shut

int vlan 50

ip add 192.168.5.2 255.255.255.0

no shut

int vlan 60

ip add 192.168.6.2 255.255.255.0

no shut

int vlan 70

ip add 192.168.7.2 255.255.255.0

no shut

int vlan 80

ip add 192.168.8.2 255.255.255.0

no shut

End

//配置hsrp实现网关高可用性,sw1是vlan10,20,30,40-的主网关,是50,60,70,80 的备用网关。

Sw2是vlan50,60,70,80的主网关,是10,20,30,40 的备网关。

注意State is Active 为主网关

State is Standby 为备网关

conf t

int vlan 10

standby 10 ip 192.168.1.1

standby 10 priority 105

standby 10 preempt

standby 10 track g0/1

end

conf t

int vlan 20

standby 20 ip 192.168.2.1

standby 20 priority 105

standby 20 preempt

standby 20 track g0/1

end

conf t

int vlan 30

standby 30 ip 192.168.3.1

standby 30 priority 105

standby 30 preempt

standby 30 track g0/1

end

conf t

int vlan 40

standby 40 ip 192.168.4.1

standby 40 priority 105

standby 40 preempt

standby 40 track g0/1

end

conf t

int vlan 50

standby 50 ip 192.168.5.1

standby 50 priority 100

standby 50 preempt

standby 50 track g0/1

end

conf t

int vlan 60

standby 60 ip 192.168.6.1

standby 60 priority 100

standby 60 preempt

standby 60 track g0/1

end

conf t

int vlan 70

standby 70 ip 192.168.7.1

standby 70 priority 100

standby 70 preempt

standby 70 track g0/1

end

conf t

int vlan 80

standby 80 ip 192.168.8.1

standby 80 priority 100

standby 80 preempt

standby 80 track g0/1

end

write

3)配置dhcp

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.3

ip dhcp pool vlan10

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 202.96.128.86

Exit

ip dhcp excluded-address 192.168.2.1

ip dhcp excluded-address 192.168.2.2

ip dhcp excluded-address 192.168.2.3

ip dhcp pool vlan20

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.3.1

ip dhcp excluded-address 192.168.3.2

ip dhcp excluded-address 192.168.3.3

ip dhcp pool vlan30

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.4.2

ip dhcp excluded-address 192.168.4.3

ip dhcp pool vlan40

network 192.168.4.0 255.255.255.0

default-router 192.168.4.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.5.1

ip dhcp excluded-address 192.168.5.2

ip dhcp excluded-address 192.168.5.3

ip dhcp pool vlan50

network 192.168.5.0 255.255.255.0

default-router 192.168.5.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.6.1

ip dhcp excluded-address 192.168.6.2

ip dhcp excluded-address 192.168.6.3

ip dhcp pool vlan60

network 192.168.6.0 255.255.255.0

default-router 192.168.6.1

dns-server 202.96.128.86

ip dhcp excluded-address 192.168.7.1

ip dhcp excluded-address 192.168.7.2

ip dhcp excluded-address 192.168.7.3

ip dhcp pool vlan70

network 192.168.7.0 255.255.255.0

default-router 192.168.7.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.8.1

ip dhcp excluded-address 192.168.8.2

ip dhcp excluded-address 192.168.8.3

ip dhcp pool vlan80

network 192.168.8.0 255.255.255.0

default-router 192.168.8.1

dns-server 202.96.128.86

end

4)配置ospf协议

Conf  t

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

network 22.1.1.2 0.0.0.0 area 0

network 2.2.2.2 0.0.0.0 area 0

network 192.168.1.2 0.0.0.0 area 0

network 192.168.2.2 0.0.0.0 area 0

network 192.168.3.2 0.0.0.0 area 0

network 192.168.4.2 0.0.0.0 area 0

network 192.168.5.2 0.0.0.0 area 0

network 192.168.6.2 0.0.0.0 area 0

network 192.168.7.2 0.0.0.0 area 0

network 192.168.8.2 0.0.0.0 area 0

Iou2

//把所需使用vtp协议的端口线路更改为trunk模式

en

conf t

int rang f0/1-8

sw tr en d   //在pt中不需要,真实环境和iou中都要加

sw mo tr

//创建vtp并把这台交换机设为server模式

conf t

vtp dom ccie

vtp mod server

vtp pruning  // //在pt中不支持这命令,真实环境和iou中都支持这样节省带宽开销

End

//创建管理地址,方便管理员管理

conf t

int vlan 100

ip add 192.168.9.2 255.255.255.0

no shut

End

//设置vtp版本密码(为了安全起见)

conf t

vtp pass [email protected]

vtp ver 2

End

//创建二层组,使用以太网端口聚合技术,实现高速负载分流

conf t

int rang f0/1-4

Channel-protocol lacp

channel-g 1 mode active

end

//Mst 是pvst 的升级版,通过不同实例给vlan 做冗余备分。创建了两个实例1 2,分别将vlan10-80加入到对应实例,并设置主从,实现不同实例的冗余备份

conf t

spanning-tree mode mst      //在pt中不支持mst,只能用rstp来实现了,现实生活和iou上都支持

spanning-tree mst configu

instance 1 vlan 10,20,30,40

revision 1

instance 2 vlan 50,60,70,80

revision 1

exit

spanning-tree mst 1 root primary

spanning-tree mst 2 root secondary

End

En

Conf t

Spanning-tree  mode rap

spanning-tree  vlan 50,60,70,80 root primary

spanning-tree  vlan 10,20,30,40 root seconday

End

//为不同vlan划分网关,实现不同vlan基于三层交换机的路由互通

conf t

int vlan 10

ip add 192.168.1.3 255.255.255.0

no shut

int vlan 20

ip add 192.168.2.3 255.255.255.0

no shut

int vlan 30

ip add 192.168.3.3 255.255.255.0

no shut

int vlan 40

ip add 192.168.4.3 255.255.255.0

no shut

int vlan 50

ip add 192.168.5.3 255.255.255.0

no shut

int vlan 60

ip add 192.168.6.3 255.255.255.0

no shut

int vlan 70

ip add 192.168.7.3 255.255.255.0

no shut

int vlan 80

ip add 192.168.8.3 255.255.255.0

no shut

End

//配置hsrp实现网关高可用性,sw1是vlan10,20,30,40-的主网关,是50,60,70,80 的备用网关。

Sw2是vlan50,60,70,80的主网关,是10,20,30,40 的备网关。

注意State is Active 为主网关

State is Standby 为备网关

conf t

int vlan 10

standby 10 ip 192.168.1.1

standby 10 priority 105

standby 10 preempt

standby 10 track g0/1

end

conf t

int vlan 20

standby 20 ip 192.168.2.1

standby 20 priority 105

standby 20 preempt

standby 20 track g0/1

end

conf t

int vlan 30

standby 30 ip 192.168.3.1

standby 30 priority 105

standby 30 preempt

standby 30 track g0/1

end

conf t

int vlan 40

standby 40 ip 192.168.4.1

standby 40 priority 105

standby 40 preempt

standby 40 track g0/1

end

conf t

int vlan 50

standby 50 ip 192.168.5.1

standby 50 priority 100

standby 50 preempt

standby 50 track g0/1

end

conf t

int vlan 60

standby 60 ip 192.168.6.1

standby 60 priority 100

standby 60 preempt

standby 60 track g0/1

end

conf t

int vlan 70

standby 70 ip 192.168.7.1

standby 70 priority 100

standby 70 preempt

standby 70 track g0/1

end

conf t

int vlan 80

standby 80 ip 192.168.8.1

standby 80 priority 100

standby 80 preempt

standby 80 track g0/1

end

write

5)配置dhcp

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.3

ip dhcp pool vlan10

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 202.96.128.86

Exit

ip dhcp excluded-address 192.168.2.1

ip dhcp excluded-address 192.168.2.2

ip dhcp excluded-address 192.168.2.3

ip dhcp pool vlan20

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.3.1

ip dhcp excluded-address 192.168.3.2

ip dhcp excluded-address 192.168.3.3

ip dhcp pool vlan30

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.4.2

ip dhcp excluded-address 192.168.4.3

ip dhcp pool vlan40

network 192.168.4.0 255.255.255.0

default-router 192.168.4.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.5.1

ip dhcp excluded-address 192.168.5.2

ip dhcp excluded-address 192.168.5.3

ip dhcp pool vlan50

network 192.168.5.0 255.255.255.0

default-router 192.168.5.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.6.1

ip dhcp excluded-address 192.168.6.2

ip dhcp excluded-address 192.168.6.3

ip dhcp pool vlan60

network 192.168.6.0 255.255.255.0

default-router 192.168.6.1

dns-server 202.96.128.86

ip dhcp excluded-address 192.168.7.1

ip dhcp excluded-address 192.168.7.2

ip dhcp excluded-address 192.168.7.3

ip dhcp pool vlan70

network 192.168.7.0 255.255.255.0

default-router 192.168.7.1

dns-server 202.96.128.86

exit

ip dhcp excluded-address 192.168.8.1

ip dhcp excluded-address 192.168.8.2

ip dhcp excluded-address 192.168.8.3

ip dhcp pool vlan80

network 192.168.8.0 255.255.255.0

default-router 192.168.8.1

dns-server 202.96.128.86

end

6)配置ospf协议

Conf  t

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

network 22.1.1.2 0.0.0.0 area 0

network 2.2.2.2 0.0.0.0 area 0

network 192.168.1.3 0.0.0.0 area 0

network 192.168.2.3 0.0.0.0 area 0

network 192.168.3.3 0.0.0.0 area 0

network 192.168.4.3 0.0.0.0 area 0

network 192.168.5.3 0.0.0.0 area 0

network 192.168.6.3 0.0.0.0 area 0

network 192.168.7.3 0.0.0.0 area 0

network 192.168.8.3 0.0.0.0 area 0

Iou3

conf t

int rang f0/1-2

sw tr en d

sw mo tr

end

conf t

vtp dom ccie

vtp mod c

vtp pruning

end

conf t

int vlan 100

ip add 192.168.9.3 255.255.255.0

no shut

end

conf t

vtp pass [email protected]

vtp ver 2

end

write

Iou4

conf t

int rang f0/1-2

sw tr en d

sw mo tr

end

conf t

vtp dom ccie

vtp mod c

vtp pruning

end

conf t

int vlan 100

ip add 192.168.9.4 255.255.255.0

no shut

end

conf t

vtp pass [email protected]

vtp ver 2

end

write

Iou5

conf t

int rang f0/1-2

sw tr en d

sw mo tr

end

conf t

vtp dom ccie

vtp mod c

vtp pruning

end

conf t

int vlan 100

ip add 192.168.9.5 255.255.255.0

no shut

end

conf t

vtp pass [email protected]

vtp ver 2

end

write

Iou6

conf t

int rang f0/1-2

sw tr en d

sw mo tr

end

conf t

vtp dom ccie

vtp mod c

vtp pruning

end

conf t

int vlan 100

ip add 192.168.9.6 255.255.255.0

no shut

end

conf t

vtp pass [email protected]

vtp ver 2

end

write

7)出口配置动态路由协议让全网互通,配置nat让公司内部可以上网

RI

En

Conf t

interface Loopback0

ip address 1.1.1.1 255.255.255.255

No shut

interface FastEthernet0/1

ip address 21.1.1.1 255.255.255.0

duplex full

speed auto

No shut

interface FastEthernet0/0

ip address 22.1.1.1 255.255.255.0

duplex full

speed auto

No shut

interface Serial0/0/0

ip address 113.105.134.85 255.255.255.0

clock rate 64000

No shut

End

Conf t

router ospf 1

router-id 1.1.1.1

network 21.1.1.1 0.0.0.0 area 0

network 22.1.1.1 0.0.0.0 area 0

network 113.105.134.85 0.0.0.0 area 0

network 1.1.1.1 0.0.0.0 area 0

default-information originate

End

Conf t

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

配置nat

End

Conf t

En

Conf t

Int f0/0

Ip nat inside

Int f0/1

Ip nat inside

Int s0/0/0

Ip nat outside

Exit

Access-list 1 permit 192.168.1.0  0.0.0.255

Access-list 1 permit 192.168.2.0  0.0.0.255

Access-list 1 permit 192.168.3.0  0.0.0.255

Access-list 1 permit 192.168.4.0  0.0.0.255

Access-list 1 permit 192.168.5.0  0.0.0.255

Access-list 1 permit 192.168.6.0  0.0.0.255

Access-list 1 permit 192.168.7.0  0.0.0.255

Access-list 1 permit 192.168.8.0  0.0.0.255

Ip nat inside source list 1 int s0/0/0 overload

End

write

8)在出口路由器和分公司路由器上走ppp协议实现全网互通

R1配置

En

Conf t

Username r2 password cisco

Int s0/0/0

Encapsulation ppp

Ppp authentication chap

end

write

R2配置

En

Conf t

Username r1  password cisco

Int s0/0/0

Encapsulation ppp

Ppp authentication chap

End

Conf t

interface Loopback0

ip address 4.4.4.4 255.255.255.255

No shut

interface Serial0/0/0

Clock rate 64000

ip address 113.105.134.86 255.255.255.0

No shut

interface FastEthernet0/0

ip address 218.23.88.1 255.255.255.0

duplex auto

speed auto

No shut

Write

9)将公司内部接入层交换机端口加入到对应的vlan,把电脑连接上交换机,整个项目完成!

实例:将iou3当做人事办公室,配置如下

Iou3上

En

Conf t

Int rang f0/3-24

Sw mo acc

Sw acc vlan 10

End

Write

10)发布web服务器出去让外网用户能够访问到公司利用web服务器发布的消息

在出口路由器上配置

En

Conf t

Ip nat inside source static tcp 192.168.2.5 80 113.105.134.85 80

Access-list 1 permit 192.168.2.0  0.0.0.255

End

Write

验证结果如下:

11)配置acl8.0网段的用户只能访问公司ftp服务器,各vlan部分之间不能互访,但是网管1点段可以访问任意内外网方便管理,公司ftp是可以让任何人都访问到使用,web服务器除了8.0的用户其他用户都可以访问得到,公司除了8.0网段的用户,其他用户都可以访问web服务器和ftp服务器以及外网,只是不能访问到其他内部部门网段而已。

备注:真实环境和iou都是两边路由器配置一模一样,在pt中因为没有做hsrp,所以在

调用acl时候,sw1分别只调用int vlan30 -40   而在sw2上只调用50-80

access-list 100 deny ip 192.168.8.0 0.0.0.255 192.168.2.5 0.0.0.0

access-list 100 permit ip any any

Int vlan 80

ip access-group 100 in

sw1(config)#access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255

sw1(config)#access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255

sw1(config)#access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255

sw1(config)#access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.7.0 0.0.0.255

sw1(config)#access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.8.0 0.0.0.255

sw1(config)#access-list  101 permit ip any any

sw1(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255

sw1(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255

sw1(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255

sw1(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255

sw1(config)#access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.8.0 0.0.0.255

sw1(config)#access-list 102 permit ip any any

sw1(config)#access-list 103 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.5.0 0.0.0.255 192.168.8.0 0.0.0.255

sw1(config)#access-list  103 permit ip any any

sw1(config)#access-list 104 deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.6.0 0.0.0.255 192.168.8.0 0.0.0.255

sw1(config)#access-list  104 permit ip any any

sw1(config)#access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

sw1(config)#access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255

sw1(config)#access-list  103 permit ip any any

sw1(config)#access-list 104 deny ip 192.168.8.0 0.0.0.255 192.168.4.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.8.0 0.0.0.255 192.168.3.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255

sw1(config)#access-list 104 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255

sw1(config)#access-list  104 permit ip any any

Int vlan 20到80之间分别调用acl命令如下;因为这里需要vlan10和所有人通讯,服务器是管理员在管理,并且所有人都可以访问它,所以并没有写入acl,实际上也是这样,当然你可以精确到哪个ip地址,写法完全一样

ip access-group 101 in

ip access-group 102 in

ip access-group 103 in

ip access-group 104 in

-----------------------end---------------------------------此致为止公司内部网络就完全配置完毕,接下来等同学们学完网络安全后再配置vpn部分,谢谢大家的耐心听课  作者--------卢烈楚   电话:18096285540  qq:983765387

时间: 2024-07-29 09:01:50

ccnp大型企业综合案例分析的相关文章

分布式事物之综合案例分析

7.1系统介绍 7.1.1. P2P介绍 P2P 金融又叫P2P信贷.其中P2P是 peer-to-peer 或 person-to-person 的简写,意思是:个人对个人.P2P金融指个人与个人间的小额借贷交易,一般需要借助电子商务专业网络平台帮助借贷双方确立借贷关系并完成相关交易手续.借款者可自行发布借款信息,包括金额.利息.还款方式和时间,实现自助式借款;投资者根据借款人发布的信息,自行决定出借金额,实现自助式借贷.目前,国家对P2P行业的监控与规范性控制越来越严格,出台了很多政策来对其

综合案例分析(sort,cut,正则)

1.    找出ifconfig "网卡名" 命令结果中本机IPv4地址 分析: 解释:要取出ip地址,首先我们可以先取出ip所在的行,即取行:可以结合head和tail,后面会有 更好的方法去取行,取列当然会想到cut命令,但是此例中,我们要考虑分隔符(空格和冒号), 因此tr的引入,会使题目变得更加简单. 答: 在这里小编仅提供一种比较好的方法. 2.查出分区空间使用率的最大百分比值 分析: 解释;先附上一张df查看的结果,比较容易解释 首先我们可以用df查看分区,很明显我们需要的

Hive综合案例分析之开窗函数使用

知识点: 1.Hive的窗口和分析函数进阶 CUME_DIST 小于等于当前行值的行数 / 总行数 PERCENT_RANK 当前rank值-1 / 总行数-1 NTILE 将窗口分成n片 LEAD(col, n, default) 窗口内下n行值 LAG(col, n , default) 窗口内上n行值 FIRST_VALUE 窗口内第一个值 LAST_VALUE 窗口内最后一个值 2.分析函数中包含三个分析子句 分组(Partition By) 排序(Order By) 窗口(Window

Hive综合案例分析之用户上网行为分析

知识点:1.Hive复合数据类型:array collect_set collect_list array_contains sort_array 2.lateral view explode(array) lateral view out 需求: click_log : cookie_id     ad_id      time ad_list: ad_id     ad_url     catalog_list 统计: cookie_catalog: cookie_id     ad_cat

Hive综合案例分析之不正常订单状态统计

需求 订单有5个状态:创建.捡货.发送.送达.取消 统计:创建和捡货之间不能操作2小时,创建到发送时间不能操作4小时,创建到送达之间不能超过48小时. 知识点 1)external table 2)desc formatted的使用 3)virtual column 4)Alter FILEFORMAT 5)COALESCE.unix_timestamp的使用 6)PARQUET 实现 外部表 订单创建表: CREATE EXTERNAL TABLE order_created ( orderN

Hive综合案例分析之简易推荐系统

知识点: 1.Hive复合数据类型map与Lateral View的使用: map.str_to_map.map_keys.map_values,map与lateral view 2.通过translate进行简单数据保护: Hive转换函数进行数据保护,确保企业应用信息安全 3.Hive的窗口和分析函数入门: row_number.rank.dense_rank 创建订单表: CREATE EXTERNAL TABLE f_orders ( user_id STRING , ts STRING

2016年5月信息系统项目管理师临门一脚重点串讲(综合知识、案例分析、重点论文、计算题)

http://edu.51cto.com/course/course_id-5868.html 1.旨在帮助大家快速通过软考,少受备考的折磨与孤独. 2.28小时,不到2天的时间,快速学完100天的内容 3.着重梳理综合知识重点高频考点,快速提升大家综合知识得分能力 4.多角度剖析案例分析,提升大家案例分析应试能力. 5.从论文框架与模版.到重点论文的准备,尽在掌控. 为帮助大家提高复习效率,以最小的代价通过信息系统项目管理师,本套软考冲刺临门一脚,从以下方面进行课程优化与组合:1.信息化或计算

系统架构设计师2009-2018历年综合知识、案例分析、论文真题及答案详细解析

https://blog.csdn.net/xxlllq/article/details/85049295 ??系统架构设计师复习资料当您看了这篇文章有何疑问,可先看最后的评论,有可能您遇到的问题其他人已经提出我已回复. 2018/12/14查询成绩后知道自己通过了系统架构设计师的考试(每科满分75,及格45分),特地记录一下.最终的成绩如下: 我是在9月份决定报名参加系统架构设计师考试,主要是想借此机会督促自己学习些除工作外的知识.准备了2个月,复习时间为周末,复习方式为看教学视频和真题练习.

Android和Linux应用综合对比分析

公开发布的序言: 这篇文章是作于2012年7月12日,也就是自己刚从大学校园迈向工作岗位的时候遇到的第一个题目"请你针对我们公司目前的应用行业场景做一下调研:在终端做应用程序开发的平台是选择Linux好还是Android好"而写的. 在踏出校园之前,自己从来没有接触过安卓的开发领域(除了在2010年下半年买了一部分安卓的智能手机外).接到这个题目后,自己也没有退缩,硬着头皮接下来了,然后凭借自己在学校时候学的一点检索信息写学术论文的小功底,三天之内写下了这篇长达1万4千多字的调研报告,