网络管理期末测评(实例)

涉及的技术有:

vpn,web,nat,hsrb,dns,策略路由,qos,acl,802.1x,acs服务器

拓扑图如下:

拓扑图:

R1的配置如下:

Building configuration...

Current configuration : 2376 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

aaa new-model(红色是vpn的配置)

!

!

aaa authentication login vpn-en local

aaa authorization network vpn-or local

!

aaa session-id common

ip cef

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username root password 0 123456

!

!

!

!

!

crypto isakmp policy 20

encr
3des

authentication
pre-share

group 2

!

crypto isakmp client configuration group myvpn

key
123cisco

pool
vpn-pool

acl 101

!

!

crypto ipsec transform-set vpn-client esp-3des
esp-sha-hmac

!

crypto dynamic-map dymap 20

set
transform-set vpn-client

reverse-route

!

!

crypto map test client authentication list vpn-en

crypto map test isakmp authorization list vpn-or

crypto map test client configuration address respond

crypto map test 20 ipsec-isakmp dynamic dymap

!

!

!

!

interface FastEthernet0/0

ip address 192.168.54.251 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

standby use-bia

standby
1 ip 192.168.54.253

standby
1 priority 105

standby
1 preempt

standby
1 track FastEthernet0/0

standby
1 track FastEthernet0/1

standby
2 ip 192.168.54.254

standby 2 preempt

!

interface FastEthernet0/1

ip address 210.41.166.121 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map test

!

interface Serial0/3/0

no ip address

shutdown

no fair-queue

clock rate 125000

!

interface Serial0/3/1

no ip address

shutdown

clock rate 125000

!

router ospf 1

log-adjacency-changes

network
192.168.1.0 0.0.0.255 area 0

network
192.168.10.0 0.0.0.255 area 0

network
192.168.20.0 0.0.0.255 area 0

network
192.168.54.0 0.0.0.255 area 0

network
192.168.110.0 0.0.0.255 area 0

network
210.41.166.0 0.0.0.255 area 0

default-information originate always

!

ip local pool vpn-pool 192.168.110.1 192.168.110.254

ip route 0.0.0.0 0.0.0.0 210.41.166.1

!

!

ip http server

no ip http secure-server

ip nat inside source list 100 interface FastEthernet0/1
overload

!

access-list 1 permit any

access-list 100 deny   ip 192.168.54.0 0.0.0.255
192.168.110.0 0.0.0.255

access-list 100 permit ip any any

access-list 101 permit ip 192.168.54.0 0.0.0.255
192.168.110.0 0.0.0.255

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 20000 1000

end

R2的配置如下:

show runn

R2#show running-config

Building configuration...

Current configuration : 2722 bytes

!

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa authentication login vpn-en local

aaa authorization network vpn-or local

!

aaa session-id common

ip cef

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username root password 0 123456

!

!

!

!

class-map match-all pc2

match access-group 121

class-map match-all pc1

match access-group 120

!

!

policy-map llq

class pc1

priority percent 20

class pc2

priority percent 60

class class-default

fair-queue

!

!

!

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group myvpn

key 123cisco

pool vpn-pool

acl 101

!

!

crypto ipsec transform-set vpn-client esp-3des esp-sha-hmac

!

crypto dynamic-map dymap 20

set transform-set vpn-client

reverse-route

!

!

crypto map test client authentication list vpn-en

crypto map test isakmp authorization list vpn-or

crypto map test client configuration address respond

crypto map test 20 ipsec-isakmp dynamic dymap

!

!

!

!

interface FastEthernet0/0

ip address 192.168.54.252 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

standby use-bia

standby 1 ip 192.168.54.253 //分组的hsrb协议

standby 1 preempt

standby 2 ip 192.168.54.254

standby 2 priority 105

standby 2 preempt

standby 2 track FastEthernet0/0

standby 2 track FastEthernet0/1

!

interface FastEthernet0/1

ip address 210.41.166.122 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map test

!

interface Serial0/3/0

no ip address

shutdown

no fair-queue

clock rate 125000

!

interface Serial0/3/1

no ip address

shutdown

clock rate 125000

!

router ospf 1

log-adjacency-changes

network 192.168.1.0 0.0.0.255
area 0

network 192.168.10.0 0.0.0.255
area 0

network 192.168.20.0 0.0.0.255
area 0

network 192.168.54.0 0.0.0.255
area 0

network 192.168.110.0 0.0.0.255
area 0

network 210.41.166.0 0.0.0.255
area 0

default-information originate always

!

ip local pool vpn-pool 192.168.110.1 192.168.110.254

ip route 0.0.0.0 0.0.0.0 210.41.166.1

!

ip http server

no ip http secure-server

ip nat inside source list 100 interface FastEthernet0/1 overload //nat地址转换配置

!

access-list 1 permit any

access-list 100 deny   ip 192.168.54.0 0.0.0.255
192.168.110.0 0.0.0.255

access-list 100 permit ip any any

access-list 101 permit ip 192.168.54.0 0.0.0.255
192.168.110.0 0.0.0.255

access-list 120 permit tcp any host 192.168.20.1 eq ftp

access-list 121 permit tcp any host 192.168.20.1 eq www

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 20000 1000

end

S的配置如下:

show runn

S#show running-config

Building configuration...

Current configuration : 3655 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname S

!

!

aaa new-model(此颜色是802.1x的配置)

aaa authentication dot1x default group radius

aaa authorization network default group radius

!

aaa session-id common

ip subnet-zero

ip routing

!

!

!

!

!

dot1x system-auth-control

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport mode dynamic desirable

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport
access vlan 10

switchport
mode access

dot1x
port-control auto //此借口打开802.1x检测

spanning-tree portfast

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport
mode dynamic desirable

interface FastEthernet0/20

switchport
access vlan 20

switchport
mode access

dot1x
port-control auto //此借口打开802.1x检测

spanning-tree portfast

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

no switchport

ip address 192.168.54.250 255.255.255.0

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 192.168.1.254 255.255.255.0

!

interface Vlan10

ip address 192.168.10.254 255.255.255.0

ip policy route-map out-traffic1 //应用策略路由(此处是策略路由)

ip access-group 110 in //配置ACL

!

interface Vlan20

ip address 192.168.20.254 255.255.255.0

ip
policy route-map out-traffic2 //应用策略路由

!

router ospf 1 //ospf路由协议

log-adjacency-changes

network 192.168.1.0 0.0.0.255 area
0

network 192.168.10.0 0.0.0.255
area 0

network 192.168.20.0 0.0.0.255
area 0

network 192.168.54.0 0.0.0.255
area 0

default-information originate always

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/24 //以送出借口配置默认路由

ip http server

ip http secure-server

!

!

access-list 100 permit ip 192.168.10.0 0.0.0.255
any

access-list 101 permit ip 192.168.20.0 0.0.0.255
any

access-list 110 permit tcp 192.168.10.0 0.0.0.255
host 210.41.160.7 eq www(ACL的配置)

access-list 110 permit tcp 192.168.10.0 0.0.0.255
host 192.168.1.1 eq www

access-list 110 permit icmp 192.168.10.0 0.0.0.255
host 210.41.160.7 echo

access-list 110 permit icmp 192.168.10.0 0.0.0.255
host 210.41.160.7 echo-reply

route-map out-traffic2 permit 20

match
ip address 101

set ip next-hop 192.168.54.254

!

route-map out-traffic1 permit 10

match
ip address 100

set ip next-hop 192.168.54.253

!

radius-server host 192.168.1.1 auth-port 1645
acct-port 1646 key cisco

radius-server source-ports 1645-1646

radius-server vsa send accounting

radius-server vsa send authentication

control-plane

!

!

line con 0

line vty 5 15

!

!

end

时间: 2024-09-30 04:44:43

网络管理期末测评(实例)的相关文章

五十二.用户配额管理 云主机类型管理 、 镜像管理 网络管理 案例和实例管理 、 安装额外计算节点

1.用户和配额管理 创建myproject项目 通过Horizon创建user1用户 通过CLI创建user2用户,练习相关用户管理命令 通过Horizon和CLI对myproject进行配额调整 通过命令创建myproject项目 stack ~]# source ~/keystonerc_admin  //初始化环境变量 admin)]# openstack project create myproject 通过命令创建user2用户 admin)]# openstack user crea

2016-05-08Android之广播+服务上

##1. 广播接收者概念 BroadCastReceiver,是Android四大组件之一.必须注册. 1. 注册方式:1)静态注册2)动态注册 ##2. IP拨号器 有序广播 activity_main.xml <EditText android:id="@+id/et_ipnum" android:layout_width="wrap_content" android:layout_height="wrap_content" andro

被一个小小的冒号戏弄了一个上午

作者:田逸([email protected]) 有一个用阿里云的哥们来电,告知把云主机绑上弹性公网ip,访问其上的网站,正常:但把弹性公网ip解绑,用前端的haproxy转发,就报503错误.怎么实验都不行,于是我只好亲自上阵. 说明:阿里云vpc实例给的是私有ip,可以根据需要随时绑定公网ip.在本例中,调度器为haproxy,通过阿里云管理后台绑定了公网ip,同样,网络管理入口的实例也绑定了弹性公网ip. 我考虑的第一步,是先保证转发器后端的服务是正常的.后端服务为nginx + php,

江西理工大学计算机管理技术期末复习(wangzhendong)网络管理与维护

注:子网划分一定要会. 1.如何进行网络配置管理 答:网络配置是指网络中各设备的功能.设备之间的连接关系和工作参数等.配置管理就是用来支持网络服务的连续性而对管理对象进行的定义.初始化.控制.鉴别和检测,以适应系统要求. 配置管理提供的主要功能有如下几个方面:  (1)将资源与其资源名称对应起来: (2)收集和传播系统现有资源的状况及其现行状态: (3)对系统日常操作的参数进行设置和控制: (3)修改系统属性: (4)更改系统配置初始化或关闭某些资源: (5)掌握系统配置的重大变化

Linux网络管理常用命令以及应有实例

1.hostname 命令(显示和更改系统的主机名)命令格式为: #hostname 主机名 (设置主机名) #hostname (显示主机名) 2.iofconfig命令  (获取和修改网络接口配置信息) #ifconfig (显示当前系统中活动的网卡信息) 选项和说明 -a      显示所有接口信息,包括活动的和非活动的 -v      以冗余模式显示详细信息 -s      以短列表格式显示接口信息,每个接口只显示一行摘要数据 up     激活一个不活动的接口 down 与up相反,关

数据库期末考试复习题 第一章

作者 : Dolphin 原文地址:http://blog.csdn.net/qingdujun/article/details/27820507 一.单项选择题: 1. 位于用户和操作系统之间的一层数据管理软件是  C    . A.DBS  B.DB  C.DBMS  D.MIS 2. 数据库系统中的数据模型通常由    A     三部分组成. A.数据结构.数据操作和完整性约束 B.数据定义.数据操作和安全性约束 C.数据结构.数据管理和数据保护 D.数据定义.数据管理和运行控制 3. 

linux常用命令加实例大全

目  录引言    1一.安装和登录    2(一)    login    2(二)    shutdown    2(三)    halt    3(四)    reboot    3(五)    install    4(六)    mount    4(七)    umount    6(八)    chsh    6(九)    exit    7(十)    last    7(十一)    动手练习    7二.文件处理    9(一)    file    9(二)    mkd

Python伪开发者对于搜狐云景的测评

Python伪开发者对于搜狐云景的测评 本人是GAE和OpenShift的狂热爱好者,玩过各种国外PaaS.某次想搞个稍微复杂点的Python Web程序,需要比较好的网络传输速度,就试图找前PM(Project Manager)要个国内的VPS耍一把.前PM表示近来搞了个搜狐云景的公测激活码,让我先试试,于是就有了我在SCE的第一个奇怪的Python应用. PS: SCE是搜狐云景是搜狐公司自主研发的与语言无关.可提供弹性伸缩服务的公有云PaaS平台,现致力发展成为最开放的PaaS平台. (无

sqlserver的触发器练习实例

触发器的概念:它是由事件驱动的,就像java中的监听,当某个事件发生了,就会做一些工作. 下面直接上干货,创建insert触发器.delete触发器.DDL触发器和如何查看触发器定义 1.创建三个表学生表.班级表.课程表 create database student_score GO --在数据库中创建三个表学生表.班级表.课程表的结构 use student_score GO create table student ( stu_id char(8) primary key, stu_nam