Thứ Hai, 25 tháng 8, 2014

S4 Openlab version5

ACCESS1
int range fa 0/21-22

channel-protocol lacp
channel-group 1 mode active
exit
int range fa 0/23-24
channel-protocol pagp
channel-group 3 mode desirable
exit
int port-channel 1
swi mode trunk
exit
int port-channel 3
swi mode trunk
exit
vlan 11
name INS
exit
vlan 12
name Student
exit
vlan 13
name Staff
exit
vlan 15
name SERVER_FARM
exit
vlan 99
name Management
exit
int range fa 0/1, fa 0/11
swi mode access
swi access vlan 11
exit
ACCESS2
int range fa 0/21-22
channel-protocol pagp
channel-group 2 mode desirable
exit
int range fa 0/23-24
channel-protocol pagp
channel-group 3 mode desirable
exit
int port-channel 2
swi mode trunk
exit
int port-channel 3
swi mode trunk
exit
vlan 11
name INS
exit
vlan 12
name Student
exit
vlan 13
name Staff
exit
vlan 15
name SERVER_FARM
exit
vlan 99
name Management
exit
int range fa 0/1, fa 0/11
swi mode access
swi access vlan 12
exit

CORE1
int range fa 0/1-2
channel-protocol lacp
channel-group 1 mode active
exit
int range fa 0/3-4
channel-protocol pagp
channel-group 2 mode desirable
exit
int port-channel 1
swi mode trunk
exit
int port-channel 2
swi mode trunk
exit
vlan 11
name INS
exit
vlan 12
name Student
exit
vlan 13
name Staff
exit
vlan 15
name SERVER_FARM
exit
vlan 99
name Management
exit
int fa 0/5
swi mode access
swi access vlan 15
exit
ip routing
int vlan 11
no shut
ip add 10.0.11.1 255.255.255.0
exit
int vlan 12
no shut
ip add 10.0.12.1 255.255.255.0
exit
int vlan 13
no shut
ip add 10.0.13.1 255.255.255.0
exit
int vlan 15
no shut
ip add 10.0.15.1 255.255.255.0
exit
int vlan 99
no shut
ip add 10.0.99.1 255.255.255.0
exit
ip dhcp pool INS
network 10.0.11.0 255.255.255.0
default-router 10.0.11.1
dns-server 10.0.15.8
exit
ip dhcp excluded-address 10.0.11.1 10.0.11.9
ip dhcp excluded-address 10.0.11.210 10.0.11.255
ip dhcp pool Student
network 10.0.12.0 255.255.255.0
default-router 10.0.12.1
dns-server 10.0.15.8
exit
ip dhcp excluded-address 10.0.12.1 10.0.12.9
ip dhcp excluded-address 10.0.12.210 10.0.12.255
router eigrp 100
network 10.0.11.0 0.0.0.255
network 10.0.12.0 0.0.0.255
network 10.0.13.0 0.0.0.255
network 10.0.15.0 0.0.0.255
network 10.0.99.0 0.0.0.255
network 10.0.16.0 0.0.0.255
network 10.0.17.0 0.0.0.255
exit
int g0/1
no switchport
ip add 10.0.17.1 255.255.255.0
exit
int g0/2
no switchport
ip add 10.0.16.1 255.255.255.0
exit
spanning-tree vlan 11-13,15,99 root primary
line vty 0 4
 ipv6 access-class TELNET-ACL in
exit
logging trap debugging
logging 10.0.15.10

CORE2
int g0/2
no shut
exit
int g0/2.22
encap dot1q 22
ip add 10.1.22.2 255.255.255.0
exit
int g0/2.33
encap dot1q 33
ip add 10.1.33.2 255.255.255.0
exit
int g0/2.44
encap dot1q 44
ip add 10.1.44.2 255.255.255.0
exit
int g0/2.99
encap dot1q 99
ip add 10.1.99.2 255.255.255.0
exit
int g0/2.22
ip helper-address 10.1.44.10
exit
int g0/2.33
ip helper-address 10.1.44.10
exit
router eigrp 100
network 10.1.22.0 0.0.0.255
network 10.1.33.0 0.0.0.255
network 10.1.44.0 0.0.0.255
network 10.1.99.0 0.0.0.255
network 10.1.0.0 0.0.0.3
network 10.1.1.0 0.0.0.3
exit
int s0/0/1
no shut
ip add 10.1.0.2 255.255.255.252
exit
int s0/0/0
encapsulation frame-relay
no shut
ip add 10.1.1.2 255.255.255.252
exit
line vty 0 4
 ipv6 access-class TELNET-ACL in
exit
logging trap debugging
logging 10.0.15.10

GATE1
router eigrp 100
network 10.2.2.0 0.0.0.255
network 10.0.17.0 0.0.0.255
redistribute static
exit
ip route 0.0.0.0 0.0.0.0 s0/0/0
int g0/0
no shut
ip add 10.0.17.2 255.255.255.0
exit
int g0/1
no shut
ip add 10.2.2.2 255.255.255.0
exit
int s0/0/0
no shut
encapsulation ppp
ip add 200.0.0.1 255.255.255.248
exit
username ISP pass bkacad
ip nat inside source static 10.2.2.3 200.0.0.3
ip nat inside source static 10.2.2.4 200.0.0.4
ip access-list standard NATOVERLOAD-ACL
permit 10.0.0.0 0.0.255.255
exit
ip nat inside source list NATOVERLOAD-ACL int s0/0/0 overload
int g0/0
ip nat inside
exit
int g0/1
ip nat inside
exit
int s0/0/0
ip nat outside
exit
int tunnel 0
ip add 10.3.3.1 255.255.255.252
tunnel source s0/0/0
tunnel des 200.0.0.33
tunnel mode gre ip
exit
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authen pre-share
exit
crypto isakmp key cisco@123 address 200.0.0.33
crypto ipsec transform-set SITE1SITE2-VPN esp-aes esp-sha-hmac
access-list 100 permit gre host 200.0.0.1 host 200.0.0.33
crypto map VPNSITETOSITE 10 ipsec-isakmp
set peer 200.0.0.33
set transform-set SITE1SITE2-VPN
match address 100
exit
int s0/0/0
crypto map VPNSITETOSITE
exit
ip access-list extended SERVICE-ALLOW
 permit tcp any host 10.2.2.3 eq smtp
 permit tcp any host 10.2.2.3 eq pop3
 permit tcp any host 10.2.2.4 eq www
exit
interface GigabitEthernet0/1
 ip access-group SERVICE-ALLOW out
exit
ip access-list standard TELNET-ACL
 permit 10.0.11.0 0.0.0.255
exit
line vty 0 4
 ipv6 access-class TELNET-ACL in
exit
logging trap debugging
logging 10.0.15.10

GATE2
router eigrp 100
network 10.1.0.0 0.0.0.3
redistribute static
exit
ip route 0.0.0.0 0.0.0.0 s0/3/0
int s0/0/0
no shut
ip add 10.1.0.1 255.255.255.252
exit
int s0/3/0
no shut
encapsulation ppp
ip add 200.0.0.33 255.255.255.252
ppp pap sent-username Site2 pass bkacad
exit
ip access-list standard NATOVERLOAD-ACL
permit 10.1.0.0 0.0.255.255
exit
ip nat inside source list NATOVERLOAD-ACL int s0/3/0 overload
int s0/0/0
ip nat inside
exit
int s0/3/0
ip nat outside
exit
int tunnel 0
ip add 10.3.3.2 255.255.255.252
tunnel source s0/3/0
tunnel des 200.0.0.1
tunnel mode gre ip
exit
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authen pre-share
exit
crypto isakmp key cisco@123 address 200.0.0.1
crypto ipsec transform-set SITE1SITE2-VPN esp-aes esp-sha-hmac
access-list 100 permit gre host 200.0.0.33 host 200.0.0.1
crypto map VPNSITETOSITE 10 ipsec-isakmp
set peer 200.0.0.1
set transform-set SITE1SITE2-VPN
match address 100
exit
int s0/3/0
crypto map VPNSITETOSITE
exit
line vty 0 4
 ipv6 access-class TELNET-ACL in
exit
logging trap debugging
logging 10.0.15.10

SW1
int range fa 0/1-2
channel-protocol lacp
channel-group 1 mode active
exit
int port-channel 1
swi mode trunk
exit
int g 1/1
swi mode trunk
exit
vlan 22
name Staff
exit
vlan 33
name Marketing
exit
vlan 44
name DHCP
exit
vlan 99
name Management
exit
int fa 0/3
swi mode access
swi access vlan 22
exit
spanning-tree vlan 22,33,44,99 root primary

SW2
int range fa 0/1-2
channel-protocol lacp
channel-group 1 mode active
exit
int port-channel 1
swi mode trunk
exit
vlan 22
name Staff
exit
vlan 33
name Marketing
exit
vlan 44
name DHCP
exit
vlan 99
name Management
exit
int fa 0/3
swi mode access
swi access vlan 33
exit
int fa 0/4
swi mode access
swi access vlan 44
exit

WAN1
router eigrp 100
network 10.0.16.0 0.0.0.255
network 10.1.1.0 0.0.0.3
exit
int g0/0
no shut
ip add 10.0.16.2 255.255.255.0
exit
int s0/0/0
encapsulation frame-relay
no shut
ip add 10.1.1.1 255.255.255.252
exit
line vty 0 4
 ipv6 access-class TELNET-ACL in
exit
logging trap debugging
logging 10.0.15.10



Không có nhận xét nào:

Đăng nhận xét