Giáo trình Advanced Certificate in Information Technology - Sanlein part 47 ppsx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (61.55 KB, 12 trang )
spanning-tree mode pvst
spanning-tree extend system-id
vlan access-map Vnpr1 10
action forward
vlan access-map VnproMap1 10
action forward
match ip address VnproAllow1
vlan access-map VnproMap1 20
action drop
match ip address VnproBlock1
vlan access-map VnproMap1 30
action forward
match ip address VnproDefault1
vlan access-map VnproMap2 10
action forward
match ip address VnproAllow2
vlan access-map VnproMap2 20
action drop
match ip address VnproBlock2
vlan access-map VnproMap2 30
action forward
match ip address VnproDefault2
vlan filter VnproMap1 vlan-list 10
vlan filter VnproMap2 vlan-list 20
interface FastEthernet0/1
no switchport
ip address 10.200.0.1 255.255.255.0
interface FastEthernet0/2
no ip address
interface FastEthernet0/3
no ip address
interface FastEthernet0/4
no ip address
interface FastEthernet0/5
switchport access vlan 10
no ip address
interface FastEthernet0/6
switchport access vlan 10
no ip address
interface FastEthernet0/7
switchport access vlan 10
no ip address
interface FastEthernet0/8
switchport access vlan 10
no ip address
interface FastEthernet0/9
switchport access vlan 20
no ip address
interface FastEthernet0/10
switchport access vlan 20
no ip address
interface FastEthernet0/11
switchport access vlan 20
no ip address
interface FastEthernet0/12
switchport access vlan 20
no ip address
interface GigabitEthernet0/1
no ip address
interface GigabitEthernet0/2
no ip address
interface Vlan1
ip address 192.168.1.1 255.255.255.0
interface Vlan10
ip address 192.168.10.1 255.255.255.0
interface Vlan20
ip address 192.168.20.1 255.255.255.0
router rip
network 10.0.0.0
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
ip classless
ip http server
ip access-list extended VnproAllow1
permit tcp host 192.168.10.3 host 192.168.10.254 eq telnet
ip access-list extended VnproAllow2
permit tcp host 192.168.20.3 host 10.200.0.2 eq telnet
ip access-list extended VnproBlock1
permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnet
ip access-list extended VnproBlock2
permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnet
ip access-list extended VnproDefault1
permit tcp any any
ip access-list extended VnproDefault2
permit tcp any any
permit ip any any
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
end
Vnpro#show vlan
VLAN Name Status Ports
1 default active Fa0/2, Fa0/3, Fa0/4, Gi0/1
Gi0/2
10 Admin active Fa0/5, Fa0/6, Fa0/7, Fa0/8
20 User active Fa0/9, Fa0/10, Fa0/11, Fa0/12
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
Primary Secondary Type Ports
Vnpro#show vlan access-map
Vlan access-map "VnproMap1" 10
Match clauses:
ip address: VnproAllow1
Action:
forward
Vlan access-map "VnproMap1" 20
Match clauses:
ip address: VnproBlock1
Action:
drop
Vlan access-map "VnproMap1" 30
Match clauses:
ip address: VnproDefault1
Action:
forward
Vlan access-map "VnproMap2" 10
Match clauses:
ip address: VnproAllow2
Action:
forward
Vlan access-map "VnproMap2" 20
Match clauses:
ip address: VnproBlock2
Action:
drop
Vlan access-map "VnproMap2" 30
Match clauses:
ip address: VnproDefault2
Action:
forward
Vnpro#show ip access-list
Extended IP access list VnproAllow1
permit tcp host 192.168.10.3 host 192.168.10.254 eq telnet
Extended IP access list VnproAllow2
permit tcp host 192.168.20.3 host 10.200.0.2 eq telnet
Extended IP access list VnproBlock1
permit tcp 192.168.10.0 0.0.0.15 host 192.168.10.254 eq telnet
Extended IP access list VnproBlock2
permit tcp 192.168.20.0 0.0.0.15 host 10.200.0.2 eq telnet
Extended IP access list VnproDefault1
permit tcp any any
Extended IP access list VnproDefault2
permit tcp any any
permit ip any any
Vnpro#show vlan filter
VLAN Map VnproMap1 is filtering VLANs:
10
VLAN Map VnproMap2 is filtering VLANs:
20
Vnpro#show ip route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Vlan10
R 172.168.0.0/16 [120/1] via 10.200.0.2, 00:00:21, FastEthernet0/1
C 192.168.20.0/24 is directly connected, Vlan20
10.0.0.0/24 is subnetted, 1 subnets
C 10.200.0.0 is directly connected, FastEthernet0/1
Vnpro#ping 10.200.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Vnpro#ping 172.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.168.0.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Vnpro#
Cấu hình tham khảo của Remote Router
Remote#show running-config
Building configuration
Current configuration : 690 bytes
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Remote
enable secret 5 $1$wDfm$5zcN0Px2wrN0be6jV74m60
enable password cisco
memory-size iomem 10
ip subnet-zero
call rsvp-sync
interface Loopback0
ip address 172.168.0.1 255.255.255.0
interface Ethernet0/0
ip address 10.200.0.2 255.255.255.0
half-duplex
interface Serial0/0
no ip address
shutdown
no fair-queue
router rip
network 10.0.0.0
network 172.168.0.0
ip classless
ip http server
ip pim bidir-enable
dial-peer cor custom
line con 0
line aux 0
line vty 0 4
password cisco
login
no scheduler allocate
end
Remote#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.10.0/24 [120/1] via 10.200.0.1, 00:00:25, Ethernet0/0
172.168.0.0/24 is subnetted, 1 subnets
C 172.168.0.0 is directly connected, Loopback0
R 192.168.20.0/24 [120/1] via 10.200.0.1, 00:00:25, Ethernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.200.0.0 is directly connected, Ethernet0/0
Remote#ping 192.168.20.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.4, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Remote#telnet 192.168.20.4
Trying 192.168.20.4
% Connection refused by remote host
Remote#
