今天仅仅将配置奉上，明天将做讲解～～～

其实都是比较基础的配置，不过使用价值非常高～～～

其中有些是他们以前配的，我没有删掉，因为对网络没有影响~~~

 

 

!
!
no ip domain lookup
ip host server 2065 1.1.1.1
ip dhcp excluded-address 192.168.0.1 192.168.0.40
ip dhcp excluded-address 192.168.0.100 192.168.0.160
ip dhcp excluded-address 192.168.2.1 192.168.2.40
ip dhcp excluded-address 192.168.3.1 192.168.3.40
ip dhcp excluded-address 192.168.4.1 192.168.4.40
ip dhcp excluded-address 192.168.5.1 192.168.5.40
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.0.220 192.168.0.254
ip dhcp excluded-address 192.168.7.1 192.168.7.10
!
ip dhcp pool classroom1
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip dhcp pool classroom2
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
 
!
ip dhcp pool classroom3
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip dhcp pool classroom4
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip dhcp pool classroom5
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip dhcp pool classroom6
   network 192.168.6.0 255.255.255.0
   default-router 192.168.6.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip dhcp pool servers
   network 192.168.0.0 255.255.255.0
   dns-server 202.106.196.115 202.106.196.152
   default-router 192.168.0.1
   lease 2
!
ip dhcp pool classroom7
   network 192.168.7.0 255.255.255.0
   default-router 192.168.7.1
   dns-server 202.106.196.115 202.106.196.152
   lease 2
!
ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
ip vrf vpn2
 rd 100:2
 route-target export 100:2
 route-target import 100:2
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface Loopback0
 ip address 160.1.13.13 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface FastEthernet0/0.800
 encapsulation dot1Q 800
 ip address 218.247.142.201 255.255.255.224 secondary
 ip address 218.247.142.194 255.255.255.224
 ip nat outside
 no cdp enable
!
interface FastEthernet0/0.900
 encapsulation dot1Q 900
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.901
 encapsulation dot1Q 901
 ip address 192.168.1.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.902
 encapsulation dot1Q 902
 ip address 192.168.2.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.903
 encapsulation dot1Q 903
 ip address 192.168.3.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.904
 encapsulation dot1Q 904
 ip address 192.168.4.1 255.255.255.0
 ip access-group officecontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.905
 encapsulation dot1Q 905
 ip address 192.168.5.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.906
 encapsulation dot1Q 906
 ip address 192.168.6.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/0.907
 encapsulation dot1Q 907
 ip address 192.168.7.1 255.255.255.0
 ip access-group outcontrol in
 ip nat inside
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
ip local pool rempool 10.0.0.1 10.0.0.20
ip nat translation timeout 300
ip nat translation tcp-timeout 300
ip nat pool natpool 218.247.142.218 218.247.142.220 netmask 255.255.255.224
ip nat inside source list 1 pool natpool overload
ip nat inside source static tcp 192.168.0.2 23 218.247.142.194 8802 extendable
ip nat inside source static tcp 192.168.0.26 23 218.247.142.194 8826 extendable
ip nat inside source static tcp 192.168.0.25 23 218.247.142.194 8825 extendable
ip nat inside source static tcp 192.168.0.24 23 218.247.142.194 8824 extendable
ip nat inside source static tcp 192.168.0.23 23 218.247.142.194 8823 extendable
ip nat inside source static tcp 192.168.0.21 23 218.247.142.194 8821 extendable
ip nat inside source static tcp 192.168.0.22 23 218.247.142.194 8822 extendable
ip nat inside source static tcp 192.168.0.22 20 218.247.142.194 20 extendable
ip nat inside source static tcp 192.168.0.28 23 218.247.142.194 8828 extendable
ip nat inside source static tcp 192.168.0.29 23 218.247.142.194 8829 extendable
ip nat inside source static tcp 192.168.0.47 23 218.247.142.194 4723 extendable
ip nat inside source static tcp 192.168.0.47 21 218.247.142.194 4721 extendable
ip nat inside source static tcp 192.168.0.47 20 218.247.142.194 4720 extendable
ip nat inside source static tcp 192.168.0.47 25 218.247.142.194 4725 extendable
ip nat inside source static tcp 192.168.0.47 110 218.247.142.194 47110 extendabl
e
ip nat inside source static tcp 192.168.0.200 8080 218.247.142.194 8080 extendab
le
ip nat inside source static tcp 192.168.0.240 23 218.247.142.194 8240 extendable
ip nat inside source static tcp 192.168.0.240 22 218.247.142.194 22 extendable
ip nat inside source static tcp 192.168.0.240 115 218.247.142.194 115 extendable
ip nat inside source static tcp 192.168.0.21 23 218.247.142.194 8826 extendable
ip nat inside source static tcp 192.168.0.240 8080 218.247.142.194 8080 extendab
le
ip nat inside source static tcp 192.168.0.100 23 218.247.142.194 626 extendable
ip nat inside source static tcp 192.168.0.100 23 218.247.142.195 626 extendable
ip nat inside source static tcp 192.168.0.100 23 218.247.142.201 626 extendable
ip nat inside source static tcp 192.168.0.31 23 218.247.142.201 8831 extendable
ip nat inside source static tcp 192.168.0.32 23 218.247.142.201 8832 extendable
ip nat inside source static tcp 192.168.0.33 23 218.247.142.201 8833 extendable
ip nat inside source static tcp 192.168.0.34 23 218.247.142.201 8834 extendable
ip nat inside source static tcp 192.168.0.35 23 218.247.142.201 8835 extendable
ip nat inside source static tcp 192.168.0.84 23 218.247.142.201 8335 extendable
ip nat inside source static tcp 192.168.0.31 23 218.247.142.194 8831 extendable
ip nat inside source static tcp 192.168.0.36 23 218.247.142.201 8836 extendable
ip nat inside source static tcp 192.168.0.36 23 218.247.142.194 8836 extendable
ip nat inside source static tcp 192.168.0.82 21 218.247.142.201 21 extendable
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 218.247.142.193
!
!
!
ip access-list extended denyicmp
 deny   icmp any any
 deny   tcp any any eq 135
 permit ip any any
ip access-list extended firewall
 permit tcp any any eq www
 permit tcp any eq www any
 permit icmp any any
 permit tcp any any eq telnet
 permit tcp any eq telnet any
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any eq ftp any
 permit tcp any eq ftp-data any
 permit tcp any any eq domain
 permit udp any any eq domain
 permit tcp any eq domain any
 permit udp any eq domain any
 permit tcp any any eq smtp
 permit tcp any eq smtp any
 permit tcp any any eq pop3
 permit tcp any eq pop3 any
 permit tcp any any eq 2121
permit tcp any any eq 8821
permit tcp any any eq 8822
permit tcp any any eq 8823
permit tcp any any eq 8824
permit tcp any any eq 8825
permit tcp any any eq 8826
permit tcp any any eq 1581
permit tcp any any eq 8080
permit ip host 202.109.106.130 any
permit ip host 218.17.246.163 any
permit ip host 203.93.63.237 any
permit ip host 203.93.63.238 any
permit tcp any eq 5000 any
permit tcp any eq 5001 any
permit tcp any eq 5100 any
permit tcp any eq 5101 any
permit ip host 218.2.247.68 any
permit tcp any eq 7001 any
permit udp any eq 7001 any
permit udp any eq 1863 any
permit tcp any eq 443 any
permit tcp any any eq 5080
permit udp any any eq isakmp
permit tcp any any eq 500
ip access-list extended officecontrol
 deny   tcp any any eq 1025
 deny   tcp any any eq 135
 deny   tcp any any eq 445
 deny   tcp any any eq 5554 log-input
 deny   tcp any any eq 9996 log-input
 deny   tcp any any eq 136
 deny   tcp any any eq 137
 deny   tcp any any eq 138
 deny   tcp any any eq 139
 permit ip any any
 permit icmp any any
 deny   udp any any eq 1434
 deny   ip host 192.168.0.45 any
ip access-list extended outcontrol
 deny   udp any any eq 4000
 deny   tcp any any eq 4000
 deny   udp any any eq 11023
 deny   tcp any any eq 8000
 deny   tcp any any eq 1025
 deny   tcp any any eq 135
 deny   tcp any any eq 445
 deny   tcp any any eq 5554 log-input
 deny   tcp any any eq 9996 log-input
 deny   tcp any any eq 136
 deny   tcp any any eq 137
 deny   tcp any any eq 138
 deny   tcp any any eq 139
 permit tcp any any eq telnet
 permit tcp any eq telnet any
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any eq ftp any
 permit tcp any eq ftp-data any
 permit tcp any any eq domain
 permit udp any any eq domain
 permit ip host 192.168.2.41 any
 permit ip host 192.168.2.77 any
 permit ip any 192.168.0.0 0.0.255.255
 permit udp any any eq bootpc
 permit udp any any eq bootps
 permit ip any any time-range outcontrol
 deny   ip host 192.168.0.92 any
 deny   udp any any eq 1434
 deny   tcp any any
 permit tcp any any eq www
 deny   udp any any
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 permit icmp 192.168.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 10.0.0.0 0.255.255.255
!
tftp-server flash:c2600-j1s3-mz.122-13.T8.bin
snmp-server enable traps tty
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password tarenaccnp
 login
line vty 5 15
 password tarenaccnp
 login
!
time-range onecontrol
 periodic daily 12:30 to 13:30
 periodic daily 17:30 to 23:58
 periodic daily 0:00 to 9:30
!
time-range outcontrol
 periodic daily 0:30 to 9:30
 periodic daily 12:30 to 13:30
 periodic daily 17:30 to 18:30
!
!
!
end

 

 

interface FastEthernet0/1
 switchport access vlan 910
 switchport mode access
 no ip address
 channel-group 4 mode on
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree cost 1000
!
interface FastEthernet0/2
 switchport access vlan 911
 switchport mode access
 no ip address
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 912
 switchport trunk allowed vlan 1
 switchport mode access
 no ip address
 spanning-tree vlan 357 port-priority 16
 spanning-tree vlan 357 cost 17
 spanning-tree port-priority 16
 spanning-tree cost 18
!
interface FastEthernet0/4
 switchport access vlan 913
 switchport mode access
 no ip address
!
interface FastEthernet0/5
 switchport access vlan 910
 switchport mode access
 no ip address
!
interface FastEthernet0/6
 switchport access vlan 60
 switchport mode access
 no ip address
!
interface FastEthernet0/7
 switchport access vlan 87
 switchport mode access
 no ip address
!
interface FastEthernet0/8
 switchport access vlan 87
 switchport trunk allowed vlan 11
 switchport mode trunk
 no ip address
!
interface FastEthernet0/9
 switchport access vlan 23
 switchport mode trunk
 no ip address
!
interface FastEthernet0/10
 switchport access vlan 528
 switchport mode access
 no ip address
 udld port
 spanning-tree guard root
 spanning-tree cost 18
!
interface FastEthernet0/11
 switchport access vlan 11
 switchport mode access
 no ip address
!
interface FastEthernet0/12
 description toClassroom7
 switchport access vlan 907
 switchport mode access
 no ip address
!
interface FastEthernet0/13
 description toServers
 switchport access vlan 906
 switchport mode access
 no ip address
!
interface FastEthernet0/14
 description toServers
 switchport access vlan 900
 switchport mode access
 no ip address
 speed 100
!
interface FastEthernet0/15
 description to internet
 switchport access vlan 800
 switchport mode access
 no ip address
 speed 100
!
interface FastEthernet0/16
 description toInternet
 switchport access vlan 800
 switchport mode access
 no ip address
!
interface FastEthernet0/17
 description toServers
 switchport access vlan 900
 switchport mode access
 no ip address
 duplex half
 speed 100
!
interface FastEthernet0/18
 description toClassroom1
 switchport access vlan 901
 switchport mode access
 no ip address
!
interface FastEthernet0/19
 description toClassroom2
 switchport access vlan 902
 switchport mode access
 no ip address
!
interface FastEthernet0/20
 description toClassroom3
 switchport access vlan 903
 switchport mode access
 no ip address
!
interface FastEthernet0/21
 description toClassroom4
 switchport access vlan 904
 switchport mode access
 no ip address
!
interface FastEthernet0/22
 description toClassroom5
 switchport access vlan 905
 switchport mode access
 no ip address
!
interface FastEthernet0/23
 description toServers
 switchport access vlan 900
 switchport mode access
 no ip address
 speed 100
!
interface FastEthernet0/24
 description Trunkto2621
 switchport access vlan 800
 switchport mode trunk
 no ip address
 duplex full
 speed 100
!
interface Vlan1
 ip address 192.168.0.126 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.0.127 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan3
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan4
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan9
 ip address 192.168.1.1 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan10
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan11
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan13
 no ip address
 no ip route-cache
 shutdown
 fair-queue 15 256 0
!
interface Vlan20
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan22
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan30
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan40
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan50
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan60
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan70
 no ip address
 ip access-group 1 in
 no ip route-cache
 shutdown
!
interface Vlan101
 ip address 16.1.1.1 255.255.255.0
 no ip route-cache
 shutdown
 priority-group 1
!
interface Vlan333
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan555
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan900
 ip address 192.168.0.126 255.255.255.0
 no ip route-cache
!
interface Vlan910
 ip address 1.1.1.1 255.255.255.0
 no ip route-cache
 shutdown
!
ip default-gateway 192.168.0.1
ip http server
!
access-list 1 deny   14.14.14.14
access-list 1 deny   12.12.12.12
access-list 1 deny   192.168.4.11
access-list 1 permit 192.168.0.131
access-list 1 permit any
access-list 1 deny   any
access-list 101 deny   ip any host 14.14.14.14
access-list 101 permit ip any any
snmp-server enable traps vtp
banner motd ^C

       <=========]=o

^C
!
line con 0
 password tarenaccnp
 logging synchronous
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line vty 5 15
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
!
!
monitor session 1 source interface Fa0/1 , Fa0/3 - 5 , Fa0/9 , Fa0/14 - 15 , Fa0
/24
monitor session 1 destination interface Fa0/10
monitor session 2 destination interface Fa0/6
mac-address-table static 1111.1111.1111 vlan 1 interface FastEthernet0/1
mac-address-table static 2222.2222.2222 vlan 1 interface FastEthernet0/1
end