docBackup : copy flash:ppe_brest1 running-config Cisco SF300
download 
Plainte Transcription
Backup : copy flash:ppe_brest1 running-config Cisco SF300
Brest Backup : copy flash:ppe_brest1 running-config Cisco SF300-08 Mise en place des services : - Serveurs : 10.3.50.0/24 VLAN 2 (port 1) - DSI : 10.3.51.0/24 VLAN 3 (port 2) - Direction : 10.3.52.0/24 VLAN 4 (port 3) - Finances : 10.3.53.0/24 VLAN 5 (port 4) - Marketing : 10.3.54.0/24 VLAN 6 (port 5) - RH : 10.3.55.0/24 VLAN 7 (port 6) - Accueil : 10.3.56.0/24 VLAN 8 (port 7) Le port 8 est configuré pour dialoguer vers tous les ports VLAN par défaut 1 vers le routeur central « BREST » Il faut spécifier les différentes routes sur le Cisco SF300-08 : Mise en place du routage entre les différents services afin de limiter les domaines de diffusion. Comment nos VLAN ont été mis en place : VLAN 2 : VLAN 3 : VLAN 4 : VLAN 5 : VLAN 6 : VLAN 7 : VLAN 8 : Pour fini le VLAN par défaut 1 : Puis, pour finir la configuration des routes : Configuration du routeur Cisco 1941 brest : brest#show run Building configuration... Current configuration : 2126 bytes ! ! Last configuration change at 15:39:05 UTC Thu Dec 19 2013 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname brest ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ! ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1941/K9 sn FCZ1648C1SF ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.3.0.254 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.3.2.2 255.255.255.252 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface GigabitEthernet0/1/0 no ip address ! interface GigabitEthernet0/1/1 no ip address ! interface GigabitEthernet0/1/2 no ip address ! interface GigabitEthernet0/1/3 switchport access vlan 2 no ip address ! interface Vlan1 no ip address ! interface Vlan2 ip address 172.16.60.1 255.255.240.0 ip nat outside ip nat enable ip virtual-reassembly in ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface Vlan2 overload ip nat inside source static tcp 10.3.0.1 80 172.16.60.1 80 extendable ip route 0.0.0.0 0.0.0.0 172.16.48.152 ip route 10.3.50.0 255.255.255.0 10.3.2.1 ip route 10.3.51.0 255.255.255.0 10.3.2.1 ip route 10.3.52.0 255.255.255.0 10.3.2.1 ip route 10.3.53.0 255.255.255.0 10.3.2.1 ip route 10.3.54.0 255.255.255.0 10.3.2.1 ip route 10.3.55.0 255.255.255.0 10.3.2.1 ip route 10.3.56.0 255.255.255.0 10.3.2.1 ! access-list 1 permit any ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login transport input all ! scheduler allocate 20000 1000 end Puis, la configuration du Switch CISCO SF300-08 interface ethernet e1 switchport mode general exit vlan database vlan 2-8 exit interface ethernet e1 switchport general pvid 2 exit interface ethernet e1 switchport general allowed vlan add 2 untagged exit interface ethernet e8 switchport trunk allowed vlan add 2 exit interface ethernet e2 switchport trunk native vlan 3 exit interface ethernet e8 switchport trunk allowed vlan add 3 exit interface ethernet e3 switchport trunk native vlan 4 exit interface ethernet e8 switchport trunk allowed vlan add 4 exit interface ethernet e4 switchport trunk native vlan 5 exit interface ethernet e8 switchport trunk allowed vlan add 5 exit interface ethernet e5 switchport trunk native vlan 6 exit interface ethernet e8 switchport trunk allowed vlan add 6 exit interface ethernet e6 switchport trunk native vlan 7 exit interface ethernet e8 switchport trunk allowed vlan add 7 exit interface ethernet e7 switchport trunk native vlan 8 exit interface ethernet e8 switchport trunk allowed vlan add 8 exit interface vlan 2 name Serveurs exit interface vlan 3 name DSI exit interface vlan 4 name Direction exit interface vlan 5 name Finances exit interface vlan 6 name Marketing exit interface vlan 7 name RH exit interface vlan 8 name Accueil exit voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ interface vlan 1 ip address 10.3.2.1 255.255.255.252 exit interface vlan 2 ip address 10.3.50.254 255.255.255.0 exit interface vlan 3 ip address 10.3.51.254 255.255.255.0 exit interface vlan 4 ip address 10.3.52.254 255.255.255.0 exit interface vlan 5 ip address 10.3.53.254 255.255.255.0 exit interface vlan 6 ip address 10.3.54.254 255.255.255.0 exit interface vlan 7 ip address 10.3.55.254 255.255.255.0 exit interface vlan 8 ip address 10.3.56.254 255.255.255.0 exit ip route 0.0.0.0 0.0.0.0 10.3.2.2 ip route 10.3.0.0 255.255.255.0 10.3.2.2 interface vlan 1 no ip address dhcp exit bonjour mode include bonjour service enable csco-sb bonjour service enable http bonjour service enable https bonjour service enable ssh bonjour service enable telnet bonjour interface range vlan-range 1 hostname switchcce2e7 username cisco password 95fbdb3e3d93f62058f8c18acd1d01130b16296c level 15 encrypted no snmp-server enable Après test, on peut accéder depuis le réseau 172.16.48.0/20 au serveur de la DMZ de brest :
