https://forum.ixbt.com/topic.cgi?id=7:48212
Базовая настройка для всех устройвст(свитчи, роутеры)
SW1,SW2,SW3,SW4 (hostname поменять не забудь)
en
conf t
hostname SW1
ip domain name profskills.ru
username profi privilege 15 secret skill
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input all
login local
password admin
exi
line console 0
privilege level 0
login local
password con
exi
enable password pro
service password-encryption
do wr
vlan 100
name OFFICE
int vlan 100
vlan 200
name DATA
int vlan 200
vlan 300
name PHONES
int vlan 300
vlan 500
name NATIVE
int vlan 500
vlan 666
name SHUTDOWN
exi
vtp mode transparent
clock timezone MSK 3
ntp server 192.168.100.254
do wr
SW1
int range fa 0/3-6
switchport mode dynamic desirable
interface g0/1
switchport mode trunk
switchport trunk native vlan 500
switchport trunk allowed vlan 100
switchport trunk allowed vlan 200
switchport trunk allowed vlan 300
switchport trunk allowed vlan 500
switchport trunk allowed vlan 666
interface range Fa0/3-4
channel-protocol lacp
channel-group 1 mode active
exit
interface port-channel 1
switchport mode trunk
interface range fa0/5-6
channel-group 2 mode desirable
exit
interface port-channel 2
switchport mode trunk
exit
Spanning-tree mode rapid-pvst
Spanning-tree vlan 100 priority 0
Spanning-tree vlan 200 priority 0
Spanning-tree vlan 300 priority 0
Spanning-tree vlan 500 priority 0
Spanning-tree vlan 666 priority 0
spanning-tree vlan 100 root primary
spanning-tree vlan 200 root primary
spanning-tree vlan 500 root primary
spanning-tree vlan 666 root primary
SW2
int range fa0/3-4
switchport mode trunk
switchport mode dynamic auto
int f0/10
switchport mode trunk
Switchport access vlan 200
switchport nonegotiate
switchport trunk native vlan 500
switchport trunk allowed vlan 100
switchport trunk allowed vlan 200
switchport trunk allowed vlan 300
switchport trunk allowed vlan 500
switchport trunk allowed vlan 666
interface range Fa0/3-4
channel-protocol lacp
channel-group 1 mode passive
exit
interface port-channel 1
switchport mode trunk
Spanning-tree mode rapid-pvst
Spanning-tree vlan 100 priority 4096
Spanning-tree vlan 200 priority 4096
Spanning-tree vlan 300 priority 4096
int fa0/5
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
interface range fastEthernet 0/1,0/2,0/5
ip arp inspection trust
ip arp inspection vlan 100
SW3
interface range fa 0/5-6
switchport mode Dynamic Auto
int f0/10
switchport mode trunk
Switchport access vlan 200
switchport nonegotiate
switchport trunk native vlan 500
switchport trunk allowed vlan 100
switchport trunk allowed vlan 200
switchport trunk allowed vlan 300
switchport trunk allowed vlan 500
switchport trunk allowed vlan 666
interface range fa0/5-6
channel-group 2 mode auto
exit
interface port-channel 2
switchport trunk encapsulation dot1q
switchport mode trunk
SW4
int f0/10
switchport mode access
switchport nonegotiate
switchport trunk native vlan 500
switchport trunk allowed vlan 100
switchport trunk allowed vlan 200
switchport trunk allowed vlan 300
switchport trunk allowed vlan 500
switchport trunk allowed vlan 666
R1,R2,R3,R4 ISP
en
conf t
hostname R1
ip domain name profskills.ru
username profi privilege 15 secret skill
crypto key generate rsa
1024
ip ssh version 2
line vty 0 15
transport input all
login local
password admin
exi
line console 0
privilege level 0
login local
password con
exi
enable password pro
service password-encryption
ip route 0.0.0.0 0.0.0.0 8.8.8.8
router ospf 1
network 10.0.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0
exi
clock timezone MSK 3
ntp server 192.168.100.254
do wr
R1 R4
int g0/1.100
encapsulation dot1Q 100
ip add 192.168.202.1 255.255.255.0
no sh
interface loopback 1
ip address 1.1.1.1 255.255.255.255
int fa0/1.100
encapsulation dot1Q 200
ip add 192.168.100.1 255.255.255.128
no sh
interface loopback 4
ip address 4.4.4.4 255.255.255.255
R1
access-list 1 permit 192.168.202.0 0.0.0.255
ip nat inside source list 1 interface Gi0/1 overload
exi
ip dhcp pool 1
network 192.168.202.0 255.255.255.0
default-router 192.168.202.1
int tunnel 1
ip address 192.168.1.1 255.255.255.252
tunnel mode gre ip
tunnel source 192.168.202.1
tunnel destination 192.168.103.1
exi
crypto isakmp policy 1
encr aes
authentication pre-share
hash sha256
group 14
crypto isakmp key TheSecretPassword address 192.168.103.1
crypto isakmp nat keepalive 5
crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac
mode tunnel
crypto ipsec profile VTI
set transform-set TSET
interface Tunnel1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
R2
int tunnel 1
ip address 192.168.1.2 255.255.255.252
tunnel mode gre ip
tunnel source 192.168.103.1
tunnel destination 192.168.101.1
exi
crypto isakmp policy 1
encr aes
authentication pre-share
hash sha256
group 14
!
crypto isakmp key TheSecretPassword address 192.168.101.1
crypto isakmp nat keepalive 5
!
crypto ipsec transform-set TSET esp-aes 256 esp-sha256-hmac
mode tunnel
!
crypto ipsec profile VTI
set transform-set TSET
interface Tunnel1
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
R4
access-list 1 permit 192.168.100.0 0.0.0.127
ip nat inside source list 1 interface fa0/0 overload
exi
ip dhcp pool 2
network 192.168.100.0 255.255.255.128
default-router 192.168.100.1
exi
ip dhcp pool voicepool
network 192.168.100.0 255.255.255.252
default-router 192.168.100.1
option 150 ip 192.168.100.1
lease 0 0 30
exi
voice service voip
allow-connections sip to sip
exi
voice service voip
sip
registrar server expires max 3600 min 3600
voice class codec 1
codec preference 1 g7....aw
codec preference 1 g7....aw
codec preference 1 g729br8
conf t
voice register dn 1
number 333
voice register dn 2
number 444
voice register pool 1
id mac 0014.1c48.acb2 – указываем MAC телефона
number 1 dn 1 – привязываем номер к первой линии
voice-class codec 1 – используем созданный нами набор кодеков
username admin password pass – создаем аутентификационные данные
https://drive.google.com/file/d/11OWy-VmlSXk2uxWBEEIUM14l8LAkZsny/view?usp=share_link