一、项目背景:
某某远程教育网络科技有限公司有4个不同业务部门,分别是研发、销售、商务、售后彼此间需要互联互通。另外,要求服务器区的HTTP服务器必须外网可直接访问,并合理利用网络资源。
二、项目需求:
1、网络部署模式:用户网关、设备网关全部位于核心交换机上。
2、设备必须统一设备命名,设备密码,远程登陆(交换机使用telnet,路由器使用SSH),设备时间,日志记录。
3、研发部门使用静态IP地址。
4、售后,商务部门统一使用动态DHCP获取IP地址,销售部门使用DHCP中继获取地址(中继服务器R1)。
5、只允许售后部门远程管理网络设备。
6、将Core核心设备管理远程(Telnet)映射到外网。
7、设备互联接口必须进行描述,描述格式:对端设备名称-对端设备接口。
8、出口路由器与核心交换机之间使用链路聚合。
9、开启端口隔离。
三、网络拓扑
1、客户网络拓扑:
2、实验演示拓扑:
四、项目规划
1、设备命名:
|
拓扑图中设备名称 |
配置主机名(hostname名) |
|
SW1 |
XAYC-YF-XS-2950 |
|
SW2 |
XAYC-SW-SH-2950 |
|
SW3 |
XAYC-SERVER-2950 |
|
Core |
XAYC-Core-2950 |
|
R1 |
XAYC-R1-2950 |
|
R2 |
XAYC-R2-2950 |
2、设备登录方式:
|
设备名称 |
登录方式 |
用户名 |
用户密码 |
enable密码 |
|
XAYC-R1-2950 |
telnet |
admin |
admin |
admin |
|
XAYC-R2-2950 |
telnet |
admin |
admin |
admin |
|
XAYC-Core-2950 |
telnet |
admin |
admin |
admin |
|
XAYC-SERVER-2950 |
telnet |
admin |
admin |
admin |
|
XAYC-YF-XS-2950 |
telnet |
admin |
admin |
admin |
|
XAYC-SW-SH-2950 |
telnet |
admin |
admin |
admin |
3、VLAN规划:
|
规划 |
VLAN |
VLAN/接口名称 |
说明 |
|
VLAN10 |
Yanfa |
研发 |
|
|
VLAN20 |
Xiaoshou |
销售 |
|
|
VLAN30 |
Shangwu |
商务 |
|
|
VLAN40 |
Shouhou |
售后 |
|
|
VLAN50 |
Server |
服务器区 |
|
|
VLAN100 |
manage |
设备管理VLAN |
4、IP地址规划:
|
规划 |
VLAN |
地址网段 |
子网掩码 |
|
VLAN10 |
192.168.10.0 |
255.255.255.0 |
|
|
VLAN20 |
182.168.20.0 |
255.255.255.0 |
|
|
VLAN30 |
192.168.30.0 |
255.255.255.0 |
|
|
VLAN40 |
192.168.40.0 |
255.255.255.0 |
|
|
VLAN50 |
192.168.50.0 |
255.255.255.0 |
|
|
VLAN100 |
192.168.100.0 |
255.255.255.0 |
5、管理地址规划:
|
设备 |
管理地址 |
|
SW1 |
192.168.100.1 |
|
SW2 |
192.168.100.2 |
|
SW3 |
192.168.100.3 |
|
SW4 |
192.168.100.4 |
|
SW5 |
192.168.100.5 |
|
Core |
192.168.100.254 |
|
R1与Core互联地址 |
192.168.1.0/30 |
6、详细地址规划:
|
设备名称 |
VLAN/接口 |
管理网关 |
子网掩码 |
|
XAYC-R1-2950 |
F 0/1 |
100.100.17.1 |
255.255.255.0 |
|
F 0/0 |
192.168.1.2 |
255.255.255.252 |
|
|
XAYC-R2-2950 |
F 0/1 |
100.100.17.254 |
255.255.255.0 |
|
XAYC-Core-2950 |
F 0/1 |
192.168.1.1 |
255.255.255.252 |
|
VLAN 10 |
192.168.10.1 |
255.255.255.0 |
|
|
VLAN 20 |
192.168.20.1 |
255.255.255.0 |
|
|
VLAN 30 |
192.168.30.1 |
255.255.255.0 |
|
|
VLAN 40 |
192.168.40.1 |
255.255.255.0 |
|
|
VLAN 50 |
192.168.50.1 |
255.255.255.0 |
|
|
VLAN 100 |
192.168.100.254 |
255.255.255.0 |
|
|
XAYC-SERVER-2950 |
VLAN 100 |
192.168.100.5 |
255.255.255.0 |
|
XAYC-YF-XS-2950 |
VLAN 100 |
192.168.100.1 |
255.255.255.0 |
|
XAYC-SW-SH-2950 |
VLAN 100 |
192.168.100.2 |
255.255.255.0 |
五、具体步骤
1、用户网关,设备网关均放在核心设备:
XAYC-Core-2950>enXAYC-Core-2950#configureXAYC-Core-2950(config)#vlan 10XAYC-Core-2950(config-vlan)#name yanfaXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 20XAYC-Core-2950(config-vlan)#name xiaoshouXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 30XAYC-Core-2950(config-vlan)#name shangwuXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 40XAYC-Core-2950(config-vlan)#name shouhouXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 100XAYC-Core-2950(config-vlan)#name manageXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#int vlan 10XAYC-Core-2950(config-if-VLAN 10)#ip add 192.168.10.1255.255.255.0XAYC-Core-2950(config-if-VLAN 10)#exXAYC-Core-2950(config)#int vlan 20XAYC-Core-2950(config-if-VLAN 20)#ip add 192.168.20.1255.255.255.0XAYC-Core-2950(config-if-VLAN 20)#exXAYC-Core-2950(config)#int vlan 30XAYC-Core-2950(config-if-VLAN 30)#ip add 192.168.30.1255.255.255.0XAYC-Core-2950(config-if-VLAN 30)#exXAYC-Core-2950(config)#int vlan 40XAYC-Core-2950(config-if-VLAN 40)#ip add 192.168.40.1255.255.255.0XAYC-Core-2950(config-if-VLAN 40)#exXAYC-Core-2950(config)#int vlan 50XAYC-Core-2950(config-if-VLAN 50)#ip add 192.168.50.1255.255.255.0XAYC-Core-2950(config-if-VLAN 50)#exXAYC-Core-2950(config)#int vlan 100XAYC-Core-2950(config-if-VLAN 100)#ip add 192.168.100.254255.255.255.0XAYC-Core-2950(config-if-VLAN 100)#exXAYC-Core-2950(config)#int f0/3XAYC-Core-2950(config-if-FastEthernet 0/3)#switchport mode trunkXAYC-Core-2950(config)#int f0/5XAYC-Core-2950(config-if-FastEthernet 0/5)#switchport mode trunkXAYC-Core-2950(config)#int f0/7XAYC-Core-2950(config-if-FastEthernet 0/7)#switchport mode trunkXAYC-Core-2950(config-if-FastEthernet 0/7)#exitXAYC-Core-2950(config)#int f0/1XAYC-Core-2950(config-if-FastEthernet0/1)# ip address 192.168.1.1 255.255.255.0
2、统一设备命名,设备密码,远程登录方式,设备时间,设备日志:
XAYC-Core-2950(config)#line vty 0 5XAYC-Core-2950(config-line)#password adminXAYC-Core-2950(config-line)#exitXAYC-Core-2950(config)#enable password adminXAYC-Core-2950(config)#clocktimezone beijing 8XAYC-Core-2950(config)#exXAYC-Core-2950(config)#clocktimezone beijing 8XAYC-Core-2950(config)#exXAYC-Core-2950#clockset 16:02:00 6 21 2019XAYC-Core-2950(config)#logging file flash:syslog 7XAYC-Core-2950(config)#logging file flash:syslog 131072XAYC-Core-2950(config)#logging buffered 131072XAYC-Core-2950(config)#logging userinfo command-logXAYC-Core-2950(config)#service sysnameXAYC-Core-2950(config)#service sequence-numbersXAYC-Core-2950(config)#service timestamps
3、配置DHCP服务:
XAYC-Core-2950(config)#service dhcpXAYC-Core-2950(config)#ip dhcp pool vlan30XAYC-Core-2950(dhcp-config)#network 192.168.30.0255.255.255.0XAYC-Core-2950(dhcp-config)#dns-server 8.8.8.8XAYC-Core-2950(dhcp-config)#default-router 192.168.30.1XAYC-Core-2950(dhcp-config)#exXAYC-Core-2950(config)#ip dhcp pool vlan40XAYC-Core-2950(dhcp-config)#network 192.168.40.0255.255.255.0XAYC-Core-2950(dhcp-config)#dns-server 8.8.8.8XAYC-Core-2950(dhcp-config)#default-router 192.168.40.1XAYC-Core-2950(dhcp-config)#exXAYC-Core-2950#ip route 0.0.0.0 0.0.0.0 192.168.1.1XAYC-R1-2950(config)#ip helper-address 192.168.1.2
4、配置远程管理服务,限制登录:
XAYC-Core-2950(config)#ip access-list standard 1XAYC-Core-2950(config-std-nacl)#permit 192.168.40.00.0.0.255XAYC-Core-2950(config-std-nacl)#exXAYC-Core-2950(config)#line vty 0 4XAYC-Core-2950(config-line)#access-class 1 inXAYC-Core-2950(config-line)#exit
5、配置接入交换机网络接口:
>配置SW1接入交换机:
SW1>enSW1#configureterminalSW1(config)#hostname XAYC-YF-XS-2950XAYC-YF-XS-2950(config)#vlan10XAYC-YF-XS-2950(config-vlan)#name yanfaXAYC-YF-XS-2950(config-vlan)#vlan20XAYC-YF-XS-2950(config-vlan)#name xiaoshouXAYC-YF-XS-2950(config)#vlan100XAYC-YF-XS-2950(config-vlan)#name manageXAYC-YF-XS-2950(config-vlan)#exXAYC-YF-XS-2950(config)#intf0/1XAYC-YF-XS-2950(config-if-FastEthernet0/1)#switchport mode trunkXAYC-YF-XS-2950(config-if-FastEthernet0/1)#int f0/3XAYC-YF-XS-2950(config-if-FastEthernet0/3)#switchport mode accessXAYC-YF-XS-2950(config-if-FastEthernet0/3)#switchport access vlan 10XAYC-YF-XS-2950(config-if-FastEthernet0/3)#int f0/5XAYC-YF-XS-2950(config-if-FastEthernet0/5)#switchport mode accessXAYC-YF-XS-2950(config-if-FastEthernet0/5)#switchport access vlan 20XAYC-YF-XS-2950(config-if-FastEthernet0/3)#exXAYC-YF-XS-2950(config-vlan)#intvlan 100XAYC-YF-XS-2950(config-if-VLAN100)#ip address 192.168.100.1 255.255.255.0XAYC-YF-XS-2950(config-if-VLAN100)#ex
>配置SW2接入交换机:
SW2>enSW2SW2(config)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config-vlan)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-FastEthernet0/3)XAYC-SW-SH-2950(config-if-FastEthernet0/3)XAYC-SW-SH-2950(config-if-FastEthernet0/3)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-FastEthernet0/5)XAYC-SW-SH-2950(config-if-FastEthernet0/5)XAYC-SW-SH-2950(config-if-FastEthernet0/5)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-FastEthernet0/1)XAYC-SW-SH-2950(config-if-FastEthernet0/1)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-VLAN100)XAYC-SW-SH-2950(config-if-VLAN100)
6、出口路由配置:
XAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet0/0)# ip address 192.168.1.2 255.255.255.0XAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet0/1)# ip address 100.100.17.1 255.255.255.0XAYC-R1-2950(config)#intf0/2XAYC-R1-2950(config-if-FastEthernet0/2)#ip address 100.1.1.1 255.255.255.0XAYC-R1-2950(config-if-FastEthernet0/2)#exitXAYC-R1-2950(config)#ip access-list standard 1XAYC-R1-2950(config-std-nacl)#permit anyXAYC-R1-2950(config-std-nacl)#exXAYC-R1-2950(config)#ip nat pool 100.100.17.1100.100.17.2 netmask 255.255.255.0XAYC-R1-2950(config)#ip nat inside source list 1 poolruijieXAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet 0/0)#ip nat insideXAYC-R1-2950(config-if-FastEthernet 0/0)#exXAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet 0/1)#ip nat outsideXAYC-R1-2950(config-if-FastEthernet 0/1)#exXAYC-R1-2950(config)#ip nat inside source static tcp 192.168.100.25423 100.100.17.1 2000XAYC-R1-2950(config)#ip route 192.168.0.0 255.255.0.0192.168.1.1
7、设备互联接口描述:
XAYC-Core-2950(config)#int f0/1XAYC-Core-2950(config-if-FastEthernet0/1)#description XAYC-R1-2950-f0/0XAYC-Core-2950(config-if-FastEthernet0/1)#int f0/7XAYC-Core-2950(config-if-FastEthernet0/7)#description XAYC-SERVER-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/7)#int f0/3XAYC-Core-2950(config-if-FastEthernet0/3)#description XAYC-YF-XS-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/3)#int f0/5XAYC-Core-2950(config-if-FastEthernet0/5)#description XAYC-SWSH-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/5)#exXAYC-Core-2950(config)#exXAYC- YF-XS-2950(config)#int f 0/1XAYC-YF-XS-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/3XAYC-YF-XS-2950(config-if-FastEthernet0/1)#exXAYC-SW-SH-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/5XAYC-SW-SH-2950(config-if-FastEthernet0/1)#exXAYC-SERVER-2950(config)#int f0/1XAYC-SERVER-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/7XAYC-SERVER-2950(config-if-FastEthernet0/1)#exXAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet0/1)#description XAYC-R2-2950-f0/1XAYC-R1-2950(config-if-FastEthernet0/1)#exXAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet0/0)#description XAYC-Core-2950-f0/1XAYC-R1-2950(config-if-FastEthernet0/0)#exXAYC-R2-2950(config)#int f0/1XAYC-R2-2950(config-if-FastEthernet0/1)#description XAYC-R1-2950-f0/1XAYC-R2-2950(config-if-FastEthernet 0/1)
8、防止私设DHCP服务:
XAYC-YF-XS-2950(config)#int f0/1XAYC-YF-XS-2950(config-if-FastEthernet 0/1)#ip dhcpsnooping trustXAYC-YF-XS-2950(config-if-FastEthernet 0/1)#exXAYC-SW-SH-2950(config)#int f0/1XAYC-SW-SH-2950(config-if-FastEthernet 0/1)#ip dhcpsnooping trustXAYC-SW-SH-2950(config-if-FastEthernet 0/1)#ex
9、开启端口隔离:
XAYC-YF-XS-2950(config)XAYC-YF-XS-2950(config-if-FastEthernet 0/3)XAYC-YF-XS-2950(config-if-FastEthernet 0/3)XAYC-YF-XS-2950(config)XAYC-YF-XS-2950(config-if-FastEthernet 0/5)XAYC-YF-XS-2950(config-if-FastEthernet 0/5)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-FastEthernet 0/3)XAYC-SW-SH-2950(config-if-FastEthernet 0/3)XAYC-SW-SH-2950(config)XAYC-SW-SH-2950(config-if-FastEthernet0/5)XAYC-SW-SH-2950(config-if-FastEthernet0/5)
六、结果测试
1、售后远程管理设备:
2、商务不能远程管理设备:
3、测试网络连通性:
>测试商务连通性:
>测试核心交换机连通性:
>测试研发连通性:
>测试售后连通性:
>使用动态获取ip地址:
感谢您的查看,本次中小型企业项目构建,你学会了吗?想了解更多知识,请关注公众号,我们实时推出新内容。
长按二维码
关注更多精彩
原文始发于微信公众号(老五说网络):如何构建中小型企业网络?用Cisco Packet Tracer模拟环境调试~~~
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论