中小型企業網絡設計
1、設計需求:redis
1)經理室、設備科、人事處,能夠訪問外部網絡,外部網絡不能訪問經理室、設備科、人事處,財務部不容許訪問外部網絡。網絡
2)經理室能夠訪問設備科,財務部,人事處。ide
3)人事處和設備科能夠互訪,但人事處和設備科與財務部不能互訪。測試
4)經過幀中繼,實現雲兩端的路由可以通訊。spa
2、網絡拓撲設計
3.根據拓撲圖和實驗需求,咱們分析一下總體的網絡,首先要在二層交換機上配置vlan,而且把相應的端口加入,而在三層交換機上配置vlan間路由,在R1和三層交換機上配置一個路由協議EIGRP,須要注意的是R1上的s1/0端口不行宣告進動態路由協議,咱們須要配置一條默認路由指向外網,咱們須要實現經理室、設備科、人事處,能夠訪問外部網絡,外部網絡不能訪問經理室、設備科、人事處,財務部不容許訪問外部網絡。就須要在R1上配置PAT,以實現需求,orm
要實現經理室能夠訪問設備科,財務部,人事處,人事處和設備科能夠互訪,但人事處和設備科與財務部不能互訪。能夠在三層交換機上配置ACL,而且在vlan中應用,而且要注意ACL的應用方向,最後就是配置一個幀中繼網絡了。router
4.如今咱們分析完整個網絡就開始配置了blog
SW1:接口
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#ex
Switch(config)#int f0/1
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int f0/2
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int f0/3
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 30
Switch(config-if)#int f0/10
Switch(config-if)#sw
Switch(config-if)#switchport m
Switch(config-if)#switchport mode t
Switch(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up
Switch(config-if)#int f0/15
Switch(config-if)#sw
Switch(config-if)#switchport m
Switch(config-if)#switchport mode t
Switch(config-if)#switchport mode trunk
SW2:
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#int f0/4
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int f0/5
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int f0/6
Switch(config-if)#sw
Switch(config-if)#switchport a
Switch(config-if)#switchport access v
Switch(config-if)#switchport access vlan 30
Switch(config-if)#int f0/10
Switch(config-if)#sw
Switch(config-if)#switchport m
Switch(config-if)#switchport mode t
Switch(config-if)#switchport mode trunk
Switch(config-if)#int f0/20
Switch(config-if)#sw
Switch(config-if)#switchport m
Switch(config-if)#switchport mode t
Switch(config-if)#switchport mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/20, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/20, changed state to up
注意交換機之間的接口須要設置爲trunk
5.在各路由接口,三層交換端口和SVI接口配置相應的ip地址
SW3
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#e
Switch(config)#int vlan 10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip ad
Switch(config-if)#ip address 10.10.10.254 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int vlan 20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip ad
Switch(config-if)#ip address 20.20.20.254 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int vlan 30
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
Switch(config-if)#ip ad
Switch(config-if)#ip address 30.30.30.254 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int f0/1
Switch(config-if)#no sw
Switch(config-if)#no switchport
Switch(config-if)#ip ad
Switch(config-if)#ip address 10.10.0.254 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#ex
Switch(config)#ip ro
Switch(config)#ip rout
Switch(config)#ip routi
Switch(config)#ip routing
R1:
Router(config)#host Router1
Router1(config)#int f0/1
Router1(config-if)#ip ad
Router1(config-if)#ip address 10.10.0.1 255.255.255.0
Router1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router1(config-if)#int f0/0
Router1(config-if)#ip ad
Router1(config-if)#ip address 10.0.0.1 255.255.255.0
Router1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#int s1/0
Router(config-if)#ip ad
Router1(config-if)#ip address 11.1.1.2 255.255.255.0
Router1(config-if)#no shut
%LINK-5-CHANGED: Interface Serial1/0, changed state to down
Router1(config-if)#cla
Router1(config-if)#cl
Router1(config-if)#clock r
Router1(config-if)#clock rate 64000
R2:
Router(config)#host Router2
Router2(config)#int s1/1
Router2(config-if)#ip ad
Router2(config-if)#ip address 11.1.1.1 255.255.255.0
Router2(config-if)#no shut
%LINK-5-CHANGED: Interface Serial1/1, changed state to up
Router(config-if)#int s1/0
Router(config-if)#ip a
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
d
Router2(config-if)#ip address 12.1.1.1 255.255.255.0
Router2(config-if)#no shut
Router2(config-if)#
%LINK-5-CHANGED: Interface Serial1/0, changed state to up
R3:
Router(config)#host Router3
Router3(config)#int s1/1
Router3(config-if)#ipa d
Router3(config-if)#ipad
Router3(config-if)#ipaddress 12.1.1.2 255.255.255.0
Router3(config-if)#no shut
注意三層交換機上要打開路由端口才能夠配置ip地址還有要開啓三層交換機的路由功能,還有就是PC的ip就要本身去配置了,這裏就不講了。
6.如今在R1和三層交換機上配置EIGRP協議,以便讓內網互通
SW3:
Switch(config)#router eigrp 100
Switch(config-router)#net
Switch(config-router)#network 10.10.10.0 0.0.0.255
Switch(config-router)#network 20.20.20.0 0.0.0.255
Switch(config-router)#network 30.30.30.0 0.0.0.255
Switch(config-router)#network 10.10.0.0 0.0.0.255
R1:
Router1(config)#router eigrp 100
Router1(config-router)#net
Router1(config-router)#network 10.0.0.0 0.0.0.255
Router1(config-router)#network 10.10.0.0 0.0.0.255
Router(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.10.0.254 (FastEthernet0/1) is up: new adjacency
如今咱們來測試一下內網是否能夠互達
如今咱們用設備科的pc1分別ping人事處財務部經理室
PC>ping 30.30.30.2
Pinging 30.30.30.2 with 32 bytes of data:
Reply from 30.30.30.2: bytes=32 time=11ms TTL=127
Reply from 30.30.30.2: bytes=32 time=17ms TTL=127
Reply from 30.30.30.2: bytes=32 time=17ms TTL=127
Reply from 30.30.30.2: bytes=32 time=9ms TTL=127
Ping statistics for 30.30.30.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 17ms, Average = 13ms
PC>ping 20.20.20.2
Pinging 20.20.20.2 with 32 bytes of data:
Reply from 20.20.20.2: bytes=32 time=8ms TTL=127
Reply from 20.20.20.2: bytes=32 time=13ms TTL=127
Reply from 20.20.20.2: bytes=32 time=16ms TTL=127
Reply from 20.20.20.2: bytes=32 time=14ms TTL=127
Ping statistics for 20.20.20.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 16ms, Average = 12ms
PC>ping 10.0.0.2
Pinging 10.0.0.2 with 32 bytes of data:
Reply from 10.0.0.2: bytes=32 time=12ms TTL=126
Reply from 10.0.0.2: bytes=32 time=13ms TTL=126
Reply from 10.0.0.2: bytes=32 time=10ms TTL=126
Reply from 10.0.0.2: bytes=32 time=14ms TTL=126
Ping statistics for 10.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 14ms, Average = 12ms
顯然內網全網可達,
再ping一下外網地址
PC>ping 11.1.1.1
Pinging 11.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 11.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
顯然不通
可是咱們須要實現經理室、設備科、人事處,能夠訪問外部網絡,外部網絡不能訪問經理室、設備科、人事處,財務部不容許訪問外部網絡。就須要在R1上配置PAT,以實現需求,
要實現經理室能夠訪問設備科,財務部,人事處,人事處和設備科能夠互訪,但人事處和設備科與財務部不能互訪。能夠在三層交換機上配置ACL,而且在vlan中應用,而且要注意ACL的應用方向如今開始配置
7.就須要在R1上配置PAT,三層交換機上配置ACL
R1:
Router1(config)#int f0/0
Router1(config-if)#ip na
Router1(config-if)#ip nat i
Router1(config-if)#ip nat inside
Router(config-if)#int f0/1
Router1(config-if)#ip na
Router1(config-if)#ip nat i
Router1(config-if)#ip nat inside
Router1(config-if)#int s1/0
Router1(config-if)#ip na
Router1(config-if)#ip nat o
Router1(config-if)#ip nat outside
Router1(config-if)#ex
Router1(config)#ac
Router1(config)#access-list 1 d
Router1(config)#access-list 1 deny 20.20.20.0 0.0.0.255
Router1(config)#ac
Router1(config)#access-list 1 p
Router1(config)#access-list 1 permit a
Router1(config)#access-list 1 permit any
Router1(config)#ip rou
Router1(config)#ip route 0.0.0.0 0.0.0.0 11.1.1.1
Router1(config)#rou
Router1(config)#router e
Router1(config)#router eigrp 100
Router1(config-router)#re
Router1(config-router)#redistribute s
Router1(config-router)#redistribute static
SW3:
Switch(config)#access-list 100 permit icmp 20.20.20.0 0.0.0.255 10.0.0.0 0.0.0.255
Switch(config)#int vlan 20
Switch(config-if)#ip a
Switch(config-if)#ip-
Switch(config-if)#ip ac
Switch(config-if)#ip access-group 100 in
Switch(config-if)#
配置完成後,再ping一下外網
PC>ping 11.1.1.1
Pinging 11.1.1.1 with 32 bytes of data:
Reply from 11.1.1.1: bytes=32 time=88ms TTL=253
Reply from 11.1.1.1: bytes=32 time=15ms TTL=253
Reply from 11.1.1.1: bytes=32 time=21ms TTL=253
Reply from 11.1.1.1: bytes=32 time=19ms TTL=253
Ping statistics for 11.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 88ms, Average = 35ms
顯然能夠了
最後只差一個幀中繼的網絡了
8.配置幀中繼網絡
R2:
Router2(config)#int s1/0
Router2(config-if)#en
Router2(config-if)#encapsulation
Router2(config-if)#encapsulation f
Router2(config-if)#encapsulation frame-relay
Router2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
Router2(config-if)#f
Router2(config-if)#fr
Router2(config-if)#frame-relay i
Router2(config-if)#frame-relay interface-dlci 203
Router2(config-if)#
R3:
Router3(config)#int s1/1
Router3(config-if)#en
Router3(config-if)#encapsulation f
Router3(config-if)#encapsulation frame-relay
Router3(config-if)#f
Router3(config-if)#fr
Router3(config-if)#frame-relay i
Router3(config-if)#frame-relay interface-dlci 302
Cloud0:
s0
你們這裏須要注意一下,這樣是不行的,之前本身粗心忘記按下ADD了,按下的效果是這樣的
s1同上
好了咱們這樣子就已經作徹底部的配置了,如今咱們來測試實驗需求
測試設備科可不能夠和財務部互訪
PC>ping 20.20.20.2
Pinging 20.20.20.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 20.20.20.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
顯然不能夠
9.測試財務部可不能夠和經理室互訪
PC>ping 10.0.0.2
Pinging 10.0.0.2 with 32 bytes of data:
Reply from 10.0.0.2: bytes=32 time=15ms TTL=126
Reply from 10.0.0.2: bytes=32 time=14ms TTL=126
Reply from 10.0.0.2: bytes=32 time=18ms TTL=126
Reply from 10.0.0.2: bytes=32 time=18ms TTL=126
Ping statistics for 10.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 18ms, Average = 16ms
顯然能夠
測試財務部可不能夠訪問外網
PC>ping 11.1.1.1
Pinging 11.1.1.1 with 32 bytes of data:
Reply from 20.20.20.254: Destination host unreachable.
Reply from 20.20.20.254: Destination host unreachable.
Reply from 20.20.20.254: Destination host unreachable.
Reply from 20.20.20.254: Destination host unreachable.
Ping statistics for 11.1.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
顯然不能夠
測試外網可不能夠訪問內網
Router#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
顯然不能夠
10.寫到這裏有的人又說,如今爲了實現企業網絡的高性價比呢?不可能都是cisco的設備呢?那麼就不能夠在內網中用EIGRP了,那麼又如何配置呢?
第二種協議ospf固然基本配置你們要本身去配置了,這裏指出不同的是靜態路由的重分佈,命令以下
Router1
Router1(config)#router os
Router1(config)#router ospf 110
Router1(config-router)#de
Router1(config-router)#default-information
Router1(config-router)#default-informationoriginate
11.第三種rip就是應用於內部網絡比較小的狀況了,這裏是版本2的,有版本1和2的區別,至於想知道去別的,本身去百度了(呵呵)
Router1
Router1(config)#ip route 0.0.0.0 0.0.0.0 11.1.1.1
Router1(config)#router rip
Router(config-router)#version 2
Router1(config-router)#redistribute static
文章可能存在不少的問題,但願你們能夠幫我指出。
- 1. 中小型企業網絡建設
- 2. 中小型企業網絡構建
- 3. 企業網絡設計
- 4. 計算機網絡課程設計—組建小型企業網絡
- 5. 中小企業網頁設計,輕鬆拓展網絡市場
- 6. 企業網管談中小企業與大型企業網絡安全
- 7. 基於Packet trace的小型企業網絡設計
- 8. 中小企業網絡結構設計(Cisco)
- 9. 企業級的網絡系統設計
- 10. 中型企業網絡構建案例
- 更多相關文章...
- • 計算機網絡由哪些硬件設備組成? - TCP/IP教程
- • Web 創建設計 - 網站建設指南
- • Kotlin學習(二)基本類型
- • IntelliJ IDEA代碼格式化設置
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 中小型企業網絡建設
- 2. 中小型企業網絡構建
- 3. 企業網絡設計
- 4. 計算機網絡課程設計—組建小型企業網絡
- 5. 中小企業網頁設計,輕鬆拓展網絡市場
- 6. 企業網管談中小企業與大型企業網絡安全
- 7. 基於Packet trace的小型企業網絡設計
- 8. 中小企業網絡結構設計(Cisco)
- 9. 企業級的網絡系統設計
- 10. 中型企業網絡構建案例