一、项目背景:
某某远程教育网络科技有限公司有4个不同业务部门,分别是研发、销售、商务、售后彼此间需要互联互通。另外,要求服务器区的HTTP服务器必须外网可直接访问,并合理利用网络资源。
二、项目需求:
1、网络部署模式:用户网关、设备网关全部位于核心交换机上。
2、设备必须统一设备命名,设备密码,远程登陆(交换机使用telnet,路由器使用SSH),设备时间,日志记录。
3、研发部门使用静态IP地址。
4、售后,商务部门统一使用动态DHCP获取IP地址,销售部门使用DHCP中继获取地址(中继服务器R1)。
5、只允许售后部门远程管理网络设备。
6、将Core核心设备管理远程(Telnet)映射到外网。
7、设备互联接口必须进行描述,描述格式:对端设备名称-对端设备接口。
8、出口路由器与核心交换机之间使用链路聚合。
9、开启端口隔离。
三、网络拓扑
1、客户网络拓扑:
四、项目规划
1、设备命名:
2、设备登录方式:
3、VLAN规划:
4、IP地址规划:
5、管理地址规划:
6、详细地址规划:
五、具体步骤
1、用户网关,设备网关均放在核心设备:
XAYC-Core-2950>enXAYC-Core-2950#configure XAYC-Core-2950(config)#vlan 10XAYC-Core-2950(config-vlan)#name yanfaXAYC-Core-2950(config-vlan)#exit XAYC-Core-2950(config)#vlan 20XAYC-Core-2950(config-vlan)#name xiaoshouXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 30XAYC-Core-2950(config-vlan)#name shangwuXAYC-Core-2950(config-vlan)#exit XAYC-Core-2950(config)#vlan 40XAYC-Core-2950(config-vlan)#name shouhouXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#vlan 100XAYC-Core-2950(config-vlan)#name manageXAYC-Core-2950(config-vlan)#exitXAYC-Core-2950(config)#int vlan 10XAYC-Core-2950(config-if-VLAN 10)#ip add 192.168.10.1255.255.255.0XAYC-Core-2950(config-if-VLAN 10)#exXAYC-Core-2950(config)#int vlan 20XAYC-Core-2950(config-if-VLAN 20)#ip add 192.168.20.1255.255.255.0XAYC-Core-2950(config-if-VLAN 20)#exXAYC-Core-2950(config)#int vlan 30XAYC-Core-2950(config-if-VLAN 30)#ip add 192.168.30.1255.255.255.0XAYC-Core-2950(config-if-VLAN 30)#exXAYC-Core-2950(config)#int vlan 40XAYC-Core-2950(config-if-VLAN 40)#ip add 192.168.40.1255.255.255.0XAYC-Core-2950(config-if-VLAN 40)#exXAYC-Core-2950(config)#int vlan 50XAYC-Core-2950(config-if-VLAN 50)#ip add 192.168.50.1255.255.255.0XAYC-Core-2950(config-if-VLAN 50)#exXAYC-Core-2950(config)#int vlan 100XAYC-Core-2950(config-if-VLAN 100)#ip add 192.168.100.254255.255.255.0XAYC-Core-2950(config-if-VLAN 100)#exXAYC-Core-2950(config)#int f0/3XAYC-Core-2950(config-if-FastEthernet 0/3)#switchport mode trunk XAYC-Core-2950(config)#int f0/5XAYC-Core-2950(config-if-FastEthernet 0/5)#switchport mode trunk XAYC-Core-2950(config)#int f0/7XAYC-Core-2950(config-if-FastEthernet 0/7)#switchport mode trunkXAYC-Core-2950(config-if-FastEthernet 0/7)#exitXAYC-Core-2950(config)#int f0/1XAYC-Core-2950(config-if-FastEthernet0/1)# ip address 192.168.1.1 255.255.255.0
2、统一设备命名,设备密码,远程登录方式,设备时间,设备日志:
XAYC-Core-2950(config)#line vty 0 5XAYC-Core-2950(config-line)#password adminXAYC-Core-2950(config-line)#exitXAYC-Core-2950(config)#enable password adminXAYC-Core-2950(config)#clocktimezone beijing 8XAYC-Core-2950(config)#exXAYC-Core-2950(config)#clocktimezone beijing 8XAYC-Core-2950(config)#exXAYC-Core-2950#clockset 16:02:00 6 21 2019XAYC-Core-2950(config)#logging file flash:syslog 7XAYC-Core-2950(config)#logging file flash:syslog 131072 XAYC-Core-2950(config)#logging buffered 131072XAYC-Core-2950(config)#logging userinfo command-logXAYC-Core-2950(config)#service sysnameXAYC-Core-2950(config)#service sequence-numbersXAYC-Core-2950(config)#service timestamps
3、配置DHCP服务:
XAYC-Core-2950(config)#service dhcpXAYC-Core-2950(config)#ip dhcp pool vlan30XAYC-Core-2950(dhcp-config)#network 192.168.30.0255.255.255.0XAYC-Core-2950(dhcp-config)#dns-server 8.8.8.8XAYC-Core-2950(dhcp-config)#default-router 192.168.30.1XAYC-Core-2950(dhcp-config)#exXAYC-Core-2950(config)#ip dhcp pool vlan40XAYC-Core-2950(dhcp-config)#network 192.168.40.0255.255.255.0XAYC-Core-2950(dhcp-config)#dns-server 8.8.8.8XAYC-Core-2950(dhcp-config)#default-router 192.168.40.1XAYC-Core-2950(dhcp-config)#exXAYC-Core-2950#ip route 0.0.0.0 0.0.0.0 192.168.1.1XAYC-R1-2950(config)#ip helper-address 192.168.1.2
4、配置远程管理服务,限制登录:
XAYC-Core-2950(config)#ip access-list standard 1XAYC-Core-2950(config-std-nacl)#permit 192.168.40.00.0.0.255XAYC-Core-2950(config-std-nacl)#exXAYC-Core-2950(config)#line vty 0 4
XAYC-Core-2950(config-line)#access-class 1 inXAYC-Core-2950(config-line)#exit
5、配置接入交换机网络接口:
>配置SW1接入交换机:
SW1>enSW1#configureterminalSW1(config)#hostname XAYC-YF-XS-2950XAYC-YF-XS-2950(config)#vlan10XAYC-YF-XS-2950(config-vlan)#name yanfaXAYC-YF-XS-2950(config-vlan)#vlan20XAYC-YF-XS-2950(config-vlan)#name xiaoshou XAYC-YF-XS-2950(config)#vlan100XAYC-YF-XS-2950(config-vlan)#name manageXAYC-YF-XS-2950(config-vlan)#exXAYC-YF-XS-2950(config)#intf0/1XAYC-YF-XS-2950(config-if-FastEthernet0/1)#switchport mode trunkXAYC-YF-XS-2950(config-if-FastEthernet0/1)#int f0/3XAYC-YF-XS-2950(config-if-FastEthernet0/3)#switchport mode accessXAYC-YF-XS-2950(config-if-FastEthernet0/3)#switchport access vlan 10XAYC-YF-XS-2950(config-if-FastEthernet0/3)#int f0/5XAYC-YF-XS-2950(config-if-FastEthernet0/5)#switchport mode accessXAYC-YF-XS-2950(config-if-FastEthernet0/5)#switchport access vlan 20XAYC-YF-XS-2950(config-if-FastEthernet0/3)#exXAYC-YF-XS-2950(config-vlan)#intvlan 100XAYC-YF-XS-2950(config-if-VLAN100)#ip address 192.168.100.1 255.255.255.0XAYC-YF-XS-2950(config-if-VLAN100)#ex
>配置SW2接入交换机:
SW2>enSW2#configureterminalSW2(config)#hostname XAYC-SW-SH-2950 XAYC-SW-SH-2950(config)#vlan30XAYC-SW-SH-2950(config-vlan)#name shangwuXAYC-SW-SH-2950(config-vlan)#exit XAYC-SW-SH-2950(config)#vlan40XAYC-SW-SH-2950(config-vlan)#name shouhouXAYC-SW-SH-2950(config-vlan)#exitXAYC-SW-SH-2950(config)#vlan100XAYC-SW-SH-2950(config-vlan)#name manageXAYC-SW-SH-2950(config-vlan)#exitXAYC-SW-SH-2950(config)#intf0/3XAYC-SW-SH-2950(config-if-FastEthernet0/3)#switchport mode accessXAYC-SW-SH-2950(config-if-FastEthernet0/3)#switchport access vlan 30XAYC-SW-SH-2950(config-if-FastEthernet0/3)#exitXAYC-SW-SH-2950(config)#intf0/5XAYC-SW-SH-2950(config-if-FastEthernet0/5)#switchport mode accessXAYC-SW-SH-2950(config-if-FastEthernet0/5)#switchport access vlan 40XAYC-SW-SH-2950(config-if-FastEthernet0/5)#exitXAYC-SW-SH-2950(config)#intf0/1XAYC-SW-SH-2950(config-if-FastEthernet0/1)#switchport mode trunkXAYC-SW-SH-2950(config-if-FastEthernet0/1)#exitXAYC-SW-SH-2950(config)#intvlan 100XAYC-SW-SH-2950(config-if-VLAN100)#ip address 192.168.100.2 255.255.255.0XAYC-SW-SH-2950(config-if-VLAN100)#exit
6、出口路由配置:
XAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet0/0)# ip address 192.168.1.2 255.255.255.0XAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet0/1)# ip address 100.100.17.1 255.255.255.0XAYC-R1-2950(config)#intf0/2XAYC-R1-2950(config-if-FastEthernet0/2)#ip address 100.1.1.1 255.255.255.0 XAYC-R1-2950(config-if-FastEthernet0/2)#exitXAYC-R1-2950(config)#ip access-list standard 1XAYC-R1-2950(config-std-nacl)#permit anyXAYC-R1-2950(config-std-nacl)#exXAYC-R1-2950(config)#ip nat pool 100.100.17.1100.100.17.2 netmask 255.255.255.0 XAYC-R1-2950(config)#ip nat inside source list 1 poolruijieXAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet 0/0)#ip nat insideXAYC-R1-2950(config-if-FastEthernet 0/0)#exXAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet 0/1)#ip nat outsideXAYC-R1-2950(config-if-FastEthernet 0/1)#exXAYC-R1-2950(config)#ip nat inside source static tcp 192.168.100.25423 100.100.17.1 2000XAYC-R1-2950(config)#ip route 192.168.0.0 255.255.0.0192.168.1.1
7、设备互联接口描述:
XAYC-Core-2950(config)#int f0/1XAYC-Core-2950(config-if-FastEthernet0/1)#description XAYC-R1-2950-f0/0XAYC-Core-2950(config-if-FastEthernet0/1)#int f0/7XAYC-Core-2950(config-if-FastEthernet0/7)#description XAYC-SERVER-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/7)#int f0/3XAYC-Core-2950(config-if-FastEthernet0/3)#description XAYC-YF-XS-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/3)#int f0/5XAYC-Core-2950(config-if-FastEthernet0/5)#description XAYC-SWSH-2950-f0/1XAYC-Core-2950(config-if-FastEthernet0/5)#exXAYC-Core-2950(config)#exXAYC- YF-XS-2950(config)#int f 0/1XAYC-YF-XS-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/3XAYC-YF-XS-2950(config-if-FastEthernet0/1)#exXAYC-SW-SH-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/5XAYC-SW-SH-2950(config-if-FastEthernet0/1)#exXAYC-SERVER-2950(config)#int f0/1XAYC-SERVER-2950(config-if-FastEthernet0/1)#description XAYC-Core-2950-f0/7XAYC-SERVER-2950(config-if-FastEthernet0/1)#exXAYC-R1-2950(config)#int f0/1XAYC-R1-2950(config-if-FastEthernet0/1)#description XAYC-R2-2950-f0/1XAYC-R1-2950(config-if-FastEthernet0/1)#ex XAYC-R1-2950(config)#int f0/0XAYC-R1-2950(config-if-FastEthernet0/0)#description XAYC-Core-2950-f0/1XAYC-R1-2950(config-if-FastEthernet0/0)#exXAYC-R2-2950(config)#int f0/1XAYC-R2-2950(config-if-FastEthernet0/1)#description XAYC-R1-2950-f0/1XAYC-R2-2950(config-if-FastEthernet 0/1)
8、防止私设DHCP服务:
XAYC-YF-XS-2950(config)#int f0/1XAYC-YF-XS-2950(config-if-FastEthernet 0/1)#ip dhcpsnooping trustXAYC-YF-XS-2950(config-if-FastEthernet 0/1)#exXAYC-SW-SH-2950(config)#int f0/1XAYC-SW-SH-2950(config-if-FastEthernet 0/1)#ip dhcpsnooping trustXAYC-SW-SH-2950(config-if-FastEthernet 0/1)#ex
9、开启端口隔离:
XAYC-YF-XS-2950(config)#int f0/3XAYC-YF-XS-2950(config-if-FastEthernet 0/3)#switchportport-securityXAYC-YF-XS-2950(config-if-FastEthernet 0/3)#exXAYC-YF-XS-2950(config)#int f0/5XAYC-YF-XS-2950(config-if-FastEthernet 0/5)#switchportport-securityXAYC-YF-XS-2950(config-if-FastEthernet 0/5)#exXAYC-SW-SH-2950(config)#int f0/3XAYC-SW-SH-2950(config-if-FastEthernet 0/3)#switchportport-securityXAYC-SW-SH-2950(config-if-FastEthernet 0/3)#exXAYC-SW-SH-2950(config)#int f0/5XAYC-SW-SH-2950(config-if-FastEthernet0/5)#switchport port-securityXAYC-SW-SH-2950(config-if-FastEthernet0/5)#ex
六、结果测试
1、售后远程管理设备:
2、商务不能远程管理设备:
3、测试网络连通性:
>测试商务连通性:
>测试核心交换机连通性:
>测试研发连通性:
>测试售后连通性:
>使用动态获取ip地址:
本文采摘于网络,不代表本站立场,转载联系作者并注明出处:https://www.5amiao.com/baike/1664.html
