網(wǎng)絡(luò)架構(gòu)圖如下:
一 網(wǎng)絡(luò)架構(gòu)方案設(shè)計
1.1 方案說明
公司網(wǎng)絡(luò)由核心層和接入層組成,核心層為網(wǎng)絡(luò)的骨干部分。
不同部門使用不同的VLAN
把vlan154中的服務(wù)器發(fā)布到外網(wǎng),并使VM1可以訪問
使vlan155網(wǎng)段可以訪問外網(wǎng)
管理vlan為vlan100
使用ACL增強網(wǎng)絡(luò)的安全性
1.2 IP地址規(guī)劃
vlan154:172.16.154.0/24 網(wǎng)關(guān):172.16.154.254
vlan155:172.16.155.0/24 網(wǎng)關(guān):172.16.155.254
vlan100:172.16.100.0/24 網(wǎng)關(guān):172.16.100.254
二 方案的實施
建立vlan、配置VTP同步,sw1和sw2操作一致:
SW_R(config)#hostname sw_r
sw_r(config)#ip routing
sw_r(config)#vlan 100
sw_r(config-vlan)#vlan 154
sw_r(config-vlan)#vlan 155
sw_r#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3
Fa1/4, Fa1/5, Fa1/6, Fa1/7
Fa1/8, Fa1/9, Fa1/10, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active
154 VLAN0154 active
155 VLAN0155 active
sw_r(config)#int range f1/1 , f1/3
sw_r(config-if-range)#sw mode trunk
sw_r(config)#vtp domain cisco
sw_r(config)#vtp password cisco
sw_r(config)#vtp mode server
sw_r(config)#vtp pruning
sw1(config)#hostname sw1
sw1(config)#int f1/1
sw1(config-if)#sw mo tr
sw1(config)#vtp domain cisco
sw1(config)#vtp password cisco
sw1(config)#vtp mode client
sw1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4
Fa1/5, Fa1/6, Fa1/7, Fa1/8
Fa1/9, Fa1/10, Fa1/11, Fa1/12
Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active
154 VLAN0154 active
155 VLAN0155 active
sw1(config)#int range f1/2 - 10
sw1(config-if-range)#sw mo access
sw1(config-if-range)#sw ac vlan 154
sw1(config)#int range f1/11 - 15
sw1(config-if-range)#sw mo access
sw1(config-if-range)#sw ac vlan 155
sw1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0
100 VLAN0100 active
154 VLAN0154 active Fa1/2, Fa1/3, Fa1/4, Fa1/5
Fa1/6, Fa1/7, Fa1/8, Fa1/9
Fa1/10
155 VLAN0155 active Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
sw1#show int trunk
Port Mode Encapsulation Status Native vlan
Fa1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa1/1 1-1005
配置IP地址:
sw_r(config)#int f1/4
sw_r(config-if)#no switchport
sw_r(config-if)#ip add 192.168.1.1 255.255.255.252
sw_r(config-if)#no sh
sw_r(config)#int vlan 100
sw_r(config-if)#ip add 172.16.100.254 255.255.255.0
sw_r(config-if)#no sh
sw_r(config-if)#int vlan 154
sw_r(config-if)#ip add 172.16.154.254 255.255.255.0
sw_r(config-if)#no sh
sw_r(config-if)#int vlan 155
sw_r(config-if)#ip add 172.16.155.254 255.255.255.0
sw_r(config-if)#no sh
sw_r#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset up down
FastEthernet1/1 unassigned YES unset up up
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up up
FastEthernet1/4 192.168.1.1 YES manual up up
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up down
Vlan1 unassigned YES unset up up
Vlan100 172.16.100.254 YES manual up up
Vlan154 172.16.154.254 YES manual up up
Vlan155 172.16.155.254 YES manual up up
ROUTER(config)#hostname router
router(config)#int f0/0
router(config-if)#ip add 192.168.1.2 255.255.255.252
router(config-if)#no sh
router(config-if)#int f1/0
router(config-if)#ip add 10.1.1.1 255.255.255.252
router(config-if)#no sh
router(config-if)#end
router#show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.2 YES manual up up
FastEthernet1/0 10.1.1.1 YES manual up up
FastEthernet2/0 unassigned YES unset administratively down down
router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/64 ms
sw1(config-if)#int vlan 100
sw1(config-if)#ip add 172.16.100.1 255.255.255.0
sw1(config-if)#no sh
sw1(config)#ip default-gateway 172.16.100.254
sw1#show ip int Vlan 100
Vlan100 is up, line protocol is up
Internet address is 172.16.100.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
...
sw1# ping 172.16.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:
!!!!!
sw3(config)#int vlan 100
sw3(config-if)#ip add 172.16.100.3 255.255.255.0
sw3(config-if)#no sh
sw3(config)#ip default-gateway 172.16.100.254
sw3#sh ip int vlan 100
Vlan100 is up, line protocol is up
Internet address is 172.16.100.3/24
Broadcast address is 255.255.255.255
Address determined by setup command
...
sw3#ping 172.16.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:
.!!!!
Internet(config)#hostname Internet
Internet(config)#int f0/0
Internet(config-if)#ip add 10.1.1.2 255.255.255.252
Internet(config-if)#no sh
Internet(config-if)#int f1/0
Internet(config-if)#ip add 10.1.1.5 255.255.255.252
Internet(config-if)#no sh
Internet#sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.2 YES manual up up
FastEthernet1/0 10.1.1.5 YES manual up up
Internet#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/34/48 ms
R8(config)#hostname R8
R8(config)#int f0/0
R8(config-if)#ip add 10.1.1.6 255.255.255.252
R8(config-if)#no sh
R8(config-if)#int f1/0
R8(config-if)#ip add 192.168.60.254 255.255.255.0
R8(config-if)#no sh
配置路由:
sw_r(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
router(config)#ip route 172.16.100.0 255.255.255.0 192.168.1.1
router(config)#ip route 172.16.154.0 255.255.255.0 192.168.1.1
router(config)#ip route 172.16.155.0 255.255.255.0 192.168.1.1
R8(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.5
在核心交換機上配置DHCP服務(wù)
sw_r(config)#ip dhcp pool vlan154
sw_r(dhcp-config)#network 172.16.154.0 255.255.255.0
sw_r(dhcp-config)#default-router 172.16.154.254
sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133
sw_r(config)#ip dhcp excluded-address 172.16.154.254
sw_r(config)#ip dhcp pool vlan155
sw_r(dhcp-config)#network 172.16.155.0 255.255.255.0
sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133
sw_r(dhcp-config)#default-router 172.16.155.254
sw_r(config)#ip dhcp excluded-address 172.16.155.254
vlan155的主機獲取到IP:
R6(config)#int f0/0
R6(config-if)#ip add dhcp
R6#sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.155.1 YES DHCP up up
FastEthernet0/1 unassigned YES unset administratively down down
配置NAT允許vlan155訪問外網(wǎng)
ROUTER(config)#access-list 1 permit 172.16.155.0 0.0.0.255
ROUTER(config)#ip nat inside source list 1 interface f1/0 overload
ROUTER(config)#int f1/0
ROUTER(config-if)#ip nat outside
ROUTER(config)#int f0/0
ROUTER(config-if)#ip nat inside
R6#ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/68/128 ms
查看NAT的統(tǒng)計信息:
ROUTER#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 2 extended)
Outside interfaces:
FastEthernet1/0
Inside interfaces:
FastEthernet0/0
Hits: 54 Misses: 6
CEF Translated packets: 60, CEF Punted packets: 0
Expired translations: 4
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet1/0 refcount 2
Appl doors: 0
Normal doors: 0
Queued Packets: 0
查看當(dāng)前存在的NAT轉(zhuǎn)換條目,前提是有數(shù)據(jù)包進行轉(zhuǎn)換(如果沒有數(shù)據(jù)包轉(zhuǎn)換,只能顯示靜態(tài)NAT條目)
ROUTER#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.1.1.1:20 172.16.155.1:20 10.1.1.6:20 10.1.1.6:20
icmp 10.1.1.1:21 172.16.155.1:21 10.1.1.6:21 10.1.1.6:21
icmp 10.1.1.1:22 172.16.155.1:22 10.1.1.6:22 10.1.1.6:22
對NAT進行監(jiān)控:
ROUTER#sh ip nat translations verbose
Pro Inside global Inside local Outside local Outside global
icmp 10.1.1.1:24 172.16.155.1:24 10.1.1.6:24 10.1.1.6:24
create 00:00:03, use 00:00:03 timeout:60000, left 00:00:56, Map-Id(In): 1,
flags:
extended, use_count: 0, entry-id: 17, lc_entries: 0
向外網(wǎng)發(fā)布Web服務(wù)器:
ROUTER(config)#ip nat inside source static tcp 172.16.154.1 80 10.1.1.1 80 extendable
查看靜態(tài)ANT條目:
ROUTER#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 10.1.1.1:80 172.16.154.1:80 --- ---
在Web服務(wù)器上開放80端口
在客戶端訪問:
配置telnet遠程管理:
ROUTER(config)#line vty 0 4
ROUTER(config-line)#password cisco
ROUTER(config-line)#login
ROUTER(config)#enable secret cisco
配置SSH遠程管理:
sw1(config)#ip domain-name cisco.com
sw1(config)#username best password best1
sw1(config)#crypto key generate rsa general-keys modulus 1024
sw1(config)#ip ssh version 2
sw1(config)#line vty 0 4
sw1(config-line)#login local
sw1(config-line)#transport input ssh #只允許SSH登陸
登陸方式:
Cisco網(wǎng)絡(luò)設(shè)備:ssh -l best 192.168.1.1
Xshell:ssh 172.16.100.254
配置console登陸密碼:
sw1(config)#line console 0
sw1(config-line)#password cisco
sw1(config-line)#login
另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無理由+7*72小時售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機、免備案服務(wù)器”等云主機租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價比高”等特點與優(yōu)勢,專為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場景需求。
分享題目:Cisco之中小型企業(yè)網(wǎng)絡(luò)-創(chuàng)新互聯(lián)
URL標(biāo)題:http://www.chinadenli.net/article24/doeoje.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站改版、小程序開發(fā)、營銷型網(wǎng)站建設(shè)、企業(yè)網(wǎng)站制作、全網(wǎng)營銷推廣、關(guān)鍵詞優(yōu)化
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)