網(wǎng)絡(luò)架構(gòu)圖如下：

創(chuàng)新互聯(lián)公司專注于企業(yè)網(wǎng)絡(luò)營銷推廣、網(wǎng)站重做改版、合肥網(wǎng)站定制設(shè)計、自適應(yīng)品牌網(wǎng)站建設(shè)、H5響應(yīng)式網(wǎng)站、成都做商城網(wǎng)站、集團(tuán)公司官網(wǎng)建設(shè)、外貿(mào)網(wǎng)站建設(shè)、高端網(wǎng)站制作、響應(yīng)式網(wǎng)頁設(shè)計等建站業(yè)務(wù)，價格優(yōu)惠性價比高，為合肥等各大城市提供網(wǎng)站開發(fā)制作服務(wù)。

一 網(wǎng)絡(luò)架構(gòu)方案設(shè)計

1.1 方案說明

• 公司網(wǎng)絡(luò)由核心層和接入層組成，核心層為網(wǎng)絡(luò)的骨干部分。

• 不同部門使用不同的VLAN

• 把vlan154中的服務(wù)器發(fā)布到外網(wǎng)，并使VM1可以訪問

• 使vlan155網(wǎng)段可以訪問外網(wǎng)

• 管理vlan為vlan100

• 使用ACL增強(qiáng)網(wǎng)絡(luò)的安全性

1.2 IP地址規(guī)劃

vlan154：172.16.154.0/24    網(wǎng)關(guān)：172.16.154.254

vlan155：172.16.155.0/24    網(wǎng)關(guān)：172.16.155.254

vlan100：172.16.100.0/24    網(wǎng)關(guān)：172.16.100.254

二 方案的實施

建立vlan、配置VTP同步，sw1和sw2操作一致：

SW_R(config)#hostname sw_r

sw_r(config)#ip routing

sw_r(config)#vlan 100

sw_r(config-vlan)#vlan 154

sw_r(config-vlan)#vlan 155

sw_r#show vlan-switch

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/0, Fa1/1, Fa1/2, Fa1/3

                        Fa1/4, Fa1/5, Fa1/6, Fa1/7

                        Fa1/8, Fa1/9, Fa1/10, Fa1/11

                        Fa1/12, Fa1/13, Fa1/14, Fa1/15

100  VLAN0100             active

154  VLAN0154             active

155  VLAN0155             active

sw_r(config)#int range f1/1 , f1/3

sw_r(config-if-range)#sw mode trunk

sw_r(config)#vtp domain cisco

sw_r(config)#vtp password cisco

sw_r(config)#vtp mode server

sw_r(config)#vtp pruning

sw1(config)#hostname sw1

sw1(config)#int f1/1

sw1(config-if)#sw mo tr

sw1(config)#vtp domain cisco

sw1(config)#vtp password cisco

sw1(config)#vtp mode client

sw1#show vlan-switch

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/0, Fa1/2, Fa1/3, Fa1/4

                        Fa1/5, Fa1/6, Fa1/7, Fa1/8

                        Fa1/9, Fa1/10, Fa1/11, Fa1/12

                        Fa1/13, Fa1/14, Fa1/15

100  VLAN0100             active

154  VLAN0154             active

155  VLAN0155             active

sw1(config)#int range f1/2 - 10

sw1(config-if-range)#sw mo access

sw1(config-if-range)#sw ac vlan 154

sw1(config)#int range f1/11 - 15

sw1(config-if-range)#sw mo access

sw1(config-if-range)#sw ac vlan 155

sw1#show vlan-switch

VLAN Name               Status   Ports

---- -------------------------------- --------- -------------------------------

1   default              active   Fa1/0

100  VLAN0100             active

154  VLAN0154             active   Fa1/2, Fa1/3, Fa1/4, Fa1/5

                        Fa1/6, Fa1/7, Fa1/8, Fa1/9

                        Fa1/10

155  VLAN0155             active   Fa1/11, Fa1/12, Fa1/13, Fa1/14

                        Fa1/15

sw1#show int trunk

Port    Mode     Encapsulation  Status     Native vlan

Fa1/1   on      802.1q     trunking    1

Port    Vlans allowed on trunk

Fa1/1   1-1005

配置IP地址：

sw_r(config)#int f1/4

sw_r(config-if)#no switchport

sw_r(config-if)#ip add 192.168.1.1 255.255.255.252

sw_r(config-if)#no sh

sw_r(config)#int vlan 100

sw_r(config-if)#ip add 172.16.100.254 255.255.255.0

sw_r(config-if)#no sh

sw_r(config-if)#int vlan 154

sw_r(config-if)#ip add 172.16.154.254 255.255.255.0

sw_r(config-if)#no sh

sw_r(config-if)#int vlan 155

sw_r(config-if)#ip add 172.16.155.254 255.255.255.0

sw_r(config-if)#no sh

sw_r#show ip int brief

Interface          IP-Address    OK? Method Status         Protocol

FastEthernet0/0       unassigned    YES unset  administratively down down

FastEthernet0/1       unassigned    YES unset  administratively down down

FastEthernet1/0       unassigned    YES unset  up           down

FastEthernet1/1       unassigned    YES unset  up           up

FastEthernet1/2       unassigned    YES unset  up           down

FastEthernet1/3       unassigned    YES unset  up           up

FastEthernet1/4       192.168.1.1   YES manual up           up

FastEthernet1/5       unassigned    YES unset  up           down

FastEthernet1/6       unassigned    YES unset  up           down

FastEthernet1/7       unassigned    YES unset  up           down

FastEthernet1/8       unassigned    YES unset  up           down

FastEthernet1/9       unassigned    YES unset  up           down

FastEthernet1/10      unassigned    YES unset  up           down

FastEthernet1/11      unassigned    YES unset  up           down

FastEthernet1/12      unassigned    YES unset  up           down

FastEthernet1/13      unassigned    YES unset  up           down

FastEthernet1/14      unassigned    YES unset  up           down

FastEthernet1/15      unassigned    YES unset  up           down

Vlan1            unassigned    YES unset  up           up

Vlan100           172.16.100.254  YES manual up           up

Vlan154           172.16.154.254  YES manual up           up

Vlan155           172.16.155.254  YES manual up           up

ROUTER(config)#hostname router

router(config)#int f0/0

router(config-if)#ip add 192.168.1.2 255.255.255.252

router(config-if)#no sh

router(config-if)#int f1/0

router(config-if)#ip add 10.1.1.1 255.255.255.252

router(config-if)#no sh

router(config-if)#end

router#show ip int b

Interface          IP-Address    OK? Method Status         Protocol

FastEthernet0/0       192.168.1.2   YES manual up           up

FastEthernet1/0       10.1.1.1     YES manual up           up

FastEthernet2/0       unassigned    YES unset  administratively down down

router#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/64 ms

sw1(config-if)#int vlan 100

sw1(config-if)#ip add 172.16.100.1 255.255.255.0

sw1(config-if)#no sh

sw1(config)#ip default-gateway 172.16.100.254

sw1#show ip int Vlan 100

Vlan100 is up, line protocol is up

 Internet address is 172.16.100.1/24

 Broadcast address is 255.255.255.255

 Address determined by setup command

 MTU is 1500 bytes

...

sw1# ping 172.16.100.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:

!!!!!

sw3(config)#int vlan 100

sw3(config-if)#ip add 172.16.100.3 255.255.255.0

sw3(config-if)#no sh

sw3(config)#ip default-gateway 172.16.100.254

sw3#sh ip int vlan 100

Vlan100 is up, line protocol is up

 Internet address is 172.16.100.3/24

 Broadcast address is 255.255.255.255

 Address determined by setup command

...

sw3#ping 172.16.100.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:

.!!!!

Internet(config)#hostname Internet

Internet(config)#int f0/0

Internet(config-if)#ip add 10.1.1.2 255.255.255.252

Internet(config-if)#no sh

Internet(config-if)#int f1/0

Internet(config-if)#ip add 10.1.1.5 255.255.255.252

Internet(config-if)#no sh

Internet#sh ip int b

Interface          IP-Address    OK? Method Status         Protocol

FastEthernet0/0       10.1.1.2     YES manual up           up

FastEthernet1/0       10.1.1.5     YES manual up           up

Internet#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 20/34/48 ms

R8(config)#hostname R8

R8(config)#int f0/0

R8(config-if)#ip add 10.1.1.6 255.255.255.252

R8(config-if)#no sh

R8(config-if)#int f1/0

R8(config-if)#ip add 192.168.60.254 255.255.255.0

R8(config-if)#no sh

配置路由：

sw_r(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2

router(config)#ip route 172.16.100.0 255.255.255.0 192.168.1.1

router(config)#ip route 172.16.154.0 255.255.255.0 192.168.1.1

router(config)#ip route 172.16.155.0 255.255.255.0 192.168.1.1

R8(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.5

在核心交換機(jī)上配置DHCP服務(wù)

sw_r(config)#ip dhcp pool vlan154

sw_r(dhcp-config)#network 172.16.154.0 255.255.255.0

sw_r(dhcp-config)#default-router 172.16.154.254

sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133

sw_r(config)#ip dhcp excluded-address 172.16.154.254

sw_r(config)#ip dhcp pool vlan155

sw_r(dhcp-config)#network 172.16.155.0 255.255.255.0

sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133

sw_r(dhcp-config)#default-router 172.16.155.254

sw_r(config)#ip dhcp excluded-address 172.16.155.254

vlan155的主機(jī)獲取到IP：

R6(config)#int f0/0

R6(config-if)#ip add dhcp

R6#sh ip int b

Interface          IP-Address    OK? Method Status         Protocol

FastEthernet0/0       172.16.155.1   YES DHCP  up           up

FastEthernet0/1       unassigned    YES unset  administratively down down

配置NAT允許vlan155訪問外網(wǎng)

ROUTER(config)#access-list 1 permit 172.16.155.0 0.0.0.255

ROUTER(config)#ip nat inside source list 1 interface f1/0 overload

ROUTER(config)#int f1/0

ROUTER(config-if)#ip nat outside

ROUTER(config)#int f0/0

ROUTER(config-if)#ip nat inside

R6#ping 10.1.1.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/68/128 ms

查看NAT的統(tǒng)計信息：

ROUTER#sh ip nat statistics

Total active translations: 2 (0 static, 2 dynamic; 2 extended)

Outside interfaces:

 FastEthernet1/0

Inside interfaces:

 FastEthernet0/0

Hits: 54  Misses: 6

CEF Translated packets: 60, CEF Punted packets: 0

Expired translations: 4

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface FastEthernet1/0 refcount 2

Appl doors: 0

Normal doors: 0

Queued Packets: 0

查看當(dāng)前存在的NAT轉(zhuǎn)換條目，前提是有數(shù)據(jù)包進(jìn)行轉(zhuǎn)換（如果沒有數(shù)據(jù)包轉(zhuǎn)換，只能顯示靜態(tài)NAT條目）

ROUTER#sh ip nat translations

Pro Inside global    Inside local    Outside local    Outside global

icmp 10.1.1.1:20    172.16.155.1:20   10.1.1.6:20     10.1.1.6:20

icmp 10.1.1.1:21    172.16.155.1:21   10.1.1.6:21     10.1.1.6:21

icmp 10.1.1.1:22    172.16.155.1:22   10.1.1.6:22     10.1.1.6:22

對NAT進(jìn)行監(jiān)控：

ROUTER#sh ip nat translations verbose

Pro Inside global    Inside local    Outside local    Outside global

icmp 10.1.1.1:24    172.16.155.1:24   10.1.1.6:24     10.1.1.6:24

  create 00:00:03, use 00:00:03 timeout:60000, left 00:00:56, Map-Id(In): 1,

  flags:

extended, use_count: 0, entry-id: 17, lc_entries: 0

向外網(wǎng)發(fā)布Web服務(wù)器：

ROUTER(config)#ip nat inside source static tcp 172.16.154.1 80 10.1.1.1 80 extendable

查看靜態(tài)ANT條目：

ROUTER#sh ip nat translations

Pro Inside global    Inside local    Outside local    Outside global

tcp 10.1.1.1:80     172.16.154.1:80   ---         ---

在Web服務(wù)器上開放80端口

在客戶端訪問：

配置telnet遠(yuǎn)程管理：

ROUTER(config)#line vty 0 4

ROUTER(config-line)#password cisco

ROUTER(config-line)#login

ROUTER(config)#enable secret cisco

配置SSH遠(yuǎn)程管理：

sw1(config)#ip domain-name cisco.com

sw1(config)#username best password best1

sw1(config)#crypto key generate rsa general-keys modulus 1024

sw1(config)#ip ssh version 2

sw1(config)#line vty 0 4

sw1(config-line)#login local

sw1(config-line)#transport input ssh                    #只允許SSH登陸

登陸方式：

Cisco網(wǎng)絡(luò)設(shè)備：ssh -l best 192.168.1.1

Xshell：ssh 172.16.100.254

配置console登陸密碼：

sw1(config)#line console 0

sw1(config-line)#password cisco

sw1(config-line)#login

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價比高”等特點與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

分享題目：Cisco之中小型企業(yè)網(wǎng)絡(luò)-創(chuàng)新互聯(lián)
URL標(biāo)題：http://www.rwnh.cn/article24/doeoje.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)站改版、小程序開發(fā)、營銷型網(wǎng)站建設(shè)、企業(yè)網(wǎng)站制作、全網(wǎng)營銷推廣、關(guān)鍵詞優(yōu)化

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)