提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
前言
结合学习到的各个网络技术模块的知识,完成一个中小型企业组网项目作为学习成果检验与总结。
一、项目需求:
公司由四个部门组成,分别是总经理室、财务部、研发部、人力资源部。
详细需求包含以下几点:
1、研发部为机要部门,为保证研发信息不外泄,禁止其部门人员访问外网 。
2、为各部门设置VLAN,总经理室VLAN可与各部门互通网络,其他各部门之间不允许与VLAN 20网络互通。
3、公司架设Web服务器,对Internet提供公司的形象和电子商务服务。
4、为保证安全,Internet与公司内部网络间应该采用防护措施,防止外界对内部网络未经授权的访问。
二、拓扑设计
1.网络规划拓扑
2.IP与VLAN规划
名称 | 所属VLAN | 网段 |
---|---|---|
总经理室 | 10 | 192.168.10.0/24 |
研发部 | 20 | 192.168.20.0/24 |
财务部 | 30 | 192.168.30.0/24 |
人力部 | 40 | 192.168.40.0/24 |
SW1-SW2 | 50 | 192.168.50.0/24 |
SW1-FW1 | 60 | 192.168.60.0/24 |
SW2-FW1 | 70 | 192.168.70.0/24 |
3.详细配置
3.1 接入层交换机配置
#
sysname LSW5
#
vlan batch 10 20
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
#
sysname LSW6
#
vlan batch 30 40
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 30
#
interface Ethernet0/0/2
port link-type access
port default vlan 40
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
3.2 汇聚层配置
#
sysname LSW3
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name huawei.com
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
#
sysname LSW4
#
vlan batch 30 40
#
stp region-configuration
region-name huawei.com
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
3.3 核心层配置
#
sysname LSW1
#
vlan batch 10 20 30 40 50 60 70 80 90
#
stp instance 1 root primary
stp instance 2 root secondary
#
lacp priority 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
stp region-configuration
region-name huawei.com
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
acl number 3001
rule 5 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 10 deny ip source 192.168.40.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
#
traffic classifier tcl operator and
if-match acl 3001
#
traffic behavior tbl
deny
#
traffic policy tpl
classifier tcl behavior tbl
#
drop-profile default
#
ip pool pool1
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 114.114.114.114
#
ip pool pool2
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 114.114.114.114
#