Outline
In this project, I need to apply some related knowledge about networks, such as the configuration of switch and router, to establishing the simulation campus network. This is my individual undergraduate internship project from June 2017 to July 2017 and in this internship experience, I won the “Excellent Intern” award.
Screenshot
| Dormitory | Network segment | Engineering Buildings | Network segment | Teaching Buildings | Network segment | Dining Halls | Network segment |
|---|---|---|---|---|---|---|---|
| bldg.1 | 10.1.8.0/24 | bldg.1 | 10.1.2.0/24 | bldg.1 | 10.1.1.0/24 | new hall f.1 | 10.1.25.0/24 |
| bldg.2 | 10.1.9.0/24 | bldg.2 | 10.1.2.0/24 | bldg.2 | 10.1.1.0/24 | new hall f.2 | 10.1.26.0/24 |
| bldg.3 | 10.1.10.0/24 | bldg.3 | 10.1.2.0/24 | bldg.3 | 10.1.1.0/24 | new hall f.3 | 10.1.27.0/24 |
| bldg.4 | 10.1.11.0/24 | bldg.4 | 10.1.2.0/24 | bldg.4 | 10.1.1.0/24 | old hall f.1 | 10.1.28.0/24 |
| bldg.5 | 10.1.12.0/24 | bldg.5 | 10.1.2.0/24 | bldg.5 | 10.1.1.0/24 | old hall f.2 | 10.1.29.0/24 |
| bldg.6 | 10.1.13.0/24 | bldg.6 | 10.1.2.0/24 | bldg.6 | 10.1.1.0/24 | old hall f.3 | 10.1.30.0/24 |
| bldg.7 | 10.1.14.0/24 | bldg.7 | 10.1.2.0/24 | ||||
| bldg.8 | 10.1.15.0/24 | ||||||
| bldg.9 | 10.1.16.0/24 | ||||||
| bldg.10 | 10.1.17.0/24 | ||||||
| bldg.11 | 10.1.18.0/24 | ||||||
| bldg.12 | 10.1.19.0/24 | ||||||
| bldg.13 | 10.1.20.0/24 | ||||||
| bldg.14 | 10.1.21.0/24 | ||||||
| bldg.15 | 10.1.22.0/24 | ||||||
| bldg.16 | 10.1.23.0/24 | ||||||
| bldg.17 | 10.1.24.0/24 |
| Administration Building | Network segment | Library | Network segment | DMZ | Network segment |
|---|---|---|---|---|---|
| 1&2 floor | 10.1.5.0/24 | 1&2 floor | 10.1.3.0/24 | 10.4.1.0/24 | |
| 3&4 floor | 10.1.6.0/24 | 3&4 floor | 10.1.4.0/24 | ||
| 5&6 floor | 10.1.7.0/24 |
Environment
Cisco Packet Tracer:
It is an auxiliary learning tool released by Cisco, which provides a network simulation environment for beginners learning Cisco network courses to design, configure, and troubleshoot network failures. Users can directly use the drag-and-drop method on the graphical user interface of the software to establish a network topology and can provide detailed processing of data packets traveling in the network, and observe the real-time operation of the network. You can learn IOS configuration and exercise troubleshooting capabilities.
https://baike.baidu.com/item/Cisco%20Packet%20Tracer/1423859?fr=aladdin
Protocol
VTP ( VLAN Trunking Protocol ) :
It is a Cisco proprietary protocol. Since many switches are in the network of the company, the workload of the VLAN configuration is heavy. You can use the VTP protocol to configure one switch as a VTP server, and the other switches as VTP clients, so that they can automatically learn the VLAN information on the server.
LACP ( Link Aggregation Control Protocol ) :
It is a layer 2 control protocol that can be used to automatically detect, configure, and manage, as one logical link, multiple physical links between two adjacent LACP enabled devices.
NAT ( Network Address Translation ) :
It is a technology that reconnects the IP address or destination IP address when an IP data packet passes through a router or firewall. This technique is commonly used in private networks that have multiple hosts but only access through one public IP address. It is a convenient and widely used technology.
EIGRP ( Enhanced Interior Gateway Routing Protocol ) :
It combines the Link State and Distance Vector Routing Protocol of Cisco’s proprietary protocol. It uses the DUAL to achieve rapid convergence. Periodic routing update information will not be sent to reduce bandwidth occupation. It supports Appletalk, IP, Novell And NetWare, and other network-layer protocols.
Reference:
https://baike.baidu.com/item/VTP/2235627?fr=aladdin
https://wiki.wireshark.org/LinkAggregationControlProtocol
https://baike.baidu.com/item/网络地址转换/2985755?fr=aladdin
https://baike.baidu.com/item/EIGRP/321594?fr=aladdin
Configuration
- Configure the vtp of all three-layer switches into 2 server mode and 7 client mode respectively:
vtp domain XGD
vtp mode client(server)
vtp password cisco
(vtp version 2)
-
Configure all trunks. Trunking is used to connect different switches to ensure that the pc in the same VLAN which is divided by switches can communicate with each other. The port for these switches to connect is Trunk port. VLAN means a group of logical devices and users, and these devices and users are not restricted by physical location.
For three-layer switch:
switchport trunk encapsulation dotlq
For two-layer switch:
switchport mode trunk
- Apply LACP protocol to the core three-layer switch.
channel-protocol lacp
channel-group 12 mode active
- The network of the core three-layer switch on the left hand is divided into VLAN 8,9,10. The network of the core three-layer switch on the right hand is divided into VLAN 1 to 5. The network of the administrative building is divided into VLAN 6,7. The network of DMZ is VLAN 11. Take the configuration of VLAN 2 as an example:
int vlan 2
ip add 10.1.1.254 255.255.255.0 --(gateway+ subnet mask)
- Use computer to simulate a network segment, and configure VLAN for the corresponding layer 2 switch according to the division of each area.
switchport mode access
switchport access vlan 1
- Hot backup gateway technology, another gateway is prepared and when a gateway is broken down, the backup gateway will work instead. Here, I configure redundant networks belonging to the administrative building and DMZ area on the two core three-layer switches, namely VLAN 6, 7, 8. The standby gateway of VLAN 6, 8 is the three-layer switch on the right. The standby gateway of vlan7 is the three-layer switch on the left. Steps of configuration are as follows:
int vlan 8
ip add 10.4.1.252 255.255.255.0
standby 1 ip 10.4.1.254
standby 1 preempt
standby 1 priority 200
standby 1 track f0/1
Configuration of back-up gateway:
int vlan 8
ip add 10.4.1.253 255.255.255.0
standby 1 ip 10.4.1.254
standby 1 preempt
standby 1 priority 191
standby 1 track f0/1
- Spanning tree technology, which means when a loop occurs in the network, the protocol can use a spanning tree algorithm to logically disconnect one of the connections, making it a backup line.
spanning-tree mode pvst
spanning-tree vlan 8 priority 0
Configure the spanning tree of a backup gateway:(4096 is the second smallest)
spanning-tree mode pvst
spanning-tree vlan 8 priority 4096
- Do EIGRP declaration of two core three-layer switches and all routers to achieve eigrp topology of the whole network
router eigrp 100
no auto-summary
network (subnet) (anti-mask)
- Configure NAT to achieve the access from the external network to the internal network.
Result
When a message has been sent between two computers, I can track it and obtain the following results.
Advantage
- Realize the hot backup gateway technology to improve the security and reliability of the administrative building and DMZ network;
- Each building has at least one switch, so as to reduce the line length and reduce the line overhead, to achieve the purpose of saving labor costs;
- Use the NAT protocol to control access to the external network to ensure safety.
In short, the modules are complete, safe, and reliable, and cost-effective.
Conclusion
In this blog, I mainly introduced my campus network design and showed some main steps of how to configure. In addition, in this project, I find the basic knowledge of the network is really important, that is, to figure out what function a network component can do rather than just remember the command lines to configure. During the process of configuration, more patience is needed to check every step of configuration when some problem occurs in the system. In the future, I will study more theory knowledge about the network to reinforce my ability and design a more secure network from a more comprehensive perspective. Thanks for reading!
2012
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
