小型园区网络设计
关键字:ACL,单臂路由,NAT地址转换,子接口,VLAN,DHCP,DNS,Web
园区网络要求:
-
A公司为电商公司,包含设计部、生产部、销售部(销售部除了有线下销售渠道外,还有自己的线上商城网站销售渠道)
-
B公司为游戏公司,包含开发部、运维部、运营部,公司近期上线了一款农场类的web页面游戏
-
从安全等角度考虑A、B公司内部各部门放到不同的vlan中,部门之间可以通信,A、B两公司之间网络隔离,
-
由于A公司使用的商城系统是由B公司开发的并将运维工作交给B公司,因此A公司的销售部与B公司的运维部可以相互通信。
-
A公司销售部与B公司运营部可以访问外网
- 一 、说明
- 1、A公司采用vlan划分子网,做的是单臂路由
- 2、A公司用那么多交换机纯粹是因为我有强迫症,为了好看。实际情况下用一个就可以了。
- 3、B公司用路由器划分子网
- 二、代码
- A公司交换机
Switch#show running-config
Building configuration...
Current configuration : 1157 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
!
interface FastEthernet0/3
switchport access vlan 10
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
end
这是第一个交换机,另外两个同理,只不过是划分接口到不同的vlan。
- A公司网关路由器
Router#show running-config
Building configuration...
Current configuration : 1446 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX1524DCC6
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.110.2 255.255.255.0
ip access-group 1 in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip access-group 1 out
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.110.4
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.110.4
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.110.4
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 0040.0bcd.7301
no ip address
!
router rip
network 192.168.10.0
network 192.168.20.0
network 192.168.30.0
network 192.168.110.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.110.3
!
ip flow-export version 9
!
access-list 1 deny 192.168.50.0 0.0.0.255
access-list 1 deny 192.168.60.0 0.0.0.255
access-list 1 permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
这上面做了ACL规则,用来禁止两个公司之间的相互访问。
- B公司从左往右第一个路由器
Router#show running-config
Building configuration...
Current configuration : 852 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX1524K3MQ
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.90.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.80.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.40.254 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.40.0
network 192.168.80.0
network 192.168.90.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.90.2
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
- B公司从左往右第二个路由器
Building configuration...
Current configuration : 813 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX15247XB8
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.80.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.70.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 192.168.50.254 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.50.0
network 192.168.70.0
network 192.168.80.0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
- B公司从左往右第三个路由器
Router#show running-config
Building configuration...
Current configuration : 777 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX1524VUG5
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.70.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.60.254 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.60.0
network 192.168.70.0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
- B公司网关路由器
Router#show running-config
Building configuration...
Current configuration : 961 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX1524200Q
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.110.1 255.255.255.0
ip access-group 2 in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.90.2 255.255.255.0
ip access-group 2 out
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.90.0
network 192.168.110.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.110.3
!
ip flow-export version 9
!
access-list 2 deny host 192.168.10.0
access-list 2 deny host 192.168.20.0
access-list 2 permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
- 局域网网关路由器
Router#show running-config
Building configuration...
Current configuration : 1408 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
license udi pid CISCO2911/K9 sn FTX152495NN
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.120.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.110.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.110.0
!
ip nat inside source list 33 interface GigabitEthernet0/0 overload
ip nat inside source list 44 interface GigabitEthernet0/0 overload
ip nat inside source list 55 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.30.3 80 192.168.120.1 80
ip nat inside source static tcp 192.168.40.1 80 192.168.120.1 81
ip nat inside source static tcp 192.168.110.5 80 192.168.120.1 82
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.120.2
!
ip flow-export version 9
!
access-list 99 permit 192.168.30.0 0.0.0.255
access-list 33 permit 192.168.30.0 0.0.0.255
access-list 44 permit 192.168.40.0 0.0.0.255
access-list 55 permit 192.168.110.0 0.0.0.255
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
