大型企业网络案例.docx

1、大型企业网络案例有线网络结构设计背景1.1总介绍中国平安网络，由一个总公司网络、一个分公司网络和一个对外服务区组成。其中总公司网络和分公司网络在不同的地区，总公司和分公司都有公司内部的访问的数据中心（DMZ区）；对外服务区被托管在中国电信。路由器ISP模拟运营商中国电信。2.1总公司1）Router1作为边界路由也是核心层路由器；sw1、sw2是核心层交换机；sw3、sw4是汇聚层交换机，其中SW3分别连接了总公司部门1，总公司部门2和总公司部门3；SW4分别连接了总公司部门4，总公司部门5，总公司部门6，总公司Server以及无线路由器1。2）总公司Server只能为公司内部提供服务，不对外

2、提供服务。部门1,2,3,6均可访问内网Web，Ftp和DNS服务器，部门4只可以访问内网FTP其他的都不可以访问， 部门5可以访问内网Web 3.1分公司Router9是出口路由器，其中sw5、sw4 是核心交换机，实现冗余架构；sw6、sw7是汇聚层交换机;其中SW6下面连接了部门1和部门2；SW7连接了部门3，部门4，Server 2以及无线路由器2。内网ACL配置：部门1，2，4可以访问内网中的Web和Ftp服务器，部门3只可以访问内网的ftp服务器。4.1中国电信企业总公司网络的出口路由器router1和分公司网络的出口路由器都与ISP相连接，其中 router1和ISP之间使用了p

3、pp广域网协议，启用了chap的认真方式实现与互联网相连；R9使用帧中继技术与ISP相连。该企业的对外访问服务器托管到中国电信运营商。二、拓扑结构总体拓扑：总公司拓扑：分公司拓扑：ISP外网即帧中继：三、知识点1.静态路由 2.RIP 3.单区域OSPF 4.EIGRP 5.EIGRP非等价负载均衡 6.ppp封装（chap）7.帧中继 8.ACL访问控制 9.NAT地址转换 10.STP的配置 11.VLAN间的路由 12 EIGRP手动汇总 13.路由重分布 14.默认路由 15.Telnet 16.双链路冗余的备份 17.DHCP的使用四、主要功能部门1,2,3,6均可访问内网Web，F

4、tp和DNS服务器。部门4只可以访问内网FTP其他的都不可以访问。部门5可以访问内网Web和Ftp但不可以访问DNS。部门1，2,4可以访问外网Web以及公司总部的Web，Ftp服务器。部门3只可以访问公司总部的Ftp服务器。5、主要配置清单分公司Switch7配置： (Switch#show running-config Building configuration.Current configuration : 2096 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug

5、datetime msecno service password-encryption!hostname Switch!ip dhcp excluded-address 192.168.5.254ip dhcp excluded-address 192.168.7.254ip dhcp excluded-address 192.168.8.254ip dhcp excluded-address 192.168.6.254!ip dhcp pool vlan7network 192.168.7.0 255.255.255.0default-router 192.168.7.254dns-serv

6、er 192.168.8.100ip dhcp pool vlan8network 192.168.8.0 255.255.255.0default-router 192.168.8.254dns-server 192.168.8.100!ip routing!spanning-tree mode pvst!interface FastEthernet0/1!interface FastEthernet0/2switchport access vlan 100switchport mode access!interface FastEthernet0/3!interface FastEther

7、net0/4!interface FastEthernet0/5switchport access vlan 7switchport mode access!interface FastEthernet0/6switchport access vlan 8switchport mode access!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEth

8、ernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthern

9、et0/23!interface FastEthernet0/24!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1no ip addressshutdown!interface Vlan7ip address 192.168.7.254 255.255.255.0!interface Vlan8ip address 192.168.8.254 255.255.255.0!interface Vlan100ip address 123.123.2.1 255.255.255.0!router ei

10、grp 1distance eigrp 90 150redistribute ospf 1 metric 1000 100 255 1 1500 auto-summary!router ospf 1log-adjacency-changesnetwork 192.168.6.0 0.0.0.255 area 0network 192.168.7.0 0.0.0.255 area 0network 192.168.8.0 0.0.0.255 area 0!ip classless!ip flow-export version 9!line con 0!line aux 0!line vty 0

11、4login!end总公司sw4Switch#show runBuilding configuration.Current configuration : 2816 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname Switch!ip dhcp excluded-address 192.168.4.254ip dhcp excluded-address 192.168.5

12、.254ip dhcp excluded-address 192.168.6.254ip dhcp excluded-address 192.168.7.254!ip dhcp pool vlan5network 192.168.5.0 255.255.255.0default-router 192.168.5.254dns-server 192.168.7.100ip dhcp pool vlan6network 192.168.6.0 255.255.255.0default-router 192.168.6.254dns-server 192.168.7.100ip dhcp pool

13、vlan7network 192.168.7.0 255.255.255.0default-router 192.168.7.254dns-server 192.168.7.100!ip routing!spanning-tree mode pvst!interface FastEthernet0/1no switchportip address 192.168.11.2 255.255.255.0duplex autospeed auto!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4

14、!interface FastEthernet0/5switchport access vlan 5switchport mode access!interface FastEthernet0/6switchport access vlan 6switchport mode access!interface FastEthernet0/7switchport access vlan 7switchport mode access!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!inte

15、rface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interfa

16、ce FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24no switchportip address 192.168.1.2 255.255.255.0duplex autospeed auto!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1no ip addressshutdown!interface Vlan5ip address 192.168.5.254 255.255.255.0!interfa

17、ce Vlan6ip address 192.168.6.254 255.255.255.0!interface Vlan7ip address 192.168.7.254 255.255.255.0ip access-group 100 out!router ripversion 2network 192.168.1.0network 192.168.5.0network 192.168.6.0network 192.168.7.0network 192.168.11.0!ip classless!ip flow-export version 9!access-list 100 permit

18、 tcp any host 192.168.7.100 eq access-list 100 permit tcp any host 192.168.7.100 eq ftpaccess-list 100 permit udp 192.168.2.0 0.0.0.255 host 192.168.7.100 eq domainaccess-list 100 permit udp 192.168.3.0 0.0.0.255 host 192.168.7.100 eq domainaccess-list 100 permit udp 192.168.4.0 0.0.0.255 host 192.1

19、68.7.100 eq domainaccess-list 100 permit udp 192.168.7.0 0.0.0.255 host 192.168.7.100 eq domainaccess-list 100 deny tcp any host 192.168.7.100access-list 100 deny udp any host 192.168.7.100access-list 100 permit ip any any!line con 0!line aux 0!line vty 0 4login!end总公司SW3Switch#show runBuilding conf

20、iguration.Current configuration : 1791 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname Switch!ip routing!spanning-tree mode pvst!interface FastEthernet0/1no switchportip address 192.168.10.2 255.255.255.0duplex

21、 autospeed auto!interface FastEthernet0/2switchport access vlan 2switchport mode access!interface FastEthernet0/3switchport access vlan 3switchport mode access!interface FastEthernet0/4switchport access vlan 4switchport mode access!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEt

22、hernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet

23、0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24no switchportip address 192.168.1.1 255.255.255.0duplex autospeed auto!interface GigabitEthernet0/1!interface GigabitEthernet0/2!inter

24、face Vlan1no ip addressshutdown!interface Vlan2ip address 192.168.2.254 255.255.255.0!interface Vlan3ip address 192.168.3.254 255.255.255.0!interface Vlan4ip address 192.168.4.254 255.255.255.0!router ripversion 2network 192.168.1.0network 192.168.2.0network 192.168.3.0network 192.168.4.0network 192

25、.168.5.0network 192.168.6.0network 192.168.10.0!ip classless!ip flow-export version 9!line con 0!line aux 0!line vty 0 4login!end总公司R1R1#show runBuilding configuration.Current configuration : 1575 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno se

26、rvice password-encryption!hostname R1!no ip cefno ipv6 cef!username ISP password 0 123!spanning-tree mode pvst!interface FastEthernet0/0ip address 172.16.11.1 255.255.255.0ip nat insideduplex autospeed auto!interface FastEthernet0/1ip address 172.16.22.1 255.255.255.0ip nat insideduplex autospeed au

27、to!interface Serial0/3/0ip address 63.5.1.1 255.255.255.0encapsulation pppppp authentication chapip nat outsideclock rate 2000000!interface Serial0/3/1no ip addressclock rate 2000000shutdown!interface Vlan1no ip addressshutdown!router ripversion 2network 63.0.0.0network 172.16.0.0network 192.168.1.0

28、network 192.168.2.0network 192.168.3.0network 192.168.4.0network 192.168.5.0network 192.168.6.0network 192.168.7.0network 192.168.10.0network 192.168.11.0!ip nat pool abc 63.5.1.10 63.5.1.50 netmask 255.255.255.0ip nat inside source list 10 pool abcip nat inside source static 192.168.7.100 63.5.1.100 ip classlessip route 0.0.0.0 0.0.0.0 63.5.1.2 !ip flow-export version 9!access-list 10 permit 192.168.2.0 0.0.0.255access-list 10 permit 192.168.3.0 0.0.0.255access-list 10 permit 192.168.4.0 0.0.0.255access-list 10 permit 192.168.5.0 0.0.0.255access-list 10 permit 192.1