怎么組建小型公司局域網?
買臺24口交換機,買10臺電腦,電腦設好IP ,掩碼,沒有網關。組好了。
可簡陋,可復雜。
防火墻,網關,交換機,冗余,VLAN ,acl 都整上,也算一個局域網。
客戶需求:
1. 公司有6個部門,高管部門、設計部、財務部、生產部、采購部、其他部門。
2. 公司有4臺服務器:財務服務器、生產ERP服務器、文件存儲服務器、web服務器。
3. 各部門之間可以互相通信。
4. 高管部門可以訪問所有公司服務器,可以訪問互聯網資源。
5. 設計部門可以訪問文件服務器、web服務器,可以訪問互聯網。
6. 財務部可以訪問財務服務器、文件服務器、web服務器,可以訪問互聯網資源。
7. 生產部可以訪問ERP服務器、文件服務器、web服務器,不能訪問互聯網。
8. 采購部可以訪問文件服務器、web服務器,可以訪問互聯網資源。
9. 其他部門可以訪問文件服務器、web服務器,不可以訪問互聯網。
10. 財務服務器、生產ERP服務器、文件存儲服務器不能訪問外網。
11. 外網可以通過http://202.101.100.3:8080,訪問web服務器。
12. 公司從電信服務商購買202.101.100.0/29固定IP,可用固定公網IP為:202.101.100.2-202.101.100.6
13. ISP和公司連接的網關接口為202.101.100.1/29
網絡設備拓撲圖
設計概述:
1. 用兩臺二層交換機做匯聚和冗余備份及負載分擔,并且:
192.168.200.0/24,192.168.4.0/24,192.168.1.0/24,192.168.255.0/24的流量優先從交換機SW-FR1-CVG走;
192.168.2.0/24,192.168.3.0/24,192.168.5.0/24,192.168.6.0/24的流量優先從交換機SW-FR1-CVG-BACK走。
2. 交換機SW-FR1、SW-FR2、SW-FR3分布在辦公樓的1、2、3層,連接各樓層PC。
3. 按部門劃分VLAN:高管部門屬于vlan10、設計部屬于vlan20、財務部屬于vlan30、生產部屬于vlan40、采購部屬于vlan50、其他部門都劃到vlan60、服務器屬于vlan200、網絡設備的管理vlan設為255。各交換機的telnet密碼:123456
4. 路由器RT-GW fa0/0口起子接口做單臂路由,管理各vlan之間通信。
5. 路由器RT-GW fa0/0.200 接口掛ACL out,控制PC對服務器的流量。
6. 路由器RT-GW s1/0接口分配一個固定ip,起PPP協議,與服務商的網關用pap認證連接。用戶名:ISP 密碼:123456
7. 路由器RT-GW 做NAT,支持局域網中PC訪問互聯網。
8. 路由器RT-GW做靜態NAT,實現廣域網通過http://202.101.100.3:8080訪問web服務器。
倉促而就,其中肯定有很多錯誤,再檢查太麻煩了。就這樣吧。
網絡設備配置:(懶得整理了,都直接復制過來就得了。)
SW-FR1#sh run
Building configuration...
Current configuration : 2305 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-FR1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip routing
no ip icmp rate-limit unreachable
!
no ip cef
no ip domain-lookup
!
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
interface Ethernet0/0
switchport access vlan 200
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/1
switchport access vlan 200
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/2
switchport access vlan 200
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/3
switchport access vlan 200
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/0
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/1
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/2
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/3
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
duplex auto
!
interface Ethernet3/1
duplex auto
!
interface Ethernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan255
ip address 192.168.255.3 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.255.254
!
ip forward-protocol nd
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 123456
login
transport input all
!
End
===========================================================
SW-FR2#sh run
Building configuration...
Current configuration : 2246 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-FR2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
no ip domain-lookup
!
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
interface Ethernet0/0
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/1
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/2
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/3
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/0
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/1
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/2
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/3
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan255
ip address 192.168.255.4 255.255.255.0
!
ip default-gateway 192.168.255.254
!
ip forward-protocol nd
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 123456
login
transport input all
!
End
=========================================================
SW-FR3#sh run
Building configuration...
Current configuration : 2566 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-FR3
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
no ip domain-lookup
!
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
interface Ethernet0/0
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/1
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/2
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet0/3
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/0
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/1
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/2
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet1/3
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/0
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/1
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/2
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet2/3
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast edge
!
interface Ethernet3/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan255
ip address 192.168.255.5 255.255.255.0
!
ip default-gateway 192.168.255.254
!
ip forward-protocol nd
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 123456
login
transport input all
!
End
==========================================================
SW-FR1-CVG#sh run
Building configuration...
Current configuration : 1887 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-FR1-CVG
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
no ip domain-lookup
!
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10,40,200,255 priority 24576
spanning-tree vlan 20,30,50,60 priority 28672
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan255
ip address 192.168.255.1 255.255.255.0
!
ip default-gateway 192.168.255.254
!
ip forward-protocol nd
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 123456
login
transport input all
!
End
===========================================================
SW-FR1-CVG-BACK#sh run
Building configuration...
Current configuration : 1831 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-FR1-CVG-BACK
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
no ip domain-lookup
!
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 10,40,200,255 priority 28672
spanning-tree vlan 20,30,50,60 priority 24576
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet3/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan255
ip address 192.168.255.2 255.255.255.0
!
ip default-gateway 192.168.255.254
!
ip forward-protocol nd
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 123456
login
transport input all
!
End
==========================================================
RT-GW#sh run
Building configuration...
Current configuration : 2941 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT-GW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.60
encapsulation dot1Q 60
ip address 192.168.6.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 192.168.200.254 255.255.255.0
ip access-group ACL-2SERVER out
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.255
encapsulation dot1Q 255
ip address 192.168.255.254 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 202.101.100.2 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
serial restart-delay 0
clock rate 64000
ppp pap sent-username ISP password 0 123456
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
ip nat inside source list ACL-NAT-1 interface Serial1/0 overload
ip nat inside source static tcp 192.168.200.4 80 202.101.100.3 8080 extendable
!
!
ip access-list extended ACL-2SERVER
permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
permit ip any host 192.168.200.3
permit ip 192.168.3.0 0.0.0.255 host 192.168.200.1
permit ip 192.168.4.0 0.0.0.255 host 192.168.200.2
permit ip any host 192.168.200.4
ip access-list extended ACL-NAT-1
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
access-list 1 permit any
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
no login
!
!
End
===========================================================