大型企業(yè)網(wǎng)絡案例

大型企業(yè)網(wǎng)絡案例有線網(wǎng)絡結(jié)構設計背景總介紹中國平安網(wǎng)絡，由一個總公司網(wǎng)絡、一個分公司網(wǎng)絡和一個對外服務區(qū)組成。其中總公司網(wǎng)絡和分公司網(wǎng)絡在不同的地區(qū)，總公司和分公司都有公司內(nèi)部的訪問的數(shù)據(jù)中心（DMZ區(qū)）；對外服務區(qū)被托管在中國電信。路由器ISP模擬運營商中國電信?？偣?）Router1作為邊界路由也是核心層路由器；sw1、sw2是核心層交換機；sw3、sw4是匯聚層交換機，其中SW3分別連接了總公司部門1，總公司部門2和總公司部門3；SW4分別連接了總公司部門4,總公司部門5,總公司部門6,總公司Server以及無線路由器1。2）總公司Server只能為公司內(nèi)部提供服務，不對外提供服務。部門1,2,3,6均可訪問內(nèi)網(wǎng)Web，F(xiàn)tp和DNS服務器，部門4只可以訪問內(nèi)網(wǎng)FTP其他的都不可以訪問，部門5可以訪問內(nèi)網(wǎng)Web分公司Router9是出口路由器，其中sw5、sw4是核心交換機，實現(xiàn)冗余架構；sw6、sw7是匯聚層交換機;其中SW6下面連接了部門1和部門2；SW7連接了部門3，部門4,Server2以及無線路由器2。內(nèi)網(wǎng)ACL配置：部門1，2,4可以訪問內(nèi)網(wǎng)中的Web和Ftp服務器，部門3只可以訪問內(nèi)網(wǎng)的ftp服務器。中國電信企業(yè)總公司網(wǎng)絡的出口路由器router1和分公司網(wǎng)絡的出口路由器都與ISP相連接，其中router1和ISP之間使用了ppp廣域網(wǎng)協(xié)議，啟用了chap的認真方式實現(xiàn)與互聯(lián)網(wǎng)相連；R9使用幀中繼技術與ISP相連。該企業(yè)的對外訪問服務器托管到中國電信運營商。二、拓撲結(jié)構總體拓撲：總公司拓撲：分公司拓撲：ISP外網(wǎng)即幀中繼：三、知識點1.靜態(tài)路由3.單區(qū)域OSPF非等價負載均衡封裝（chap）7.幀中繼訪問控制地址轉(zhuǎn)換的配置間的路由12EIGRP手動匯總 13.路由重分布14.默認路由 16.雙鏈路冗余的備份的使用四、主要功能部門1,2,3,6均可訪問內(nèi)網(wǎng)Web，F(xiàn)tp和DNS服務器。部門4只可以訪問內(nèi)網(wǎng)FTP其他的都不可以訪問。部門5可以訪問內(nèi)網(wǎng)Web和Ftp但不可以訪問DNS。部門1，2,4可以訪問外網(wǎng)Web以及公司總部的Web，F(xiàn)tp服務器。部門3只可以訪問公司總部的Ftp服務器。五、主要配置清單分公司Switch7配置：（Switch#showrunning-configBuildingconfiguration...Currentconfiguration:2096bytesversionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryption!hostnameSwitchipdhcppoolvlan7ipdhcppoolvlan8iproutingspanning-treemodepvstinterfaceFastEthernet0/1!interfaceFastEthernet0/2switchportaccessvlan100switchportmodeaccessinterfaceFastEthernet0/3interfaceFastEthernet0/4!interfaceFastEthernet0/5switchportaccessvlan7switchportmodeaccess!interfaceFastEthernet0/6switchportaccessvlan8switchportmodeaccess!interfaceFastEthernet0/7!interfaceFastEthernet0/8!interfaceFastEthernet0/9!interfaceFastEthernet0/10interfaceFastEthernet0/11interfaceFastEthernet0/12interfaceFastEthernet0/13interfaceFastEthernet0/14interfaceFastEthernet0/15interfaceFastEthernet0/16interfaceFastEthernet0/17interfaceFastEthernet0/18interfaceFastEthernet0/19interfaceFastEthernet0/20interfaceFastEthernet0/21interfaceFastEthernet0/22interfaceFastEthernet0/23interfaceFastEthernet0/24!interfaceGigabitEthernet0/1!interfaceGigabitEthernet0/2!interfaceVlanlnoipaddressshutdown!interfaceVlan7!interfaceVlan8!interfaceVlan100!routereigrp1distanceeigrp90150redistributeospf1metric100010025511500auto-summaryrouterospf1log-adjacency-changes!ipclassless!ipflow-exportversion9linecon0!lineaux0!linevty04loginend總公司sw4Switch#showrunBuildingconfiguration...Currentconfiguration:2816bytes!versionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryption!hostnameSwitchipdhcppoolvlan5ipdhcppoolvlan6ipdhcppoolvlan7iproutingspanning-treemodepvstinterfaceFastEthernet0/1noswitchportduplexautospeedauto!interfaceFastEthernet0/2!interfaceFastEthernet0/3!interfaceFastEthernet0/4!interfaceFastEthernet0/5switchportaccessvlan5switchportmodeaccess!interfaceFastEthernet0/6switchportaccessvlan6switchportmodeaccessinterfaceFastEthernet0/7switchportaccessvlan7switchportmodeaccess!interfaceFastEthernet0/8!interfaceFastEthernet0/9!interfaceFastEthernet0/10!interfaceFastEthernet0/11!interfaceFastEthernet0/12!interfaceFastEthernet0/13!interfaceFastEthernet0/14!interfaceFastEthernet0/15!interfaceFastEthernet0/16interfaceFastEthernet0/17interfaceFastEthernet0/18interfaceFastEthernet0/19!interfaceFastEthernet0/20!interfaceFastEthernet0/21!interfaceFastEthernet0/22!interfaceFastEthernet0/23!interfaceFastEthernet0/24noswitchportduplexautospeedauto!interfaceGigabitEthernet0/1interfaceGigabitEthernet0/2interfaceVlanlnoipaddressshutdown!interfaceVlan5!interfaceVlan6!interfaceVlan7ipaccess-group100out!routerripversion2!ipclassless!ipflow-exportversion9access-list100permitipanyanylinecon0lineaux0!linevty04loginend總公司SW3Switch#showrunBuildingconfiguration...Currentconfiguration:1791bytes!versionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryptionhostnameSwitchiproutingspanning-treemodepvstinterfaceFastEthernet0/1noswitchportduplexautospeedauto!interfaceFastEthernet0/2switchportaccessvlan2switchportmodeaccess!interfaceFastEthernet0/3switchportaccessvlan3switchportmodeaccessinterfaceFastEthernet0/4switchportaccessvlan4switchportmodeaccess!interfaceFastEthernet0/5!interfaceFastEthernet0/6!interfaceFastEthernet0/7!interfaceFastEthernet0/8!interfaceFastEthernet0/9!interfaceFastEthernet0/10!interfaceFastEthernet0/11!interfaceFastEthernet0/12interfaceFastEthernet0/13interfaceFastEthernet0/14interfaceFastEthernet0/15!interfaceFastEthernet0/16!interfaceFastEthernet0/17!interfaceFastEthernet0/18!interfaceFastEthernet0/19!interfaceFastEthernet0/20!interfaceFastEthernet0/21!interfaceFastEthernet0/22!interfaceFastEthernet0/23!interfaceFastEthernet0/24noswitchportduplexautospeedauto!interfaceGigabitEthernet0/1!interfaceGigabitEthernet0/2!interfaceVlan1noipaddressshutdown!interfaceVlan2!interfaceVlan3!interfaceVlan4!routerripversion2ipclasslessipflow-exportversion9linecon0!lineaux0!linevty04loginend總公司R1R1#showrunBuildingconfiguration...Currentconfiguration:1575bytesversionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryption!hostnameR1noipcefnoipv6cefusernameISPpassword0123spanning-treemodepvstinterfaceFastEthernet0/0ipnatinsideduplexautospeedautointerfaceFastEthernet0/1ipnatinsideduplexautospeedauto!interfaceSerial0/3/0encapsulationppppppauthenticationchapipnatoutsideclockrate2000000!interfaceSerial0/3/1noipaddressclockrate2000000shutdown!interfaceVlan1noipaddressshutdown!routerripversion2ipnatinsidesourcelist10poolabcipclassless!ipflow-exportversion9nocdprunlinecon0!lineaux0!linevty04passwordciscologinend分公司SW6Switch#showrunning-configBuildingconfiguration...Currentconfiguration:1429bytes!versionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryption!hostnameSwitchiproutingspanning-treemodepvstinterfaceFastEthernet0/1switchportaccessvlan100switchportmodeaccessinterfaceFastEthernet0/2!interfaceFastEthernet0/3!interfaceFastEthernet0/4noswitchportduplexautospeedauto!interfaceFastEthernet0/5!interfaceFastEthernet0/6!interfaceFastEthernet0/7!interfaceFastEthernet0/8!interfaceFastEthernet0/9interfaceFastEthernet0/10interfaceFastEthernet0/11interfaceFastEthernet0/12interfaceFastEthernet0/13interfaceFastEthernet0/14interfaceFastEthernet0/15interfaceFastEthernet0/16interfaceFastEthernet0/17interfaceFastEthernet0/18interfaceFastEthernet0/19interfaceFastEthernet0/20interfaceFastEthernet0/21interfaceFastEthernet0/22interfaceFastEthernet0/23!interfaceFastEthernet0/24!interfaceGigabitEthernet0/1!interfaceGigabitEthernet0/2!interfaceVlanlnoipaddressshutdown!interfaceVlan100!routereigrp1distanceeigrp90150redistributeospf1metric100010025511500auto-summaryipclasslessipflow-exportversion9linecon0!lineaux0!linevty04loginend分公司R8Router#showrunBuildingconfiguration...Currentconfiguration:753bytes!versionnoservicetimestampslogdatetimemsecnoservicetimestampsdebugdatetimemsecnoservicepassword-encryption!hostnameRouteripcefnoipv6cefspanning-treemodepvstinterfaceFastEthernet0/0duplexautospeedauto!interfaceFastEthernet0/1noipaddressduplexautospeedauto!interfaceFastEthernet0/encapsulationdotlQ6!interfaceFastEthernet0/encapsulationdot1Q7!interfaceVlanlnoipaddressshutdown!ipclassless!ipflow-exportversion9nocdprunlinecon0lineaux0!linevty04loginend配置(Switch1,2,3,4和Routel)在Switch4上Rip配置步驟：#iprouting(config)#routerripAversion2###Switch1,2,3,4和Routel配置步驟和Switch配置類似NAT配置(config)#intf0/0#ipnatinside#noshut(config)#intf0/1#ipnatinside#noshut(config)#ints0/0/0#ipnatoutside#nosshut(config)######(config)#(config)#ipnatinsidesourcelist10poolabc為服務器靜態(tài)映射一個靜態(tài)的公網(wǎng)地址：(config)#靜態(tài)路由：(config)#(&@「)配置ISP的PPP配置：(config)#hostnameISP#usernameR1password0123(config)#interfaceSerial0/0/0iencapsulationppppppauthenticationchap對應的總公司出口路由器R1PPP配置：(config)#hostnameR1usernameISPpassword0123(config)#interfaceSerial0/0/0i1clockrate64000encapsulationppppppauthenticationchap配置內(nèi)網(wǎng)配置需求：.接入層共有6個部門：分別屬于VLAN2,3,4,5,6,7.接入層ACL配置：部門1,2,3,6均可訪問內(nèi)網(wǎng)Web,Ftp和DNS服務器部門4只可以訪問內(nèi)網(wǎng)FTP其他的都不可以訪問部門5可以訪問內(nèi)網(wǎng)Web和Ftp但不可以訪問DNS也就是不能訪問外網(wǎng)。由于內(nèi)網(wǎng)服務器在VLAN7上因此，在Switch4上配置ACL(config)#########access-list100permitipanyany(config)#intvlan7#ipacc100out在匯聚層，以及分公司的網(wǎng)絡上均配置有ACL,配置原理和此類似6.幀中繼配置(配置在ISP與分公司的出口路由器上)ISP上幀中繼配置(config)#interfaceSerial0/2/0##encapsulationframe-relayietf#clockrate64000#noshut分公司上的幀中繼配置：(config)#interfaceSerial0/0/0#^encapsulationframe-relayietf#clockrate64000#noshut配置和EIGRP非等價負載均衡,以及手動匯總在外網(wǎng)和分公司的核心層均配置有Eigrp協(xié)議外網(wǎng)的Eigrp協(xié)議配置：外網(wǎng)R3配置：(config)#interfaceFastEthernet0/0##noshut(config)#interfaceSerial0/0/0##clockrate64000#noshut(configt)#routereigrp100#R4配置：(config)^interfaceFastEthernet0/0##noshut(config)#interfaceSerial0/0/0##clockrate64000#noshut(config)#interfaceSerial0/0/1##clockrate64000#noshut(config)#routereigrp100

#redistributestaticmetric100010025511500外網(wǎng)虱L氟"1L工&可以訪問外網(wǎng)雅卜以及公司總部的kb,#redistributestaticmetric100010025511500外網(wǎng)虱L氟"1L工&可以訪問外網(wǎng)雅卜以及公司總部的kb,改口強務題.瓦門3只可以訪問總這總為網(wǎng)ML‘￡量二葬門，2.d可以訪問為網(wǎng)上的TM■1和FE呢.身矗..林亡^rrJt?同為網(wǎng)勖Ftp布iVLbl1001^.12112海,聆無皿^詼詰過we監(jiān)摸蚪匚復丹士庭

內(nèi)網(wǎng)連接上網(wǎng)造匚復習5.21路由重分布配置在分公司匯聚層，將OSPF的路由分布到Eigrp中去Sw7配置:(config)#routereigrp1#distanceeigrp90150#redistributeospf1metric100010025511500#redistributeospf#distanceeigrp90150Sw6配置:(config)#routereigrp1#distanceeigrp90150#redistributeospf1metric10001002551150010.三層交換機STP配置#redistributeospf配置在分公司的匯聚層Sw4,5,6,7交換機上Sw4配置：(config)#vlan100#ex(config)#interfaceFastEthernet0/1#switchportmodeaccess#switchportaccessvlan100#noshut(config)#intvlan100##exit(config)#spanning-treemp認路由默認路由在NAT轉(zhuǎn)換中均有使用。六、驗證總公司：局域網(wǎng)內(nèi)主機通信：部門1ping部門3：通部門1ping部門4：通局域網(wǎng)主機訪問外網(wǎng)主機：部門1ping外網(wǎng)服務器：部門3ping外網(wǎng)服務器：分公司聯(lián)通