时间:2023-06-18 15:00:01 | 来源:网站运营
时间:2023-06-18 15:00:01 来源:网站运营
中小型企业网络实战案例:一、组网需求及拓扑图
在线咨询
vlan 10 description SheBeiGuanLivlan 100 description CaiGouservervlan 200 description OAservervlan 300 description ShiPinJKvlan 1000 description ShengChanvlan 2000 description CaiGouvlan 3000 description connectFW quitb、将交换机的端口加入对应的vlan:#防火墙的接口是三层口所以交换机与防火墙相连的端口用access模式interface GigabitEthernet0/0/1 port link-type access port default vlan 3000interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 10 1000interface GigabitEthernet0/0/23 port link-type trunk port trunk allow-pass vlan 10 2000interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 10 100 200 300 1000 2000 3000 quitc、配置设备远程管理:stelnet server enable telnet server enable user-interface vty 0 4protocol inbound telnet authentication-mode aaaidle-timeout 15quitaaa local-user admin password cipher admin@123 local-user admin privilege level 15 local-user admin service-type telnet web ssh quitd、配置vlan管理地址:interface Vlanif10 ip address 10.10.10.254 255.255.255.0interface Vlanif100 ip address 192.168.100.254 255.255.255.0interface Vlanif200 ip address 192.168.200.254 255.255.255.0interface Vlanif300 ip address 192.168.30.254 255.255.255.0interface Vlanif1000 ip address 192.168.10.254 255.255.255.0interface Vlanif2000 ip address 192.168.20.254 255.255.255.0interface Vlanif3000 ip address 172.16.1.2 255.255.255.0 quite、开启dhcp地址分配:dhcp enableinterface Vlanif1000 dhcp select globalinterface Vlanif2000 dhcp select global quitip pool 1000 gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 quitip pool 2000 gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 quitf、配置访问控制列表:acl 3001 description CaiGouConnectCaiGouServer rule permit ip source 192.168.20.0 0.0.0.255 rule deny ip source 192.168.10.0 0.0.0.255 rule deny ip source 10.10.10.0 0.0.0.255 rule deny ip source 172.16.1.0 0.0.0.255 rule deny ip source 192.168.200.0 0.0.0.255 rule deny ip source 192.168.30.0 0.0.0.255 quittraffic-filter vlan 100 outbound acl 3001acl 3002description ConnectOAServerrule deny ip source 10.10.10.0 0.0.0.255rule deny ip source 172.16.1.0 0.0.0.255rule deny ip source 192.168.100.0 0.0.0.255rule deny ip source 192.168.30.0 0.0.0.255quittraffic-filter vlan 200 outbound acl 3002quitg、配置默认路由ip route-static 0.0.0.0 0.0.0.0 172.16.1.32、生产部、采购部、机房交换机配置#生产部vlan 10 description SheBeiGuanLivlan 1000 description ShengChan quit#采购部vlan 10 description SheBeiGuanLivlan 2000 description CaiGou quit#机房vlan 10 description SheBeiGuanLivlan 100 description CaiGouservervlan 200 description OAservervlan 300 description ShiPinJKvlan 1000 description ShengChanvlan 2000 description CaiGou quitb、将交换机的端口加入对应的vlan及配置管理地址:#生产部interface Ethernet0/0/1 port link-type access port default vlan 1000interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 1000quitinterface Vlanif10 ip address 10.10.10.251 255.255.255.0 quit#采购部interface Ethernet0/0/2 port link-type access port default vlan 2000interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 2000quitinterface Vlanif10 ip address 10.10.10.252 255.255.255.0 quit#机房 interface Ethernet0/0/1 port link-type access port default vlan 100interface Ethernet0/0/2 port link-type access port default vlan 200interface Ethernet0/0/3 port link-type access port default vlan 300interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 100 200 300 1000 2000 quit interface Vlanif10 ip address 10.10.10.253 255.255.255.0 quitc、配置设备管理#我这里为了方便全配成一样了,建议在实际项目中不要这样配stelnet server enable telnet server enable user-interface vty 0 4protocol inbound telnet authentication-mode aaaidle-timeout 15quitaaa local-user admin password cipher admin@123 local-user admin privilege level 15 local-user admin service-type telnet web ssh quit3、防火墙配置关键词:实战,网络,小型,企业
