当前位置：首页 > news >正文

触屏版手机网站江苏省南京市栖霞区

news 2025/10/19 0:46:05

触屏版手机网站,江苏省南京市栖霞区,惠州网站建设熊掌号,门户网站seo概述某中小型企业有四个部门#xff0c;分别是市场部、行政部、研发部和工程部#xff0c;请合理规划IP地址和VLAN#xff0c;实现企业内部能够互联互通#xff0c;同时要求市场部、行政部和工程部能够访问外网环境(要求使用OSPF协议)#xff0c;研发部不能访问外网环境…概述某中小型企业有四个部门分别是市场部、行政部、研发部和工程部请合理规划IP地址和VLAN实现企业内部能够互联互通同时要求市场部、行政部和工程部能够访问外网环境(要求使用OSPF协议)研发部不能访问外网环境(通过访问控制列表实现)。为了保证网络的可靠性配置MSTPVRRP多备份组实现负载均衡解决单点故障问题。同时在出口路由器上实现NAT地址转换使企业内部主机使用ISP提供的内部全局地址访问外网环境提高网络整体的安全性。 2、配置要求 (1)四个部门分别在不同网段、不同 VLAN实现VLAN间通信; (2) LSW1和LSW2为接入交换机LSW3和LSW4为核心交换机R1为出口路由器; (3)市场部和研发部属于MSTP实例1 VRRP主路由器为LSW3备份路由器为LSW4; (4)行政部和工程部属于MSTP实例2 VRRP主路由器为LSW4备份路由器为LSW3; (5)ISP分配给该企业的内部全局地址为1.1.1.0网段; (6)外网服务器IP地址为200.0.0.0/24网段; (7)合理规划核心交换机和路由器之间的互联地址; (8)访问控制要求:研发部不能访问外网。企业网络拓扑结构如图1所示: 问答来自CSDN weixin_44257060 实验拓扑实验配置 1.创建vlan并划分相关接口交换机之间采用trunk交换机和路由或终端设备使用access vlan b 10 20 30 40 11(vlan11用于与路由器相接) p l t p t a v 10 20 30 40 11 2.配置MSTP stp region-configuration instance 1 vlan 10 30 instance 2 vlan 20 40 region-name HHH revision-level 1 active region-configuration stp instance 2 root primary stp instance 1 root secondary 3.配置相关IP地址服务器地址 4.设置vrrp组 int vlan 10 vrrp vrid 10 virtual-ip 172.16.10.254 int vlan 20 vrrp vrid 20 virtual-ip 172.16.20.254 vrrp vrid 20 priority 120 vrrp vrid 20 track interface g0/0/1 reduced 40 int vlan 30 vrrp vrid 30 virtual-ip 172.16.30.254 int vlan 40 vrrp vrid 40 virtual-ip 172.16.40.254 vrrp vrid 40 priority 120 vrrp vrid 40 track interface g0/0/1 reduced 40 5.配置ospf 交换机可ping通服务器有邻居建立此时pc可ping通服务器 6.ACL限制研发部访问200.0.0.0网段 rule 5 deny ip source 172.16.30.0 0.0.0.255 destination 200.0.0.0 0.0.0.255 限制研发部访问接口下调用研发部无法访问200.0.0.0网段全局配置 SW1 [SW1]dis current-configuration # sysname SW1 # vlan batch 10 to 11 20 30 40 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name HHH revision-level 1 instance 1 vlan 10 30 instance 2 vlan 20 40 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type access port default vlan 10 # interface GigabitEthernet0/0/2 port link-type access port default vlan 20 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return SW2 [SW2]dis current-configuration # sysname SW2 # vlan batch 10 to 11 20 30 40 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name HHH revision-level 1 instance 1 vlan 10 30 instance 2 vlan 20 40 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type access port default vlan 30 # interface GigabitEthernet0/0/2 port link-type access port default vlan 40 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return SW3 [SW3]dis current-configuration # sysname SW3 # vlan batch 10 to 11 20 30 40 # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name HHH revision-level 1 instance 1 vlan 10 30 instance 2 vlan 20 40 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 172.16.10.10 255.255.255.0 vrrp vrid 10 virtual-ip 172.16.10.254 vrrp vrid 10 priority 120 vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 40 # interface Vlanif11 ip address 1.1.1.1 255.255.255.252 # interface Vlanif20 ip address 172.16.20.10 255.255.255.0 vrrp vrid 20 virtual-ip 172.16.20.254 # interface Vlanif30 ip address 172.16.30.10 255.255.255.0 vrrp vrid 30 virtual-ip 172.16.30.254 vrrp vrid 30 priority 120 vrrp vrid 30 track interface GigabitEthernet0/0/1 reduced 40 # interface Vlanif40 ip address 172.16.40.10 255.255.255.0 vrrp vrid 40 virtual-ip 172.16.40.254 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type access port default vlan 11 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface NULL0 # ospf 1 area 0.0.0.0 network 0.0.0.0 255.255.255.255 # user-interface con 0 user-interface vty 0 4 # return SW4 [SW4]dis current-configuration # sysname SW4 # vlan batch 10 to 11 20 30 40 # stp instance 1 root secondary stp instance 2 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name HHH revision-level 1 instance 1 vlan 10 30 instance 2 vlan 20 40 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 172.16.10.20 255.255.255.0 vrrp vrid 10 virtual-ip 172.16.10.254 # interface Vlanif11 ip address 1.1.1.6 255.255.255.252 # interface Vlanif20 ip address 172.16.20.20 255.255.255.0 vrrp vrid 20 virtual-ip 172.16.20.254 vrrp vrid 20 priority 120 vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 40 # interface Vlanif30 ip address 172.16.30.20 255.255.255.0 vrrp vrid 30 virtual-ip 172.16.30.254 # interface Vlanif40 ip address 172.16.40.20 255.255.255.0 vrrp vrid 40 virtual-ip 172.16.40.254 vrrp vrid 40 priority 120 vrrp vrid 40 track interface GigabitEthernet0/0/1 reduced 40 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type access port default vlan 11 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 10 to 11 20 30 40 # interface NULL0 # ospf 1 area 0.0.0.0 network 0.0.0.0 255.255.255.255 # user-interface con 0 user-interface vty 0 4 # return AR1 [AR1]dis current-configuration [V200R003C00] # sysname AR1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # acl number 2001 # acl number 3001 rule 5 deny ip source 172.16.30.0 0.0.0.255 destination 200.0.0.0 0.0.0.255 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#08bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 1.1.1.2 255.255.255.252 traffic-filter inbound acl 3001 # interface GigabitEthernet0/0/1 ip address 1.1.1.5 255.255.255.252 traffic-filter inbound acl 3001 # interface GigabitEthernet0/0/2 ip address 200.0.0.1 255.255.255.252 # interface NULL0 # ospf 1 area 0.0.0.0 network 0.0.0.0 255.255.255.255 network 1.1.1.0 0.0.0.255 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return AR2 [AR2]dis current-configuration [V200R003C00] # sysname AR2 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#08bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 200.0.0.254 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 ip address 200.0.0.2 255.255.255.252 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

查看全文

http://www.dnsts.com.cn/news/115647.html