常见中小型企业组网架构详解
“ 中小型企业内网网络架构是怎么组成的,分几层结构,vlan怎样划分,常用到的动态路由协议,静态路由协议,基本上所有三层二层技术全部会用得到!”
网络拓扑
这里用Cisco的packet tracer教学工具进行搭建演示。整体网络拓扑如下所示。应用到的技术有:OSPF、VLAN、VTP、Channel、HSRP、SVI、PVST、ACL、NAT等。
核心路由器(CR)、核心交换机(CS1/CS2)、接入交换机(AS1/AS2/AS3/AS4)
ISP部分由最精简两台路由器代替(此处省略)…
子网划分
VLAN总有7个分别为:VLAN10(董事长办公室)、VLAN20(财务)、VLAN30(人力)、VLAN40(会议)、VLAN50(信息)、VLAN60(政务)、VLAN70(休闲)
地址划分:
113.136.16.0/25 运营商侧分配
113.136.16.0/28----子网划分后
113.136.16.16/28
113.136.16.32/28
113.136.16.48/28
113.136.16.64/28
10.1.1.253-----Svi 10
10.1.2.253-----Svi 20
10.1.3.253-----Svi 30
10.1.4.253-----Svi 40
10.1.5.253-----Svi 50
10.1.6.253-----Svi 60
10.1.7.253-----Svi 70
配置详解
CR:
interface loopback 0 //启环回,便于管理
ip address 10.100.1.1 255.255.255.0
router ospf 1 //启用OSPF进程1
router-id 1.1.1.1 //配置RID--唯一性
log-adjacency-changes
network 10.1.0.0 0.0.255.255 area 0 ///宣告10.1.0.0 网段,区域为0,骨干域
network 10.100.1.0 0.0.0.255 area 0
CS1(CS2同上):
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 10.1.0.0 0.0.255.255 area 0
network 10.100.1.0 0.0.0.255 area 0
配置CS1、CS2:
vtp domain renligongsi //创建VTP域renligongsi
vtp mode server/client //vtp模式为服务或者客户端
vtp password zhukai123 //vtp域密码为zhukai123
ip routing //打开路由功能(默认不打开)
interface Loopback0 / /启环回
ip address 10.100.1.2 255.255.255.0
interface range Fastethernet f0/2-3
Channel-group 1 mode on //将f0/2-3口进行链路捆绑
interface Port-channel 1 //Channel口
switchport trunk encapsulation doltq //更改封装模式为doltq
switchport mode trunk //将接口改为trunk
no switchport //如需进行路由功能,启用路由协议,需关闭交换功能
ip address 10.1.30.1 255.255.255.0
interface FastEthernet0/1
no switchport
ip address 10.1.20.2 255.255.255.0
-------
int vlan 10 //svi接口,方便管理,作为vlan 10 的网管,以下同理
ip add 10.1.1.253 255.255.255.0
int vlan 20
ip add 10.1.2.253 255.255.255.0
int vlan 30
ip add 10.1.3.253 255.255.255.0
int vlan 40
ip add 10.1.4.253 255.255.255.0
int vlan 50
ip add 10.1.5.253 255.255.255.0
int vlan 60
ip add 10.1.6.253 255.255.255.0
int vlan 70
ip add 10.1.7.253 255.255.255.0
-----
ip dhcp pool v10 //启用dhcp地址池,为vlan 10 的地址池,
default-router 10.1.10.253 //网管指为10.1.10.253
network 10.1.10.0 255.255.255.0 //地址范围 10.1.10.0-10.1.10.25x
dns 114.114.114.114 //dns地址为114.114.114.114
ip dhcp pool v20
default-router 10.1.20.253
network 10.1.20.0 255.255.255.0
dns 114.114.114.114
ip dhcp pool v30
default-router 10.1.30.253
network 10.1.30.0 255.255.255.0
dns 114.114.114.114
ip dhcp pool v40
default-router 10.1.40.253
network 10.1.40.0 255.255.255.0
dns 114.114.114.114
ip dhcp pool v50
default-router 10.1.50.253
network 10.1.50.0 255.255.255.0
dns 114.114.114.114
ip dhcp pool v60
default-router 10.1.60.253
network 10.1.60.0 255.255.255.0
dns 114.114.114.114
ip dhcp pool v70
default-router 10.1.70.253
network 10.1.70.0 255.255.255.0
dns 114.114.114.114
-----------
spanning-tree mode pvst //生成树协议为pvst
spanning-tree vlan 10,20,30,40,50,60,70 priority 28672 //将CS1作为VLAN10-70的主网关,优先级为28672,优先级低的作为主网关
int vlan 10
standby 1 ip 10.1.1.252 //启用HSRP协议,虚拟地址为10.1.1.252(VRRP地址可虚可实)
standby 1 preempt //开启抢占性
standby 1 priority 120 //将优先级改为120,优先级大的为主网关
standby 1 track f0/1 //开启上层链路追踪(在网关冗余技术中,ICMP重定向是失效的;故当上行链路DOWN时,网关将不会切换;
可以定义上行链路追踪-----该配置必须在抢占开启的情况下生效,且两台设备间的优先级差值小于下调值;
)
int vlan 20
standby 1 ip 10.1.2.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
int vlan 30
standby 1 ip 10.1.3.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
int vlan 40
standby 1 ip 10.1.4.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
int vlan 50
standby 1 ip 10.1.5.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
int vlan 60
standby 1 ip 10.1.6.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
int vlan 70
standby 1 ip 10.1.7.252
standby 1 preempt
standby 1 priority 120
standby 1 track f0/1
---
开启ssh、telnet远程登录:
enable secret zhukai123 //打开全局模式登录密码
username zhukai password zhukai123 //打开设备登录密码
ip domain name gongsi //创建ssh秘钥
crypto key generate rsa
lin vty 0 4 //进入线路模式进行开启
login local
------
AS1:
vtp domain renligongsi //加入vtp域renligongsi
vtp mode server/client
vtp password zhukai123
interface Fastethernet 0/2
switchport mode access //将接口设置为access模式
switchport access vlan 10 //将接口划分到vlan10
---------
最后在CR上做NAT
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 permit 10.1.2.0 0.0.0.255
access-list 10 permit 10.1.3.0 0.0.0.255
access-list 10 permit 10.1.4.0 0.0.0.255
access-list 10 permit 10.1.5.0 0.0.0.255
access-list 10 permit 10.1.6.0 0.0.0.255
access-list 10 permit 10.1.7.0 0.0.0.255
ip nat inside source list 10 interface FastEthernet0/0 overload
interface f0/0
ip nat outside
int f1/0
ip nat inside
int f1/1
ip nat inside
连通性测试
欢迎大家乐意来咨询我技术性问题,知无不言。
也可以直接关注我的公众号获取学习资料
