基于Packet Tracer 组建智能公司局域网

背景及要求                                                                                                                                                      

某公司有2个办公区, 分别位于不同的两个城市, 位于A城市的办公区为公司总部,为一幢2层办公楼,需要的计算机节点约30多个。A办公区有3个部门,分别是财务部, 销售部,行政部。位于B城市的办公区为研发部,需要的计算机节点约15个,两边办公区都通过宽带接入Internet,,现在要求设计一个网络组网方案,实现:
1、实现A区企业内部资源共享(内部邮件,FTP和WWW服务)
2、A,B区用户上班时间不能QQ聊天、浏览非法网页
3、A、B区用户分别各自共享一个IP地址访问Internet
4、所有公司内部部门之间不能相互直接访问
5、在办公区外的销售人员要求能访问A区销售部的信息服务器,但是禁止Internet上的用户访问该服务器

 

设计方案和网络拓扑图                                                                                                                                       

设备的属性值基本规划                                                                                                                                       

  • Router3

IP Address

Subnet Mask

端口

192.168.5.1

255.255.255.240

S2/0

192.168.1.1

255.255.255.224

Fa0/0.1

192.168.2.1

255.255.255.224

Fa1/0.1

192.168.3.1

255.255.255.224

Fa6/0.1

192.168.4.1

255.255.255.224

Fa7/0.1

192.168.7.1

255.255.255.0

Fa4/0

  • Router2

IP Address

Subnet Mask

端口

192.168.6.1

255.255.255.240

Fa0/0

192.168.5.2

255.255.255.240

Serial2/0

192.168.8.1

255.255.255.0

Serial3/0

  • Router0

IP Address

Subnet Mask

端口

192.168.7.3

255.255.255.0

Fa0/0

202.10.1.2

255.255.255.0

Serial2/0
  • Router1

IP Address

Subnet Mask

端口

202.10.2.1

255.255.255.0

Fa0/0

202.10.1.1

255.255.255.0

Serial2/0
  • Router4

IP Address

Subnet Mask

端口

202.10.3.1

255.255.255.0

Fa0/0

192.168.8.2

255.255.255.0

Serial2/0
  • PC机

PC

IP Address

Subnet Mask

默认网关

说明

0

192.168.1.2

255.255.255.224

192.168.1.1

Vlan 2

1

192.168.2.2

255.255.255.224

192.168.2.1

Vlan 3

2

192.168.3.2

255.255.255.224

192.168.3.1

Vlan 4

3

192.168.6.2

255.255.255.240

192.168.6.1

Vlan 6
  • Server服务器

Serve

IP Address

说明

0

192.168.4.2/27

EMAIL/vlan 5

1

192.168.4.3/27

FTP/vlan 5

2

192.168.4.4/27

WWW/vlan 5

3

202.10.2.3/24

外部网络

4

202.10.3.3/24

外部网络

分vlan                                                                                                                                                            

  • Switch-PT Switch 1
复制代码
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#interface fa1/1
Switch(config-if)#switchport mode trunk

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up

Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

 

  • 同理Switch 2, 3, 4和Multilayer Switch 1

  • 使研发部(vlan6)只能访问行政部(vlan4)打卡上班

    同时满足不能访问财务部(vlan2),销售部(vlan3),服务器群(vlan5)。

  Router3

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.1.0 0.0.0.31 area 0
Router(config-router)#network 192.168.2.0 0.0.0.31 area 0
Router(config-router)#network 192.168.3.0 0.0.0.31 area 0
Router(config-router)#network 192.168.4.0 0.0.0.31 area 0
Router(config-router)#network 192.168.5.0 0.0.0.31 area 0
Router(config-router)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

  测试结果

复制代码
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/27 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0
     192.168.2.0/27 is subnetted, 1 subnets
C       192.168.2.0 is directly connected, FastEthernet1/0
     192.168.3.0/27 is subnetted, 1 subnets
C       192.168.3.0 is directly connected, FastEthernet6/0
     192.168.4.0/27 is subnetted, 1 subnets
C       192.168.4.0 is directly connected, FastEthernet7/0
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
R    192.168.6.0/24 [120/1] via 192.168.5.2, 00:00:26, Serial2/0
Router#
View Code
复制代码

 

  Router2

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.5.0 0.0.0.15 area 0
Router(config-router)#
01:24:19: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.1 on Serial2/0 from LOADING to FULL, Loading Done
Router(config-router)#network 192.168.6.0 0.0.0.15 area 0
Router(config-router)#
Router(config-router)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

 

  测试结果

复制代码
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.1.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.1.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.2.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.2.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.3.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.3.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.4.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.4.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
     192.168.6.0/28 is subnetted, 1 subnets
C       192.168.6.0 is directly connected, FastEthernet0/0
Router#
View Code
复制代码

 

  Router3

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip access-list standard david       //配置名为david的IP标准访问控制列表   
Router(config-std-nacl)#permit 192.168.3.0 0.0.0.31          //允许192.168.3.0网段通过
Router(config-std-nacl)#deny 192.168.1.0 0.0.0.31           //禁止192.168.1.0网段通过
Router(config-std-nacl)#deny 192.168.2.0 0.0.0.31 
Router(config-std-nacl)#deny 192.168.4.0 0.0.0.31 
Router(config-std-nacl)#exit
Router(config)#interface se2/0
Router(config-if)#ip access-group david out //将名为david的IP标准访问控制列表应用到se2/0端口
Router(config-if)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

  测试结果

复制代码
show running-config
Building configuration...

Current configuration : 1355 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.2.1 255.255.255.224
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 192.168.5.1 255.255.255.240
 ip access-group david out
 clock rate 64000
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
!
interface FastEthernet5/0
 no ip address
 shutdown
!
interface FastEthernet6/0
 ip address 192.168.3.1 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet7/0
 ip address 192.168.4.1 255.255.255.224
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.1.0 0.0.0.31 area 0
 network 192.168.2.0 0.0.0.31 area 0
 network 192.168.3.0 0.0.0.31 area 0
 network 192.168.4.0 0.0.0.31 area 0
 network 192.168.5.0 0.0.0.31 area 0
!
router rip
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
 network 192.168.5.0
!
ip classless
!
!
ip access-list standard david
 permit 192.168.3.0 0.0.0.31
 deny 192.168.1.0 0.0.0.31
 deny 192.168.2.0 0.0.0.31
 deny 192.168.4.0 0.0.0.31
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
!
End
View Code
复制代码

建立企业局域网                                                                                                                                                

  Router3

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip address 192.168.1.1 255.255.255.224
Router(config-subif)#exit
Router(config-if)#end

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa1/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa1/0.1

%LINK-5-CHANGED: Interface FastEthernet1/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 3  // /封装802.1q协议,并把该端口划分到vlan 3
Router(config-subif)#ip address 192.168.2.1 255.255.255.224
Router(config-subif)#exit
Router(config)#interface fa6/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa6/0.1

%LINK-5-CHANGED: Interface FastEthernet6/0.1, changed state to up
Router(config-subif)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet6/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 4
Router(config-subif)#ip address 192.168.3.1 255.255.255.224
Router(config-subif)#exit
Router(config)#interface fa7/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa7/0.1

%LINK-5-CHANGED: Interface FastEthernet7/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet7/0.1, changed state to up
Router(config-subif)#
Router(config-subif)#encapsulation dot1q 5
Router(config-subif)#ip address 192.168.4.1 255.255.255.224
Router(config-subif)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

  测试结果

复制代码
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/27 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0.1
     192.168.2.0/27 is subnetted, 1 subnets
C       192.168.2.0 is directly connected, FastEthernet1/0.1
     192.168.3.0/27 is subnetted, 1 subnets
C       192.168.3.0 is directly connected, FastEthernet6/0.1
     192.168.4.0/27 is subnetted, 1 subnets
C       192.168.4.0 is directly connected, FastEthernet7/0.1
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
     192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.6.0/24 [120/1] via 192.168.5.2, 00:00:04, Serial2/0192.168.6.0/28 [110/782] via 192.168.5.2, 00:24:24, Serial2/0
View Code
复制代码

部门之间不能相互访问                                                                                                                                       

  Router3

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 1 deny 192.168.1.2
Router(config)#access-list 1 permit any
Router(config)#int fa1/0.1
Router(config-subif)#ip access-group 1 in
Router(config-subif)#ip access-group 1 out
Router(config-subif)#exit
Router(config)#int fa6/0.1
Router(config-subif)#ip access-group 1 out
Router(config-subif)#ip access-group 1 in
Router(config-subif)#exit
Router(config)#access-list 2 deny 192.168.2.2
Router(config)#access-list 2 permit any
Router(config)#in fa6/0.1
Router(config-subif)#ip access-group 2 in
Router(config-subif)#ip access-group 2 out
Router(config-subif)#exit
Router(config)#access-list 3 deny 192.168.3.2
Router(config)#access-list 3 permit any
Router(config)#int fa0/0.1
Router(config-subif)#ip access-group 3 out
Router(config-subif)#ip access-group 3 in
View Code
复制代码

访问外网                                                                                                                                                         

  防火墙1设置NAT

复制代码
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int s2/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source static 192.168.7.2 202.10.0.2
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

 

  测试结果

Router#show ip nat trans
Pro  Inside global     Inside local       Outside local      Outside global
---  202.10.0.2        192.168.7.2        ---                ---
View Code

  访问公网配置

复制代码
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip add 192.168.7.3 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#route rip
Router(config-router)#ver 2
Router(config-router)#no au
Router(config-router)#net 192.168.7.0
Router(config-router)#default-information originate
Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

  测试结果

复制代码
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.1.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.2.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.3.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.4.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.5.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.6.0/24 [120/2] via 192.168.7.1, 00:00:00, FastEthernet4/0
C    192.168.7.0/24 is directly connected, FastEthernet4/0
C    202.10.0.0/24 is directly connected, Serial2/0
Router#
View Code
复制代码

 

  允许网段通过路由出去

复制代码
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.31
Router(config)#access-list 1 permit 192.168.2.0 0.0.0.31
Router(config)#access-list 1 permit 192.168.3.0 0.0.0.31
Router(config)#int s2/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip nat inside
Router(config-if)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip route 0.0.0.0 0.0.0.0 s2/0
Router(config)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
View Code
复制代码

设置A区域内部服务器群                                                                                                                                    

  WWW服务器配置

开启HTTP服务,同时关闭在此服务器上的DNS、FTP、MAIL和DHCP服务,即单击左侧MAIL,SMTP Service、POP3 Service 设置为 off,其他服务保持不变。

从PC0访问内部www服务器:

  FTP 服务器配置

配置FTP服务器,关闭在此服务器上的DHCP、DNS、MAIL、WEB服务(Service),其他服务不变,操作过程类似于DHCP配置过程,在此只针对FTP配置:

Service(服务状态):On(开),添加User Name(用户名)和Password(密码),每个用户都勾选上Write(可写)、Read(可读)、Delete(删除)、Rename(重命名)、List(列表),每次添加最后要点击 +(添加)到滚动文本区域里。

  E-MAIL服务器配置

配置MAIL服务器,关闭在此服务器上的DHCP、DNS、FTP、WEB服务(Service),其他服务不变,操作过程类似于DHCP配置过程,在此只针对EMAIL配置:

SMTP Service 、POP3 Service(服务状态):On(开)Domain Name(域名):mail.yyd.com分别添加2个User (用户)和Password(密码),每次添加最后要点击 +(添加)到滚动文本区域里。

办公室外销售人员访问销售部                                                                                                                             

  Switch-PC Switch 1

复制代码
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int vlan 3      //interface vlan 3

%LINK-5-CHANGED: Interface Vlan3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
Switch(config-if)#ip address 192.168.2.1 255.255.255.224  //设置交换机ip 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#enable password 123456   //设置进入特权模式的密码为123456
Switch(config)#line vty 0 4
Switch(config-line)#password yydyyd    //设置远程登录密码为yydyyd
Switch(config-line)#login
Switch(config-line)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Switch#
View Code
复制代码

将远程登录设置了密码,这样internet上的人不知道密码的话就无法访问,而销售人员知道密码就可以访问。

上班时间不能QQ聊天、浏览非法网页                                                                                                                  

  Router3

复制代码
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#time-range nowork
Router(config-time-range)#periodic weekend 000 to 23:59//从星期六:00到星期天23:59
Router(config)#access-list 101 deny tcp any any time-range work1
Router(config)#access-list 101 permit tcp any 192.168.1.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.2.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.3.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.4.2 0.0.0.31 time-range nowork
Router(config)#int fa0/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa1/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa6/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa7/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
View Code
复制代码

  同理Router2

 

总结                                                                                                                                                                

   这个是我在大二上的时候,这差不多这个时候,做路由器课程设计的时候老师叫做的,当时就只有我做的比较完善,心中暗自得意,哈哈哈哈。

  希望这个对你们有帮助,写的稍微有点乱哈。

  当时老师说到公司A地与公司B地联系的话是用VPN建立,后来不知道怎么的也就没做了。

 

 

 转载请注明出处:http://www.cnblogs.com/yydcdut/p/3520838.html

posted @   我爱物联网  阅读(5426)  评论(1编辑  收藏  举报
编辑推荐:
· go语言实现终端里的倒计时
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
阅读排行:
· 周边上新:园子的第一款马克杯温暖上架
· 分享 3 个 .NET 开源的文件压缩处理库,助力快速实现文件压缩解压功能!
· Ollama——大语言模型本地部署的极速利器
· DeepSeek如何颠覆传统软件测试?测试工程师会被淘汰吗?
· 使用C#创建一个MCP客户端
AmazingCounters.com
点击右上角即可分享
微信分享提示
AI IDE Trae