一个具体的网络规划

　　公司新搬了地方，新地方的网络进行了重新规划，在搬家期间，参与了相关的规划和实施过程，让我受益非浅，现摘录如下：公司现有PC数量近500台，服务器的数量有近20台，新厂为增加网络的稳定性和易管理性，在原有的基础上采购了两台CISCO 3750(核心层)，10台CISCO CE500(楼间层)，28台3COM(桌面层)的桌面型交换机，2台CISCO 2600，需要实现的要求如下：

　　１：两台3750作为核心交换，堆叠．

　　２：网络划分为7个VLAN，其中分为默认区(192.168.88.x)，服务器网段(192.168.42.x)，办公区(192.168.40.x 192.168.43.x)，制造区(192.168.41.x)，无线区(192.168.44.x)和其它区(192.168.46.x)．

　　３：各个网段中客户端的IP通过服务器DHCP分配．

　　４：服务器段里的服务器接入3750以实1G的接入速度．

　　５：办公区中电脑以前安装有多台打印服务器，网段为42.x，为了简化客户端操作，需在楼间层CE500上设置其它的桌面交换机分属不同的网段．

　　６：各个办公区的电脑通过域服务器的用户名验证经Watch Guard防火墙控制其上网权限，因为有外厂客户访问，所以设置无线区实现无限制的外网连接．但是由交换机控制其不能进行内网访问．

网络结构图

Ce500 设置图

DHCP

no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3750stack
!
enable password cisc0
!
no aaa new-model
switch 1 provision ws-c3750g-24ts
switch 2 provision ws-c3750g-24ts
vtp mode transparent
ip subnet-zero
ip routing
ip dhcp relay information trust-all
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name server
!
vlan 3
name mfga
!
vlan 4
name mfgb
!
vlan 5
name office
!
vlan 6
name internet
!
vlan 7
name wireless
!
interface GigabitEthernet1/0/1
description B Zone connect to 3com number 1
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description B Zone connect to 3com number 2
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description B Zone connect to 3com number 3
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/4
description B Zone connect to 3com number 4
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description B Zone connect to 3com number 5
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description B Zone connect to 3com number 6
switchport access vlan 4
spanning-tree portfast
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
description connect to CE500 Vlan for test
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/14
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/15
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/18
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/19
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/20
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/21
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/22
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/23
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/24
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet1/0/25
description D Zone connect to CE500
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/26
description D Zone connect to CE500
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/27
description D Zone connect to CE500
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/28
description D Zone connect to CE500
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet2/0/1
description connect to internet
switchport access vlan 6
spanning-tree portfast
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
switchport access vlan 3
!
interface GigabitEthernet2/0/7
switchport access vlan 7
!
interface GigabitEthernet2/0/8
switchport access vlan 7
!
interface GigabitEthernet2/0/9
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/10
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/11
description connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/12
description connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/13
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/14
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/15
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/16
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/17
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/18
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/19
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/20
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/21
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/22
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/23
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/24
description C Zone connect to server
switchport access vlan 2
spanning-tree portfast
!
interface GigabitEthernet2/0/25
description connect to A Zone CE500
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/26
switchport access vlan 4
!
interface GigabitEthernet2/0/27
switchport access vlan 4
!
interface GigabitEthernet2/0/28
switchport access vlan 4
!
interface Vlan1
ip address 192.168.88.2 255.255.255.0
!
interface Vlan2
description Server network
ip address 192.168.42.2 255.255.255.0
ip helper-address 192.168.42.21
!
interface Vlan3
description D Zone F/2/3/4
ip address 192.168.41.2 255.255.255.0
ip helper-address 192.168.42.21
!
interface Vlan4
description B Zone office
ip address 192.168.43.2 255.255.255.0
ip helper-address 192.168.42.21
!
interface Vlan5
description A Zone office
ip address 192.168.40.2 255.255.255.0
ip helper-address 192.168.42.21
!
interface Vlan6
ip address 192.168.46.2 255.255.255.0
ip access-group qq out
!
interface Vlan7
description wireless
ip address 192.168.44.2 255.255.255.0
ip helper-address 192.168.42.21
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.46.11
ip route 10.2.8.0 255.255.255.0 192.168.42.11
ip route 192.168.0.0 255.255.255.0 192.168.42.1
no ip http server