计算机网络——静态可互联访问的多公司局域网的配置(Cisco)
可互联访问的多公司局域网的配置
- 概述
- 原理描述
- 互联网部分
- 公司A部分
- 公司B部分
- 操作流程
- 公网网络配置
- 公网IP的配置
- 公网路由的配置
- 公司A网络配置
- 主机IP配置
- 服务器IP配置
- 二层交换机网络配置
- 三层交换机网络配置
- 公司B网络配置
- nat地址映射及网络配置
- 三层交换机配置
- 结点路由配置
- 地址封装配置
- DNS服务器配置
概述
在当前的网络环境中,网络互联访问往往需要通过公网上的DNS服务器的辅助以及网络映射从而达到互联访问的目的。本次介绍如何创建两个公司通过互联网进行互联访问的网络配置。
原理描述
设计主体为公司内部进行通信,各个主机可通过IP地址访问本公司内的服务器,其他公司可通过域名访问本公司服务器。公网互联网采用静态路由配置。
互联网部分
- 公网部分服务器为DNS服务器,IP:8.8.8.8
- 路由器6为公司A路由器,对外接口地址分别为12.12.12.1和13.13.13.1;对内接口地址为192.168.10.2
- 路由器1左侧接口IP为12.12.12.2,右侧接口IP为23.23.23.1
- 路由器2左侧接口IP为13.13.13.2,右侧接口IP为34.34.34.1
- 路由器15服务器接口IP为8.8.8.9,左上接口IP为23.23.23.2,左下接口IP为34.34.34.2;右侧IP为45.45.45.1
- 路由器4左侧对外接口IP为45.45.45.2,右侧对内IP192.168.10.2
公司A部分
- 左侧两台主机pc0和pc1为部门1,属于vlan10网段,右侧两台主机pc2和pc3为部门2,属于vlan20网段。
- 二层交换机划分vlan接口
- 三层交换机划分vlan以及同公司内路由器的连接
- 服务器交换机划分vlan与服务器连接
- 服务器IP为10.0.0.1
公司B部分
公司B与公司A配置相同
操作流程
公网网络配置
公网IP的配置
首先按针对各个路由器及其各个端口分配ip地址
R6
Router>enable
Password:
outer#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int gigabitEthernet 0/2
Router(config-if)#ip address 12.12.12.1 255.255.255.0
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 192.168.10.2 255.255.255.0
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 13.13.13.1 255.255.255.0
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.10.2 YES manual up up
GigabitEthernet0/1 13.13.13.1 YES manual up up
GigabitEthernet0/2 12.12.12.1 YES manual up up
Vlan1 unassigned YES unset administratively down downR1
Router>enable
Password:
outer#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 12.12.12.2 255.255.255.0
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 23.23.23.1 255.255.255.0
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 23.23.23.1 YES manual up up
GigabitEthernet0/1 12.12.12.2 YES manual up up
Vlan1 unassigned YES unset administratively down downR2
Router>enable
Password:
outer#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 34.34.34.1 255.255.255.0
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 13.13.13.2 255.255.255.0
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 13.13.13.2 YES manual up up
GigabitEthernet0/1 34.34.34.1 YES manual up up
Vlan1 unassigned YES unset administratively down downR15
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 23.23.23.2 255.255.255.0
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 34.34.34.2 255.255.255.0
Router(config-if)#exit
Router#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Router(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Router(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Router(vlan)#exit
Router#configure terminal
Router(config)#int vlan10
Router(config-if)#ip address 8.8.8.9 255.255.255.0
Router(config)#int vlan20
Router(config-if)#ip address 45.45.45.2 255.255.255.0
Router(config)#int f 0/0/1
Router(config-if)#switchport mode access
Router(config-if)#switchport access vlan 10
Router(config)#int f 0/0/0
Router(config-if)#switchport mode access
Router(config-if)#switchport access vlan 20
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 34.34.34.2 YES manual up up
GigabitEthernet0/1 23.23.23.2 YES manual up up
FastEthernet0/0/0 unassigned YES unset up up
FastEthernet0/0/1 unassigned YES unset up up
FastEthernet0/0/2 unassigned YES unset up down
FastEthernet0/0/3 unassigned YES unset up down
Vlan1 unassigned YES unset administratively down down
Vlan10 8.8.8.9 YES manual up up
Vlan20 45.45.45.2 YES manual up upR4
Router>enable
Password:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int gigabitEthernet 0/1
Router(config-if)#ip address 192.168.10.2 255.255.255.0
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip address 45.45.45.1 255.255.255.0
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 45.45.45.1 YES manual up up
GigabitEthernet0/1 192.168.10.2 YES manual up up
Vlan1 unassigned YES unset administratively down down公网路由的配置
接下来就是公网静态路由的配置
R6
Router(config)#ip route 23.23.23.0 255.255.255.0 12.12.12.2
Router(config)#ip route 34.34.34.0 255.255.255.0 13.13.13.2
Router(config)#ip route 8.8.8.0 255.255.255.0 12.12.12.2 10
Router(config)#ip route 8.8.8.0 255.255.255.0 13.13.13.2 20
Router(config)#ip route 45.45.45.0 255.255.255.0 12.12.12.2 10
Router(config)#ip route 45.45.45.0 255.255.255.0 13.13.13.2 20R1
Router(config)#ip route 13.13.13.0 255.255.255.0 12.12.12.1
Router(config)#ip route 34.34.34.0 255.255.255.0 23.23.23.2
Router(config)#ip route 8.8.8.0 255.255.255.0 23.23.23.2
Router(config)#ip route 45.45.45.0 255.255.255.0 23.23.23.2R2
Router(config)#ip route 12.12.12.0 255.255.255.0 13.13.13.1
Router(config)#ip route 23.23.23.0 255.255.255.0 34.34.34.2
Router(config)#ip route 8.8.8.0 255.255.255.0 34.34.34.2
Router(config)#ip route 45.45.45.0 255.255.255.0 34.34.34.2R15
Router(config)#ip route 12.12.12.0 255.255.255.0 23.23.23.1
Router(config)#ip route 13.13.13.0 255.255.255.0 34.34.34.1R4
Router(config)#ip route 0.0.0.0 0.0.0.0 45.45.45.2以上我们的公网IP和路由就配置完毕
公司A网络配置
主机IP配置
首先针对主机分配IP地址及vlan
| 主机 | IP及vlan |
|---|---|
| pc0 | 192.168.1.1 ---- vlan10 |
| pc1 | 192.168.1.2 ---- vlan10 |
| pc2 | 192.168.2.1 ---- vlan20 |
| pc3 | 192.168.2.2 ---- vlan20 |
以上主机所有DNS均为8.8.8.8,网关为其网段的倒数第二位(如192.168.1.254是pc0和pc1的网关)
服务器IP配置
针对服务器,其配置如下:
| 配置 | 信息 |
|---|---|
| IP | 10.0.0.1 |
| 网关 | 10.0.0.254 |
| DNS | 8.8.8.8 |
二层交换机网络配置
下面是二层交换机配置
S0
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#int f 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config)#int f 0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config)#int f 0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config)#int f 0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config)#int f 0/5
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan allS1
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
Switch(config)#int f 0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config)#int f 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan all
三层交换机网络配置
接下来就是三层交换机的配置
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#int vlan10
Switch(config-if)#ip address 192.168.1.254 255.255.255.0
Switch(config)#int vlan20
Switch(config-if)#ip address 192.168.2.254 255.255.255.0
Switch(config)#int vlan30
Switch(config-if)#ip address 10.0.0.254 255.255.255.0
Switch(config-if)#int f 0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan all
Switch(config-if)#int f 0/2
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk allowed vlan all
Switch(config)#ip routing公司B网络配置
公司B的网络配置同公司A的网络配置一致
nat地址映射及网络配置
本次配置主要目的是将公司网络连接到互联网,并通过DNS服务器使其他公司可以访问
三层交换机配置
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2
VLAN 2 added:
Name: VLAN0002
Switch(config)#int vlan2
Switch(config-if)#ip address 192.168.10.1 255.255.255.0
Switch(config-if)#int f 0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.2结点路由配置
R6
Router(config)#ip access-list standard 10
Router(config-std-nacl)#permit any
Router(config)#int g 0/0
Router(config-if)#ip nat inside
Router(config)#int g 0/2
Router(config-if)#ip nat outside
Router(config)#ip nat inside source list 10 interface g 0/2
Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.10.1
Router(config)#ip route 192.168.2.0 255.255.255.0 192.168.10.1
Router(config)#ip route 10.0.0.0 255.255.255.0 192.168.10.1R4的配置同R6
地址封装配置
R6
Router(config)#ip nat inside source static tcp 10.0.0.1 80 12.12.12.1 80R4
Router(config)#ip nat inside source static tcp 10.0.0.1 80 45.45.45.1 80DNS服务器配置
打开公网中的DNS服务器,找到service中的DNS
开启DNS服务添加映射域名及其地址