中小企业网络结构设计2(思科版)
要求:
1
、使用思科路由器与ISP相连,专线接入。
2
、内部网络使用三层交换机,下接若干VLAN;
3
、VLAN间不能互访,VLAN通过路由NAT上网
设计思路:
1
、
路由器上配置NAT转换,默认路由至ISP,静态路由至三层交换机
2
、
三层交换机上划VLAN,实现VLAN间路由,至路由器默认路由;
3
、
三层交换机上做ACL列表演,写实现VLAN间互相隔离技术。
PS
:
笔者原做过一个华为的中小企业网络结构设计,
有网友许多问题是否可以提供一个思科版式的,因此在参照原来下载的资料中的脚本和拓扑,编写了本文。
本例中基实也可以不要三层交换机,直接在路由器上做单臂也可以。只是不适合复杂的网络和发展。单臂路由的应用以后再起文讨论。
接ISP的可以是电口也可以是串口,本例以串口为例。
不同的二层支持的封装方式不同,我这里使用dot11,可以兼容华为的产品。
在二层配置中也列出了SNMP的配置(其实是我原有的配置中就有,懒得删),可供参考,三层中配置方式基本上一样。
因上传仓促配置出了些错误,在此谢谢“lu_ning78、daocaoren0311 ”的提醒。本文旨在抛砖引玉,
配置文件如下:
一、路由器配置 ROUTER1
Router1#show run
Building configuration...
Current configuration : 989 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface Serial1/0
ip address 172.16.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
ip route 192.168.0.0 255.255.0.0 192.168.0.2
!
!
ip nat inside source list 101 interface Serial1/0 overload
!
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
End
二、三层交换机SW1
sw1#show run
Building configuration...
Current configuration : 1284 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sw1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
interface FastEthernet1/0
!
interface FastEthernet1/1
no switchport
ip address 192.168.0.2 255.255.255.0
!
interface FastEthernet1/2
!
interface FastEthernet1/3
desc to_sw2
speed 100
duplex full
switchport mode trunk
switchport trunk allowed vlan 10
!
!
interface FastEthernet1/4
desc to_sw3
speed 100
duplex full
switchport mode trunk
switchport trunk allowed vlan 20
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip access-group 101 in
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
no ip http server
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
!
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit ip any any
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
!
End
三、二层交换机SW2
SW2#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sw2
!
enable secret 5 $1$VNwo$L6oFFQa3
enable password 7 130D02131C09
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 10
!
interface FastEthernet0/3
switchport access vlan 10
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
switchport access vlan 10
!
interface FastEthernet0/6
switchport access vlan 10
!
interface FastEthernet0/7
switchport access vlan 10
!
interface FastEthernet0/8
switchport access vlan 10
!
interface FastEthernet0/9
switchport access vlan 10
!
interface FastEthernet0/10
switchport access vlan 10
!
interface FastEthernet0/11
switchport access vlan 10
!
interface FastEthernet0/12
switchport access vlan 10
!
interface FastEthernet0/13
switchport access vlan 10
!
interface FastEthernet0/14
switchport access vlan 10
!
interface FastEthernet0/15
switchport access vlan 10
!
interface FastEthernet0/16
switchport access vlan 10
!
interface FastEthernet0/17
switchport access vlan 10
!
interface FastEthernet0/18
switchport access vlan 10
!
interface FastEthernet0/19
switchport access vlan 10
interface FastEthernet0/20
switchport access vlan 10
!
interface FastEthernet0/21
switchport access vlan 10
!
interface FastEthernet0/22
switchport access vlan 10
!
interface FastEthernet0/23
switchport access vlan 10
!
interface FastEthernet0/24
desc to-sw1
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
!
!
interface VLAN10
ip address 192.168.10.10 255.255.255.0
!
ip default-gateway 192.168.10.1
snmp-server engineID local 000000090200000142B1E200
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x0E
!
line con 0
password 7 03174C0605417
transport input none
stopbits 1
line vty 0 4
password 7 03174C0605417
login
line vty 5 14
password 7 03174C06054171
login
line vty 15
password 7 141F070A1B01
login
!
end
四、二层交换机SW3
SW3#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sw3
!
enable secret 5 $1$VNwo$L6oFFQa3
enable password 7 130D02131C09
!
!
!
interface FastEthernet0/1
switchport access vlan 20
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
switchport access vlan 20
!
interface FastEthernet0/5
switchport access vlan 20
!
interface FastEthernet0/6
switchport access vlan 20
!
interface FastEthernet0/7
switchport access vlan 20
!
interface FastEthernet0/8
switchport access vlan 20
!
interface FastEthernet0/9
switchport access vlan 20
!
interface FastEthernet0/10
switchport access vlan 20
!
interface FastEthernet0/11
switchport access vlan 20
!
interface FastEthernet0/12
switchport access vlan 20
!
interface FastEthernet0/13
switchport access vlan 20
!
interface FastEthernet0/14
switchport access vlan 20
!
interface FastEthernet0/15
switchport access vlan 20
!
interface FastEthernet0/16
switchport access vlan 20
!
interface FastEthernet0/17
switchport access vlan 20
!
interface FastEthernet0/18
switchport access vlan 20
!
interface FastEthernet0/19
switchport access vlan 20
interface FastEthernet0/20
switchport access vlan 20
!
interface FastEthernet0/21
switchport access vlan 20
!
interface FastEthernet0/22
switchport access vlan 20
!
interface FastEthernet0/23
switchport access vlan 20
!
interface FastEthernet0/24
desc to-sw1
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20
switchport mode trunk
!
interface VLAN20
ip address 192.168.20.10 255.255.255.0
!
ip default-gateway 192.168.20.1
snmp-server engineID local 000000090200000142B1E200
snmp-server community private RW
snmp-server community public RO
snmp-server chassis-id 0x0E
!
line con 0
password 7 03174C0605417
transport input none
stopbits 1
line vty 0 4
password 7 03174C0605417
login
line vty 5 14
password 7 03174C06054171
login
line vty 15
password 7 141F070A1B01
login
!
end