企业网络配置综合模拟

模拟环境概述：

局域网分两层，接入层和汇聚层。接入层配置 vlan ，其接入的计算机有汇聚层核心交换机提供的 dhcp 服务，为接入不同 vlan 的计算机提供 dhcp 服务。同时汇聚交换机又提供 NAT 服务，将内网 ip 映射到全局地址池，再通过路由器访问外网。实验要求内网 pc 能访问外网 www 和 dns 服务器（ 219.149.194.55 ）， vlan 间能互相通信， pc 能自动获取 ip 。本实验只是模拟企业网络的模型。很多配置和网络拓扑设计还不完整。但已是综合性很强的实验了。拓扑是自己假设的，和有些企业网络有些接近了。实验我用了一个晚上来完成，为了大家都看明白，拓扑图标得很仔细。不足之处请提出高贵意见。我们共同探讨。下面我们来开始实验。

拓扑图如下：

 

S1交换机配置

基本配置

Switch>enable

Switch#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#hostname s1     

s1(config)#line console 0           

s1(config-line)#logging synchronous         

s1(config-line)#exec-timeout 0 0  

s1(config-line)#exit

s1(config)#vlan 10         

s1(config-vlan)#name caiwu      

s1(config-vlan)#exit

s1(config)#vlan 20         

s1(config-vlan)#name renshi 

s1(config-vlan)#exit

分配vlan

s1(config)#interface f0/1    

s1(config-if)#switchport mode access

s1(config-if)#switchport access vlan 20

s1(config-if)#no shutdown

s1(config-if)#exit

s1(config)#interface f0/2

s1(config-if)#switchport mode access

s1(config-if)#switchport access vlan 10

s1(config-if)#no shutdown

s1(config-if)#exit

s1(config)#interface g1/1

s1(config-if)#switchport mode trunk

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up

 

s1(config-if)#no shutdown

s1(config-if)#exit

s1(config)#

 

s2配置

基本配置

Switch>enable

Switch#configure t

Switch(config)#hostname s2

s2(config)#line console 0

s2(config-line)#logging synchronous

s2(config-line)#exec-timeout 0 0

s2(config-line)#exit

s2(config)#vlan 10

s2(config-vlan)#name caiwu

s2(config-vlan)#exit

s2(config)#vlan 20

s2(config-vlan)#name renshi     

s2(config-vlan)#exit

分配vlan

s2(config)#interface f0/2

s2(config-if)#switchport mode access

s2(config-if)#switchport access vlan 10

s2(config-if)#no shutdown

s2(config-if)#exit

s2(config)#interface f0/1

s2(config-if)#switchport mode access

s2(config-if)#switchport access vlan 20

s2(config-if)#no shutdown

s2(config-if)#exit

s2(config)#interface g1/1

s2(config-if)#switchport mode trunk

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up

s2(config-if)#

s2(config-if)#no shutdown

s2(config-if)#exit

s2(config)#

 

核心交换机配置

基本配置

Switch>enable

Switch#configure terminal

Switch(config)#hostname huiju

huiju(config)#line console 0

huiju(config-line)#logging synchronous

huiju(config-line)#exec-timeout 0 0

huiju(config-line)#exit

huiju(config)#ip routing

huiju(config)#interface g0/1

huiju(config-if)#switchport

huiju(config-if)#switchport mode trunk

huiju(config-if)#no shutdown

huiju(config-if)#exit

huiju(config)#interface g0/2

huiju(config-if)#switchport

huiju(config-if)#switchport mode trunk

huiju(config-if)#no shutdown

huiju(config-if)#exit

huiju(config)#interface f0/1

huiju(config-if)#no switchport       

huiju(config-if)#ip address 200.200.200.1 255.255.255.0           

huiju(config-if)#no shutdown    

huiju(config-if)#

创建vlan

huiju(config)#vlan 10

huiju(config-vlan)#name caiwu

huiju(config-vlan)#exit

huiju(config)#vlan 20

huiju(config-vlan)#name renshi

huiju(config-vlan)#exit

huiju(config)#interface vlan 10

 

%LINK-5-CHANGED: Interface Vlan10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to uphuiju(config-if)#

huiju(config-if)#ip address 192.168.1.254 255.255.255.0

huiju(config-if)#no shutdown

huiju(config-if)#exit

huiju(config)#interface vlan 20

 

%LINK-5-CHANGED: Interface Vlan20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to uphuiju(config-if)#

huiju(config-if)#ip address 192.168.2.254 255.255.255.0

huiju(config-if)#no shutdown

huiju(config-if)#

 

开启dhcp服务

huiju(config)#ip dhcp pool caiwu      

huiju(dhcp-config)#network 192.168.1.0 255.255.255.0      

huiju(dhcp-config)#default-router 192.168.1.254          

huiju(dhcp-config)#dns-server 219.149.194.55        

huiju(dhcp-config)#exit

huiju(config)#ip dhcp pool renshi            

huiju(dhcp-config)#network 192.168.2.0 255.255.255.0 

huiju(dhcp-config)#default-router 192.168.2.254         

huiju(dhcp-config)#dns-server 219.149.194.55        

huiju(dhcp-config)#exit

huiju(config)#

huiju(config)#ip dhcp excluded-address 192.168.1.254       

huiju(config)#ip dhcp excluded-address 192.168.2.254

 

 

验证各网段pc能自动获取ip

 

 

 

 

验证各vlan间pc能通讯

 

 

默认路由

huiju(config)#ip route 0.0.0 .0 0.0.0.0 200.200.200.2            

huiju(config)#access-list 1 permit 192.168.1.0 0.0.0 .255           

huiju(config)#access-list 2 permit 192.168.2.0 0.0.0 .255           

huiju(config)#ip nat inside source list 1 interface f0/1         

huiju(config)#ip nat pool globle_renshi 200.200.200.3 200.200.200.5 netmask 255.255.255.0        

huiju(config)#ip nat inside source list 2 pool globle_renshi overload     //端口复用 nat ，命令格式： ip nat inside source list list-number pool 内部全局地址池名 overload

huiju(config)#interface vlan 10        

huiju(config-if)#ip nat inside    

huiju(config-if)#exit

huiju(config)#interface vlan 20        

huiju(config-if)#ip nat inside     

huiju(config-if)#exit

huiju(config)#interface f0/1

huiju(config-if)#ip nat outside  

huiju(config-if)#end

huiju#

显示配置结果

huiju#show ip nat statistics

Total translations: 0 (0 static, 0 dynamic, 0 extended)

Outside Interfaces: FastEthernet0/1

Inside Interfaces: Vlan10 , Vlan20

Hits: 10  Misses: 12

Expired translations: 12

Dynamic mappings:

-- Inside Source

access-list 2 pool globle_renshi refCount 0

 pool globle_renshi: netmask 255.255.255.0

       start 200.200.200.3 end 200.200.200.5

       type generic, total addresses 3 , allocated 0 (0%), misses 0

 

 

 

huiju#show ip nat translations

Pro  Inside global     Inside local       Outside local      Outside global

icmp 200.200.200.1:21  192.168.1.1:21     200.200.200.2:21   200.200.200.2:21

icmp 200.200.200.1:22  192.168.1.1:22     200.200.200.2:22   200.200.200.2:22

icmp 200.200.200.1:23  192.168.1.1:23     200.200.200.2:23   200.200.200.2:23

icmp 200.200.200.1:24  192.168.1.1:24     200.200.200.2:24   200.200.200.2:24

 

Pro  Inside global     Inside local       Outside local      Outside global

icmp 200.200.200.3:1   192.168.2.1:1      200.200.200.2:1    200.200.200.2:1

icmp 200.200.200.3:2   192.168.2.1:2      200.200.200.2:2    200.200.200.2:2

icmp 200.200.200.3:3   192.168.2.1:3      200.200.200.2:3    200.200.200.2:3

icmp 200.200.200.3:4   192.168.2.1:4      200.200.200.2:4    200.200.200.2:4

 

Pro  Inside global     Inside local       Outside local      Outside global

icmp 200.200.200.1:1   192.168.1.2:1      200.200.200.2:1    200.200.200.2:1

icmp 200.200.200.1:2   192.168.1.2:2      200.200.200.2:2    200.200.200.2:2

icmp 200.200.200.1:3   192.168.1.2:3      200.200.200.2:3    200.200.200.2:3

icmp 200.200.200.1:4   192.168.1.2:4      200.200.200.2:4    200.200.200.2:4

icmp 200.200.200.3:2   192.168.2.1:2      200.200.200.2:2    200.200.200.2:2

icmp 200.200.200.3:3   192.168.2.1:3      200.200.200.2:3    200.200.200.2:3

icmp 200.200.200.3:4   192.168.2.1:4      200.200.200.2:4    200.200.200.2:4

 

huiju#

 

ISP路由器配置

Router>enable

Router#configure terminal

Router(config)#hostname ISP

ISP(config)# line console 0

ISP(config-line)#logging synchronous

ISP(config-line)#exec-timeout 0 0

ISP(config-line)#exit

ISP(config)#interface s0/1/0

ISP(config-if)#ip address 219.149.2.3 255.255.255.0

ISP(config-if)#no shutdown

ISP(config-if)#exit

ISP(config)#interface f0/1

ISP(config-if)#ip address 219.149.194.1 255.255.255.0

ISP(config-if)#no shutdown

ISP(config-if)#exit

ISP(config)#interface f0/0

ISP(config-if)#ip address 219.149.200.2 255.255.255.0

ISP(config-if)#no shutdown

ISP(config-if)#

 

 

本地路由器配置

bendi_router>enable

bendi_router#configure terminal

bendi_router(config)#line console 0

bendi_router(config-line)#logging syn

bendi_router(config-line)#exec-timeout 0 0

bendi_router(config-line)#exit

bendi_router(config)#

bendi_router(config)#interface f0/0

bendi_router(config-if)#ip address 200.200.200.2 255.255.255.0

bendi_router(config-if)#no shutdown

bendi_router(config)#

bendi_router(config)#interface s0/2/0

bendi_router(config-if)#clock rate 64000

bendi_router(config-if)#ip address 219.149.2.2 255.255.255.0

bendi_router(config-if)#no shutdown

 

到现在我们已经配置好内部局域网，现在对路由器进一步配置，让内网可访问dns和www服务器

ISP 路由器配置静态路由

ISP(config)#ip route 200.200.200.0 255.255.255.0 219.149.2.2

本地路由器配置静态路由

bendi_router(config)#ip route 219.149.194.0 255.255.255.0 219.149.2.3

bendi_router(config)#ip route 219.149.200.0 255.255.255.0 219.149.2.3

至此完成实验。我们来验证结果

本文出自 “理想彼岸” 博客，转载请与作者联系！