网络架构图如下:一 网络架构方案设计1.1 方案说明公司网络由核心层和接入层组成,核心层为网络的骨干部分。不同部门使用不同的VLAN把vlan154中的服务器发布到外网,并使VM1可以访问
使vlan155网段可以访问外网管理vlan为vlan100使用ACL增强网络的安全性
1.2 IP地址规划vlan154:172.16.154.0/24网关:172.16.154.254vlan155:172.16.155.0/24网关:172.16.155.254vlan100:172.16.100.0/24网关:172.16.100.254
二 方案的实施建立vlan、配置VTP同步,sw1和sw2操作一致:SW_R(config)#hostname sw_rsw_r(config)#ip routingsw_r(config)#vlan 100sw_r(config-vlan)#vlan 154sw_r(config-vlan)#vlan 155sw_r#show vlan-switch
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3 Fa1/4, Fa1/5, Fa1/6, Fa1/7 Fa1/8, Fa1/9, Fa1/10, Fa1/11 Fa1/12, Fa1/13, Fa1/14, Fa1/15100 VLAN0100 active 154 VLAN0154 active 155 VLAN0155 active
sw_r(config)#int range f1/1 , f1/3sw_r(config-if-range)#sw mode trunksw_r(config)#vtp domain ciscosw_r(config)#vtp password ciscosw_r(config)#vtp mode serversw_r(config)#vtp pruning
sw1(config)#hostname sw1sw1(config)#int f1/1sw1(config-if)#sw mo trsw1(config)#vtp domain ciscosw1(config)#vtp password ciscosw1(config)#vtp mode clientsw1#show vlan-switch
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4 Fa1/5, Fa1/6, Fa1/7, Fa1/8 Fa1/9, Fa1/10, Fa1/11, Fa1/12 Fa1/13, Fa1/14, Fa1/15100 VLAN0100 active 154 VLAN0154 active 155 VLAN0155 active sw1(config)#int range f1/2 – 10sw1(config-if-range)#sw mo accesssw1(config-if-range)#sw ac vlan 154sw1(config)#int range f1/11 – 15sw1(config-if-range)#sw mo accesssw1(config-if-range)#sw ac vlan 155sw1#show vlan-switch
VLAN Name Status Ports—- ——————————– ——— ——————————-1 default active Fa1/0100 VLAN0100 active 154 VLAN0154 active Fa1/2, Fa1/3, Fa1/4, Fa1/5 Fa1/6, Fa1/7, Fa1/8, Fa1/9 Fa1/10155 VLAN0155 active Fa1/11, Fa1/12, Fa1/13, Fa1/14 Fa1/15sw1#show int trunk
Port Mode Encapsulation Status Native vlanFa1/1 on 802.1q trunking 1
Port Vlans allowed on trunkFa1/1 1-1005
配置IP地址:sw_r(config)#int f1/4sw_r(config-if)#no switchportsw_r(config-if)#ip add 192.168.1.1 255.255.255.252sw_r(config-if)#no shsw_r(config)#int vlan 100sw_r(config-if)#ip add 172.16.100.254 255.255.255.0sw_r(config-if)#no sh
sw_r(config-if)#int vlan 154sw_r(config-if)#ip add 172.16.154.254 255.255.255.0sw_r(config-if)#no sh
sw_r(config-if)#int vlan 155sw_r(config-if)#ip add 172.16.155.254 255.255.255.0sw_r(config-if)#no sh
sw_r#show ip int briefInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset up down FastEthernet1/1 unassigned YES unset up up FastEthernet1/2 unassigned YES unset up down FastEthernet1/3 unassigned YES unset up up FastEthernet1/4 192.168.1.1 YES manual up up FastEthernet1/5 unassigned YES unset up down FastEthernet1/6 unassigned YES unset up down FastEthernet1/7 unassigned YES unset up down FastEthernet1/8 unassigned YES unset up down FastEthernet1/9 unassigned YES unset up down FastEthernet1/10 unassigned YES unset up down FastEthernet1/11 unassigned YES unset up down FastEthernet1/12 unassigned YES unset up down FastEthernet1/13 unassigned YES unset up down FastEthernet1/14 unassigned YES unset up down FastEthernet1/15 unassigned YES unset up down Vlan1 unassigned YES unset up up Vlan100 172.16.100.254 YES manual up up Vlan154 172.16.154.254 YES manual up up Vlan155 172.16.155.254 YES manual up up
ROUTER(config)#hostname routerrouter(config)#int f0/0router(config-if)#ip add 192.168.1.2 255.255.255.252router(config-if)#no shrouter(config-if)#int f1/0router(config-if)#ip add 10.1.1.1 255.255.255.252router(config-if)#no shrouter(config-if)#endrouter#show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 192.168.1.2 YES manual up up FastEthernet1/0 10.1.1.1 YES manual up up FastEthernet2/0 unassigned YES unset administratively down down router#ping 192.168.1.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/64 ms
sw1(config-if)#int vlan 100sw1(config-if)#ip add 172.16.100.1 255.255.255.0sw1(config-if)#no shsw1(config)#ip default-gateway 172.16.100.254免费云主机域名sw1#show ip int Vlan 100Vlan100 is up, line protocol is up Internet address is 172.16.100.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes…sw1# ping 172.16.100.254
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:!!!!!
sw3(config)#int vlan 100sw3(config-if)#ip add 172.16.100.3 255.255.255.0sw3(config-if)#no shsw3(config)#ip default-gateway 172.16.100.254sw3#sh ip int vlan 100Vlan100 is up, line protocol is up Internet address is 172.16.100.3/24 Broadcast address is 255.255.255.255 Address determined by setup command…sw3#ping 172.16.100.254
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.100.254, timeout is 2 seconds:.!!!!
Internet(config)#hostname InternetInternet(config)#int f0/0Internet(config-if)#ip add 10.1.1.2 255.255.255.252Internet(config-if)#no shInternet(config-if)#int f1/0Internet(config-if)#ip add 10.1.1.5 255.255.255.252Internet(config-if)#no shInternet#sh ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 10.1.1.2 YES manual up up FastEthernet1/0 10.1.1.5 YES manual up up Internet#ping 10.1.1.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 20/34/48 ms
R8(config)#hostname R8R8(config)#int f0/0R8(config-if)#ip add 10.1.1.6 255.255.255.252R8(config-if)#no shR8(config-if)#int f1/0R8(config-if)#ip add 192.168.60.254 255.255.255.0R8(config-if)#no sh
配置路由:sw_r(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2router(config)#ip route 172.16.100.0 255.255.255.0 192.168.1.1router(config)#ip route 172.16.154.0 255.255.255.0 192.168.1.1router(config)#ip route 172.16.155.0 255.255.255.0 192.168.1.1R8(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.5
在核心交换机上配置DHCP服务sw_r(config)#ip dhcp pool vlan154sw_r(dhcp-config)#network 172.16.154.0 255.255.255.0sw_r(dhcp-config)#default-router 172.16.154.254sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133sw_r(config)#ip dhcp excluded-address 172.16.154.254sw_r(config)#ip dhcp pool vlan155sw_r(dhcp-config)#network 172.16.155.0 255.255.255.0sw_r(dhcp-config)#dns-server 202.96.134.33 202.96.134.133sw_r(dhcp-config)#default-router 172.16.155.254sw_r(config)#ip dhcp excluded-address 172.16.155.254
vlan155的主机获取到IP:R6(config)#int f0/0R6(config-if)#ip add dhcpR6#sh ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 172.16.155.1 YES DHCP up up FastEthernet0/1 unassigned YES unset administratively down down
配置NAT允许vlan155访问外网
ROUTER(config)#access-list 1 permit 172.16.155.0 0.0.0.255ROUTER(config)#ip nat inside source list 1 interface f1/0 overloadROUTER(config)#int f1/0ROUTER(config-if)#ip nat outsideROUTER(config)#int f0/0ROUTER(config-if)#ip nat inside
R6#ping 10.1.1.5
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 36/68/128 ms
查看NAT的统计信息:ROUTER#sh ip nat statisticsTotal active translations: 2 (0 static, 2 dynamic; 2 extended)Outside interfaces: FastEthernet1/0Inside interfaces: FastEthernet0/0Hits: 54 Misses: 6CEF Translated packets: 60, CEF Punted packets: 0Expired translations: 4Dynamic mappings:– Inside Source[Id: 1] access-list 1 interface FastEthernet1/0 refcount 2Appl doors: 0Normal doors: 0Queued Packets: 0查看当前存在的NAT转换条目,前提是有数据包进行转换(如果没有数据包转换,只能显示静态NAT条目)ROUTER#sh ip nat translationsPro Inside global Inside local Outside local Outside globalicmp 10.1.1.1:20 172.16.155.1:20 10.1.1.6:20 10.1.1.6:20icmp 10.1.1.1:21 172.16.155.1:21 10.1.1.6:21 10.1.1.6:21icmp 10.1.1.1:22 172.16.155.1:22 10.1.1.6:22 10.1.1.6:22对NAT进行监控:
ROUTER#sh ip nat translations verbosePro Inside global Inside local Outside local Outside globalicmp 10.1.1.1:24 172.16.155.1:24 10.1.1.6:24 10.1.1.6:24 create 00:00:03, use 00:00:03 timeout:60000, left 00:00:56, Map-Id(In): 1, flags:extended, use_count: 0, entry-id: 17, lc_entries: 0
向外网发布Web服务器:ROUTER(config)#ip nat inside source static tcp 172.16.154.1 80 10.1.1.1 80extendable查看静态ANT条目:ROUTER#sh ip nat translationsPro Inside global Inside local Outside local Outside globaltcp 10.1.1.1:80 172.16.154.1:80 — —
在Web服务器上开放80端口
在客户端访问:
配置telnet远程管理:ROUTER(config)#line vty 0 4ROUTER(config-line)#password ciscoROUTER(config-line)#loginROUTER(config)#enable secret cisco
配置SSH远程管理:sw1(config)#ip domain-name cisco.comsw1(config)#username best password best1sw1(config)#crypto key generate rsa general-keys modulus 1024sw1(config)#ip ssh version 2sw1(config)#line vty 0 4sw1(config-line)#login localsw1(config-line)#transport input ssh#只允许SSH登陆登陆方式:Cisco网络设备:ssh -l best 192.168.1.1Xshell:ssh 172.16.100.254
配置console登陆密码:sw1(config)#line console 0sw1(config-line)#password ciscosw1(config-line)#login
公司一同事反应打开表格非常慢免费云主机域名,经过查看发现表格占用空间为300多M,经过检查没有发现大量的使用底色,格式之类。经过删除工作簿的方式,发现是其中一个叫明细的工作簿占用了大量的空间。经过删除文件的所有内容的行依旧占用接近300M的空间,反复经过各种方…
免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。
微信扫一扫 
