中小型企业网络规划与设计(全) |
您所在的位置:网站首页 › ip地址设计 › 中小型企业网络规划与设计(全) |
目录 作者语录: 一、项目背景 二、业务需求 三、项目所涉及到技术 四、网络设计 五、项目实施 网络设备配置: 1、Export1 2、Export2 3、Core1-1 4、Core1-2 5、ACC1 6、ACC2 7、ACC3 8、ACC4 9、AC1 六、项目测试 1、VRRP主备: 2、出口路由器OSPF邻居: 3、ap成功纳管: 4、DHCP获取: 5、WiFi: 6、ping外网: 7、可靠性验证: 作者语录:本人独自规划设计写的,希望读者支持一下哈。如有错误请评论区请指出来,自己写的难免会有小走神。 一、项目背景某公司在某地租用了一个场地用于公司分部办公地点,该场地急需建设网络供企业员工办公上网。该场地需要容纳300人左右,有高可靠性的网络结构,在有限的资金下能够快速搭建。 二、业务需求企业有4个部门,行政部,财务部,研发部和市场部,财务部门无外网需求,其它都能上网。另外还有无线网络供企业内部连接上网。(后面逐渐添加需求,根据需要改这个网络结构与添加设计) 三、项目所涉及到技术VLAN、Eth-trunk、MSTP、VRRP、ACL、NAT、DHCP、WLAN、OSPF 四、网络设计网络结构设计: 根据需要进行网络拓扑图规划: (电脑有点老,所以规划图里的接入交换机搭少了,后续你们可以连多一点,配置都差不多) IP地址规划: 使用10.1.0.0/16网段进行该企业网络规划 设备互联地址使用10.1.101.1-10.1.101.254 设备loopback 0使用10.1.0.1-10.1.0.254 ap管理地址使用10.1.100.0/24 对象 IP地址段 行政部 10.1.10.0/24 财务部 10.1.20.0/24 研发部 10.1.30.0/24 市场部 10.1.40.0/24 内部无线用户 10.1.50.0/24 终端接入规划表: 对象 接入方式 VLAN VLAN地址池 网关 地址分配的方式 行政部 有线 10 hr CORE1 DHCP 财务部 20 finance 研发部 30 research 市场部 40 market 内部无线用户 无线 50 Employee 网络设备互联规划表: 无真机,就运用华为ensp模拟实施该企业网络项目。 acl number 2000 rule permit source 10.1.10.0 0.0.0.255 rule permit source 10.1.30.0 0.0.0.255 rule permit source 10.1.40.0 0.0.0.255 rule permit source 10.1.50.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 200.1.1.1 255.255.255.252 nat outbound 2000 # ip route-static 0.0.0.0 0 200.1.1.2 # interface GigabitEthernet0/0/1 ip address 10.1.101.1 255.255.255.252 # interface LoopBack0 ip address 10.1.0.1 255.255.255.255 # ospf 1 router-id 10.1.0.1 area 0.0.0.0 network 10.1.101.1 0.0.0.0 ospf 1 default-route-advertise always # bfd q bfd to_Core1-1 bind peer-ip 10.1.101.2 source-ip 10.1.101.1 auto # 2、Export2acl number 2000 rule permit source 10.1.10.0 0.0.0.255 rule permit source 10.1.30.0 0.0.0.255 rule permit source 10.1.40.0 0.0.0.255 rule permit source 10.1.50.0 0.0.0.255 # interface GigabitEthernet0/0/0 ip address 200.1.1.5 255.255.255.252 nat outbound 2000 # ip route-static 0.0.0.0 0 200.1.1.6 # interface GigabitEthernet0/0/1 ip address 10.1.101.5 255.255.255.252 # interface LoopBack0 ip address 10.1.0.2 255.255.255.255 # ospf 1 router-id 10.1.0.2 area 0.0.0.0 network 10.1.101.5 0.0.0.0 ospf 1 default-route-advertise always # bfd q bfd to_Core1-1 bind peer-ip 10.1.101.6 source-ip 10.1.101.5 auto # 3、Core1-1vlan batch 10 20 30 40 50 100 101 103 interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 100 mode lacp-static trunkport g0/0/1 trunkport g0/0/2 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/6 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 # stp region-configuration region-name Pidan instance 1 vlan 10 20 50 instance 2 vlan 30 40 active region-configuration # interface Vlanif10 ip address 10.1.10.251 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.10.254 vrrp vrid 10 priority 150 interface Vlanif20 ip address 10.1.20.251 255.255.255.0 vrrp vrid 20 virtual-ip 10.1.20.254 vrrp vrid 20 priority 150 interface Vlanif30 ip address 10.1.30.251 255.255.255.0 vrrp vrid 30 virtual-ip 10.1.30.254 interface Vlanif40 ip address 10.1.40.251 255.255.255.0 vrrp vrid 40 virtual-ip 10.1.40.254 # ip pool hr gateway-list 10.1.10.254 network 10.1.10.0 mask 255.255.255.0 ip pool finance gateway-list 10.1.20.254 network 10.1.20.0 mask 255.255.255.0 ip pool research gateway-list 10.1.30.254 network 10.1.30.0 mask 255.255.255.0 ip pool market gateway-list 10.1.40.254 network 10.1.40.0 mask 255.255.255.0 ip pool Employee gateway-list 10.1.50.254 network 10.1.50.0 mask 255.255.255.0 # dhcp interface Vlanif10 dhcp select global interface Vlanif20 dhcp select global interface Vlanif30 dhcp select global interface Vlanif40 dhcp select global interface Vlanif50 dhcp select global # interface GigabitEthernet0/0/24 ip address 10.1.101.2 255.255.255.252 # interface GigabitEthernet0/0/23 ip address 10.1.101.9 255.255.255.252 # interface LoopBack0 ip address 10.1.0.3 255.255.255.255 # ospf 1 router-id 10.1.0.3 area 0.0.0.0 network 10.1.101.2 0.0.0.0 network 10.1.10.0 0.0.0.255 network 10.1.20.0 0.0.0.255 network 10.1.30.0 0.0.0.255 network 10.1.40.0 0.0.0.255 network 10.1.50.0 0.0.0.255 # bfd q bfd to_Export1 bind peer-ip 10.1.101.1 source-ip 10.1.101.2 auto # in vl10 vrrp vrid 10 track bfd-session session-name to_Export1 reduced 100 in vl20 vrrp vrid 20 track bfd-session session-name to_Export1 reduced 100 # interface Vlanif103 ip address 10.1.101.9 255.255.255.252 # interface GigabitEthernet0/0/23 port link-type trunk port trunk allow-pass vlan 50 100 103 # interface Vlanif50 ip address 10.1.50.251 255.255.255.0 vrrp vrid 50 virtual-ip 10.1.50.254 vrrp vrid 50 priority 150 vrrp vrid 50 track bfd-session session-name to_export1 reduced 100 dhcp select global # 4、Core1-2vlan batch 10 20 30 40 50 100 102 interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 100 mode lacp-static trunkport g0/0/1 trunkport g0/0/2 interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/6 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 # stp region-configuration region-name Pidan instance 1 vlan 10 20 50 instance 2 vlan 30 40 active region-configuration # interface Vlanif10 ip address 10.1.10.252 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.10.254 interface Vlanif20 ip address 10.1.20.252 255.255.255.0 vrrp vrid 20 virtual-ip 10.1.20.254 interface Vlanif30 ip address 10.1.30.252 255.255.255.0 vrrp vrid 30 virtual-ip 10.1.30.254 vrrp vrid 30 priority 150 interface Vlanif40 ip address 10.1.40.252 255.255.255.0 vrrp vrid 40 virtual-ip 10.1.40.254 vrrp vrid 40 priority 150 # ip pool hr gateway-list 10.1.10.254 network 10.1.10.0 mask 255.255.255.0 ip pool finance gateway-list 10.1.20.254 network 10.1.20.0 mask 255.255.255.0 ip pool research gateway-list 10.1.30.254 network 10.1.30.0 mask 255.255.255.0 ip pool market gateway-list 10.1.40.254 network 10.1.40.0 mask 255.255.255.0 ip pool Employee gateway-list 10.1.50.254 network 10.1.50.0 mask 255.255.255.0 # dhcp interface Vlanif10 dhcp select global interface Vlanif20 dhcp select global interface Vlanif30 dhcp select global interface Vlanif40 dhcp select global interface Vlanif50 dhcp select global # interface GigabitEthernet0/0/24 ip address 10.1.101.6 255.255.255.252 # interface LoopBack0 ip address 10.1.0.4 255.255.255.255 # ospf 1 router-id 10.1.0.4 area 0.0.0.0 network 10.1.101.6 0.0.0.0 network 10.1.10.0 0.0.0.255 network 10.1.20.0 0.0.0.255 network 10.1.30.0 0.0.0.255 network 10.1.40.0 0.0.0.255 network 10.1.50.0 0.0.0.255 # bfd q bfd to_Export2 bind peer-ip 10.1.101.5 source-ip 10.1.101.6 auto # in vl30 vrrp vrid 30 track bfd-session session-name to_Export2 reduced 100 in vl40 vrrp vrid 40 track bfd-session session-name to_Export2 reduced 100 # interface Vlanif50 ip address 10.1.50.252 255.255.255.0 vrrp vrid 50 virtual-ip 10.1.50.254 dhcp select global # # 5、ACC1vlan batch 10 20 30 40 100 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/3 port link-type access port default vlan 10 interface GigabitEthernet0/0/24 port link-type access port default vlan 100 # stp region-configuration region-name Pidan instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # 6、ACC2vlan batch 10 20 30 40 100 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/3 port link-type access port default vlan 20 # stp region-configuration region-name Pidan instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # 7、ACC3vlan batch 10 20 30 40 100 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/3 port link-type access port default vlan 30 # stp region-configuration region-name Pidan instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # 8、ACC4vlan batch 10 20 30 40 100 interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 30 40 100 interface GigabitEthernet0/0/3 port link-type access port default vlan 40 interface GigabitEthernet0/0/24 port link-type access port default vlan 100 # stp region-configuration region-name Pidan instance 1 vlan 10 20 instance 2 vlan 30 40 active region-configuration # 9、AC1vlan batch 50 100 103 interface Vlanif100 ip address 10.1.101.254 24 interface Vlanif103 ip address 10.1.101.10 255.255.255.252 interface LoopBack0 ip address 10.1.0.5 255.255.255.255 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 50 100 103 # capwap source interface vlanif100 # dhcp en ip pool vlan100 network 10.1.100.0 mask 24 gateway-list 10.1.100.254 option 43 sub-option 2 ip-address 10.1.100.254 int vl100 dh select global # wlan regulatory-domain-profile name HCIE country-code cn # ap-group name X regulatory-domain-profile HCIE radio 0 vap-profile Employee wlan 1 radio 1 vap-profile Employee wlan 1 radio 2 vap-profile Employee wlan 1 # ssid-profile name Employee ssid Employee # security-profile name Employee security wpa-wpa2 psk pass-phrase Huawei@123 aes # vap-profile name Employee forward-mode tunnel service-vlan vlan-id 50 ssid-profile Employee security-profile Employee # ap-id 1 ap-mac 00e0-fc2b-4b20 ap-group X ap-name ap1 ap-id 2 ap-mac 00e0-fc15-5890 ap-group X ap-name ap2 # 六、项目测试 1、VRRP主备:Core1-1 Core1-2 Export1: Export2: 行政: 财务: 研发: 市场: 随机连接一个热点:密码Huawei@123 能上外网的:行政、市场、研发、Employee 财务不能上外网 长ping 外网地址(3.3.3.3这里是模拟器的模拟,现实可以百度地址) 随机把出口路由器的线路断掉,或者把路由器关机,看能否vrrp能否切换且可以上网 其它就不一样演示了,这里就简单的关掉路由器。读者可以自行搭实验验证。 多技术的运用,基本符合现在企业网络环境,后续会在该网络结构的基础上添加防火墙来增加网络的安全性跟添加其它需求来丰富此网络。 |
今日新闻 |
点击排行 |
|
推荐新闻 |
图片新闻 |
|
专题文章 |
CopyRight 2018-2019 实验室设备网 版权所有 win10的实时保护怎么永久关闭 |