中型企业局域网的经典配置
2010-12-02 20:42
106 查看
中型企业局域网的经典配置 2009-02-05 08:58:56
标签:局域网 中型企业 中型企业局域网的经典配置 经典配置
版权声明:原创作品,谢绝转载!否则将追究法律责任。
拓扑图如下所示:
![](http://img1.51cto.com/attachment/200902/200902091234181558031.jpg)
[align=left] 400LANOAVALN此处配置一样!请自行配置。[/align]
1、 [b]eg: SW2SW3SW4SW5SW1、[/b]
*SW1
![](http://img1.51cto.com/attachment/200902/200902091234182108812.jpg)
![](http://img1.51cto.com/attachment/200902/200902091234182131312.jpg)
![](http://img1.51cto.com/attachment/200902/200902091234182821125.jpg)
[align=left]*SW3[b]1hostname XX (XXSW2SW3SW4SW5) [/b][/align]
2enable secret XX(XX)
3password XX (XX)
[align=left]VTP DOMAIN[/align]
核心交换机上(SW1、SW5)
[align=left]3、配置中继[/align]
[align=left] 在核心交换机SW1上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478423437.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478485031.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478548109.jpg)
[align=left] 在核心交换机SW5上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478851781.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478868468.jpg)
[align=left] 在部门交换机SW2上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478972593.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478994562.jpg)
[align=left] 在部门交换机SW3上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235479040468.jpg)
[align=left] 在部门交换机SW4上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235479080812.jpg)
[align=left]4、配置链路捆绑(以太网通道):[/align]
[align=left] 在核心交换机SW1和SW5之间配置多链路捆绑,能形成比较大的数据传输通道,有利于数据的快速转发,同时又能实现链路的冗余。[/align]
![](http://img1.51cto.com/attachment/200902/200902241235481748656.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481762734.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481781531.jpg)
[align=left]--------------------------------------------------------------------[/align]
![](http://img1.51cto.com/attachment/200902/200902241235481855359.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481872359.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481889984.jpg)
[align=left] [/align]
5VLAN
VTP ServerVLANVTPSW1SW1VTP ServerSW1VLAN
6[b] *primary rootSW1secondary rootSW5SW1SW5STP[b]VLANSW1SW5[b] SW1VLAN 10 VLAN20VLAN30root primary:[/b] [/b][/b]
![](http://img1.51cto.com/attachment/200902/200902281235792274953.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792287156.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792299531.jpg)
SW5VLAN 10 VLAN20VLAN30为secondary primary:
![](http://img1.51cto.com/attachment/200902/200902281235792750437.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792765500.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792775781.jpg)
7、将交换机的端口划入VLAN,具体如下:
[align=left] 在SW1上的配置如下所示:[/align]
[align=left] 在SW5上的配置如下所示:[/align]
![](http://img1.51cto.com/attachment/200902/200902281235797065890.jpg)
[align=left] 注:为了使各VLAN可以互访,需要作如下设置:[/align]
[align=left] (1)相应PC接入相应VLAN时,PC的IP地址与所在VLAN的网络地址一致;[/align]
[align=left] (2)PC的默认网关是该VLAN的接口IP地址;[/align]
[align=left]例如:[/align]
[align=left] PC3插在SW2的F1/11端口,而SW2的F1/11划入VLAN 10,由《SW1的VLAN和IP地址表》可知,取PC3的IP地址:192.168.18.44 子网掩码:255.255.255.0 默认网关:192.168.18.254 DNS: 202.96.209.133[/align]
[align=left] 具体在PC3上的配置如下:[/align]
![](http://img1.51cto.com/attachment/200903/200903021235958154572.jpg)
[align=left] 思考:如何配置PC4、PC5、PC6…PCn上的TCP/IP[/align]
[align=left] 注:如果真的如上面所示设置各PC的TCP/IP,那问题又来了,当把所有PC上的默认网关都设成《SW1的VLAN和IP地址表》中的各部门相应的网关地址,若SW1宕机呢?则SW5接替SW1,那又要在相应PC上修改默认网关!显然效率很低,不可取!这样HSRP(热备份路由协议)就应运而生了。(谢谢CISCO ^_^ )[/align]
[align=left]9、配置HSRP:[/align]
[align=left] 配置了HSRP(热备份路由协议),当SW1宕机后,SW5接替SW1,所有PC都不必修改默认网关。(HSRP相关内容,各位去Google、Baidu吧)[/align]
![](http://img1.51cto.com/attachment/200903/200903031236056025250.jpg)
![](http://img1.51cto.com/attachment/200903/200903031236056044578.jpg)
[align=left]--------------------------------------------------------------------[/align]
![](http://img1.51cto.com/attachment/200903/200903031236056087437.jpg)
10、配置VLAN访问控制(VACL)
[align=left]公司出于安全考虑特申:财务的主机不能被其他主机访问!但财务主机可以访问其他主机,其他主机互访。权衡利弊决定采用反射反问控制列表。[/align]
[align=left] [/align]
![](http://img1.51cto.com/attachment/200903/200903041236144889390.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144553125.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144568468.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144578437.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144588937.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144595937.jpg)
[align=left] 至此,《中型企业局域网的经典配置》全部完毕![/align]
[align=left] 思考:从去年开始,上海规定:财务在网上认证、报税、开票……故公司也相应规定,财务网上认证、报税、开票……的PC只能上此网站。其他deny!那如何配置呢?[/align]
[align=left] [/align]
标签:局域网 中型企业 中型企业局域网的经典配置 经典配置
版权声明:原创作品,谢绝转载!否则将追究法律责任。
拓扑图如下所示:
![](http://img1.51cto.com/attachment/200902/200902091234181558031.jpg)
[align=left] 400LANOAVALN此处配置一样!请自行配置。[/align]
1、 [b]eg: SW2SW3SW4SW5SW1、[/b]
*SW1
![](http://img1.51cto.com/attachment/200902/200902091234182108812.jpg)
![](http://img1.51cto.com/attachment/200902/200902091234182131312.jpg)
![](http://img1.51cto.com/attachment/200902/200902091234182821125.jpg)
[align=left]*SW3[b]1hostname XX (XXSW2SW3SW4SW5) [/b][/align]
2enable secret XX(XX)
3password XX (XX)
[align=left]VTP DOMAIN[/align]
核心交换机上(SW1、SW5)
[align=left]3、配置中继[/align]
[align=left] 在核心交换机SW1上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478423437.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478485031.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478548109.jpg)
[align=left] 在核心交换机SW5上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478851781.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478868468.jpg)
[align=left] 在部门交换机SW2上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235478972593.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235478994562.jpg)
[align=left] 在部门交换机SW3上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235479040468.jpg)
[align=left] 在部门交换机SW4上配置中继:[/align]
![](http://img1.51cto.com/attachment/200902/200902241235479080812.jpg)
[align=left]4、配置链路捆绑(以太网通道):[/align]
[align=left] 在核心交换机SW1和SW5之间配置多链路捆绑,能形成比较大的数据传输通道,有利于数据的快速转发,同时又能实现链路的冗余。[/align]
![](http://img1.51cto.com/attachment/200902/200902241235481748656.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481762734.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481781531.jpg)
[align=left]--------------------------------------------------------------------[/align]
![](http://img1.51cto.com/attachment/200902/200902241235481855359.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481872359.jpg)
![](http://img1.51cto.com/attachment/200902/200902241235481889984.jpg)
[align=left] [/align]
5VLAN
VTP ServerVLANVTPSW1SW1VTP ServerSW1VLAN
6[b] *primary rootSW1secondary rootSW5SW1SW5STP[b]VLANSW1SW5[b] SW1VLAN 10 VLAN20VLAN30root primary:[/b] [/b][/b]
![](http://img1.51cto.com/attachment/200902/200902281235792274953.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792287156.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792299531.jpg)
SW5VLAN 10 VLAN20VLAN30为secondary primary:
![](http://img1.51cto.com/attachment/200902/200902281235792750437.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792765500.jpg)
![](http://img1.51cto.com/attachment/200902/200902281235792775781.jpg)
7、将交换机的端口划入VLAN,具体如下:
[align=center]VLAN名[/align] | [align=center]VLAN ID[/align] | [align=center] [/align] | [align=center][b]caiwubu[/align] [/b] | [align=center]10[/align] | [align=center]192.168.18.254[/align] | [align=center]192.168.18.0/24[/align] |
[align=center][b]xiaoshoubu[/align] [/b] | [align=center]20[/align] | [align=center]192.168.19.254[/align] | [align=center]192.168.19.0/24[/align] | |||
[align=center][b]qitabu[/align] [/b] | [align=center]30[/align] | [align=center]192.168.20.254[/align] | [align=center]192.168.20.0/24[/align] |
[align=center][b]VLAN名[/align] [/b] | [align=center]VLAN ID[/align] | [align=center] [/align] | [align=center][b]caiwubu[/align] [/b] | [align=center]10[/align] | [align=center]192.168.18.253[/align] | [align=center]192.168.18.0/24[/align] |
[align=center][b]xiaoshoubu[/align] [/b] | [align=center]20[/align] | [align=center]192.168.19.253[/align] | [align=center]192.168.19.0/24[/align] | |||
[align=center][b]qitabu[/align] [/b] | [align=center]30[/align] | [align=center]192.168.20.253[/align] | [align=center]192.168.20.0/24[/align] |
[align=left] 在SW5上的配置如下所示:[/align]
![](http://img1.51cto.com/attachment/200902/200902281235797065890.jpg)
[align=left] 注:为了使各VLAN可以互访,需要作如下设置:[/align]
[align=left] (1)相应PC接入相应VLAN时,PC的IP地址与所在VLAN的网络地址一致;[/align]
[align=left] (2)PC的默认网关是该VLAN的接口IP地址;[/align]
[align=left]例如:[/align]
[align=left] PC3插在SW2的F1/11端口,而SW2的F1/11划入VLAN 10,由《SW1的VLAN和IP地址表》可知,取PC3的IP地址:192.168.18.44 子网掩码:255.255.255.0 默认网关:192.168.18.254 DNS: 202.96.209.133[/align]
[align=left] 具体在PC3上的配置如下:[/align]
![](http://img1.51cto.com/attachment/200903/200903021235958154572.jpg)
[align=left] 思考:如何配置PC4、PC5、PC6…PCn上的TCP/IP[/align]
[align=left] 注:如果真的如上面所示设置各PC的TCP/IP,那问题又来了,当把所有PC上的默认网关都设成《SW1的VLAN和IP地址表》中的各部门相应的网关地址,若SW1宕机呢?则SW5接替SW1,那又要在相应PC上修改默认网关!显然效率很低,不可取!这样HSRP(热备份路由协议)就应运而生了。(谢谢CISCO ^_^ )[/align]
[align=left]9、配置HSRP:[/align]
[align=left] 配置了HSRP(热备份路由协议),当SW1宕机后,SW5接替SW1,所有PC都不必修改默认网关。(HSRP相关内容,各位去Google、Baidu吧)[/align]
![](http://img1.51cto.com/attachment/200903/200903031236056025250.jpg)
![](http://img1.51cto.com/attachment/200903/200903031236056044578.jpg)
[align=left]--------------------------------------------------------------------[/align]
![](http://img1.51cto.com/attachment/200903/200903031236056087437.jpg)
10、配置VLAN访问控制(VACL)
[align=left]公司出于安全考虑特申:财务的主机不能被其他主机访问!但财务主机可以访问其他主机,其他主机互访。权衡利弊决定采用反射反问控制列表。[/align]
[align=left] [/align]
![](http://img1.51cto.com/attachment/200903/200903041236144889390.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144553125.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144568468.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144578437.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144588937.jpg)
![](http://img1.51cto.com/attachment/200903/200903041236144595937.jpg)
[align=left] 至此,《中型企业局域网的经典配置》全部完毕![/align]
[align=left] 思考:从去年开始,上海规定:财务在网上认证、报税、开票……故公司也相应规定,财务网上认证、报税、开票……的PC只能上此网站。其他deny!那如何配置呢?[/align]
[align=left] [/align]
相关文章推荐
- 中型企业局域网的经典配置
- CCNA--LAB-11:配置单臂路由(企业经典案例)
- 企业有500台PC以上的局域网配置IP、子网掩码的规划
- CCNA--LAB-11:配置单臂路由(企业经典案例)
- CCNA--LAB-11:配置单臂路由(企业经典案例)
- CCNA--LAB-11:配置单臂路由(企业经典案例)
- CCNA--LAB-11:配置单臂路由(企业经典案例)
- 配置单臂路由(企业经典案例)
- 红帽linux企业版6虚拟机中samba服务器的配置
- php经典实例使用正则动态修改配置文件
- 经典编辑工具VIM配置 (附插件包)
- IIS7.5(经典/集成),IIS6,asp.net 4.0下配置Url映射(asp.net mvc)
- 配置企业的三层交换和DHCP的搭建
- 发布iOS企业分发(二)(iOS开发环境配置)
- 三层交换与路由的综合配置经典案例2
- Cisco无线AP在复杂企业环境配置指南
- 新手入门经典:Jsp环境配置完全图解
- catalyst 3550三层路由和HSRP经典配置
- 2017年企业运维岗经典面试题
- 局域网实现VLAN配置实例一