网络工程课程设计_某学校网络设计
生活随笔
收集整理的這篇文章主要介紹了
网络工程课程设计_某学校网络设计
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
網(wǎng)絡(luò)工程課程設(shè)計(jì)——某學(xué)校網(wǎng)絡(luò)設(shè)計(jì)
Spring框架是一個(gè)開(kāi)源的JavaEE的應(yīng)用程序
主要核心是IOC(控制反轉(zhuǎn)/依賴注入)和AOP(面向切面編程)兩大技術(shù)
1. 需求分析
1.1 用戶需求
用戶需求就是花小錢(qián)辦大事
1.2 技術(shù)需求
信息中心配置Eth-trunk實(shí)現(xiàn)鏈路冗余 企業(yè)內(nèi)網(wǎng)劃分多個(gè)vlan,減小廣播域的大小,提高網(wǎng)絡(luò)穩(wěn)定性 核心交換機(jī)作為用戶網(wǎng)關(guān)實(shí)現(xiàn)vlan間路由 所有用戶均通過(guò)DHCP自動(dòng)獲得ip地址 出口配置NAT進(jìn)行地址轉(zhuǎn)換 在校園出口將內(nèi)網(wǎng)服務(wù)器的80端口映射出去,允許外網(wǎng)用戶訪問(wèn) 所有設(shè)備都可以被telnet遠(yuǎn)程管理 所有校區(qū)之間可以互訪且出口實(shí)現(xiàn)冗余 學(xué)校財(cái)務(wù)服務(wù)器,只允許vlan40的員工訪問(wèn) 禁止vlan20的員工訪問(wèn)外網(wǎng)關(guān)鍵設(shè)備,并做好實(shí)時(shí)監(jiān)控2. 實(shí)現(xiàn)
2.1 topo搭建
上面是配置好的,但是筆者在課程答辯的時(shí)候被告知必須要使用防火墻,所以我加了一臺(tái)但是沒(méi)有配置。
2.2 vlan trunk配置
vlan900為管理vlan,用來(lái)配置telent
2.2.1 核心層
服務(wù)器組接入SW8命令:
<Huawei>system //進(jìn)入特權(quán)模式 [Huawei]sysname JR_sw8 //更換名稱(chēng),防止設(shè)備過(guò)多名稱(chēng)混亂 [JR_sw8]interface Eth-Trunk 1 [JR_sw8-Eth-Trunk1]mode lacp-static //采用lacp的模式 [JR_sw8-Eth-Trunk1]trunkport gi 0/0/1 0/0/2 [JR_sw8-Eth-Trunk1]port link-type trunk [JR_sw8-Eth-Trunk1]port trunk allow-pass vlan 200 900 //900為telnet管理vlan詳細(xì)配置:
interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 200 900 mode lacp-static # interface Ethernet0/0/1 port link-type access port default vlan 200 # interface Ethernet0/0/2 port link-type access port default vlan 200 SW1命令:
[HX_sw1]int Eth-Trunk 1 [HX_sw1-Eth-Trunk1]mode lacp-static [HX_sw1-Eth-Trunk1]trunkport g 0/0/2 0/0/5 [HX_sw1-Eth-Trunk1]port link-type trunk [HX_sw1-Eth-Trunk1]port trunk allow-pass vlan 200 900 [HX_sw1-Eth-Trunk1]q//退出 [HX_sw1]vlan batch 10 20 30 40 200 900 //c [HX-sw1-GigabitEthernet0/0/24]port link-type access [HX-sw1-GigabitEthernet0/0/24]port default vlan 800 ...略詳細(xì)配置:
# interface Eth-Trunk1 port link-type trunk port trunk allow-pass vlan 200 900 mode lacp-static # interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 10 20 900 # interface GigabitEthernet0/0/2eth-trunk 1 # interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 30 40 900 # interface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan 50 60 900 # interface GigabitEthernet0/0/24port link-type accessport default vlan 8002.2.2 接入層
SW5命令:
<Huawei>system //進(jìn)入特權(quán)模式 [Huawei]sysname JR_sw5 //更換名稱(chēng),防止設(shè)備過(guò)多名稱(chēng)混亂 [JR_sw5]vlan 10 [JR_sw5-vlan20]vlan 900 //創(chuàng)建vlan10和vlan900 [JR_sw5]port-group group-member e0/0/2 e0/0/3 //批量設(shè)置端口 [JR_sw5-port-group]port link-type access //設(shè)置trunk [JR_sw5-port-group]port default vlan 10 //設(shè)置vlan [JR_sw5]int gi0/0/1 //進(jìn)行級(jí)聯(lián)鏈路配置 [JR_sw5-GigabitEthernet0/0/1]port link-type trunk [JR_sw5-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 900配置:
# interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 10 900 # interface Ethernet0/0/2port link-type accessport default vlan 10 # interface Ethernet0/0/3port link-type accessport default vlan 10sw6-sw10交換機(jī)配置一樣,這里筆者不在贅述
2.2.3 匯聚層
sw2命令:
<Huawei>system //進(jìn)入特權(quán)模式 [Huawei]undo in en //關(guān)閉端口回顯 [Huawei]sysname HJ_sw2 //修改設(shè)備的名字 [HJ_sw2]vlan batch 10 20 900 //批量創(chuàng)建vlan [HJ_sw2]int g0/0/2 //進(jìn)入g0/0/2口 [HJ_sw2-GigabitEthernet0/0/2]port link-type trunk //設(shè)置端口模式為trunk [HJ_sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 900//允許vlan10 900通過(guò) [HJ_sw2-GigabitEthernet0/0/2]int g0/0/3 //進(jìn)入3口 [HJ_sw2-GigabitEthernet0/0/3]port link-type trunk [HJ_sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 900 [HJ_sw2-GigabitEthernet0/0/3]int g0/0/1 //進(jìn)入1口 [HJ_sw2-GigabitEthernet0/0/1]port link-type trunk [HJ_sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 900配置:
# undo info-center enable # vlan batch 10 20 900 # interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 10 20 900 # interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 10 900 # interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 20 9002.3 網(wǎng)關(guān)SVI配置
? SVI(switch virtual interface),交換機(jī)虛擬接口。在華為模擬器中被稱(chēng)為vlan-if接口,其實(shí)就是給vlan兼路由的一種方式,作用在核心交換機(jī)上,給vlan配ip地址來(lái)作為用戶的網(wǎng)關(guān),為用戶做網(wǎng)關(guān),實(shí)現(xiàn)vlan兼路由
核心交換機(jī)sw1命令:
<HX-sw1>system //進(jìn)入如特權(quán)模式 [HX-sw1]int Vlanif 10 //進(jìn)入虛擬接口 [HX-sw1-Vlanif10]ip add 192.168.10.1 24 //該ip地址作為vlan10的網(wǎng)關(guān) [HX-sw1-Vlanif30]int vlanif 20 [HX-sw1-Vlanif40]ip ad 192.168.20.1 24 [HX-sw1-Vlanif30]int vlanif 30 [HX-sw1-Vlanif40]ip ad 192.168.30.1 24 [HX-sw1-Vlanif30]int vlanif 40 [HX-sw1-Vlanif40]ip ad 192.168.40.1 24 [HX_sw1]int vlanif 50 [HX_sw1-Vlanif50]ip address 192.168.50.1 24 [HX_sw1-Vlanif50]int vlanif 60 [HX_sw1-Vlanif60]ip address 192.168.60.1 24 [HX-sw1-Vlanif60]int vlanif 200 [HX-sw1-Vlanif200]ip ad 192.168.200.1 24 [HX-sw1-Vlanif200]int vlanif 800 [HX-sw1-Vlanif800]ip ad 192.168.254.2 24配置:
Vlanif1 unassigned up down Vlanif10 192.168.10.1/24 up up Vlanif20 192.168.20.1/24 up up Vlanif30 192.168.30.1/24 up up Vlanif40 192.168.40.1/24 up up Vlanif200 192.168.200.1/24 up up Vlanif800 192.169.254.2/24 up up至此可以先測(cè)試一下接入交換機(jī)到核心交換機(jī)的連通性
給pc1配靜態(tài)地址(測(cè)試用,后期DHCP獲取)
ping網(wǎng)關(guān)測(cè)試連通性
經(jīng)測(cè)試連通性完好,現(xiàn)在進(jìn)行下一步配置
2.4 DHCP配置
核心交換機(jī)sw1命令:
<HX-sw1>system //進(jìn)入特權(quán)模式 [HX-sw1]dhcp enable //啟用dhcp協(xié)議 [HX-sw1]ip pool SYL_vlan10 //配置地址池并給地址池起個(gè)名字 //讓地址池分配10網(wǎng)段的地址,分配子網(wǎng)掩碼24位 [HX-sw1-ip-pool-syl_vlan10]network 192.168.10.0 mask 24 //分配網(wǎng)關(guān) [HX-sw1-ip-pool-syl_vlan10]gateway-list 192.168.10.1 //分配dns服務(wù)器114,備用服務(wù)器8 [HX-sw1-ip-pool-syl_vlan10]dns-list 114.114.114.114 8.8.8.8<!--同理配置地址池vlan20、30、40、50、60--> ip pool syl_vlan20gateway-list 192.168.20.1network 192.168.20.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8ip pool JXL_vlan30gateway-list 192.168.30.1network 192.168.30.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8ip pool JXL_vlan40gateway-list 192.168.40.1network 192.168.40.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8ip pool TSG_vlan50gateway-list 192.168.50.1network 192.168.50.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8ip pool TSG_vlan60gateway-list 192.168.60.1network 192.168.60.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8<!--配置DHCP select global--> [HX-sw1]int vlanif 10 [HX-sw1-Vlanif10]dhcp select global //同理配置其余vlanif [HX-sw1-Vlanif10]q [HX-sw1]int vlanif 20 [HX-sw1-Vlanif20]dhcp select global [HX-sw1-Vlanif20]q [HX-sw1]int vlanif 30 [HX-sw1-Vlanif30]dhcp select global [HX-sw1-Vlanif30]q [HX-sw1]int vlan40 [HX-sw1-Vlanif40]dhcp select global [HX-sw1-Vlanif40]q [HX-sw1]int vlanif 50 [HX-sw1-Vlanif50]dhcp select global [HX-sw1-Vlanif50] [HX-sw1-Vlanif50]q [HX-sw1]int vlanif 60 [HX-sw1-Vlanif60]dhcp select global配置:
<!--地址池--> # ip pool syl_vlan10gateway-list 192.168.10.1network 192.168.10.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8 # ip pool syl_vlan20gateway-list 192.168.20.1network 192.168.20.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8 # ip pool jxl_vlan30gateway-list 192.168.30.1network 192.168.30.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8 # ip pool jxl_vlan40gateway-list 192.168.40.1network 192.168.40.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8 # ip pool tsg_vlan50gateway-list 192.168.50.1network 192.168.50.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8 # ip pool tsg_vlan60gateway-list 192.168.60.1network 192.168.60.0 mask 255.255.255.0dns-list 114.114.114.114 8.8.8.8至此可以查看DHCP是否配置成功
2.5 OSPF配置
2.5.1 接口地址配置
出口路由R1命令:
[Huawei]sysname R1 [R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 192.168.254.1 24 [R1-GigabitEthernet0/0/1]q [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip ad 12.1.1.1 29 [R1-GigabitEthernet0/0/0]q [R1]int g0/0/2 [R1-GigabitEthernet0/0/2]ip add 13.1.1.1 29 [R1-GigabitEthernet0/0/2]q [R1]int g0/0/3 [R1-GigabitEthernet0/0/3]ip add 192.168.104.1 30 <!--新校區(qū)二僅做演示,和校區(qū)一相同,這里不在配置-->配置:
Interface IP Address/Mask Physical Protocol Ethernet0/0/0 192.168.105.1/30 up up Ethernet0/0/1 unassigned down down GigabitEthernet0/0/0 12.1.1.1/29 up up GigabitEthernet0/0/1 192.168.254.1/24 up up GigabitEthernet0/0/2 13.1.1.1/29 up up GigabitEthernet0/0/3 192.168.104.1/30 up up NULL0 unassigned up up(s) R2命令:
[Huawei]sysname YD_R2 [YD_R2]int e0/0/0 [YD_R2-Ethernet0/0/0]ip ad 12.1.1.6 29 //連接外網(wǎng)需要起一個(gè)環(huán)回口 [YD_R2]int LoopBack 0 [YD_R2-LoopBack0]description baidu //描述信息可有可無(wú)配置:
略 R4命令:
[XXQ1_R4-Ethernet0/0/0]int g0/0/0 [XXQ1_R4-GigabitEthernet0/0/0]ip ad 192.168.104.2 30 [XXQ1_R4-GigabitEthernet0/0/0]q [XXQ1_R4]int e0/0/0 [XXQ1_R4-Ethernet0/0/0]ip ad 192.168.100.1 24R5配置和R4一致,這里不再贅述
給新校區(qū)的網(wǎng)關(guān)配置靜態(tài)ip地址
2.5.2 測(cè)試
經(jīng)測(cè)試各個(gè)網(wǎng)段均連通
2.5.3 ospf協(xié)議配置
配置核心交換機(jī)sw1,啟用ospf協(xié)議命令:
[HX-sw1]ospf router-id 1.1.1.1 //配置route-id,就是一個(gè)標(biāo)識(shí)而已 [HX-sw1-ospf-1]area 0 //劃分區(qū)域 //宣告網(wǎng)絡(luò) [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.200.0 0.0.0.255 [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255 [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255 [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255 [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255 [HX-sw1-ospf-1-area-0.0.0.0]network 192.168.254.0 0.0.0.255配置:
# ospf 1 router-id 1.1.1.1area 0.0.0.0network 192.168.200.0 0.0.0.255network 192.168.10.0 0.0.0.255network 192.168.20.0 0.0.0.255network 192.168.30.0 0.0.0.255network 192.168.40.0 0.0.0.255network 192.168.254.0 0.0.0.255 # 出口路由R1,啟用ospf協(xié)議命令:
[R1]ospf 1 router-id 2.2.2.2 [R1-ospf-1]area 0 [R1-ospf-1-area-0.0.0.0]net w [R1-ospf-1-area-0.0.0.0]netw [R1-ospf-1-area-0.0.0.0]network 192.168.254.0 0.0.0.255 [R1-ospf-1-area-0.0.0.0]net 192.168.104.1 0.0.0.0 //宣告具體ip地址 [R1-ospf-1-area-0.0.0.0]net 192.168.105.1 0.0.0.0 //宣告具體ip地址配置:
# ospf 1 router-id 2.2.2.2area 0.0.0.0network 192.168.254.0 0.0.0.255network 192.168.104.1 0.0.0.0network 192.168.105.1 0.0.0.0同理R2,3,4,5配置ospf
[XXQ1_R4-ospf-1-area-0.0.0.0]dis this #area 0.0.0.0network 192.168.104.2 0.0.0.0network 192.168.100.1 0.0.0.0[R1-ospf-1-area-0.0.0.0]dis this #area 0.0.0.0network 192.168.254.0 0.0.0.255network 192.168.104.2 0.0.0.0network 192.168.105.1 0.0.0.0[XXQ2_R4_1-ospf-1-area-0.0.0.0]dis this #area 0.0.0.0network 192.168.105.2 0.0.0.0network 192.168.150.1 0.0.0.02.5.4 測(cè)試
通過(guò)查看R4和sw1的路由表可以看到ospf是否配置成功
R4:
sw1:
2.5.5 配置新老校區(qū)的web服務(wù)器
2.5.6 測(cè)試新老校區(qū)的服務(wù)器的連通性
新校區(qū)ping老校區(qū)服務(wù)器:
老校區(qū)主機(jī)ping新校區(qū)服務(wù)器:
2.6 廣域網(wǎng)出口選路
2.6.1 sw1缺省路由配置:
[HX_sw1]ip route-static 0.0.0.0 0 192.168.254.12.6.2 R1缺省路由配置
命令:
[R1]ip route-static 0.0.0.0 0 12.1.1.6//優(yōu)先級(jí)默認(rèn)60,越小越好 [R1]ip route-static 0.0.0.0 0 13.1.1.6 preference 70配置:
# ip route-static 0.0.0.0 0.0.0.0 12.1.1.6 ip route-static 0.0.0.0 0.0.0.0 13.1.1.6 preference 70 //由于60的優(yōu)先級(jí)高,所以只顯示60的路由 [R1]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: PublicDestinations : 16 Routes : 16 Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 12.1.1.6 GigabitEthernet2.7 NAT配置
2.7.1 出口路由R1配置
命令:
[R1]acl 2000 //啟用acl訪問(wèn)控制列表 //需要轉(zhuǎn)換的地址,這里轉(zhuǎn)換所有的內(nèi)網(wǎng)地址 [R1-acl-basic-2000]rule permit source 192.168.0.0 0.0.255.255 [R1-GigabitEthernet0/0/1]nat outbound 2000 [R1-GigabitEthernet0/0/1]int g0/0/2 [R1-GigabitEthernet0/0/2]nat outbound 20002.7.2 局域網(wǎng)服務(wù)器映射公網(wǎng)地址
命令:
[R1]int g0/0/1 [R1-GigabitEthernet0/0/1]nat s [R1-GigabitEthernet0/0/1]nat server pr [R1-GigabitEthernet0/0/1]nat server protocol tcp gl [R1-GigabitEthernet0/0/1]nat server protocol tcp global c [R1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 80 ins ide 192.168.200.10 80配置:
# interface GigabitEthernet0/0/1ip address 12.1.1.1 255.255.255.248nat server protocol tcp global current-interface www inside 192.168.200.10 wwwnat outbound 20002.8 telnet遠(yuǎn)程管理配置
主要是為了讓局域網(wǎng)內(nèi)業(yè)務(wù)流量進(jìn)行分離
現(xiàn)在互聯(lián)網(wǎng)遠(yuǎn)程管理大多數(shù)采用的是ssh配置,這里可以進(jìn)行自行替換
2.8.1 核心交換機(jī)sw1配置
[HX_sw1]aaa //用戶名 權(quán)限級(jí)別 密碼 [HX_sw1-aaa]local-user Scott privilege level 3 password cipher a //用戶管理采用協(xié)議telnet [HX_sw1-aaa]local-user Scott service-type telnet //啟用虛擬認(rèn)證線路,0 4表示同時(shí)運(yùn)行5個(gè)人用戶進(jìn)行登錄 [HX_sw1]user-interface vty 0 4 //到指定的aaa中進(jìn)行認(rèn)證 [HX_sw1-ui-vty0-4]authentication-mode aaa其他設(shè)備(包括出口路由以及新校區(qū)的路由器)可以快速?gòu)?fù)制這一段
aaa local-user Scott privilege level 3 password cipher a local-user Scott service-type telnet user-interface vty 0 4 authentication-mode aaa //為防止設(shè)備兼容性不好在真機(jī)中有這一條命令 [JR_sw8-ui-vty0-4]protocol inbound telnet2.8.2 在設(shè)備上配置管理地址
[HX_sw1]int vlanif 900 [HX_sw1-Vlanif900]ip ad 192.168.255.1 24 //在核心交換機(jī)上還需要寫(xiě)一條回包路由,用來(lái)返回管理的流量 [HX_sw1]ip route-static 0.0.0.0 0 192.168.255.1其他設(shè)備配置標(biāo)紅的地址
2.9 訪問(wèn)控制配置
訪問(wèn)控制配置
企業(yè)財(cái)務(wù)服務(wù)器,只允許(vlan 40)的員工訪問(wèn)
在核心交換機(jī)上
2.10 SNMP運(yùn)維監(jiān)控
? 簡(jiǎn)單網(wǎng)絡(luò)管理協(xié)議(Simple Network Management Protocol,SNMP)是由互聯(lián)網(wǎng)工程任務(wù)組定義的一套網(wǎng)絡(luò)管理協(xié)議。該協(xié)議是基于簡(jiǎn)單網(wǎng)關(guān)監(jiān)視協(xié)議(Simple Gateway Monitor Protocol,SGMP)制定的。
? SNMP 可以使網(wǎng)絡(luò)管理員通過(guò)一臺(tái)工作站完成對(duì)計(jì)算機(jī)、路由器和其他網(wǎng)絡(luò)設(shè)備的遠(yuǎn)程管理和監(jiān)視。利用 SNMP 協(xié)議可以更好地管理和監(jiān)控網(wǎng)絡(luò)。管理工作站可以遠(yuǎn)程管理所有支持該協(xié)議的網(wǎng)絡(luò)設(shè)備,如監(jiān)視網(wǎng)絡(luò)狀態(tài)、修改網(wǎng)絡(luò)設(shè)備配置、接收網(wǎng)絡(luò)事件警告等。
SNMP運(yùn)維監(jiān)控 禁止vlan 20 員工訪問(wèn)外網(wǎng)且關(guān)鍵設(shè)備做好實(shí)時(shí)監(jiān)控 讓出口路由器 丟棄 員工的請(qǐng)求外網(wǎng)報(bào)文就行,但要放行請(qǐng)求新校區(qū)的報(bào)文 要在inbound口做,即g4/0/0 · 如果outbound的話,報(bào)文是先進(jìn)行NAT轉(zhuǎn)換,再進(jìn)行ACL匹配 [CK_Router]acl 3001 [CK_Router-acl-adv-3001]rule permit ip destination 192.168.0.0 0.0.255.255 [CK_Router-acl-adv-3001]rule deny ip source 192.168.20.0 0.0.0.255 [CK_Router-acl-adv-3001]int g 4/0/0 [CK_Router-GigabitEthernet4/0/0]traffic-filter inbound acl 3001 [CK_Router-GigabitEthernet4/0/0]總結(jié)
以上是生活随笔為你收集整理的网络工程课程设计_某学校网络设计的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 【Pytorch】tensor类型数据.
- 下一篇: 公司要我做报表,只会随机数据图表的我感到