公司基础网络架构及实现
2015-07-04 21:27
387 查看
环境介绍三层楼12楼 4台二层交换机,4个摄像头,2个无线AP,一个门禁11楼 一台路由器,一台三层交换机,四台二层交换机,4个摄像头,2个无线AP,一个门禁,4台服务器,两台光纤交换机,一台SAN存储,一台上网行为管理,10楼 4台二层交换机,4个摄像头,2个无线AP,一个门禁注:服务器 LENOVO ThinkServer RD440 路由器 HUAWEI S5700 V200R003C00SPC300 交换机 HUAWEI S5700 V200R003C00SPC300 24个千兆以太接口
目的保证各自自动获取ip地址,并且实现广播隔离,内外网可以通讯
网络规划
1.网络拓扑
2.网段划分
楼层网段(12) VLAN12 IP: 192.168.12.0/24楼层网段(12) VLAN11 IP: 192.168.11.0/24楼层网段(12) VLAN10 IP: 192.168.10.0/24
服务器网段 VLAN18 IP : 192.168.18.0/24
虚拟桌面网段 VLAN16 IP: 192.168.16.0/24
网络设备网段 VLAN8 IP: 192.168.8.0/24
路由器段 VLAN6 IP: 192.168.6.0/24
无线 VLAN11 IP: 192.168.9.0/24
各网段网关均为192.168.*.254
每层第一个交换机的23,24配置为无线access模式、 19,20,21,22为摄像头为access模式每个交换机的第一个接口配置为级联口
vlan1作为每个交换机的管理接口
3.网络配置
路由器配置
==================================================================================
三层交换机配置基本用户配置<>sys[]sysname HX-Switch[HX-Switch]user-interface vty 0 4
[HX-Switch-vty0-4]authencation-mode aaa[HX-Switch-vty0-4]aaa[HX-Switch-aaa][HX-Switch-aaa]local-user pxtadmin password cipher xxx[HX-Switch-aaa]local-user pxtadmin privilege level 5[HX-Switch-aaa]local-user pxtadmin service-type telnet terminal ssh http[HX-Switch-aaa]quit [HX-Switch]telnet server enable 开启telnet服务
ip管理[HX-Switch]interface vlanf 1
[HX-Switch]ip address 192.168.16.253 255.255.255.0
划分及配置vlan网关及开启dhcp[HX-Switch]interface vlanif6
ip address 192.168.6.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.6.180 192.168.6.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif8
ip address 192.168.8.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.8.1 192.168.8.100 dhcp server excluded-ip-address 192.168.8.180 192.168.8.254 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif9
ip address 192.168.9.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.9.1240 192.168.9.254 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif10
ip address 192.168.6.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.10.240 192.168.10.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif11
ip address 192.168.11.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.11.240 192.168.11.248 dhcp server excluded-ip-address 192.168.11.250 192.168.11.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif12
ip address 192.168.12.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.12.240 192.168.12.248 dhcp server excluded-ip-address 192.168.12.250 192.168.12.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif18
ip address 192.168.18.254 255.255.255.0 [HX-Switch]interface vlanif110
ip address 192.168.110.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.110.240 192.168.110.248 dhcp server excluded-ip-address 192.168.110.250 192.168.6.253 dhcp server dns-list 202.96.134.133 8.8.8.8
interface MEth0/0/1
接口配置interface GigabitEhternet0/0/1port link-type accessport default vlan 6
interface GigabitEhternet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/4port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/5port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/6port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/7port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/8port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/9port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/10port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/11port link-type accessport default vlan 18
interface GigabitEhternet0/0/12port link-type accessport default vlan 8
interface GigabitEhternet0/0/13port link-type accessport default vlan 8
interface GigabitEhternet0/0/14port link-type accessport default vlan 8
interface GigabitEhternet0/0/15port link-type accessport default vlan 8
interface GigabitEhternet0/0/16port link-type accessport default vlan 8
interface GigabitEhternet0/0/17port link-type accessport default vlan 8
interface GigabitEhternet0/0/18port link-type accessport default vlan 8
interface GigabitEhternet0/0/19port link-type accessport default vlan 8
interface GigabitEhternet0/0/20port link-type accessport default vlan 8
interface GigabitEhternet0/0/21port link-type accessport default vlan 18
interface GigabitEhternet0/0/22port link-type accessport default vlan 18
interface GigabitEhternet0/0/23port link-type accessport default vlan 6
interface GigabitEhternet0/0/24port link-type accessport default vlan 6
dhcp server group 12gateway 192.168.12.254
interface vlanif1ip address 192.168.6.254 255.255.255.0dhcp select interfacedhcp server exclude-ip-address 192.168.6.180 192.168.6.253dhcp server dns-list 192.168.18.2 192.168.8.1
=================================================================================================
二层交换机12楼配置S1201:配置用户远程登陆密码及3A认证
<>sys 进入全局配置模式[S1201]sysname xxx 给交换机命名[S1201]user-interface vty 0 4 配置vty虚拟远程登陆端口[S1201-ui-vty0-4] authentication-mode aaa 配置认证模式为3A认证[S1201-ui-vty0-4] aaa 进入3A认证模式
[S1201-aaa] local-user pxtadmin password cipher xxxxx 添加用户
[S1201-aaa]local-user pxtadmin privilege level 15 为用户设置权限等级
[S1201-aaa]local-user pxtadmin service-type telnet terminal ssh http 允许远程登陆的服务类型
[S1201-aaa]quit 推出aaa模式
[S1201]telnet server enable 开启telnet服务
配置管理ip[S1201] interface vlanf 1 进入vlan 1 接口[S1201]ip address 192.168.16.121 255.255.255.0
配置vlantrunk模式(接交换机)[S1201]interface g0/0/1 [S1201-GigabitEthernet0/0/1]port link-type trunk 配置接口类型为trunk
[S1201-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094 允许vlan2到vlan4094通过
access模式(主机接入)[S1201]vlan 12 添加vlan 12[S1201-vlan10]quit[S1201]interface g0/0/2
[S1201-GigabitEthernet0/0/2]port link-type access 接口模式为access
[S1201-GigabitEthernet0/0/2]port default vlan 12 接口加入到vlan10
wireless-user[S1201]vlan 9 添加vlan 9
[S1201-vlan9] quit
[S1201]interface g0/0/23
[S1201-GigabitEthernet0/0/23]port link-type trunk
[S1201-GigabitEthernet0/0/23]port trunk allow-pass vlan 2 to 4094
wireless-admin[S1201]vlan 110 添加vlan110[S1201-vlan110] quit
[S1201]interface g0/0/24
[S1201-GigabitEthernet0/0/24]port link-type trunk
[S1201-GigabitEthernet0/0/24]port trunk allow-pass vlan 2 to 4094
monitor
配置静态路由[S1201]ip route-static 0.0.0.0 0.0.0.0 192.168.16.253 配置默认路由
来自为知笔记(Wiz)
目的保证各自自动获取ip地址,并且实现广播隔离,内外网可以通讯
网络规划
1.网络拓扑
2.网段划分
楼层网段(12) VLAN12 IP: 192.168.12.0/24楼层网段(12) VLAN11 IP: 192.168.11.0/24楼层网段(12) VLAN10 IP: 192.168.10.0/24
服务器网段 VLAN18 IP : 192.168.18.0/24
虚拟桌面网段 VLAN16 IP: 192.168.16.0/24
网络设备网段 VLAN8 IP: 192.168.8.0/24
路由器段 VLAN6 IP: 192.168.6.0/24
无线 VLAN11 IP: 192.168.9.0/24
各网段网关均为192.168.*.254
每层第一个交换机的23,24配置为无线access模式、 19,20,21,22为摄像头为access模式每个交换机的第一个接口配置为级联口
vlan1作为每个交换机的管理接口
3.网络配置
路由器配置
==================================================================================
三层交换机配置基本用户配置<>sys[]sysname HX-Switch[HX-Switch]user-interface vty 0 4
[HX-Switch-vty0-4]authencation-mode aaa[HX-Switch-vty0-4]aaa[HX-Switch-aaa][HX-Switch-aaa]local-user pxtadmin password cipher xxx[HX-Switch-aaa]local-user pxtadmin privilege level 5[HX-Switch-aaa]local-user pxtadmin service-type telnet terminal ssh http[HX-Switch-aaa]quit [HX-Switch]telnet server enable 开启telnet服务
ip管理[HX-Switch]interface vlanf 1
[HX-Switch]ip address 192.168.16.253 255.255.255.0
划分及配置vlan网关及开启dhcp[HX-Switch]interface vlanif6
ip address 192.168.6.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.6.180 192.168.6.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif8
ip address 192.168.8.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.8.1 192.168.8.100 dhcp server excluded-ip-address 192.168.8.180 192.168.8.254 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif9
ip address 192.168.9.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.9.1240 192.168.9.254 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif10
ip address 192.168.6.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.10.240 192.168.10.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif11
ip address 192.168.11.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.11.240 192.168.11.248 dhcp server excluded-ip-address 192.168.11.250 192.168.11.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif12
ip address 192.168.12.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.12.240 192.168.12.248 dhcp server excluded-ip-address 192.168.12.250 192.168.12.253 dhcp server dns-list 192.168.8.1 192.168.18.2
[HX-Switch]interface vlanif18
ip address 192.168.18.254 255.255.255.0 [HX-Switch]interface vlanif110
ip address 192.168.110.254 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 192.168.110.240 192.168.110.248 dhcp server excluded-ip-address 192.168.110.250 192.168.6.253 dhcp server dns-list 202.96.134.133 8.8.8.8
interface MEth0/0/1
接口配置interface GigabitEhternet0/0/1port link-type accessport default vlan 6
interface GigabitEhternet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/4port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/5port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/6port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/7port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/8port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/9port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/10port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEhternet0/0/11port link-type accessport default vlan 18
interface GigabitEhternet0/0/12port link-type accessport default vlan 8
interface GigabitEhternet0/0/13port link-type accessport default vlan 8
interface GigabitEhternet0/0/14port link-type accessport default vlan 8
interface GigabitEhternet0/0/15port link-type accessport default vlan 8
interface GigabitEhternet0/0/16port link-type accessport default vlan 8
interface GigabitEhternet0/0/17port link-type accessport default vlan 8
interface GigabitEhternet0/0/18port link-type accessport default vlan 8
interface GigabitEhternet0/0/19port link-type accessport default vlan 8
interface GigabitEhternet0/0/20port link-type accessport default vlan 8
interface GigabitEhternet0/0/21port link-type accessport default vlan 18
interface GigabitEhternet0/0/22port link-type accessport default vlan 18
interface GigabitEhternet0/0/23port link-type accessport default vlan 6
interface GigabitEhternet0/0/24port link-type accessport default vlan 6
dhcp server group 12gateway 192.168.12.254
interface vlanif1ip address 192.168.6.254 255.255.255.0dhcp select interfacedhcp server exclude-ip-address 192.168.6.180 192.168.6.253dhcp server dns-list 192.168.18.2 192.168.8.1
=================================================================================================
二层交换机12楼配置S1201:配置用户远程登陆密码及3A认证
<>sys 进入全局配置模式[S1201]sysname xxx 给交换机命名[S1201]user-interface vty 0 4 配置vty虚拟远程登陆端口[S1201-ui-vty0-4] authentication-mode aaa 配置认证模式为3A认证[S1201-ui-vty0-4] aaa 进入3A认证模式
[S1201-aaa] local-user pxtadmin password cipher xxxxx 添加用户
[S1201-aaa]local-user pxtadmin privilege level 15 为用户设置权限等级
[S1201-aaa]local-user pxtadmin service-type telnet terminal ssh http 允许远程登陆的服务类型
[S1201-aaa]quit 推出aaa模式
[S1201]telnet server enable 开启telnet服务
配置管理ip[S1201] interface vlanf 1 进入vlan 1 接口[S1201]ip address 192.168.16.121 255.255.255.0
配置vlantrunk模式(接交换机)[S1201]interface g0/0/1 [S1201-GigabitEthernet0/0/1]port link-type trunk 配置接口类型为trunk
[S1201-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 to 4094 允许vlan2到vlan4094通过
access模式(主机接入)[S1201]vlan 12 添加vlan 12[S1201-vlan10]quit[S1201]interface g0/0/2
[S1201-GigabitEthernet0/0/2]port link-type access 接口模式为access
[S1201-GigabitEthernet0/0/2]port default vlan 12 接口加入到vlan10
wireless-user[S1201]vlan 9 添加vlan 9
[S1201-vlan9] quit
[S1201]interface g0/0/23
[S1201-GigabitEthernet0/0/23]port link-type trunk
[S1201-GigabitEthernet0/0/23]port trunk allow-pass vlan 2 to 4094
wireless-admin[S1201]vlan 110 添加vlan110[S1201-vlan110] quit
[S1201]interface g0/0/24
[S1201-GigabitEthernet0/0/24]port link-type trunk
[S1201-GigabitEthernet0/0/24]port trunk allow-pass vlan 2 to 4094
monitor
配置静态路由[S1201]ip route-static 0.0.0.0 0.0.0.0 192.168.16.253 配置默认路由
来自为知笔记(Wiz)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- IOS网络编程:HTTP
- 一个苦逼站长四年的网络创业故事
- 根据网络路径批量下载文件保存到本地
- 计算机网络基础知识整理(三)
- java网络编程(下)
- Android学习笔记之HttpClient实现Http请求....
- 网络编程
- SOCKET,TCP/UDP,HTTP,FTP
- [WIP]Fan网络 (by quqi99)
- 解读Mirantis Fuel部署OpenStack各个网络的用途和分析
- gcc 已知的问题及规避方案 https://gcc.gnu.org/bugs/#known
- Android程序:使用系统服务*1.获取网络状态 * 2.打开关闭wifi * 3.获取系统音量 * 4.获取运行程序的包名
- 基于java的https双向认证(android)
- HTTP 协议详解
- Linux命令之ifconfig - 网络配置命令
- TCP UDP (转)
- git简介 http://msysgit.github.io/
- 从网络下载图片,并存入本地缓存
- 计算机网络基础知识整理(二)
- 【计算机网络学习】之TCP和UDP比较