校园网设计超超超级详细的配置来了(以河北科技大学为例)
1、場(chǎng)景描述
1.1部門:
信息學(xué)院、電氣學(xué)院、機(jī)械學(xué)院。
信息學(xué)院有計(jì)算機(jī)系、網(wǎng)絡(luò)系、電子系;
電氣學(xué)院有電氣系、自動(dòng)化系、測(cè)控系;
機(jī)械學(xué)院有機(jī)械系、材料科學(xué)系、機(jī)械電子工程系;
1.2 建筑物分布
信息樓、電氣樓、機(jī)械樓、網(wǎng)管中心
1.3 申請(qǐng)的IPv4地址空間:202.206.64.0—202.206.79.0
設(shè)計(jì)目標(biāo):實(shí)現(xiàn)校園網(wǎng)的Intranet,校園網(wǎng)內(nèi)有Web服務(wù)器、Email服務(wù)器、FTP服務(wù)器等。;校園網(wǎng)的主機(jī)可以訪問(wèn)Internet的Web服務(wù)器,外網(wǎng)主機(jī)可以訪問(wèn)科大的Web服務(wù)器,名稱是www.hebust.edu.cn。
2、拓?fù)鋱D
3、設(shè)計(jì)要點(diǎn)
3.1 三層網(wǎng)絡(luò)的設(shè)計(jì)思想:
接入層、匯聚層、核心層
3.2
接入層 :VLAN10-VLAN90
匯聚層:實(shí)現(xiàn)VLAN間主機(jī)的路由、跨交換機(jī)VLAN內(nèi)主機(jī)的通信
核心層:匯聚層 路由協(xié)議:RIPv2、
出口路由器:到外網(wǎng)的默認(rèn)路由
ISP邊緣路由器:到科技大學(xué)的匯總路由
3.3 服務(wù)器群:如圖所示
3.4 IP地址規(guī)劃
1)信息學(xué)院
①網(wǎng)絡(luò)系劃分到vlan10,分配IP地址段為202.206.70.0/24;網(wǎng)關(guān)地址為202.206.70.254
②計(jì)算機(jī)系劃分到vlan20,分配IP地址段為202.206.78.0/24;網(wǎng)關(guān)地址為202.206.78.254
③電子系劃分到vlan30,分配IP地址段為202.206.77.0/24;網(wǎng)關(guān)地址為202.206.77.254
2)電氣學(xué)院
①電氣系劃分到vlan40,分配IP地址段為202.206.76.0/24;網(wǎng)關(guān)地址為202.206.76.254
②自動(dòng)化系劃分到vlan50,分配IP地址段為202.206.75.0/24;網(wǎng)關(guān)地址為202.206.75.254
③測(cè)控系劃分到vlan60,分配IP地址段為202.206.74.0/24;網(wǎng)關(guān)地址為202.206.74.254
3)機(jī)械學(xué)院
①機(jī)械系劃分到vlan70,分配IP地址段為202.206.73.0/24;網(wǎng)關(guān)地址為202.206.73.254
②材料科學(xué)系劃分到vlan80,分配IP地址段為202.206.72.0/24;網(wǎng)關(guān)地址為202.206.72.254
③機(jī)械電子工程系劃分到vlan90,分配IP地址段為202.206.71.0/24;網(wǎng)關(guān)地址為202.206.71.254
3.5 路由協(xié)議RIPv2、靜態(tài)路由
在匯聚層及核心層及以上配置ripv2路由協(xié)議,在出口路由R1上配置一條出外網(wǎng)的默認(rèn)路由,在路由器ISP配置一條進(jìn)入科大內(nèi)網(wǎng)的匯總路由。
3.6 傳播默認(rèn)路由、匯總路由
Route rip
default-information originate
4、詳細(xì)配置
4.1信息學(xué)院
4.1.1信息學(xué)院交換機(jī)
S1:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S1腳本:
enable
configure terminal
vlan 10
vlan 20
interface range f0/1-10
switchport access vlan 10
interface range f0/11-20
switchport access vlan 20
interface f0/24
switchport mode trunk
exit
S2:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S2腳本:
enable
configure terminal
vlan 20
vlan 30
interface range f0/1-10
switchport access vlan 20
interface range f0/11-20
switchport access vlan 30
interface f0/24
switchport mode trunk
exit
S3:
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 30
Switch(config-vlan)#vlan 10
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S3腳本:
enable
configure terminal
vlan 30
vlan 10
interface range f0/1-10
switchport access vlan 30
interface range f0/11-20
switchport access vlan 10
interface f0/24
switchport mode trunk
exit
4.1.2 信息學(xué)院三層交換機(jī)
Switch>enable
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#exit
Switch(config)#int vlan 10
Switch(config-if)#ip address 202.206.70.254 255.255.255.0
Switch(config-if)#int vlan 20
Switch(config-if)#ip address 202.206.78.254 255.255.255.0
Switch(config-if)#int vlan 30
Switch(config-if)#ip address 202.206.77.254 255.255.255.0
Switch(config-if)#int range f0/1-3
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#exit
Switch(config)#ip routing
Switch(config)#int g0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.1 255.255.255.252
Switch(config-if)#exit
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#no auto-summary
Switch(config-router)#network 202.206.79.0
Switch(config-router)#network 202.206.70.0
Switch(config-router)#network 202.206.78.0
Switch(config-router)#network 202.206.77.0
Switch(config-router)#exit
腳本:
enable
configure terminal
vlan 10
vlan 20
vlan 30
exit
int vlan 10
ip address 202.206.70.254 255.255.255.0
int vlan 20
ip address 202.206.78.254 255.255.255.0
int vlan 30
ip address 202.206.77.254 255.255.255.0
int range f0/1-3
switchport mode trunk
exit
ip routing
int g0/1
no switchport
ip address 202.206.79.1 255.255.255.252
exit
route rip
version 2
no auto-summary
network 202.206.79.0
network 202.206.70.0
network 202.206.78.0
network 202.206.77.0
exit
4.2 電氣學(xué)院
4.2.1電氣學(xué)院交換機(jī)
S4:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 40
Switch(config-vlan)#vlan 50
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 40
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 50
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S4腳本:
enable
configure terminal
vlan 40
vlan 50
interface range f0/1-10
switchport access vlan 40
interface range f0/11-20
switchport access vlan 50
interface f0/24
switchport mode trunk
exit
S5:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 50
Switch(config-vlan)#vlan 60
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 50
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 60
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S5腳本:
enable
configure terminal
vlan 50
vlan 60
interface range f0/1-10
switchport access vlan 50
interface range f0/11-20
switchport access vlan 60
interface f0/24
switchport mode trunk
exit
S6:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 60
Switch(config-vlan)#vlan 40
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 60
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 40
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S6腳本:
enable
configure terminal
vlan 60
vlan 40
interface range f0/1-10
switchport access vlan 60
interface range f0/11-20
switchport access vlan 40
interface f0/24
switchport mode trunk
exit
4.2.2 三層交換機(jī)
Switch>enable
Switch#configure terminal
Switch(config)#vlan 40
Switch(config-vlan)#vlan 50
Switch(config-vlan)#vlan 60
Switch(config-vlan)#exit
Switch(config)#int vlan 40
Switch(config-if)#ip address 202.206.76.254 255.255.255.0
Switch(config-if)#int vlan 50
Switch(config-if)#ip address 202.206.75.254 255.255.255.0
Switch(config-if)#int vlan 60
Switch(config-if)#ip address 202.206.74.254 255.255.255.0
Switch(config-if)#int range f0/1-3
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#exit
Switch(config)#ip routing
Switch(config)#int g0/2
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.5 255.255.255.252
Switch(config-if)#exit
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#no auto-summary
Switch(config-router)#network 202.206.79.4
Switch(config-router)#network 202.206.76.0
Switch(config-router)#network 202.206.75.0
Switch(config-router)#network 202.206.74.0
Switch(config-router)#Exit
腳本:
enable
configure terminal
vlan 40
vlan 50
vlan 60
exit
int vlan 40
ip address 202.206.76.254 255.255.255.0
int vlan 50
ip address 202.206.75.254 255.255.255.0
int vlan 60
ip address 202.206.74.254 255.255.255.0
int range f0/1-3
switchport mode trunk
exit
ip routing
int g0/2
no switchport
ip address 202.206.79.5 255.255.255.252
exit
route rip
version 2
no auto-summary
network 202.206.79.4
network 202.206.76.0
network 202.206.75.0
network 202.206.74.0
Exit
4.3 機(jī)械學(xué)院
4.3.1機(jī)械學(xué)院交換機(jī)
S7:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 70
Switch(config-vlan)#vlan 80
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 70
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 80
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S7腳本:
enable
configure terminal
vlan 70
vlan 80
interface range f0/1-10
switchport access vlan 70
interface range f0/11-20
switchport access vlan 80
interface f0/24
switchport mode trunk
exit
S8:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 80
Switch(config-vlan)#vlan 90
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 80
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 90
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S8腳本:
enable
configure terminal
vlan 80
vlan 90
interface range f0/1-10
switchport access vlan 80
interface range f0/11-20
switchport access vlan 90
interface f0/24
switchport mode trunk
exit
S9:
Switch>enable
Switch#configure terminal
Switch(config)#vlan 90
Switch(config-vlan)#vlan 70
Switch(config-vlan)#interface range f0/1-10
Switch(config-if-range)#switchport access vlan 90
Switch(config-if-range)#interface range f0/11-20
Switch(config-if-range)#switchport access vlan 70
Switch(config-if-range)#interface f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
S9腳本:
enable
configure terminal
vlan 90
vlan 70
interface range f0/1-10
switchport access vlan 90
interface range f0/11-20
switchport access vlan 70
interface f0/24
switchport mode trunk
exit
4.3.2機(jī)械學(xué)院三層交換機(jī)
Switch>enable
Switch#configure terminal
Switch(config)#vlan 70
Switch(config-vlan)#vlan 80
Switch(config-vlan)#vlan 90
Switch(config-vlan)#exit
Switch(config)#int vlan 70
Switch(config-if)#ip address 202.206.73.254 255.255.255.0
Switch(config-if)#int vlan 80
Switch(config-if)#ip address 202.206.72.254 255.255.255.0
Switch(config-if)#int vlan 90
Switch(config-if)#ip address 202.206.71.254 255.255.255.0
Switch(config-if)#int range f0/1-3
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#exit
Switch(config)#ip routing
Switch(config)#int f0/23
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.9 255.255.255.252
Switch(config-if)#exit
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#no auto-summary
Switch(config-router)#network 202.206.79.8
Switch(config-router)#network 202.206.73.0
Switch(config-router)#network 202.206.72.0
Switch(config-router)#network 202.206.71.0
Switch(config-router)#Exit
腳本:
enable
configure terminal
vlan 70
vlan 80
vlan 90
exit
int vlan 70
ip address 202.206.73.254 255.255.255.0
int vlan 80
ip address 202.206.72.254 255.255.255.0
int vlan 90
ip address 202.206.71.254 255.255.255.0
int range f0/1-3
switchport mode trunk
exit
ip routing
int f0/23
no switchport
ip address 202.206.79.9 255.255.255.252
exit
route rip
version 2
no auto-summary
network 202.206.79.8
network 202.206.73.0
network 202.206.72.0
network 202.206.71.0
Exit
4.4核心層交換機(jī)配置:(網(wǎng)管中心)
Switch>enable
Switch#configure terminal
Switch(config)#ip routing
Switch(config)#int g0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.2 255.255.255.252
Switch(config-if)#int g0/2
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.6 255.255.255.252
Switch(config-if)#int f0/23
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.10 255.255.255.252
Switch(config-if)#int f0/24
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.79.13 255.255.255.252
Switch(config-if)#int f0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.64.254 255.255.255.0
Switch(config-if)#int f0/2
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.65.254 255.255.255.0
Switch(config-if)#int f0/3
Switch(config-if)#no switchport
Switch(config-if)#ip address 202.206.66.254 255.255.255.0
Switch(config-if)#exit
Switch(config)#route rip
Switch(config-router)#version 2
Switch(config-router)#no auto-summary
Switch(config-router)#network 202.206.79.0
Switch(config-router)#network 202.206.79.4
Switch(config-router)#network 202.206.79.8
Switch(config-router)#network 202.206.79.12
Switch(config-router)#network 202.206.64.0
Switch(config-router)#network 202.206.65.0
Switch(config-router)#network 202.206.66.0
Switch(config-router)#exit
腳本:
enable
configure terminal
ip routing
int g0/1
no switchport
ip address 202.206.79.2 255.255.255.252
int g0/2
no switchport
ip address 202.206.79.6 255.255.255.252
int f0/23
no switchport
ip address 202.206.79.10 255.255.255.252
int f0/24
no switchport
ip address 202.206.79.13 255.255.255.252
int f0/1
no switchport
ip address 202.206.64.254 255.255.255.0
int f0/2
no switchport
ip address 202.206.65.254 255.255.255.0
int f0/3
no switchport
ip address 202.206.66.254 255.255.255.0
exit
route rip
version 2
no auto-summary
network 202.206.79.0
network 202.206.79.4
network 202.206.79.8
network 202.206.79.12
network 202.206.64.0
network 202.206.65.0
network 202.206.66.0
exit
4.5出口路由器R1配置
Router>enable
Router#configure terminal
Router(config)#int f0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 202.206.79.14 255.255.255.252
Router(config-if)#int s0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 202.206.100.1 255.255.255.252
Router(config-if)#exit
Router(config)#route rip
Router(config-router)#version 2
Router(config-router)#no auto-summary
Router(config-router)#network 202.206.79.12
Router(config-router)#default-information originate
Router(config-router)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 202.206.100.2
腳本:
enable
configure terminal
int f0/0
no shutdown
ip address 202.206.79.14 255.255.255.252
int s0/0/0
no shutdown
ip address 202.206.100.1 255.255.255.252
exit
route rip
version 2
no auto-summary
network 202.206.79.12
default-information originate
exit
ip route 0.0.0.0 0.0.0.0 202.206.100.2
4.6運(yùn)營(yíng)商路由器ISP配置
Router>enable
Router#configure terminal
Router(config)#int s0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 202.206.100.2 255.255.255.252
Router(config-if)#int f0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 202.206.61.254 255.255.255.0
Router(config-if)#int f0/1
Router(config-if)#no shutdown
Router(config-if)#ip address 202.206.60.254 255.255.255.0
Router(config-if)#exit
Router(config)#ip route 202.206.64.0 255.255.240.0 202.206.100.1
enable
configure terminal
int s0/0/0
no shutdown
ip address 202.206.100.2 255.255.255.252
int f0/0
no shutdown
ip address 202.206.61.254 255.255.255.0
int f0/1
no shutdown
ip address 202.206.60.254 255.255.255.0
exit
ip route 202.206.64.0 255.255.240.0 202.206.100.1
5、DNS服務(wù)的配置
在科大內(nèi)部服務(wù)器上進(jìn)行DNS的配置,如下圖所示
并且內(nèi)網(wǎng)主機(jī)能成功訪問(wèn),測(cè)試用信息學(xué)院網(wǎng)絡(luò)系信1 訪www.hebust.edu.cn 如下圖所示
在未配置訪問(wèn)控制列表ACL之前外網(wǎng)主機(jī)也可正常訪問(wèn)www.hebust.edu.cn,測(cè)試用外網(wǎng)主機(jī)PC6訪問(wèn)科大內(nèi)網(wǎng)web服務(wù)器;如下圖所示。
6、DHCP服務(wù)的配置
6.1 網(wǎng)管中心對(duì)信息學(xué)院網(wǎng)絡(luò)系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.70.254 //將網(wǎng)關(guān)地址排除在dhcp劃分的地址外
Switch(config)#ip dhcp pool xinxipoolvlan10
Switch(dhcp-config)#network 202.206.70.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.70.254
Switch(dhcp-config)#dns-server 202.206.65.1 //科大域名服務(wù)器地址
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config //配置完需要保存,不然重新啟動(dòng)后配置丟失
6.1.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.70.254
ip dhcp pool xinxipoolvlan10
network 202.206.70.0 255.255.255.0
default-router 202.206.70.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.1.2 信息學(xué)院網(wǎng)絡(luò)系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 10
Switch(config-if)#ip helper-address 202.206.79.2
6.2 網(wǎng)管中心對(duì)信息學(xué)院計(jì)算機(jī)系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.78.254
Switch(config)#ip dhcp pool xinxipoolvlan20
Switch(dhcp-config)#network 202.206.78.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.78.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.2.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.78.254
ip dhcp pool xinxipoolvlan20
network 202.206.78.0 255.255.255.0
default-router 202.206.78.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.2.2 信息學(xué)院計(jì)算機(jī)系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 20
Switch(config-if)#ip helper-address 202.206.79.2
6.3 網(wǎng)管中心對(duì)信息學(xué)院電子系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.77.254
Switch(config)#ip dhcp pool xinxipoolvlan30
Switch(dhcp-config)#network 202.206.77.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.77.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.3.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.77.254
ip dhcp pool xinxipoolvlan30
network 202.206.77.0 255.255.255.0
default-router 202.206.77.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.3.2 信息學(xué)院電子系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 30
Switch(config-if)#ip helper-address 202.206.79.2
6.4 網(wǎng)管中心對(duì)電氣學(xué)院電氣系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.76.254 //將網(wǎng)關(guān)地址排除在dhcp劃分的地址外
Switch(config)#ip dhcp pool dianqipoolvlan40
Switch(dhcp-config)#network 202.206.76.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.76.254
Switch(dhcp-config)#dns-server 202.206.65.1 //科大web服務(wù)器地址
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config //配置完需要保存,不然重新啟動(dòng)后配置丟失
6.4.1腳本
enbale
conf t
ip dhcp excluded-address 202.206.76.254
ip dhcp pool dianqipoolvlan40
network 202.206.76.0 255.255.255.0
default-router 202.206.76.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.4.2 信息學(xué)院網(wǎng)絡(luò)系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 40
Switch(config-if)#ip helper-address 202.206.79.6
6.5 網(wǎng)管中心對(duì)電氣學(xué)院自動(dòng)化系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.75.254
Switch(config)#ip dhcp pool dianqipoolvlan50
Switch(dhcp-config)#network 202.206.75.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.75.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.5.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.75.254
ip dhcp pool dianqipoolvlan50
network 202.206.75.0 255.255.255.0
default-router 202.206.75.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.5.2 電氣學(xué)院自動(dòng)化系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 50
Switch(config-if)#ip helper-address 202.206.79.6
6.6 網(wǎng)管中心對(duì)電氣學(xué)院測(cè)控系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.74.254
Switch(config)#ip dhcp pool dianqipoolvlan60
Switch(dhcp-config)#network 202.206.74.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.74.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.6.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.74.254
ip dhcp pool dianqipoolvlan60
network 202.206.74.0 255.255.255.0
default-router 202.206.74.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.6.2 電氣學(xué)院電子系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 60
Switch(config-if)#ip helper-address 202.206.79.6
6.7 網(wǎng)管中心對(duì)機(jī)械學(xué)院機(jī)械系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.73.254 //將網(wǎng)關(guān)地址排除在dhcp劃分的地址外
Switch(config)#ip dhcp pool jixiepoolvlan70
Switch(dhcp-config)#network 202.206.73.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.73.254
Switch(dhcp-config)#dns-server 202.206.65.1 //科大web服務(wù)器地址
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config //配置完需要保存,不然重新啟動(dòng)后配置丟失
6.7.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.73.254
ip dhcp pool jixiepoolvlan70
network 202.206.73.0 255.255.255.0
default-router 202.206.73.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.7.2 信息學(xué)院網(wǎng)絡(luò)系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 70
Switch(config-if)#ip helper-address 202.206.79.10
6.8 網(wǎng)管中心對(duì)機(jī)械學(xué)院材料科學(xué)系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.72.254
Switch(config)#ip dhcp pool jixiepoolvlan80
Switch(dhcp-config)#network 202.206.72.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.72.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.8.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.72.254
ip dhcp pool jixiepoolvlan80
network 202.206.72.0 255.255.255.0
default-router 202.206.72.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.8.2 信息學(xué)院計(jì)算機(jī)系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 80
Switch(config-if)#ip helper-address 202.206.79.10
6.9 網(wǎng)管中心對(duì)機(jī)械學(xué)院機(jī)械電子工程系DHCP地址配置
Switch>enbale
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.71.254
Switch(config)#ip dhcp pool jixiepoolvlan90
Switch(dhcp-config)#network 202.206.71.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.71.254
Switch(dhcp-config)#dns-server 202.206.65.1
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config
6.9.1 腳本
enbale
conf t
ip dhcp excluded-address 202.206.71.254
ip dhcp pool jixiepoolvlan90
network 202.206.71.0 255.255.255.0
default-router 202.206.71.254
dns-server 202.206.65.1
exit
exit
copy running-config startup-config
6.9.2 信息學(xué)院電子系三層交換機(jī)上DHCP助手配置
Switch>enbale
Switch#conf t
Switch(config)#int vlan 90
Switch(config-if)#ip helper-address 202.206.79.10
6.10 網(wǎng)管中心對(duì)email服務(wù)器DHCP配置
Switch>enable
Switch#conf t
Switch(config)#ip dhcp excluded-address 202.206.66.254 //將網(wǎng)關(guān)地址排除在dhcp劃分的地址外
Switch(config)#ip dhcp pool emailpool
Switch(dhcp-config)#network 202.206.66.0 255.255.255.0
Switch(dhcp-config)#default-router 202.206.66.254
Switch(dhcp-config)#exit
Switch(config)#exit
Switch#copy running-config startup-config //配置完需要保存,不然重新啟動(dòng)后配置丟失
6.11 web服務(wù)器和Ftp服務(wù)器均為手動(dòng)配置IP地址
7、ACL策略
7.1 不允許外網(wǎng)202.206.61.0/24網(wǎng)段主機(jī)訪問(wèn)科大內(nèi)網(wǎng)(在R1上做配置)
Router#conf t
Router(config)#access-list 1 deny 202.206.61.0 0.0.0.255
Router(config)#access-list 1 permit any
Router(config)#int f0/0
Router(config-if)#ip access-group 1 out
7.2 不允許電氣學(xué)院電氣系的所有人訪問(wèn)外網(wǎng)
Router#conf t
Router(config)#access-list 2 deny 202.206.76.0 0.0.0.255
Router(config)#access-list 2 permit any
Router(config)#int f0/0
Router(config-if)#ip access-group 1 in
8、NAT策略
對(duì)外隱藏科大內(nèi)網(wǎng)的IP地址(解決ipV4地址不夠用的問(wèn)題)
路由器R1配置:
Router>en
Router#conf t
Router(config)#access-list 3 permit host 202.206.70.1
Router(config)#access-list 3 permit 202.204.64.0 0.0.15.255 //配置允許應(yīng)轉(zhuǎn)換第地址的標(biāo)準(zhǔn)訪問(wèn)列表
Router(config)#ip nat pool test 202.206.200.10 202.206.200.15 netmask 255.255.255.0 //定義轉(zhuǎn)換中使用的全局地址池
Router(config)#ip nat inside source list 3 pool test //建立動(dòng)態(tài)源轉(zhuǎn)換,將動(dòng)態(tài)地址池和訪問(wèn)控制列表做綁定。
Router(config)#int f0/0
Router(config-if)#ip nat inside //識(shí)別內(nèi)部接口
Router(config-if)#int s0/0/0
Router(config-if)#ip nat outside //識(shí)別外部接口
Router#copy running-config startup-config //保存配置
運(yùn)營(yíng)商路由器ISP配置:
Router(config)#ip route 202.206.200.0 255.255.255.0 202.206.100.1 //這里需要加一條到Nat地址池的靜態(tài)路由。
Router#copy running-config startup-config //保存配置
注:
1.盡量不要用outside接口的全局地址作為內(nèi)部全局地址,該接口地址的所有者是互聯(lián)網(wǎng)服務(wù)提供商(ISP)。當(dāng)線路變更時(shí)地址就會(huì)改變,就需要更改DNS記錄了,如果是直接通過(guò)IP提供服務(wù),那就更麻煩,而線路的變更是常有的。另外,路由器的outside接口有可能不是可用的地址,而是私有地址等。
2.使用debug命令查看到的轉(zhuǎn)換過(guò)程。
R1#debug ip nat
IP NAT debugging is on
3.動(dòng)態(tài)NAT映射表?xiàng)l目存在一定生存時(shí)間,時(shí)間超過(guò)時(shí)轉(zhuǎn)換條目將會(huì)被自動(dòng)刪除。一對(duì)一的動(dòng)態(tài)NAT超時(shí)時(shí)間為10分鐘(600秒);基于端口的動(dòng)態(tài)NAT超時(shí)時(shí)間為1分鐘(60秒)。
9、心得:
經(jīng)過(guò)了這個(gè)校園網(wǎng)的設(shè)計(jì),讓我認(rèn)識(shí)到自身有很多的不足,有很多知識(shí)點(diǎn)考慮的還不夠全面,這個(gè)網(wǎng)絡(luò)結(jié)構(gòu)的安全性也比較低,并沒(méi)有做雙機(jī)熱備,一但核心層路由器出問(wèn)題,將會(huì)造成整個(gè)網(wǎng)絡(luò)的崩潰。我將在課下的時(shí)間認(rèn)真的反思我的問(wèn)題,并不斷的做出改正和對(duì)校園網(wǎng)的完善。通過(guò)這次實(shí)踐,我也認(rèn)識(shí)到了團(tuán)隊(duì)合作的重要性,在每個(gè)人明確的分工下,整個(gè)設(shè)計(jì)都井然有序的進(jìn)行著,在設(shè)計(jì)的過(guò)程中不斷的出現(xiàn)問(wèn)題,不斷進(jìn)行解決,比如,在acl的出還是入的那一塊,由于理解的不是很明確,就出現(xiàn)了很大的歧義,最終在大家的努力下,解決了這個(gè)問(wèn)題。
總結(jié)
以上是生活随笔為你收集整理的校园网设计超超超级详细的配置来了(以河北科技大学为例)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: JS基础-DOM增删改-尚硅谷视频p10
- 下一篇: [挖坟] 突破WINISO未注册时100