Home > Others

Enterprise Network Project PT Simulation

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Enterprise Project Requirement Description:
A company rents two floors of an office building and needs to create a new enterprise LAN. The company has five departments, the Engineering Department and the Technical Support Department are at Layer 4, and each department has 40 information points; the Department Manager Offices of the marketing department, the General Department, the finance department, and each department, and the general manager office of the company are on the fifth floor. The Marketing Department and the General Department have 22 information points, and the finance department has 5 information points, the Department Manager and the General Manager Office each have an information point. There is a meeting room on Layer 4 and layer 5. Each meeting room has an information point. The computer in the meeting room uses wireless Internet access and automatically obtains an IP address ). In addition to meeting rooms, computers in other offices are directly connected to information points. A vro connects to the Internet and implements nat technology in the enterprise network.

The basic requirements for network formation are as follows:

1. the FTP server and internal website server must be configured in the network. The functions of the two servers are configured on one physical server.

2. Each department in the network is in an independent broadcast domain. The department manager and the General Manager are in an independent broadcast domain, and the two meeting rooms are in an independent broadcast domain.

3. The General Manager, Department Manager, and Finance Department can communicate with each other, but employees in other departments cannot access the computers of the General Manager, Department Manager, and Finance Department.

4. external users of the WAN can access the website servers on the Intranet of the enterprise through IP addresses.

Network Topology:

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0335463K1-0.jpg "/>

Configuration steps:
 

In exchange 1 Created above Vtp Switch> en Switch # vlan data Switch (vlan) # vtp server Switch (vlan) # vtp domain xcw Switch (vlan) # vtp password 123456 Create Vlan Switch (vlan) # vlan 11 name gongcheng Switch (vlan) # vlan 12 name jishu Switch (vlan) # vlan 13 name zongwu Switch (vlan) # vlan 14 name caiwu Switch (vlan) # vlan 15 name shichang Switch (vlan) # vlan 16 name jingli Switch (vlan) # vlan 17 name FTP Switch (vlan) # vlan 18 name zongjingli Switch (vlan) # vlan 19 name 5 huiyishi Switch (vlan) # vlan 10 name 4 huiyishi In the vswitch 2 Above Switch> en Switch # vlan data Switch (vlan) # vtp client Switch (vlan) # vtp domain xcw Switch (vlan) # vtp password 123456 In the vswitch 3 Upper Switch> en Switch # vlan data Switch (vlan) # vtp client Switch (vlan) # vtp domain xcw Switch (vlan) # vtp password 123456 In the vswitch 4 Upper Switch> en Switch # vlan data Switch (vlan) # vtp client Switch (vlan) # vtp domain xcw Switch (vlan) # vtp password 123456 In this way, all the vswitches have Vlan Add all ports to the corresponding Vlan . S1 (config) # interface FastEthernet0/1 S1 (config-if) # switchport access vlan 11 S1 (config) # interface FastEthernet0/7 S1 (config-if) # switchport access vlan 17 S1 (config) # interface FastEthernet0/2 S1 (config-if) # switchport access vlan 10 S2 (config) # interface FastEthernet0/2 S2 (config-if) # switchport access vlan 12 S3 (config) # interface FastEthernet0/3 S3 (config-if) # switchport access vlan 13 S3 (config) # interface FastEthernet0/4 S3 (config-if) # switchport access vlan 14 S3 (config) # interface FastEthernet0/5 S3 (config-if) # switchport access vlan 15 S4 (config) # interface FastEthernet0/6 S4 (config-if) # switchport access vlan 16 S4 (config) # interface FastEthernet0/8 S4 (config-if) # switchport access vlan 18 S4 (config) # interface FastEthernet0/9 S4 (config-if) # switchport access vlan 19 All ports are added Vlan Now we need to create a sub-interface on the route to encapsulate the virtual gateways configured for different VLANs. Different network segments in the Intranet can communicate with each other. We also need to set NAT .

 < Connect to a vro in an Enterprise 0 Upper >   R0 (config) # int f0/0.11 R0 (config-if) # encapsulation dot1Q 11 R0 (config-if) # ip add 192.168.1.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.12 R0 (config-if) # encapsulation dot1Q 12 R0 (config-if) # ip add 192.168.2.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.13 R0 (config-if) # encapsulation dot1Q 13 R0 (config-if) # ip add 192.168.3.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.14 R0 (config-if) # encapsulation dot1Q 14 R0 (config-if) # ip add 192.168.4.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.15 R0 (config-if) # encapsulation dot1Q 15 R0 (config-if) # ip add 192.168.5.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.16 R0 (config-if) # encapsulation dot1Q 16 R0 (config-if) # ip add 192.168.6.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.17 R0 (config-if) # encapsulation dot1Q 17 R0 (config-if) # ip add 192.168.7.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.18 R0 (config-if) # encapsulation dot1Q 18 R0 (config-if) # ip add 192.168.8.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.19 R0 (config-if) # encapsulation dot1Q 19 R0 (config-if) # ip add 192.168.9.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # int f0/0.10 R0 (config-if) # encapsulation dot1Q 10 R0 (config-if) # ip add 192.168.10.1 255.255.255.0 R0 (config-if) # ip nat inside R0 (config-if) # exit Set the DHCP pool to implement the computer in the meeting room IP address Auto get   R0 (config) # ip dhcp excluded-address 192.168.9.1 R0 (config) # ip dhcp pool xcw1 R0 (dhcp-config) # network 192.168.9.0 255.255.255.0 R0 (dhcp-config) # default-router 192.168.9.1 R0 (config) # ip dhcp excluded-address 192.168.10.1R0 (config) # ip dhcp pool xcw2R0 (dhcp-config) # network 192.168.10.0 255.255.255.0R0 (dhcp-config) # default-router 192.168.10.1After the preceding command is entered, we basically implement Intranet Communication.. Now, we have set mutual access with finance departments, department managers, and general managers, and cannot allow access from other internal networks!R0 (config) # access-list 100 permit ip host 192.168.8.2 host 192.168.6.2R0 (config) # access-list 100 permit ip host 192.168.8.2 host 192.168.5.2R0 (config) # access-list 100 permit ip host 192.168.6.2 host 192.168.5.2R0 (config) # access-list 100 permit ip host 192.168.6.2 host 192.168.8.2R0 (config) # access-list 100 permit ip host 192.168.5.2 host 192.168.6.2R0 (config) # access-list 100 permit ip host 192.168.5.2 host 192.168.8.2R0 (config) # access-list 100 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.255.255R0 (config) # access-list 100 permit ip any
In this way, other departments on the Intranet cannot access our Finance Department, Department managers, and general managers.Now let's connect to the Internet.R0 (config) # int s0/0/0R0 (config-if) # ip nat outsideR0 (config )# Access-list 1 permit 192.168.1.0 0.0.255R0 (config) # access-list 1 permit 192.168.2.0 0.0.255R0 (config) # access-list 1 permit 192.168.3.0 0.0.255R0 (config) # access-list 1 permit 192.168.4.0 0.0.255R0 (config) # access-list 1 permit 192.168.5.0 0.0.255R0 (config) # access-list 1 permit 192.168.6.0 0.0.255R0 (config) # access-list 1 permit 192.168.7.0 0.0.255R0 (config) # access-list 1 permit 192.168.8.0 0.0.255R0 (config) # access-list 1 permit 192.168.9.0 0.0.255R0 (config) # access-list 1 permit 192.168.10.0 0.0.255R0 (config) # ip nat pool xcw 202.11.1.2 202.11.1.2 netmask 255.255.255.0R0 (config) # ip nat inside source list 1 pool xcw overloadR0 (config) # ip nat inside source static tcp 192.168.7.2 80 202.11.1.2 80The preceding statements map the Intranet web server to a public IP address.202.11.1.2In this case, the Internet can access the web page of our Intranet server.
Configurations on another internet router:R1 (config) # int s/0/0/0R1 (config-if) # ip nat outsideR1 (config-if) # ip add 202.11.1.1 255.255.255.0R1 (config-if) # exitR1 (config) # int f0/0R1 (config-if) # ip add 172.16.1.1 255.255.255.0R1 (config-if) # ip nat insideR1 (config-if) # exitR1 (config )# Ip nat inside source static 172.16.1.2 202.11.1.1Now you can access the server through the Internet.202.11.1.2This public address is accessedWeb page on the Intranet web server.

This article from the "Drop water stone" blog, please be sure to keep this source http://xjsunjie.blog.51cto.com/999372/464777

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More