有销售部,财务部,信息安全,高层管理,市场部,服务器区域,2间主讲教室
a) 禁止除高层管理办公室以外的所有部门上QQ
b) 教师内只得在每天中午12:30-13:30期间可以访问外网.
远程管理.金和OA系统采用Windows2003系统,开放3389端口进行远程管理.
!用友U8财务系统,只允许财务部门以及高层管理部门以WEB方式进行访问.
上传数据或下载数据.其他部门只有WEB访问权限.
no ip address
ipaddress 1.1.1.1 255.255.255.255
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.15.0 255.255.255.0
default-router 192.168.15.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.25.0 255.255.255.0
default-router 192.168.25.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.35.0 255.255.255.0
default-router 192.168.35.1
dns-server 202.106.0.20
lease 2
exit
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.15.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.25.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.35.1 192.168.35.3
ip dhcp excluded-address 192.168.40.1 192.168.40.3
配置子接口来连接不同的vlan
interface eth0/0.1
encapsulation dot1Q 100
ip address 192.168.10.1 255.255.255.0
ip access-group xiaoshou in
ip nat inside
exit
encapsulation dot1Q 200
ip address 192.168.15.1 255.255.255.0
ip access-group caiwu in
ip nat inside
exit
encapsulation dot1Q 300
ip address 192.168.20.1 255.255.255.0
ip access-group xinxi in
ip nat inside
exit
encapsulation dot1Q 400
ip address 192.168.25.1 255.255.255.0
ip access-group gaoceng in
ip nat inside
exit
encapsulation dot1Q 500
ip address 192.168.30.1 255.255.255.0
ip access-group shichang in
ip nat inside
exit
encapsulation dot1Q 600
ip address 192.168.35.1 255.255.255.0
ip access-group jiaoshi in
ip nat inside
exit
encapsulation dot1Q 700
ip address 192.168.40.1 255.255.255.0
ip access-group jiaoshi in
ip nat inside
exit
encapsulation dot1Q 800
ip address 192.168.45.1 255.255.255.0
ip access-group server in
ip nat inside
exit
encapsulation dot1Q 900
ip address 192.168.50.1 255.255.255.0
ip nat inside
exit
encapsulation dot1Q 1000
ip address 201.241.1.195 255.255.255.224
ip nat outside
exit
ip route 0.0.0.0 0.0.0.0 201.241.1.193
router ospf 100
network 192.168.10.0 0.0.0.255 area 0
network 192.168.15.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.25.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.35.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.45.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 201.241.1.192 0.0.0.31 area 0
ip nat pool liyang 201.241.1.195 201.241.1.198 netmask 255.255.255.0
access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 pool liyang overload
ip access-list extended caiwu
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
deny udp any any eq 8000
permit ip any any
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
permit ip any any
time-range time
periodic daily 12:30 to 13:30
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
deny udp any any eq 8000 (QQ)端口
permit ip any 201.241.1.192 0.0.0.31 time-range time
deny ip any 201.241.1.192 0.0.0.31
permit ip any any
permit tcp any host 192.168.45.2 eq www
permit tcp 192.168.20.0 0.0.0.255 host 192.168.45.2 eq 3389
permit tcp 192.168.15.0 0.0.0.255 host 192.168.45.3 eq www
permit tcp 192.168.25.0 0.0.0.255 host 192.168.45.3 eq www
permit tcp any host 192.168.45.4 eq www
permit tcp 192.168.30.0 0.0.0.255 host 192.168.45.4 eq ftp
permit tcp 192.168.30.0 0.0.0.255 host 192.168.45.4 eq 22
permit ip host 192.168.35.2 host 192.168.45.5
permit ip host 192.168.35.3 host 192.168.45.5
permit ip host 192.168.40.2 host 192.168.45.5
permit ip host 192.168.40.3 host 192.168.45.5
permit ip host 192.168.1.2 host 192.168.45.5
permit ip host 192.168.2.2 host 192.168.45.5
deny ip any any
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
deny udp any any eq 8000
permit ip any any
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
deny udp any any eq 8000
permit ip any any
deny tcp any any eq 135
deny tcp any any eq 136
deny tcp any any eq 137
deny tcp any any eq 138
deny tcp any any eq 445
deny udp any any eq 8000
permit ip any any
no ip address
no ip route-cache
shutdown
interface FastEthernet0/1
switchport mode trunk
switchport access vlan 100
switchport mode access
spanning-tree portfast
switchport access vlan 200
switchport mode access
spanning-tree portfast
switchport access vlan 300
switchport mode access
spanning-tree portfast
switchport access vlan 400
switchport mode access
spanning-tree portfast
switchport access vlan 500
switchport mode access
spanning-tree portfast
switchport access vlan 600
switchport mode access
spanning-tree portfast
switchport access vlan 700
switchport mode access
spanning-tree portfast
switchport access vlan 800
switchport mode access
spanning-tree portfast
switchport access vlan 900
switchport mode access
spanning-tree portfast
switchport access vlan 1000
switchport mode access
spanning-tree portfast
switchport access vlan 1000
switchport mode access
spanning-tree portfast
switchport access vlan 1000
switchport mode access
spanning-tree portfast
switchport access vlan 1000
switchport mode access
spanning-tree portfast
4000路由器配置
ip address 2.2.2.2 255.255.255.255
ip address 192.168.50.2 255.255.255.0
no ip address
shutdown
no ip address
shutdown
no ip address
shutdown
interface Serial0
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
ip address 10.1.10.1 255.255.255.0
encapsulation ppp
clock rate 9600
!
interface Serial2
ip address 10.1.20.1 255.255.255.0
encapsulation ppp
no ip address
shutdown
log-adjacency-changes
area 1 virtual-link 3.3.3.3
network 10.1.1.0 0.0.0.255 area 1
network 10.1.10.0 0.0.0.255 area 1
network 10.1.20.0 0.0.0.255 area 1
network 192.168.50.0 0.0.0.255 area 0
2500A
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no ip address
shutdown
ip address 10.1.1.2 255.255.255.0
encapsulation ppp
clock rate 9600
no ip address
shutdown
network 10.1.1.0 0.0.0.255 area 1
interface Loopback0
ip address 5.5.5.5 255.255.255.255
no ip address
shutdown
ip address 10.1.10.2 255.255.255.0
encapsulation ppp
no ip address
shutdown
network 10.1.10.0 0.0.0.255 area 1
2500C
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no ip address
shutdown
ip address 10.1.20.2 255.255.255.0
encapsulation ppp
clockrate 9600
ip address 10.2.1.1 255.255.255.0
encapsulation ppp
clockrate 9600
area 1 virtual-link 2.2.2.2
network 10.1.20.0 0.0.0.255 area 1
network 10.2.1.0 0.0.0.255 area 2
interface Loopback0
ip address 8.8.8.8 255.255.255.255
ip address dhcp
shutdown
ip address 10.2.1.2 255.255.255.0
encapsulation ppp
no ip address
shutdown
network 10.2.1.0 0.0.0.255 area 2