网络拓扑流量数据可视化 网络拓扑案例

综合型网络实现的实例

• 一、拓扑图

• 1、拓扑图
• 2、实现功能

• 二、分公司设置

• 1、设计分析
• 2、单臂路由实现

• 　1、配置交换机
• 　2、配置路由器

• 三、专线路由设置

• 1、Router1/2分析设置
• 2、Router3分析设置
• 3、Router4分析设置

• 四、总部设置

• 1、接入层交换机配置

• 　1、Trunk链路设置
• 　2、VLAN划分

• 2、核心交换机配置

• 　1、Trunk链路
• 　2、VTP命令创建VLAN
• 　3、启用虚拟链路
• 　4、DHCP中继

• 3、HSRP对路由进行备份
• 4、PAT实现外网访问
• 5、三层交换机路由表设置
• 6、内网路由表设置
• 7、总部WEB服务器的发布
• 8、ACL设置

• 五、互联网区设置

• 1、R1\R2端口设置
• 2、R1/R2的路由表配置
• 3、将R1/R2设置为动态路由

一、拓扑图

1、拓扑图

2、实现功能

　　①、每个部门不同的VLAN划分，但没有限制的部门可以互相通信（总部和分公司）
　　②、分公司的路由器做DHCP服务器，PC自动获取IP
　　③、总部内网互通，但除了服务器其他部门不能访问财务部，其他部门可以互相访问，PC为自动获取IP
　　④、分公司只可以访问总公司的服务器，并且可以正常上网
　　⑤、拓扑中的1、2、3、4线坏掉任意一根，不影响上网
　　⑥、禁止总部市场部上外网，其他部门正常上外网
　　⑦、所有公司员工可以用www.monkey.com访问外网的猴子网站
　　⑧、总部的WEB服务器发布出去，外网PC可以成功访问此服务器发布的网站
　　⑨、互联网的路由器为动态路由，其他是静态路由

二、分公司设置

1、设计分析

　　①、分公司需要实现的功能为，用VLAN隔离广播域，且不同VLAN可以互相通信
　　②、路由需要做DHCP服务器使用
　　③、采用单臂路由来实现分公司功能

2、单臂路由实现

　　①、创建vlan

SW1：configure terminal
			 vlan 10
			 exit
			 vlan 20
			 exit
   SW2：configure terminal
			 vlan 10
			 exit
			 vlan 20
			 exit

　　②、划分VLAN接口

SW1：configure terminal
		interface f0/1
		switchport access vlan 10
		no shutdown
		exit
		interface f0/2
		switchport access vlan 20
		no shutdown
		exit
   SW2：configure terminal
		interface f0/1
		switchport access vlan 10
		no shutdown
		exit
		interface f0/2
		switchport access vlan 20
		no shutdown
		exit

　　③、设置Trunk链路

SW1:configure terminal
	    interface f0/3
	    switchport mode trunk
	    no shutdown
	    exit
	SW2:configure terminal
	    interface f0/3
	    switchport mode trunk
	    no shutdown
	    exit

　　①、设置路由的DHCP服务

Router1：configure terminal
			 ip dhcp pool v1
			 network 172.16.1.0  255.255.255.0
			 default-router 172.16.1.254
			 dns-server 140.0.0.1
			 exit
			 ip dhcp pool v2
			 network 172.16.2.0  255.255.255.0
			 default-router 172.16.2.254
			 dns-server 140.0.0.1
			 exit
	Router2：configure terminal
			 ip dhcp pool v1
			 network 172.16.20.0  255.255.255.0
			 default-router 172.16.20.254
			 dns-server 140.0.0.1
			 exit
			 ip dhcp pool v2
			 network 172.16.21.0  255.255.255.0
			 default-router 172.16.21.254
			 dns-server 140.0.0.1
			 exit

　　②、开启虚拟子接口

Router1:configure  terminal
			interface f0/0.1
			encapsulation dot1q 10
			ip address 172.16.1.254  255.255.255.0
			no shutdown
			exit
			interface f0/0.2
			encapsulation dot1q 20
			ip address 172.16.2.254  255.255.255.0
			no shutdown
			exit
			interface f0/0
			no shutdown 
			exit
	Router2:configure  terminal
			interface f0/0.1
			encapsulation  dot1q 10
			ip address 172.16.20.254  255.255.255.0
			no shutdown
			exit
			interface f0/0.2
			encapsulation dot1q 20
			ip address 172.16.21.254  255.255.255.0
			no shutdown
			exit
			interface f0/0
			no shutdown 
			exit

　　③、开启连接专线的端口

Router1：configure terminal
			interface f0/1
			ip address 10.1.1.1  255.255.255.0
			no shutdown
			exit
	Router2：configure terminal
			interface f0/1
			ip address 10.2.2.1  255.255.255.0
			no shutdown
			exit

三、专线路由设置

1、Router1/2分析设置

　　①、Router1/2分析，分公司的路由在访问总部或者外网时，只需传送到Router3即可，可以使用默认路由

Router1:configure terminal
			ip route 0.0.0.0  0.0.0.0  10.1.1.2
			exit
	Router2:configure terminal
			ip route 0.0.0.0  0.0.0.0  10.2.2.2
			exit

2、Router3分析设置

　　①、Router3分析，左侧只需指向分公司，右侧为外网和总部，需要开启端口，配置路由表，到192.168.0.0和140.0.0.0网段的指向Router4,172.16.1.0-172.16.21.0分别指向Router1和Router2

//先开启端口
		configure terminal
		interface f0/0 
		ip address 10.1.1.2  255.255.255.0
		no shutdown
		exit
		interface f0/1
		ip address 10.2.2.2  255.255.255.0
		no shutdown
		exit
		interface f1/0
		ip address 10.3.3.1  255.255.255.0
		no shutdown
		exit

　　②、路由表配置

Router3:configure terminal
			ip route 172.16.1.0  255.255.255.0  10.1.1.1
			ip route 172.16.2.0  255.255.255.0  10.1.1.1
			ip route 172.16.20.0 255.255.255.0  10.2.2.1
			ip route 172.16.21.0 255.255.255.0  10.2.2.1
			ip route 192.168.0.0  255.255.0.0  10.3.3.2
			ip route 140.0.0.0  255.255.255.0  10.3.3.2

3、Router4分析设置

　　①、开启端口

Router4:configure terminal
			interface f0/0 
			ip address 10.3.3.2  255.255.255.0
			no shutdown
			exit
			interface f0/1
			ip address 192.168.7.1  255.255.255.0
			no shutdown 
			exit

　　②、路由配置分析，172.16.0.0的应指向Router3,192.168.0.0 和140.0.0.0指向SW0_0

Router4:configure terminal
			ip route 172.16.0.0  255.255.0.0  10.3.3.1
			ip route 192.168.0.0  255.255.0.0 192.168.7.2
			ip route 140.0.0.0 255.255.255.0 192.168.7.2

四、总部设置

1、接入层交换机配置

SW0_1:configure terminal
		  interface  f0/3
		  switchport mode trunk
		  no shutdown
		  exit
	SW0_2:configure terminal
		  interface  f0/3
		  switchport mode trunk
		  no shutdown
		  exit
	SW0_3:configure terminal
		  interface  f0/3
		  switchport mode trunk
		  no shutdown
		  exit

SW0_1:configure terminal
		  interface f0/1
		  switchport access vlan 10
		  no shutdown
		  exit
		  interface f0/2
		  switchport access vlan 20
		  no shutdown
		  exit
	SW0_2:configure terminal
		  interface f0/1
		  switchport access vlan 30
		  no shutdown
		  exit
		  interface f0/2
		  switchport access vlan 40
		  no shutdown
		  exit	  
	SW0_3:configure terminal
		  interface f0/1
		  switchport access vlan 50
		  no shutdown
		  exit
		  interface f0/2
		  switchport access vlan 50
		  no shutdown
		  exit

2、核心交换机配置

SW0_0:configure  terminal
		  interface range f0/1-3
		  switchport trunk encapsulation dot1q
		  switchport mode trunk
		  no shutdown
		  exit

SW0_0:configure terminal
		  vtp domain MONKEY
		  vlan 10
		  exit
		  vlan 20
		  exit
		  vlan 30
		  exit
		  vlan 40
		  exit
		  vlan 50
		  exit
		  vlan 60  //用于HSRP备份时与两个路由保持同网段通信
		  exit

SW0_0:configure terminal
		  ip routing
		  interface vlan 10
		  ip address 192.168.1.254  255.255.255.0
		  no shutdown
		  exit
		  interface vlan 20
		  ip address 192.168.2.254  255.255.255.0
		  no shutdown
		  exit
		  interface vlan 30
		  ip address 192.168.3.254  255.255.255.0
		  no shutdown
		  exit
		  interface vlan 40
		  ip address 192.168.4.254  255.255.255.0
		  no shutdown
		  exit
		  interface vlan 50
		  ip address 192.168.5.254  255.255.255.0
		  no shutdown
		  exit
		  interface vlan 60
		  ip address 192.168.6.3  255.255.255.0
		  no shutdown
		  exit

SW0_0:configure termminal
		  interface vlan 10
		  ip helper-address 192.168.5.1
		  exit
		  interface vlan 20
		  ip helper-address 192.168.5.1
		  exit
		  interface vlan 30
		  ip helper-address 192.168.5.1
		  exit
		  interface vlan 40
		  ip helper-address 192.168.5.1
		  exit

3、HSRP对路由进行备份

　　①、对Router0_1和Router0_2进行热备份，条件是两个路由器可以互相通信，现在两者分别连在g0/1和g0/2上，只要建立一个虚拟的链路，将三层交换机与两个路由连在一起划分到同一个VLAN就可以进行备份了

SW0_0:configure terminal
		  interface vlan 60
		  ip address 192.168.6.3  255.255.255.0
		  no shutdown
		  exit
		  interface g0/1
		  swtichport access vlan 60
		  exit
		  interface g0/2
		  switchport access vlan 60
		  exit
Router0_1:configure  terminal
		  interface f0/0
		  ip address 192.168.6.1  255.255.255.0
		  no shutdown
		  exit
		  interface f0/1
		  ip address 100.0.0.1  255.255.255.0
		  no shutdown
		  exit
Router0_2:configure terminal
		  interface f0/0
		  ip address 192.168.6.2  255.255.255.0
		  no shutdown
		  exit
		  interface f0/1
		  ip address 110.0.0.1  255.255.255.0
		  no shutdown
		  exit

　　②、HSRP备份

Router0_1：configure terminal
		   interface f0/0   //网关所在的接口
	       standby 1 ip 192.168.6.4 //standby  组号  IP  虚拟IP
		   standby 1 priority 195 //设置优先级，numbers=200为优先级数值为200，其为0-255
		   standby 1 preempt //设置占先权
		   standby 1 track f0/1 //设置出接口跟踪，默认优先级降10（Cisco Packet Tracer软件）
Router0_2：configure terminal
           interface f0/0
	       standby 1 ip 192.168.6.4 //standby  组号  IP  虚拟IP
		   standby 1 priority 190 //设置优先级，numbers=200为优先级数值为200，其为0-255
		   standby 1 preempt //设置占先权
		   standby 1 track f0/1 //设置出接口跟踪，默认优先级降10（Cisco Packet Tracer软件）

4、PAT实现外网访问

　　①、定义内网外网端口

Router0_1:configure terminal
		  interface  f0/0      //定义为内网端口
		  ip nat inside
		  exit
		  interface f0/1      //定义为外网端口
		  ip nat outside 
		  exit
Router0_2:configure terminal
		  interface f0/0
		  ip nat inside
		  exit
		  interface f0/1
		  ip nat outside
		  exit

　　②、配置PAT

Router0_1:configure terminal
		  access-list 1 permit 192.168.0.0  0.0.255.255  //定义内部地址池
		  ip nat inside source list 1 int f0/1 overload //将内部地址池资源表1中的地址，和外网端口f0/1的IP进行NAT转换，并开启端口复用
		  access-list 2 permit 172.16.0.0 0.0.255.255
		  ip nat inside source list 2 int f0/1 overload
Router0_2:configure terminal
		  access-list 1 permit 192.168.0.0  0.0.255.255
		  ip nat inside source list 1 int f0/1 overload
		  access-list 2 permit 172.16.0.0  0.0.255.255
		  ip nat inside source list 2 f0/1 overload

5、三层交换机路由表设置

　　①、升级f0/4端口为路由端口，并添加路由表

SW0_0:configure terminal
		  interface f0/4
		  no switchport
		  ip address 192.168.7.2  255.255.255.0
		  no shutdown
		  exit
		  ip route  172.16.0.0  255.255.0.0  192.168.7.1

　　②、设置了HSRP之后

SW0_0:configure terminal
		  ip route 0.0.0.0 0.0.0.0 192.168.6.4
		  exit

6、内网路由表设置

Router0_1:configure terminal
			  ip route 0.0.0.0  0.0.0.0  100.0.0.2
			  ip route 192.168.0.0  255.255.0.0 192.168.6.3
              ip route 172.16.0.0  255.255.0.0  192.168.6.3
			  exit
	Router0_2:configure terminal
			  ip route 0.0.0.0  0.0.0.0  110.0.0.2
			  ip route 192.168.0.0  255.255.0.0 192.168.6.3
              ip route 172.16.0.0  255.255.0.0  192.168.6.3
			  exit

7、总部WEB服务器的发布

　　用静态PAT的方式，将WEB服务器80端口映射到IP100.0.0.2和110.0.0.2上的80端口

Router0_1:configure terminal
			  ip nat inside source static tcp 192.168.5.2  80  100.0.0.3 80
	Router0_2:configure terminal
			  ip nat inside source static tcp 192.168.5.2  80  110.0.0.3 80

8、ACL设置

　　①、市场部不可上外网

Router0_0:configure terminal
			  ip access-list extended shic
			  permit ip 192.168.1.0 0.0.0.255 192.168.0.0  0.0.255.255   
			  permit ip 192.168.1.0 0.0.0.255 172.16.0.0  0.0.255.255   
			  permit ip 192.168.1.0 0.0.0.255 10.0.0.0   0.255.255.255 
			  permit ip 192.168.0.0 0.0.255.255 192.168.1.0 0.0.0.255
			  permit ip 172.16.0.0  0.0.255.255 192.168.1.0 0.0.0.255  
			  permit ip 10.0.0.0  0.255.255.255 192.168.1.0 0.0.0.255
			  exit
			  interface vlan 10
			  ip access-group shic in
			  exit

　　②、只有服务器网段可以访问财务部

Router0_0: configure terminal
			   ip access-list extended caiwu
			   permit ip 192.168.5.0  0.0.0.255  192.168.4.0  0.0.0.255
			   deny ip 172.16.0.0  0.0.255.255  192.168.4.0  0.0.0.255
			   deny ip 10.0.0.0  0.255.255.255  192.168.4.0  0.0.0.255
			   deny ip 192.168.0.0  0.0.255.255 192.168.4.0  0.0.0.255
			   permit ip any any
			   exit
			   interface vlan 40
			   ip access-group caiwu out
			   exit

　　③、分公司只可以访问总部的服务器网段

Router3:configure terminal 
			ip access-list extended fengonzi
			permit ip 172.16.0.0  0.0.255.255   192.168.5.0  0.0.0.255
			permit ip 172.16.0.0  0.0.255.255  10.0.0.0 0.255.255.255
			deny ip 172.16.0.0  0.0.255.255  192.168.0.0 0.0.255.255
			permit ip any any
			exit
			interface f1/0
			ip access-group fengonzi out
			exit

五、互联网区设置

1、R1\R2端口设置

R1:configure terminal
	   interface f0/0
	   ip address 100.0.0.2  255.255.255.0
	   no shutdown
	   exit
	   interface f0/1
	   ip address 110.0.0.2  255.255.255.0
	   no shutdown
	   exit
	   interface f1/0
	   ip address 130.0.0.1  255.255.255.0
	   no shutdown
	   exit
	   interface f1/1
	   ip address 120.0.0.254  255.255.255.0
	   no shutdown
	   exit
	 R2:configure terminal
	   interface f0/0
	   ip address 130.0.0.2   255.255.255.0
	   no shutdown
	   exit
	   interface f0/1
	   ip address 140.0.0.254  255.255.255.0
	   no shutdown
	   exit

2、R1/R2的路由表配置

R1:configure terminal
		ip route 140.0.0.0 255.255.255.0 130.0.0.2
		exit
	R2:configure terminal
		ip route 100.0.0.0  255.255.255.0  130.0.0.1
		ip route 110.0.0.0  255.255.255.0  130.0.0.1
		ip route 120.0.0.0  255.255.255.0  130.0.0.1

3、将R1/R2设置为动态路由

R1：configure terminal
	    router rip 
	    version 2
	    no auto-summary   //防止出现子网掩码更改
	    network 100.0.0.0  //激活100.0.0.0网段
	    network 110.0.0.0
	    network 120.0.0.0
	    network 130.0.0.0
	    exit
	R2：configure terminal
	    router rip 
	    version 2
	    no auto-summary
	    network 130.0.0.0
	    network 140.0.0.0
	    exit