時(shí)間:2015/6/28來(lái)源:IT貓撲網(wǎng)作者:網(wǎng)管聯(lián)盟我要評(píng)論(0)
不久前做過(guò)一個(gè)小項(xiàng)目,是某公司發(fā)展需要,需要對(duì)目前網(wǎng)絡(luò)進(jìn)行改革:
1.針對(duì)于不同的部門劃分不同的區(qū)域進(jìn)行網(wǎng)絡(luò)管理,確保每處區(qū)域都可以正常訪問(wèn)公網(wǎng).
有銷售部,財(cái)務(wù)部,信息安全,高層管理,市場(chǎng)部,服務(wù)器區(qū)域,2間主講教室
2.針對(duì)目前公司整體的規(guī)范化管理需要進(jìn)行以下網(wǎng)絡(luò)限制.
a) 禁止除高層管理辦公室以外的所有部門上QQ
b) 教師內(nèi)只得在每天中午12:30-13:30期間可以訪問(wèn)外網(wǎng).
c) 對(duì)服務(wù)器區(qū)域的所有限制及設(shè)定:
!金和OA協(xié)同辦公系統(tǒng)服務(wù)器:允許所有部門人員訪問(wèn),但只允許信息安全部人員進(jìn)行遠(yuǎn)程管理.金和OA系統(tǒng)采用Windows2003系統(tǒng),開放3389端口進(jìn)行遠(yuǎn)程管理.
!用友U8財(cái)務(wù)系統(tǒng),只允許財(cái)務(wù)部門以及高層管理部門以WEB方式進(jìn)行訪問(wèn).
!公司網(wǎng)站服務(wù)器.使用LAMP構(gòu)架方式.允許市場(chǎng)部進(jìn)行管理,并可以通過(guò)ftp方式進(jìn)行上傳數(shù)據(jù)或下載數(shù)據(jù).其他部門只有WEB訪問(wèn)權(quán)限.
!公司遠(yuǎn)程教育服務(wù)器,只允許主講教師的教師機(jī)以及遠(yuǎn)程端教室的教師機(jī)進(jìn)行訪問(wèn).
3.配置DHCP服務(wù)器,2間主講教室中分別是兩臺(tái)教師機(jī)使用靜態(tài)IP地址.
4.建立遠(yuǎn)程教學(xué)系統(tǒng),三家分中心與公司相連,其中一家分中心還另外連接一處本地大學(xué)教室.
根據(jù)以上敘述,拓?fù)鋱D如下:
核心路由器配置如下:
interface e0/0
no ip address
lookback 0 (回環(huán))
ipaddress 1.1.1.1 255.255.255.255
配置dhcp
ip dhcp pool xiaoshou
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool caiwu
network 192.168.15.0 255.255.255.0
default-router 192.168.15.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool xinxi
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool gaoceng
network 192.168.25.0 255.255.255.0
default-router 192.168.25.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool shichang
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool jiaoshi1
network 192.168.35.0 255.255.255.0
default-router 192.168.35.1
dns-server 202.106.0.20
lease 2
exit
ip dhcp pool jiaoshi2
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
dns-server 202.106.0.20
lease 2
exit
預(yù)留IP地址
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.15.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.25.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.35.1 192.168.35.3
ip dhcp excluded-address 192.168.40.1 192.168.40.3
配置子接口來(lái)連接不同的vlan
interface eth0/0.1
encapsulation dot1Q 100
ip address 192.168.10.1 255.255.255.0
ip access-group xiaoshou in
ip nat inside
exit
interface eth0/0.2
encapsulation dot1Q 200
ip address 192.168.15.1 255.255.255.0
ip access-group caiwu in
ip nat inside
exit
interface eth0/0.3
encapsulation dot1Q 300
ip address 192.168.20.1 255.255.255.0
ip access-group xinxi in
ip nat inside
exit
interface eth0/0.4
encapsulation dot1Q 400
ip address 192.168.25.1 255.255.255.0
ip access-group gaoceng in
ip nat inside
exit
interface eth0/0.5
encapsulation dot1Q 500
ip address 192.168.30.1 255.255.255.0
ip access-group shichang in
ip nat inside
exit
interface eth0/0.6
encapsulation dot1Q 600
ip address 192.168.35.1 255.255.255.0
ip access-group jiaoshi in
ip nat inside
exit
interface eth0/0.7
encapsulation dot1Q 700
ip address 192.168.40.1 255.255.255.0
ip access-group jiaoshi in
ip nat inside
exit
interface eth0/0.8
encapsulation dot1Q 800
ip address 192.168.45.1 255.255.255.0
ip access-group server in
ip nat inside
exit
interface eth0/0.9
encapsulation dot1Q 900
ip address 192.168.50.1 255.255.255.0
ip nat inside
exit
interface eth0/0.10
encapsulation dot1Q 1000
ip address 201.241.1.195 255.255.255.224
ip nat outside
exit
默認(rèn)路由
ip route 0.0.0.0 0.0.0.0 201.241.1.193
配置ospf鏈路狀態(tài)的路由協(xié)議
router ospf 100
network 192.168.10.0 0.0.0.255 area 0
network 192.168.15.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.25.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.35.0 0.0.0.255 area 0
network 192.168.40.0 0.0.0.255 area 0
network 192.168.45.0 0.0.0.255 area 0
network 192.168.50.0 0.0.0.255 area 0
network 201.241.1.192 0.0.0.31 area 0
動(dòng)態(tài)地址轉(zhuǎn)換
ip nat pool liyang 201.241.1.195 201.241.1.198 netmask 255.255.255.0
access-list 1 permit 192.168.0.0 0.0.255.255
ip nat inside source list 1 pool liyang overload
配置ACL 進(jìn)行安全管理
ip access-list extended caiwu
 
關(guān)鍵詞標(biāo)簽:網(wǎng)絡(luò),構(gòu)架,改革,公司,
相關(guān)閱讀
熱門文章 路由器地址大全-各品牌路由設(shè)置地址各品牌的ADSL與路由器出廠默認(rèn)IP、帳號(hào)、密Nslookup命令詳解-域名DNS診斷站長(zhǎng)裝備:十大網(wǎng)站管理員服務(wù)器工具軟件
人氣排行 各品牌的ADSL與路由器出廠默認(rèn)IP、帳號(hào)、密碼路由器地址大全-各品牌路由設(shè)置地址騰達(dá)路由器怎么設(shè)置?騰達(dá)路由器設(shè)置教程ADSL雙線負(fù)載均衡設(shè)置詳細(xì)圖文教程路由表說(shuō)明(詳解route print)網(wǎng)管員實(shí)際工作的一天用此方法讓2M帶寬下載速度達(dá)到250K/S左右網(wǎng)管必會(huì)!了解交換機(jī)控制端口流量