高級路由與交換技術(shù)課程設(shè)計

1、高級路由與交換技術(shù)課程設(shè)計 組別： 題目： 小型園區(qū)拓撲設(shè)計 姓名： 學號： 班級： 時間： 目錄摘 要.2關(guān)鍵字.3一、小型園區(qū)網(wǎng)····································31.1 園區(qū)網(wǎng)的概述·&

2、#183;····································31.2 園區(qū)網(wǎng)設(shè)計···········

3、83;····························4二、小型園區(qū)網(wǎng)的詳細設(shè)計···················&#

4、183;······52.1功能設(shè)計··········································

5、·52.2 ip和vlan規(guī)劃階段·································62.3路由冗余設(shè)計···········

6、3;····························62.4路由協(xié)議設(shè)計····················

7、···················82.5路由策略設(shè)計·····························&#

8、183;·········102.6網(wǎng)絡(luò)設(shè)備安全設(shè)計···································122.7小型園區(qū)網(wǎng)的配置命令

9、3;·····························13三、功能測試···················&#

10、183;·················143.1全網(wǎng)連通性······························

11、3;·········15四、課程設(shè)計實驗總結(jié)·····························16五、參考文獻········&#

12、183;····························18摘要隨著社會網(wǎng)絡(luò)技術(shù)的逐步發(fā)展與完善，越來越多的企業(yè)或者公司都會想到利用園區(qū)網(wǎng)架構(gòu)來實現(xiàn)自己的網(wǎng)絡(luò)安全措施，因此小型的園區(qū)網(wǎng)設(shè)計就成了各個部門所重視的課程項目。為此目的而設(shè)計的園區(qū)網(wǎng)既能夠保護各部門的網(wǎng)絡(luò)安全，又不會影響各支部門的工作，可謂一舉兩得。關(guān)

13、鍵字路由冗余、路由協(xié)議、路由策略、網(wǎng)絡(luò)安全、dhcp一、 小型園區(qū)網(wǎng) 1.1園區(qū)網(wǎng)的概述：園區(qū)網(wǎng)通常是指大學的校園網(wǎng)及企業(yè)的內(nèi)部網(wǎng)（intranet) ； 其主要特征是：網(wǎng)絡(luò)特別是路由結(jié)構(gòu)完全由一個機構(gòu)來管理。但是很多時候，園區(qū)網(wǎng)的使用效率不高，尤其是關(guān)鍵業(yè)務(wù)得不到保證。 利用實驗機房所提供的4臺計算機、3臺路由器、2臺三層交換機和2臺二層交換機以及耗材，完成園區(qū)網(wǎng)絡(luò)組建。 1.2 園區(qū)網(wǎng)設(shè)計圖：課程設(shè)計任務(wù)分配組長： 姓名任務(wù)2dhcp設(shè)計、檢查李路由冗余、策略設(shè)計ip地址、vlan劃分路由協(xié)議設(shè)計鏈路聚合 、網(wǎng)絡(luò)設(shè)備安全設(shè)計二、 小型園區(qū)網(wǎng)的詳細設(shè)計 2.1 功能設(shè)計：l 在接入層交換機上

14、進行vlan劃分，配置交換機截接口portfast以及端口安全，以加快收斂速度和安全性。l 在所有交換機上配置mstp，以加快spanning-tree的收斂，并節(jié)省資源。l 在出口路由r2上配置eigrp，在出口路由r1,r2,r3上配置ospf，并同時在r3上配置rip,以及在邊界路由器上配置了重分發(fā)，這是為了適應(yīng)不同廠商的路由器的支持。l 在多層交換機s1和s4上配置hsrp，以實現(xiàn)網(wǎng)關(guān)冗余。并把交換機s2配置為vlan 10的根橋，把交換機s3配置為vlan20的根橋。2.2 ip和vlan規(guī)劃：ip地址表實驗設(shè)備接口ip地址r3f0/0192.168.6.2f0/1192.168.3

15、.1s0/0192.168.5.2r1f0/0192.168.7.1s0/0192.168.4.1fa0/1192.168.8.1r2s0/1192.168.4.2s0/0192.168.5.1f0/0192.168.6.1s1f0/1192.168.7.2vlan10192.168.1.10vlan20192.168.2.10s2f0/1192.168.8.2vlan10192.168.1.11vlan20192.168.2.11pc1192.168.1.3pc2192.168.2.3pc4192.168.3.11pc3192.168.3.122.3路由冗余設(shè)計階段（hsrp）：路由冗余規(guī)劃

16、表試驗設(shè)備接口組號優(yōu)先級虛擬ips1vlan 101200192.168.1.2542100192.168.1.253vlan 203150192.168.2.2544200192.168.2.253s2vlan 101100192.168.1.2542200192.168.1.253vlan 203200192.168.2.2544150192.168.2.2532.4路由協(xié)議設(shè)計階段：路由協(xié)議規(guī)劃表設(shè)備路由協(xié)議發(fā)布的網(wǎng)段r1eigrp192.168.4.0192.168.7.0192.168.8.0r2eigrp192.168.4.02.2.2.0ospf192.168.5.0192.16

17、8.6.0r3ospf192.168.3.0192.168.6.03.3.3.0192.168.5.02.5路由策略設(shè)計階段：路由策略規(guī)劃表設(shè)備access-listpermitip地址下一跳matchr3110192.168.3.11192.168.5.1ip address 1220192.168.3.12192.168.6.1ip address 22.6 網(wǎng)絡(luò)設(shè)備安全設(shè)計階段:路由器和交換機的安全規(guī)劃表設(shè)備端口模式端口安全措施s4fa0/2accessport-securityviolation shutdownfa0/3accessport-securityviolation shu

18、tdownusernnamepassword端口封裝模式加密r1r2ciscose0/0pppchapr2r1ciscose0/1pppchap2.7、在路由器和交換機上實現(xiàn)階段1、通過show run查看配置文件s1上的配置s1#show runhostname s1no aaa new-modelip subnet-zeroip routingno file verify autospanning-tree extend system-idspanning-tree vlan 10 priority 819spanning-tree vlan 20 priority 122vlan int

19、ernal allocation policy asinterface port-channel2switchport mode dynamic desirableinterface fastethernet0/1 no switchport ip address 192.168.7.2 255.255.25standby 4 authentication mykeyinterface fastethernet0/2switchport mode dynamic desirablechannel-group 2 mode activeinterface fastethernet0/3switc

20、hport mode dynamic desirablechannel-group 2 mode activeinterface vlan1 no ip address shutdown!interface vlan10 ip address 192.168.1.10 255.255.2 standby 1 ip 192.168.1.254 standby 1 priority 200 standby 1 preempt standby 1 authentication mykey standby 2 ip 192.168.1.253 standby 2 authentication myke

21、y!interface vlan20 ip address 192.168.2.10 255.255.2 standby 3 ip 195.168.2.254 standby 3 priority 150 standby 3 authentication mykey standby 4 ip 192.168.2.253 standby 4 priority 200 standby 4 preempt standby 4 authentication mykeyrouter eigrp 1 network 192.168.1.0 network 192.168.7.0 no auto-summa

22、ry!line con 0line vty 5 15!ends2的配置s2#show runhostname s2spanning-tree mode mstspanning-tree extend system-idspanning-tree vlan 10 priority 12288spanning-tree vlan 20 priority 8192vlan internal allocation policy ascendinginterface port-channel2 switchport mode dynamic desirableinterface fastethernet

23、0/1 no switchport ip address 192.168.8.2 255.255.255.0!interface fastethernet0/2 switchport mode dynamic desirable channel-group 2 mode active!interface fastethernet0/3 switchport mode dynamic desirable channel-group 2 mode activeinterface vlan1 no ip address shutdown!interface vlan10 ip address 192

24、.168.1.11 255.255.255.0 standby 1 ip 192.168.1.254 standby 1 authentication mykey standby 2 ip 192.168.1.253 standby 2 priority 200 standby 2 preempt standby 2 authentication mykey!interface vlan20 ip address 192.168.2.11 255.255.255.0 standby 3 ip 192.168.2.254 standby 3 priority 200 standby 3 pree

25、mpt standby 3 authentication mykey standby 4 ip 192.168.2.253 standby 4 priority 150 standby 4 authentication mykeyends3 的配置s3#show runhostname s3spanning-tree mode pvstno spanning-tree optimize bpdu tspanning-tree extend system-idinterface fastethernet0/2switchport access vlan 30switchport mode tru

26、nkinterface fastethernet0/3switchport access vlan 30switchport mode trunkends4的配置s4#show runhostname s4spanning-tree mode pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-idinterface fastethernet0/2 switchport access vlan 10 switchport mode access switchport port-security s

27、witchport port-security maximum 50interface fastethernet0/3 switchport access vlan 20 switchport mode access switchport port-security switchport port-security maximum 50endr1的配置r1#show runhostname r1username r2 password 0 ciscointerface fastethernet0/0 ip address 192.168.7.1 255.255.255.0 duplex aut

28、o speed autointerface serial0/0 ip address 192.168.4.1 255.255.255.0 encapsulation ppp no fair-queue ppp authentication chapinterface fastethernet0/1 ip address 192.168.8.1 255.255.255.0 duplex auto speed autorouter eigrp 1 network 192.168.4.0 network 192.168.7.0 network 192.168.8.0 no auto-summarye

29、ndr2的配置r2#show runhostname r2username r1 password 0 ciscointerface loopback0 ip address 2.2.2.2 255.255.255.0interface fastethernet0/0 ip address 192.168.6.1 255.255.255.0 duplex auto speed autointerface serial0/0 ip address 192.168.5.1 255.255.255.0 no fair-queue clock rate 128000interface serial0/

30、1 ip address 192.168.4.2 255.255.255.0 encapsulation ppp clock rate 128000 ppp authentication chap!router eigrp 1 redistribute ospf 1 metric 1000 100 255 1 1500 network 2.0.0.0 network 192.168.4.0 no auto-summaryrouter ospf 1 router-id 2.2.2.2 log-adjacency-changes redistribute eigrp 1 metric 30 met

31、ric-type 1 subnets network 192.168.5.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0endr3的配置r3#show runhostname r3ip dhcp excluded-address 192.168.3.1 192.168.3.10ip dhcp pool vlan30 network 192.168.3.0 255.255.255.0default-router 192.168.3.1interface loopback0 ip address 3.3.3.3 255.255.255

32、.0interface fastethernet0/0 ip address 192.168.6.2 255.255.255.0 duplex auto speed autointerface serial0/0 ip address 192.168.5.2 255.255.255.0 no fair-queueinterface fastethernet0/1 ip address 192.168.3.1 255.255.255.0 ip policy route-map ccna duplex auto speed autorouter ospf 1 router-id 3.3.3.3 l

33、og-adjacency-changes network 3.3.3.0 0.0.0.255 area 0 network 192.168.3.0 0.0.0.255 area 0 network 192.168.5.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0access-list 1 permit 192.168.3.11access-list 2 permit 192.168.3.12route-map ccna permit 10 match ip address 1 set ip next-hop 192.168.5.1route-map ccna permit 20 match ip address 2 set ip next-hop 192.168.6.1end三、功能測試3.1全網(wǎng)連通性：主機ip：192.168.1.3ping：192.168.3.11 192.168.2.3主機ip：192.168.1.3ping：2.2.2.2 3.3.3.3四、程設(shè)計實驗總結(jié)本次實訓，我們組創(chuàng)建了一個小型園區(qū)拓撲。這次實訓把我們這學期所學知識融會貫通，各個環(huán)節(jié)不可缺少和出錯。我覺得