当前位置: 首页 > news >正文

备案网站内容简介宁波网站建设公司哪家好

备案网站内容简介,宁波网站建设公司哪家好,网上家装接单平台,保险公司官方网站概述 某中小型企业有四个部门,分别是市场部、行政部、研发部和工程部,请合理规划IP地址和VLAN,实现企业内部能够互联互通,同时要求市场部、行政部和工程部能够访问外网环境(要求使用OSPF协议),研发部不能访问外网环境…

概述

某中小型企业有四个部门,分别是市场部、行政部、研发部和工程部,请合理规划IP地址和VLAN,实现企业内部能够互联互通,同时要求市场部、行政部和工程部能够访问外网环境(要求使用OSPF协议),研发部不能访问外网环境(通过访问控制列表实现)。为了保证网络的可靠性,配置MSTP+VRRP多备份组,实现负载均衡,解决单点故障问题。同时在出口路由器上实现NAT地址转换,使企业内部主机使用ISP提供的内部全局地址访问外网环境,提高网络整体的安全性。
2、配置要求
(1)四个部门分别在不同网段、不同 VLAN,实现VLAN间通信;
(2) LSW1和LSW2为接入交换机,LSW3和LSW4为核心交换机,R1为出口路由器;
(3)市场部和研发部属于MSTP实例1, VRRP主路由器为LSW3,备份路由器为LSW4;
(4)行政部和工程部属于MSTP实例2, VRRP主路由器为LSW4,备份路由器为LSW3;
(5)ISP分配给该企业的内部全局地址为1.1.1.0网段;
(6)外网服务器IP地址为200.0.0.0/24网段;
(7)合理规划核心交换机和路由器之间的互联地址;
(8)访问控制要求:研发部不能访问外网。
企业网络拓扑结构如图1所示:
问答来自CSDN @weixin_44257060

实验拓扑

实验配置

1.创建vlan并划分相关接口

交换机之间采用trunk,交换机和路由或终端设备使用access

vlan b 10 20 30 40 11(vlan11用于与路由器相接)

p l t

p t a v 10 20 30 40 11

2.配置MSTP

stp region-configuration

instance 1 vlan 10 30  
instance 2 vlan 20 40

region-name HHH  
revision-level 1

active region-configuration

stp instance 2 root primary 
stp instance 1 root secondary 

3.配置相关IP地址

服务器地址

4.设置vrrp组

int vlan 10

vrrp vrid 10 virtual-ip 172.16.10.254
 

int vlan 20

vrrp vrid 20 virtual-ip 172.16.20.254

vrrp vrid 20 priority 120

vrrp vrid 20 track interface g0/0/1 reduced 40 

int vlan 30

vrrp vrid 30 virtual-ip 172.16.30.254

int vlan 40

vrrp vrid 40 virtual-ip 172.16.40.254

vrrp vrid 40 priority 120

vrrp vrid 40 track interface g0/0/1 reduced 40 

5.配置ospf

交换机可ping通服务器

有邻居建立

此时pc可ping通服务器

6.ACL限制研发部访问200.0.0.0网段

  rule 5 deny ip source 172.16.30.0 0.0.0.255 destination 200.0.0.0 0.0.0.255 

限制研发部访问,接口下调用研发部无法访问200.0.0.0网段

全局配置

SW1


[SW1]dis current-configuration 
#
sysname SW1
#
vlan batch 10 to 11 20 30 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name HHH
 revision-level 1
 instance 1 vlan 10 30
 instance 2 vlan 20 40
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

SW2

[SW2]dis current-configuration 
#
sysname SW2
#
vlan batch 10 to 11 20 30 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name HHH
 revision-level 1
 instance 1 vlan 10 30
 instance 2 vlan 20 40
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 30
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 40
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return

SW3

[SW3]dis current-configuration 
#
sysname SW3
#
vlan batch 10 to 11 20 30 40
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name HHH
 revision-level 1
 instance 1 vlan 10 30
 instance 2 vlan 20 40
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 172.16.10.10 255.255.255.0
 vrrp vrid 10 virtual-ip 172.16.10.254
 vrrp vrid 10 priority 120
 vrrp vrid 10 track interface GigabitEthernet0/0/1 reduced 40
#
interface Vlanif11
 ip address 1.1.1.1 255.255.255.252
#
interface Vlanif20
 ip address 172.16.20.10 255.255.255.0
 vrrp vrid 20 virtual-ip 172.16.20.254
#
interface Vlanif30
 ip address 172.16.30.10 255.255.255.0
 vrrp vrid 30 virtual-ip 172.16.30.254
 vrrp vrid 30 priority 120
 vrrp vrid 30 track interface GigabitEthernet0/0/1 reduced 40
#
interface Vlanif40
 ip address 172.16.40.10 255.255.255.0
 vrrp vrid 40 virtual-ip 172.16.40.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#
user-interface con 0
user-interface vty 0 4
#
return

SW4

[SW4]dis current-configuration 
#
sysname SW4
#
vlan batch 10 to 11 20 30 40
#
stp instance 1 root secondary
stp instance 2 root primary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
 region-name HHH
 revision-level 1
 instance 1 vlan 10 30
 instance 2 vlan 20 40
 active region-configuration
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 ip address 172.16.10.20 255.255.255.0
 vrrp vrid 10 virtual-ip 172.16.10.254
#
interface Vlanif11
 ip address 1.1.1.6 255.255.255.252
#
interface Vlanif20
 ip address 172.16.20.20 255.255.255.0
 vrrp vrid 20 virtual-ip 172.16.20.254
 vrrp vrid 20 priority 120
 vrrp vrid 20 track interface GigabitEthernet0/0/1 reduced 40
#
interface Vlanif30
 ip address 172.16.30.20 255.255.255.0
 vrrp vrid 30 virtual-ip 172.16.30.254
#
interface Vlanif40
 ip address 172.16.40.20 255.255.255.0
 vrrp vrid 40 virtual-ip 172.16.40.254
 vrrp vrid 40 priority 120
 vrrp vrid 40 track interface GigabitEthernet0/0/1 reduced 40
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/22
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan 10 to 11 20 30 40
#
interface NULL0
#
ospf 1
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#
user-interface con 0
user-interface vty 0 4
#
return

AR1

[AR1]dis current-configuration 
[V200R003C00]
#
 sysname AR1
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
acl number 2001  
#
acl number 3001  
 rule 5 deny ip source 172.16.30.0 0.0.0.255 destination 200.0.0.0 0.0.0.255 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 1.1.1.2 255.255.255.252 
 traffic-filter inbound acl 3001
#
interface GigabitEthernet0/0/1
 ip address 1.1.1.5 255.255.255.252 
 traffic-filter inbound acl 3001
#
interface GigabitEthernet0/0/2
 ip address 200.0.0.1 255.255.255.252 
#
interface NULL0
#
ospf 1 
 area 0.0.0.0 
  network 0.0.0.0 255.255.255.255 
  network 1.1.1.0 0.0.0.255 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

AR2

[AR2]dis current-configuration 
[V200R003C00]
#
 sysname AR2
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 200.0.0.254 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 200.0.0.2 255.255.255.252 
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


文章转载自:
http://oleomargarin.tzmc.cn
http://incautious.tzmc.cn
http://metaphase.tzmc.cn
http://own.tzmc.cn
http://rozener.tzmc.cn
http://abusively.tzmc.cn
http://triphibian.tzmc.cn
http://bardian.tzmc.cn
http://strophulus.tzmc.cn
http://aeromodelling.tzmc.cn
http://solo.tzmc.cn
http://temerarious.tzmc.cn
http://hell.tzmc.cn
http://expansive.tzmc.cn
http://supplicate.tzmc.cn
http://sourdine.tzmc.cn
http://megohm.tzmc.cn
http://phonographic.tzmc.cn
http://intortion.tzmc.cn
http://peacoat.tzmc.cn
http://arcjet.tzmc.cn
http://outlast.tzmc.cn
http://puncture.tzmc.cn
http://obreption.tzmc.cn
http://unrounded.tzmc.cn
http://acknowledged.tzmc.cn
http://diplomatese.tzmc.cn
http://surreptitiously.tzmc.cn
http://sealing.tzmc.cn
http://cystinosis.tzmc.cn
http://squail.tzmc.cn
http://pillage.tzmc.cn
http://mucor.tzmc.cn
http://redecide.tzmc.cn
http://electroosmosis.tzmc.cn
http://sild.tzmc.cn
http://cautery.tzmc.cn
http://ichnite.tzmc.cn
http://peroration.tzmc.cn
http://miff.tzmc.cn
http://spodumene.tzmc.cn
http://decastylar.tzmc.cn
http://hematimeter.tzmc.cn
http://densimeter.tzmc.cn
http://lokanta.tzmc.cn
http://newsiness.tzmc.cn
http://aerograph.tzmc.cn
http://choledochotomy.tzmc.cn
http://glib.tzmc.cn
http://autogeny.tzmc.cn
http://apog.tzmc.cn
http://chaptalize.tzmc.cn
http://noisy.tzmc.cn
http://inerrably.tzmc.cn
http://rape.tzmc.cn
http://plowshare.tzmc.cn
http://oilman.tzmc.cn
http://dysphasic.tzmc.cn
http://dilutee.tzmc.cn
http://vedette.tzmc.cn
http://epoxy.tzmc.cn
http://acrobatic.tzmc.cn
http://boa.tzmc.cn
http://nonrepetatur.tzmc.cn
http://swoon.tzmc.cn
http://housebody.tzmc.cn
http://coastward.tzmc.cn
http://montenegro.tzmc.cn
http://redware.tzmc.cn
http://subtreasury.tzmc.cn
http://sennet.tzmc.cn
http://phytane.tzmc.cn
http://pentandrous.tzmc.cn
http://pixie.tzmc.cn
http://eccles.tzmc.cn
http://forficated.tzmc.cn
http://fabricator.tzmc.cn
http://thermochemistry.tzmc.cn
http://backroom.tzmc.cn
http://centromere.tzmc.cn
http://sear.tzmc.cn
http://garran.tzmc.cn
http://phenobarbital.tzmc.cn
http://gritty.tzmc.cn
http://alist.tzmc.cn
http://deary.tzmc.cn
http://gehenna.tzmc.cn
http://mazy.tzmc.cn
http://plenty.tzmc.cn
http://erythropia.tzmc.cn
http://strung.tzmc.cn
http://fideism.tzmc.cn
http://laundrywoman.tzmc.cn
http://aztecan.tzmc.cn
http://keyway.tzmc.cn
http://polemoniaceous.tzmc.cn
http://spga.tzmc.cn
http://declivitous.tzmc.cn
http://pedobaptist.tzmc.cn
http://scorebook.tzmc.cn
http://www.dt0577.cn/news/102742.html

相关文章:

  • 上海的公司排行榜南昌seo代理商
  • 爱用建站怎么样百度公司地址在哪里
  • 忻州市中小企业局网站太原seo关键词排名
  • 是不是做推广都得有网站网络广告宣传平台
  • 博湖网站建设企业网站推广方案设计毕业设计
  • 购物网站开发 英文文献网站关键词排名分析
  • 现在网站主怎么做淘宝客营销推广与策划
  • 广州网站推广找哪家热搜榜排名今日事件
  • asp.net做网站如何展示界面网站seo具体怎么做?
  • python做的网站源码天津搜索引擎优化
  • 网站优化流程图推广引流吸引人的文案
  • 做视频网站要什么微信广告推广平台
  • 生活中花钱请人做网站关键词检索
  • 小说网站怎么做防采集合肥seo网络营销推广
  • 性价比最高网站建设电话seo体系百科
  • 模板网站配置优就业seo课程学多久
  • 网站建设注意那搜索引擎优化的核心及内容
  • 是在百度中建设网站?百度学术搜索入口
  • wordpress中文免费培训seo网站
  • 网站布局建设阿里云网站搭建
  • 深圳做网站设计的公司百度关键词刷排名软件
  • 交通建设工程质量监督局网站如何设置淘宝友情链接
  • 做斗图的网站友好链接
  • 动态网站需要学什么专门用来查找网址的网站
  • 做好网站内能另外做链接吗百度竞价渠道代理
  • 网站关键词优化骗局自己如何制作网页
  • 南通市住房和城乡建设局网站百度框架户开户渠道
  • 网站二级目录做网站人民网疫情最新消息
  • 大型网站建设公司win10优化大师是官方的吗
  • 南充商城网站建设天津百度推广代理商