网络工程与应用课程设计

l00tian
1 ℃
2020-02-17

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

系部:计算机应用工程系指导教师：任琦班级:网络0901一、设计内容及技术要求：1背景：某企业由一个总部和两个分支机构组成，网络拓扑图如下：现在你们承接了这个企业的网络规划和配置，企业网络设计师已经规划了网络连接和布线，并且提出了网络设计的基本任务，现在请你们根据基本任务，以尽可能安全的措施，保证企业内网可以相互安全的通信，并且安全地访问因特网。2课程设计任务：一，子网划分二，IP配置和验证三，路由器和交换机的基本安全配置四，VLAN和VTP五，STP六，单臂路由七，PPP八，ACL九，NAT目录一、子网划分、IP配置和验证二、路由器和交换机的基本安全配置三、VLAN和VTP四、单臂路由五、PPP六、NAT七、STP八、ACL摘要搭建一个小型的办公网络，进行合理的子网规划，通过VLAN划分管理不同的部门，对路由器进行路由协议的配置和ACL的设置，确保企业公司内部网络的安全。对交换机进行使能加密、控制台加密、VTY加密巩固设备的安全性，对路由器进行PPP封装，并启用Chap认证协议，使数据更加安全，使用了动态EIGRP协议并设置了默认路由便于管理，使用NAT技术实现了企业内部网络对外网的访问需求，在连接外网的路由器上设置了访问控制列表限制财务部门对外网的访问，防止企业内部重要数据泄露，进一步加强了企业网络安全。一、设计方案：一、IP子网划分、IP配置和验证1)子网划分、IP配置接口IP地址子网掩码默认网关R1Fa0/1192.168.1.1255.255.255.0S0/1172.168.10.2255.255.255.252R2Fa0/010.10.10.1255.0.0.0S1/1172.168.10.1255.255.255.252S1/0172.168.10.5255.255.255.252R3S1/0172.168.10.6255.255.255.252Fa0/1.10192.168.10.1255.255.255.0Fa0/1.11192.168.11.1255.255.255.0Fa0/1.12192.168.12.1255.255.255.0Pc1192.168.10.253255.255.255.0192.168.10.1Pc2192.168.10.254255.255.255.0192.168.10.1Pc3192.168.12.253255.255.255.0192.168.12.1Pc4192.168.12.254255.255.255.0192.168.12.1Pc5192.168.11.254255.255.255.0192.168.11.1Pc6192.168.1.254255.255.255.0192.168.1.1R1、R2、R3、2)IP验证：二、路由器和交换机的基本安全配置R1routereigrp1network172.168.10.00.0.0.3network192.168.1.0noauto-summary!linecon0password123\\设置密码为123loginlineaux0linevty04password123\\设置vty密码为123login!R2#interfaceFastEthernet0/0ipaddress10.10.10.1255.0.0.0\\配置IP地址ipnatoutsideduplexautospeedauto!!interfaceSerial0/1/0ipaddress172.168.10.5255.255.255.252\\配置IP地址clockrate64000\\配置时钟!interfaceSerial0/2/0ipaddress172.168.10.1255.255.255.252\\配置IP地址clockrate64000\\配置时钟!routereigrp1network10.0.0.0network172.168.10.00.0.0.3network172.168.10.40.0.0.3noauto-summary!linecon0\\设置密码为123password123loginlineaux0linevty04password123login!endR3#routereigrp1\\eigrpnetwork172.168.10.40.0.0.3network192.168.10.0network192.168.11.0network192.168.12.0noauto-summary!!!linecon0\\设置密码password123loginlineaux0linevty04password123loginS1、interfaceFastEthernet0/9switchportport-securitymac-addressstickyinterfaceFastEthernet0/11switchportport-securitymac-addressstickylinecon0linevty04nologinlinevty515nologinS2、interfaceFastEthernet0/9switchportport-securitymac-addressstickyinterfaceFastEthernet0/11switchportport-securitymac-addressstickylinecon0linevty04nologinlinevty515nologinS3、interfaceFastEthernet0/9switchportport-securitymac-addressstickylinecon0linevty04nologinlinevty515nologin三、VLAN和VTPs1配置s1(config)#vlan10s1(config-vlan)#namevlan10s1(config-vlan)#vlan11s1(config-vlan)#namevlan11s1(config-vlan)#vlan12s1(config-vlan)#namevlan12//vlan的创建s1(config)#intf0/9s1(config-if)#switchportaccessvlan10s1(config-if)#intfa0/11s1(config-if)#switchportaccessvlan10//将交换机的接口划分到vlans1(config)#vtpmodeserver//配置vtp（s1服务器模式）DevicemodealreadyVTPSERVER.s1(config)#intfa0/1s1(config-if)#switchportmodetrunk//为s1的fa0/1配置中继端口s1(config-if)#intfa0/3s1(config-if)#switchportmodetrunks1(config)#intfa0/24s1(config-if)#switchportmodetrunks1#showrunning-configinterfaceFastEthernet0/1switchporttrunkencapsulationdot1q//由于用的是三层交换所以配置中继时先要封装switchportmodetrunk!interfaceFastEthernet0/3switchporttrunkencapsulationdot1qswitchportmodetrunk!interfaceFastEthernet0/9switchportaccessvlan10switchportmodeaccess//s1交换机f0/9接口划分到vlan10!interfaceFastEthernet0/11switchportaccessvlan10switchportmodeaccess!interfaceFastEthernet0/24switchporttrunkencapsulationdot1qswitchportmodetrunk!s2配置s2(config)#vtpmodeclient//配置vtp（s2客户端模式）DevicemodealreadyVTPCLIENT.s2(config)#vtpdomainfourth//vtp域配置ChangingVTPdomainnamefromfouthtofourths2(config)#vtppassword123//vtp口令设置Passwordalreadysetto123s2(config)#intfa0/1s2(config-if)#switchportmodetrunk//为s2的fa0/1配置中继端口s2(config-if)#intfa0/4s2(config-if)#switchportmodetrunk//为s2的fa0/4配置中继端口s2#showrunning-configinterfaceFastEthernet0/1switchportmodetrunk!interfaceFastEthernet0/2switchportmodetrunk!interfaceFastEthernet0/9switchportaccessvlan12switchportmodeaccess!interfaceFastEthernet0/11switchportaccessvlan12switchportmodeaccess!s3配置s3(config)#vtpmodeclient//配置vtp（s3客户端模式）DevicemodealreadyVTPCLIENT.s3(config)#vtpdomainfourth//vtp域配置Domainnamealreadysettofourth.s3(config)#vtppassword123//vtp口令设置Passwordalreadysetto123s3(config)#intfa0/3s3(config-if)#switchportmodetrunk//为s3的fa0/3配置中继端口s3(config-if)#intfa0/4s3(config-if)#switchportmodetrunk//为s3的fa0/4配置中继端口s3#showrunning-configinterfaceFastEthernet0/2switchportmodetrunk!interfaceFastEthernet0/3switchportmodetrunk!interfaceFastEthernet0/9switchportaccessvlan11switchportmodeaccess四、单臂路由?interfaceFastEthernet0/1.10encapsulationdot1Q10ipaddress192.168.10.1255.255.255.0interfaceFastEthernet0/1.11encapsulationdot1Q11ipaddress192.168.11.1255.255.255.0interfaceFastEthernet0/1.12encapsulationdot1Q12ipaddress192.168.12.1255.255.255.0noshutdown?五、PPPR1#shrunning-config!usernameR2password0123interfaceSerial0/2/0ipaddress172.168.10.2255.255.255.2encapsulationppp//封装ppppppauthenticationchap//配置chap认证R2#showrunning-configusernameR1password0123usernameR3password0123nterfaceSerial0/1/0ipaddress172.168.10.5255.255.255.252ipnatin