第1页共24页目录第1节校园网络总体设计概述·················································································2第2节网络需求分析·····························································································42.1网络基本情况····························································································42.2网络建设任务与性能要求·············································································5第3节选择核心网络设备·······················································································53.1设计方案说明····························································································53.2选择核心层交换机······················································································6第4节校园网络拓扑结构图设计··············································································74.1总体设计原则与设备方法·············································································74.2各区网络拓扑结构图···················································································84.2.1A区网络拓扑图················································································84.2.2B区网络拓扑图················································································84.2.3C区网络拓扑图················································································9第5节配置命令·································································································105.1A校区配置命令·······················································································105.1.1核心层交换机的配置········································································105.1.2汇聚层交换机的配置········································································115.1.3防火墙ACL规则配置与应用·······························································115.1.4边界路由的配置··············································································135.1.5服务器群接入交换机的配置·······························································145.2B校区的配置命令····················································································155.2.1核心层交换机的配置(配置命令同A区的)··········································155.2.2汇聚层交换机的配置(配置命令同A区的)··········································155.3C校区的配置命令····················································································155.3.1核心层交换机的配置········································································155.3.2防火墙的配置·················································································165.3.3边界路由的配置··············································································165.3.4汇聚层交换机配置···········································································17第6节地址规划·································································································186.1A校区地址规划·······················································································186.2B校区地址规划·······················································································196.3C校区地址规划·······················································································206.4校园网段地址规划···················································································20第7节公网地址使用规划·····················································································227.1Chinanat公网地址使用规划·······································································227.2Cernet共网地址使用规划··········································································23第8节收获及体会······························································································23第2页共24页第1节校园网络总体设计概述校园网络是非常典型的综合网络实例。为了阐明主要问题,在本设计方案中对实际校园网的设计进行了适当的和必要的简化。同时,将重点放在网络的主干的设计上,主要是针对一些设备的配置步骤、配置命令、排查故障以及诊断命令和方法。其中包括三层加换机、路由器的配置,路由的添加,静态和动态路由的配置,还有NAT转换等,另外对于服务器的架设只作简单介绍,并且该试验中的防火墙全部有路由器来替代和配置。还有本设计全部是用思科设备来模拟实验的,并且是在思科模拟器上完成的,一些线路都采取简化的手段,具体内容参考有关参考书。在下面的拓扑图中,该校园有三个校区,称为A区、B区和C区。对于每个区域之间而言,都是通过cisco3560-24核心交换机互联的,在每个区域中,每个楼层是由cisco3560-24汇聚层交换机连接核心层交换机,在汇聚层交换机上有连接两个2950T-24接入层交换机,最后在每个接入层交换机上接一个主机。如下为校园网络的总体拓扑图:第3页共24页第4页共24页第2节网络需求分析2.1网络基本情况某高校有3个校区,称为A区、B区、C区。A区和C区规模较大,B区规模较小。A区与B区光纤线路长度在30km左右,租用裸纤(指仅租用光纤线路,不租用两端的网络设备)专线实现这两个校区间的互联。A区与C区相距较远,约60km,因此不能采用光纤专线,而采用MPLSVPN实现A区与C区的互联。A区和C区各设置一个中心机房,但已A区为主。A区和C区的主要应用服务器放在各自校区的中心机房中,但校区间也你能互访这些服务器。A区的服务器主要有Web服务器、邮件服务器、教务管理服务器、视频点播服务器、DNS服务器等共计约10多台服务器。Web服务器和邮件服务器要求同时接入电信ChinaNET网和教育网(Cernet)。C区的服务器主要有教务管理服务器、电影服务器等。A区使用的公网地址段为61.186.202.32,子网掩码为255.255.255.224,共32个IP地址;网关地址为61.186.202.33,子网掩码为255.255.255.252。A区的教育网地址段为219.221.55.0/24,共256个IP地址;网关地址为219.221.55.1,子网掩码为255.255.255.252。C区实用的公网地址段为222.117.150.128,子网掩码为第5页共24页255.255.255.224,共32个IP地址;网关地址为222.177.150.129,子网掩码为255.255.255.252。2.2网络建设任务与性能要求先要求组建这3个校园网络,事先3个校区间互联互通,并能访问因特网。网络要易于扩展和维护、性能和可靠性高、安全性好。要求校园网采用万兆核心、千兆主干、百兆交换到桌面。A区与B区采用千兆光纤链路互联,A区与C区采用100Mb/sMOLSVPN实现互联。A区因特网出口设置2条,一条接入电信ChinaNET网,采用100Mb/s光纤专线接入;另一条接入教育科研网(Cernet),采用10Mb/s光纤专线接入。整个校园用户(3个校区)访问教育网资源时通过教育网出口访问。C区设置一条因特网出口,采用100Mb/s光纤专线通过当地电信接入因特网。C校区用户访问因特网时,默认采用该条链路出去访问;访问教育网资源时,通过教育网资源时,通过A区的教育网出口访问。第3节选择核心网络设备3.1设计方案说明通常是先设计网络拓扑结构,然后再选择网络设备,此处先进行设备选型,再设计网络拓扑结构,以便在拓扑图中标注出设备型号。3个校区的网络建设在实际中是有先后次序的,是在发展过程中不第6页共24