项目要求
1.企业人数在100人左右,或者低于100人。
2.网络没什么要求,只要能满足员工正常上网就行。
3.服务器没有,上行不需要那么多
项目设计和技术
1.设备选型
2.DHCP
3.静态路由
4.NAT地址转化
5.PPPOE
项目拓扑图
项目实施
1.设备选型
针对小微企业人员本来就不多,还没有一个vlan大,所以不用划分vlan,直接分配地址就行。设备上建议选择大厂的设备(华为、H3C、锐捷等)。
人员不到30人的,买个家用的路由器带个48口交换机就可以。推荐tp-link、华为、水星等。人员30-70也可以这样选择,加一个48口交换机就行。或者购买华为、H3C的中低端设备也可以使用。100人左右的可以购买路由器、交换机或者是路由交换一体机都行。具体还是看各自的预算和实际情况而定。
宽带方面一般不需要专线,专线都是上下行对等的,这里用处不大。有点浪费。所以选择拨号上网或者上下行不对等的就行了。
2.DHCP
sw1:
dhcp enable
ip pool 1f
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8 114.114.114.114
int vlanif 1
dhcp select global
3.静态路由
SW1:
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
R1:
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
ip route-static 192.168.0.0 255.255.0.0 192.168.10.2
4.NAT (企业宽带,有固定IP的)
R1:
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
interface GigabitEthernet0/0/1
nat outbound 2000
5.PPPOE(无固定IP)
PPPOE客户端配置:
acl 2000 配置进行NAT的ACL
rule permit source 192.168.1.0 0.0.0.255
interface Dialer 1 /PPPOE虚拟接口/
link-protocol ppp
ip address ppp-negotiate /通过ppp协商阶段获取ip地址/
ppp pap local-user 0531 password simple 123456
dialer user 0531 (和pppoe 服务端的用户名保持一致,即拨号的账号一般是手机号)
dialer bundle 2
nat outbound 2000
dialer-group 10
interface e0/0/8
pppoe-client dial-bundle-number 2 on-demand
将e0/0/8和dialer?1口进行绑定关联 on-demand 触发拨号
ip route-static 0.0.0.0 0 dialer1
服务端配置:
R2:
ip pool pool1
network 202.1.1.0 mask 24
gateway-list 202.1.1.2
aaa
local-user 0531 password cipher 123456
local-user 0531 service-type ppp
virtual-template 虚拟拨入接口
interface Virtual-Template 1
ppp authentication-mode pap
remote address pool pool1
ip address 202.1.1.2 255.255.255.0
interface Gi0/0/0
pppoe-server bind Virtual-Template 1
将虚拟接口virtual-Template1 和物理接口关联
web界面配置
备注:
SW1:
<SW1>dis cur
#
sysname SW1
#
undo info-center enable
#
vlan batch 10
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
ip pool 1f
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8 114.114.114.114
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
#
user-interface con 0
user-interface vty 0 4
#
return
R1:
<R1>dis cur
#
sysname R1
#
undo info-center enable
#
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher eexxETn0}Q@X,k6.E\Z,4+(#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.10.10.2 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ospf 1
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.1
ip route-static 192.168.0.0 255.255.0.0 192.168.10.2
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
R2:
<R2>dis cur
#
sysname R2
#
undo info-center enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher f>Z}30S.qB]@l3D+mKgU"*]#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.10.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 2.2.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.10.10.2
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return