源码参考
首页其他公司网络规划

公司网络规划

2023年4月18日 源码参考
实验要求:5个部门之间不能互相访问,但是都可以访问服务器和Internet。服务器不能访问Internet。Internet不能主动发起访问内部服务。

实验器材:路由器route(3620);交换机switch(2950),和6台pc等。

实验目的:了解vlan的划分;访问控制列表的设置;trunk的封装;

以及防火墙的设置等。

以下是具体的操作:

vlan划分部分

route: en

conf t

int fa0/0.1

encapsulation isl vlan 1

ip add 192.168.1.1 255.255.255.0

no shut

int fa0/0.2

encapsulation isl vlan 2

ip add 192.168.2.1 255.255.255.0

no shut

int fa0/0.3

encapsulation isl vlan 3

ip add 192.168.3.1 255.255.255.0

no shut

int fa0/0.4

encapsulation isl vlan 4

ip add 192.168.4.1 255.255.255.0

no shut

intfa0/0.5

encapsulation isl vlan 5

ip add 192.168.5.1 255.255.255.0

no shut

int fa0/0.6

encapsulation isl vlan 6

ip add 192.168.6.1 255.255.255.0

no shut

switch:

en

vlan database

vlan 2 name vlan2

vlan 3 name vlan3

vlan 4 name vlan4

vlan 5 name vlan5

vlan 6 name vlan6

crl+z

en

conf t

int fa0/2

switchport access vlan 2

int fa0/3

switchport access vlan 3

int fa0/4

switchport access vlan 4

int fa0/5

switchport access vlan 5

int fa0/6

switchport access vlan 6

int fa0/7

switchport mode trunk

switchport trunk encapsulation isl

pc1: 192.168.1.2 255.255.255.0

pc2: 192.168.2.2 255.255.255.0

pc3: 192.168.3.2 255.255.255.0

pc4: 192.168.4.2 255.255.255.0

pc5: 192.168.5.2 255.255.255.0

pc6: 192.168.6.2 255.255.255.0

设置访问控制列表部分;以及防火墙的设置:比较烦琐,我不修改他的设置了,重新在最下面为大家举一部分,其它的参照就可以了

route:

en

conf t

access-list 101 deny tcp 192.168.1.2 0.0.0255 any established

permit tcp any any established

access-list102 permit ip 192.168.1.2 0.0.0.255 192.168.2.1 0.0.4.255

access-list103 permit ip 192.168.2.2 0.0.0.255 192.168.1.2 0.0.0.255

deny ip192.168.2.2 0 0.0.255 192.168.3.2 0.0.4.255

access-list 104 permit ip 192.168.3.2 0.0.0.255 192.168.1.2 0.0.0.255

deny ip 192.168.3.2 0.0.0.255 192.168.4.2 0.0.3.255.

deny ip 192.168.3.2 0.0.0.255 192.168.2.2 0.0.0.255

acces-list 105 permit ip 192.168.4.2 0.0.0.255 192.168.1.2 0.0.0.255

deny ip 192.168.4.2 0.0.0.255 192.168.5.2 0.0.2.255

deny ip 192.168.4.2 0.0.0.255 192.168.2.2 0.0.2.255

access-list 106 permit ip 192.168.5.2 0.0.0.255 192.168.1.2 0.0.0.255

deny ip 192.168.5.2 0.0.0.255 192.168.2.1 0.0.3.255

deny ip 192.168.5.2 0.0.0.255 192.168.6.2 0.0.0.255

access-list 107 permit ip 192.168.6.2 0.0.0.255 192.168.1.2 0.0.0.255

deny ip 192.168.6.2 0.0.0.255 192.168.2.2.1 0.0.4.255

int e0/0.1

ip access-group 101

ip access-group 102 in

int e0/0.2

ip access-group 101

ip access-group 103 in

int e0/0.3

ip access-group 101

ip access-group 104 in

int e0/0.4

ip access-group 101

ip access-group 105 in

int e0/0.5

int access-group 101      

int access-group 106 in

int e0/0.6

int access-group 101

int access-group 107 in

access-list 101 permit tcp 192.168.0.0 0.0.7.255 any

int e/0.1

ip access-group 101 out

access-list 102 deny tcp 192.168.3.0 0.0.0.255 any

access-list 102 deny tcp 192.168.4.0 0.0.0.255 any

access-list 102 deny tcp 192.168.5.0 0.0.0.255 any

access-list 102 deny tcp 192.168.6.0 0.0.0.255 any

access-list 102 permit tcp 192.168.1.0 0.0.0.255 any

access-list 102 permit tcp any any established

int e0/0.2

ip access-group 102 out

转载于:https://blog.51cto.com/carvetime/17743

上一篇文章
 下一篇文章

相关文章