山西工程职业技术学院校园网.docx
- 文档编号:20133841
- 上传时间:2023-04-25
- 格式:DOCX
- 页数:23
- 大小:184.20KB
山西工程职业技术学院校园网.docx
《山西工程职业技术学院校园网.docx》由会员分享,可在线阅读,更多相关《山西工程职业技术学院校园网.docx(23页珍藏版)》请在冰豆网上搜索。
山西工程职业技术学院校园网
山西工程职业技术学院校园网
设计与竣工报告
实训组号:
007
实训时间:
二零一零年三月十一日
一、需求分析
山西工程职业技术学院目前有五个大楼,分别为教学楼、办公楼、图书馆、实训楼、宿舍楼,现在要进行与外网的连接,具体的一些需求如下:
●在整个校园内实现资源共享、网络化教学、网络下载、视频点播、专项课题研究;
●校园网存在多个出口需求,校园网至少要提供中国教育科研网(CERNET)和INTERNET两个出口;
●校园网要求实现多种支持普通包月、包月限时长、包月限流量、计天等多种计费策略;
●使用SNMP技术对校园网的设备进行集中管理。
二、方案设计
2.1、网络设计原则
●先进性
校园网络技术的发展十分迅速,更新换代周期越来越短。
所以,选购设备的硬件、软件要充分注意先进性。
●实用性
校园网络的设计既要在相当长的时间内保证其先进性,还应本着实用的原则,在实用的基础上追求先进性,使系统要满足用户需求。
●安全性
校园网络都与外部网络互连互通日益增加,因此,在系统方案设计需考虑到系统信息安全性、保密性、完整性的要求。
●可扩充性
校园网络规模要易于扩展,可以方便地进行设备扩充,以及灵活进行软件版本的更新和升级,为将来系统的升级、扩展打下良好的基础。
●灵活性
校园网络的设计要符合灵活性,能够适应网络结构的变化,满足用户的需求。
2.2、网络拓扑图
网络拓扑图如图1所示。
图1——网络拓扑图
2.3、IP地址规划
IP地址的具体情况如表1所示。
设备
设备名称
设备接口
IP地址
路由器
RSR-20-1
Fa0/1
11.1.1.1/30
S2/0
99.1.1.13/30
RSR-20-2
S2/0
99.1.1.14/30
loopback0
13.1.1.1/24
Loopback1
88.1.1.1/24
防火墙
RG-WALL-60
WAN1
11.1.1.2/30
LAN
11.1.1.5/30
DMZ
12.1.1.1/24
计算机1
www
Ethernet
12.1.1.251/24
ftp
Ethernet
12.1.1.253/24
dns2
Ethernet
12.1.1.252/24
计算机2
dc1
Ethernet
10.1.1.251/24
cc2
Ethernet
10.1.1.252/24
dns1
Ethernet
10.1.1.253/24
表1——IP地址规划
2.4、VLAN地址规划
VLAN地址的具体情况如表2所示。
校园大楼
VLAN编号
管理地址
IP地址网段
教学楼
VLAN10
192.168.10.254/24
192.168.10.0/24
办公楼
VLAN11
192.168.11.254/24
192.168.11.0/24
图书馆
VLAN20
192.168.12.254/24
192.168.12.0/24
实训楼
VLAN21
192.168.13.254/24
192.168.13.0/24
宿舍楼
VLAN22
192.168.14.254/24
192.168.14.0/24
表2——VLAN地址规划
2.5、路由规划
静态路由可以减少路由更新,为重要的应用程序保证带宽,在本网络中使用静态路由是最佳选择。
在路由器RSR-20-1、RSR-20-2、RG-WALL-60、RG-3760-24上配置静态路由,使全网互通。
2.6、可靠性规划
在三台交换机上配置多生成树协议(RG-3760-24、RG-2026F-1、RG-2026F-2),并将RG-3760-24设置为生成树的根,VLAN10、VLAN11、VLAN20在实例2中,VLAN21、VLAN22在实例3中,实现两条链路的负载均衡。
三、施工进度表
四、设备的配置文档
3.1、路由器RSR-20-1配置
RSR-20-1#showrun
hostnameRSR-20-1
time-rangetime
periodicWeekdays9:
00to18:
00
access-list10permit192.168.10.00.0.0.255
access-list10permit192.168.11.00.0.0.255
access-list10permit192.168.20.00.0.0.255
access-list10permit192.168.13.00.0.0.255
access-list10permit192.168.12.00.0.0.255
access-list100permitip192.168.10.00.0.0.255anytime-rangetime
access-list100permitip192.168.11.00.0.0.255anytime-rangetime
access-list100permitip192.168.12.00.0.0.255anytime-rangetime
access-list100permitip192.168.13.00.0.0.255any
usernameRSR-20-2password0tianjin
noservicepassword-encryption
cryptoisakmppolicy110
authenticationpre-share
hashmd5
cryptoisakmpkey714005f042b1b2e7d5716address99.1.1.14
cryptoipsectransform-setvpn1ah-md5-hmacesp-desesp-md5-hmac
cryptomapvpn-set100ipsec-isakmp
setpeer99.1.1.14
settransform-setvpn1
matchaddress110
interfaceserial1/2
encapsulationPPP
pppauthenticationchap
pppchaphostnameRSR-20-1
pppchappassword7072a0a2e1b182e0b
ipnatoutside
ipaddress99.1.1.13255.255.255.240
cryptomapvpn-set
clockrate64000
interfaceserial1/3
interfaceFastEthernet1/0
ipnatinside
ipaccess-group100in
ipaddress11.1.1.5255.255.255.252
duplexauto
speedauto
interfaceFastEthernet1/1
duplexauto
speedauto
interfaceNull0
ipnatpoolpool99.1.1.199.1.1.5netmask255.255.255.240
ipnatoutsidesourcestatic99.1.1.910.1.1.253
ipnatinsidesourcestatictcp12.1.1.2518099.1.1.680
ipnatinsidesourcestatictcp12.1.1.2532099.1.1.720
ipnatinsidesourcestatictcp12.1.1.2532199.1.1.721
ipnatinsidesourcestaticudp12.1.1.2525399.1.1.853
ipnatinsidesourcelist10poolpooloverload
routerrip
noauto-summary
version2
network11.0.0.0
network99.0.0.0
iproute0.0.0.00.0.0.099.1.1.14
linecon0
lineaux0
linevty0
login
password705495567507b4743755d421e
linevty1
login
password71234111358
linevty2
login
password71559192000
linevty3
login
password71316064b1f
linevty4
login
password7025057360a
end
3.2、路由器RSR-20-2配置
RSR-20-2#showrun
version8.4(building15)
hostnameRSR-20-2
usernameRSR-20-1password0tianjin
noservicepassword-encryption
cryptoisakmppolicy110
authenticationpre-share
hashmd5
cryptoisakmpkey7035122110c37067e4741address99.1.1.13
cryptoipsectransform-setvpn1ah-md5-hmacesp-desesp-md5-hmac
cryptomapvpn-set100ipsec-isakmp
setpeer99.1.1.13
matchaddress110
interfaceserial1/2
encapsulationPPP
pppauthenticationchap
pppchaphostnameRSR-20-2
pppchappassword7155e04201c21250b
ipaddress99.1.1.14255.255.255.240
cryptomapvpn-set
interfaceserial1/3
clockrate64000
interfaceFastEthernet1/0
duplexauto
speedauto
interfaceFastEthernet1/1
duplexauto
speedauto
interfaceLoopback0
ipaddress13.1.1.1255.255.255.0
interfaceLoopback1
ipaddress88.1.1.1255.255.255.0
interfaceNull0
routerrip
noauto-summary
version2
network13.0.0.0
network88.0.0.0
network99.0.0.0
linecon0
lineaux0
linevty0
login
password71044417e5646185c734a7b78
linevty1
login
password71276564b1959734379745511
linevty2
login
password7076f50764646755440125d75
linevty3
login
password706576d5a7c414076574a1a59
linevty4
login
password7097e464b7451401b5f79427f
end
3.3、防火墙RG-WALL-60配置
3.4、交换机RG-3760-24配置
RG-3760-24#showrun
hostnameS3760
vlan1
vlan10
namejiaxuelou
vlan11
nametushuguan
vlan20
namebangonglou
vlan21
nameshixunlou
enablesecretlevel15+sr/-aehqtx1'dfisrpt{bckyqt7zygl
enablesecretlevel145'T1'dfim3Ut{bckn4^7zyglo54-aeh`@
enablesecretlevel155+sr,|7zyqtx-/-aesrp~1'dfyqt.t{bc
servicedhcp
spanning-tree
spanning-treemstconfiguration
instance2vlan10-11
instance3vlan20-21
nameRG
revision1
spanning-treemst0priority0
interfaceAggregatePort1
switchportmodetrunk
interfaceAggregatePort2
switchportmodetrunk
interfaceFastEthernet0/1
noswitchport
ipaddress11.1.1.6255.255.255.252
interfaceFastEthernet0/2
port-group2
switchportmodetrunk
interfaceFastEthernet0/3
port-group2
switchportmodetrunk
interfaceFastEthernet0/4
port-group1
switchportmodetrunk
interfaceFastEthernet0/5
port-group1
switchportmodetrunk
interfaceFastEthernet0/8
noswitchport
ipaddress10.1.1.1255.255.255.0
interfaceFastEthernet0/24
noswitchport
interfaceVlan1
interfaceVlan10
ipaddress192.168.10.254255.255.255.0
interfaceVlan11
ipaddress192.168.11.254255.255.255.0
interfaceVlan20
ipaddress192.168.12.254255.255.255.0
interfaceVlan21
ipaddress192.168.13.254255.255.255.0
routerrip
version2
network10.0.0.0mask255.0.0.0
network11.0.0.0mask255.0.0.0
network192.168.10.0mask255.255.255.0
network192.168.11.0mask255.255.255.0
network192.168.12.0mask255.255.255.0
network192.168.13.0mask255.255.255.0
iproute0.0.0.00.0.0.011.1.1.11enabled
ipsshversion2
3.5、交换机RG-2026F-1配置
RG-2026F-1#showrun
hostnameRG-2026F-1
vlan1
vlan10
nameshenchanbu
vlan11
namexiaoshoubu
vlan20
namexingzhengbu
vlan21
namejinglibanggongshi
spanning-tree
spanning-treemstconfiguration
instance2vlan10-11
instance3vlan20-21
nameRG
revision1
interfaceaggregatePort2
switchportmodetrunk
interfacefastEthernet0/1
port-group2
switchportmodetrunk
spanning-treeportfast
interfacefastEthernet0/2
port-group2
switchportmodetrunk
spanning-treeportfast
interfacefastEthernet0/3
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/4
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/5
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/6
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/7
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/8
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/9
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/10
spanning-treeportfast
interfacefastEthernet0/11
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/12
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/13
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/14
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/15
switchportaccessvlan10
spanning-treeportfast
switchportport-security
switchportport-securityviolationshutdown
switchportport-securitymaximum1
interfacefastEthernet0/16
switchportaccessvlan11
spanning-treeportfast
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 山西 工程 职业 技术学院 校园网