基於Packet Tracer 組建智能公司局域網

本文轉載自查看原文 2014-01-15 15:04 3743 雲/ 局域網/ Packet Tracer

背景及要求

某公司有2個辦公區, 分別位於不同的兩個城市, 位於A城市的辦公區為公司總部，為一幢2層辦公樓，需要的計算機節點約30多個。A辦公區有3個部門，分別是財務部， 銷售部，行政部。位於B城市的辦公區為研發部，需要的計算機節點約15個，兩邊辦公區都通過寬帶接入Internet，，現在要求設計一個網絡組網方案，實現：
1、實現A區企業內部資源共享（內部郵件，FTP和WWW服務）
2、A，B區用戶上班時間不能QQ聊天、瀏覽非法網頁
3、A、B區用戶分別各自共享一個IP地址訪問Internet
4、所有公司內部部門之間不能相互直接訪問
5、在辦公區外的銷售人員要求能訪問A區銷售部的信息服務器，但是禁止Internet上的用戶訪問該服務器

設計方案和網絡拓撲圖

設備的屬性值基本規划

Router3

IP Address	Subnet Mask	端口
192.168.5.1	255.255.255.240	S2/0
192.168.1.1	255.255.255.224	Fa0/0.1
192.168.2.1	255.255.255.224	Fa1/0.1
192.168.3.1	255.255.255.224	Fa6/0.1
192.168.4.1	255.255.255.224	Fa7/0.1
192.168.7.1	255.255.255.0	Fa4/0

Router2

IP Address	Subnet Mask	端口
192.168.6.1	255.255.255.240	Fa0/0
192.168.5.2	255.255.255.240	Serial2/0
192.168.8.1	255.255.255.0	Serial3/0

Router0

IP Address	Subnet Mask	端口
192.168.7.3	255.255.255.0	Fa0/0
202.10.1.2	255.255.255.0	Serial2/0

Router1

IP Address	Subnet Mask	端口
202.10.2.1	255.255.255.0	Fa0/0
202.10.1.1	255.255.255.0	Serial2/0

Router4

IP Address	Subnet Mask	端口
202.10.3.1	255.255.255.0	Fa0/0
192.168.8.2	255.255.255.0	Serial2/0

PC機

PC	IP Address	Subnet Mask	默認網關	說明
0	192.168.1.2	255.255.255.224	192.168.1.1	Vlan 2
1	192.168.2.2	255.255.255.224	192.168.2.1	Vlan 3
2	192.168.3.2	255.255.255.224	192.168.3.1	Vlan 4
3	192.168.6.2	255.255.255.240	192.168.6.1	Vlan 6

Server服務器

Serve	IP Address	說明
0	192.168.4.2/27	EMAIL/vlan 5
1	192.168.4.3/27	FTP/vlan 5
2	192.168.4.4/27	WWW/vlan 5
3	202.10.2.3/24	外部網絡
4	202.10.3.3/24	外部網絡

分vlan

Switch-PT Switch 1

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#interface fa0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#interface fa1/1
Switch(config-if)#switchport mode trunk

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up

Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

View Code

同理Switch 2, 3, 4和Multilayer Switch 1
使研發部(vlan6)只能訪問行政部(vlan4)打卡上班

　　　　同時滿足不能訪問財務部(vlan2)，銷售部(vlan3)，服務器群(vlan5)。

　　Router3

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.1.0 0.0.0.31 area 0
Router(config-router)#network 192.168.2.0 0.0.0.31 area 0
Router(config-router)#network 192.168.3.0 0.0.0.31 area 0
Router(config-router)#network 192.168.4.0 0.0.0.31 area 0
Router(config-router)#network 192.168.5.0 0.0.0.31 area 0
Router(config-router)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/27 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0
     192.168.2.0/27 is subnetted, 1 subnets
C       192.168.2.0 is directly connected, FastEthernet1/0
     192.168.3.0/27 is subnetted, 1 subnets
C       192.168.3.0 is directly connected, FastEthernet6/0
     192.168.4.0/27 is subnetted, 1 subnets
C       192.168.4.0 is directly connected, FastEthernet7/0
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
R    192.168.6.0/24 [120/1] via 192.168.5.2, 00:00:26, Serial2/0
Router#

View Code

　　Router2

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#router ospf 1
Router(config-router)#network 192.168.5.0 0.0.0.15 area 0
Router(config-router)#
01:24:19: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.5.1 on Serial2/0 from LOADING to FULL, Loading Done
Router(config-router)#network 192.168.6.0 0.0.0.15 area 0
Router(config-router)#
Router(config-router)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.1.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.1.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.2.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.2.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.3.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.3.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.4.0/24 [120/1] via 192.168.5.1, 00:00:06, Serial2/0
O       192.168.4.0/27 [110/782] via 192.168.5.1, 00:00:26, Serial2/0
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
     192.168.6.0/28 is subnetted, 1 subnets
C       192.168.6.0 is directly connected, FastEthernet0/0
Router#

View Code

　　Router3

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip access-list standard david       //配置名為david的IP標准訪問控制列表   
Router(config-std-nacl)#permit 192.168.3.0 0.0.0.31          //允許192.168.3.0網段通過
Router(config-std-nacl)#deny 192.168.1.0 0.0.0.31           //禁止192.168.1.0網段通過
Router(config-std-nacl)#deny 192.168.2.0 0.0.0.31 
Router(config-std-nacl)#deny 192.168.4.0 0.0.0.31 
Router(config-std-nacl)#exit
Router(config)#interface se2/0
Router(config-if)#ip access-group david out //將名為david的IP標准訪問控制列表應用到se2/0端口
Router(config-if)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

show running-config
Building configuration...

Current configuration : 1355 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.2.1 255.255.255.224
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 192.168.5.1 255.255.255.240
 ip access-group david out
 clock rate 64000
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
!
interface FastEthernet5/0
 no ip address
 shutdown
!
interface FastEthernet6/0
 ip address 192.168.3.1 255.255.255.224
 duplex auto
 speed auto
!
interface FastEthernet7/0
 ip address 192.168.4.1 255.255.255.224
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.1.0 0.0.0.31 area 0
 network 192.168.2.0 0.0.0.31 area 0
 network 192.168.3.0 0.0.0.31 area 0
 network 192.168.4.0 0.0.0.31 area 0
 network 192.168.5.0 0.0.0.31 area 0
!
router rip
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
 network 192.168.5.0
!
ip classless
!
!
ip access-list standard david
 permit 192.168.3.0 0.0.0.31
 deny 192.168.1.0 0.0.0.31
 deny 192.168.2.0 0.0.0.31
 deny 192.168.4.0 0.0.0.31
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
!
End

View Code

建立企業局域網

　　Router3

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip address 192.168.1.1 255.255.255.224
Router(config-subif)#exit
Router(config-if)#end

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fa1/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa1/0.1

%LINK-5-CHANGED: Interface FastEthernet1/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 3  // /封裝802.1q協議，並把該端口划分到vlan 3
Router(config-subif)#ip address 192.168.2.1 255.255.255.224
Router(config-subif)#exit
Router(config)#interface fa6/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa6/0.1

%LINK-5-CHANGED: Interface FastEthernet6/0.1, changed state to up
Router(config-subif)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet6/0.1, changed state to up
Router(config-subif)#encapsulation dot1q 4
Router(config-subif)#ip address 192.168.3.1 255.255.255.224
Router(config-subif)#exit
Router(config)#interface fa7/0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface fa7/0.1

%LINK-5-CHANGED: Interface FastEthernet7/0.1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet7/0.1, changed state to up
Router(config-subif)#
Router(config-subif)#encapsulation dot1q 5
Router(config-subif)#ip address 192.168.4.1 255.255.255.224
Router(config-subif)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.1.0/27 is subnetted, 1 subnets
C       192.168.1.0 is directly connected, FastEthernet0/0.1
     192.168.2.0/27 is subnetted, 1 subnets
C       192.168.2.0 is directly connected, FastEthernet1/0.1
     192.168.3.0/27 is subnetted, 1 subnets
C       192.168.3.0 is directly connected, FastEthernet6/0.1
     192.168.4.0/27 is subnetted, 1 subnets
C       192.168.4.0 is directly connected, FastEthernet7/0.1
     192.168.5.0/28 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, Serial2/0
     192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
R       192.168.6.0/24 [120/1] via 192.168.5.2, 00:00:04, Serial2/0
    192.168.6.0/28 [110/782] via 192.168.5.2, 00:24:24, Serial2/0

View Code

部門之間不能相互訪問

　　Router3

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 1 deny 192.168.1.2
Router(config)#access-list 1 permit any
Router(config)#int fa1/0.1
Router(config-subif)#ip access-group 1 in
Router(config-subif)#ip access-group 1 out
Router(config-subif)#exit
Router(config)#int fa6/0.1
Router(config-subif)#ip access-group 1 out
Router(config-subif)#ip access-group 1 in
Router(config-subif)#exit
Router(config)#access-list 2 deny 192.168.2.2
Router(config)#access-list 2 permit any
Router(config)#in fa6/0.1
Router(config-subif)#ip access-group 2 in
Router(config-subif)#ip access-group 2 out
Router(config-subif)#exit
Router(config)#access-list 3 deny 192.168.3.2
Router(config)#access-list 3 permit any
Router(config)#int fa0/0.1
Router(config-subif)#ip access-group 3 out
Router(config-subif)#ip access-group 3 in

View Code

訪問外網

　　防火牆1設置NAT

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int s2/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source static 192.168.7.2 202.10.0.2
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

Router#show ip nat trans
Pro  Inside global     Inside local       Outside local      Outside global
---  202.10.0.2        192.168.7.2        ---                ---

View Code

　　訪問公網配置

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa0/0
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip add 192.168.7.3 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#route rip
Router(config-router)#ver 2
Router(config-router)#no au
Router(config-router)#net 192.168.7.0
Router(config-router)#default-information originate
Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

　　測試結果

Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.1.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.2.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.3.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.4.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.5.0/24 [120/1] via 192.168.7.1, 00:00:00, FastEthernet4/0
R    192.168.6.0/24 [120/2] via 192.168.7.1, 00:00:00, FastEthernet4/0
C    192.168.7.0/24 is directly connected, FastEthernet4/0
C    202.10.0.0/24 is directly connected, Serial2/0
Router#

View Code

　　允許網段通過路由出去

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.31
Router(config)#access-list 1 permit 192.168.2.0 0.0.0.31
Router(config)#access-list 1 permit 192.168.3.0 0.0.0.31
Router(config)#int s2/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#int fa4/0
Router(config-if)#ip nat inside
Router(config-if)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ip route 0.0.0.0 0.0.0.0 s2/0
Router(config)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

View Code

設置A區域內部服務器群

　　WWW服務器配置

開啟HTTP服務，同時關閉在此服務器上的DNS、FTP、MAIL和DHCP服務，即單擊左側MAIL，SMTP Service、POP3 Service 設置為 off，其他服務保持不變。

從PC0訪問內部www服務器：

　　FTP 服務器配置

配置FTP服務器，關閉在此服務器上的DHCP、DNS、MAIL、WEB服務（Service），其他服務不變，操作過程類似於DHCP配置過程，在此只針對FTP配置：

Service（服務狀態）：On（開），添加User Name（用戶名）和Password（密碼），每個用戶都勾選上Write（可寫）、Read（可讀）、Delete（刪除）、Rename（重命名）、List（列表），每次添加最后要點擊 +（添加）到滾動文本區域里。

　　E-MAIL服務器配置

配置MAIL服務器，關閉在此服務器上的DHCP、DNS、FTP、WEB服務（Service），其他服務不變，操作過程類似於DHCP配置過程，在此只針對EMAIL配置：

SMTP Service 、POP3 Service（服務狀態）：On（開）Domain Name（域名）：mail.yyd.com分別添加2個User （用戶）和Password（密碼），每次添加最后要點擊 +（添加）到滾動文本區域里。

辦公室外銷售人員訪問銷售部

　　Switch-PC Switch 1

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int vlan 3      //interface vlan 3

%LINK-5-CHANGED: Interface Vlan3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
Switch(config-if)#ip address 192.168.2.1 255.255.255.224  //設置交換機ip 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#enable password 123456   //設置進入特權模式的密碼為123456
Switch(config)#line vty 0 4
Switch(config-line)#password yydyyd    //設置遠程登錄密碼為yydyyd
Switch(config-line)#login
Switch(config-line)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Switch#

View Code

將遠程登錄設置了密碼，這樣internet上的人不知道密碼的話就無法訪問，而銷售人員知道密碼就可以訪問。

上班時間不能QQ聊天、瀏覽非法網頁

　　Router3

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#time-range nowork
Router(config-time-range)#periodic weekend 0：00 to 23:59//從星期六：00到星期天23:59
Router(config)#access-list 101 deny tcp any any time-range work1
Router(config)#access-list 101 permit tcp any 192.168.1.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.2.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.3.2 0.0.0.31 time-range nowork
Router(config)#access-list 101 permit tcp any 192.168.4.2 0.0.0.31 time-range nowork
Router(config)#int fa0/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa1/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa6/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit
Router(config)#int fa7/0.1
Router(config-subif)#ip access-group 101 out
Router(config-subif)#exit

View Code

　　同理Router2

總結

　　這個是我在大二上的時候，這差不多這個時候，做路由器課程設計的時候老師叫做的，當時就只有我做的比較完善，心中暗自得意，哈哈哈哈。

　　希望這個對你們有幫助，寫的稍微有點亂哈。

　　當時老師說到公司A地與公司B地聯系的話是用VPN建立，后來不知道怎么的也就沒做了。

轉載請注明出處：http://www.cnblogs.com/yydcdut/p/3520838.html

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 公司局域網如何組建公司局域網搭建方法公司局域網如何組建公司局域網搭建方法公司局域網搭建公司局域網搭建校園網組建 (基於Packet tracer) 【zerotier】組建局域網無線局域網的組建 ZeroTier 局域網組建工具企業局域網的組建使用ZEROTIER異地組建內網(局域網)