企业网设计

网络设计ensp2025-03-12 21:33

1.拓扑

2.背景及需求

1、办公区分为多个部门,保证500人上网需求。

2、按照多个不同部门规划业务VLAN.

3、网络启用 VRRP+MSTP 网络。采用链路聚合技术保证链路的可靠性。

4、出口部署防火墙,保障内网安全。

5、服务器区域设置dmz增加防火墙(保护内网)

6、设备远程访问进行远程管理。

9、采用两种不同的动态路由协议,分别用于两个局域网内部

3.部门vlan划分及IP地址

地址规划

|----|-----------------|--------|-----------------|
| 部门 | 地址空间 | 所属vlan | Vlan网关 |
| 市场 | 192.168.10.0/24 | Vlan10 | 192.168.10.1/24 |
| 市场 | 192.168.20.0/24 | Vlan20 | 192.168.20.1/24 |
| 人事 | 192.168.30.0/24 | Vlan30 | 192.168.30.1/24 |
| 人事 | 192.168.40.0/24 | Vlan40 | 192.168.40.1/24 |
| 管理 | 192.168.50.0/24 | Vlan50 | 192.168.50.1/24 |
| 管理 | 192.168.60.0/24 | Vlan60 | 192.168.60.1/24 |
| 后勤 | 192.168.70.0/24 | Vlan70 | 192.168.70.1/24 |
| 后勤 | 192.168.80.0/24 | Vlan80 | 192.168.80.1/24 |

接入汇聚设备管理地址

|------|------------------|---------|-----------------|
| 部门 | 地址 | VLAN | 网关 |
| 管理网络 | 192.168.255.0/24 | VLAN255 | 192.168.255.254 |

4.网络配置实施

  1. 接入层划分vlan、以及接口配置

以人事部门接入交换机为例:

Huawei\]sysname RS-JR \[RS-JR\]vlan batch 10 20 30 40 50 60 70 80 255 \[RS-JR-aaa\]interface Vlanif255 \[RS-JR-Vlanif255\] ip address 192.168.255.2 255.255.255.0 \[RS-JR-Vlanif255\]interface Ethernet0/0/1 \[RS-JR-Ethernet0/0/1\] port link-type trunk \[RS-JR-Ethernet0/0/1\] port trunk allow-pass vlan 2 to 4094 IP on the interface Vlanif255 has entered the UP state. \[RS-JR-Ethernet0/0/1\]interface Ethernet0/0/2 \[RS-JR-Ethernet0/0/2\] port link-type trunk \[RS-JR-Ethernet0/0/2\] port trunk allow-pass vlan 2 to 4094 \[RS-JR-Ethernet0/0/2\]interface Ethernet0/0/3 \[RS-JR-Ethernet0/0/3\] port link-type access \[RS-JR-Ethernet0/0/3\] port default vlan 30 \[RS-JR-Ethernet0/0/3\]interface Ethernet0/0/4 \[RS-JR-Ethernet0/0/4\] port link-type access \[RS-JR-Ethernet0/0/4\] port default vlan 40 \[RS-JR-Ethernet0/0/4\]# 其他接入配置同理 1. 三层SIV接口配置及路由器物理接口以及VRRP配置 以汇聚1交换机为例: \[HJ1\]int vlan 10 \[HJ1-Vlanif10\]ip add 192.168.10.2 255.255.255.0 \[HJ1-Vlanif10\] vrrp vrid 10 priority 120 \[HJ1-Vlanif10\]int vlan 20 \[HJ1-Vlanif20\]ip add 192.168.20.2 255.255.255.0 \[HJ1-Vlanif20\]vrrp vrid 20 virtual-ip 192.168.20.1 \[HJ1-Vlanif20\] vrrp vrid 20 priority 120 \[HJ1-Vlanif20\]int vlan 30 \[HJ1-Vlanif30\]ip add 192.168.30.2 255.255.255.0 \[HJ1-Vlanif30\]vrrp vrid 30 virtual-ip 192.168.30.1 \[HJ1-Vlanif30\] vrrp vrid 30 priority 120 \[HJ1-Vlanif30\]int vlan 40 \[HJ1-Vlanif40\]ip add 192.168.40.2 255.255.255.0 \[HJ1-Vlanif40\]vrrp vrid 40 virtual-ip 192.168.40.1 \[HJ1-Vlanif40\] vrrp vrid 40 priority 120 \[HJ1-Vlanif40\]int vlan 50 \[HJ1-Vlanif50\]ip add 192.168.50.2 255.255.255.0 \[HJ1-Vlanif50\]vrrp vrid 50 virtual-ip 192.168.50.1 \[HJ1-Vlanif50\] vrrp vrid 50 priority 120 \[HJ1-Vlanif50\]int vlan 60 \[HJ1-Vlanif60\]ip add 192.168.60.2 255.255.255.0 \[HJ1-Vlanif60\]vrrp vrid 60 virtual-ip 192.168.60.1 \[HJ1-Vlanif60\] vrrp vrid 60 priority 120 \[HJ1-Vlanif60\]int vlan 70 \[HJ1-Vlanif70\]ip add 192.168.70.2 255.255.255.0 \[HJ1-Vlanif70\]vrrp vrid 70 virtual-ip 192.168.70.1 \[HJ1-Vlanif70\] vrrp vrid 70 priority 120 \[HJ1-Vlanif70\]int vlan 80 \[HJ1-Vlanif80\]ip add 192.168.80.2 255.255.255.0 \[HJ1-Vlanif80\]vrrp vrid 80 virtual-ip 192.168.80.1 \[HJ1-Vlanif80\] vrrp vrid 80 priority 120 \[HJ1-Vlanif80\]int vlan 255 \[HJ1-Vlanif255\]ip add 192.168.255.252 255.255.255.0 \[HJ1-Vlanif255\]vrrp vrid 255 virtual-ip 192.168.255.254 \[HJ1-Vlanif255\] vrrp vrid 255 priority 120 其他SVI接口配置相同 3、 配置MSTP,主备模式 \[HJ1\]stp instance 0 root primary //汇聚交换机1主根 \[HJ2\]stp instance 0 root secondary //汇聚交换机2次根桥 4、链路聚合配置 \[HJ1\]int Eth-Trunk 0 //链路聚合接口 \[HJ1-Eth-Trunk0\]port link-type trunk \[HJ1-Eth-Trunk0\]port trunk allow-pass vlan all \[HJ1-Eth-Trunk0\]trunkport GigabitEthernet 0/0/5 to 0/0/6 interface Eth-Trunk0 port link-type trunk port trunk allow-pass vlan 2 to 4094 5、 DHCP配置 以汇聚交换机为例: \[HJ1\]ip pool vlan10 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan10\]network 192.168.10.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan10\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan10\] gateway-list 192.168.10.1 \[HJ1-ip-pool-vlan10\]ip pool vlan20 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan20\]network 192.168.20.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan20\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan20\] gateway-list 192.168.20.1 \[HJ1-ip-pool-vlan20\]ip pool vlan30 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan30\]network 192.168.30.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan30\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan30\] gateway-list 192.168.30.1 \[HJ1-ip-pool-vlan30\]ip pool vlan40 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan40\]network 192.168.40.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan40\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan40\] gateway-list 192.168.40.1 \[HJ1-ip-pool-vlan40\]ip pool vlan50 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan50\]network 192.168.50.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan50\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan50\] gateway-list 192.168.50.1 \[HJ1-ip-pool-vlan50\]ip pool vlan60 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan60\]network 192.168.60.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan60\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan60\] gateway-list 192.168.60.1 \[HJ1-ip-pool-vlan60\]ip pool vlan70 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan70\]network 192.168.70.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan70\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan70\] gateway-list 192.168.70.1 \[HJ1-ip-pool-vlan70\]ip pool vlan80 Info:It's successful to create an IP address pool. \[HJ1-ip-pool-vlan80\]network 192.168.80.0 mask 255.255.255.0 \[HJ1-ip-pool-vlan80\] dns-list 114.114.114.114 \[HJ1-ip-pool-vlan80\] gateway-list 192.168.80.1 \[HJ1-ip-pool-vlan80\]q \[HJ1\]dhcp enable \[HJ1\]int vlan 10 \[HJ1-Vlanif10\]dhcp select global \[HJ1-Vlanif10\]int vlan 20 \[HJ1-Vlanif20\]dhcp select global \[HJ1-Vlanif20\]int vlan 30 \[HJ1-Vlanif30\]dhcp select global \[HJ1-Vlanif30\]int vlan 40 \[HJ1-Vlanif40\]dhcp select global \[HJ1-Vlanif40\]int vlan 50 \[HJ1-Vlanif50\]dhcp select global \[HJ1-Vlanif50\]int vlan 60 \[HJ1-Vlanif60\]dhcp select global \[HJ1-Vlanif60\]int vlan 70 \[HJ1-Vlanif70\]dhcp select global \[HJ1-Vlanif70\]int vlan 80 \[HJ1-Vlanif80\]dhcp select global 6、 配置OSPF实现全网互通、 //此配置 其他设备 均相同 宣告各自直连网段即可 \[HJ1-ospf-1\]a 0 \[HJ1-ospf-1-area-0.0.0.0\]network 192.168.0.0 0.0.255.255 \[HJ1-ospf-1-area-0.0.0.0\]network 10.10.10.2 0.0.0.0 \[HJ2\]ospf 1 \[HJ2-ospf-1\]a 0 \[HJ2-ospf-1-area-0.0.0.0\]net \[HJ2-ospf-1-area-0.0.0.0\]network 192.168.0.0 0.0.255.255 \[HJ2-ospf-1-area-0.0.0.0\]network 20.20.20.2 0.0.0.0 \[HX\]ospf 1 \[HX-ospf-1\]a 0 \[HX-ospf-1-area-0.0.0.0\]network 10.10.10.0 0.0.0.255 \[HX-ospf-1-area-0.0.0.0\]network 20.20.20.0 0.0.0.255 \[HX-ospf-1-area-0.0.0.0\]network 192.168.3.0 0.0.0.255 \[HX-ospf-1\]a 1 \[HX-ospf-1-area-0.0.0.1\]net \[HX-ospf-1-area-0.0.0.1\]network 192.168.2.0 0.0.0.255 \[USG6000V1\]ospf 1 \[USG6000V1-ospf-1\]a 1 \[USG6000V1-ospf-1-area-0.0.0.1\]network 192.168.2.0 0.0.0.255 7、 出口NAT配置 nat-policy rule name ISP source-zone trust destination-zone untrust action source-nat easy-ip //NAT转换方式 = easy-IP 8、防火墙出口安全策略 security-policy rule name ISp //上网流量 source-zone trust destination-zone untrust action permit 9、数据中心防火墙配置 \[USG6000V1\]ospf 1 \[USG6000V1-ospf-1\]a 0 \[USG6000V1-ospf-1-area-0.0.0.0\]network 0.0.0.0 255.255.255.255 \[USG6000V1\]security-policy \[USG6000V1-policy-security\]rule name trust-dmz \[USG6000V1-policy-security-rule-trust-dmz\]source-zone trust \[USG6000V1-policy-security-rule-trust-dmz\]destination-zone dmz \[USG6000V1-policy-security-rule-trust-dmz\]action permit 10、设备管理配置 \[RS-JR-aaa-domain-default_admin\] local-user admin password cipher admin@123 \[RS-JR-aaa\] local-user admin privilege level 15 \[RS-JR-aaa\] local-user admin service-type telnet \[RS-JR-Ethernet0/0/4\]user-interface con 0 \[RS-JR-ui-console0\]user-interface vty 0 4 \[RS-JR-ui-vty0-4\] authentication-mode aaa \[RS-JR-ui-vty0-4\] protocol inbound all 11、分支网关地址、路由rip配置 \[Huawei\]rip 1 \[Huawei-rip-1\]network 30.0.0.0 \[Huawei-rip-1\]default-route originate \[Huawei-rip-1

Huawei\]rip 1 \[Huawei-rip-1\]net \[Huawei-rip-1\]network 30.0.0.0 \[Huawei-rip-1\]network 192.168.110.0 \[Huawei-rip-1\]net 192.168.100.0 \[Huawei-Vlanif10\]ip add 192.168.100.254 24 \[Huawei-Vlanif10\]int vlan 20 \[Huawei-Vlanif20\]ip add 192.168.110.254 24 ## 5.网络测试 私信作者获取

相关推荐
搬码临时工18 分钟前
如何把本地服务器变成公网服务器?内网ip网址转换到外网连接访问
运维·服务器·网络·tcp/ip·智能路由器·远程工作·访问公司内网
zzc92125 分钟前
MATLAB仿真生成无线通信网络拓扑推理数据集
开发语言·网络·数据库·人工智能·python·深度学习·matlab
朱包林4 小时前
day27-shell编程(自动化)
linux·运维·服务器·网络·shell脚本
SZ1701102315 小时前
IP协议 标识字段 同一个源IP、目的IP和协议号内唯一
网络·网络协议·tcp/ip
狐576 小时前
2025-06-02-IP 地址规划及案例分析
网络·网络协议·tcp/ip
黎茗Dawn7 小时前
5.子网划分及分片相关计算
网络·智能路由器
恰薯条的屑海鸥7 小时前
零基础在实践中学习网络安全-皮卡丘靶场(第十四期-XXE模块)
网络·学习·安全·web安全·渗透测试
科技小E7 小时前
口罩佩戴检测算法AI智能分析网关V4工厂/工业等多场景守护公共卫生安全
网络·人工智能
御承扬7 小时前
从零开始开发纯血鸿蒙应用之网络检测
网络·华为·harmonyos
DevSecOps选型指南16 小时前
2025软件供应链安全最佳实践︱证券DevSecOps下供应链与开源治理实践
网络·安全·web安全·开源·代码审计·软件供应链安全
热门推荐
01【图像处理与机器视觉】XJTU期末考点02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03KGG转MP3工具|非KGM文件|解密音频04海康Visionmaster-常见问题排查方法-启动阶段05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06【SpeedAI科研小助手】2分钟极速解决知网维普重复率、AIGC率过高,一键全文降!文件格式不变,公式都保留的!07Coze扣子平台完整体验和实践(附国内和国际版对比)08DeepSeek各版本说明与优缺点分析09VMware虚拟机安装Win7专业版保姆级教程(附镜像包)10R-tree详解