1、山西工程职业技术学院校园网山西工程职业技术学院校园网设计与竣工报告实训组号:007实训时间:二零一零年三月十一日一、需求分析山西工程职业技术学院目前有五个大楼,分别为教学楼、办公楼、图书馆、实训楼、宿舍楼,现在要进行与外网的连接,具体的一些需求如下: 在整个校园内实现资源共享、网络化教学、网络下载、视频点播、专项课题研究; 校园网存在多个出口需求,校园网至少要提供中国教育科研网(CERNET)和INTERNET两个出口; 校园网要求实现多种支持普通包月、包月限时长、包月限流量、计天等多种计费策略; 使用SNMP技术对校园网的设备进行集中管理。二、方案设计2.1、网络设计原则 先进性校园网络技术
2、的发展十分迅速,更新换代周期越来越短。所以,选购设备的硬件、软件要充分注意先进性。 实用性校园网络的设计既要在相当长的时间内保证其先进性,还应本着实用的原则,在实用的基础上追求先进性,使系统要满足用户需求。 安全性校园网络都与外部网络互连互通日益增加,因此,在系统方案设计需考虑到系统信息安全性、保密性、完整性的要求。 可扩充性校园网络规模要易于扩展,可以方便地进行设备扩充,以及灵活进行软件版本的更新和升级,为将来系统的升级、扩展打下良好的基础。 灵活性校园网络的设计要符合灵活性,能够适应网络结构的变化,满足用户的需求。2.2、网络拓扑图网络拓扑图如图1所示。图1网络拓扑图2.3、IP地址规划I
3、P地址的具体情况如表1所示。设备设备名称设备接口IP地址路由器RSR-20-1Fa 0/111.1.1.1/30S 2/099.1.1.13/30RSR-20-2S 2/099.1.1.14/30loopback013.1.1.1/24Loopback188.1.1.1/24防火墙RG-WALL-60WAN111.1.1.2/30LAN11.1.1.5/30DMZ12.1.1.1/24计算机1wwwEthernet12.1.1.251/24ftpEthernet12.1.1.253/24dns2Ethernet12.1.1.252/24计算机2dc1Ethernet10.1.1.251/24c
4、c2Ethernet10.1.1.252/24dns1Ethernet10.1.1.253/24表1IP地址规划2.4、VLAN地址规划VLAN地址的具体情况如表2所示。校园大楼VLAN编号管理地址IP地址网段教学楼VLAN10192.168.10.254/24192.168.10.0/24办公楼VLAN11192.168.11.254/24192.168.11.0/24图书馆VLAN20192.168.12.254/24192.168.12.0/24实训楼VLAN21192.168.13.254/24192.168.13.0/24宿舍楼VLAN22192.168.14.254/24192.1
5、68.14.0/24表2VLAN地址规划2.5、路由规划静态路由可以减少路由更新,为重要的应用程序保证带宽,在本网络中使用静态路由是最佳选择。在路由器RSR-20-1、RSR-20-2、RG-WALL-60、RG-3760-24上配置静态路由,使全网互通。2.6、可靠性规划在三台交换机上配置多生成树协议(RG-3760-24、RG-2026F-1、RG-2026F-2),并将RG-3760-24设置为生成树的根,VLAN10、VLAN11、VLAN20在实例2中,VLAN21、VLAN22在实例3中,实现两条链路的负载均衡。三、施工进度表四、设备的配置文档3.1、路由器RSR-20-1配置RS
6、R-20-1#show runhostname RSR-20-1time-range time periodic Weekdays 9:00 to 18:00 access-list 10 permit 192.168.10.0 0.0.0.255access-list 10 permit 192.168.11.0 0.0.0.255access-list 10 permit 192.168.20.0 0.0.0.255access-list 10 permit 192.168.13.0 0.0.0.255 access-list 10 permit 192.168.12.0 0.0.0.25
7、5access-list 100 permit ip 192.168.10.0 0.0.0.255 any time-range timeaccess-list 100 permit ip 192.168.11.0 0.0.0.255 any time-range timeaccess-list 100 permit ip 192.168.12.0 0.0.0.255 any time-range timeaccess-list 100 permit ip 192.168.13.0 0.0.0.255 anyusername RSR-20-2 password 0 tianjinno serv
8、ice password-encryptioncrypto isakmp policy 110 authentication pre-share hash md5crypto isakmp key 7 14005f042b1b2e7d5716 address 99.1.1.14crypto ipsec transform-set vpn1 ah-md5-hmac esp-des esp-md5-hmaccrypto map vpn-set 100 ipsec-isakmp set peer 99.1.1.14 set transform-set vpn1 match address 110in
9、terface serial 1/2 encapsulation PPP ppp authentication chap ppp chap hostname RSR-20-1 ppp chap password 7 072a0a2e1b182e0b ip nat outside ip address 99.1.1.13 255.255.255.240 crypto map vpn-set clock rate 64000interface serial 1/3interface FastEthernet 1/0 ip nat inside ip access-group 100 in ip a
10、ddress 11.1.1.5 255.255.255.252 duplex auto speed autointerface FastEthernet 1/1 duplex auto speed autointerface Null 0 ip nat pool pool 99.1.1.1 99.1.1.5 netmask 255.255.255.240ip nat outside source static 99.1.1.9 10.1.1.253ip nat inside source static tcp 12.1.1.251 80 99.1.1.6 80ip nat inside sou
11、rce static tcp 12.1.1.253 20 99.1.1.7 20ip nat inside source static tcp 12.1.1.253 21 99.1.1.7 21ip nat inside source static udp 12.1.1.252 53 99.1.1.8 53ip nat inside source list 10 pool pool overloadrouter rip no auto-summary version 2 network 11.0.0.0 network 99.0.0.0ip route 0.0.0.0 0.0.0.0 99.1
12、.1.14line con 0line aux 0line vty 0 login password 7 05495567507b4743755d421eline vty 1 login password 7 1234111358line vty 2 login password 7 1559192000line vty 3 login password 7 1316064b1fline vty 4 login password 7 025057360aend3.2、路由器RSR-20-2配置RSR-20-2#show runversion 8.4 (building 15)hostname
13、RSR-20-2username RSR-20-1 password 0 tianjinno service password-encryptioncrypto isakmp policy 110 authentication pre-share hash md5 crypto isakmp key 7 035122110c37067e4741 address 99.1.1.13crypto ipsec transform-set vpn1 ah-md5-hmac esp-des esp-md5-hmaccrypto map vpn-set 100 ipsec-isakmp set peer
14、99.1.1.13 match address 110interface serial 1/2 encapsulation PPP ppp authentication chap ppp chap hostname RSR-20-2 ppp chap password 7 155e04201c21250b ip address 99.1.1.14 255.255.255.240 crypto map vpn-setinterface serial 1/3 clock rate 64000interface FastEthernet 1/0 duplex auto speed autointer
15、face FastEthernet 1/1 duplex auto speed autointerface Loopback 0 ip address 13.1.1.1 255.255.255.0interface Loopback 1 ip address 88.1.1.1 255.255.255.0interface Null 0router rip no auto-summary version 2 network 13.0.0.0 network 88.0.0.0 network 99.0.0.0line con 0line aux 0line vty 0 login password
16、 7 1044417e5646185c734a7b78line vty 1 login password 7 1276564b1959734379745511line vty 2 login password 7 076f50764646755440125d75line vty 3 login password 7 06576d5a7c414076574a1a59line vty 4 login password 7 097e464b7451401b5f79427fend3.3、防火墙RG-WALL-60配置 3.4、交换机RG-3760-24配置RG-3760-24#show runhost
17、name S3760vlan 1vlan 10 name jiaxuelouvlan 11 name tushuguanvlan 20 name bangonglouvlan 21 name shixunlouenable secret level 1 5 +sr/-aehqtx1dfisrptbckyqt7zyglenable secret level 14 5 T1dfim3Utbckn47zyglo54-aehenable secret level 15 5 +sr,|7zyqtx-/-aesrp1dfyqt.tbcservice dhcp spanning-tree spanning-
18、tree mst configuration instance 2 vlan 10-11 instance 3 vlan 20-21 name RG revision 1 spanning-tree mst 0 priority 0 interface AggregatePort 1 switchport mode trunkinterface AggregatePort 2 switchport mode trunkinterface FastEthernet 0/1 no switchport ip address 11.1.1.6 255.255.255.252 interface Fa
19、stEthernet 0/2 port-group 2 switchport mode trunkinterface FastEthernet 0/3 port-group 2 switchport mode trunkinterface FastEthernet 0/4 port-group 1 switchport mode trunkinterface FastEthernet 0/5 port-group 1 switchport mode trunkinterface FastEthernet 0/8 no switchport ip address 10.1.1.1 255.255
20、.255.0 interface FastEthernet 0/24 no switchportinterface Vlan 1interface Vlan 10 ip address 192.168.10.254 255.255.255.0 interface Vlan 11 ip address 192.168.11.254 255.255.255.0 interface Vlan 20 ip address 192.168.12.254 255.255.255.0 interface Vlan 21 ip address 192.168.13.254 255.255.255.0 rout
21、er rip version 2 network 10.0.0.0 mask 255.0.0.0network 11.0.0.0 mask 255.0.0.0network 192.168.10.0 mask 255.255.255.0network 192.168.11.0 mask 255.255.255.0network 192.168.12.0 mask 255.255.255.0network 192.168.13.0 mask 255.255.255.0ip route 0.0.0.0 0.0.0.0 11.1.1.1 1 enabledip ssh version 23.5、交换
22、机RG-2026F-1配置RG-2026F-1#show runhostname RG-2026F-1vlan 1vlan 10 name shenchanbuvlan 11 name xiaoshoubuvlan 20 name xingzhengbuvlan 21 name jinglibanggongshispanning-tree spanning-tree mst configuration instance 2 vlan 10-11 instance 3 vlan 20-21 name RG revision 1 interface aggregatePort 2 switchpo
23、rt mode trunkinterface fastEthernet 0/1 port-group 2 switchport mode trunk spanning-tree portfast interface fastEthernet 0/2 port-group 2 switchport mode trunk spanning-tree portfast interface fastEthernet 0/3 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-
24、security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/4 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/5 switchport access vlan 10 span
25、ning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/6 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum
26、 1 interface fastEthernet 0/7 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/8 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-
27、security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/9 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/10 spanning-tree portfast interf
28、ace fastEthernet 0/11 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/12 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-securit
29、y violation shutdown switchport port-security maximum 1 interface fastEthernet 0/13 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/14 switchport access vlan 10 spanning-
30、tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/15 switchport access vlan 10 spanning-tree portfast switchport port-security switchport port-security violation shutdown switchport port-security maximum 1 interface fastEthernet 0/16 switchport access vlan 11 spanning-tree portfast