高级路由与交换技术课程设计

1、高级路由与交换技术课程设计 组别： 题目： 小型园区拓扑设计 姓名： 学号： 班级： 时间： 目录摘 要.2关键字.3一、小型园区网····································31.1 园区网的概述·&

2、#183;····································31.2 园区网设计···········

3、83;····························4二、小型园区网的详细设计···················&#

4、183;······52.1功能设计··········································

5、·52.2 ip和vlan规划阶段·································62.3路由冗余设计···········

6、3;····························62.4路由协议设计····················

7、···················82.5路由策略设计·····························&#

8、183;·········102.6网络设备安全设计···································122.7小型园区网的配置命令

9、3;·····························13三、功能测试···················&#

10、183;·················143.1全网连通性······························

11、3;·········15四、课程设计实验总结·····························16五、参考文献········&#

12、183;····························18摘要随着社会网络技术的逐步发展与完善，越来越多的企业或者公司都会想到利用园区网架构来实现自己的网络安全措施，因此小型的园区网设计就成了各个部门所重视的课程项目。为此目的而设计的园区网既能够保护各部门的网络安全，又不会影响各支部门的工作，可谓一举两得。关

13、键字路由冗余、路由协议、路由策略、网络安全、dhcp一、 小型园区网 1.1园区网的概述：园区网通常是指大学的校园网及企业的内部网（intranet) ； 其主要特征是：网络特别是路由结构完全由一个机构来管理。但是很多时候，园区网的使用效率不高，尤其是关键业务得不到保证。 利用实验机房所提供的4台计算机、3台路由器、2台三层交换机和2台二层交换机以及耗材，完成园区网络组建。 1.2 园区网设计图：课程设计任务分配组长： 姓名任务2dhcp设计、检查李路由冗余、策略设计ip地址、vlan划分路由协议设计链路聚合 、网络设备安全设计二、 小型园区网的详细设计 2.1 功能设计：l 在接入层交换机上

14、进行vlan划分，配置交换机截接口portfast以及端口安全，以加快收敛速度和安全性。l 在所有交换机上配置mstp，以加快spanning-tree的收敛，并节省资源。l 在出口路由r2上配置eigrp，在出口路由r1,r2,r3上配置ospf，并同时在r3上配置rip,以及在边界路由器上配置了重分发，这是为了适应不同厂商的路由器的支持。l 在多层交换机s1和s4上配置hsrp，以实现网关冗余。并把交换机s2配置为vlan 10的根桥，把交换机s3配置为vlan20的根桥。2.2 ip和vlan规划：ip地址表实验设备接口ip地址r3f0/0192.168.6.2f0/1192.168.3

15、.1s0/0192.168.5.2r1f0/0192.168.7.1s0/0192.168.4.1fa0/1192.168.8.1r2s0/1192.168.4.2s0/0192.168.5.1f0/0192.168.6.1s1f0/1192.168.7.2vlan10192.168.1.10vlan20192.168.2.10s2f0/1192.168.8.2vlan10192.168.1.11vlan20192.168.2.11pc1192.168.1.3pc2192.168.2.3pc4192.168.3.11pc3192.168.3.122.3路由冗余设计阶段（hsrp）：路由冗余规划

16、表试验设备接口组号优先级虚拟ips1vlan 101200192.168.1.2542100192.168.1.253vlan 203150192.168.2.2544200192.168.2.253s2vlan 101100192.168.1.2542200192.168.1.253vlan 203200192.168.2.2544150192.168.2.2532.4路由协议设计阶段：路由协议规划表设备路由协议发布的网段r1eigrp192.168.4.0192.168.7.0192.168.8.0r2eigrp192.168.4.02.2.2.0ospf192.168.5.0192.16

17、8.6.0r3ospf192.168.3.0192.168.6.03.3.3.0192.168.5.02.5路由策略设计阶段：路由策略规划表设备access-listpermitip地址下一跳matchr3110192.168.3.11192.168.5.1ip address 1220192.168.3.12192.168.6.1ip address 22.6 网络设备安全设计阶段:路由器和交换机的安全规划表设备端口模式端口安全措施s4fa0/2accessport-securityviolation shutdownfa0/3accessport-securityviolation shu

18、tdownusernnamepassword端口封装模式加密r1r2ciscose0/0pppchapr2r1ciscose0/1pppchap2.7、在路由器和交换机上实现阶段1、通过show run查看配置文件s1上的配置s1#show runhostname s1no aaa new-modelip subnet-zeroip routingno file verify autospanning-tree extend system-idspanning-tree vlan 10 priority 819spanning-tree vlan 20 priority 122vlan int

19、ernal allocation policy asinterface port-channel2switchport mode dynamic desirableinterface fastethernet0/1 no switchport ip address 192.168.7.2 255.255.25standby 4 authentication mykeyinterface fastethernet0/2switchport mode dynamic desirablechannel-group 2 mode activeinterface fastethernet0/3switc

20、hport mode dynamic desirablechannel-group 2 mode activeinterface vlan1 no ip address shutdown!interface vlan10 ip address 192.168.1.10 255.255.2 standby 1 ip 192.168.1.254 standby 1 priority 200 standby 1 preempt standby 1 authentication mykey standby 2 ip 192.168.1.253 standby 2 authentication myke

21、y!interface vlan20 ip address 192.168.2.10 255.255.2 standby 3 ip 195.168.2.254 standby 3 priority 150 standby 3 authentication mykey standby 4 ip 192.168.2.253 standby 4 priority 200 standby 4 preempt standby 4 authentication mykeyrouter eigrp 1 network 192.168.1.0 network 192.168.7.0 no auto-summa

22、ry!line con 0line vty 5 15!ends2的配置s2#show runhostname s2spanning-tree mode mstspanning-tree extend system-idspanning-tree vlan 10 priority 12288spanning-tree vlan 20 priority 8192vlan internal allocation policy ascendinginterface port-channel2 switchport mode dynamic desirableinterface fastethernet

23、0/1 no switchport ip address 192.168.8.2 255.255.255.0!interface fastethernet0/2 switchport mode dynamic desirable channel-group 2 mode active!interface fastethernet0/3 switchport mode dynamic desirable channel-group 2 mode activeinterface vlan1 no ip address shutdown!interface vlan10 ip address 192

24、.168.1.11 255.255.255.0 standby 1 ip 192.168.1.254 standby 1 authentication mykey standby 2 ip 192.168.1.253 standby 2 priority 200 standby 2 preempt standby 2 authentication mykey!interface vlan20 ip address 192.168.2.11 255.255.255.0 standby 3 ip 192.168.2.254 standby 3 priority 200 standby 3 pree

25、mpt standby 3 authentication mykey standby 4 ip 192.168.2.253 standby 4 priority 150 standby 4 authentication mykeyends3 的配置s3#show runhostname s3spanning-tree mode pvstno spanning-tree optimize bpdu tspanning-tree extend system-idinterface fastethernet0/2switchport access vlan 30switchport mode tru

26、nkinterface fastethernet0/3switchport access vlan 30switchport mode trunkends4的配置s4#show runhostname s4spanning-tree mode pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-idinterface fastethernet0/2 switchport access vlan 10 switchport mode access switchport port-security s

27、witchport port-security maximum 50interface fastethernet0/3 switchport access vlan 20 switchport mode access switchport port-security switchport port-security maximum 50endr1的配置r1#show runhostname r1username r2 password 0 ciscointerface fastethernet0/0 ip address 192.168.7.1 255.255.255.0 duplex aut

28、o speed autointerface serial0/0 ip address 192.168.4.1 255.255.255.0 encapsulation ppp no fair-queue ppp authentication chapinterface fastethernet0/1 ip address 192.168.8.1 255.255.255.0 duplex auto speed autorouter eigrp 1 network 192.168.4.0 network 192.168.7.0 network 192.168.8.0 no auto-summarye

29、ndr2的配置r2#show runhostname r2username r1 password 0 ciscointerface loopback0 ip address 2.2.2.2 255.255.255.0interface fastethernet0/0 ip address 192.168.6.1 255.255.255.0 duplex auto speed autointerface serial0/0 ip address 192.168.5.1 255.255.255.0 no fair-queue clock rate 128000interface serial0/

30、1 ip address 192.168.4.2 255.255.255.0 encapsulation ppp clock rate 128000 ppp authentication chap!router eigrp 1 redistribute ospf 1 metric 1000 100 255 1 1500 network 2.0.0.0 network 192.168.4.0 no auto-summaryrouter ospf 1 router-id 2.2.2.2 log-adjacency-changes redistribute eigrp 1 metric 30 met

31、ric-type 1 subnets network 192.168.5.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0endr3的配置r3#show runhostname r3ip dhcp excluded-address 192.168.3.1 192.168.3.10ip dhcp pool vlan30 network 192.168.3.0 255.255.255.0default-router 192.168.3.1interface loopback0 ip address 3.3.3.3 255.255.255

32、.0interface fastethernet0/0 ip address 192.168.6.2 255.255.255.0 duplex auto speed autointerface serial0/0 ip address 192.168.5.2 255.255.255.0 no fair-queueinterface fastethernet0/1 ip address 192.168.3.1 255.255.255.0 ip policy route-map ccna duplex auto speed autorouter ospf 1 router-id 3.3.3.3 l

33、og-adjacency-changes network 3.3.3.0 0.0.0.255 area 0 network 192.168.3.0 0.0.0.255 area 0 network 192.168.5.0 0.0.0.255 area 0 network 192.168.6.0 0.0.0.255 area 0access-list 1 permit 192.168.3.11access-list 2 permit 192.168.3.12route-map ccna permit 10 match ip address 1 set ip next-hop 192.168.5.1route-map ccna permit 20 match ip address 2 set ip next-hop 192.168.6.1end三、功能测试3.1全网连通性：主机ip：192.168.1.3ping：192.168.3.11 192.168.2.3主机ip：192.168.1.3ping：2.2.2.2 3.3.3.3四、程设计实验总结本次实训，我们组创建了一个小型园区拓扑。这次实训把我们这学期所学知识融会贯通，各个环节不可缺少和出错。我觉得