飞龙公司是一家经销土特产的中型企业,公司地址在北京市南三环附近,员工大约有500人,主要有销售部、采购部、加工部、财务部、行政部;公司要建立电商销售平台来销售产品
软件环境:ensp
网络要具有良好的性能,保证数据通信良好
SW6 [SW6]int g 0/0/1 [SW6]vlan batch 100 200 [SW6-GigabitEthernet0/0/1]port link-type hybrid [SW6-GigabitEthernet0/0/1]port hybrid pvid vlan 100 [SW6-GigabitEthernet0/0/1]port hybrid untagged vlan 20 30 40 50 60 100 200 [SW6-GigabitEthernet0/0/1]int g 0/0/2 [SW6-GigabitEthernet0/0/2]port link-type trunk [SW6-GigabitEthernet0/0/2]port trunk allow-pass vlan 20 100 200 [SW6]int g 0/0/3 [SW6-GigabitEthernet0/0/3]port link-type trunk [SW6-GigabitEthernet0/0/3]port trunk allow-pass vlan 30 100 200 [SW6-GigabitEthernet0/0/3]int g 0/0/4 [SW6-GigabitEthernet0/0/4]port link-type trunk [SW6-GigabitEthernet0/0/4]port trunk allow-pass vlan 40 200 100 [SW6]int g 0/0/5 [SW6-GigabitEthernet0/0/5]port link-type trunk [SW6-GigabitEthernet0/0/5]port trunk allow-pass vlan 50 100 200 [SW6-GigabitEthernet0/0/5]int g 0/0/6 [SW6-GigabitEthernet0/0/6]port link-type trunk [SW6-GigabitEthernet0/0/6]port trunk allow-pass vlan 60 100 200 [SW6-GigabitEthernet0/0/6]int g 0/0/7 [SW6-GigabitEthernet0/0/7]port link-type hybrid [SW6-GigabitEthernet0/0/7]port hybrid pvid vlan 200 [SW6-GigabitEthernet0/0/7]port hybrid untagged vlan 20 30 40 50 60 100 200 LSW1 [Huawei]sys SW1 [SW1]vlan batch 20 100 200 [SW1]int e 0/0/1 [SW1-Ethernet0/0/1]port link-type trunk [SW1-Ethernet0/0/1]port trunk allow-pass vlan 20 100 200 [SW1-Ethernet0/0/1]int e 0/0/2 [SW1-Ethernet0/0/2]port link-type hybrid [SW1-Ethernet0/0/2]port hybrid pvid vlan 20 [SW1-Ethernet0/0/2]port hybrid untagged vlan 20 100 200 SW2 [Huawei]sys SW2 [SW2]vlan batch 30 100 200 [SW2]int e 0/0/1 [SW2-Ethernet0/0/1]port link-type trunk [SW2-Ethernet0/0/1]port trunk allow-pass vlan 30 100 200 [SW2-Ethernet0/0/1]int e 0/0/2 [SW2-Ethernet0/0/2]port link-type hybrid [SW2-Ethernet0/0/2]port hybrid pvid vlan 30 [SW2-Ethernet0/0/2]port hybrid untagged vlan 30 100 200 SW3 [Huawei]sys SW3 [SW3]vlan batch 40 100 200 [SW3-Ethernet0/0/2]int e 0/0/1 [SW3-Ethernet0/0/1]port link-type trunk [SW3-Ethernet0/0/1]port trunk allow-pass vlan 40 100 [SW3-Ethernet0/0/1]int e 0/0/2 [SW3-Ethernet0/0/2]port link-type hybrid [SW3-Ethernet0/0/2]port hybrid pvid vlan 40 [SW3-Ethernet0/0/2]port hybrid untagged vlan 40 100 SW4 [SW4]vlan batch 50 100 200 [SW4]int e 0/0/1 [SW4-Ethernet0/0/1]port link-type trunk [SW4-Ethernet0/0/1]port trunk allow-pass vlan 50 100 200 [SW4]int e 0/0/2 [SW4-Ethernet0/0/2]port link-type hybrid [SW4-Ethernet0/0/2]port hybrid pvid vlan 50 [SW4-Ethernet0/0/2]port hybrid untagged vlan 50 100 200 SW5 [Huawei]sys SW5 [SW5]vlan batch 60 100 200 [SW5]int e 0/0/1 [SW5-Ethernet0/0/1]port link-type trunk [SW5-Ethernet0/0/1]port trunk allow-pass vlan 60 100 200 [SW5-Ethernet0/0/1]int e 0/0/2 [SW5-Ethernet0/0/2]port link-type hybrid [SW5-Ethernet0/0/2]port hybrid pvid vlan 60 [SW5-Ethernet0/0/2]port hybrid untagged vlan 60 100 200 实现: 各部门不互通 各部门与服务器互通 加工部禁止连接互联网其余部门均可连接互联网公司网站销售平台向互联网开放(通过互联网可以访问到公司电商平台)
[AR1]dhcp en [AR1-GigabitEthernet0/0/0]int g 0/0/1 [AR1-GigabitEthernet0/0/1]ip add dhcp-alloc [AR1]acl 2100 [AR1-acl-basic-2100]rule permit source 192.168.1.0 0.0.0.255 [AR1-acl-basic-2100]int g 0/0/1 [AR1-GigabitEthernet0/0/1]nat outbound 2100 实现: 开启了nat,实现地址转换访问互联网公司总部销售部、采购部、财务部、行政部有访问互联网需求
整体网络要能被安全管理,如果出现设备问题,IT人员可以随时处理故障(通过互联网就可以管理设备)
[AR1]user-interface vty 0 4 [AR1-ui-vty0-4]authentication-mode aaa [AR1-ui-vty0-4]protocol inbound ssh [AR1-ui-vty0-4]aaa [AR1-aaa]local-user ceshi password cipher 123456 [AR1-aaa]local-user ceshi service-type ssh [AR1-aaa]local-user ceshi privilege level 15 [AR1]stelnet server enable [AR1]ssh user ceshi authentication-type password 实现: 开启了ssh远程服务以方便管理