1、部門間可相互通信;

2、所有部門均可訪問OA系統(tǒng),

3、采購系統(tǒng)只允許采購部門訪問;

4、視頻監(jiān)控所有部門均可以通過內(nèi)、外網(wǎng)訪問;

5、數(shù)據(jù)中心區(qū)ip地址均為靜態(tài)設(shè)置;" />

国产成人精品无码青草_亚洲国产美女精品久久久久∴_欧美人与鲁交大毛片免费_国产果冻豆传媒麻婆精东

15158846557 在線咨詢 在線咨詢
15158846557 在線咨詢
所在位置: 首頁 > 營銷資訊 > 網(wǎng)站運(yùn)營 > 中小型企業(yè)網(wǎng)絡(luò)實(shí)戰(zhàn)案例

中小型企業(yè)網(wǎng)絡(luò)實(shí)戰(zhàn)案例

時(shí)間:2023-06-18 15:00:01 | 來源:網(wǎng)站運(yùn)營

時(shí)間:2023-06-18 15:00:01 來源:網(wǎng)站運(yùn)營

中小型企業(yè)網(wǎng)絡(luò)實(shí)戰(zhàn)案例:一、組網(wǎng)需求及拓?fù)鋱D

1、部門間可相互通信;

2、所有部門均可訪問OA系統(tǒng),

3、采購系統(tǒng)只允許采購部門訪問;

4、視頻監(jiān)控所有部門均可以通過內(nèi)、外網(wǎng)訪問;

5、數(shù)據(jù)中心區(qū)ip地址均為靜態(tài)設(shè)置;

6、辦公區(qū)ip均為自動(dòng)獲取,且均可以上網(wǎng);

7、設(shè)備均可遠(yuǎn)程管理;



組網(wǎng)拓?fù)鋱D

二、數(shù)據(jù)規(guī)劃


1、設(shè)備管理vlan10:10.10.10.0/24;

2、生產(chǎn)部vlan1000:192.168.10.0/24;

3、采購部vlan2000:192.168.20.0/24;

4、核心與防火墻之間vlan300:172.16.1.0/24;

5、采購系統(tǒng)vlan100:192.168.100.0/24;

6、OA系統(tǒng)vlan200:192.168.200.0/24;

7、視頻監(jiān)控vlan300:192.168.30.0/24;




三、配置步驟

1、核心交換配置

a、創(chuàng)建vlan:


vlan 10 description SheBeiGuanLivlan 100 description CaiGouservervlan 200 description OAservervlan 300 description ShiPinJKvlan 1000 description ShengChanvlan 2000 description CaiGouvlan 3000 description connectFW quitb、將交換機(jī)的端口加入對(duì)應(yīng)的vlan:

#防火墻的接口是三層口所以交換機(jī)與防火墻相連的端口用access模式interface GigabitEthernet0/0/1 port link-type access port default vlan 3000interface GigabitEthernet0/0/22 port link-type trunk port trunk allow-pass vlan 10 1000interface GigabitEthernet0/0/23 port link-type trunk port trunk allow-pass vlan 10 2000interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 10 100 200 300 1000 2000 3000 quitc、配置設(shè)備遠(yuǎn)程管理:

stelnet server enable telnet server enable user-interface vty 0 4protocol inbound telnet authentication-mode aaaidle-timeout 15quitaaa local-user admin password cipher admin@123 local-user admin privilege level 15 local-user admin service-type telnet web ssh quitd、配置vlan管理地址:

interface Vlanif10 ip address 10.10.10.254 255.255.255.0interface Vlanif100 ip address 192.168.100.254 255.255.255.0interface Vlanif200 ip address 192.168.200.254 255.255.255.0interface Vlanif300 ip address 192.168.30.254 255.255.255.0interface Vlanif1000 ip address 192.168.10.254 255.255.255.0interface Vlanif2000 ip address 192.168.20.254 255.255.255.0interface Vlanif3000 ip address 172.16.1.2 255.255.255.0 quite、開啟dhcp地址分配:

dhcp enableinterface Vlanif1000 dhcp select globalinterface Vlanif2000 dhcp select global quitip pool 1000 gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 quitip pool 2000 gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 quitf、配置訪問控制列表:

acl 3001 description CaiGouConnectCaiGouServer rule permit ip source 192.168.20.0 0.0.0.255 rule deny ip source 192.168.10.0 0.0.0.255 rule deny ip source 10.10.10.0 0.0.0.255 rule deny ip source 172.16.1.0 0.0.0.255 rule deny ip source 192.168.200.0 0.0.0.255 rule deny ip source 192.168.30.0 0.0.0.255 quittraffic-filter vlan 100 outbound acl 3001acl 3002description ConnectOAServerrule deny ip source 10.10.10.0 0.0.0.255rule deny ip source 172.16.1.0 0.0.0.255rule deny ip source 192.168.100.0 0.0.0.255rule deny ip source 192.168.30.0 0.0.0.255quittraffic-filter vlan 200 outbound acl 3002quitg、配置默認(rèn)路由

ip route-static 0.0.0.0 0.0.0.0 172.16.1.32、生產(chǎn)部、采購部、機(jī)房交換機(jī)配置


a、創(chuàng)建vlan


#生產(chǎn)部vlan 10 description SheBeiGuanLivlan 1000 description ShengChan quit#采購部vlan 10 description SheBeiGuanLivlan 2000 description CaiGou quit#機(jī)房vlan 10 description SheBeiGuanLivlan 100 description CaiGouservervlan 200 description OAservervlan 300 description ShiPinJKvlan 1000 description ShengChanvlan 2000 description CaiGou quitb、將交換機(jī)的端口加入對(duì)應(yīng)的vlan及配置管理地址:

#生產(chǎn)部interface Ethernet0/0/1 port link-type access port default vlan 1000interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 1000quitinterface Vlanif10 ip address 10.10.10.251 255.255.255.0 quit#采購部interface Ethernet0/0/2 port link-type access port default vlan 2000interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 2000quitinterface Vlanif10 ip address 10.10.10.252 255.255.255.0 quit#機(jī)房 interface Ethernet0/0/1 port link-type access port default vlan 100interface Ethernet0/0/2 port link-type access port default vlan 200interface Ethernet0/0/3 port link-type access port default vlan 300interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 100 200 300 1000 2000 quit interface Vlanif10 ip address 10.10.10.253 255.255.255.0 quitc、配置設(shè)備管理

#我這里為了方便全配成一樣了,建議在實(shí)際項(xiàng)目中不要這樣配stelnet server enable telnet server enable user-interface vty 0 4protocol inbound telnet authentication-mode aaaidle-timeout 15quitaaa local-user admin password cipher admin@123 local-user admin privilege level 15 local-user admin service-type telnet web ssh quit3、防火墻配置

a、配置內(nèi)、外接口地址并設(shè)置好區(qū)域

注:外網(wǎng)口是我橋接到自己的電腦上了,所以地址是和我電腦同網(wǎng)段的地址。



內(nèi)網(wǎng)口配置



外網(wǎng)口配置


b、配置靜態(tài)路由


注:我在配置外網(wǎng)接口時(shí)已經(jīng)配置網(wǎng)關(guān),所以這里不用再配置出口路由




c、配置上網(wǎng)安全策略




d、配置端口映射的安全策略




e、配置上網(wǎng)NAT策略



f、配置端口映射



四、結(jié)果驗(yàn)證

1、生產(chǎn)部訪問采購部、OA、外網(wǎng)、采購系統(tǒng)、視頻監(jiān)控



2、采購部訪問生產(chǎn)部、OA、外網(wǎng)、采購系統(tǒng)、視頻監(jiān)控




3、外網(wǎng)訪問視頻監(jiān)控






End







小編推薦閱讀

【技巧】怎樣在瀏覽器上實(shí)現(xiàn)高效精準(zhǔn)搜索


【實(shí)用】防暴力破解服務(wù)器ssh登入次數(shù)


【收藏】最簡單有效的 zabbix 快速學(xué)習(xí)法


Wireshark的抓包和分析,看這篇就夠了!





大家看完文章別忘記給小編點(diǎn)一個(gè)“贊”和“在看”支持一下哦。

關(guān)鍵詞:實(shí)戰(zhàn),網(wǎng)絡(luò),小型,企業(yè)

74
73
25
news

版權(quán)所有? 億企邦 1997-2025 保留一切法律許可權(quán)利。

為了最佳展示效果,本站不支持IE9及以下版本的瀏覽器,建議您使用谷歌Chrome瀏覽器。 點(diǎn)擊下載Chrome瀏覽器
關(guān)閉