A small campus network built with eNSP

Software required for this project eNSP_Setup, VirtualBox-5.2.38-136252-Win, WinPcap_4_1_3, Wireshark-win64-3.2.2

1.1 Design tasks

Set up a small campus network: 50 computers in the student dormitory, 30 computers in the office building (the office building is divided into the finance department, the personnel department, and other departments), 10 computers in the library, 30 computers in the teaching building, and 2 servers (FTP , Web), the school is connected to the server and the Internet through a router.

1.2 Demand Analysis

1. Each department can communicate at Layer 2 and between departments at Layer 3.

2. Use static routing and RIP routing configuration.

3. The private network IP address is used inside the campus, and all users can access the Internet through the campus network.

4. All users can share resources on the intranet and access the Web/FTP server.

5. Student dormitories, libraries, and teaching buildings cannot visit the Personnel Office and the Finance Office.

6. The server uses a static IP address, and other users use dynamic IP addresses.

1.3 Network Planning/Design

1.3.1 VLAN Planning

A host and a Client are respectively set up in the student dormitory, library, and downstairs of the teaching floor to realize the communication between the second floor. Three switches are set under the office building, and a host and a client are set under each switch to realize the communication between the two layers.

An aggregation switch is used for configuration, representing the teaching building, so that the three layers can communicate with each other. At the same time, it meets the requirements that student dormitories, libraries, and teaching buildings cannot visit the Personnel Office and the Finance Office.

1.3.2 IP address planning

The following is the IP address plan

1.3.3 Function Deployment Planning

Overall layout of campus network

The student dormitory consists of a switch, a host and a Client. The configured

The VLAN is VLAN 10, which can access the library and teaching building

The library consists of a switch, a host and a Client. The configured VLAN is VLAN 50, which can access student dormitories and teaching buildings.

The teaching building consists of a switch, a host and a Client. The configured VLAN is VLAN 60, which can access the library and student dormitory.

The office building is represented by one aggregation switch, and the others are three ordinary switches, representing the finance department, the personnel department, and other departments, and each part is represented by a host and a client.

The financial department, the personnel department, and other departments can communicate with each other, and the student dormitory, library, and teaching building cannot access the personnel department and the financial department.

The Internet and Web/FTP servers are represented by one host and one server respectively, which can realize the use of private network IP addresses within the campus, all users can access the Internet through the campus network, and all users can realize resource sharing and access on the internal network. Two functions of Web/FTP server.

1.4 Specific placement

1.4.1 Configuring VLAN - Configuration on the Access Switch

Configure VLANs on LSW1-LSW6 respectively, then configure the ingress type to access, set the host default vlan to the configured vlan, set the egress to the trunk type, and set the egress vlan to the default preset vlan

LSW1

vlan batch 10
interface Ethernet 0/0/1
port link-type access
port default vlan 10
quit
interface Ethernet 0/0/2
port link-type access
port default vlan 10
quit
interface Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 10
quit

LSW2

vlan batch 20
interface Ethernet 0/0/3
port link-type access
port default vlan 20
quit
interface Ethernet 0/0/4
port link-type access
port default vlan 20
quit
interface Ethernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 20
quit

LSW3

vlan batch 30
interface Ethernet 0/0/5
port link-type access
port default vlan 30
quit
interface Ethernet 0/0/6
port link-type access
port default vlan 30
quit
interface Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 30
quit

LSW4

vlan batch 40
interface Ethernet 0/0/7
port link-type access
port default vlan 40
quit
interface Ethernet 0/0/8
port link-type access
port default vlan 40
quit
interface Ethernet 0/0/5
port link-type trunk
port trunk allow-pass vlan 40
quit

LSW5

vlan batch 50
interface Ethernet 0/0/9
port link-type access
port default vlan 50
quit
interface Ethernet 0/0/10
port link-type access
port default vlan 50
quit
interface Ethernet 0/0/6
port link-type trunk
port trunk allow-pass vlan 50
quit

LSW6

vlan batch 60
interface Ethernet 0/0/11
port link-type access
port default vlan 60
quit
interface Ethernet 0/0/12
port link-type access
port default vlan 60
quit
interface Ethernet 0/0/7
port link-type trunk
port trunk allow-pass vlan 60
quit

1.4.2 Configure VLAN 10, 50, 60 on the router

Configure VLANs 10, 50, and 60 on the AR1 router to enable inter-departmental three-layer access between the student dormitory, library, and teaching building.
First, create VLANs 10, 50, and 60 in batches, set the interface type to access, set the default VLAN to the default VLAN, then set the export type to trunk, set the default VLAN to the default, and let it pass.
At the same time create a VLAN100, the purpose is to use the office building.

vlan batch 10
interface Ethernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 10
quit
vlan batch 50
interface Ethernet 0/0/6
port link-type trunk
port trunk allow-pass vlan 50
quit
vlan batch 60
interface Ethernet 0/0/7
port link-type trunk
port trunk allow-pass vlan 60
quit
vlan batch 100
interface Ethernet 0/0/5
port link-type trunk
port trunk allow-pass vlan 100
quit

1.4.3 Configure VLAN10, 50, 60 routing - router

Configure routes for student dormitories, libraries, and teaching buildings, so that HDCP can dynamically obtain routes, and enable student dormitories, libraries, and teaching buildings to ping each other.

interface vlanif 10
ip address 192.168.1.1 24
quit
interface vlanif 50
ip address 192.168.5.1 24
quit
interface vlanif 60
ip address 192.168.6.1 24
quit
dhcp enable
interface vlanif 10
dhcp select interface
quit
dhcp enable
interface vlanif 50
dhcp select interface
quit
dhcp enable
interface vlanif 60
dhcp select interface
quit

Configuration results The student dormitory, library and teaching building can ping each other

Student dormitory ping library, teaching building

The library pings student dormitories and teaching buildings

Teaching building ping student dormitory, library

1.4.4 Creating a VLAN on the aggregation switch LSW7

Create VLANs 20, 30, 40, and 100 on LSW7 in batches, configure the interface type as access on each switch link connected to LSW7 through a GigabitEthernet interface, and set the default VLANs to the preset 20, 30, and 40.

LSW7

vlan batch 20 30 40 100
interface GigabitEthernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 20
quit
interface GigabitEthernet 0/0/4
port link-type trunk
port trunk allow-pass vlan 30
quit
interface GigabitEthernet 0/0/5
port link-type trunk
port trunk allow-pass vlan 40
quit
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan 100
quit

1.4.5 Configuring Routing on Aggregation Switch LSW7

Configure each routing address separately in the three VLANIFs

LSW7

interface vlanif 20
ip address 192.168.2.1 24
quit
interface vlanif 30
ip address 192.168.3.1 24
quit
interface vlanif 40
ip address 192.168.4.1 24
quit
interface vlanif 100
ip address 192.168.100.1 24
quit
rip 100
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.100.0
quit

1.4.6 Configure DHCP—Configure DHCP Relay

Configure the DHCP relay on LSW7, enable the DHCP function on LSW7, and then enable the DHCP relay function on LSW7 and specify the address of the DHCP server to be relayed to.

LSW7

dhcp enable
interface vlanif 20
dhcp select relay
dhcp relay server-ip 192.168.100.2
quit
interface vlanif 30
dhcp select relay
dhcp relay server-ip 192.168.100.2
quit
interface vlanif 40
dhcp select relay
dhcp relay server-ip 192.168.100.2
quit

1.4.7 Configure DHCP—Configure the DHCP server

Enable the DHCP function on AR1 on the DHCP server, and configure global address pools pool2, pool3, and pool4 respectively. Enter the VLANIF 100 interface connected to LSW7 below, and enable the global address pool function.

AR1

dhcp enable
ip  pool pool2
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.1
quit
ip  pool pool3
network 192.168.3.0 mask 255.255.255.0
gateway-list 192.168.3.1
quit
ip  pool pool4
network 192.168.4.0 mask 255.255.255.0
gateway-list 192.168.4.1
quit
interface vlanif 100
dhcp select global
quit

The configuration result, the finance department, the personnel department, and other departments can ping each other

Finance Department ping Personnel Department, other departments

Personnel Office ping Finance Office, other departments

Other departments ping the Finance Office and the Personnel Office

1.4.8 Realize resource sharing

Realize resource sharing, so that all users can access the Web/FTP server through the campus network, which is also Server1, and the IP gateway is 200.1.1.1.

First, you need to add the direct route to AR1

interface vlanif 100
ip address 192.168.100.2 24
quit
rip 100
network 192.168.100.0
network 192.168.1.0
network 192.168.5.0
network 192.168.6.0
quit

Then configure the VLAN on the route connecting the AR1 router and the Web/FTP server, and configure the network address in VLANIF. Add the configured address to the rip for broadcasting.

AR1

vlan batch 1000
interface Ethernet 0/0/1
port link-type access
port default vlan 1000
quit
interface vlanif 1000
ip address 200.1.1.1 24
quit
rip 100
network 200.1.1.0
quit

Configure VLAN on the AR2 router and set the interface type to access. The default VALN is set to the default 200

AR2

vlan batch 200
interface Ethernet 0/0/1
port link-type access
port default vlan 200
quit

Configure an IP address on the GigabitEthernet 0/0/1 interface of AR1

AR1

interface GigabitEthernet 0/0/1
ip address 150.1.1.1 24
quit

Configure an address in VLANIF on AR2 and configure an IP address for GigabitEthernet 0/0/1

AR2

interface vlanif 200
ip address 100.1.1.1 24
quit
interface GigabitEthernet 0/0/1
ip address 150.1.1.2 24
quit

AR 1 and AR 2 are respectively configured with static addresses for connecting to each other.

ip route-static 0.0.0.0 0.0.0.0 150.1.1.2
ip route-static 0.0.0.0 0.0.0.0 150.1.1.1

Now PC1-PC6 can realize the function of accessing Web/FTP server

PC1

PC2

PC3

PC4

PC5

PC6

1.4.9 Configuring NAT

To configure NAT, you need to configure different address groups first and assign different addresses. Then configure different acls, assign different acls, and finally associate different IP address groups with different acls on the interface GigabitEthernet0/0/1 of AR1. also. You also need to configure a static route on LSW7.

LSW7

ip route-static 0.0.0.0 0.0.0.0 192.168.100.2

AR1

nat address-group 1 150.1.1.100 150.1.1.200
nat address-group 2 150.2.1.100 150.2.1.200
nat address-group 3 150.3.1.100 150.3.1.200
nat address-group 4 150.4.1.100 150.4.1.200
nat address-group 5 150.5.1.100 150.5.1.200
nat address-group 6 150.6.1.100 150.6.1.200
acl 2001
rule permit source 192.168.1.2 0.0.0.255
quit
acl 2002
rule permit source 192.168.2.2 0.0.0.255
quit
acl 2003
rule permit source 192.168.3.2 0.0.0.255
quit
acl 2004
rule permit source 192.168.4.2 0.0.0.255
quit
acl 2005
rule permit source 192.168.5.2 0.0.0.255
quit
acl 2006
rule permit source 192.168.6.2 0.0.0.255
quit
interface GigabitEthernet0/0/1
nat outbound 2001 address-group 1 no-pat
nat outbound 2002 address-group 2 no-pat
nat outbound 2003 address-group 3 no-pat
nat outbound 2004 address-group 4 no-pat
nat outbound 2005 address-group 5 no-pat
nat outbound 2006 address-group 6 no-pat
quit

Now PC1-6 can access the Internet
PC1

PC2

PC3

PC4

PC5

PC6

1.4.10 The configuration of student dormitories, libraries and teaching buildings cannot access the personnel office, finance office and other departments

By configuring ACL, the student dormitory, library and teaching building cannot access the personnel office, finance office and other departments.

Configure an acl3000, formulate a specific address as a rule, and then apply the rule to the interface of LSW7.

acl 3000
rule 1 deny ip source 192.168.1.1 0.0.0.255 destination 192.168.2.1 0.0.0.255
rule 2 deny ip source 192.168.1.1 0.0.0.255 destination 192.168.3.1 0.0.0.255
rule 3 deny ip source 192.168.1.1 0.0.0.255 destination 192.168.4.1 0.0.0.255
rule 4 deny ip source 192.168.5.1 0.0.0.255 destination 192.168.2.1 0.0.0.255
rule 5 deny ip source 192.168.5.1 0.0.0.255 destination 192.168.3.1 0.0.0.255
rule 6 deny ip source 192.168.5.1 0.0.0.255 destination 192.168.4.1 0.0.0.255
rule 7 deny ip source 192.168.6.1 0.0.0.255 destination 192.168.2.1 0.0.0.255
rule 8 deny ip source 192.168.6.1 0.0.0.255 destination 192.168.3.1 0.0.0.255
rule 9 deny ip source 192.168.6.1 0.0.0.255 destination 192.168.4.1 0.0.0.255
quit
interface vlanif100
traffic-filter outbound acl 3000
quit

PC1,5,6 cannot access PC2,3,4

PC2,3,4 can access PC1,5,6

1.5 Test Verification

1.5.1 Routing table of each network device

The routing table of each network device (aggregation switch/exit router) is given below

Enter the display ip routing-table command on LSW7, AR1, and AR2 to view the routing table

LSW7 routing configuration table

AR1 routing configuration table

AR2

1.5.2 Verification results

1.5.2.1 Layer 2 intercommunication within each department

student dormitory

Finance Office

Personnel Office

Other departments

library

teaching building

1.5.2.2 Three-layer communication between departments

Student dormitory ping library, teaching building

The library pings student dormitories and teaching buildings

Teaching building ping student dormitory, library

Finance Department ping Personnel Department, other departments

Personnel Office ping Finance Office, other departments

Other departments ping the Finance Office and the Personnel Office

1.5.2.3 Student dormitories, libraries, and teaching buildings cannot access other departments of the Finance Office of the Personnel Office

Student dormitories cannot access the personnel office, finance office, and other departments

The library cannot access the personnel office, finance office, and other departments

The teaching building cannot access the personnel office, finance office, and other departments

And the Finance Office, Personnel Office and other departments can visit the student dormitory, library and teaching building

1.5.2.4 The server uses a static IP address

Web/FTP server

Internet

1.5.2.5 Other users adopt dynamic IP addresses

PC1

PC2

PC3

PC4

PC5

PC6

1.5.2.6 All users can access the Internet through the campus network

PC1-6 can access the Internet

PC1

PC2

PC3

PC4

PC5

PC6

1.5.2.7 All users can share resources on the intranet and access the Web/FTP server

PC1

PC2

PC3

PC4

PC5

PC6

1.6 Summary

1.6.1 Experience in curriculum design

The two-week course design is over. This course design not only tests the knowledge I have learned, but also trains me how to grasp one thing, how to do one thing, and how to complete one thing. In the design process, we divide the design with the classmates, discuss with the classmates, learn from each other, and supervise each other. Learned to cooperate, learned to strategize, learned to be tolerant, learned to understand, and learned to be a man and behave in the world.

Curriculum design is the practical training for the comprehensive application of our professional curriculum knowledge. It is a must-have process before we step into society and engage in professional work. "A journey of a thousand miles begins with a single step". Through this course design, I deeply understand To the true meaning of this ancient saying, I am serious about curriculum design today, and learning to take this step down-to-earth is to lay a solid foundation for running steadily in the social tide tomorrow.

Through this course design, I have improved in many aspects. Through this design, a practical training in the design of a small campus network is carried out by comprehensively using the theoretical and practical knowledge of the courses studied in this major, so as to cultivate and improve the students' ability to work independently, consolidate and expand the content of the computer network and other courses. Master the methods and steps of network planning and design, master the basic skills of VLAN, ACL, NAT design, understand how to analyze the complexity of the network, how to determine the design scheme, understand the basic structure of the network, improve the ability to configure the network, drawing ability, Familiar with the norms and standards, and at the same time have a comprehensive review, the ability to think independently has also been improved.

1.6.2 Harvest

In this design process, I have demonstrated my ability to design the network and the ability to comprehensively apply knowledge. I have experienced the joy of applying what I have learned and highlighting the results of my labor. I have found out my usual learning deficiencies and weak links, so as to make up for it.

I would like to thank our computer network teacher. The teacher's rigorous, meticulous and meticulous style has always been a role model in my work and study; the teacher's persuasive teaching and eclectic ideas have given me endless inspiration; The details of the experiment are inseparable from the careful guidance of the teacher. And your cheerful personality and tolerant attitude helped me to complete this course design smoothly.

At the same time, I would like to thank my classmates who have helped me, thank you for your help and support, and let me feel the friendship of my classmates.

1.6.3 Deficiency Analysis

Due to my limited design ability, mistakes are inevitable in the design process. I urge teachers to give me more advice. I am very happy to accept your criticism and correction, and I will be very grateful.