Summary
In the era of rapid development of science and technology, network interconnection technology has shown its vigorous development vitality, and it has gradually entered people's home life, making the intelligence and networking of today's society more and more obvious. Due to the continuous expansion of Internet information and service content, the user's demand for the network has increased sharply. Families, student dormitories and other places have deployed networks to join the Internet. More and more families or student dormitories do not have more than one computer. So how to build a cheap and fast practical network that is not affected by the region. Campus network has become an important information infrastructure necessary for every school, and its scale and application level have become an important symbol to measure the comprehensive strength of school teaching and scientific research. On the basis of full investigation of the current actual situation of a certain college campus network, combined with the development direction of current technology and the actual needs of users, the overall design scheme for the construction of the college campus network is formulated. Through the design and construction of the campus network, a broadband multimedia network in the true sense can be realized, and teaching, scientific research and comprehensive information services can be provided for teachers and students. On the basis of local area network technology and advanced development, this paper analyzes the significance, construction principles and purposes of establishing a campus network, and elaborates its design process in detail. The article discusses the design scheme of the campus network from the aspects of system structure, network scheme, management and layout. In the network design, the network topology, VLAN division, IP allocation, extended access, and NAT configuration are introduced in detail. Finally, manage the network and realize the security of the network through related software. On the basis of disaggregated networking technology, according to the development trend of the current campus network, combined with the demand analysis of the current intelligent campus network system, a campus network model is designed, and the model is refined in all aspects. Properly select the equipment according to the model diagram. Use the simulation software Cisco Packet Tracer to configure the device, including IP address planning, routing protocol selection, and switch configuration.
Keywords : network networking technology IP address planning switch configuration NAT
1. Task overview
1.1 Design purpose
In-depth understanding of the three-layer design model of network engineering, master network topology design, network address
Planning and design, integrated wiring design and other technologies can plan, design, install,
Connection and setup, mastering the design and establishment of small campus networks.
1.2 Project tasks and requirements
Three-layer hierarchical model of network engineering design, network topology, network address planning, integrated wiring, design
Equipment installation, connection, configuration, large-scale network planning, design, and formation.
1.3 References
(1) "Computer Network Experiment Guide", Guo Ya, Electronic Industry Press.
(2) "Network Engineering Design Course: System Integration Method", Chen Ming, Machinery Industry Press.
(3) "Computer Network (Seventh Edition)", Xie Xiren, Electronic Industry Press.
(4) "Computer Network Planning and Design", Wu Xueyi, Machinery Industry Press.
(5) The original article of CSDN blogger "VictorHan01", the original link: Small business network design based on Packet trace_VictorHan01's blog-CSDN blog_Cisco simulator to build a small and medium business network
(6) Original article by CSDN blogger "Fisherman Tao", original link: Computer Network Design - Enterprise Network Planning and Construction_ Fisherman Tao's Blog-CSDN Blog_Enterprise Network Planning and Design
(7) The original article of the CSDN blogger "Cai Xu Kun in the Programming World", the original link: Simple installation and use of the Cisco Simulator_Cisco Simulator Blog-CSDN Blog_Cisco Simulator Installation Tutorial
(8) The up master of station B has a video of "There is a Dudu under the big tree", the video link:
[Campus Network] Disassembly of the comprehensive networking configuration process_哔哩哔哩_bilibili
2. Development environment
1. PC running Windows system
2. Use Cisco Packet Tracer to build and configure the network
3. Project demand analysis
(1) In the campus LAN, a three-tier architecture is required. In the core layer, a three-layer switch is used as the core switch, which is responsible for core switching. The aggregation layer uses two switches to aggregate traffic and funnel the traffic into the core layer. Access layer switches are responsible for connecting devices and increasing port density.
(2) Different buildings in the campus need to be divided into VLANs, and different access layer switches are divided into different VLANs. The specific design depends on specific requirements.
(3) Set up a dns server and an http server inside the LAN to facilitate domain name resolution and external network access to the company's official website. above the core layer.
(4) Above the core layer, the core router is responsible for traffic forwarding, nat configuration and port mapping.
4. Project design and implementation
4.1 Overall Design
The core topology is a three-tier architecture. For the core layer, two multilayer switches are used as the core switches, and the two core switches are respectively connected to the router, and link aggregation is used between the two core switches. For the aggregation layer, two switches are used, and each of the two switches is connected to two core switches to ensure reliability. For the access layer, four switches are temporarily used, and each switch is assigned to a vlan, which is responsible for the connection of a virtual local area network, and one of them is responsible for connecting the server group of the campus network.
4.2 Function Design
(1) Configure mstp on the switch. There are vlan10, vlan20, vlan30, vlan40, and vlan100 in the tentative LAN. Set a multi-spanning tree group with instances instance1 and instance2, assign vlan10, vlan20, and vlan100 to instance1, and assign vlan30 and vlan40 to instance2. Set multilayer switch 1 as the root switch of instance1, and set multilayer switch 2 as the root switch of instance2.
(2) The core switch is used as a gateway to reduce the burden on the router. Multilayer switch 1 is the gateway of vlan10, vlan20 and vlan100, and multilayer switch 2 is the gateway of vlan30 and vlan40. At the same time, the redundancy of the gateway is realized, and the multilayer switch 1 is used as the backup gateway of vlan30 and vlan40, and the multilayer switch 2 is used as the backup gateway of vlan10, vlan20 and vlan100.
(3) Use multilayer switch 1 to realize the dhcp functions of vlan10, vlan20 and vlan100, and use multilayer switch 2 to realize the dhcp functions of vlan30 and vlan40.
(4) Routes are configured on multilayer switch 1 and multilayer switch 2, pointing to router 0.
(5) Configure the interface IP on router 0, write the static route to the LAN, and the default route to the external network.
(6) Nat is configured on router 0, and all IPs in the LAN are translated from AR1 to the external network to public network addresses.
(7) The ospf protocol service is used on multilayer switch 1 and multilayer switch 2.
(8) Port mapping is configured on router 0, and the external network PC can operate and maintain multilayer switch 1 and multilayer switch 2 through authentication, and can also visit the official website of the enterprise (www.xpu.com)
4.3 System Implementation
Network Topology
(1) Build the topology as shown in the figure
(2) Plan the IP address. The local area network is tentatively divided into 5 vlans, among which vlan10-40 is used as the user vlan, and vlan100 is used as the vlan of the server group.
IP address planning:
192.168.10.1/24 vlan10
192.168.20.1/24 vlan20
192.168.30.1/24 vlan30
192.168.40.1/24 vlan40
192.168.100.0/24 vlan100 for server farm
10.1.101.0/24 Network segment between multilayer switch 1 and router
10.1.102.0/24 Network segment between multilayer switch 2 and router
202.207.150.0/24 The network segment between router 0 and ISP (carrier router)
100.1.1.0/24 A network segment on the public network for testing
Create a vlan on the switch, create a virtual interface, and configure the corresponding IP address for each interface.
(3) Each switch configures the interface type according to the setting, and configures the interface permission list.
(4) Multi-spanning tree group 1 is established on multi-layer switch 1 and multi-layer switch 2, among which two instances instance1 and instance2 are established, vlan10, vlan20, vlan100 and vlan30, vlan 40 are divided into two instances, the root of instance1 The switch is designated as multilayer switch 1, and the root switch of instance2 is designated as multilayer switch 2. Configure mstp on each switch separately.
(5) Configure vrrp on the two core switches.
Configure the virtual interface and the IP address of the virtual interface on the two switches. See the table below for the specific mapping.
[110/2] via 192.168.10.252, 00:55:08, Vlan10
[110/2] via 192.168.20.252, 00:55:08, Vlan20
[110/2] via 192.168.30.252, 00:55:08, Vlan30
[110/2] via 192.168.40.252, 00:55:08, Vlan40
[110/2] via 192.168.100.252, 00:55:08, Vlan100
(6) Enable the dhcp service on the two core switches, establish the corresponding address pool, and configure the corresponding gateway address. Enable dhcp on the virtual interface.
(7) Enable the ostp protocol service on the two core switches and routers.
(8) The LAN server group is equipped with a dns server and an http server, and the dns server is used as the default dns server for each network segment of each intranet. The http server is accessible from both intranet and extranet.
(9) Write default routes on multilayer switch 1 and multilayer switch 2, pointing to router 0. Write the default route on the router, pointing to the ISP, and write the static of the user network segment, pointing to the two-core switch.
(10) Nat is configured on the interface connected to the ISP on router 0, and the address in the 101.1.101.0/16 network segment is translated to 211.1.1.0.
(11) Configure port mapping on router 0, and convert the designated port accessing 211.1.1.0 to port 5 accessing multilayer switch 1 and multilayer switch 2 and the http server.
5. Program operation and test results
1. The intranet user network segment can be connected to the external network segment
2. Intranet can communicate with each other
3. Intranet can access the server group
6. Problems and experiences in design
1. There is a problem with the configuration of multiple spanning trees during the configuration process. Solve problems through more standardized operations.
2. There is a problem with static routing. The route summary of the user network segment on the router meets the default route on the core switch, resulting in a loop. Solve the problem by deleting the summarized route and changing it to a single route for each user network segment.
3. There is a problem with port mapping, the internal network can log in to the core switch but the external network cannot. The same configuration can achieve corresponding functions in other topologies with the same configuration, which is suspected to be a simulator problem.
7. Appendix
Part of the core configuration:
1. PC configuration
Take PC0 as an example
IP Address:192.168.10.1
Subnet Mask:255.255.255.0
Default Gateway:192.168.10.254
DNS Server:192.168.100.2
2. Access switch configuration
Take the teaching building access switch as an example
in
conf t
ho Jiaoxue
end
show vlan
Picture slightly
Let the spanning tree converge quickly
sh run
conf t
int range f0/1-2
span
spanning-tree po
spanning-tree portfast
end
Similar to configuring several access switches in the library, dormitory building, and training building`
3. Create multiple vlans
Taking switch 1 as an example, vlan10 and vlan20 are assigned to it
In
conf t
ho Huiju-1
do show vlan
vlan 10
vlan 20
end
conf t
int range f0/1-4
sw
switchport mo run
switchport mo trunk
end
show vlan
wri
Same for other switches
Vlan division is normal:
shixun #show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
F0/7, F0/8, F0/9, F0/10
F0/11, F0/12, F0/13, F0/14
F0/15, F0/16, F0/17, F0/18
F0/19, F0/20, F0/21, F0/22
Fa0/23, Fa0/24, Gig1/1, Gig1/2
40 VLAN0040 active Fa0/1, Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 container 100001 1500 - - - - - 0 0
40 dishes 100040 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Trunk is created normally:
shixun #show run
Building configuration...
Current configuration : 1162 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname shixun
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
4. Multilayer switch configuration
Forwarding through HSRP+STP
in
show vlan
sh run
conf t
s trun
s trun
s truning
s truning
sw
switchport trun
switchport trunk en
switchport trunk encapsulation do
switchport trunk encapsulation dotlq
sw mo run
sw mo trunk
end
Set the Hostname of multilayer switch 1 to Core1
The same configuration process for multilayer switch 2
5. Link aggregation configuration
Core1#conf t
int po
int port-channel 1
sw trun
sw trunk en
sw trunk encapsulation do
sw trunk encapsulation dotlq
sw against run
sw mo trunk
int range f0/3-4
chan
channel-gr
channel-group 1 month
channel-group 1 mo
channel-group 1 mode on
channel-group 1 mode o?
on
channel-group 1 mode ?
channel-group 1 mode on
channel-group 1 mode on
end
Multilayer switch 2 is the same
Core2#conf t
span
spanning-tree vlan 10、20、30 roo
spanning-tree vlan 10、20、30 root se
spanning-tree vlan 10、20、30 root ?
spanning-tree vlan 10、20、30 root
span
spanning-tree vlan 10、20、100 roo
spanning-tree vlan 10、20、100 root se
spanning-tree vlan 10、20、100 root secondary
span
spanning-tree vlan 30、40 roo
spanning-tree vlan 30、40 root pri
spanning-tree vlan 30、40 root primary
end
wri
sh run
The multilayer switch link aggregation configuration is normal:
Core2#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) - Fa0/3(P) Fa0/4(P)
6. Configure HSRP
Take vlan10 as an example
int vlan 10
ip routing
int vlan 10
end
sh run
Core1#conf t
int vlan 10
ip add
ip address 192.168.10.251 255.255.255.0
sta
standby
standby 1 ip 192.168.10.254
sta
standby 1 at
standby 1 priority 120
sta
standby 1 pre
standby 1 preempt ?
<cr>
standby 1 preemptend
Multilayer switch 2 is the same
HSRP configuration is OK:
Core1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl1 1 120 P Active local 192.168.10.252 192.168.10.254
Vl2 1 120 P Active local 192.168.20.252 192.168.20.254
Vl1 1 120 P Active local 192.168.100.252 192.168.100.254
Vl3 1 100 P Standby 192.168.30.252 local 192.168.30.254
Vl4 1 100 P Standby 192.168.40.252 local 192.168.40.254
7. Set the multi-layer switch to a layer-3 port for communication
ip int brief
Core1#conf t
int f0/5
no sw
no switchport
ip ad
ip address 10.1.101.2 255.255.255.252
no shu
no shutdown
end
wri
Multilayer switch 2 is the same
8. The ospf configuration of the router
conf t
no router ospf 1
logadjcency-changes
network 10.1.102.0.0.0.3 area 0
it is
twork 192.168.10.0.0.0.0.255 area0
network 192.168.20.0.0.0.0.255 area0
network 192.168.30.0.0.0.0.255 area0
network 192.168.40.0.0.0.0.255 area0
network 192.168.100.0.0.0.0.255 area0
end
Multilayer switch 2 is the same
9. Configuration of router address
Take router 0 as an example
conf t
int se1/0
no shu
no shutdown
ip ad
ip address 211.1.1 255.255.255.252
no shu
no shutdown
end
Same for other routers
10. Configuration of router NAT
conf t
ip nat in
ip nat inside
int se1/0
or
ip nat outside
exit
acc
access-list 10 per
access-list 10 permit 192.168.0.0 0.0.255.255
ip nat in
ip nat inside sou
ip nat inside source ?
ip nat inside source li
ip nat inside source list 10 in
ip nat inside source list 10 interface ?
ip nat inside source list 10 interface se1/0
ip nat inside source list 10 interface se1/0 overload
end