1. Realize the function
Basically realize the following network core functions:
(1). Three-layer architecture design
This topic is designed and planned according to the three-layer network structure (access layer, convergence layer, core layer). The access layer requires more network entrances, convergence The core layer realizes the interconnection of the access layer network, and the core layer completes the exchange of data inside and outside the campus, and realizes routing and security functions.
(2). The design of the routing module
requires routing through RIP and EIGRP routing protocols.
(3). The design of the switch module
reasonably plans the virtual local area network (Vlan), and the VLANs are realized through three-layer routing. Access layer switches implement interworking through Layer 2 switching.
(4). The design of the security module
requires that the access control list (ACL) be configured on the router to ensure the denial of access to some network areas (such as the database server).
2. Department vlan division and IP address
| Internet users |
IP segment |
gateway |
Belonging VLAN |
| Campus Financial Network |
192.168.10.0/24 |
192.168.10.254 |
Vlan10 |
| teaching department |
192.168.20.0/24 |
192.168.20.254 |
VLAN20 |
| School building network |
192.168.30.0/24 |
192.168.30.254 |
VLAN30 |
| library network |
192.168.40.0/24 |
192.168.40.254 |
VLAN40 |
| Central computer room |
192.168.50.0/24 |
192.168.50.254 |
VLAN50 |
3. Network topology description
The network is designed with a three-layer architecture, and the gateways of each vlan are configured on the core for access, aggregation, and core egress.
4. Configuration process
- Eth-trunk is configured in the central computer room to achieve link redundancy, and Eth-trunk is used for access to convergence in the computer room and convergence to the core
The network in the college is divided into multiple VLANs, and the same departments can communicate with each other
create vlan
Configure the corresponding vlan for the interface
All users obtain IP addresses automatically
Configure dhcp to obtain addresses on each gateway
Other vlan configurations are the same
The core switch acts as a user gateway to implement inter-vlan routing
Configure each vlan gateway through the SVI interface
Configure NAT on the egress to implement address translation
Map port 80 of the intranet web server at the exit of the college to allow external network users to access
All devices can be remotely managed by telnet
Configure telnet username and password for all devices
Set virtual interface for username and password authentication
Only the finance department is allowed to access the financial server of the college. 1. The security department is prohibited from accessing the external network
Finance server 192.168.50.3 allows only finance access:
5. Test
Get private message