简单说一下结构,因为广电的用户一般安全要求较高,而且一般不连接到互联网,但因为部分业务需要一些真IP地址,如web mail以及网吧是公安部门要求的。所以我将二种方式结合起来,内部交换使用广电的cisco6509来进行交换管理,需要出口的再通过 cisco3620来实现NAT以及VLAN划分管理等工作。
主要涉及的设备有:Cisco设备 Catalyst 6509一台、Catalyst 3550四台、Catalyst2950 四台、CISCO 3620 一台
IP地址规划概述每个分中心前端作为一个节点,每个节点分配一个私有B类网段,此节点内的所有设备接口地址、用户接入地址均从此网段内提取。各分中心分配的B类网段分为网间网地址和接入地址两部分。网间网地址用于一级分中心同二级分中心的互连以及一级分中心本地接入设备同相应一级分中心的互连。B类网段的第一个C类用作网间网地址。其余C类为接入地址,用于为各分中心本地接入设备提供地址,各分中心的接入地址要求由低向高按C类依次提取使用。
核心节点ZG的网间网地址用于所有骨干环互连以及核心节点和其它二级分中心的互连。
NAT的设置放置在分中心上。建议由用户设备进行NAT再连接到局端相应的设备上保证接入部分网络的简洁性、用户管理的系统性及节省局端设备资源。
可用地址总量为:172.16.0.0-172.31.0.0,共16个B类。
其中在总前端中的172.16.0.0/16中,取出172.16.255.0/24为设备间互连地址,172.16.254.0/24为设备管理地址和网管主机地址段。
分中心具体配置就不想说了。509和cisco3620以及出口的配置情况:
cisco 6509 config文件:
使用EIGRP协议作为本网络的IGP。EIGRP为CISCO路由协议,即可支持IP协议也支持IPX协议。EIGRP具有很好的网络扩展性,而且EIGRP是一种结合距离矢量和链路状态路由协议优点的混合协议,即节省路由器资源又提供足够的路由特性。
Current configuration : 6035 bytes
!
! Last configuration change at 15:00:07 GMT Fri Apr 11 2003
! NVRAM config last updated at 10:39:05 GMT Fri Apr 11 2003
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname XX_XX_6509
!
boot buffersize 522200
boot system flash sup-bootflash:
logging trap debugging
logging 172.16.254.254
enable secret 5 $1$1knf$7idctJT2//Ln8fa3OkJpL.
!
clock timezone GMT 8
redundancy
main-cpu
auto-sync standard
ip subnet-zero
!
!
no ip domain-lookup
!
no mls ip multicast aggregate
no mls ip multicast non-rpf cef
!
!
!
interface GigabitEthernet1/1
no ip address
!
interface GigabitEthernet1/2
no ip address
!
interface GigabitEthernet2/1
no ip address
!
interface GigabitEthernet2/2
no ip address
!
interface GigabitEthernet3/1
description LINK TO XX_CY_3550
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 996-998
switchport mode trunk
!
interface GigabitEthernet3/2
description LINK TO XX_KM_3550
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 996,997,999
switchport mode trunk
!
interface GigabitEthernet3/3
description LINK TO XX_CM_3550
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/4
description LINK TO XX_QG_3550
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/5
no ip address
!
interface GigabitEthernet3/6
no ip address
!
interface GigabitEthernet3/7
no ip address
!
interface GigabitEthernet3/8
no ip address
!
interface GigabitEthernet3/9
no ip address
!
interface GigabitEthernet3/10
no ip address
!
interface GigabitEthernet3/11
no ip address
!
interface GigabitEthernet3/12
no ip address
!
interface GigabitEthernet3/13
no ip address
!
interface GigabitEthernet3/14
no ip address
!
interface GigabitEthernet3/15
no ip address
!
interface GigabitEthernet3/16
no ip address
!
interface FastEthernet4/1
description LINK TO XX_GJ_2950
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 995-999
switchport mode trunk
!
interface FastEthernet4/2
description LINK TO XX_LX_2950
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 995-999
switchport mode trunk
!
interface FastEthernet4/3
description LINK TO XX_SM_2950
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 995-999
switchport mode trunk
!
interface FastEthernet4/4
description LINK TO XX_LP_2950
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk pruning vlan 995-999
switchport mode trunk
!
interface FastEthernet4/5
no ip address
!
interface FastEthernet4/6
no ip address
!
interface FastEthernet4/7
no ip address
!
interface FastEthernet4/8
no ip address
!
interface FastEthernet4/9
no ip address
switchport
switchport access vlan 5
switchport mode access
!
interface FastEthernet4/10
no ip address
switchport
switchport access vlan 5
switchport mode access
!
interface FastEthernet4/11
no ip address
!
interface FastEthernet4/12
no ip address
!
interface FastEthernet4/13
no ip address
switchport
switchport access vlan 15
switchport mode access
!
interface FastEthernet4/14
no ip address
!
interface FastEthernet4/15
no ip address
!
interface FastEthernet4/16
no ip address
!
interface FastEthernet4/17
no ip address
!
interface FastEthernet4/18
no ip address
!
interface FastEthernet4/19
no ip address
!
interface FastEthernet4/20
no ip address
!
interface FastEthernet4/21
no ip address
!
interface FastEthernet4/22
no ip address
!
interface FastEthernet4/23
no ip address
!
interface FastEthernet4/24
no ip address
!
interface FastEthernet4/25
no ip address
!
interface FastEthernet4/26
no ip address
!
interface FastEthernet4/27
no ip address
!
interface FastEthernet4/28
no ip address
!
interface FastEthernet4/29
no ip address
!
interface FastEthernet4/30
no ip address
!
interface FastEthernet4/31
no ip address
!
interface FastEthernet4/32
no ip address
!
interface FastEthernet4/33
no ip address
!
interface FastEthernet4/34
no ip address
!
interface FastEthernet4/35
no ip address
!
interface FastEthernet4/36
no ip address
!
interface FastEthernet4/37
no ip address
!
interface FastEthernet4/38
no ip address
!
interface FastEthernet4/39
no ip address
!
interface FastEthernet4/40
no ip address
!
interface FastEthernet4/41
no ip address
!
interface FastEthernet4/42
no ip address
!
interface FastEthernet4/43
no ip address
!
interface FastEthernet4/44
no ip address
switchport
switchport access vlan 10
switchport mode access
!
interface FastEthernet4/45
no ip address
switchport
switchport access vlan 10
switchport mode access
!
interface FastEthernet4/46
description LINK TO CISCO_3620_f0/0
no ip address
switchport //把该端口转换成二层端口
switchport trunk encapsulation isl //封装成ISL以便cisco3620划分VLAN
switchport mode trunk //trunk模式
!
interface FastEthernet4/47
no ip address
switchport
switchport mode access
!
interface FastEthernet4/48
no ip address
switchport
switchport mode access
!
interface Vlan1
ip address 172.16.254.1 255.255.255.0
!
interface Vlan10
no ip address
!
interface Vlan15
no ip address
!
interface Vlan996
ip address 172.16.255.13 255.255.255.252
!
interface Vlan997
ip address 172.16.255.9 255.255.255.252
!
interface Vlan998
ip address 172.16.255.5 255.255.255.252
!
interface Vlan999
ip address 172.16.255.1 255.255.255.252
!
router eigrp 100
network 172.16.255.0 0.0.0.255
network 172.16.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
no ip http server
!
access-list 1 permit 172.16.254.0 0.0.0.255
!
!
line con 0
line vty 0 4
access-class 1 in
login
transport input lat pad mop telnet rlogin udptn nasi
!
ntp master 1
end
|
cisco3620配置:
Building configuration...
Current configuration : 1551 bytes
!
version 12.2
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname XX_3620
!
boot system flash c3620-d-mz.122-7c.bin
enable secret 5 $1$kNOY$LMBGz.M1MBGzMBGz
!
ip subnet-zero
ip cef
!
!
ip name-server 211.11.111.3
!
!
!
!
interface FastEthernet0/0
no ip address
speed auto
full-duplex
!
interface FastEthernet0/0.1 //这一段地址可以做WEB等服务用。
encapsulation isl 10
ip address 211.11.112.1 255.255.255.248
no ip redirects
!
interface FastEthernet0/0.15
encapsulation isl 15
ip address 172.16.10.1 255.255.255.240
no ip redirects
ip nat inside
!
interface FastEthernet0/0.16
encapsulation isl 16
ip address 172.16.11.1 255.255.255.240
no ip redirects
ip nat inside //内部接口
!
interface Serial0/0
ip address 211.11.111.118 255.255.255.252
no ip redirects
ip nat outside //NAT外部接口
no cdp enable
!
interface Ethernet1/0
no ip address
no cdp enable
!
ip nat pool netpools 211.11.112.10 211.11.112.14 netmask 255.255.255.248
//这里将二个地址段共用的一个地址池,这是不好的,实再*作中两个内网地址段分别分配了不同的外网址池
ip nat inside source list 1 pool netpools overload
ip classless
ip route 0.0.0.0 0.0.0.0 211.11.111.117
ip http server
ip pim bidir-enable
!
access-list 1 permit 172.16.10.0 0.0.0.15
access-list 1 permit 172.16.11.0 0.0.0.15
access-list 99 permit 211.11.111.0 0.0.0.255
access-list 99 permit 211.11.112.0 0.0.0.255
!
line con 0
line aux 0
line vty 0 4
access-class 99 in
login
!
end
|
(责任编辑:
城尘 68476636-8003)
DB2 9技术资源中.. 推荐阅读
相关 
