【正文】 I 摘要 本設(shè)計(jì)方案是關(guān)于小型企業(yè)局域網(wǎng)的設(shè)計(jì)，設(shè)計(jì)方案分為 兩 個(gè)模塊：交換模塊 和路由器 模塊。 根據(jù)各部門(mén)職能 不同 把交換模塊劃分為不同的 兩個(gè) VLAN，從而減少了廣播沖突提高了傳輸效率，通過(guò)部署 ACL 限制用戶的訪問(wèn)，有效地保護(hù)敏感數(shù)據(jù)，提高了網(wǎng)絡(luò)安全性。借助交換機(jī)的路由功能，可以實(shí)現(xiàn)各 VLAN 間數(shù)據(jù)包高速轉(zhuǎn)發(fā)，解決 VLAN 之間的傳輸瓶頸。 Inter 接入功能主要通過(guò)路由器來(lái)實(shí)現(xiàn)，它的作用主要是建立外網(wǎng)和企業(yè)網(wǎng)的正常通信。使企業(yè)網(wǎng)的用戶訪問(wèn) Inter 同時(shí) Inter 用戶能在一定程度上訪問(wèn)企業(yè)網(wǎng)。通過(guò)配置 NAT(Net Address Translation)，不僅是企業(yè)網(wǎng)用戶可以訪問(wèn) Inter，而且對(duì) 外隱藏企業(yè)網(wǎng)內(nèi)部地址，從而實(shí)現(xiàn)地址保護(hù)。 交換機(jī)的主要功能包括物理編址、網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)、錯(cuò)誤校驗(yàn)、幀序列以及流控。目前交換機(jī)還具備了一些新的功能，如對(duì) VLAN（虛擬局域網(wǎng)）的支持、對(duì)鏈路匯聚的支持，甚至有的還具有防火墻的功能 ，極大地提高了辦公效 率，同時(shí)免去了高昂的專線租用費(fèi)用。 關(guān)鍵字 ：企業(yè)局域網(wǎng)、 VLAN 劃分 、網(wǎng)絡(luò)地址轉(zhuǎn)換 、訪問(wèn)控制 II Abstract This design is the design of the small enterprise local area work (LAN), the design scheme is divided into two modules: exchange and router module. According to different functions of departments to exchange module is divided into two different VLAN, to improve the transmission efficiency, thereby reducing the broadcast conflict by deploying ACL restrict user access, effectively protecting sensitive data, improve the work security. Using switch routing function, can realize high speed packet forwarding among different VLAN, solve the transmission bottleneck between vlans. Mainly through the router to Inter access function, its role is mainly to establish the work and enterprise work normal munication. Make the enterprise work users access to the Inter at the same time, Inter users can access to enterprise work to some extent. Configured NAT (. Address Translation), not only is the enterprise work users can access the Inter, internal and external hidden Intra Address, thus Address protection is achieved. III The main function of switches, including physical addressing, work topology, error checking, frames, and flow control. Current switch also has some new features, such as support for VLAN (virtual local area work (LAN), support for link together, or even some still have the function of the firewall, greatly improve the office efficiency, was relieved from the high line rental fee at the same time. Keywords : Enterprise LAN, VLAN, NAT,ACL IV 目錄 摘要 ................................................................ I ABSTRACT........................................................... II 目錄 ............................................................... IV 前言 ........................................................... 1 第一章 技術(shù)可行性和需求分析 ......................................... 3 技術(shù)可行性 ................................................. 3 NAT 技術(shù) ............................................... 3 VLAN 技術(shù) .............................................. 5 DHCP 技術(shù) .............................................. 5 ACL 技術(shù) ............................................... 6 PPP 協(xié)議 ............................................... 7 VTP 技術(shù) ............................................... 7 STP 技術(shù) ............................................... 8 動(dòng)態(tài) /靜態(tài)路由協(xié)議 ...................................... 9 需求分析 .................................................. 10 帶寬性能需求 .......................................... 10 網(wǎng)絡(luò)安全需求 .......................................... 10 應(yīng)用服務(wù)需求 .......................................... 10 設(shè)計(jì)所需環(huán)境 .............................................. 11 硬件要求 .............................................. 11 第二章 系統(tǒng)設(shè)計(jì)方案 ................................................ 12 V 系統(tǒng)設(shè)計(jì)原則 .............................................. 12 實(shí)用性 ................................................ 12 安全性 ................................................ 12 可擴(kuò)充性 .............................................. 12 可管理性 .............................................. 13 高性能價(jià)格比 .......................................... 13 網(wǎng)絡(luò)設(shè)備選型 .............................................. 13 系統(tǒng)總體設(shè)計(jì)和拓?fù)?結(jié)構(gòu) .................................... 14 系統(tǒng)總體設(shè)計(jì)方案 ...................................... 15 各設(shè)備的 IP 地址配置 ................................... 16 第三章 路由器模塊 .................................................. 18 路由器配置 ................................................ 18 IP 地址配置 ........................................... 18 Web 服務(wù)器的配置 ...................................... 22 配置設(shè)備的遠(yuǎn)程登錄和密碼保護(hù)及 DHCP........................ 24 配置設(shè)備的遠(yuǎn)程登錄和密碼保護(hù) .......................... 24 DHCP 的配置 ........................................... 24 路由協(xié)議 .................................................. 26 OSPF 協(xié)議 ............................................. 26 PPP 協(xié)議 .............................................. 27 PPP 協(xié)議驗(yàn)證 .......................................... 28 配置 NAT................................................... 29 第四章 交換機(jī)模塊 .................................................. 31 VI 交換機(jī)基本參數(shù)配置 ........................................ 31 SW1 的配置 ............................................ 31 SW2 的配置 ............................................ 32 配置 VTP 協(xié)議 .............................................. 33 SW1 的配置 ............................................ 33 SW2 的配置 ............................................ 34 驗(yàn)證 VTP 配置 .......................................... 35 VLAN 劃分 .................................................. 35 交換機(jī) VLAN 配置 ....................................... 35 配置 VLAN 間路由 ....................................... 37 配置 STP 協(xié)議 .......................................... 39 配 置 ACL................................................... 42 第五章 配置驗(yàn)證 .................................................... 44 DHCP 自動(dòng)分配驗(yàn)證 .......................................... 44 路由協(xié)議配置檢驗(yàn) .......................................... 44 NAT 的驗(yàn)證 ................................................. 45 總結(jié) ............................................................... 48 參考文獻(xiàn) ........................................................... 49 致謝 ........