实验室分享(更新中)
资源共享在中州地面,四通八达,乃是藏龙卧虎之地,英雄荟萃之区,非同小地方可比我想借此贴来提升大家的实战经验...目的为讨论各种不同类型的知识...希望大家有什么自身做过的项目可以拿出来讨论交流..
就由我开始吧...(大家别急.也别误会是水帖.我在整理中..现在是留位..稍后会上传..谢谢)
[[i] 本帖最后由 三井-寿 于 2008-9-19 08:59 编辑 [/i]]
Project 1
Project 1: 系统集成这个PROJECT 是本人和我的组员为一家公司办公楼完成的一个系统集成工程. 其中包括:
1> CISCO 产品 作为网络连接
2> Juniper SSG5 for firewall
3> HP server(HP ProLiant DL320 G5p Server) for 各种不同类型的服务器
4> NEC Virtual Server and Thinclients
5> NEC [wiki]IP[/wiki] phone
技术要点:
网络的DESIGN
[wiki]VLAN[/wiki] 的划分
IP 地址的分配 (大家可以参考这个图.已经标明了很清楚了...)
Virtual Server 的配置和VMWARE 的应用
CISCO 产品的配置 (LAN 和WAN)
防火墙的配置
IP PHONE 和QOS 的配置
Windows Server 包括[wiki]DNS[/wiki],[wiki]DHCP[/wiki], PROXY,MAIL,[wiki]FTP[/wiki]的配置
其他方面再慢慢补充.大家看图就明白了...
[attach]13284[/attach]
第一步就从网络开始吧.
网络的设计方案我就不多说了..不要问我为什么这么设计,看起来很奇怪的网络图之类的话...我只想提醒大家每张网络图都是根据需要来设计的..所以说大家以后画网络图的时候不要看到一个就COPY一个...
在这个PROJECT 里面:
一个Cisco1841 for internet router, 主要作用是把内部网络的数据传输出去到[wiki]ISP[/wiki]然后再连接去其他的router.
一个Cisco2960-24TT-L (Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image)在firewall 外面.作用是划分成四个VLAN做不同的连接..(大家看图)
一个Csico2960G-48TC-L (Catalyst 2960 48 10/100/1000, 4 T/SFP LAN Base Image)在firewall 里面做为内网virtual server and Thinclients的连接
一个Cisco3560-48PS-S (Catalyst 3560 48 10/100 PoE + 4 SFP IPB Image)在firewall 里面做为IP PHONE的连接和一些其他网络的数据处理.
一个Juniper SSG5-SH的防火墙来控制数据的传输. 在这里考虑到一些安全方面的问题.防火墙的具体设置我就不贴了.我迟点把juniper防火墙的教程分享出来给大家参考..
1> router的配置如下:
znws93225#
znws93225#
znws93225#sh run
Building configuration...
Current configuration : 1180 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname znws93225
!
boot-start-marker
boot-end-marker
!
card type e1 0 0
enable password ***
!
no aaa new-model
!
resource policy
!
clock timezone GMT 8
clock summer-time PDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
!
!
!
controller [wiki]E1[/wiki] 0/0/0
channel-group 1 unframed
!
!
interface Fast[wiki]Ethernet[/wiki]0/0
description connection to znws77230
ip address **** ****
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:1
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
!
interface Serial0/0/0:1.500 point-to-point
ip address **** ****
frame-relay interface-dlci 500 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 ****
!
no ip http server
!
!
control-plane
!
disable-eadi
!
line con 0
password ***
login
line aux 0
line vty 0 4
no login
transport input none
!
end
在这个router中配置可以说算是简单的.主要就是frame-relay + sub interface([wiki]PPP[/wiki])配置...里面的interface-dlci = 500 还有 encapsulation 类型= IETF frame-relay lmi-type 类型=ansi.要根据ISP那里的信息来配置...
2> Switch "znws77230" 的配置如下
znws77230#sh run
Building configuration...
Current configuration : 3431 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname znws77230
!
enable password
!
no aaa new-model
clock timezone pst -8
clock summer-time pdt recurring
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
description connection to znws93225
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
description connection to znws79201
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
description connection to znws79201
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/8
description connection to zprs20040
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/9
description connection to znws20202
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/13
description connection to znws79201
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/14
description connection to zprs30040
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/19
description connection to znws79201
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/20
description connection to znws77129
switchport access vlan 40
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/21
description connection to zprs77168
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/22
description connection to zprs77169
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
description GlobalVlan
no ip address
no ip route-cache
!
interface Vlan20
description VenderVlan
no ip address
no ip route-cache
!
interface Vlan30
description OwnerVlan
no ip address
no ip route-cache
!
interface Vlan40
description ServerVlan
ip address 10.112.177.230 255.255.255.128
no ip route-cache
!
no ip http server
!
control-plane
!
!
line con 0
password **
login
line vty 0 4
password ***
login
line vty 5 15
login
!
end
在这个switch 的配置中..主要用到的就是VLAN的划分...大家可以看到里面一共划分了4个VLAN做不同的用途..
3> Switch "znws79202" 的配置
znws79202#
znws79202#sh run
Building configuration...
Current configuration : 2664 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname znws79202
!
enable password MHIznws79202
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description connection to FireWall
!
interface GigabitEthernet0/2
description connection to zsvs78001
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
description connection to zsvs78011
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/46
description connection to zsvs78012
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/47
description connection to zsvs78013
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/48
description connection to zsvs78010
switchport access vlan 100
switchport mode access
!
interface Vlan1
description VP[wiki]CC [/wiki]Production LAN
ip address 10.112.179.202 255.255.254.0
ip helper-address 10.112.177.129
no ip route-cache
!
interface Vlan100
no ip address
no ip route-cache
!
ip http server
!
control-plane
!
!
line con 0
password **
login
line vty 0 4
password **
login
line vty 5 15
login
!
end
在这个switch 的配置中..主要用到的也是VLAN的划分...大家可以看到里面一共划分了两个VLAN. 一个作为Thinclients 运作的VLAN..一个作为Virtual Server 的管理VLAN.
4> Switch "znws76202" 的配置如下
sh run
Building configuration...
Current configuration : 4451 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname znws76202
!
enable password
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
description connection to FireWall
!
interface FastEthernet0/2
description connection to PBX
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/5
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/9
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/13
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/15
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/16
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
description connection to PBX
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface FastEthernet0/48
description connection to PBX
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 22
mls qos trust cos
spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
description Network
ip address 10.112.176.202 255.255.255.0
ip helper-address 10.112.177.129
!
interface Vlan22
description NEC voicevlan 22
ip address 10.112.177.114 255.255.255.192
!
ip default-gateway 10.112.176.201
ip classless
ip route 0.0.0.0 0.0.0.0 10.112.176.201
ip http server
!
!
control-plane
!
!
line con 0
password
login
line vty 0 4
password
login
line vty 5 15
login
!
end
在这个switch 中IP PHONE 用到的基本设置和QOS的基本设置大家可以做为一个参考...毕竟NEC的IP PHONE不是很普及...但基本的概念是一样的...同样也是需要配置一个DATA VLAN 和一个VOICE VLAN..大家可以看到从FE0/3-FE0/17是连接IP PHONE的...
5> Firewall 配置
这个东西的具体配置大家看POLICY 吧
[attach]13286[/attach]
网络小结: 等大家把这个网络图看明白后就知道其实这个网络的重点是在FIREWALL这里...它控制着所有的数据交通. 还担当着DHCP的作用(DHCP for Vendor Network and Owner Network). 迟点我把教程分享给大家..
******************************************************************************************************
MS WIN Server 部分主要是DNS,DHCP(内网),这个大家去网上找找很多..
MAIL, PROXY,ANTI-VIRUS 的服务器...这个主要看你用什么公司的产品了...在这个PROJECT里我们是用到squid proxy server, Mdaemon mail server, symantec antivirus server
******************************************************************************************************
Virtual server and Thinclient 部分.
Virtual server and Thinclient 是现在比较流行的东东...UNIX, HP,MS, NEC 都有自己的产品...他们基本的概念是一样的...但个人感觉好象还不是太稳定. 接下来来我大概解释下这个PROJECT 中NEC 产品的概念和配置...(持续...)
[[i] 本帖最后由 三井-寿 于 2008-9-19 13:18 编辑 [/i]]
Project 2:
Project 2:[[i] 本帖最后由 三井-寿 于 2008-9-19 12:26 编辑 [/i]]
Project 4
Project 4 版主可否把一下的详细资料分享一下! 自己找的不如你介绍的好!2> Juniper SSG5 for firewall
4> NEC Virtual Server and Thinclients
5> NEC IP phone
回复 5楼 glmac 的帖子
NEC Virtual Server and Thinclients 的资料我会慢慢上传...至于NEC IP PHONE的设置比CISCO的要简单..但是它没有像CISCO 那样需要一个Cisco call manager 也不支持DHCP..所以每一个NEC IP PHONE都需要一个FIX的IP地址.. 不错 学习中
ding
只好回复了支持
谢谢 学习了,看看,谢谢楼主分享 想看!谢谢
学习實驗,谢谢楼主分享 正需要呢~谢谢 谢谢楼主的贡献好东西谢谢谢谢
好东西谢谢谢谢好东西谢谢谢谢好东西谢谢谢谢 谢谢楼主页:
[1]