12-20人规模企业网设计

一、拓扑搭建

二、设备选型

设备品牌：维盟、艾泰、飞鱼星、TP-LINK等

路由器选型：华为AR1220、AR2220、AR201

交换机选型：S1700 ~ S6700

三、基础配置

R1配置命令：

1.配置网关和DHCP

<Huawei>sys
[Huawei]sysn R1
[R1]int vlan1
[R1-Vlanif1]ip add 192.168.1.1 24
[R1-Vlanif1]qu
[R1]ip pool 1
Info: It's successful to create an IP address pool.
[R1-ip-pool-1]network 192.168.1.0 mask 24
[R1-ip-pool-1]gateway-list 192.168.1.1
[R1-ip-pool-1]dns-list 114.114.114.114
[R1-ip-pool-1]qu
[R1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]int vlan 1	
[R1-Vlanif1]dhcp select global

此时内网主机PC设置为dhcp，即可获取到192.168.1.0/24网段的IP地址，并且可以平通网关

2.配置PPPoE拨号

PPPoE账号020 密码123

[R1]int Dialer 1
[R1-Dialer1]link-protocol ppp
[R1-Dialer1]ip add ppp-negotiate
[R1-Dialer1]ppp pap local-user 020 password ci 123
[R1-Dialer1]dialer user 020
[R1-Dialer1]dialer bundle 2
[R1-Dialer1]qu
[R1]int g0/0/0	
[R1-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 2

此时企业路由器R1外网接口已经拨号成功，并且获得公网IP地址，如图2

3.配置缺省路由和NAT

[R1]ip route-s 0.0.0.0 0 202.1.1.1
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255 
[R1-acl-basic-2000]qu
[R1]int Dialer 1
[R1-Dialer1]nat outbound 2000

此时验证内网主机能否ping通运营商服务器9.9.9.2

PC>ping 9.9.9.2

Ping 9.9.9.2: 32 data bytes, Press Ctrl_C to break
From 9.9.9.2: bytes=32 seq=1 ttl=253 time=47 ms
From 9.9.9.2: bytes=32 seq=2 ttl=253 time=31 ms
From 9.9.9.2: bytes=32 seq=3 ttl=253 time=32 ms
From 9.9.9.2: bytes=32 seq=4 ttl=253 time=46 ms
From 9.9.9.2: bytes=32 seq=5 ttl=253 time=47 ms

--- 9.9.9.2 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 31/40/47 ms

PC>

四、进阶配置

映射内网服务器192.168.1.100的80端口到公网地址202.1.1.254

[R1]int Dialer 1	
[R1-Dialer1]nat server protocol tcp global current-interface 80 inside 192.168.1.100 80

此时通过企业出口路由器获取的公网IP即可以访问内网的HTTP服务器，验证如图3

实验示例ensp工程文件下载地址：https://download.csdn.net/download/i12344/85337431