Cyber_Security_Notes/B. 第二阶段/拓扑练习/0903_项目实战A - 基础交换网络设计.md

# 项目实战 - 基础交换网络设计

![image-20240903111352230](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903111352230.png)

- **需求**
  - 公司有三个部门，财务部，市场部，技术部，为了内网安全，给每个部门单独划分一个VLAN
  - 财务部：vlan10、市场部：vlan20、技术部：vlan30
  - 公司所有部门，所有VLAN内的主机都通过DHCP服务器分发IP地址
  - 每个部门，每个VLAN的网关地址都为，192.168.xx.254
  - SW5中每个vlanif 虚接口地址都为 192.168.xx.254
  - SW5通过vlanif50与DHCP进行通信，DHCP服务器管理IP：192.168.50.1
  - 所有的PC都通过SW5与DHCP服务器进行通信，获取IP地址，所以SW5是DHCP中继

### 一、IP、VLAN、Routing

- **PC**

- **SW1**

  ```
  [SW1]vlan batch 10 20 30
  [SW1]port-group group-member g0/0/1 g0/0/3 g0/0/4
  [SW1-port-group]port link-type access
  [SW1-port-group]port default vlan 10
  [SW1-port-group]quit
  [SW1]int g0/0/2
  [SW1-GigabitEthernet0/0/2]port link-type trunk
  [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
  ```

- **SW2**

  ```
  [SW2]vlan batch 10 20 30
  [SW2]int g0/0/1
  [SW2-GigabitEthernet0/0/1]port link-type access
  [SW2-GigabitEthernet0/0/1]port default vlan 20
  [SW2-GigabitEthernet0/0/1]int g0/0/2
  [SW2-GigabitEthernet0/0/2]port link-type trunk
  [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
  ```

- **SW3**

  ```
  [SW3]vlan batch 10 20 30
  [SW3]int g0/0/1
  [SW3-GigabitEthernet0/0/1]port link-type access
  [SW3-GigabitEthernet0/0/1]port default vlan 30
  [SW3-GigabitEthernet0/0/1]int g0/0/2
  [SW3-GigabitEthernet0/0/2]port link-type trunk
  [SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
  ```

- **HX - SW5**

  ```
  [HX-SW5]vlan batch 10 20 30 50
  [HX-SW5]port-group group-member g0/0/1 to g0/0/3
  [HX-SW5-port-group]port link-type trunk
  [HX-SW5-port-group]port trunk allow-pass vlan all
  [HX-SW5-port-group]quit
  [HX-SW5]int g0/0/5
  [HX-SW5-GigabitEthernet0/0/5]port link-type access
  [HX-SW5-GigabitEthernet0/0/5]port default vlan 50
  [HX-SW5-GigabitEthernet0/0/5]quit
  [HX-SW5]int Vlanif 50
  [HX-SW5-Vlanif50]ip add 192.168.50.251 24
  ```

- **AR3 - DHCP**

  ```
  [AR3-DHCP]int g0/0/1
  [AR3-DHCP-GigabitEthernet0/0/1]ip add 192.168.50.1 24
  [AR3-DHCP-GigabitEthernet0/0/1]quit
  [AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251
  ```

### 二、DHCP

#### 1、配置

- **AR3 - DHCP**

  ```
  [AR3-DHCP]dhcp enable 
  [AR3-DHCP]ip pool vlan10
  [AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
  [AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
  [AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
  [AR3-DHCP-ip-pool-vlan10]quit
  [AR3-DHCP]ip pool vlan20
  [AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
  [AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
  [AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
  [AR3-DHCP-ip-pool-vlan20]quit
  [AR3-DHCP]ip pool vlan30
  [AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
  [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
  [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
  [AR3-DHCP-ip-pool-vlan30]quit
  [AR3-DHCP]int g0/0/1
  [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
  ```

- **HX - SW5**

  ```
  [HX-SW5]dhcp enable 
  [HX-SW5]int Vlanif 10
  [HX-SW5-Vlanif10]ip add 192.168.10.254 24
  [HX-SW5-Vlanif10]dhcp select relay
  [HX-SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
  [HX-SW5-Vlanif10]int Vlanif 20
  [HX-SW5-Vlanif20]ip add 192.168.20.254 24
  [HX-SW5-Vlanif20]dhcp select relay
  [HX-SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
  [HX-SW5-Vlanif20]int Vlanif 30
  [HX-SW5-Vlanif30]ip add 192.168.30.254 24
  [HX-SW5-Vlanif30]dhcp select relay
  [HX-SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
  ```
  

#### 2、测试

- **PC1	*[VALN10]***

  ```
  PC1>ipconfig
  
  Link local IPv6 address...........: fe80::5689:98ff:fed3:1698
  IPv6 address......................: :: / 128
  IPv6 gateway......................: ::
  IPv4 address......................: 192.168.10.253
  Subnet mask.......................: 255.255.255.0
  Gateway...........................: 192.168.10.254
  Physical address..................: 54-89-98-D3-16-98
  DNS server........................: 8.8.8.8
  ```

- **PC2	*[VALN20]***

  ```
  PC2>ipconfig
  
  Link local IPv6 address...........: fe80::5689:98ff:fe31:2c88
  IPv6 address......................: :: / 128
  IPv6 gateway......................: ::
  IPv4 address......................: 192.168.20.253
  Subnet mask.......................: 255.255.255.0
  Gateway...........................: 192.168.20.254
  Physical address..................: 54-89-98-31-2C-88
  DNS server........................: 8.8.8.8
  ```

- **PC3	*[VALN30]***

  ```
  PC3>ipconfig
  
  Link local IPv6 address...........: fe80::5689:98ff:fef9:3881
  IPv6 address......................: :: / 128
  IPv6 gateway......................: ::
  IPv4 address......................: 192.168.30.253
  Subnet mask.......................: 255.255.255.0
  Gateway...........................: 192.168.30.254
  Physical address..................: 54-89-98-F9-38-81
  DNS server........................: 8.8.8.8
  ```
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								# 项目实战 - 基础交换网络设计
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
-年9月3日 11:16:50

											
										
										
											2024-09-03 11:16:49 +08:00
+								![image-20240903111352230](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903111352230.png)
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
-年9月3日 11:16:50

											
										
										
											2024-09-03 11:16:49 +08:00
+								- **需求**
 								  - 公司有三个部门，财务部，市场部，技术部，为了内网安全，给每个部门单独划分一个VLAN
 								  - 财务部：vlan10、市场部：vlan20、技术部：vlan30
 								  - 公司所有部门，所有VLAN内的主机都通过DHCP服务器分发IP地址
 								  - 每个部门，每个VLAN的网关地址都为，192.168.xx.254
 								  - SW5中每个vlanif 虚接口地址都为 192.168.xx.254
 								  - SW5通过vlanif50与DHCP进行通信，DHCP服务器管理IP：192.168.50.1
 								  - 所有的PC都通过SW5与DHCP服务器进行通信，获取IP地址，所以SW5是DHCP中继
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
 								### 一、IP、VLAN、Routing
 								- **PC**
 								- **SW1**
 								  ```
 								  [SW1]vlan batch 10 20 30
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								  [SW1]port-group group-member g0/0/1 g0/0/3 g0/0/4
 								  [SW1-port-group]port link-type access
 								  [SW1-port-group]port default vlan 10
 								  [SW1-port-group]quit
 								  [SW1]int g0/0/2
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  [SW1-GigabitEthernet0/0/2]port link-type trunk
 								  [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
 								  ```
 								- **SW2**
 								  ```
 								  [SW2]vlan batch 10 20 30
 								  [SW2]int g0/0/1
 								  [SW2-GigabitEthernet0/0/1]port link-type access
 								  [SW2-GigabitEthernet0/0/1]port default vlan 20
 								  [SW2-GigabitEthernet0/0/1]int g0/0/2
 								  [SW2-GigabitEthernet0/0/2]port link-type trunk
 								  [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
 								  ```
 								- **SW3**
 								  ```
 								  [SW3]vlan batch 10 20 30
 								  [SW3]int g0/0/1
 								  [SW3-GigabitEthernet0/0/1]port link-type access
 								  [SW3-GigabitEthernet0/0/1]port default vlan 30
 								  [SW3-GigabitEthernet0/0/1]int g0/0/2
 								  [SW3-GigabitEthernet0/0/2]port link-type trunk
 								  [SW3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
 								  ```
-年9月3日 09:47:26

											
										
										
											2024-09-03 09:47:24 +08:00
+								- **HX - SW5**
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
 								  ```
 								  [HX-SW5]vlan batch 10 20 30 50
 								  [HX-SW5]port-group group-member g0/0/1 to g0/0/3
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								  [HX-SW5-port-group]port link-type trunk
 								  [HX-SW5-port-group]port trunk allow-pass vlan all
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  [HX-SW5-port-group]quit
 								  [HX-SW5]int g0/0/5
 								  [HX-SW5-GigabitEthernet0/0/5]port link-type access
 								  [HX-SW5-GigabitEthernet0/0/5]port default vlan 50
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								  [HX-SW5-GigabitEthernet0/0/5]quit
-年9月3日 17:58:59

											
										
										
											2024-09-03 17:58:57 +08:00
+								  [HX-SW5]int Vlanif 50
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								  [HX-SW5-Vlanif50]ip add 192.168.50.251 24
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  ```
 								- **AR3 - DHCP**
 								  ```
 								  [AR3-DHCP]int g0/0/1
 								  [AR3-DHCP-GigabitEthernet0/0/1]ip add 192.168.50.1 24
 								  [AR3-DHCP-GigabitEthernet0/0/1]quit
 								  [AR3-DHCP]ip route-static 0.0.0.0 0 192.168.50.251
 								  ```
 								### 二、DHCP
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								#### 1、配置
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								- **AR3 - DHCP**
 								  ```
 								  [AR3-DHCP]dhcp enable
 								  [AR3-DHCP]ip pool vlan10
 								  [AR3-DHCP-ip-pool-vlan10]network 192.168.10.0 mask 24
 								  [AR3-DHCP-ip-pool-vlan10]gateway-list 192.168.10.254
 								  [AR3-DHCP-ip-pool-vlan10]dns-list 8.8.8.8
 								  [AR3-DHCP-ip-pool-vlan10]quit
 								  [AR3-DHCP]ip pool vlan20
 								  [AR3-DHCP-ip-pool-vlan20]network 192.168.20.0 mask 24
 								  [AR3-DHCP-ip-pool-vlan20]gateway-list 192.168.20.254
 								  [AR3-DHCP-ip-pool-vlan20]dns-list 8.8.8.8
 								  [AR3-DHCP-ip-pool-vlan20]quit
 								  [AR3-DHCP]ip pool vlan30
 								  [AR3-DHCP-ip-pool-vlan30]network 192.168.30.0 mask 24
 								  [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
 								  [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
 								  [AR3-DHCP-ip-pool-vlan30]quit
 								  [AR3-DHCP]int g0/0/1
 								  [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
 								  ```
 								- **HX - SW5**
 								  ```
 								  [HX-SW5]dhcp enable
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								  [HX-SW5]int Vlanif 10
-年9月3日 11:16:50

											
										
										
											2024-09-03 11:16:49 +08:00
+								  [HX-SW5-Vlanif10]ip add 192.168.10.254 24
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  [HX-SW5-Vlanif10]dhcp select relay
 								  [HX-SW5-Vlanif10]dhcp relay server-ip 192.168.50.1
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								  [HX-SW5-Vlanif10]int Vlanif 20
-年9月3日 11:16:50

											
										
										
											2024-09-03 11:16:49 +08:00
+								  [HX-SW5-Vlanif20]ip add 192.168.20.254 24
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  [HX-SW5-Vlanif20]dhcp select relay
 								  [HX-SW5-Vlanif20]dhcp relay server-ip 192.168.50.1
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								  [HX-SW5-Vlanif20]int Vlanif 30
-年9月3日 11:16:50

											
										
										
											2024-09-03 11:16:49 +08:00
+								  [HX-SW5-Vlanif30]ip add 192.168.30.254 24
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  [HX-SW5-Vlanif30]dhcp select relay
 								  [HX-SW5-Vlanif30]dhcp relay server-ip 192.168.50.1
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								  ```
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								#### 2、测试
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
 								- **PC1	*[VALN10]***
 								  ```
 								  PC1>ipconfig
 								  Link local IPv6 address...........: fe80::5689:98ff:fed3:1698
 								  IPv6 address......................: :: / 128
 								  IPv6 gateway......................: ::
 								  IPv4 address......................: 192.168.10.253
 								  Subnet mask.......................: 255.255.255.0
 								  Gateway...........................: 192.168.10.254
 								  Physical address..................: 54-89-98-D3-16-98
 								  DNS server........................: 8.8.8.8
-年9月2日 18:09:14

											
										
										
											2024-09-02 18:09:13 +08:00
+								  ```
-年9月3日 09:44:37

											
										
										
											2024-09-03 09:44:32 +08:00
+								- **PC2	*[VALN20]***
 								  ```
 								  PC2>ipconfig
 								  Link local IPv6 address...........: fe80::5689:98ff:fe31:2c88
 								  IPv6 address......................: :: / 128
 								  IPv6 gateway......................: ::
 								  IPv4 address......................: 192.168.20.253
 								  Subnet mask.......................: 255.255.255.0
 								  Gateway...........................: 192.168.20.254
 								  Physical address..................: 54-89-98-31-2C-88
 								  DNS server........................: 8.8.8.8
 								  ```
 								- **PC3	*[VALN30]***
 								  ```
 								  PC3>ipconfig
 								  Link local IPv6 address...........: fe80::5689:98ff:fef9:3881
 								  IPv6 address......................: :: / 128
 								  IPv6 gateway......................: ::
 								  IPv4 address......................: 192.168.30.253
 								  Subnet mask.......................: 255.255.255.0
 								  Gateway...........................: 192.168.30.254
 								  Physical address..................: 54-89-98-F9-38-81
 								  DNS server........................: 8.8.8.8
-年9月3日 10:55:24

											
										
										
											2024-09-03 10:55:22 +08:00
+								  ```