课程设计---中小型企业局域网的设计与实现

摘要

随着网络技术新系统、新领域的长足发展，传统企业也正利用其行业的特点，融合网络技术的优势，发展自身。在信息化生产逐步普及的今天，组建企业内部网络已经是企业必不可少的一部分，建立高速、稳定、安全、智能的办公网，是组建中小型企业局域网的核心。

本论文所阐述的网络是使用业界流行的核心层—汇聚层—分布层三层结构设计的中小型企业网，结合广为使用的虚拟局域网（VLAN），热备份路由（HSRP），访问控制列表（ACL），网络地址转换（NAT）等技术，增强网络的稳定性和安全性。

设计中采用虚拟局域网来隔离不同部门，以达到增强企业网络安全性的目的；在规划好的VLAN的基础上，采用访问控制列表（ACL），设置策略，来限制部门之间以及服务器区的访问，进一步提高企业网络内部的安全性；并在核心层交换机上采用热备份路由（HSRP）技术，增加网络的冗余，提高企业网络的整体稳定性；采用路由器硬件的动态主机分配协议（DHCP）功能，保证各部门IP地址的获取；在边界路由器上设置网络地址转换（NAT），将企业内部私有地址转换为公网地址，实现了多个用户同时公用一个合法IP与外部Internet 进行通信，解决IP地址短缺的问题。

关键词：中小型企业；稳定性；HSRP；VLAN；ACL

ABSTRACT

With the network technology the new system, developed by leaps and bounds in new areas, the traditional companies are taking advantage of the characteristics of their industry, network integration technology, the development of their own. Production step by step in the popularization of information today, the formation of the enterprise network is an esse- -ntial part of business, set up high-speed, stable, secure, intelligent office network, the formation of small and medium-sized enterprises are the core of the LAN.

This thesis set out in the industry network is the popular use of the core layer - convergence layer - the structural design of three-layer distribution of small and medium-sized enterprise networks, combined with widely used virtual LAN (VLAN), Hot Standby Routing (HSRP), Access Control list (ACL), Network Address Translation (NAT) and other techniques to enhance network stability and security.

Designed to use virtual LAN to isolate different departments, so as to achieve to enhance enterprise network security purposes; good at planning on the basis of VLAN, the access control list (ACL), set strategy, as well as between the Department to limit access to the server area further improve the internal corporate network security; and switches at the core level on the use of Hot Standby Routing (HSRP) technology, increased network redundancy, improve the overall stability of the enterprise network; the use of router hardware distribution Dynamic Host Protocol (DHCP) function to ensure that the depar -tment access to IP addresses; at the border router set up Network Address Translation (NAT), will convert internal private addresses to public network address, a number of users to simultaneously achieve a legitimate public IP with the external Internet to communicate, to solve the problem of shortage of IP addresses.

Key words:S mall and Medium Enterprises; stability; HSRP; VLAN; ACL

目录

绪论 (1)

1. 网络建设背景和必要性 (3)

2. 组建局域网的需求分析 (5)

2.1总体需求分析 (5)

2.2网络平台需求 (5)

2.3网络安全需求 (5)

2.3.1外网安全： (6)

2.3.1.1物理安全需求 (6)

2.3.1.2数据链路层需求 (6)

2.3.1.3入侵检测系统需求 (6)

2.3.1.4防病毒系统需求 (6)

2.3.1.5安全管理体制 (6)

2.3.2内网安全： (7)

2.3.2.1VLAN设置需求 (7)

2.3.2.2防病毒系统需求 (7)

2.3.2.3网络管理需求 (7)

2.3.2.4网络系统管理 (7)

3. 组建局域网的设计目标和原则 (8)

3.1核心交换机的高数据处理性能 (8)

3.2核心交换机的高可靠性 (8)

3.3核心交换机的灵活扩充性 (9)

3.4网络的安全性 (9)

3.5网络的可管理性 (9)

4. 局域网设计方案 (11)

4.1网络结构设计方案 (11)

4.2虚拟局域网（VLAN）设计方案 (12)

4.2.1VLAN技术简介 (12)

4.2.2VLAN方案设计 (13)

4.3第三层交换技术设计方案 (14)

4.4IP MULTICAST技术方案设计 (14)

4.5访问控制列表（ACL）设计方案 (17)

4.6IP地址规划与路由设计方案 (18)

4.6.1IP地址规划方案 (18)

4.6.2路由协议的选择 (19)

4.6.3路由协议设计方案 (21)

4.7HSRP：热备份路由器协议 (22)