Sei sulla pagina 1di 8

Enterprise network manager: The router-on-a-stick

At present, a lot of small and medium-sized enterprises network are formed by multiple L switches ! a router"you can use any one of #isco router$, and then connect the router into the internet% &o far, this is a common way to use router-ona-stick to manage the enterprise network% In order to realize the communications between all the employees and the Internet in the enterprises, it is unrealistic for a person using a public network address. Generally, the enterprise has one or several public addresses while has dozens or even hundreds of employees. How to communicate all these public addresses using employees with the Internet? N ! technology definitely" In general, there are lots of departments in a enterprise, such as finance department, technology department, engineering department and so on, each department doing his coherent responsibility. How to clearly distinguish these departments to facilitate the management? #$ N technology absolutely" In order to the convenient work and enhancement of the working efficiency, managers from different departments have to communicate with each other while the employees% are forbidden. How to do ? &$ technology without any doubt" 'ow, lets learn how to use the 'AT!(LA'!A#L technology to manage the enterprises network% 'TE " 'etwork Testing En)ironment$ is as below:

*ntroduction: !he only public network address' ()*.(+.(.(,*Three departments of the enterprise:
1

.inance department /0&( for manager1 !echnology department /0&2 for manager1 3ngineering department /0&4 for manager1 *+: 0&('(5*.(+6.(.*,*-0&*'(5*.(+6.(.2,*0&2'(5*.(+6.*.*,*-0&-'(5*.(+6.*.2,*0&4'(5*.(+6.2.*,*-0&+'(5*.(+6.2.2,*Test for purpose: 7y N ! configuration, all the computers will be connected to communicate with Internet through the only public network address. !o divide various departments through #$ N configuration and to realize the intercommunications among managers from different departments through &$ configuration while not among the employees. 8k, let%s down to work as we%ve known the intention. ,irstly, basic configuration on -. and - "dot./ is needed to encapsulate for subinterface configuration as we ha)e to use routing process among (LA's%$ 9( 9outer:en 9outer;conft 3nterconfiguration commands, one per line. 3nd with&N!$,<. 9outer/config1;host r( r(/config1;int s=,= r(/config>if1;ip addr ()*.(+.(.( *44.*44.*44.= r(/config>if1;no shut ?$IN@>4>&H NG3A' Interface Berial=,=, changed state to up r(/config>if1;clock rate +-=== ?$IN3098!8>4>C0A8DN' $ine protocol on Interface Berial=,=, changedstate to u r(/config>if1;eEit r(/config1;int f=,= r(/config>if1;no ip addr r(/config>if1;no shut r(/config>if1;eEit r(/config1;intf=,=.( "sub-interface configuration$ r(/config>subif1;encapsulation dot(F* "dot./ is needed to encapsulate for sub-interface configuration$ r(/config>subif1;ip addr (5*.(+6.(.( *44.*44.*44.= r(/config>subif1;no shut r(/config>subif1;eEit
2

r(/config1;intf=,=.* "sub-interface configuration$ r(/config>subif1;encapsulation dot(F2 "dot./ is needed to encapsulate for sub-interface configuration$ r(/config>subif1;ip addr (5*.(+6.*.( *44.*44.*44.= r(/config>subif1;no shut r(/config>subif1;eEit r(/config1;intf=,=.2 "sub-interface configuration$ r(/config>subif1;encapsulation dot(F- "dot./ is needed to encapsulate for sub-interface configuration$ r(/config>subif1;ip addr (5*.(+6.2.( *44.*44.*44.= 0e 1ust need the *+ configuration on &232 port of - cause we take - as public network% 9* 9outer:en 9outer;conft 3nterconfiguration commands, one per line. 3nd with&N!$,<. 9outer/config1;host r* r*/config1;int s=,= r*/config>if1;ip addr ()*.(+.(.* *44.*44.*44.= r*/config>if1;no shut &econdly, to ha)e all the employees passed through the only public network4*+ .5 %.6%.%.3 7 for *nternetcommunications% 9( r(/config1;ip nat pool internet ()*.(+.(.( ()*.(+.(.( netmask*44.*44.*44.= r(/config1;access>list (= permit (5*.(+6.=.==.=.*44.*44 r(/config1;ip nat inside source list (= pool internet overload r(/config1;int s=,= r(/config>if1;ip nat outside r(/config>if1;eEit r(/config1;int f=,= r(/config>if1;ip nat inside To di)ide )arious departments through (LA' configuration and to realize the intercommunications among managers from different departments through A#L configuration while not among the employees% Bw Bwitch:en
3

Bwitch;conft 3nterconfiguration commands, one per line. 3nd with&N!$,<. Bwitch/config1;int f=,( Bwitch/config>if1;switchport modetrunk "Trunk link configuration$ ?$IN3098!8>4>C0A8DN' $ine protocol on Interface .ast3thernet=,(,changed state to down ?$IN3098!8>4>C0A8DN' $ine protocol on Interface .ast3thernet=,(,changed state to up Bwitch/config>if1;eEit Bwitch/config1;vlan* "(LA' setting up$ Bwitch/config>vlan1;namegongchengbu "(lan : Engineering department$ Bwitch/config>vlan1;eEit Bwitch/config1;vlan2 "(LA' 8 setting up$ Bwitch/config>vlan1;namecaiwubu "(LA'8: ,inance department$ Bwitch/config>vlan1;eEit Bwitch/config>vlan1;vlan"(LA' 7 setting up$ Bwitch/config>vlan1;nameGishubu "(LA'7: Technology department$ Bwitch/config>vlan1;eEit Bwitch/config1;int f=,* Bwitch/config>if1;switchport access vlan* "9ember adding to (LA' manually$ Bwitch/config>if1;eEit Bwitch/config1;int f=,2 Bwitch/config>if1;switchport access vlan * Bwitch/config>if1;eEit Bwitch/config1;int f=,Bwitch/config>if1;switchport access vlan2 "9ember adding to (LA' 8 manually$ Bwitch/config>if1;eEit Bwitch/config1;int f=,4 Bwitch/config>if1;switchport access vlan 2 Bwitch/config>if1;eEit Bwitch/config1;int f=,+ Bwitch/config>if1;switchport access vlan"9ember adding to (LA' 7 manually$ Bwitch/config>if1;eEit Bwitch/config1;int f=,) Bwitch/config>if1;switchport access vlan Bwitch/config>if1;eEit The definition of A#L "Access #ontrol List$: :e careful for A#L definition and youd better put the most peculiar A#L on the top% 'ote: The interface binding is needed if the A#L can be applied% 9( r(/config1;access>list (= permit (5*.(+6.*.* =.=.=.= r(/config1;access>list (= deny (5*.(+6.*.= =.=.=.*44
4

r(/config1;access>list (= permit (5*.(+6.2.* =.=.=.= r(/config1;access>list (= deny (5*.(+6.2.= =.=.=.*44 r(/config1;access>list (= permit any r(/config1;int f=,=.( r(/config>subif1;ip access>group (= out r(/config>subif1;eEit r(/config1;access>list (( permit (5*.(+6.(.* =.=.=.= r(/config1;access>list (( deny (5*.(+6.(.= =.=.=.*44 r(/config1;access>list (( permit (5*.(+6.2.* =.=.=.= r(/config1;access>list (( deny (5*.(+6.2.= =.=.=.*44 r(/config1;access>list (( permit any r(/config1;int f=,=.* r(/config>subif1;ip access>group (( out r(/config>subif1;eEit r(/config1;access>list (* permit (5*.(+6.(.* =.=.=.= r(/config1;access>list (* deny (5*.(+6.(.= =.=.=.*44 r(/config1;access>list (* permit (5*.(+6.*.* =.=.=.= r(/config1;access>list (* deny (5*.(+6.*.= =.=.=.*44 r(/config1;access>list (* permit any r(/config1;int f=,=.2 r(/config>subif1;ip access>group (* out r(/config>subif1;eEit 'ow, all the employees can intercommunicates after configuration% 0&:ping ()*.(+.(.* 0inging()*.(+.(.* with 2* bytes of data' 9eplyfrom ()*.(+.(.*' bytesH2* timeH5-ms !!$H*49eply from()*.(+.(.*' bytesH2* timeH5-ms !!$H*49eply from()*.(+.(.*' bytesH2* timeH5-ms !!$H*49eply from()*.(+.(.*' bytesH2* timeH5=ms !!$H*40ingstatistics for ()*.(+.(.*' 0ackets' Bent H -, 9eceived H -, $ost H = /=? loss1, pproEimateround trip times in milli>seconds' Iinimum H5=ms, IaEimum H 5-ms, verage H 52ms The intercommunications among managers from different departments "+#., +#8 and +#;$ ha)e been realized after configuration% 0&(:ping (5*.(+6.*.* 0inging(5*.(+6.*.* with 2* bytes of data' 9eplyfrom (5*.(+6.*.*' bytesH2* timeH(*4ms !!$H(*) 9eply from(5*.(+6.*.*' bytesH2* timeH((=ms !!$H(*)
5

9eply from(5*.(+6.*.*' bytesH2* timeH((=ms !!$H(*) 9eply from(5*.(+6.*.*' bytesH2* timeH(*4ms !!$H(*) 0ingstatistics for (5*.(+6.*.*' 0ackets' Bent H -, 9eceived H -, $ost H = /=? loss1, pproEimateround trip times in milli>seconds' Iinimum H((=ms, IaEimum H (*4ms, verage H (()ms 0&( 0ING 0&4 0&(:ping (5*.(+6.2.* 0inging(5*.(+6.2.* with 2* bytes of data' 9eplyfrom (5*.(+6.2.*' bytesH2* timeH(((ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH(*=ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH(((ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH(=4ms !!$H(*) 0ingstatistics for (5*.(+6.2.*' 0ackets' Bent H -, 9eceived H -, $ost H = /=? loss1, pproEimateround trip times in milli>seconds' Iinimum H (=4ms, IaEimum H (*=ms, verage H (((ms 0&2 0ING 0&4 0&2:ping (5*.(+6.2.* 0inging(5*.(+6.2.* with 2* bytes of data' 9eplyfrom (5*.(+6.2.*' bytesH2* timeH(*4ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH(*4ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH(=5ms !!$H(*) 9eply from(5*.(+6.2.*' bytesH2* timeH5-ms !!$H(*) 0ingstatistics for (5*.(+6.2.*' 0ackets' Bent H -, 9eceived H -, $ost H = /=? loss1, pproEimateround trip times in milli>seconds' Iinimum H 5-ms, IaEimum H (*4ms, verage H ((2ms There is no intercommunications among employees%"+# ,+#7 and +#6$ 0&* 0ING 0&0&*:ping (5*.(+6.*.2 0inging(5*.(+6.*.2 with 2* bytes of data' 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 0ingstatistics for (5*.(+6.*.2' 0ackets' Bent H -, 9eceived H =, $ost H - /(==? loss1, 0&* 0ING 0&+
6

0&*:ping (5*.(+6.2.2 0inging(5*.(+6.2.2 with 2* bytes of data' 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 0ingstatistics for (5*.(+6.2.2' 0ackets'Bent H -, 9eceived H =, $ost H - /(==? loss1, 0&- 0ING 0& + 0&-:ping (5*.(+6.2.2 0inging(5*.(+6.2.2 with 2* bytes of data' 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 9eJuesttimed out. 0ingstatistics for (5*.(+6.2.2' 0ackets'Bent H -, 9eceived H =, $ost H - /(==? loss1, De get to our goals by all configurations as above' ll the employees can intercommunicate with Internet through one public network address. Ianagers from different departments can communicate with each other while not among the employees. 0e recommend you to use the Layer 8 &witches for <istribution Layer and #ore &witch and then connect to the *nternet by routers%

9ore related: #isco *ntegrated &er)ices -outer =eneration The a)ailable power supplies for the #isco routers >ow to reco)er password for the #isco .?22 and ?22 router@ The <ifference of The #isco #atalyst ?22 and #isco #atalyst .?22 9ore #isco products and -e)iews you can )isit: http',,www.2anetwork.com,blog

2 network.com is a world leading &isco networking products wholesaler, we wholesale original new &isco networking eJuipments, including &isco &atalyst switches, &isco
7

routers, &isco firewalls, &isco wireless products, &isco modules and interface cards products at competitive price and ship to worldwide. 8ur website' http',,www.2anetwork.com !elephone' K64*>2=+5>))22 3mail' infoL2 network.com ddress' *2,. $ucky 0laza, 2(4>2*( $ockhart 9oad, Danchai, Hongkong