【作者】 仇剑锋；

【导师】 蔡自兴；

【作者基本信息】 中南大学 ， 软件工程， 2007， 硕士

【摘要】 随着企业信息化水平的提高，企业信息系统网络规模在不断扩大，随之而来的网络安全、网络流量、网络通信速度、网络维护工作量等问题明显增加。究其原因，是由于各企业的信息网络普遍使用二层交换技术的网络架构造成的。二层交换技术架构网络的主要弱点是：在局域网内不能划分VLAN，网络物理链路存在安全漏洞，同一个网段内的工作站过多会引起广播风暴，甚至导致网络瘫痪，不能有效地解决各种网络互连、安全控制等问题。三层交换技术的出现主要是为了解决规模较大的网络中的广播问题，通过VLAN把一个大的交换网络划分为多个较小的广播域，各个VLAN之间再采用三层交换技术互通。企业信息网络采用三层交换技术，可以确保计算机网络更加合理、安全、有效。对于企业网络安全而言，主要通过采用网络物理链路安全和访问控制两个方面的安全策略来实现企业网络安全，而采用三层交换技术的网络架构，很大程度上避免了二层交换技术的缺陷，，能够较好地实现此类安全策略目标。随着网络规模的升级，信息流量逐渐加大，人员管理变得日益复杂，给企业网的安全、稳定和高效运行带来新的隐患，如何消除这些隐患呢?在VLAN问采用访问控制策略，能够加强网络的整体安全。在核心层和汇接层交换机的接口上建立访问控制列表来实现VLAN之间的访问控制，决定哪些用户数据流可以在VLAN之间进行交换，以及最终到达核心层。论文简要介绍了VLAN技术在当前企业中的应用状况，实施VLAN的必要性及存在的问题，依据IEEE802.1Q标准和CISCO公司的VLAN协议阐述了VLAN的工作机制。论文中讨论了VLAN之间的两种通信方式：(1)通过路由器实现VLAN间的通信；(2)通过三层交换机实现VLAN间的通信。论文对某石化企业网络安全性进行了分析，针对企业网络的实际情况，基于VLAN和三层交换技术安全策略，提出了解决方案，并且在企业网络安全项目中进行了具体实施，解决了企业局域网安全方面的主要问题，达到项目预期目标。更多还原

【Abstract】 Along with exaltation of the enterprise informatization level, the enterprise information system network scale is extend continuously, and brought with network safety, network traffic, communication speed, amount of network maintenance have markedly increased. The reasons are as follows: two layers to exchange technology is used in enterprise information network widely, two layers exchange technology network ’s chief weaknesses is that they cannot divide VLAN within the network, The network physics link exists security breach, The work station in the same of net segment excessive will cause the broadcast storm, even causing network paralyze, can’t resolve various network connect with each other availably, the safety controls etc. The advent of the tri-layer exchange technology primarily for Make up the questions broadcast questions of large-scale network. Divide bigger network to the smaller broadcast area through a VLAN ,every VLAN adopts tri-layer exchange technology communications each other . The enterprise information network adopts tri-layer exchange technology can insure the network more reasonable, safety, valid.For enterprise network safe, we have mainly adopt the network physics link safety and access control two safe strategies to carry out the enterprise network safety, And adopt tri-layer exchange technology network structure, to a great extent avoided two layers exchange technical blemish,, can carry out this kind of safe strategy target goodly. Along with the upgrade of the network scale, traffic increases, manage personnel become complicate increasingly,it brings new hidden danger of network’s safe, reliable and efficient operation of the system. How clear up this hidden danger ? Adopt the access control strategy between the VLAN, can strengthen whole safety of the network. It realize access control between vlan by buile access control list of core layer and access layer interface , decided which user data can exchange between VLAN,and reach core layer at last.Degree paper briefly introduce VLAN technology application state of enterprise, necessity of VLAN implementation and existing problems, according to EEE802.1Q criterion and VLAN Protocol of Cisco company, expounded work mechanism of VLAN. This thesis discusses tow communication mode of VLAN (1) Realizing communication between VLAN by router;(2) Realizing communication between VLAN by tri-layer Switches.Degree paper analyse network security of petro-chemical Company , directed at enterprise network condition, find the solution for the problem by based on VLAN and Tri-layer exchange ,and carry them out in safety project of enterprise network, it resolve main problem of enterprise network security, realize the project expectation aim.更多还原