23.04.17

728x90

isp - mac바꿔주기

vtp

vlan

trunking

https://onebyone1.tistory.com/176

switch의 모든포트는 bpdu를 2초마다 주고받는다(bpdu의 hello는 2초다.). 근데 교무1은 switch가 아니다. 그럼bpdu를 보내면 안된다. 그걸 설정해주는게 spanning-tree portfast bpduguard.

forward-delay

port fast하면 시간 절약. 바로 깨어나서.

결론 : portfast 가 선언된 단자는 컴퓨터 달린 단자.

글로벌모드에서 bpduguard한다.

검증하려면? do show ether sum

show interface trunking

프레임릴레이 모른다면?

do show frame-relay pvc | include DLCI

기본설정

ena

conf t
no ip domain lookup
line c 0
logg sy
exec-timeout 0

host

VTP

[DSW1]

vtp mode transparent //vlan 이 여러개로 나눠져 있기때문에 vtp parent로 해주는게 제일 적합하다.

[DSW2]

vtp mode transparent

[ASW1]

vtpmode transparent

no ip routing

[ASW2]

vtp mode transparent

no ip routing

[S_SW]

vtp mo transparent

no ip routing

VLAN

[DSW1]

vlan 10

vlan 20

vlan 30

vlan 40

vlan 50

exit

[DSW2]

vlan 10

vlan 20

vlan 30

vlan 40

vlan 50

exit

[ASW1]

vlan 10

vlan 20

exit

[ASW2]

vlan 30

vlan 40

exit

[S_SW]

vlan 50

exit

[R4]

vlan 70

exit

VLAN에 PORT 집어 넣기

[ASW1]

spanning-tree portfast bpduguard

//인터페이스안에서 spanning-tree portfast를 하고 글로벌모드에서 bpduguard를 한다.

//switch의 모든포트는 bpdu를 2초마다 주고받는다(bpdu의 hello는 2초다.). 근데 교무1은 switch가 아니다. 그럼bpdu를 보내면 안된다. 그걸 설정해주는게 spanning-tree portfast bpduguard.

forward-delay

port fast하면 시간 절약. 바로 깨어나서.

결론 : portfast 가 선언된 단자는 컴퓨터 달린 단자.

int f1/1

sw mode acc

sw ac vlan 10

exit

int f1/2

sw mode access

sw access vlan 20

exit

[ASW2]

spanning-tree portfast bpduguard

int f1/3

sw mo ac

sw ac vlan 30

exit

int f1/4

sw mo ac

sw ac vlan 40

[S_SW]

spanning-tree portfast bpduguard

int range f1/5 - 7

sw mo ac

sw ac vlan 50

[R4]

int range f1/10 - 11

sw mode acc

sw ac vlan 70

TRUNKING

[DSW1]

do show cdp neighbor

int range f1/9 - 10f

sw tr enc dot

sw mo tr

channel-group 5 mode on

exit

int range f1/11 - 12

sw tr enc dot

sw mo tru

channel-group 1 mode on

int range f1/13 - 14

sw tr enc dot

sw mo trun

channel-group 4 mode on

int f1/15

sw tr encap dot1

sw mode trunk

[DSW2]

do show cdp neighbor

int range f1/9 - 10

sw tr enc dot

sw mode trun

channel-group 5 mode on

int range f1/13 - 14

sw tr enc dot

sw mode trun

channel-group 3 mode on

int range f1/11 - 12

sw tr enc dot

sw mode trun

channel-group 2 mode on

int f1/15

sw trun enc dot1

sw mode trun

[ASW1]

do show cdp neighbor

int range f1/11 - 12

sw tr enc dot

sw mode trun

channel-group 1 mode on

int range f1/13 - 14

sw tr enc dot

sw mode trun

channel-group 3 mode on

[ASW2]

do show cdp neighbor

int range f1/13 - 14

sw tr enc dot

sw mode trun

channel-group 4 mode on

int range f1/11 - 12

sw tr enc dot

sw mode trun

channel-group 2 mode on

[S_SW]

int range f1/14 - 15

sw mo trunk

sw trun enc dot

[검증]

do show ether sum

DSW1(config-if-range)#do show ether sum
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Fa1/11(P)  Fa1/12(P)
4     Po4(SU)     Fa1/13(P)  Fa1/14(P)
5     Po5(SU)     Fa1/9(P)   Fa1/10(P)

DSW2(config-if-range)#do show ether sum
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
2     Po2(SU)     Fa1/11(P)  Fa1/12(P)
3     Po3(SU)     Fa1/13(P)  Fa1/14(P)
5     Po5(SU)     Fa1/9(P)   Fa1/10(P)

ASW1(config-if-range)#do show ether sum
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Fa1/11(P)  Fa1/12(P)
3     Po3(SU)     Fa1/13(P)  Fa1/14(P)

ASW2(config-if-range)#do show ether sum
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
2     Po2(SU)     Fa1/11(P)  Fa1/12(P)
4     Po4(SU)     Fa1/13(P)  Fa1/14(P)

show int trunk

IP넣기

[ISP]

int f1/0

shut

mac-add 1234.1234.1312

no shut

ip add dhcp

int f0/1

no shut

ip add 1.1.100.5 255.255.255.252

int f0/0

no shut

ip add 1.1.100.1 255.255.255.252

[CE]

int f1/0

no shut

ip add 1.1.100.2 255.255.255.252

int s2/0

no shut

ip add 211.104.54.1 255.255.255.0

encap frame

no frame inverse

clock rate 64000

fram map ip 211.104.54.2 102 br

do show frame-relay pvc | include DLCI

int f0/1

no shut

ip add 192.168.10.139 255.255.255.248

int f0/0

no shut

ip add 192.168.10.131 255.255.255.248

do show ip route

     1.0.0.0/30 is subnetted, 1 subnets
C       1.1.100.0 is directly connected, FastEthernet1/0
     192.168.10.0/29 is subnetted, 2 subnets
C       192.168.10.128 is directly connected, FastEthernet0/0
C       192.168.10.136 is directly connected, FastEthernet0/1
C    211.104.54.0/24 is directly connected, Serial2/0

[DSW1]

int f0/0

no shut

ip add 192.168.10.132 255.255.255.248

int vlan 10

ip add 192.168.10.29 255.255.255.224

int vlan 20

ip add 192.168.10.61 255.255.255.224

int vlan 30

ip add 192.168.10.93 255.255.255.224

int vlan 40

ip add 192.168.10.125 255.255.255.224

int vlan 50

ip add 192.168.50.251 255.255.255.0

[DSW2]

int f0/1

no shut

ip add 192.168.10.140 255.255.255.248

int vlan 10

ip add 192.168.10.30 255.255.255.224

int vlan 20

ip add 192.168.10.62 255.255.255.224

int vlan 30

ip add 192.168.10.94 255.255.255.224

int vlan 40

ip add 192.168.10.126 255.255.255.224

int vlan 50

ip add 192.168.50.252 255.255.255.0

[HQ_CE]

int s1/0

no shut

enc fram

no fram inverse

clock rate 64000

ip add 211.104.54.2 255.255.255.0

do show fram pvc | include DLCI //201인거 확인

frame map ip 211.104.54.1 201 br

int f0/0

no shut

ip add 192.168.60.254 255.255.255.0

[R4]

int f1/15

no swit

no shut

ip add 1.1.100.6 255.255.255.252

int vlan 70

ip add 2.2.70.254 255.255.255.0

[ISP]

ping 10.0.0.1

ping 1.1.100.6

ping 1.1.100.2

CE]

ping 211.104.54.2 ==>날아가야하는데 안날아감;;; 문제점 못찾음;;;;; -- 답은 초기화다.-_-;;

ping 192.168.10.140

ping 192.168.10.132

IP ROUTE & NAT설정

[isp]

confi ter

ip route 0.0.0.0 0.0.0.0 f1/0 10.0.0.1

ip route 2.2.70.0 255.255.255.0 f0/1 1.1.100.6

ip route 1.1.200.0 255.255.255.0 f0/0 1.1.100.2 //저 쪽 서버단이 공인 ip를 물고 나오기 때문에 200대역으로 라우팅이 되어야한다.

[HQ_CE]

ip route 0.0.0.0 0.0.0.0 s1/0 211.104.54.1

[R4]

ip route 0.0.0.0 0.0.0.0 f1/15 1.1.100.5

[CE]

ip route 0.0.0.0 0.0.0.0 f1/0 1.1.100.1

ip route 192.168.60.0 255.255.255.0 s2/0 211.104.54.2

NAT 설정

[isp]

ip access-list standard INGRESS

permit host 1.1.100.2

permit 2.2.70.0 0.0.0.255

permit 1.1.200.0 0.0.0.255

ip nat inside source list INGRESS int f1/0 overload

int range f0/0 - 1

ip nat inside

exit

int f1/0

ip nat outside

[CE]

ip access-list standard INGRESS

20 permit 192.168.60.0 0.0.0.255

10 permit 192.168.10.0 0.0.0.255

CE(config-std-nacl)#do sho ip access
Standard IP access list INGRESS
10 permit 192.168.10.0, wildcard bits 0.0.0.255
20 permit 192.168.60.0, wildcard bits 0.0.0.255

ip nat inside source list INGRESS int f1/0 overload

int range f0/0 - 1

ip nat inside

int s2/0

ip nat inside

int f1/0

ip nat outside

exit

ip nat inside source static 192.168.50.101 1.1.200.1

ip nat inside source static 192.168.50.102 1.1.200.2

//이 설정은 내부IP 192.168.50.x 가 외부로 나갈 때는 1.1.200.x라는 IP로 변환하라는 의미이다.

OSPF 설정

[CE]

router ospf 17

router-id 17.17.4.4 //실제 존재하지 않는 아이디여도 괜찮음.

net 192.168.10.131 0.0.0.0 area 0

net 192.168.10.139 0.0.0.0 area 0

exit

//재분배

//그냥 redistribute connected 하면 f1/0과 s2/0 둘다 재분배된다. s2/0만 재분배되게 설정.

route-map S2_ONLY

match interface serial 2/0

exit

router ospf 17

redistribute connected route-map S2_ONLY subnet

default-information originate //밑에단 애들이 구글을 찾으면 DSW1,2가 CE로 향해야해서 default를 줘야한다.(이거 없으면 인터넷이 안됨)

s2/0 으로 재분배를 해서 오른쪽에있는 애들을 다 불러온다.(s2/0은 OSPF도 아니고 같은 지역에 없기때문에 재분배 해주는것)

f1/0쪽으로는 nat가 돌고있기 때문에 재분배 안해준다(해주면 사설아이피 다 알아버려서 보안 자격 박탈)

[DSW1] -- 너무 많아서 show ip int brie 하고 넣는게 낫다.

router ospf 17

router-id 17.17.2.2

net 192.168.10.132 0.0.0.0 a 0

net 192.168.10.29 0.0.0.0 a 0

net 192.168.10.61 0.0.0.0 a 0

net 192.168.10.93 0.0.0.0 a 0

net 192.168.10.125 0.0.0.0 a 0

net 192.168.50.251 0.0.0.0 a 0

[DSW2]

router ospf 17

router-id 17.17.3.3

net 192.168.10.140 0.0.0.0 a 0

net 192.168.10.30 0.0.0.0 a 0

net 192.168.10.62 0.0.0.0 a 0

net 192.168.10.94 0.0.0.0 a 0

net 192.168.10.126 0.0.0.0 a 0

net 192.168.50.252 0.0.0.0 a 0

[DSW1]

ping 168.126.63.1 source 192.168.10.29

win2016에 vmnet5

192.168.50.101

255.255.255.0

192.168.50.251

192.168.50.101

168.126.63.1

ping 192.168.50.251

[HQ_CE]

ping 168.126.63.1 source 192.168.60.254

[R4]

ping 168.126.63.1 source vlan 70

HSRP

[DSW1]

int vlan 10

standby 10 ip 192.168.10.28

standby 10 priority 110

standby 10 preempt delay minimum 5

standby 10 track f0/0 30

exit

do sh run int vlan 10 // 5개 나옴

int vlan 20

standby 20 ip 192.168.10.60

standby 20 priority 110

standby 20 preempt delay minimum 5

standby 20 track f0/0 30

exit

do sh run int vlan 20 //5개 보임

do sh run int vlan 10

int vlan 50

standby 50 ip 192.168.50.100

standby 50 priority 110

standby 50 preempt delay minimum 5

standby 50 track f0/0 30

exit

int vlan 30

standby 30 ip 192.168.10.92

standby 30 preempt

exit

int vlan 40

standby 40 ip 192.168.10.124

standby 40 preempt

[DSW2]

int vlan 30

standby 30 ip 192.168.10.92

standby 30 priority 110

standby 30 preempt delay minimum 5

standby 30 track f0/1 30

exit

int vlan 40

standby 40 ip 192.168.10.124

standby 40 priority 110

standby 40 preempt delay minimum

standby 40 track f0/1 30

int vlan 10

standby 10 ip 192.168.10.28

standby 10 preempt

exit

int vlan 20

standby 20 ip 192.168.10.60

standby 20 preempt

exit

int vlan 50

standby 50 ip 192.168.50.100

standby 50 preempt

exit

Win2016 - 192.168.50.100을 게이트웨이로

CE]

show ip nat translation // ip 주소 사설로 바뀐거 볼수있다.

트러블슈팅>>

다 잘 넣어준것같은데 인터넷 연결이 안된다?

switch-vlan 에 인터페이스 잘들어갔나 확인

trunk 확인하기

DSW1의 f0/0포트 껐다 켜기

int vlan 껐다 켜기

과제 플러스 점수 받는 방법>>

isp에 유캠달고

kedu.edu에 DMZ (inside)

728x90

저작자표시 비영리 변경금지

'네트워크 수업' 카테고리의 다른 글

23.04.20 NFS (0)	2023.04.20
메일서버 23.04.18 (0)	2023.04.18
23.04.14 OSPF CCIE 코드 정리 (0)	2023.04.14
[네트워크] OSPF / Frame-Relay 23.04.13 (0)	2023.04.13
23.04.13 OSPF (0)	2023.04.13

공부 기록하는 blog

23.04.17

기본설정

VTP

VLAN

VLAN에 PORT 집어 넣기

TRUNKING

[검증]

IP넣기

IP ROUTE & NAT설정

NAT 설정

OSPF 설정

HSRP

'네트워크 수업' 카테고리의 다른 글

댓글

티스토리툴바

23.04.17

기본설정

VTP

VLAN

VLAN에 PORT 집어 넣기

TRUNKING

[검증]

IP넣기

IP ROUTE & NAT설정

NAT 설정

OSPF 설정

HSRP

'네트워크 수업' 카테고리의 다른 글

관련글

댓글

티스토리툴바