본문 바로가기
공부/CCNP

ICT보안실무_실습

by kyoung-ho 2017. 6. 11.
반응형

<ictsec.com_configuration>

 

<ASW1>

conf t

vtp mode transparent

vlan 10

name Sales

vlan 20

name MGR

vlan 999

name native

exit

 

int range fa 1/0 - 15

shut

!

int fa 1/0

desc ##Sales_User_PC##

switchport mode access

switchport access vlan 10

spanning-tree portfast

no shut

!

int fa 1/1

desc ##MGR_User_PC##

switchport mode access

switchport access vlan 20

spanning-tree portfast

no shut

!

int range fa 1/14 - 15

desc ##DSW1_Uplink##

switchport trunk allowed vlan 1,10,20,1002-1005

switchport trunk native vlan 999

switchport mode trunk

no shut

channel-group 1 mode on

!

int range fa 1/12 - 13

desc ##DSW2_Uplink##

switchport trunk allowed vlan 1,10,20,1002-1005

switchport trunk native vlan 999

switchport mode trunk

no shut

channel-group 2 mode on

!

 

<ASW2>

conf t

vtp mode transparent

vlan 10

name Sales

vlan 20

name MGR

vlan 999

name native

exit

 

int range fa 1/0 - 15

shut

!

int fa 1/0

desc ##Sales_User_PC##

sw mo acc

sw acc vlan 10

no shut

!

int fa 1/1

desc ##MGR_User_PC##

sw mo acc

sw acc vlan 20

no shut

!

int range fa 1/14 - 15

desc ##DSW2_Uplink##

sw trunk all vlan 1,10,20,1002-1005

sw trunk native vlan 999

sw mo trunk

no shut

channel-group 1 mode on

!

int range fa 1/12 - 13

desc ##DSW1_Uplink##

sw trunk all vlan 1,10,20,1002-1005

sw trunk native vlan 999

sw mo trunk

no shut

channel-group 2 mode on

!

 

<S_SW>

conf t

vtp mode transparent

vlan 30

name Server

exit

 

int range fa 1/0 - 15

shut

!

int range fa 1/0 - 1 , fa 1/14 - 15

sw mo acc

sw acc vlan 30

spanning-tree portfast

no shut

!

 

<DSW1>

conf t

vtp mode transparent

vlan 10

name Sales

vlan 20

name MGR

vlan 999

name Native

exit

 

int range fa 1/0 - 15

shut

!

int range fa 1/14 - 15

desc ##ASW1_Connection##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,1002-1005

switchport trunk native vlan 999

switchport mode trunk

no shut

channel-group 1 mode on

!

int range fa 1/12 - 13

desc ##ASW2_Connection##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,10,20,1002-1005

switchport trunk native vlan 999

switchport mode trunk

no shut

channel-group 2 mode on

!

int fa 1/0

desc ##CE_Connection##

no switchport

ip add 10.10.100.1 255.255.255.252

no shut

!

int fa 1/11

desc ##DSW2_Connection##

no switchport

ip add 10.10.100.9 255.255.255.252

no shut

!

int fa 1/10

desc ##Server_Farm_Connection##

no switchport

ip add 10.10.250.252 255.255.255.0

standby 30 ip 10.10.250.254

standby 30 priority 110

standby 30 track fa 1/0 50

standby 30 preempt delay minimum 30

no shut

!

int vlan 10

desc ##VLAN10_Gateway##

ip add 10.10.10.252 255.255.255.0

standby 10 ip 10.10.10.254

standby 10 priority 110

standby 10 track fa 1/0 50

standby 10 preempt delay minimum 30

ip helper-address 10.10.250.1

!

int vlan 20

desc ##VLAN20_Gateway##

ip add 10.10.20.252 255.255.255.0

standby 20 ip 10.10.20.254

standby 20 preempt

ip helper-address 10.10.250.1

!

ip routing

 

router ospf 1

router-id 1.1.1.1

net 10.10.10.252 0.0.0.0 area 0

net 10.10.20.252 0.0.0.0 area 0

net 10.10.100.1 0.0.0.0 area 0

net 10.10.100.9 0.0.0.0 area 0

net 10.10.250.252 0.0.0.0 area 0

!

 

<DSW2>

conf t

vtp mode transparent

vlan 10

name Sales

vlan 20

name MGR

vlan 999

name Native

exit

 

int range fa 1/0 - 15

shut

!

int range fa 1/14 - 15

desc ##ASW2_Connection##

sw trunk encapsulation dot1q

sw trunk all vlan 1,10,20,1002-1005

sw trunk native vlan 999

sw mo trunk

no shut

channel-group 1 mode on

!

int range fa 1/12 - 13

desc ##ASW1_Connection##

sw tr en dot1q

sw tr all vlan 1,10,20,1002-1005

sw tr na vlan 999

sw mo tr

no shut

channel-group 2 mode on

!

int fa 1/0

desc ##CE_Connection##

no switchport

ip add 10.10.100.5 255.255.255.252

no shut

!

int fa 1/11

desc ##DSW1_Connection##

no switchport

ip add 10.10.100.10 255.255.255.252

no shut

!

int fa 1/10

desc ##Server_Farm##

no switchport

ip add 10.10.250.253 255.255.255.0

standby 30 ip 10.10.250.254

standby 30 preempt

no shut

!

int vlan 10

desc ##VLAN10_Gateway##

ip add 10.10.10.253 255.255.255.0

standby 10 ip 10.10.10.254

standby 10 preempt

!

int vlan 20

desc ##VLAN20_Gateway##

ip add 10.10.20.253 255.255.255.0

standby 20 ip 10.10.20.254

standby 20 priority 110

standby 20 track fa 1/0 50

standby 20 preempt delay minimum 30

!

ip routing

 

router ospf 1

router-id 2.2.2.2

net 10.10.10.253 0.0.0.0 area 0

net 10.10.20.253 0.0.0.0 area 0

net 10.10.100.5 0.0.0.0 area 0

net 10.10.100.10 0.0.0.0 area 0

net 10.10.250.253 0.0.0.0 area 0

!

 

<CE>

conf t

int fa 0/0

desc ##DSW1_Connection##

ip add 10.10.100.2 255.255.255.252

ip nat inside

no shut

!

int fa 0/1

desc ##DSW2_Connection##

ip add 10.10.100.6 255.255.255.252

ip nat inside

no shut

!

int fa 1/0

desc ##ISP_KT_Connection##

ip add dhcp

ip nat outside

no shut

!

router ospf 1

router-id 3.3.3.3

net 10.10.100.2 0.0.0.0 area 0

net 10.10.100.6 0.0.0.0 area 0

default-information originate

!

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 10 permit 10.10.20.0 0.0.0.255

access-list 10 permit 10.10.250.0 0.0.0.255

 

ip nat inside source list 10 int fa 1/0 overload

 

** verify **

 

<ASW1/ASW2>

show ip int b

show vlan-s b

show int trunk

show etherchannel summary

 

<DSW1/DSW2>

show ip int b

show vlan-s b

show int trunk

show etherchannel summary

sh ip ospf nei

sh ip route

sh standby b

 

<CE>

show ip int b

sh ip ospf nei

sh ip route

sh ip nat translation (NAT Table)


 

반응형

'공부 > CCNP' 카테고리의 다른 글

Cisco Router ACL 설정  (0) 2021.11.20
ICT보안실무_NTP  (0) 2017.06.11
ICT보안실무_DHCP Relay Agent  (0) 2017.05.14
05.11_ICT보안실무_DHCP서버  (0) 2017.05.14
05.09_Switch_STP종류  (0) 2017.05.10

관련글

댓글

티스토리툴바