물리서버

[21전국] 3과제 기본 세팅 Basic Configuration

_눙이_ 2021. 11. 10. 18:56
반응형

본 솔루션은 아래 장비들을 기준으로 만들어졌습니다.

§   Cisco ASA 5506X

§   Cisco 2901 ISR

§   Cisco Catalyst 4321

 

아래를 참고하여 EX-FW의 인터페이스 맵핑을 구성 하도록 합니다.

Network Adapter ID ASAv Interface ID
Network Adapter 1 Management 0/0
Network Adapter 2 GigabitEthernet 0/0
Network Adapter 3 GigabitEthernet 0/1
Network Adapter 4 GigabitEthernet 0/2
Network Adapter 5 GigabitEthernet 0/3
Network Adapter 6 GigabitEthernet 0/4
Network Adapter 7 GigabitEthernet 0/5
Network Adapter 8 GigabitEthernet 0/6
Network Adapter 9 GigabitEthernet 0/7
Network Adapter 10 GigabitEthernet 0/8


아래를 참고하여 EX-R의 인터페이스 맵핑을 구성 하도록 합니다.

Network Adapter ID ASAv Interface ID
Network Adapter 1 GigabitEthernet1
Network Adapter 2 GigabitEthernet2
Network Adapter 3 GigabitEthernet3

1) Basic Configuration

모든 장비 및 호스트의 호스트네임을 토폴로지 상의 이름으로 변경

 

ASA를 제외한 모든 장비

conf t

enable password korea2021##

service password-encryption

clock timezone KST 9 0

 

EX-FW, CENT-FW

conf t

enable password korea2021##

clock timezone KST 9 0

 

1) L2 Configuration

WORK-SW1

conf t

int range fa0/21,fa0/22

channel-group 1 mode desirable

int port-channel 1

sw m t

sw trunk allowed vlan 10,20,100

exit

int range fa0/24

sw m t

sw trunk allowed vlan 10,20

sw trunk native vlan 10

exit

vlan 10

name WORK-CLIENT

vlan 20

name WORK-VOICE

vlan 100

name CENT

exit

int fa0/1

sw m ac

sw ac vlan 20

vtp ve 2

vtp domain SKILLS2021

vtp password korea2021##

vtp mode server

spanning-tree portfast edge default

 

WORK-SW2

conf t

int range fa0/21,fa0/22

channel-group 1 mode auto

exit

int port-channel 1

sw m t

sw trunk allowed vlan 10,20,100

exit

vtp ve 2

vtp domain SKILLS2021

vtp password korea2021##

vtp mode client
int fa0/3

sw m ac

sw ac vlan 10

exit

int range fa0/1-2

sw m ac

sw ac vlan 100

exit

int range fa0/24

sw m ac

sw ac vlan 100

exit

spanning-tree portfast edge default

ip dhcp snooping

ip dhcp snooping vlan 100

no ip dhcp snooping information option

int fa0/24

ip dhcp snooping trust

 

1) L3 Configuration

ISP

#vim /etc/network/interface

 

#systemctl restart networking

 

CENT-SRV

#vim /etc/network/interface

 

#systemctl restart networking

 

REMOTE

ncpa.cpl 실행

 

WORK-SW1, WORK-SW2

conf t

sdm prefer dual-ipv4-and-ipv6 default

do wr

do reload

 

WORK-SW1

conf t

int vlan 10

no shut

ipv6 add 2001:10:101:2::10/64

ipv6 enable

 

exit

ipv6 route ::/0 2001:10:101:2::1

 

WORK-SW2

conf t

int vlan 100

no shut

ip add 172.16.0.10 255.255.255.0

ipv6 add 2001:10:202:2::10/64

ipv6 enable

exit

ip default-gateway 172.16.0.254

ipv6 route ::/0 2001:10:202:2::FFFF

 

CENT-FW

conf t

no object network obj_any

policy-map global_policy

class inspection_default

inspect icmp

exit

exit

same-security-traffic permit inter-interface

int  gig1/1

no shut

nameif INSIDE

security-level 100

ip add 172.16.0.254 255.255.255.0

ipv6 enable

ipv6 add 2001:10:202:2::FFFF/64

exit

int  gig1/8

no shut

nameif OUTSIDE

security-level 0

ip add 10.1.0.1 255.255.255.252

ipv6 enable

ipv6 add 2001:10:202:1::1/64

exit

access-list OUT-TO-IN extended permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.255.255.0

access-list OUT-TO-IN extended permit ip 2001::/16 2001::/16

access-group OUT-TO-IN in interface OUTSIDE

 

WORK-R

conf t

ipv6 unicast-routing

int gig0/0/0

no shut

exit

int gig0/0/0.10

en dot1q 10 native

ipv6 enable

ipv6 add 2001:10:101:2::1/64

exit

int gig0/0/0.20

en dot1q 20

ip add 192.168.0.254 255.255.255.0

int gig0/0/1

no shut

ip add 203.230.10.1 255.255.255.252

exit

int lo 0

ip add 1.1.1.1 255.255.255.0

 

EX-R

conf t

int gig1

no shut

ip add 140.30.2.2 255.255.255.252

int gig0/1001:AAAA::2FFF/6452

5.224

24

2

no shut

ip add 203.230.10.2 255.255.255.252

int gig0/1001:AAAA::2FFF/6452

5.224

24

3

no shut

ip add 107.58.65.2 255.255.255.252

 

CENT-R

conf t

ipv6 unicast-routing

int gig0/0/0

no shut

ip add 10.1.0.2 255.255.255.252

ipv6 enable

ipv6 add 2001:10:202:1::FFFF/64

exit

int gig0/0/1

no shut

ip add 107.58.65.1 255.255.255.252

exit

int lo 0

ip add 1.1.2.2 255.255.255.0

 

EX-FW

conf t

policy-map global_policy

class inspection_default

inspect icmp

exit

exit

same-security-traffic permit inter-interface

int gig0/8

no shut

nameif OUTSIDE

security-level 0

ip add 140.30.2.1 255.255.255.252

exit

int gig0/0

no shut

nameif INSIDE

security-level 100

ip add 110.240.50.254 255.255.255.0

exit

access-list OUT-TO-IN extended permit icmp 9.9.9.0 255.255.255.0 110.240.50.0 255.255.255.0

access-list OUT-TO-IN extended permit icmp host 107.58.65.1 110.240.50.0 255.255.255.0

access-group OUT-TO-IN in interface OUTSIDE

반응형