Junhwan Heo

AWS Rack Decom Datatech

1 분 소요

1. 서론

    오늘은 그동안 배운것을 종합적으로 복습해보았다.

2. 본론

1. Cisco IOS

1. ACL

     Bogon IP란 Private IP, Reserved IP, IANA에서 아직 할당되지 않은 주소 등을 총칭한다. 일반적으로 우발적이나 악의적으로 잘못된 구성의 결과이기 때문에 대부분의 ISP와 end-user의 firewall은 이를 필터링한다.

//Bogon Filtering
1. Numbered Standard Access-list
//R1
# conf t
# access-list 1 deny 10.0.0.0 0.255.255.255
# access-list 1 deny 172.16.15.0 0.16.255.255
# access-list 1 deny 192.168.0.0 0.0.255.255
# access-list 1 permit any
!
# int f0/1
# ip access-group 1 in

2. Named Standard Access-list
# no access-list 1 //위에 설정 지우기
# ip access-list standard BOGON
# deny 10.0.0.0 0.255.255.255
# deny 172.16.0.0 0.15.255.255
# deny 192.168.0.0 0.0.255.255
# permit any
!
# int f0/1
# no access-group 1 in
# ip access-group BOGON in

//ACL 활용
1. 17.17.44.0/24로부터 R1으로 들어오는 Telnet 접근을 Numbered Standard Access-list을 사용하여 차단하시오.
//R1
# access-list 2 deny 17.17.44.0 0.0.0.255
# access-list 2 permit any
# line vty 0 4
!
# password WHATEVER
# access-class 2 in

2. Named Standard Access-list
# ip access-list standard TELNET
# deny 17.17.44.0 0.0.0.255
# permit any
# line vty 0 4
!
# password WHATEVER
# no access-class 2 in
# access-class TELNET in

3. R1의 Telnet Process에 적용을 취소하고 R2의 Serial Interface에 Numbered Extended Access-list를 사용하여 인바운드로 같은 효과로 적용하여라.
//R1
# line vty 0 4
!
# no access-class TELNET in
//R2
# access-list 10 deny tcp 17.17.33.0 0.0.0.255 host 17.17.12.1 eq 23
# access-list 10 permit any any
!
# int s1/0.23
# access-class 10 in

2. 연습문제1

image

image

//OSPF대신 RIP 사용해서 풀이

1. 기본 세팅
//Common
# conf t
# no ip domain look
# line c 0
# logging sync
# exec-t 0

//PC0
# no ip routing
# int f0/0
# no sh
# ip add 212.10.2.2 255.255.255.0
# exit
!
# ip default-gateway 212.10.2.1

//PC1
# no ip routing
# int f0/0
# no sh
# ip add 212.10.2.3 255.255.255.0
# exit
!
# ip default-gateway 212.10.2.1

//R1
# int f0/0
# no sh
# ip add 212.10.2.1 255.255.255.0
# exit
!
# username ISP password skills
!
# int s0/0/0
# no sh
# ip add 203.230.7.1 255.255.255.0
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username R1 password skills
# clock rate 64000
# exit
!
# ip route 1.1.30.0 255.255.255.0 f0/1 1.1.12.6

//ISP
# int s0/0/0
# no sh
# ip add 203.230.7.2 255.255.255.0
# exit
!
# username R1 password skills
!
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username ISP password skills
# exit
!
# int f0/0
# no sh
# ip add 213.10.10.1 255.255.255.0

2. RIP
//R1
# router rip
# ver 2
# network 203.230.7.0
// default-information originate //PAT 안돌릴 경우에 필요

//ISP
# router rip
# ver 2
# network 203.230.7.0
# network 213.10.10.0

3. PAT
//R1
# access-list 20 permit 212.10.2.0 0.0.0.255
or
# access-list 20 permit host 212.10.2.2 //2대만 지정하라는 조건이 있을 경우 사용 가능
# access-list 20 permit host 212.10.2.3

# access-list 20 permit 21.10.2.2 0.0.0.2

# ip nat inside source list 20 int s0/0/0 overload
!
# int f0/0
# ip nat inside
# exit
!
# int s0/0/0
# ip nat outside

3. 연습문제2

image

//ISP
# conf t
# int f0/0
# no sh
# ip add 192.168.10.254 255.255.255.0
# exit
!
# int f0/1
# no sh
# ip add 1.1.12.5 255.255.255.252
# exit
!
# router rip
# ver 2
# network 1.0.0.0
# no auto
# passive f0/0
# default-information originate
# exit
!
# ip route 0.0.0.0 0.0.0.0 f1/0 10.0.0.1
!
# access-list 10 permit host 1.1.12.5
# access-list 10 permit host 1.1.30.0
# ip nat inside source list 10 int f1/0 overload
!
# int range f0/0 - 1
# ip nat inside
# exit
!
# int f1/0
# ip nat outside

//R2
# conf t
# int f0/1
# no sh
# ip add 1.1.12.6 255.255.255.252
# exit
!
# int f0/0
# no sh
# ip add 1.1.30.254 255.255.255.0
# exit
!
# router rip
# ver 2
# no auto
# network 1.0.0.0

3. 결론

    월요일인데 시간이 빨리간다.

4. 참고자료

Ⅰ. 문웅호, 정보통신망
Ⅱ. NAT Configuration Guide
Ⅲ. RIP Configuration Guide

클라우드 엔지니어를 꿈꾸며 공부를 시작한 초보 엔지니어입니다. 틀린점 또는 조언해주실 부분이 있으시면 친절하게 댓글 부탁드립니다. 방문해 주셔서 감사합니다 :)

댓글남기기

참고