[KEDUIT] 클라우드 컴퓨팅과 보안솔루션을 활용한 DC 엔지니어 양성교육 - Day50
1. 서론
오늘은 그동안 배운걸 바탕으로 실습을 해보았다.
2. 본론
1. Practice
ISP(UTM) / .edu -> DMZ / CE -> inside / ictsec. -> inside
//Common
# no ip domain look
# line c 0
# logging sync
# exec-t 0
1. DSW1
# hostname DSW1
# vtp mode transparent
!
# vlan 10
!
# vlan 20
!
# vlan 30
!
# vlan 40
!
# vlan 50
!
# sh cdp nei
!
# int range f1/9 - 10
# sw tr en dot
# sw mo tr
# channel-group 5 mo on
!
# int range f1/11 - 12
# sw tr en dot
# sw mo tr
# channel-group 1 mo on
!
# int range f1/13 - 14
# sw tr en do
# sw mo tr
# channel-group 4 mo on
!
# int f1/15
# sw tr en do
# sw mo tr
!
# sh ether summary
!
# int f0/0
# no sh
# ip add 192.168.10.128 255.255.255.248
!
# int vlan 10
# ip add 192.168.10.29 255.255.255.224
!
# int vlan 20
# ip add 192.168.10.61 255.255.255.224
!
# int vlan 30
# ip add 192.168.10.93 255.255.255.224
!
# int vlan 40
# ip add 192.168.10.125 255.255.255.224
!
# int vlan 50
# ip add 192.168.50.251 255.255.255.0
!
# router ospf 17
# router-id 17.17.2.2
# net 192.168.10.132 0.0.0.0 area 0
# net 192.168.10.29 0.0.0.0 area 0
# net 192.168.10.61 0.0.0.0 area 0
# net 192.168.10.93 0.0.0.0 area 0
# net 192.168.10.125 0.0.0.0 area 0
# net 192.168.50.251 0.0.0.0 area 0
!
# int vlan 10
# standby 10 ip 192.168.10.28
# standby 10 priority 110
# standby 10 preempt delay minimum 5
# standby 10 track f0/0 30
!
# int vlan 20
# standby 20 ip 192.168.10.60
# standby 20 priority 110
# standby 20 preempt delay minimum 5
# standby 20 track f0/0 30
!
# int vlan 50
# standby 50 ip 192.168.50.100
# standby 50 priority 110
# standby 50 preempt delay minimum 5
# standby 50 track f0/0 30
!
# int vlan 30
# standby 30 ip 192.168.10.92
# standby 30 preempt
!
# int vlan 40
# standby 40 ip 192.168.10.124
# standby 40 preempt
2. DSW2
# hostname DSW2
# vtp mode transparent
!
# vlan 10
!
# vlan 20
!
# vlan 30
!
# vlan 40
!
# vlan 50
!
# sh cdp nei
!
# int range f1/9 - 10
# sw tr en do
# sw mo tr
# channel-group 5 mo on
!
# int range f1/13 - 14
# sw tr en do
# sw mo tr
# channel-group 3 mo on
!
# int range f1/11 - 12
# sw tr en do
# sw mo tr
# channel-group 2 mo on
!
# int f1/15
# sw tr en do
# sw mo tr
!
# sh ether summary
!
# int f0/1
# no sh
# ip add 192.168.10.140 255.255.255.248
!
# int vlan 10
# ip add 192.168.10.30 255.255.255.224
!
# int vlan 20
# ip add 192.168.10.62 255.255.255.224
!
# int vlan 30
# ip add 192.168.10.94 255.255.255.224
!
# int vlan 40
# ip add 192.168.10.126 255.255.255.224
!
# int vlan 50
# ip add 192.168.50.252 255.255.255.0
!
# router ospf 17
# router-id 17.17.3.3
# net 192.168.10.140 0.0.0.0 a 0
# net 192.168.10.30 0.0.0.0 a 0
# net 192.168.10.62 0.0.0.0 a 0
# net 192.168.10.94 0.0.0.0 a 0
# net 192.168.10.126 0.0.0.0 a 0
!
# int vlan 30
# standby 30 ip 192.168.10.92
# standby 30 priority 110
# standby 30 preempt delay minimum 5
# standby 30 track f0/1 30
!
# int vlan 40
# standby 40 ip 192.168.10.124
# standby 40 priority 110
# standby 40 preempt delay minimum 5
# standby 40 track f0/1 30
!
# int vlan 10
# standby 10 ip 192.168.10.28
# standby 10 preempt
!
# int vlan 20
# standby 20 ip 192.168.10.60
# standby 20 preempt
!
# int vlan 50
# standby 50 ip 192.168.50.100
# standby 50 preempt
3. ASW1
# hostname ASW1
# no ip routing
# vtp mode transparent
!
# vlan 10
!
# vlan 20
!
# int f1/1
# sw mo ac
# sw ac vlan 10
!
# int f1/2
# sw mo ac
# sw ac vlan 20
!
# int range f1/1 - 2
# spanning-tree portfast
!
# spanning-tree portfast bpduguard
!
# int range f1/11 - 12
# sw tr en do
# sw mo tr
# channel-group 1 mo on
!
# int range f1/13 - 14
# sw tr en do
# sw mo tr
# channel-group 3 mo on
!
# sh ether summary
4. ASW2
# hostname ASW2
# vtp mode transparent
# no ip routing
!
# vlan 30
!
# vlan 40
!
# int f1/3
# sw mo ac
# sw ac vlan 30
!
# int f1/4
# sw mo ac
# sw ac vlan 40
!
# int range f1/3 - 4
# spanning-tree portfast
!
# spanning-tree portfast bpduguard
!
# int range f1/13 - 14
# sw tr en do
# sw mo tr
# channel-group 4 mo on
!
# int range f1/11 - 12
# sw tr en do
# sw mo tr
# channel-group 2 mo on
!
# sh ether summary
5. S_SW
# hostname S_SW
# vtp mode transparent
# no ip routing
# vlan 50
!
# int range f1/14 - 15
# sw tr en dot
# sw mo tr
!
# int range f1/5 - 7
# sw mo ac
# sw ac vlan 50
# spanning-tree portfast
!
# spanning-tree portfast bpduguard
6. R4
# hostname R4
# no cdp advertise-v2
# vlan 70
!
# int f1/15
# no sw
# no sh
# ip add 1.1.100.6 255.255.255.252
!
# int range f1/10 - 11
# sw ac vlan 70
# sw mo ac
!
# int vlan 70
# ip add 2.2.70.254 255.255.255.0
!
# ip route 0.0.0.0 0.0.0.0 f1/15 1.1.100.5
7. ISP
# hostname ISP
# int f1/0
# ip add dhcp
!
# int f0/1
# no sh
# ip add 1.1.100.5 255.255.255.252
!
# int f0/0
# no sh
# ip add 1.1.100.1 255.255.255.252
!
# ip route 0.0.0.0 0.0.0.0 f1/0 10.0.0.1
# ip route 2.2.70.0 255.255.255.0 f0/1 1.1.100.6
# ip route 1.1.200.0 255.255.255.0 f0/0 1.1.100.2
!
# ip access-list standard INGRESS
!
# permit host 1.1.100.2
# permit 2.2.70.0 0.0.0.255
# permit 1.1.200.0 0.0.0.255
!
# ip nat inside source list INGRESS int f1/0 overload
!
# int range f0/0 - 1
# ip nat inside
!
# int f1/0
# ip nat outside
8. CE
# hostname CE
!
# sh frame-relay pvc | include DLCI
!
# int s2/0
# no sh
# enc fram
# no fram inverse
# clock rate 64000
# ip add 211.104.54.1 255.255.255.0
# fram map ip 211.104.54.2 102 br
!
# int f1/0
# no sh
# ip add 1.1.100.2 255.255.255.252
!
# int f0/0
# no sh
# ip add 192.168.10.131 255.255.255.248
!
# int f0/1
# no sh
# ip add 192.168.10.139 255.255.255.248
!
# ip route 0.0.0.0 0.0.0.0 f1/0 1.1.100.1
# ip route 192.168.60.0 255.255.255.0 s2/0 211.104.54.2
!
# router ospf 17
# rotuer-id 17.17.4.4
# net 192.168.10.131 0.0.0.0 area 0
# net 192.168.10.139 0.0.0.0 area 0
!
# route-map S2_ONLY
# match int s2/0
!
# router ospf 17
# redistribute connected route-map S2_ONLY subnets
# default-information originate
!
# ip access-list standard INGRESS
# permit 192.168.10.0 0.0.0.255
# permit 192.168.60.0 0.0.0.255
!
# ip nat inside source list INGRESS int f1/0 overload
!
# int range f0/0 - 1
# ip nat inside
!
# int s2/0
# ip nat inside
!
# int f1/0
# ip nat outside
!
# ip nat inside source static 192.168.50.101 1.1.200.1
# ip nat inside source static 192.168.50.102 1.1.200.2
9. HQ_CE
# hostname HQ_CE
!
# int s1/0
# no sh
# enc fram
# no fram inverse
# clock rate 64000
# do sh fram pvc | include DLCI
# fram map ip 211.104.54.1 201 br
!
# int f0/0
# no sh
# ip add 192.168.60.254 255.255.255.0
!
# ip route 0.0.0.0 0.0.0.0 s1/0 211.104.54.1
10. Win701(VMnet1)
ip : 192.168.10.1 / 255.255.255.224
gateway : 192.168.10.28
dns : 192.168.50.101
11. Win2016_1(VMnet5)
ip : 192.168.50.101 / 255.255.255.0
gateway : 192.168.50.100
dns : 192.168.50.101 / 168.126.63.1
12. CenOS9(VMnet6)
ip : 192.168.50.102 / 255.255.255.0
gateway : 192.168.50.100
dns : 192.168.50.101 / 168.126.63.1
13. Win2013(VMnet7)
ip : 192.168.50.103 / 255.255.255.0
gateway : 192.168.50.100
dns : 192.168.50.101 / 168.126.63.1
14. Win702(VMnet9)
ip : 2.2.70.1 / 255.255.255.0
gateway : 2.2.70.254
dns : 2.2.70.100 / 168.126.63.1
15. Win2016_2(VMnet10)
ip : 2.2.70.100 / 255.255.255.0
gateway : 2.2.70.254
dns : 2.2.70.100 / 168.126.63.1
16. ping
Win701 : ping 192.168.10.28 / ping 168.126.63.1
(win2016_1)
(win2016_2)
//CentOS9
# systemctl disable --now named.service
# systemctl restart httpd
# systemctl enable httpd
# systemctl restart vsftpd
# systemctl enable vsftpd
//Win2016_1
E-mail 서버폴더 -> mysql-community~ -> Custom(64bit 빼고 5.6.40(X86) 추가) -> Server Computer + Port(3307)
3. 결론
복잡하다.
4. 참고자료
1. Cisco Docs
- ARP
- CDP / VLAN
- Frame Relay
- Static Routing
- VLAN
- VTP
- Routed Port
- AD
- Route Selection
- FHRP
- HSRP
- DHCP
- DNS
- STP
- NAT
- EtherChannel
- DTP
- RIP
- NTP
- Offset List
- Password Encryption
- ACL
- CAR Attack
- Broadcast
- Port Assignments
- IPv6 Static Routing
- HSRP for IPv6
- Clock Rate
- DHCPv6 Guard
- EIGRP
- Express Forwarding
- Routing and Switching
- Load Balancing
- Ping, Traceroute
- Load Balancing
- Fast Switching
- CEF
- DNS
- SSH
- Regular Expression
- OSPF
- EIGRP’s SIA
- NSSA
2. Linux
- rhel9’s docs
- Linux Directory Structure
- File Types in Linux
- fstab
- Vim Cheat Sheet
- Protecting GRUB with a password
- SELinux
- DNS
- Samba as a server
- DHCP
- NFS
- SSH
- VNC
3. Web
- HTML’s Elements
- Emmet
- JavaScript
- Anchor Tag
- Post, Get
- Block, Inline Elements
- Semantic Web
- Semantic Elements
- CSS
- Viewport_meta_tag
- Media_queries
- JavaScript
4. DB
클라우드 엔지니어를 꿈꾸며 공부를 시작한 초보 엔지니어입니다. 틀린점 또는 조언해주실 부분이 있으시면 친절하게 댓글 부탁드립니다. 방문해 주셔서 감사합니다 :)
댓글남기기