ISP의 공인 IP주소의 절약 및 공공망과 연결되는 사설망을 침입자들로부터 보호하기 위해 사용.

셋팅

HQ_SE_Core_R2(config)#ip nat inside source list 1 interface Serial0/0/0 overload

HQ_SE_Core_R2(config-if)#ip nat inside

HQ_SE_Core_R2(config-if)#ip nat outside

결과

HQ_SE_Core_R2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 200.1.2.2:3 192.168.5.33:3 200.1.2.1:3 200.1.2.1:3

icmp 200.1.2.2:4 192.168.5.33:4 200.1.2.1:4 200.1.2.1:4

icmp 200.1.2.2:5 192.168.5.33:5 200.1.2.1:5 200.1.2.1:5

icmp 200.1.2.2:6 192.168.5.33:6 200.1.2.1:6 200.1.2.1:6

다수의 물리적인 Link를 하나의 논리적인 Link로 만들어 대역폭 향상, Link 이중화(물리적인), Load Balancing의 이점을 얻을 수 있다.

셋팅

HQ_SE_GN_2F_SW1

interface FastEthernet0/1

 channel-protocol lacp

 channel-group 1 mode active

 switchport mode trunk

!

interface FastEthernet0/2

 channel-protocol lacp

 channel-group 1 mode active

 switchport mode trunk

HQ_SE_GN_2F_L3_1

interface FastEthernet0/1

 channel-protocol lacp

 channel-group 1 mode passive

 switchport mode trunk

!

interface FastEthernet0/2

 channel-protocol lacp

 channel-group 1 mode passive

 switchport mode trunk

HQ_SE_GN_2F_SW1

HQ_SE_GN_2F_SW1#show etherchannel summary

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+--------------

1      Po1(SU)           LACP   Fa0/1(P) Fa0/2(P)

HQ_SE_GN_2F_L3_1

HQ_SE_GN_2F_L3_1#show etherchannel summary

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+--------------

1      Po1(SU)           LACP   Fa0/1(P) Fa0/2(P)

멀티캐스트 + VLC media player를 통한 실시간 영상전달.

셋팅

All Layer 3 (config)#ip multicast-routing

All Layer 3 (config-if)#ip pim dense-mode

HQ_SE_1F_L3_1#show ip mroute

IP Multicast Routing Table

(*, 239.1.1.1), 00:42:55/stopped, RP 0.0.0.0, flags: D

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 00:42:55/00:00:00

(192.168.1.1, 239.1.1.1), 00:36:55/00:02:54, flags: T

  Incoming interface: FastEthernet0/1, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 00:36:41/00:00:00

(*, 239.255.255.250), 01:03:07/00:02:46, RP 0.0.0.0, flags: DC

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/1, Forward/Dense, 01:03:07/00:00:00

    FastEthernet0/0, Forward/Dense, 01:03:07/00:00:00

(*, 224.0.1.40), 01:08:19/00:02:56, RP 0.0.0.0, flags: DCL

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 01:08:19/00:00:00

서버실에서 외부로 나가는 Path가 Down되었을 경우나 트래픽이 많을 때를 대비해 대역폭을 확보.

셋팅

interface FastEthernet0/3

 no switchport

 no ip address

 channel-group 1 mode active

!

interface FastEthernet0/4

 no switchport

 no ip address

 channel-group 1 mode active

!

!

interface Port-channel1

 no switchport

 ip address 192.168.33.1 255.255.255.0

!

HQ_SE_2F_L3_1#show etherchannel summary

Flags:  D - down        P - in port-channel

        I - stand-alone s - suspended

        H - Hot-standby (LACP only)

        R - Layer3      S - Layer2

        U - in use      f - failed to allocate aggregator

        u - unsuitable for bundling

        w - waiting to be aggregated

        d - default port

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+-----------------------------------------------

1      Po1(RU)         LACP      Fa0/3(P)    Fa0/4(P)

HQ_SE_2F_L3_1#show interfaces port-channel 1

Port-channel1 is up, line protocol is up (connected)

  Hardware is EtherChannel, address is 001a.e27e.88c5

  Internet address is 192.168.33.1/24

  MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,

 Host 에서 소프트웨어 (GNS3 등) 를 통한 네트워크 해킹 (Neighbor연결시도) 등을 방지하기 위해 사용 .

#Interface

HQ_SE_Core_R1(config-if)#ip ospf authentication message-digest

HQ_SE_Core_R1(config-if)#ip ospf message-digest-key 1 md5 123

HQ_SE_Core_R1(config-if)#ip ospf authentication

HQ_SE_Core_R1(config-if)#ip ospf authentication-key 123

#Area

HQ_SE_1F_L3_1(config-router)#area 1 authentication message-digest

HQ_SE_1F_L3_1(config-router)#area 1 authentication

-Key는 Interface에 적용

(같은 방식은 Area 와 Interface 간에 공유 가능)

Hello Debug

05:18:13: OSPF: Send hello to 224.0.0.5 area 0 on Vlan10 from 192.168.1.30

05:18:13: OSPF: Rcv hello from 192.168.1.100 area 0 from Vlan10 192.168.1.100

05:18:13: OSPF: End of hello processing

PC나 서버 등과 같이 스위칭을 하지 않는

 종단 장비들의 전송모드 전환을 빠르게 하기 위해 적용.

셋팅

HQ_SE_3F_SW3(config)#spanning-tree portfast

적용 전

06:38:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to down

06:38:46: setting bridge id (which=3) prio 32769 prio cfg 32768 sysid 1 (on) id 8001.000d.ed5e.6640

06:38:46: set portid: VLAN0001 Fa0/11: new port id 800B

06:38:46: STP: VLAN0001 Fa0/11 -> listening

06:38:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to up

06:39:01: STP: VLAN0001 Fa0/11 -> learning

06:39:16: STP: VLAN0001 Fa0/11 -> forwarding

적용 후

06:36:42: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up

06:36:43: setting bridge id (which=3) prio 32769 prio cfg 32768 sysid 1 (on) id  8001.000d.ed5e.6640

06:36:43: set portid: VLAN0001 Fa0/11: new port id 800B

06:36:43: STP: VLAN0001 Fa0/11 ->jump to forwarding from blocking

06:36:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to up

E1과 E2 외부경로와 AS내의 다른 Area경로(O IA) 대신 0.0.0.0/0 을 서비스 한다

셋팅

HQ_SE_Core_R2(config-router)#area 2 stub no-summary

HQ_SE_3F_L3_1 (config-router)#area 2 stub no-summary

HQ_SE_3F_L3_2 (config-router)#area 2 stub no-summary

적용 전

HQ_SE_3F_L3_2

Gateway of last resort is not set

        192.168.1.0/27 is subnetted, 4 subnets

O IA 192.168.1.0 [110/4] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.1.32 [110/4] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.1.64 [110/3] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.1.96 [110/3] via 192.168.5.98, 00:02:33, FastEthernet0/1

        192.168.2.0/27 is subnetted, 1 subnets

O IA     192.168.2.0 [110/3] via 192.168.5.98, 00:02:23, FastEthernet0/1

O IA 192.168.3.0/24 [110/4] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.4.0/24 [110/3] via 192.168.5.98, 00:02:23, FastEthernet0/1

        192.168.5.0/27 is subnetted, 4 subnets

O          192.168.5.0 [110/3] via 192.168.5.98, 00:02:43, FastEthernet0/1

C          192.168.5.32 is directly connected, Vlan20

O          192.168.5.64 [110/2] via 192.168.5.98, 00:02:43, FastEthernet0/1

C          192.168.5.96 is directly connected, FastEthernet0/1

O IA 192.168.32.0/24 [110/3] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.33.0/24 [110/3] via 192.168.5.98, 00:02:33, FastEthernet0/1

O IA 192.168.34.0/24 [110/2] via 192.168.5.98, 00:02:43, FastEthernet0/1

O IA 192.168.35.0/24 [110/2] via 192.168.5.98, 00:02:43, FastEthernet0/1

적용 후

HQ_SE_3F_L3_2

Gateway of last resort is 192.168.5.98 to network 0.0.0.0

   192.168.5.0/27 is subnetted, 4 subnets

O     192.168.5.0 [110/3] via 192.168.5.98, 00:04:38, FastEthernet0/1

C     192.168.5.32 is directly connected, Vlan20

O     192.168.5.64 [110/2] via 192.168.5.98, 00:04:38, FastEthernet0/1

C     192.168.5.96 is directly connected, FastEthernet0/1

O*IA 0.0.0.0/0 [110/2] via 192.168.5.98, 00:04:38, FastEthernet0/1

 Priority 을 이용해 Root Bridge, Root Port, Altn Port, Desg Port 를 수정 가능하다.

셋팅

HQ_SE_3F_SW1(config)#spanning-tree vlan 10 priority 4096

HQ_SE_3F_SW1(config)#spanning-tree vlan 20 priority 8192 

HQ_SE_3F_SW2(config)#spanning-tree vlan 20 priority 4096

HQ_SE_3F_SW2(config)#spanning-tree vlan 10 priority 8192

HQ_SE_3F_SW3#show spanning-tree vlan 10

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 4106

Address 0090.0C5E.97D3

Cost 38

Port 1(FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Address 000B.BEB0.C1DB

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Altn BLK 19 128.2 P2p

HQ_SE_3F_SW4#show spanning-tree vlan 20

VLAN0020

Spanning tree enabled protocol ieee

Root ID Priority 4116

Address 0010.11DA.A531

Cost 38

Port 1(FastEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)

Address 0030.F2D6.6C80

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p

Fa0/2 Altn BLK 19 128.2 P2p