패킷에 대한 암호화 및 인증을 실시하여 데이터에 대한 기밀성을 보장하고 지사 2곳과 근거리에서 통신하는 효과를 얻을 수 있다.

셋팅

HQ_SE_Core_R1

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key 6 tae address 0.0.0.0 0.0.0.0

crypto ipsec transform-set eung esp-3des esp-md5-hmac   

crypto ipsec profile vpn-1

 set transform-set eung

!

interface Tunnel0

 ip address 192.168.81.1 255.255.255.0

 no ip redirects

 ip nhrp authentication kong

 ip nhrp map multicast dynamic

 ip nhrp network-id 2811

 ip nhrp holdtime 360

 ip nhrp cache non-authoritative

 tunnel source 200.1.1.2

 tunnel mode gre multipoint

 tunnel key 2811

 tunnel protection ipsec profile vpn-1

 Active Router가 Down되거나 회선에 문제가 생겨 통신이 불가능해진 경우 Active Router를 전환하기 위해 사용.

셋팅

HQ_SE_1F_SW1(config-if)#standby 10 track FastEthernet0/6

HQ_SE_1F_SW1(config-if)#standby 10 preempt

결과

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State   Active   Standby       Virtual IP

Vl10          10   150  P  Active   local   192.168.2.29  192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp    Pri   P   State    Active        Standby   Virtual IP

Vl10         10     145  P Standby 192.168.2.28   local    192.168.2.30

HQ_SE_2F_L3_1#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P   State       Active      Standby    Virtual IP

Vl10         10    140  P  Standby 192.168.2.29   local     192.168.2.30

HQ_SE_2F_L3_2#show standby brief

P indicates configured to preempt.

|

Interface   Grp   Pri   P    State     Active     Standby      Virtual IP

Vl10         10    145  P   Active    local     192.168.2.28 192.168.2.30

Gateway의 Path를 이중화해 하나의 링크가 Down되어도 Client들의 서비스에 지장이  없게 한다.

셋팅

HQ_SE_GN_1F_L3_1

interface Vlan10

ip address 192.168.1.28 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 150

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.61 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 145

standby 2 preempt

!

HQ_SE_GN_1F_L3_2

interface Vlan10

ip address 192.168.1.29 255.255.255.224

standby 1 ip 192.168.1.30

standby 1 priority 145

standby 1 preempt

!

interface Vlan20

ip address 192.168.1.62 255.255.255.224

standby 2 ip 192.168.1.60

standby 2 priority 150

standby 2 preempt

!

결과

HQ_SE_GN_1F_L3_1#show standby brief

                     P indicates configured to preempt.

                     |

Interface   Grp    Prio   P  State       Active           Standby           Virtual IP

Vl10          1      150   P  Active      local             192.168.1.29     192.168.1.30

Vl20          2      145   P  Standby   192.168.1.62    local              192.168.1.60

HQ_SE_GN_1F_L3_2#show standby brief

                     P indicates configured to preempt.

                     |

Interface    Grp   Prio   P  State        Active                  Standby         Virtual IP

Vl10           1     145   P  Standby    192.168.1.28          local              192.168.1.30

Vl20           2     150   P  Active       local                   192.168.1.61     192.168.1.60

ISP의 공인 IP주소의 절약 및 공공망과 연결되는 사설망을 침입자들로부터 보호하기 위해 사용.

셋팅

HQ_SE_Core_R2(config)#ip nat inside source list 1 interface Serial0/0/0 overload

HQ_SE_Core_R2(config-if)#ip nat inside

HQ_SE_Core_R2(config-if)#ip nat outside

결과

HQ_SE_Core_R2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 200.1.2.2:3 192.168.5.33:3 200.1.2.1:3 200.1.2.1:3

icmp 200.1.2.2:4 192.168.5.33:4 200.1.2.1:4 200.1.2.1:4

icmp 200.1.2.2:5 192.168.5.33:5 200.1.2.1:5 200.1.2.1:5

icmp 200.1.2.2:6 192.168.5.33:6 200.1.2.1:6 200.1.2.1:6

멀티캐스트 + VLC media player를 통한 실시간 영상전달.

셋팅

All Layer 3 (config)#ip multicast-routing

All Layer 3 (config-if)#ip pim dense-mode

HQ_SE_1F_L3_1#show ip mroute

IP Multicast Routing Table

(*, 239.1.1.1), 00:42:55/stopped, RP 0.0.0.0, flags: D

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 00:42:55/00:00:00

(192.168.1.1, 239.1.1.1), 00:36:55/00:02:54, flags: T

  Incoming interface: FastEthernet0/1, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 00:36:41/00:00:00

(*, 239.255.255.250), 01:03:07/00:02:46, RP 0.0.0.0, flags: DC

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/1, Forward/Dense, 01:03:07/00:00:00

    FastEthernet0/0, Forward/Dense, 01:03:07/00:00:00

(*, 224.0.1.40), 01:08:19/00:02:56, RP 0.0.0.0, flags: DCL

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    FastEthernet0/0, Forward/Dense, 01:08:19/00:00:00