A&D of Network Security - Lab 2

tags: Practicum of A&D of NS NTU

Lab Cheat Sheet(Cisco Packet Tracer)

Setting VLAN

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Switch>enable Switch#configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10 Switch(config-vlan)#name green Switch(config-vlan)#vlan 20 Switch(config-vlan)#name yellow Switch(config-vlan)# Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gig0/2 10 green active 20 yellow active ...

Switch相對應的Interface

Switch#configure 
Configuring from terminal, memory, or network [terminal]? 
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int f0/2
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int f0/3
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int f0/4
Switch(config-if)#switchport access vlan 20
Switch(config-if)#^Z
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Switch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
10   green                            active    Fa0/1, Fa0/2
20   yellow                           active    Fa0/3, Fa0/4

可以看到一開始設定的VLAN只有active，現在設定了對應的Interface後，就會加到對應的VLAN Tag(u一開始一定要先確定好哪個interface接到哪一台device)

Setting Inter-VLAN Routing

• 各個PC

  設定Default Gateway(如果要送封包出去，要從哪個大們出去)

• Router

  設定 Router 子介面 – 802.1q IP

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  Router>enable Router#configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int g0/0/0.1 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip addr 10.1.1.100 255.255.255.0 Router(config-subif)#int g0/0/0.2 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip addr 10.2.2.100 255.255.255.0 Router(config-subif)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console Router#configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface GigabitEthernet0/0/0 Router(config-if)#no sh

• 設定靜態路由

  1 2 3 4 5 6 7

  Router#configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip route 10.1.1.0 255.255.255.0 g0/0/0.1 %Default route without gateway, if not a point-to-point interface, may impact performance Router(config)#ip route 10.2.2.0 255.255.255.0 g0/0/0.2 %Default route without gateway, if not a point-to-point interface, may impact performance

• Switch Switch 連接 Router 改為 Trunk mode 注意：是要修改與Router連接的介面

最後的結果