Noriu/Cyber_Security_Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0bbd23f80f
Cyber_Security_Notes/B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md
Noriu 0bbd23f80f 2024年9月3日 16:48:04
2024-09-03 16:48:06 +08:00

39 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 项目实战 - 内外网互联
![image-20240903154304067](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240903154304067.png)
- **需求**
- SW5通过vlanif15和出口设备R1互联
- SW6通过vlanif16和出口设备R1互联
- 在SW5/SW6与出口设备R1中配置路由实现SW5/SW6与R1的互通
- 公司出口设备 R1连接外网公司租用的公网网段100.1.1.0/29
- 公司内网主机有访问外网的需求所以在R1上配置默认路由下一跳为公网网关
- 使用ACL来定义允许那些部门和网段访问外网
- 部署地址池NAT或者Easy-ip实现内网主机访问外网
- 配置VRRP的上行链路跟踪
### 一、IP & VLAN & Routing
- **AR1**
```
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.15.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.16.1 24
[AR1-GigabitEthernet0/0/1]int g0/0/2
[AR1-GigabitEthernet0/0/2]ip add 100.1.1.1 29
```
- **AR2**
```
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 100.1.1.2 29
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24
```
Reference in New Issue View Git Blame Copy Permalink