Noriu/Cyber_Security_Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2024年9月3日 17:49:10

Browse Source
This commit is contained in:
Noriu 2024-09-03 17:49:09 +08:00
parent 0bbd23f80f
commit fed6023ddf
2 changed files with 96 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
B. 第二阶段/拓扑练习/0903_项目实战B - 内网优化.md
View File

@ -184,7 +184,7 @@
[AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254 [AR3-DHCP-ip-pool-vlan30]gateway-list 192.168.30.254
[AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8 [AR3-DHCP-ip-pool-vlan30]dns-list 8.8.8.8
[AR3-DHCP-ip-pool-vlan30]quit [AR3-DHCP-ip-pool-vlan30]quit
[AR3-DHCP]int g0/0/1 [AR3-DHCP]int g0/0/0
[AR3-DHCP-GigabitEthernet0/0/1]dhcp select global [AR3-DHCP-GigabitEthernet0/0/1]dhcp select global
``` ```

95
B. 第二阶段/拓扑练习/0903_项目实战C - 内外网互联.md
View File

@ -11,6 +11,7 @@
- 使用ACL来定义允许那些部门和网段访问外网 - 使用ACL来定义允许那些部门和网段访问外网
- 部署地址池NAT或者Easy-ip实现内网主机访问外网 - 部署地址池NAT或者Easy-ip实现内网主机访问外网
- 配置VRRP的上行链路跟踪 - 配置VRRP的上行链路跟踪
- 配置基于`0903_实战项目B - 内网优化.md`
### 一、IP & VLAN & Routing ### 一、IP & VLAN & Routing
@ -34,5 +35,99 @@
[AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24 [AR2-GigabitEthernet0/0/1]ip add 200.1.1.254 24
``` ```
- **SW5**
```
[SW5]vlan batch 15 16
[SW5]int Vlanif 15
[SW5-Vlanif15]ip add 192.168.15.5 24
[SW5-Vlanif15]quit
[SW5]int g0/0/4
[SW5-GigabitEthernet0/0/4]port link-type access
[SW5-GigabitEthernet0/0/4]port default vlan 15
[SW5-GigabitEthernet0/0/4]quit
[SW5]ip route-static 0.0.0.0 0 192.168.15.1
```
- **SW6**
```
[SW6]vlan batch 15 16
[SW6]int Vlanif 16
[SW6-Vlanif16]ip add 192.168.16.6 24
[SW6-Vlanif16]quit
[SW6]int g0/0/4
[SW6-GigabitEthernet0/0/4]port link-type access
[SW6-GigabitEthernet0/0/4]port default vlan 16
[SW6-GigabitEthernet0/0/4]quit
[SW6]ip route-static 0.0.0.0 0 192.168.16.1
```
- **AR1**
```
[AR1]ip route-static 192.168.10.0 24 192.168.15.5
[AR1]ip route-static 192.168.10.0 24 192.168.16.6 preference 100
[AR1]ip route-static 192.168.20.0 24 192.168.15.5
[AR1]ip route-static 192.168.20.0 24 192.168.16.6 preference 100
[AR1]ip route-static 192.168.30.0 24 192.168.16.6
[AR1]ip route-static 192.168.30.0 24 192.168.15.5 preference 100
[AR1]ip route-static 0.0.0.0 0 100.1.1.2
```
### 二、NAT
- **AR1**
```
[AR1]nat address-group 1 100.1.1.3 100.1.1.5
[AR1]acl 2000
[AR1-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]rule 30 permit source 192.168.30.0 0.0.0.255
[AR1-acl-basic-2000]quit
[AR1]int g0/0/2
[AR1-GigabitEthernet0/0/2]nat outbound 2000 address-group 1
```
### 三、VRRP上行接口监控
- **HX - SW5**
```
[SW5]int vlan 10
[SW5-Vlanif10]vrrp vrid 10 track int g0/0/4 reduced 50
[SW5-Vlanif10]int vlan 20
[SW5-Vlanif20]vrrp vrid 20 track int g0/0/4 reduced 50
```
- **HX - SW6**
```
[SW6]int Vlanif 30
[SW6-Vlanif30]vrrp vrid 30 track int g0/0/4 reduced 50
```
### 四、测试
- **PC1 PING Server1**
```
PC1>ping 200.1.1.1
Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
From 200.1.1.1: bytes=32 seq=1 ttl=252 time=79 ms
From 200.1.1.1: bytes=32 seq=2 ttl=252 time=78 ms
From 200.1.1.1: bytes=32 seq=3 ttl=252 time=78 ms
From 200.1.1.1: bytes=32 seq=4 ttl=252 time=78 ms
From 200.1.1.1: bytes=32 seq=5 ttl=252 time=62 ms
--- 200.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/75/79 ms
```