16일차 실장비

내일 12~까지는 써도됨

001B.215E.903D

preemble sof de, mac so, ether-type

0x8847

0x8848

deny host xxxx.xxx.xxx. any 0x806 0x0 //xxx맥주소

MPLS0

0x0800 : IPv4

0x86DD : ipv6

0x0806 : ARP

NAD

Ser-SW

ASW

RAS#show host

Default domain is not set

Name/address lookup uses static mappings

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate

       temp - temporary, perm - permanent

       NA - Not Applicable None - Not defined

Host                      Port  Flags      Age Type   Address(es)

dsw-2                     2004  (perm, OK) **   IP    1.1.1.1

GW2                       2014  (perm, OK) **   IP    1.1.1.1

GW3                       2016  (perm, OK) **   IP    1.1.1.1

dsw-1                     2008  (perm, OK) **   IP    1.1.1.1

etc-sw                    2007  (perm, OK) **   IP    1.1.1.1

r1                        2006  (perm, OK) **   IP    1.1.1.1

gw-sw                     2005  (perm, OK) **   IP    1.1.1.1

nad                       2003  (perm, OK) **   IP    1.1.1.1

asw                       2002  (perm, OK) **   IP    1.1.1.1

ser-sw                    2001  (perm, OK) **   IP    1.1.1.1

Translating "ASW"

Trying asw (1.1.1.1, 2002)... Open

clear line 02 를하면 끊기고 다시 된다.

RAS#ASW

asw#erase startup-config 

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

[OK]

Erase of nvram: complete

asw#delete vlan.dat 

Delete filename [vlan.dat]? 

Delete flash:vlan.dat? [confirm]

-----------

en

conf t

cdp time 5

cdp hold 10

no ip domain lookup

line con 0

exec-t 0 0

logging syn

exi

hostname ASW3

clear mac-address-table dynamic

spanning-tree bpdufilter enable

no cdp enable

// cdp와 bpdu를 차단

설정 ser-SW

vlan 10

ip routi

exi       

ip routing

int vlan 10

ip add 10.1.10.254 255.255.255.0

int f 0/1

sw mo acc

sw acc vlan 10

spann porfast

exi

\\\\\\\\\\\\\\\\\\\\\\\

## 안되게 막음

mac access-list extend AA

deny host xxxx.xxx.xxx. any 0x806 0x0 //xxx맥주소

001B.215E.903D

deny host 001B.215E.903D any 0x806 0x0

//00-1B-21-5E-90-3D

permit any any

exi

int fa 0/1

mac access-group AA in

end

clear mac add dy

## 되게 함

no mac access-list extend AA

int fa 0/1

no mac access-group AA in

end

## 안되게 막음

conf t

mac address-table static 001B.215E.903D vlan 10 drop

no mac address-table static 001B.215E.903D vlan 10 drop

간헐적으로 통신하는 서버의 mac확인

show mac address-table aging-time 

맥 계속 남기기

mac address-table static 0001.0001.0001 vlan 10 interface f 0/1

end

show mac-add static

프로텍트 테스트

pc----------ser-sw-----------dsw1

ser-dsw1

## dsw1

int range fastEthernet 0/2 - 10 ,fa 0/12 - 24

shut

exi

##pc

10.1.10.1

255.255.255.0

10.1.10.254

## ser-sw

no int vlan 10

exi

no ip routing

int rang fa 0/1 , fa 0/11

sw mo acc

sw acc vlan 10

spann portfast

exi

DSW1

ip routing

exi

conf t

int fa 0/11

no sw

ip add 10.1.10.254 255.255.255.0

exi

//L3로 바꿈

show user 로 했을때 idle time이 30분안되면 끊어도 된다.