6일차 망속도 제한, SVI

show vtp count //동기화여부 보려고하는것

/NP수업자료/NP-SW/NA-복습

en
terminal history size 100
conf t
cdp time 5
cdp hold 10
no cdp log mismatch duplex
line con 0
exec-t 0 0
logg syn
exi
line vty 0 4
pass cisco
login
exi
enable pass cisco
alias exec c config ter
alias exec i show ip route
alias exec r show run
alias exec b show ip int b
hostname

# r4
int f0/1
ip add 121.160.70.0 255.255.0.0
no shut

D:\>nmap -v -sn 121.160.70.0/24 > D:\ip.txt

r4(config)#int fa 0/1  
r4(config-if)#ip add 121.160.70.123 255.255.255.0
r4(config-if)#no shut
\\\\\\\\\\\
R4
int fa 0/1
ip add 121.160.70.123 255.255.255.0
ip nat outside
no shut
exi
int fa 0/0
no shut
ip add 10.10.34.4 255.255.255.0
ip nat inside
exi

-----------
1)
nat
1.보안
2.ip 절약

nat종류
1:1 static nat(순수한보안)
m:n dynamic nat
m:1 공인아이피 하나에 연결 PAT (Port address Translation)

inside와 outside 구분짓기
inside: 사설 주소 대역이 존재하고 내부 트레픽이 드러오는 인터페이스
outside : 공인주소 대역 인터페이스로 외부로 나가는 인터페이스

nat 대상을 지정하기 (변환 되어질 사설 대역 지정)

\\\\\\\\\\\\\\\\\\\\\\\\
R4
access-list 10 per 10.10.0.0 0.0.255.255
//회사 뚤리지 않을 대역 정함 access-list 10 deny 10.10.x.x 0.0.0.0

ip route 0.0.0.0 0.0.0.0 121.160.70.254
ip nat inside source list 10 int fa 0/1
ip domain lookup
ip name-server 168.126.63.1
ntp server ntp.ewha.net
clock timezone kor +9

show clock

\\\\\\\\\\\\\\\\\\\\\\\

R1
int lo 10
ip add 10.10.10.10 255.255.255.0
exi
int fa 0/1
no shut
ip add 10.10.100.254 255.255.255.0
exi
int fa 0/0
no shut
ip add 10.10.12.1 255.255.255.0
exi

R2
int lo 20
ip add 10.10.20.20 255.255.255.0
exi
int fa 0/0
no shut
ip add 10.10.12.2 255.255.255.0
exi
int fa 0/1
no shut
ip add 10.10.23.2 255.255.255.0
exi

R3

int lo 30
ip add 10.10.30.30 255.255.255.0
exi
in fa 0/1
no shut
ip add 10.10.23.3 255.255.255.0
exi
int fa 0/0
no shut
ip add 10.10.34.3 255.255.255.0
exi

PC-----------------
10.10.100.1
255.255.255.0
10.10.100.254
-------------------- vmware로 xp설정

ncpa.cpl -- 스태틱으로 pc인터넷되도록 연다.

201

R1
ip route 0.0.0.0 0.0.0.0 10.10.12.2

R2
ip route 0.0.0.0 0.0.0.0 10.10.23.3
ip route 10.10.100.0 255.255.255.0 10.10.12.1

R3
ip route 0.0.0.0 0.0.0.0 10.10.34.4
ip route 10.10.100.0 255.255.255.0 10.10.23.2

R4
ip route 10.10.100.0 255.255.255.0 10.10.34.3
show ip nat tr
//

r4(config-if)#int fa 0/1
r4(config-if)#ip account
r4(config-if)#end
r4#show ip accounting
   Source           Destination              Packets               Bytes

Accounting data age is 0

show ip accounting 으로 source를 확인했다.

ftp 211.48.42.4
npsong/ npsong

## pc에서 FTP로 대용량 파일 다운
목적지 any
출발지 any

# r4
                                    출발지         목적지
access-list 100 permit ip host 211.48.42.4 any
access-list 100 permit ip any host 211.48.42.4

int fa 0/1
rate-limit input access-group 100 8000 1500 2000 conform-action transmit exceed-action drop
만족하면 보내고 초과되면 드랍

\\\\\\반만들고 실행 // 네이버 못들어가게 만듬. --제어

r4(config)#no acc
r4(config)#no access-list 100
r4(config)#clas
r4(config)#class-map AA
r4(config-cmap)#match protocol http host www.naver.com
r4(config-cmap)#exi
r4(config)#policy-map BB
r4(config-pmap)#class AA
r4(config-pmap-c)#drop
r4(config-pmap-c)#exi
r4(config-pmap)#exi
r4(config)#int fastEthernet 0/1
r4(config-if)#service-policy output BB

\\\\\\\

엔드 to 엔드와 홉 by 홉을 체크

-------------회사속도제한(whatsup, prtg)--인터넷안되게 끊으면 된다.
시스코의 accounting과 CAR(commit access rate: 접근속도제한)
NVAR(network based application recognition)
accouting : ip 갯수 밖에 모름
CAR
NBAR:
--------------------
\\\\\\\\ NetFlow
넷플로우가 보낸걸 서버가 받아서 표시해줌
ip flow-cap

r4(config)#int fa 0/0
r4(config-if)#ip flow egress
r4(config-if)#ip flow ingress

r4(config)#ip flow-capture f
r4(config)#ip flow-capture fr             
r4(config)#ip flow-capture ic
r4(config)#ip flow-capture ip
r4(config)#ip flow-capture mac
r4(config)#ip flow-capture pac 
r4(config)#ip flow-capture tt
r4(config)#ip flow-capture v

r4#show ip cache flow

\\\\\\\\\\\\\★
null 왜버렸을까?
한국정보처리학회? 등재지 -- 정보처리 학회지
학술지 등재되면 켄슬못함

IEEE expolore
\\\\\\\\\\\\\\\\\\\\\\\\\\\
사법권없는 한국진흥원이랑 오는데 경비가막아야함i
ㅋㅋ

nat 속도제한
access ping
-----------------
acl-test끝
------------------------

R4 - acc NB, car
-어제는 inter-vlan
-오늘은 SVI(Switch Vitual Interface)

sw3에서 다 차단시킬 수 있다. l2->오늘은 L3가 되어야함
오늘은 라우팅시킨다?

-====
어제한거
vlan 안쓰는거 다 지우고

show interface trunk

show vtp status\

\\\\\\\\\\\\\\\\\\\\\\\\\
SVI

121.160.70.x -- 외부 통신 IP

en
termi histo size 100
conf t
ena sec cisco
cdp timer 5
cdp hold 10
line con 0
logg sync
exec-t 0 0
exi
line vty 0 4
pass cisco
login
exi
alias exec c config ter
alias exec i show ip route
alias exec b show ip int brie
alias exec r show run
ho

#sw1,2,3,4
int rang fa 1/0 - 15
shut
exi

#네이티브 vlan추가하기
sw1
int fa 1/10
switchport trunk native vlan 44
exi
vlan 44
name native-vlan
exi
int fa 1/10
sw tr native vlan 44

SW3
vlan 44
int fa 1/10
sw tr nati vla 44
exi
---------
SW1
int fa 1/15
no shut
sw tr en dot
sw mo tr
sw tr all vlan 10,20,1,1002-1005
sw tr nat vlan 44
sw nonego
exi

SW2
int fa 1/15
no shut
sw tr en dot
sw mo tr
sw tr all vlan 10,20,1,1002-1005
sw tr nat vlan 44
sw nonego
exi
int fa 1/10
no shut
sw tr en dot
sw mo tr
sw tr all vlan 10,20,30,1,1002-1005
sw tr nat vlan 44
exi

SW3
int fa 1/12
no shut
sw tr en dot
sw mo tr
sw tr all vlan 10,20,30,1,1002-1005
sw tr nat vlan 44
exi
int fa 1/15
no shut
sw tr en dot
sw mo tr
sw tr all vlan 30,1,1002-1005
sw tr nat vlan 44
exi

SW4
int fa 1/15
no shut
sw tr en dot
sw mo tr
sw tr all vlan 30,1,1002-1005
sw tr nat vlan 44
exi

=================SVI (우리나라는 편하게 씀)
## sw3
vlan 40
name GW_vlan
exi
ip routing
int vlan 40
ip add 10.1.40.250 255.255.255.0
exi
ip route 0.0.0.0 0.0.0.0 10.1.40.254

int vlan 10
ip add 10.1.10.254 255.255.255.0
int vlan 20
ip add 10.1.20.254 255.255.255.0
int vlan 30
ip add 10.1.30.254 255.255.255.0
exi

## R4
int fa 0/0
no shut
ip add 10.1.40.254 255.255.255.0
exi
ip route 10.1.0.0 255.255.0.0 10.1.40.250

int fa 0/1
no shut
ip add 121.160.70.x 255.255.255.0
ip nat outside
exi
int fa 0/0
ip nat ins
exi
access-list 10 per 10.1.0.0 0.0.255.255
ip nat inside source list 10 int fa 0/1

\\\\\\\\\

R1
int fa 0/0
no shut
ip add 10.1.20.1 255.255.255.0
exi
int fa 0/1
no shut
ip add 10.1.30.1 255.255.255.0
exi

R2
int fa 0/1
no shut
ip add 10.1.20.2 255.255.255.0
exi

R3
int fa 0/1
no shut
ip add 10.1.30.3 255.255.255.0
exi

sw들에 vlan설정해주시오