1 / 14

校園網路管理實電務

校園網路管理實電務. 電子計算機中心 謝進利. Core Switch 設定. Virtual LAN 建立 在 Virtual LAN 增加 Ports IP Interface 建立 靜態路由( Static Route) 設定 Access Control List 設定 DHCP Server 設定 NAT 設定. Virtual LAN 建立. 建立一名為 mylan 的 Virtual LAN 先確定 Virtual LAN 的名稱及其編號 Vlan 指令格式:

kennan-summers
Download Presentation

校園網路管理實電務

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 校園網路管理實電務 • 電子計算機中心 • 謝進利

  2. Core Switch 設定 • Virtual LAN建立 • 在Virtual LAN增加Ports • IP Interface建立 • 靜態路由(Static Route)設定 • Access Control List設定 • DHCP Server設定 • NAT設定

  3. Virtual LAN建立 建立一名為mylan的Virtual LAN 先確定Virtual LAN的名稱及其編號 Vlan指令格式: vlan create [vlan名稱] [協定s] id [vlan編號] Example: vlan create mylan ip id 100

  4. 在Virtual LAN增加Ports 在名為mylan的Virtual LAN增加一些 Ports 先確定哪些Ports要加入到mylan中 指令格式: vlan add ports [Port編號] to [Vlan名稱] Example: vlan add ports et.1.1 to mylan vlan add ports et.1.(2-4) to mylan

  5. IP Interface建立 在名為mylan的Virtual LAN上指定IP Interface 先確定要指定到mylan上的Interface Name及IP位址/網路遮罩 指令格式: interface create ip [Interface名稱] address-netmask [IP位址/網路遮罩] vlan [Vlan名稱] Example: interface create ip ipmylan address-netmask 192.168.0.254/255.255.255.0 vlan mylan

  6. 靜態路由(Static Route)設定 建立一個到某特定網路段的路由 先確定該特定網路段的網路編號/網路遮罩及通訊閘道器 指令格式: ip add route [網路編號]/[網路遮罩] gateway [通訊閘道器] Example: ip add route 203.64.237.0/255.255.255.0 gateway 192.168.127.253 ip add route default gateway 192.168.127.253

  7. Access Control List設定(一) 對經由本Core Switch所進行的網路連線所設立存取(使用權)控管清單 先確定會被納入控管的網路連線之來源與目的 指令格式: [控制方式] = permit / deny acl [acl名稱] [協定名稱] [控制方式] [來源網段] [目的網段] [來源Port] [目的Port] Example: acl myacl_1 ip permit 192.168.0.0/24 203.64.237.0/24 80 80 acl myacl_2 ip permit 192.168.0.0/24 any any any

  8. Access Control List設定(二) acl myacl_3 ip deny 192.168.0.33/32 any any any acl myacl_4 ip deny 192.168.0.0/24 any any any 指令格式: acl [acl名稱] [協定名稱] apply Example: acl myacl_5 ip apply ipmylan

  9. DHCP Server設定(一) 在本Core Switch啟動為DHCP Server 先確定DHCP所管轄的IP位址範圍 指令格式:指定DHCP所提供之相關設定參數 dhcp [DHCP名稱] define parameters [參數項目1] [參數值1] [參數項目2][參數值2] … Example: dhcp mydhcp define parameters address-netmask 192.168.0.254/24 gateway 192.168.0.254 dns-server 203.64.237.1 lease-time 4

  10. DHCP Server設定(二) 指令格式:指定DHCP所管轄之IP位址範圍 dhcp [DHCP名稱] define pool [起始位址]-[結束位址] Example: dhcp mydhcp define pool 192.168.0.1-192.168.0.200

  11. NAT設定(一) • 在本Core Switch啟動Network Address Translation • 先確定對內及對外的位址群 • 指令格式:設定對內及對外的Interface • nat set interface [Interface名稱] [inside / outside] • Example: • nat set interface ipmylan inside • nat set interface ip236 outside

  12. NAT設定(二) • 指令格式:設定動態位址對應 • nat create dynamic local-acl-pool [acl名稱] global-pool [對外起始IP位址]- [對外結束IP位址] enable-ip-overload • Example: • nat create dynamic local-acl-pool misnat global-pool 203.64.234.6 enable-ip-overload

  13. NAT設定(三) • 指令格式:設定固定位址對應 • nat create static local-ip [內部IP位址] global-ip [外部IP位址] protocol ip • Example: • nat create static local-ip 192.168.0.12 global-ip 203.64.237.66 protocol ip

  14. Core Switch狀態查詢 • Running Configuration • Startup Configuration • CPU Utilities • Routing Table • DHCP • NAT

More Related