This presentation is the property of its rightful owner.
Sponsored Links
1 / 70

学习情境 3 内容回顾 PowerPoint PPT Presentation


  • 157 Views
  • Uploaded on
  • Presentation posted in: General

学习情境 3 内容回顾. 交换基础 交换机工作原理 VLAN 技术 VLAN 技术概述 VLAN 的优点 VLAN 划分方法 基于端口 VLAN 划分 —Port VLAN 技术 基于标识的 VLAN 划分 —Tag VLAN 技术 交换网络中的链路冗余技术 生成树技术 以太网通道聚合技术 VLAN 之间的通信 利用路由器实现 VLAN 间的通信 单臂路由技术 利用三层交换机实现 VLAN 间通信. 学习情境 4. 企业内网安全控制. 电子交易. 电子商务 电子政务. Intranet 站点. Web 浏览.

Download Presentation

学习情境 3 内容回顾

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


3

    • VLAN

    • VLAN

    • VLAN

    • VLAN

    • VLANPort VLAN

    • VLANTag VLAN

  • VLAN

    • VLAN

    • VLAN


4


Intranet

Web

Internet Email

Internet


  • DDoS

  • DOS

  • ++

  • DOS

1980s

1990s


Internet

VLAN

VLAN

VLAN

VLAN

VLAN

VLAN

VLAN

Center




2

1

3


1


4.1

    • WWW




4.2

  • 80%


Console

  • Switch>

  • Switch#configure terminal

  • Switch(config)#line console 0

  • Switch(config-line)#password mypassword

  • Switch(config)#login


F0/1

Console

RJ45

Com1


ConsoleTelnetRJ45

  • Switch>

  • Switch#configure terminal

  • Switch(config)#line vty 0 4 Telnet

  • Switch(config-line)#password mypassword Telnet

  • Switch(config-line)#login


4.3

  • IPMACARPMACDHCP


MAC

MAC

00.d0.f8. 00.07.3c

FF.FF.FF.FF.FF.FF

MAC

3

3IEEE

MAC

MAC Port

A 1

B 2

C 3


MAC

MACMAC;

, ;

Hub


  • MACMAC

  • MACMAC


  • MAC

  • IPMACIPMACIP


  • MACMACIP Cisco

    • Cisco2MAC

    • Cisco355023MACMACIP


  • , MACARPIP/MAC

  • 1, IPARP

    IPIPARP

    2

    HUB


MAC

  • CiscoMAC

    1MACMAC

    • Switch#config terminal

    • Switch(config)#interface interface-id

    • Switch(config-if)#switchport mode access

    • Switch(config-if)#switchport port-security

    • Switch(config-if)#switchport port-security violation protect


MAC

2MAC

  • Switch#config terminal

  • Switch(config)#interface interface-id

  • Switch(config-if)#switchport mode access

  • Switch(config-if)#switchport port-security

  • Switch(config-if)#switchport port-security violation protect

    //

  • Switch(config-if)#switchport port-security mac-address mac-address

    // MAC


  • MAC100MAC100

    • Switch#config terminal

    • Switch(config)#interface fastEthernet 0/1

    • Switch(config)#Switchport mode access

    • Switch(config-if)#switchport port-security maximum 100

      // MAC100

    • Switch(config-if)#switchport port-security violation protect

      // MAC100


    • MACMAC

    • MAC


  • protectMACMAC

  • restrictTrap1

  • shutdownTraperror-disableerrdisable recovery cause psecure-violationshutdownno shutdownCisco


IP

MACIPMACIPARPIPMAC

  • Switch#configure terminal

  • Switch(config)#arp ipmacarpa

  • ip1.1.1.1mac0001.0001.1111

    Switch(config)#arp 1.1.1.1 0001.0001.1111 arpa

  • IPMACIP0000.0000.0000IP


  • MACMACMACMACMACMAC

    • Switch(config)#interface interface_id

    • Switch(config-if)#switchport port-security aging time aging_time

      //

    • Switch(config-if)#switchport port-security aging type {absolute|inactivity}

      //


  • Switch#show port-security

  • Switch#show port-security address mac


F0/1

F0/2

F0/2

F0/3

F0/1

PC1192.168.1.1

PC2192.168.1.2

PC3192.168.1.3

4.1

  • IPIP20



2

1


4.4 (ACL)

  • ACL

FTP

ISP


1

1

1

1

2

2

2

2

RG-NBR1000

Internet

RG-S3512G /RG-S4009

RG-S2126

RG-S2126

VLAN10

VLAN20

VLAN


ACL

  • ACL


ACL

ACL


    • MACIP

    • VLAN

    • VLANVLANVLANVLAN ACLVLANIPMAC


  • 1ACL

    2ACL

    3ACL


Y

Y

N

ACL

Y

N

N

Y

N


Y

Y

N

Y

Y

N

Y

Y

N

2

1

ACL


  • ACL

    • ACLIP

    • ACLACL


  • IP


IP

eg.HDLC

IP

TCP/UDP

1-99


1ACL

Router(config)# access-list access-list-number { deny | permit } source [source-wildcard]

access-list-number:ACL199.

deny | permit:/

SourceIP

source-wildcard()


0

1

128

64

32

16

8

4

2

1

0

0

1

1

1

1

1

1

0

0

0

0

1

1

1

1

1

1

1

1

1

0

1

0

1

1

1

1

1

1

1

1

3201

IP10IP

172.16.0.00.0.255.255

255.255.255.255IP132any

0.0.0.032IPhost

0

0

0

0

0

0

0

0


  • 1access-list 1 deny host 192.168.0.99

  • 2access-list 2 deny host 192.168.0.99

    access-list 2 permit any

  • 3access-list 3 permit host 192.168.0.99

  • 4access-list 4 deny 192.168.0.99 0.0.0.255

    access-list 4 permit any

IP 192.168.0.99

192.168.0.99 deny

192.168.0.0


2ACL

Router(config-if)#ip access-group access-list-number { in | out }

inoutACLinoutout


IP

172.16.3.0

Internet

172.17.0.0

172.16.3.0

172.16.4.0

S0

F0

F1

access-list 1 permit 172.16.3.00.0.0.255

(access-list 1 deny 0.0.0.0 255.255.255.255)

interface serial 0

ip access-group 1 out


IP

192.168.0.45E0

Router(config)# access-list 1 deny host 192.168.0.45

Router (config)# access-list 1 permit any

Router (config)# interface ethernet 0

Router (config-if)# ip access-group 1 in


192.168.17.0/24

R1

R2

192.168.19.0/24

192.168.16.0/24

S2/0

S2/0

F0/0

F0/0

PC1192.168.19.1

PC2192.168.16.1

4.2

  • R2ACL


  • ACL

    • ACL ACL


2

2

1

1

3

3


N

Y

Y

Y

Y

N

N

N

Y

N

ACL

  • ACL


  • Extended IP ACL ACL

  • ACLIPIPIP


server

WEBserver

  • ACL


IP

eg.HDLC

IP

TCP/UDP

100-199


IP

1ACL

Router(config)#access-list access-list-number {deny|permit} protocolsource [source-wildcarddestinationdestination-wildcard] [operator operand] [established]

Access-list-number100199

Deny| Permit/

ProtocolIPICMPTCPUDP

SourcedestinationIP


Source-wildcard| Desstination-wilcard/

Operatorltgt()eqneqrangeRange

OperandTCPUDP065535

EstablishedTCPACKTCP


2ACL

access-groupACLaccess-groupACL


4.3

  • R1R2RIPv2

192.168.17.0/24

R1

R2

192.168.18.0/24

192.168.16.0/24

S2/0

S2/0

F0/0

F0/0

PC1

192.168.18.1

WEB192.168.16.1

FTP192.168.16.2


  • R2ACL4

    1192.168.18.0WWW Server 192.168.16.1

    2192.168.18.0FTP Server 192.168.16.2

    3192.168.18.0TelnetR2


  • ACL

    • ACL

    • ACL100

    • ACL


1ACL

  • Router(config)#ip access-list {standard|extented} name

  • Router(congfig-std-nacl)#permit|deny {source {source-wilcard}any}

    standard/extendedACLACLACLACLpermitdenyACL

    2ACL

    Router(config-if)#ip access-group name { in | out }


  • CenterVLAN ARPDoSACLping


200.200.100.1/24

E0/2

Internet

BJ-R-1

E0/0

E0/1

10.10.10.2/24

10.10.20.2/24

10.10.10.1/24

10.10.20.1/24

F0/15

F0/15

E0/2

200.200.100.2/24

BJ-RS-1

BJ-RS-2

SH-R-1

172.18.10.1/24

F0/6

F0/6

E0/0

F0/6

F0/6

BJ-S-3

BJ-S-4

F0/4

F0/3

F0/4

F0/3

PC5

172.18.10.2/24

GW:172.18.10.1

PC1

172.16.10.2/24

GW:172.16.10.1

VLAN10

PC2

172.16.20.2/24

GW:172.16.20.1

VLAN20

PC3

172.16.30.2/24

GW:172.16.30.1

VLAN20

Web

172.16.127.2/24

GW:172.16.127.1

VLAN127


    • ACLACL


2

1

3



  • Login