This presentation is the property of its rightful owner.
Sponsored Links
1 / 70

学习情境 3 内容回顾 PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on
  • Presentation posted in: General

学习情境 3 内容回顾. 交换基础 交换机工作原理 VLAN 技术 VLAN 技术概述 VLAN 的优点 VLAN 划分方法 基于端口 VLAN 划分 —Port VLAN 技术 基于标识的 VLAN 划分 —Tag VLAN 技术 交换网络中的链路冗余技术 生成树技术 以太网通道聚合技术 VLAN 之间的通信 利用路由器实现 VLAN 间的通信 单臂路由技术 利用三层交换机实现 VLAN 间通信. 学习情境 4. 企业内网安全控制. 电子交易. 电子商务 电子政务. Intranet 站点. Web 浏览.

Download Presentation

学习情境 3 内容回顾

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


3

3

    • VLAN

    • VLAN

    • VLAN

    • VLAN

    • VLANPort VLAN

    • VLANTag VLAN

  • VLAN

    • VLAN

    • VLAN


3

4


Internet

Intranet

Web

Internet Email

Internet


3

  • DDoS

  • DOS

  • ++

  • DOS

1980s

1990s


3

Internet

VLAN

VLAN

VLAN

VLAN

VLAN

VLAN

VLAN

Center


3


3


3

2

1

3


3

1


3

4.1

    • WWW


3


3


3

4.2

  • 80%


3

Console

  • Switch>

  • Switch#configure terminal

  • Switch(config)#line console 0

  • Switch(config-line)#password mypassword

  • Switch(config)#login


3

F0/1

Console

RJ45

Com1


3

ConsoleTelnetRJ45

  • Switch>

  • Switch#configure terminal

  • Switch(config)#line vty 0 4 Telnet

  • Switch(config-line)#password mypassword Telnet

  • Switch(config-line)#login


3

4.3

  • IPMACARPMACDHCP


3

MAC

MAC

00.d0.f8. 00.07.3c

FF.FF.FF.FF.FF.FF

MAC

3

3IEEE

MAC

MAC Port

A 1

B 2

C 3


3

MAC

MACMAC;

, ;

Hub


3

  • MACMAC

  • MACMAC


3

  • MAC

  • IPMACIPMACIP


3

  • MACMACIP Cisco

    • Cisco2MAC

    • Cisco355023MACMACIP


3

  • , MACARPIP/MAC

  • 1, IPARP

    IPIPARP

    2

    HUB


3

MAC

  • CiscoMAC

    1MACMAC

    • Switch#config terminal

    • Switch(config)#interface interface-id

    • Switch(config-if)#switchport mode access

    • Switch(config-if)#switchport port-security

    • Switch(config-if)#switchport port-security violation protect


3

MAC

2MAC

  • Switch#config terminal

  • Switch(config)#interface interface-id

  • Switch(config-if)#switchport mode access

  • Switch(config-if)#switchport port-security

  • Switch(config-if)#switchport port-security violation protect

    //

  • Switch(config-if)#switchport port-security mac-address mac-address

    // MAC


3

  • MAC100MAC100

    • Switch#config terminal

    • Switch(config)#interface fastEthernet 0/1

    • Switch(config)#Switchport mode access

    • Switch(config-if)#switchport port-security maximum 100

      // MAC100

    • Switch(config-if)#switchport port-security violation protect

      // MAC100


3

    • MACMAC

    • MAC


3

  • protectMACMAC

  • restrictTrap1

  • shutdownTraperror-disableerrdisable recovery cause psecure-violationshutdownno shutdownCisco


3

IP

MACIPMACIPARPIPMAC

  • Switch#configure terminal

  • Switch(config)#arp ipmacarpa

  • ip1.1.1.1mac0001.0001.1111

    Switch(config)#arp 1.1.1.1 0001.0001.1111 arpa

  • IPMACIP0000.0000.0000IP


3

  • MACMACMACMACMACMAC

    • Switch(config)#interface interface_id

    • Switch(config-if)#switchport port-security aging time aging_time

      //

    • Switch(config-if)#switchport port-security aging type {absolute|inactivity}

      //


3

  • Switch#show port-security

  • Switch#show port-security address mac


3

F0/1

F0/2

F0/2

F0/3

F0/1

PC1192.168.1.1

PC2192.168.1.2

PC3192.168.1.3

4.1

  • IPIP20


3


3

2

1


4 4 acl

4.4 (ACL)

  • ACL

FTP

ISP


3

1

1

1

1

2

2

2

2

RG-NBR1000

Internet

RG-S3512G /RG-S4009

RG-S2126

RG-S2126

VLAN10

VLAN20

VLAN


3

ACL

  • ACL


3

ACL

ACL


3

    • MACIP

    • VLAN

    • VLANVLANVLANVLAN ACLVLANIPMAC


3

  • 1ACL

    2ACL

    3ACL


3

Y

Y

N

ACL

Y

N

N

Y

N


3

Y

Y

N

Y

Y

N

Y

Y

N

2

1

ACL


3

  • ACL

    • ACLIP

    • ACLACL


3

  • IP


3

IP

eg.HDLC

IP

TCP/UDP

1-99


3

1ACL

Router(config)# access-list access-list-number { deny | permit } source [source-wildcard]

access-list-number:ACL199.

deny | permit:/

SourceIP

source-wildcard()


3

0

1

128

64

32

16

8

4

2

1

0

0

1

1

1

1

1

1

0

0

0

0

1

1

1

1

1

1

1

1

1

0

1

0

1

1

1

1

1

1

1

1

3201

IP10IP

172.16.0.00.0.255.255

255.255.255.255IP132any

0.0.0.032IPhost

0

0

0

0

0

0

0

0


3

  • 1access-list 1 deny host 192.168.0.99

  • 2access-list 2 deny host 192.168.0.99

    access-list 2 permit any

  • 3access-list 3 permit host 192.168.0.99

  • 4access-list 4 deny 192.168.0.99 0.0.0.255

    access-list 4 permit any

IP 192.168.0.99

192.168.0.99 deny

192.168.0.0


3

2ACL

Router(config-if)#ip access-group access-list-number { in | out }

inoutACLinoutout


3

IP

172.16.3.0

Internet

172.17.0.0

172.16.3.0

172.16.4.0

S0

F0

F1

access-list 1 permit 172.16.3.00.0.0.255

(access-list 1 deny 0.0.0.0 255.255.255.255)

interface serial 0

ip access-group 1 out


3

IP

192.168.0.45E0

Router(config)# access-list 1 deny host 192.168.0.45

Router (config)# access-list 1 permit any

Router (config)# interface ethernet 0

Router (config-if)# ip access-group 1 in


3

192.168.17.0/24

R1

R2

192.168.19.0/24

192.168.16.0/24

S2/0

S2/0

F0/0

F0/0

PC1192.168.19.1

PC2192.168.16.1

4.2

  • R2ACL


3

  • ACL

    • ACL ACL


3

2

2

1

1

3

3


3

N

Y

Y

Y

Y

N

N

N

Y

N

ACL

  • ACL


3

  • Extended IP ACL ACL

  • ACLIPIPIP


3

server

WEBserver

  • ACL


3

IP

eg.HDLC

IP

TCP/UDP

100-199


3

IP

1ACL

Router(config)#access-list access-list-number {deny|permit} protocolsource [source-wildcarddestinationdestination-wildcard] [operator operand] [established]

Access-list-number100199

Deny| Permit/

ProtocolIPICMPTCPUDP

SourcedestinationIP


3

Source-wildcard| Desstination-wilcard/

Operatorltgt()eqneqrangeRange

OperandTCPUDP065535

EstablishedTCPACKTCP


3

2ACL

access-groupACLaccess-groupACL


3

4.3

  • R1R2RIPv2

192.168.17.0/24

R1

R2

192.168.18.0/24

192.168.16.0/24

S2/0

S2/0

F0/0

F0/0

PC1

192.168.18.1

WEB192.168.16.1

FTP192.168.16.2


3

  • R2ACL4

    1192.168.18.0WWW Server 192.168.16.1

    2192.168.18.0FTP Server 192.168.16.2

    3192.168.18.0TelnetR2


3

  • ACL

    • ACL

    • ACL100

    • ACL


3

1ACL

  • Router(config)#ip access-list {standard|extented} name

  • Router(congfig-std-nacl)#permit|deny {source {source-wilcard}any}

    standard/extendedACLACLACLACLpermitdenyACL

    2ACL

    Router(config-if)#ip access-group name { in | out }


3

  • CenterVLAN ARPDoSACLping


3

200.200.100.1/24

E0/2

Internet

BJ-R-1

E0/0

E0/1

10.10.10.2/24

10.10.20.2/24

10.10.10.1/24

10.10.20.1/24

F0/15

F0/15

E0/2

200.200.100.2/24

BJ-RS-1

BJ-RS-2

SH-R-1

172.18.10.1/24

F0/6

F0/6

E0/0

F0/6

F0/6

BJ-S-3

BJ-S-4

F0/4

F0/3

F0/4

F0/3

PC5

172.18.10.2/24

GW:172.18.10.1

PC1

172.16.10.2/24

GW:172.16.10.1

VLAN10

PC2

172.16.20.2/24

GW:172.16.20.1

VLAN20

PC3

172.16.30.2/24

GW:172.16.30.1

VLAN20

Web

172.16.127.2/24

GW:172.16.127.1

VLAN127


3

    • ACLACL


3

2

1

3


3


  • Login