네트워크/LAB실습 및 이론

[keduit]RIP, Static 연결 partial_mesh -2023/03/16

흩노 2023. 3. 17. 17:28

[R1]

router rip

ver 2

net 16.0.0.0

no auto

pass lo 0

exit

int s1/0

ip split-horizon

exit

 

[R2]

router rip

ver 2

net 16.0.0.0

no auto

pass lo 0

exit

ip route 16.16.3.0 255.255.255.0 s1/0.23 16.16.23.3

ip route 16.16.4.0 255.255.255.0 s1/0.23 16.16.23.3

ip route 16.16.34.0 255.255.255.0 s1/0.23 16.16.23.3

 

[R3]

ip route 0.0.0.0 0.0.0.0 s1/0.23 16.16.23.2

ip route 16.16.4.0 255.255.255.0 s1/0.34 16.16.34.4

 

[R4]

ip route 0.0.0.0 0.0.0.0 s1/0.34 16.16.34.3

 

 

※재분배

static 네트워크를 accesslist 묶어 RIP방식인 R1 보내야함

 

[R2]

conf t

ip prefix-list HOP2 permit 16.16.3.0/24

ip prefix-list HOP2 permit 16.16.34.0/24

ip prefix-list HOP3 permit 16.16.4.0/24

route-map STATIC_NET 10

match ip address prefix HOP2

set metric 2

exit

route-map STATIC_NET 20

match ip address prefix HOP3

set metric 3

exit

!!!!!!!!!!!!!!!!

네트워크를 prefix-list 이름 지정하고

해당 prefix-list hope값을 조정한다.

sh route-map 으로 확인

!!!!!!!!!!!!!!!!

router rip

redistribute static route-map STATIC_NET

exit

 

 

 

※호스트거절 및 허용

다른 라우터에서

telnet 16.16.12.1

 

[r1]

access-list 10 deny host 16.16.4.4

access-list 10 permit any

16.16.4.4제외 나머지는 다 허용

line vty 0 4

password cisco

access-class 10 in

exit

 

[r3]

end

telnet 16.16.12.1

cisco

하면 r1 접속 가능하다

[r4]

conf t

ip telnet source-interface lo0

end

telnet 16.16.12.1

하면 r1 접속 불가능

 

[r1]

no access-list 10

access-list 10 초기화

access-list 10 deny host 16.16.4.4

access-list 10 permit any

16.16.3.3 허용 나머지는 불가능

 

[과제 : 16.16.4.0/24 허용하고 나머지 거부하도록 r1설정, numberd]

no access-list 10

access-list 10 초기화

access-list 20 permit 16.16.4.0 0.0.0.255

access-list 20 deny any

 

line vty 0 4

no access-class 10 in

access-class 20 in

access-list 20으로 접속가능하게

 

[과제 : 16.16.4.0/24 허용하고 나머지 거부하도록 r1설정, named]

no access-list 20

access-list 20 초기화

ip access-list standard R4ONLY

permit 16.16.4.0 0.0.0.24

deny any

exit

 

line vty 0 4

no access-class 20 in

access-class R4ONLY in

access-list R4ONLY으로 접속가능하게

 

 

 

 

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@

VMnet 연결

[r1]

int f0/0

no sh

ip add 16.16.11.1 255.255.255.0

exit

 

[r3]

int f0/0

no sh

ip add 16.16.33.3 255.255.255.0

exit

 

[r4]

int f0/0

no sh

ip add 16.16.44.4 255.255.255.0

exit

 

 

[r2]

ip route 16.16.33.0 255.255.255.0 s1/0.23 16.16.23.3

ip route 16.16.44.0 255.255.255.0 s1/0.23 16.16.23.3

ip prefix-list HOP2 permit 16.16.33.0/24

ip prefix-list HOP3 permit 16.16.44.0/24

 

[r3]

ip route 16.16.44.0 255.255.255.0 s1/0.34 16.16.34.4

 

 

 

 

 

 

 

r1]

ip access-list standard R4ONLY

 

 

 

 

 

 

 

 

 

 

 

 

R4 트래픽 접속 거부하기

[r2]

ip access-list extended R4WEBDENY

deny tcp 15.15.44.0 0.0.0.255 host 16.16.11.100 eq 80

permit ip any any

exit

int s1/0.23

ip access-group R4WEBDENY in

exit

 

 

 

 

r2]

access-list 100 deny tcp 17.17.44.0 0.0.0.255 17.17.11.100 0.0.0.0 eq 21

--100~199번은 확장으로 프로토콜, 출발지IP, 목적지IP(서버), 포트넘버--

access-list 100 permit ip any any

int s1/0.23

ip access-group 100 in