# 網路拓樸(競賽) ## 虛實整合 ![](https://i.imgur.com/q6bdN7B.png) --- ## 實體拓樸(吃我一發魔法陣啦 哭阿) ![](https://i.imgur.com/sMFymrU.png) ![](https://i.imgur.com/PEg5QBc.png) * Vlan: * team1 -> vlan 10(192.168.1.1-6/24) * team2 -> vlan 20(192.168.2.1-6/24) * team3 -> vlan 30(192.168.3.1-6/24) * team4 -> vlan 40(192.168.4.1-6/24) * TP -> vlan 50(192.168.5.1-6/24) * Judge -> vlan 100(192.168.1-4.10/24) * Manage -> vlan 1 * connect setting: * 甲方(3650) * 1-6 -> team1_PC -> vlan 10 * 7-12 -> team2_PC -> vlan 20 * 22 -> TP_Switch -> vlan 50 * 23 -> Core_Switch -> trunk * 24 -> Serial(LB) -> vlan 1(172.16.0.9/16) * 乙方(3650) * 1-6 -> team3_PC -> vlan 30 * 7-12 -> team4_PC -> vlan 40 * 23 -> Core_Switch -> trunk * 24 -> Serial(LB) -> vlan 1(172.16.0.10/16) * Core_Switch(3560) * 1 -> team1_P1 -> vlan 10(vmk1) * 2 -> team2_P1 -> vlan 20(vmk1) * 3 -> team3_P1 -> vlan 30(vmk1) * 4 -> team4_P1 -> vlan 40(vmk1) * 5 -> TP_P1 -> vlan 50 * 6 -> Judge_P3 -> trunk * 22 -> 甲方 -> trunk * 23 -> 乙方 -> trunk * 24 -> Serial(LB) -> vlan 1(172.16.0.8/16) * vlan 10 -> 192.168.1.254/24 * access-group 10 * permit 192.168.1.1(PC) * permit 192.168.1.2(PC) * permit 192.168.1.3(PC) * permit 192.168.1.4(PC) * permit 192.168.1.5(PC) * permit 192.168.1.6(PC) * permit 192.168.1.10(VPNSpy) * permit 192.168.1.100(ESXi) * permit 192.168.1.250(VPN) * deny any any * vlan 20 -> 192.168.2.254/24 * access-group 20 * permit 192.168.2.1(PC) * permit 192.168.2.2(PC) * permit 192.168.2.3(PC) * permit 192.168.2.4(PC) * permit 192.168.2.5(PC) * permit 192.168.2.6(PC) * permit 192.168.2.10(VPNSpy) * permit 192.168.2.100(ESXi) * permit 192.168.2.250(VPN) * deny any any * vlan 30 -> 192.168.3.254/24 * access-group 30 * permit 192.168.3.1(PC) * permit 192.168.3.2(PC) * permit 192.168.3.3(PC) * permit 192.168.3.4(PC) * permit 192.168.3.5(PC) * permit 192.168.3.6(PC) * permit 192.168.3.10(VPNSpy) * permit 192.168.3.100(ESXi) * permit 192.168.3.250(VPN) * deny any any * vlan 40 -> 192.168.4.254/24 * access-group 40 * permit 192.168.4.1(PC) * permit 192.168.4.2(PC) * permit 192.168.4.3(PC) * permit 192.168.4.4(PC) * permit 192.168.4.5(PC) * permit 192.168.4.6(PC) * permit 192.168.4.10(VPNSpy) * permit 192.168.4.100(ESXi) * permit 192.168.4.250(VPN) * deny any any * vlan 50 -> 192.168.5.254/24 * access-group 50 * permit 192.168.5.1(PC) * permit 192.168.5.2(PC) * permit 192.168.5.3(PC) * permit 192.168.5.4(PC) * permit 192.168.5.5(PC) * permit 192.168.5.6(PC) * permit 192.168.5.250(VPN) * deny any any * TP_Switch(2960) * 1-23 -> TP_PC -> vlan 50 * 24 -> 甲方 -> vlan 50 * 這麼簡單的設定留一台桌機接serial緊急處理即可。 * Intra_Router(3650) * 1-2 -> team1_P2,3 -> etherchannel(10.0.0.0/11) * 3-4 -> team2_P2,3 -> etherchannel(10.32.0.0/11) * 5-6 -> team3_P2,3 -> etherchannel(10.64.0.0/11) * 7-8 -> team4_P2,3 -> etherchannel(10.96.0.0/11) * 9-10 -> TP_P2,3 -> etherchannel(10.128.0.0/11) * 11 -> Judge_P2 -> (10.160.0.0/11) * 24 -> Serial(LB) -> vlan 1(172.16.0.7/16) * Serial(2960) * 1 -> team1_P4 -> vlan 1(172.16.0.1/16) * 2 -> team2_P4 -> vlan 1(172.16.0.2/16) * 3 -> team3_P4 -> vlan 1(172.16.0.3/16) * 4 -> team4_P4 -> vlan 1(172.16.0.4/16) * 5 -> TP_P4 -> vlan 1(172.16.0.5/16) * 6 -> Judge_P1 -> vlan 1(172.16.0.6/16) * 7 -> Intra_Router -> vlan 1 * 8 -> Core_Switch -> vlan 1 * 9 -> 甲方 -> vlan 1 * 10 -> 乙方 -> vlan 1 * 22 -> Judge_P4 -> vlan 100(172.16.100.100/16) * 23 -> J&M -> vlan 100 * 24 -> J&M -> vlan 1(172.16.0.11/16) * J&M(2960) * 1-11 -> Judge_PC -> vlan 100 * 12 -> Serial -> vlan 100(10.200.0.254/24) * 13-23 -> Manage_PC -> vlan 1 * 24 -> Serial -> vlan 1(172.16.255.254/16) --- ### vlan acl ``` ip access-list standard team1 permit host 192.168.1.1 permit host 192.168.1.2 permit host 192.168.1.3 permit host 192.168.1.4 permit host 192.168.1.5 permit host 192.168.1.6 permit host 192.168.1.10 permit host 192.168.1.100 permit host 192.168.1.250 deny any exit int vlan 10 ip access-group team1 in shut no shut exit ip access-list standard team2 permit host 192.168.2.1 permit host 192.168.2.2 permit host 192.168.2.3 permit host 192.168.2.4 permit host 192.168.2.5 permit host 192.168.2.6 permit host 192.168.2.10 permit host 192.168.2.100 permit host 192.168.2.250 deny any exit int vlan 20 ip access-group team2 in shut no shut exit ip access-list standard team3 permit host 192.168.3.1 permit host 192.168.3.2 permit host 192.168.3.3 permit host 192.168.3.4 permit host 192.168.3.5 permit host 192.168.3.6 permit host 192.168.3.10 permit host 192.168.3.100 permit host 192.168.3.250 deny any exit int vlan 30 ip access-group team3 in shut no shut exit ip access-list standard team4 permit host 192.168.4.1 permit host 192.168.4.2 permit host 192.168.4.3 permit host 192.168.4.4 permit host 192.168.4.5 permit host 192.168.4.6 permit host 192.168.4.10 permit host 192.168.4.100 permit host 192.168.4.250 deny any exit int vlan 40 ip access-group team4 in shut no shut exit ip access-list standard team5 permit host 192.168.5.1 permit host 192.168.5.2 permit host 192.168.5.3 permit host 192.168.5.4 permit host 192.168.5.5 permit host 192.168.5.6 permit host 192.168.5.250 deny any exit int vlan 50 ip access-group team5 in shut no shut end ``` --- ### etherchannel(port channel) ``` SW1: (config)#default int ran et0/0, et1/0 (config)#int ran et0/0, et1/0 (config-if-range)#shutdown (config-if-range)#channel-group 1 mode on SW2: (config)#default int ran et0/0, et1/0 (config)#int ran et0/0, et1/0 (config-if-range)#channel-group 1 mode on SW1: (config-if-range)#no shutdown ``` --- ### IP #### Core_Switch | | PCs | gateway(vlan) | ESXi | VPN | VPNSpy | | ----- | ---------------- | ---------------- | ---------------- | ---------------- | --------------- | | team1 | 192.168.1.1-6/24 | 192.168.1.254/24 | 192.168.1.100/24 | 192.168.1.250/24 | 192.168.1.10/24 | | team2 | 192.168.2.1-6/24 | 192.168.2.254/24 | 192.168.2.100/24 | 192.168.2.250/24 | 192.168.2.10/24 | | team3 | 192.168.3.1-6/24 | 192.168.3.254/24 | 192.168.3.100/24 | 192.168.3.250/24 | 192.168.3.10/24 | | team4 | 192.168.4.1-6/24 | 192.168.4.254/24 | 192.168.4.100/24 | 192.168.4.250/24 | 192.168.4.10/24 | | TP | 192.168.5.1-6/24 | 192.168.5.254/24 | X | 192.168.5.250/24 | X | #### Intra_Router(RIP) | | Ports | IP | gateway | | ----- | ------------------- | ------------- | ----------------- | | team1 | EtherChannel1(1,2) | 10.0.0.0/11 | 10.31.255.254/11 | | team2 | EtherChannel2(3,4) | 10.32.0.0/11 | 10.63.255.254/11 | | team3 | EtherChannel3(5,6) | 10.64.0.0/11 | 10.95.255.254/11 | | team4 | EtherChannel4(7,8) | 10.96.0.0/11 | 10.127.255.254/11 | | TP | EtherChannel5(9,10) | 10.128.0.0/11 | 10.159.255.254/11 | | Judge | 11 | 10.160.0.0/11 | 10.191.255.254/11 | ##### team1 | Round | IP | | ----- | ---- | | Text | Text | #### Serial | | ESXi | IP | gateway | | -------------- | ------------- | -------------- | ----------------- | | team1 | 172.16.0.1/16 | 172.16.0.1/16 | 172.16.255.254/16 | | team2 | 172.16.0.2/16 | 172.16.0.2/16 | 172.16.255.254/16 | | team3 | 172.16.0.3/16 | 172.16.0.3/16 | 172.16.255.254/16 | | team4 | 172.16.0.4/16 | 172.16.0.4/16 | 172.16.255.254/16 | | TP | 172.16.0.5/16 | 172.16.0.5/16 | 172.16.255.254/16 | | Manage | 172.16.0.6/16 | 172.16.0.6/16 | 172.16.255.254/16 | | Intra_Router | X | 172.16.0.7/16 | 172.16.255.254/16 | | Core_Switch(M) | X | 172.16.0.8/16 | 172.16.255.254/16 | | A | X | 172.16.0.9/16 | 172.16.255.254/16 | | B | X | 172.16.0.10/16 | 172.16.255.254/16 | | Judge | 10.200.0.1/24 | 10.200.0.1/24 | 10.200.0.254/24 | * M->監控方,A->甲方,B->乙方 ### line number #### 監<->甲 * 甲1 team1 Intra etherchannel * 甲2 team1 Intra etherchannel * 甲3 team2 Intra etherchannel * 甲4 team2 Intra etherchannel * 甲5 TP Intra etherchannel * 甲6 TP Intra etherchannel * 甲7 team1 serial * 甲8 team2 serial * 甲9 TP serial #### 監<->乙 * 乙1 team3 Intra etherchannel * 乙2 team3 Intra etherchannel * 乙3 team4 Intra etherchannel * 乙4 team4 Intra etherchannel * 乙5 Judge Intra * 乙6 team3 serial * 乙7 team4 serial * 乙8 Judge serial(Manage) * 乙9 Judge serial(Judge) 甲方A34(右講桌)->C6 監控室C6->Intra Route(bind TP netmask)