# 期末整合題 [TOC]  http://www.tsnien.idv.tw/Manager_WebBook/chap6/6-7%20Layer%203%E4%BA%A4%E6%8F%9B%E5%99%A8%E8%A6%8F%E5%8A%83%E8%88%87%E8%A8%AD%E5%AE%9A.html https://www.jannet.hk/dynamic-host-configuration-protocol-dhcp-zh-hant/ https://ithelp.ithome.com.tw/questions/10118061 ## Layer3 switch R3 ``` Switch(config)#interface e0/1 Switch(config-if)#no switchport Switch(config-if)#ip address Switch(config-if)#ip address 34.0.1.3 255.255.255.0 Switch(config-if)#no shutdown ``` 以下類似設定省略 因為都差不多 ## Outside Routing(static) ### R3 ``` Switch(config)#ip route 0.0.0.0 0.0.0.0 23.1.0.2 ``` ### R2 ``` Router(config)#ip route 0.0.0.0 0.0.0.0 12.0.0.1 ``` ### R1 ``` r1(config)#ip route 23.1.0.0 255.255.255.0 12.0.0.2 ```  從Core switch 連到外網 Router 是沒有問題的  ## Inside Routing(OSPF) ### CW1 ``` Switch(config)#router ospf 1 Switch(config-router)#router-i Switch(config-router)#router-id 3.3.3.3 Switch(config-router)#net Switch(config-router)#network 23.1.0.0 0.0.0.255 % Incomplete command. Switch(config-router)#network 23.1.0.0 0.0.0.255 ar Switch(config-router)#network 23.1.0.0 0.0.0.255 area 0 Switch(config-router)#network 34.1.0.0 0.0.0.255 area 0 ``` ### CW2 ``` Switch(config)#router ospf 1 Switch(config-router)#router-id 4.4.4.4 % OSPF: Reload or use "clear ip ospf process" command, for this to take effect Switch(config-router)#net Switch(config-router)#network 34.1.0.0 0.0.0.255 area 0 *Dec 28 04:32:23.058: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Ethernet0/1 (not full duplex), with dhcpServer Ethernet0/0 (full duplex). Switch(config-router)#network 34.1.0.0 0.0.0.255 area 0 Switch(config-router)#network 35.1.0.0 0.0.0.255 area 0 ``` ### DHCP ``` dhcpServer(config)#router ospf 1 dhcpServer(config-router)#rout dhcpServer(config-router)#router-id 5.5.5.5 dhcpServer(config-router)#net dhcpServer(config-router)#network 45.1.0.0 0.0.0.255 ar dhcpServer(config-router)#network 45.1.0.0 0.0.0.255 area 0 ``` ### ssh Server ``` sshServer(config)#router ospf 1 sshServer(config-router)#rout sshServer(config-router)#router-id 6.6.6.6 sshServer(config-router)#net sshServer(config-router)#network 46.2.0.0 0.0.0.255 ar sshServer(config-router)#network 46.2.0.0 0.0.0.255 area 0 ```  ### R3 -> R5 (Success)  ### R3 -> R1 (Success)  ## SSH Server username : meowhecker password : moewhecker ``` sshServer(config)#username meowhecker secret meowhecker sshServer(config)#ip domain-name meowhecker.com sshServer(config)#crypto key generate rsa sshServer(config)#ip ssh sshServer(config)#ip ssh ver sshServer(config)#ip ssh version 2 sshServer(config)#line vty 0 4 sshServer(config-line)#login local sshServer(config-line)#transport input ss sshServer(config-line)#transport input ssh ``` --- ## Router-on-a-stick ### Configure Trunk switch eth 0/0 (trunk) ``` Switch(config)#int e 0/0 Switch(config-if)#swit Switch(config-if)#switchport mo Switch(config-if)#switchport mode tr Switch(config-if)#switchport mode trunk Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. Switch(config-if)#swith Switch(config-if)#switchpo Switch(config-if)#switchport tru Switch(config-if)#switchport trunk enca Switch(config-if)#switchport trunk encapsulation do Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#swit Switch(config-if)#switchport mo Switch(config-if)#switchport mode tru Switch(config-if)#switchport mode trunk Switch(config-if)#exit ``` switch -> vlan 10/ vlan 20 ``` Switch(config)#vlan 10 Switch(config-vlan)#name vlan10 Switch(config-vlan)#exit Switch(config)#vlan 20 Switch(config-vlan)#nam Switch(config-vlan)#name vlan 20 ```  ### Configure access port #### Vlan 10 port ``` Switch(config)#int e0/1 Switch(config-if)#swit Switch(config-if)#switchport mode access Switch(config-if)#switch Switch(config-if)#switchport acce Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit ``` #### Vlan 20 port ``` Switch(config)#int e0/2 Switch(config-if)#switch Switch(config-if)#switchport mod Switch(config-if)#switchport mode ace Switch(config-if)#switchport mode acce Switch(config-if)#switchport mode access Switch(config-if)#switch Switch(config-if)#switchport access Switch(config-if)#switchport access vla Switch(config-if)#switchport access vlan 20 ```  ### Configure router R3 e0/2.10 ``` Switch(config-if)#int e0/2.10 ena Switch(config-if)#int e0/2.10 Switch(config-subif)#encap Switch(config-subif)#encapsulation dot Switch(config-subif)#encapsulation dot1Q 10 ``` R3 e0/2.20 ``` Switch(config)#int e 0/2.20 Switch(config-subif)#encapsulation dot1Q 20 Switch(config-subif)#ip address 192.168.20.254 255.255.255.0 ```  --- ### R3 ping 192.168.10.1 (success)  ### R3 ping 192.168.20.1 (success)  --- ## Adding R8 ### R7<---trunk---->R8 R7 e0/2(trunk) ``` Switch(config)#interface e0/2 Switch(config-if)#swit Switch(config-if)#switchport trun Switch(config-if)#switchport trunk enca Switch(config-if)#switchport trunk encapsulation do Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#swit Switch(config-if)#switchport mod Switch(config-if)#switchport mode trun Switch(config-if)#switchport mode trunk Switch(config-if)#exit ``` R8 e0/1 (trunk) ``` Switch(config)#interface ethernet 0/1 Switch(config-if)#swit Switch(config-if)#switchport tru Switch(config-if)#switchport trunk enca Switch(config-if)#switchport trunk encapsulation dot Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#swit Switch(config-if)#switchport mod Switch(config-if)#switchport mode tru Switch(config-if)#switchport mode trunk Switch(config-if)#exit ``` ### R8 vlan port ``` Switch(config)#vlan 20 Switch(config-vlan)#name vl Switch(config-vlan)#name vla Switch(config-vlan)#name vlan20 //port Switch(config)#int e0/0 Switch(config-if)#swit Switch(config-if)#switchport mo Switch(config-if)#switchport mode acc Switch(config-if)#switchport mode access Switch(config-if)#swit Switch(config-if)#switchport acc Switch(config-if)#switchport access vlan 20 ``` Topology  R3 ping 192.168.10.1 (success)  R3 ping 192.168.20.1 (success)  ## DHCP get VLAN IP R3 ``` Switch(config-router)#network 192.168.20.0 0.0.0.255 area 0 Switch(config-router)#network 192.168.20.0 0.0.0.255 area 0 ``` ### DHCP ping 192.168.10.1 (success)  ### DHCP ping 192.168.20.1 (success)  Now, we can configure the dhcp server ## IP Relay (helper) let machines can find the location of DHCP server ``` Vlan 10 helper Switch(config)#interface ethernet 0/2.10 Switch(config-if)#ip helper-address 45.1.0.5 --- Vlan 20 helper Switch(config)#interface ethernet 0/2.20 Switch(config-subif)#ip helper-address 45.1.0.5 ``` ### DHCP Configuration ``` dhcpServer(config)#ip dhcp pool vlan10 dhcpServer(dhcp-config)#network 192.168.10.0 255.255.255.0 dhcpServer(dhcp-config)#default-router 192.168.10.254 dhcpServer(dhcp-config)#dns-server 8.8.8.8 --- dhcpServer(config)#ip dhcp pool vlan20 dhcpServer(dhcp-config)#network 192.168.20.0 255.255.255.0 dhcpServer(dhcp-config)#default-router 192.168.20.254 dhcpServer(dhcp-config)#dns-server 8.8.8.8 ``` ### vlan 10 DHCP (success)  ### vlan 20 DHCP (success)  爽阿 Adding routings 為了讓machine 可以ping 到外網 使用8.8.8.8 服務 R2 ``` Router(config)#router ospf 1 Router(config-router)#router-id 2.2.2.2 Router(config-router)#network 23.1.0.0 0.0.0.255 ar Router(config-router)#network 23.1.0.0 0.0.0.255 area 0 ``` R1 ``` r1(config)#router ospf 1 r1(config-router)#network 12.0.0.0 0.0.0.255 ar r1(config-router)#network 12.0.0.0 0.0.0.255 area 0 ``` Ping 192.168.10.2 Source 8.8.8.8 (Success)  Ping 192.168.20.2 Source 8.8.8.8 (Success)  ## PAT + SSH ### private ip -> public ip R2 ``` Router(config)#int e0/0 Router(config-if)#ip nat out --- Router(config)#int e0/2 Router(config-if)#ip nat inside ``` ``` Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255 Router(config)#access-list 2 permit 192.168.20.0 0.0.0.255 Router(config)#ip nat pool nat1 12.0.0.2 12.0.0.2 netmask 255.255.255.0 Router(config)#ip nat inside source list 1 pool nat1 overload Router(config)#ip nat pool nat2 12.1.2.2 12.1.2.2 netmask 255.255.255.0 Router(config)#ip nat inside source list 2 pool nat1 overload ```  ### 192.168.10.2(vlan 10 ) ping 8.8.8.8 (NAT Success)  ### 192.168.20.2(vlan 10 ) ping 8.8.8.8 (NAT Success)  ### SSH Port Forwarding ``` Router(config)#ip nat inside source static tcp 46.2.0.6 22 12.0.0.2 22 ``` ### R1 ssh login  :+1: