Difference between revisions of "Galaxy Network - Network Layout"

From Teknologisk videncenter
Jump to: navigation, search
(Palpatine)
(IP Topology)
Line 55: Line 55:
 
<br />
 
<br />
 
<br />
 
<br />
 
 
===Anakin===
 
===Anakin===
 
----
 
----
Line 229: Line 228:
 
***192.168.254.12 0.0.0.3
 
***192.168.254.12 0.0.0.3
 
***192.168.254.16 0.0.0.3
 
***192.168.254.16 0.0.0.3
 +
<br />
 +
====Access List====
 +
----
 +
Der skal sættes access list op så kun vlan 40 kan komme ind og vlan 30 kun kan komme i kontakt med vlan 40
 
<br />
 
<br />
 
<br />
 
<br />
Line 243: Line 246:
 
**'''Type:''' Routed
 
**'''Type:''' Routed
 
**'''Description:''' Management interface
 
**'''Description:''' Management interface
 +
<br />
 +
====Access List====
 +
----
 +
Der skal sættes access list op så kun vlan 30 kan komme ind og vlan 40 kun kan komme i kontakt med vlan 30
 
<br />
 
<br />
 
<br />
 
<br />
Line 277: Line 284:
 
***172.42.10.0 0.0.0.3
 
***172.42.10.0 0.0.0.3
 
***192.168.254.24 0.0.0.3
 
***192.168.254.24 0.0.0.3
 +
<br />
 +
====Access List====
 +
----
 +
Der skal sættes access list op så kun vlan 10 kan komme ud på netted
 
<br />
 
<br />
 
<br />
 
<br />

Revision as of 14:25, 25 May 2009

IP Topology

Amidala


Interface


  • Interface FA 0/1
    • IP: None
    • Type: Etherchannel
    • Description: Trunked link to Anakin (Port-group 1)
  • Interface FA 0/2
    • IP: None
    • Type: Etherchannel
    • Description: Trunked link to Anakin (Port-group 1)
  • Interface FA 0/3
    • IP: None
    • Type: Switched
    • Description: Trunked link to Leia
  • Interface FA 0/4
    • IP: None
    • Type: Switched
    • Description: Trunked link to Luck
  • Interface FA 0/21
    • IP: 172.16.10.6 /30
    • Type: Routed
    • Description: Link to R7 (Cloud)
  • Interface FA 0/22
    • IP: 192.168.254.21 /30
    • Type: Routed
    • Description: Link to HanSolo
  • Interface FA 0/23
    • IP: None
    • Type: Switched
    • Description: Link to MaceWindu
  • Interface FA 0/24
    • IP: 192.168.254.29 /30
    • Type: Routed
    • Description: Link to QuiGon
  • Interface Loopback 0
    • IP: 192.168.45.1 /30
    • Type: Routed
    • Description: Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 192.168.45.0 0.0.0.255
      • 192.168.254.8 0.0.0.3
      • 192.168.254.16 0.0.0.3
      • 192.168.254.20 0.0.0.3
      • 192.168.254.28 0.0.0.3
      • 192.168.254.36 0.0.0.3
      • 192.168.254.40 0.0.0.3



Anakin


Interface


  • Interface FA 0/1
    • IP: None
    • Type: Etherchannel
    • Description: Trunked to Amidala (Port-group 1)
  • Interface FA 0/2
    • IP: None
    • Type: Etherchannel
    • Description: Trunk link to Amidala (Port-group 1)
  • Interface FA 0/2
    • IP: 192.168.254.5 /30
    • Type: Routed
    • Description: Link to Luke
  • Interface FA 0/4
    • IP: 192.168.254.1 /30
    • Type: Routed
    • Description: Link to Leia
  • Interface FA 0/21
    • IP: 172.16.10.2 /30
    • Type: Routed
    • Description: Link to R4 (Cloud)
  • Interface FA 0/22
    • IP: 192.168.254.25 /30
    • Type: Routed
    • Description: Link to Palpatine
  • Interface FA 0/23
    • IP: 192.168.254.13 /30
    • Type: Routed
    • Description: Link to MaceWindu
  • Interface FA 0/24
    • IP: 192.168.254.33 /30
    • Type: Routed
    • Description: Link to ObiWan
  • Interface Loopback 0
    • IP: 192.168.45.5 /30
    • Type: Routed
    • Description: Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 192.168.254.0 0.0.0.3
      • 192.168.254.4 0.0.0.3
      • 192.168.254.12 0.0.0.3
      • 192.168.254.24 0.0.0.3
      • 192.168.254.32 0.0.0.3



QuiGon


Interface


  • Interface S 0/3/0
    • IP: 192.168.50.1 /30
    • Type: Routed
    • Description: Link to ObiWan DTC (128.000)
  • Interface S 0/3/1
    • IP: 192.168.50.5 /30
    • Type: Routed
    • Description: Link to ObiWan DTE
  • Interface FA 0/0
    • IP: DHCP
    • Type: Routed
    • Description: Link to Mercantec (WAN NAT w/ ACL 1)
  • Interface FA 0/1
    • IP: 192.168.254.30 /30
    • Type: Routed
    • Description: Link to Amidala
  • Interface Loopback 0
    • IP: 192.168.45.9 /30
    • Type: Routed
    • Description: Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 192.168.50.0
      • 192.168.254.28
      • 192.168.254.40


Access List


  • Access List
    • Number: 1
      • IP: 172.42.10.0
      • Wilcrad/Netmask: 0.0.0.255
      • Type:permit
      • IP: 172.42.20.0
      • Wilcrad/Netmask: 0.0.0.255
      • Type:permit



ObiWan


Interface


  • Interface S 0/1/0
    • IP: 192.168.50.6 /30
    • Type: Routed
    • Description: Link to QuiGon DCE
  • Interface S 0/1/1
    • IP: 192.168.50.2 /30
    • Type: Routed
    • Description: Link to QuiGon DTC (128.000)
  • Interface FA 0/0
    • IP: DHCP
    • Type: Routed
    • Description: Link to Mercantec (WAN NAT w/ ACL 1)
  • Interface FA 0/1
    • IP: 192.168.254.34 /30
    • Type: Routed
    • Description: Link to Anakin
  • Interface Loopback 0
    • IP: 192.168.45.13 /30
    • Type: Routed
    • Description: Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 192.168.50.0 0.0.0.3
      • 192.168.254.32 0.0.0.3


Access List


  • Access List
    • Number: 1
      • IP: 172.42.10.0
      • Wilcrad/Netmask: 0.0.0.255
      • Type:permit
      • IP: 172.42.20.0
      • Wilcrad/Netmask: 0.0.0.255
      • Type:permit



MaceWindu


Interface


  • Interface FA 0/1
    • IP: 192.168.254.14 /30
    • Type: Routed
    • Description: Link to Anakin
  • Interface FA 0/2
    • IP: 192.168.254.18 /30
    • Type: Routed
    • Description: Link to Amidala
  • Interface FA 0/24
    • IP: None
    • Type: Switched
    • Description: Link to Cisco Call Manager
  • Interface Loopback 0
    • IP: 192.168.45.33 /30
    • Type: Routed
    • Description: Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 192.168.22.73 0.0.0.3
      • 192.168.254.12 0.0.0.3
      • 192.168.254.16 0.0.0.3


Access List


Der skal sættes access list op så kun vlan 40 kan komme ind og vlan 30 kun kan komme i kontakt med vlan 40

HanSolo


Interface


  • Interface FA 0/0
    • IP: 192.168.254.22 /30
    • Type: Routed
    • Description: Link to Amidala
  • Interface Loopback 0
    • IP: 192.168.45.53 /30
    • Type: Routed
    • Description: Management interface


Access List


Der skal sættes access list op så kun vlan 30 kan komme ind og vlan 40 kun kan komme i kontakt med vlan 30

Palpatine


Interface


  • Interface FA 0/0
    • IP: 172.42.10.1 /24
    • Type: Routed
    • Description: Gateway for wireless clients
  • Interface FA 0/1
    • IP: 192.168.254.26 /30
    • Type: Routed
    • Description: Link to Anakin
  • Interface Loopback 0
    • IP: 192.168.45.17 /30
    • Type: Routed
    • Description: Management interface
  • Interface Wlan-Controller
    • IP: 192.168.45.21 /30
    • Type: Routed
    • Description: Management interface
  • Interface AP-Management
    • IP: 192.168.45.25 /30
    • Type: Routed
    • Description: AP Management interface


Routing


  • Protocrol: EIGRP
    • AS: 1337
    • Networks
      • 172.42.10.0 0.0.0.3
      • 192.168.254.24 0.0.0.3


Access List


Der skal sættes access list op så kun vlan 10 kan komme ud på netted

VLAN Topology


In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000.

Predefined VLAN assocations

While only a few of these VLANs are actually in use, the VLAN ranges will allow our network to scale almost indefinitely.

  • 1: Not in use; clear from all trunks. This is a Cisco best practice implementation (not required).
  • 2-99: Management VLAN on all switches.
  • 100–399: Access layer devices.
  • 400–599: Data center devices.
  • 600–699: Internet and partner connections.
  • 700–899: Reserved for future use.
  • 900–999: Point-to-point links between switches (Layer 3).

VLANs currently in use

  • VLAN 45: Management VLAN used on all switches in the network.
  • VLAN 100: Skywalker Enterprises.
  • VLAN 400: Wireless.
  • VLAN 401: Wide-Area Network.
  • VLAN 402: ISDN/PSTN.

Configuration of VLAN Layer-2 Security

vlan access-map NAME 10
match ip address <telnet access list>
action drop
vlan access-map 20
match ip address <ssh access list>
action forward

switchport mode access (default)
N/A (default)
no cdp enable
udld port disable

interface vlan <management vlan>

switchport trunk allowed vlan remove 1

Configuration of Interface Security

switchport mode access (default)
N/A (default)
no cdp enable
udld port disable
spanning-tree portfast
spanning-tree portfast bpduguard default

spanning-tree guard root

vtp mode transparent

no mls qos trust {default}

shutdown