Difference between revisions of "Galaxy Network - Network Layout"
From Teknologisk videncenter
(→IP Topology) |
(→VLAN Topology) |
||
| Line 408: | Line 408: | ||
== VLAN Topology == | == VLAN Topology == | ||
| − | |||
In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. | In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. | ||
Revision as of 15:57, 25 May 2009
Contents
IP Topology
Amidala
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked link to Anakin (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked link to Anakin (Port-group 1)
- Interface: FA 0/3
- IP: None
- Type: Switched
- Description: Trunked link to Leia
- Interface: FA 0/4
- IP: None
- Type: Switched
- Description: Trunked link to Luck
- Interface: FA 0/21
- IP: 172.16.10.6 /30
- Type: Routed
- Description: Link to R7 (Cloud)
- Interface: FA 0/22
- IP: 192.168.254.21 /30
- Type: Routed
- Description: Link to HanSolo
- Interface: FA 0/23
- IP: None
- Type: Switched
- Description: Link to MaceWindu
- Interface: FA 0/24
- IP: 192.168.254.29 /30
- Type: Routed
- Description: Link to QuiGon
- Interface: Loopback 0
- IP: 192.168.45.1 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.45.0 0.0.0.255
- 192.168.254.8 0.0.0.3
- 192.168.254.16 0.0.0.3
- 192.168.254.20 0.0.0.3
- 192.168.254.28 0.0.0.3
- 192.168.254.36 0.0.0.3
- 192.168.254.40 0.0.0.3
Anakin
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to Amidala (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunk link to Amidala (Port-group 1)
- Interface: FA 0/2
- IP: 192.168.254.5 /30
- Type: Routed
- Description: Link to Luke
- Interface: FA 0/4
- IP: 192.168.254.1 /30
- Type: Routed
- Description: Link to Leia
- Interface: FA 0/21
- IP: 172.16.10.2 /30
- Type: Routed
- Description: Link to R4 (Cloud)
- Interface: FA 0/22
- IP: 192.168.254.25 /30
- Type: Routed
- Description: Link to Palpatine
- Interface: FA 0/23
- IP: 192.168.254.13 /30
- Type: Routed
- Description: Link to MaceWindu
- Interface: FA 0/24
- IP: 192.168.254.33 /30
- Type: Routed
- Description: Link to ObiWan
- Interface: Loopback 0
- IP: 192.168.45.5 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.254.0 0.0.0.3
- 192.168.254.4 0.0.0.3
- 192.168.254.12 0.0.0.3
- 192.168.254.24 0.0.0.3
- 192.168.254.32 0.0.0.3
QuiGon
Interface
- Interface: S 0/3/0
- IP: 192.168.50.1 /30
- Type: Routed
- Description: Link to ObiWan DTC (128.000)
- Interface: S 0/3/1
- IP: 192.168.50.5 /30
- Type: Routed
- Description: Link to ObiWan DTE
- Interface: FA 0/0
- IP: DHCP
- Type: Routed
- Description: Link to Mercantec (WAN NAT w/ ACL 1)
- Interface: FA 0/1
- IP: 192.168.254.30 /30
- Type: Routed
- Description: Link to Amidala
- Interface: Loopback 0
- IP: 192.168.45.9 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.50.0
- 192.168.254.28
- 192.168.254.40
Access List
- Access List
- Number: 1
- IP: 172.42.10.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- IP: 172.42.20.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- Number: 1
ObiWan
Interface
- Interface: S 0/1/0
- IP: 192.168.50.6 /30
- Type: Routed
- Description: Link to QuiGon DCE
- Interface: S 0/1/1
- IP: 192.168.50.2 /30
- Type: Routed
- Description: Link to QuiGon DTC (128.000)
- Interface: FA 0/0
- IP: DHCP
- Type: Routed
- Description: Link to Mercantec (WAN NAT w/ ACL 1)
- Interface: FA 0/1
- IP: 192.168.254.34 /30
- Type: Routed
- Description: Link to Anakin
- Interface: Loopback 0
- IP: 192.168.45.13 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.50.0 0.0.0.3
- 192.168.254.32 0.0.0.3
Access List
- Access List
- Number: 1
- IP: 172.42.10.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- IP: 172.42.20.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- Number: 1
MaceWindu
Interface
- Interface: FA 0/1
- IP: 192.168.254.14 /30
- Type: Routed
- Description: Link to Anakin
- Interface: FA 0/2
- IP: 192.168.254.18 /30
- Type: Routed
- Description: Link to Amidala
- Interface: FA 0/24
- IP: None
- Type: Switched
- Description: Link to Cisco Call Manager
- Interface: Loopback 0
- IP: 192.168.45.33 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.22.73 0.0.0.3
- 192.168.254.12 0.0.0.3
- 192.168.254.16 0.0.0.3
Access List
Der skal sættes access list op så kun vlan 40 kan komme ind og vlan 30 kun kan komme i kontakt med vlan 40
HanSolo
Interface
- Interface: FA 0/0
- IP: 192.168.254.22 /30
- Type: Routed
- Description: Link to Amidala
- Interface: Loopback 0
- IP: 192.168.45.53 /30
- Type: Routed
- Description: Management interface
Access List
Der skal sættes access list op så kun vlan 30 kan komme ind og vlan 40 kun kan komme i kontakt med vlan 30
Palpatine
Interface
- Interface: FA 0/0
- IP: 172.42.10.1 /24
- Type: Routed
- Description: Gateway for wireless clients
- Interface: FA 0/1
- IP: 192.168.254.26 /30
- Type: Routed
- Description: Link to Anakin
- Interface: Loopback 0
- IP: 192.168.45.17 /30
- Type: Routed
- Description: Management interface
- Interface: Wlan-Controller
- IP: 192.168.45.21 /30
- Type: Routed
- Description: Management interface
- Interface: AP-Management
- IP: 192.168.45.25 /30
- Type: Routed
- Description: AP Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 172.42.10.0 0.0.0.3
- 192.168.254.24 0.0.0.3
Access List
Der skal sættes access list op så vlan 10 kun kan komme ud på netted
Luke
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
- Interface: FA 0/3
- IP: 192.168.45.6 /30
- Type: Routed
- Description: Link to Anakin
- Interface: FA 0/4
- IP: 192.168.45.38 /30
- Type: Routed
- Description: Link to Amadala
- Interface: FA 0/23
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 2)
- Interface: FA 0/24
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 2)
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.254.4 0.0.0.3
- 192.168.254.36 0.0.0.3
- 192.168.200.0 0.0.0.255
- 172.42.20.0 0.0.0.255
Access List
Der skal sættes access list op så vlan 20 kun kan komme ud på netted
Leia
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to R2D2 (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to R2D2 (Port-group 1)
- Interface: FA 0/3
- IP: 192.168.45.10 /30
- Type: Routed
- Description: Link to Amadala
- Interface: FA 0/4
- IP: 192.168.45.2 /30
- Type: Routed
- Description: Link to Anakin
- Interface: FA 0/23
- IP: None
- Type: Etherchannel
- Description: Trunked to Luke (Port-group 2)
- Interface: FA 0/24
- IP: None
- Type: Etherchannel
- Description: Trunked to Luke (Port-group 2)
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.254.0 0.0.0.3
- 192.168.254.8 0.0.0.3
- 192.168.200.0 0.0.0.255
- 172.42.20.0 0.0.0.255
Access List
Der skal sættes access list op så vlan 20 kun kan komme ud på netted
R2D2
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 1)
- Interface: GI 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
- Interface: GI 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
C3PO
Interface
- Interface: FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to Luke (Port-group 1)
- Interface: FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to Luke (Port-group 1)
- Interface: GI 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to R2D2 (Port-group 1)
- Interface: GI 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to R2D2 (Port-group 1)
VLAN Topology
In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000.
Predefined VLAN assocations
While only a few of these VLANs are actually in use, the VLAN ranges will allow our network to scale almost indefinitely.
- 1: Not in use; clear from all trunks. This is a Cisco best practice implementation (not required).
- 2-99: Management VLAN on all switches.
- 100–399: Access layer devices.
- 400–599: Data center devices.
- 600–699: Internet and partner connections.
- 700–899: Reserved for future use.
- 900–999: Point-to-point links between switches (Layer 3).
VLANs currently in use
- VLAN 45: Management VLAN used on all switches in the network.
- VLAN 100: Skywalker Enterprises.
- VLAN 400: Wireless.
- VLAN 401: Wide-Area Network.
- VLAN 402: ISDN/PSTN.
Configuration of VLAN Layer-2 Security
vlan access-map NAME 10 match ip address <telnet access list> action drop vlan access-map 20 match ip address <ssh access list> action forward switchport mode access (default) N/A (default) no cdp enable udld port disable interface vlan <management vlan> switchport trunk allowed vlan remove 1
Configuration of Interface Security
switchport mode access (default)
N/A (default)
no cdp enable
udld port disable
spanning-tree portfast
spanning-tree portfast bpduguard default
spanning-tree guard root
vtp mode transparent
no mls qos trust {default}
shutdown