Difference between revisions of "Galaxy Network - Network Layout"
From Teknologisk videncenter
(→IP Topology) |
|||
| Line 1: | Line 1: | ||
| − | + | ==IP Topology== | |
| − | + | ===Amidala=== | |
| − | + | ====Interface==== | |
| − | |||
| − | |||
| − | |||
| − | |||
'''Interface FA 0/1''' | '''Interface FA 0/1''' | ||
*'''IP:'''None | *'''IP:'''None | ||
| Line 69: | Line 65: | ||
|EIGRP 1337 | |EIGRP 1337 | ||
|} | |} | ||
| − | + | ===Anakin=== | |
| − | |||
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 148: | Line 143: | ||
---- | ---- | ||
| − | + | ===QuiGon=== | |
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 221: | Line 216: | ||
---- | ---- | ||
| − | + | ===ObiWan=== | |
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 290: | Line 285: | ||
---- | ---- | ||
| − | + | ===MaceWindu=== | |
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 340: | Line 335: | ||
---- | ---- | ||
| − | + | ===HanSolo=== | |
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 361: | Line 356: | ||
---- | ---- | ||
| − | + | ===Palpatine=== | |
{|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | {|width="auto" border="1" cellpadding="1" cellspacing="1" summary="Interfaces" | ||
| Line 412: | Line 407: | ||
---- | ---- | ||
| − | + | == VLAN Topology == | |
---- | ---- | ||
| Line 418: | Line 413: | ||
Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000. | Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000. | ||
| − | + | === Predefined VLAN assocations === | |
<span>While only a few of these VLANs are actually in use, | <span>While only a few of these VLANs are actually in use, | ||
the VLAN ranges will <span onmouseover="TagToTip('allow')" onmouseout="UnTip()" style="cursor:help">allow</span> our network to scale almost indefinitely.</span> | the VLAN ranges will <span onmouseover="TagToTip('allow')" onmouseout="UnTip()" style="cursor:help">allow</span> our network to scale almost indefinitely.</span> | ||
| Line 430: | Line 425: | ||
*'''900–999:''' Point-to-point links between switches (Layer 3). | *'''900–999:''' Point-to-point links between switches (Layer 3). | ||
| − | + | === VLANs currently in use === | |
* '''VLAN 45:''' Management VLAN used on all switches in the network. | * '''VLAN 45:''' Management VLAN used on all switches in the network. | ||
| Line 438: | Line 433: | ||
* '''VLAN 402:''' ISDN/PSTN. | * '''VLAN 402:''' ISDN/PSTN. | ||
| − | + | === Configuration of VLAN Layer-2 Security === | |
<pre>vlan access-map NAME 10 | <pre>vlan access-map NAME 10 | ||
match ip address <telnet access list> | match ip address <telnet access list> | ||
| Line 456: | Line 451: | ||
</pre> | </pre> | ||
| − | + | === Configuration of Interface Security === | |
<pre>switchport mode access (default) | <pre>switchport mode access (default) | ||
N/A (default) | N/A (default) | ||
Revision as of 13:14, 25 May 2009
Contents
IP Topology
Amidala
Interface
Interface FA 0/1
- IP:None
- Type:Etherchannel
- DescriptionTrunked link to Anakin (Port-group 1)
Interface FA 0/2
- IP:None
- Type:Etherchannel
- DescriptionTrunked link to Anakin (Port-group 1)
Interface FA 0/3
- IP:None
- Type:Switched
- DescriptionTrunked link to Leia
Interface FA 0/4
- IP:None
- Type:Switched
- DescriptionTrunked link to Luck
Interface FA 0/21
- IP:172.16.10.6 /30
- Type:Routed
- DescriptionLink to R7 (Cloud)
Interface FA 0/22
- IP:192.168.254.21 /30
- Type:Routed
- DescriptionLink to HanSolo
Interface FA 0/23
- IP:
- Type:Switched
- DescriptionLink to MaceWindu
Interface FA 0/24
- IP:192.168.254.29 /30
- Type:Routed
- DescriptionLink to QuiGon
Interface Loopback 0
- IP:192.168.45.1 /30
- Type:Routed
- DescriptionManagement interface
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 192.168.254.8 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.16 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.20 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.28 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.36 | 0.0.0.3 | EIGRP 1337 |
Anakin
| Interface | IP | Type | Description |
|---|---|---|---|
| FA 0/1 + FA 0/2 | Etherchannel | Trunked to Amidala | |
| FA 0/3 | 192.168.254.5 /30 | Routed | Link to Luke |
| FA 0/4 | 192.168.254.1 /30 | Routed | Link to Leia |
| FA 0/21 | 172.16.10.2 /30 | Routed | Link to R4 (Cloud) |
| FA 0/22 | 192.168.254.25 /30 | Routed | Link to Palpatine |
| FA 0/23 | 192.168.254.13 /30 | Routed | Link to MaceWindu |
| FA 0/24 | 192.168.254.33 /30 | Routed | Link to ObiWan |
| Loopback 0 | 192.168.45.5 /30 | Routed | Management interface |
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 192.168.254.0 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.4 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.12 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.24 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.32 | 0.0.0.3 | EIGRP 1337 |
QuiGon
| Interface | IP | Type | Description |
|---|---|---|---|
| S 0/3/0 | 192.168.50.1 /30 | Routed | DTC (128.000) link to ObiWan |
| S 0/3/1 | 192.168.50.5 /30 | Routed | DTE link to ObiWan |
| FA 0/0 | DHCP | Routed | NAT w/ ACL 1 Link to Mercantec (WAN) |
| FA 0/1 | 192.168.254.30 /30 | Routed | Link to Amidala |
| Loopback 0 | 192.168.45.9 /30 | Routed | Management interface |
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 192.168.50.0 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.28 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.40 | 0.0.0.3 | EIGRP 1337 |
| IP | Wilcard/Netmask | Type | Access List |
|---|---|---|---|
| 172.42.10.0 | 0.0.0.255 | permit | 1 |
| 172.42.20.0 | 0.0.0.255 | permit | 1 |
ObiWan
| Interface | IP | Type | Description |
|---|---|---|---|
| S 0/1/0 | 192.168.50.6 /30 | Routed | DCE (128.000) link to QuiGon |
| S 0/1/1 | 192.168.50.2 /30 | Routed | DTE link to QuiGon |
| FA 0/0 | DHCP | Routed | NAT w/ ACL 1 Link to Mercantec (WAN) |
| FA 0/1 | 192.168.254.34 /30 | Routed | Link to Anakin |
| Loopback 0 | 192.168.45.13 /30 | Routed | Management interface |
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 192.168.50.0 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.32 | 0.0.0.3 | EIGRP 1337 |
| IP | Wilcard/Netmask | Type | Access List |
|---|---|---|---|
| 172.42.10.0 | 0.0.0.255 | permit | 1 |
| 172.42.20.0 | 0.0.0.255 | permit | 1 |
MaceWindu
| Interface | IP | Type | Description |
|---|---|---|---|
| FA 0/1 | 192.168.254.14 /30 | Routed | Link to Anakin |
| FA 0/2 | 192.168.254.18 /30 | Routed | Link to Amidala |
| FA 0/24 | Switched | Link to Cisco Call Manager | |
| Loopback 0 | 192.168.45.33 /30 | Routed | Management interface |
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 192.168.22.73 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.12 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.16 | 0.0.0.3 | EIGRP 1337 |
HanSolo
| Interface | IP | Type | Description |
|---|---|---|---|
| FA 0/0 | 192.168.254.22 /30 | Routed | Link to Amidala |
| Loopback 0 | 192.168.45.53 /30 | Routed | Management interface |
Palpatine
| Interface | IP | Type | Description |
|---|---|---|---|
| FA 0/0 | 172.42.10.1 /24 | Routed | Gateway for wireless clients |
| FA 0/1 | 192.168.254.26 /30 | Routed | Link to Anakin |
| Loopback 0 | 192.168.45.17 /30 | Routed | Management interface |
| Wlan-Controller | 192.168.45.21 /30 | Routed | Management interface |
| AP-Management | 192.168.45.25 /30 | Routed | AP Management interface |
| Network | Wilcard/Netmask | Protocol |
|---|---|---|
| 172.42.10.0 | 0.0.0.3 | EIGRP 1337 |
| 192.168.254.24 | 0.0.0.3 | EIGRP 1337 |
VLAN Topology
In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000.
Predefined VLAN assocations
While only a few of these VLANs are actually in use, the VLAN ranges will allow our network to scale almost indefinitely.
- 1: Not in use; clear from all trunks. This is a Cisco best practice implementation (not required).
- 2-99: Management VLAN on all switches.
- 100–399: Access layer devices.
- 400–599: Data center devices.
- 600–699: Internet and partner connections.
- 700–899: Reserved for future use.
- 900–999: Point-to-point links between switches (Layer 3).
VLANs currently in use
- VLAN 45: Management VLAN used on all switches in the network.
- VLAN 100: Skywalker Enterprises.
- VLAN 400: Wireless.
- VLAN 401: Wide-Area Network.
- VLAN 402: ISDN/PSTN.
Configuration of VLAN Layer-2 Security
vlan access-map NAME 10 match ip address <telnet access list> action drop vlan access-map 20 match ip address <ssh access list> action forward switchport mode access (default) N/A (default) no cdp enable udld port disable interface vlan <management vlan> switchport trunk allowed vlan remove 1
Configuration of Interface Security
switchport mode access (default)
N/A (default)
no cdp enable
udld port disable
spanning-tree portfast
spanning-tree portfast bpduguard default
spanning-tree guard root
vtp mode transparent
no mls qos trust {default}
shutdown