Difference between revisions of "Galaxy Network - Network Layout"
From Teknologisk videncenter
(→IP Topology) |
(→IP Topology) |
||
Line 287: | Line 287: | ||
====Access List==== | ====Access List==== | ||
---- | ---- | ||
− | Der skal sættes access list op så kun vlan | + | Der skal sættes access list op så vlan 10 kun kan komme ud på netted |
+ | <br /> | ||
+ | <br /> | ||
+ | ===Luke=== | ||
+ | ---- | ||
+ | ====Interface==== | ||
+ | ---- | ||
+ | *'''Interface FA 0/1''' | ||
+ | **'''IP:''' None | ||
+ | **'''Type:''' Etherchannel | ||
+ | **'''Description:''' Trunked to C3PO (Port-group 1) | ||
+ | *'''Interface FA 0/2''' | ||
+ | **'''IP:''' None | ||
+ | **'''Type:''' Etherchannel | ||
+ | **'''Description:''' Trunked to C3PO (Port-group 1) | ||
+ | *'''Interface FA 0/3''' | ||
+ | **'''IP:''' 192.168.45.6 /30 | ||
+ | **'''Type:''' Routed | ||
+ | **'''Description:''' Management interface | ||
+ | *'''Interface FA 0/4''' | ||
+ | **'''IP:''' 192.168.45.38 /30 | ||
+ | **'''Type:''' Routed | ||
+ | **'''Description:''' Management interface | ||
+ | *'''Interface FA 0/23''' | ||
+ | **'''IP:''' None | ||
+ | **'''Type:''' Etherchannel | ||
+ | **'''Description:''' Trunked to Leia (Port-group 1) | ||
+ | *'''Interface FA 0/24''' | ||
+ | **'''IP:''' None | ||
+ | **'''Type:''' Etherchannel | ||
+ | **'''Description:''' Trunked to Leia (Port-group 1) | ||
+ | <br /> | ||
+ | ====Routing==== | ||
+ | ---- | ||
+ | *'''Protocrol:''' EIGRP | ||
+ | **'''AS:''' 1337 | ||
+ | **'''Networks''' | ||
+ | ***192.168.254.4 0.0.0.3 | ||
+ | ***192.168.254.36 0.0.0.3 | ||
+ | ***192.168.200.0 0.0.0.255 | ||
+ | ***172.42.20.0 0.0.0.255 | ||
+ | <br /> | ||
+ | ====Access List==== | ||
+ | ---- | ||
+ | Der skal sættes access list op så vlan 20 kun kan komme ud på netted | ||
<br /> | <br /> | ||
<br /> | <br /> |
Revision as of 14:31, 25 May 2009
Contents
IP Topology
Amidala
Interface
- Interface FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked link to Anakin (Port-group 1)
- Interface FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked link to Anakin (Port-group 1)
- Interface FA 0/3
- IP: None
- Type: Switched
- Description: Trunked link to Leia
- Interface FA 0/4
- IP: None
- Type: Switched
- Description: Trunked link to Luck
- Interface FA 0/21
- IP: 172.16.10.6 /30
- Type: Routed
- Description: Link to R7 (Cloud)
- Interface FA 0/22
- IP: 192.168.254.21 /30
- Type: Routed
- Description: Link to HanSolo
- Interface FA 0/23
- IP: None
- Type: Switched
- Description: Link to MaceWindu
- Interface FA 0/24
- IP: 192.168.254.29 /30
- Type: Routed
- Description: Link to QuiGon
- Interface Loopback 0
- IP: 192.168.45.1 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.45.0 0.0.0.255
- 192.168.254.8 0.0.0.3
- 192.168.254.16 0.0.0.3
- 192.168.254.20 0.0.0.3
- 192.168.254.28 0.0.0.3
- 192.168.254.36 0.0.0.3
- 192.168.254.40 0.0.0.3
Anakin
Interface
- Interface FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to Amidala (Port-group 1)
- Interface FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunk link to Amidala (Port-group 1)
- Interface FA 0/2
- IP: 192.168.254.5 /30
- Type: Routed
- Description: Link to Luke
- Interface FA 0/4
- IP: 192.168.254.1 /30
- Type: Routed
- Description: Link to Leia
- Interface FA 0/21
- IP: 172.16.10.2 /30
- Type: Routed
- Description: Link to R4 (Cloud)
- Interface FA 0/22
- IP: 192.168.254.25 /30
- Type: Routed
- Description: Link to Palpatine
- Interface FA 0/23
- IP: 192.168.254.13 /30
- Type: Routed
- Description: Link to MaceWindu
- Interface FA 0/24
- IP: 192.168.254.33 /30
- Type: Routed
- Description: Link to ObiWan
- Interface Loopback 0
- IP: 192.168.45.5 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.254.0 0.0.0.3
- 192.168.254.4 0.0.0.3
- 192.168.254.12 0.0.0.3
- 192.168.254.24 0.0.0.3
- 192.168.254.32 0.0.0.3
QuiGon
Interface
- Interface S 0/3/0
- IP: 192.168.50.1 /30
- Type: Routed
- Description: Link to ObiWan DTC (128.000)
- Interface S 0/3/1
- IP: 192.168.50.5 /30
- Type: Routed
- Description: Link to ObiWan DTE
- Interface FA 0/0
- IP: DHCP
- Type: Routed
- Description: Link to Mercantec (WAN NAT w/ ACL 1)
- Interface FA 0/1
- IP: 192.168.254.30 /30
- Type: Routed
- Description: Link to Amidala
- Interface Loopback 0
- IP: 192.168.45.9 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.50.0
- 192.168.254.28
- 192.168.254.40
Access List
- Access List
- Number: 1
- IP: 172.42.10.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- IP: 172.42.20.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- Number: 1
ObiWan
Interface
- Interface S 0/1/0
- IP: 192.168.50.6 /30
- Type: Routed
- Description: Link to QuiGon DCE
- Interface S 0/1/1
- IP: 192.168.50.2 /30
- Type: Routed
- Description: Link to QuiGon DTC (128.000)
- Interface FA 0/0
- IP: DHCP
- Type: Routed
- Description: Link to Mercantec (WAN NAT w/ ACL 1)
- Interface FA 0/1
- IP: 192.168.254.34 /30
- Type: Routed
- Description: Link to Anakin
- Interface Loopback 0
- IP: 192.168.45.13 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.50.0 0.0.0.3
- 192.168.254.32 0.0.0.3
Access List
- Access List
- Number: 1
- IP: 172.42.10.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- IP: 172.42.20.0
- Wilcrad/Netmask: 0.0.0.255
- Type:permit
- Number: 1
MaceWindu
Interface
- Interface FA 0/1
- IP: 192.168.254.14 /30
- Type: Routed
- Description: Link to Anakin
- Interface FA 0/2
- IP: 192.168.254.18 /30
- Type: Routed
- Description: Link to Amidala
- Interface FA 0/24
- IP: None
- Type: Switched
- Description: Link to Cisco Call Manager
- Interface Loopback 0
- IP: 192.168.45.33 /30
- Type: Routed
- Description: Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.22.73 0.0.0.3
- 192.168.254.12 0.0.0.3
- 192.168.254.16 0.0.0.3
Access List
Der skal sættes access list op så kun vlan 40 kan komme ind og vlan 30 kun kan komme i kontakt med vlan 40
HanSolo
Interface
- Interface FA 0/0
- IP: 192.168.254.22 /30
- Type: Routed
- Description: Link to Amidala
- Interface Loopback 0
- IP: 192.168.45.53 /30
- Type: Routed
- Description: Management interface
Access List
Der skal sættes access list op så kun vlan 30 kan komme ind og vlan 40 kun kan komme i kontakt med vlan 30
Palpatine
Interface
- Interface FA 0/0
- IP: 172.42.10.1 /24
- Type: Routed
- Description: Gateway for wireless clients
- Interface FA 0/1
- IP: 192.168.254.26 /30
- Type: Routed
- Description: Link to Anakin
- Interface Loopback 0
- IP: 192.168.45.17 /30
- Type: Routed
- Description: Management interface
- Interface Wlan-Controller
- IP: 192.168.45.21 /30
- Type: Routed
- Description: Management interface
- Interface AP-Management
- IP: 192.168.45.25 /30
- Type: Routed
- Description: AP Management interface
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 172.42.10.0 0.0.0.3
- 192.168.254.24 0.0.0.3
Access List
Der skal sættes access list op så vlan 10 kun kan komme ud på netted
Luke
Interface
- Interface FA 0/1
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
- Interface FA 0/2
- IP: None
- Type: Etherchannel
- Description: Trunked to C3PO (Port-group 1)
- Interface FA 0/3
- IP: 192.168.45.6 /30
- Type: Routed
- Description: Management interface
- Interface FA 0/4
- IP: 192.168.45.38 /30
- Type: Routed
- Description: Management interface
- Interface FA 0/23
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 1)
- Interface FA 0/24
- IP: None
- Type: Etherchannel
- Description: Trunked to Leia (Port-group 1)
Routing
- Protocrol: EIGRP
- AS: 1337
- Networks
- 192.168.254.4 0.0.0.3
- 192.168.254.36 0.0.0.3
- 192.168.200.0 0.0.0.255
- 172.42.20.0 0.0.0.255
Access List
Der skal sættes access list op så vlan 20 kun kan komme ud på netted
VLAN Topology
In order to allow our network to be scalable, we have allocated VLAN ranges to specific areas. Please note that even though we only use a range of 1000 VLANs, newer switches allow for more than 4000.
Predefined VLAN assocations
While only a few of these VLANs are actually in use, the VLAN ranges will allow our network to scale almost indefinitely.
- 1: Not in use; clear from all trunks. This is a Cisco best practice implementation (not required).
- 2-99: Management VLAN on all switches.
- 100–399: Access layer devices.
- 400–599: Data center devices.
- 600–699: Internet and partner connections.
- 700–899: Reserved for future use.
- 900–999: Point-to-point links between switches (Layer 3).
VLANs currently in use
- VLAN 45: Management VLAN used on all switches in the network.
- VLAN 100: Skywalker Enterprises.
- VLAN 400: Wireless.
- VLAN 401: Wide-Area Network.
- VLAN 402: ISDN/PSTN.
Configuration of VLAN Layer-2 Security
vlan access-map NAME 10 match ip address <telnet access list> action drop vlan access-map 20 match ip address <ssh access list> action forward switchport mode access (default) N/A (default) no cdp enable udld port disable interface vlan <management vlan> switchport trunk allowed vlan remove 1
Configuration of Interface Security
switchport mode access (default) N/A (default) no cdp enable udld port disable spanning-tree portfast spanning-tree portfast bpduguard default spanning-tree guard root vtp mode transparent no mls qos trust {default} shutdown