In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
OSPF and ACL are widely used in enterprises. This paper focuses on the examples of ospf and acl. The enterprise topology diagram of this example is as follows:
Project case requirements:
1. The intranet runs the OSPF routing protocol, and the area planning is shown in the figure.
two。 The areas of finance and R & D are not affected by link instability in other regions.
3.R1, R2, R3 are only allowed to be managed by IT login
4.YF and CW cannot communicate with each other, but both can communicate with IT.
5.IT and YF can access Client1, but CW cannot access Client1
6.YF and CW can only access Server1's WWW service
Project planning:
Analysis:
CW
1.YF and CW cannot communicate with each other, but both can communicate with IT.
2.CW cannot access Client1
3.CW can only access Server1's WWW service
YF
1.YF and CW cannot communicate with each other, but both can communicate with IT.
3.YF can only access Server1's WWW service
IT
1.R1, R2, R3 are only allowed to be managed by IT login
2.IT can access Client1
Project implementation: phase 1: configure the basic network
R1
Sysname R1
Interface GigabitEthernet0/0/0
Ip address 1.1.1.254 255.255.255.0
Interface GigabitEthernet0/0/1
Ip address 192.168.12.1 255.255.255.0
Interface GigabitEthernet0/0/2
Ip address 192.168.13.1 255.255.255.0
Quit
R2
Sysname R2
Interface GigabitEthernet0/0/0
Ip address 192.168.12.2 255.255.255.0
Interface GigabitEthernet0/0/1
Ip address 192.168.10.254 255.255.255.0
Interface GigabitEthernet0/0/2
Ip address 192.168.20.254 255.255.255.0
Quit
R3
Sysname R3
Interface GigabitEthernet0/0/0
Ip address 192.168.13.2 255.255.255.0
Interface GigabitEthernet0/0/1
Ip address 192.168.30.254 255.255.255.0
Interface GigabitEthernet0/0/2
Ip address 192.168.40.254 255.255.255.0
Quit
Phase 2: configure OSPF
R1
Ospf 1 router-id 1.1.1.1
Area 0.0.0.0
Network 192.168.12.0 0.0.0.255
Network 192.168.13.0 0.0.0.255
Area 0.0.0.1
Network 1.1.1.0 0.0.0.255
Quit
R2
Ospf 1 router-id 2.2.2.2
Area 0.0.0.0
Network 192.168.12.0 0.0.0.255
Area 0.0.0.2
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Stub no-summary
Quit
R3
Ospf 1 router-id 3.3.3.3
Area 0.0.0.0
Network 192.168.13.0 0.0.0.255
Area 0.0.0.3
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Stub no-summary
Quit
IT
Sysname IT
Interface GigabitEthernet0/0/0
Ip address 192.168.10.1 255.255.255.0
Ospf 1
Area 0.0.0.2
Network 192.168.10.0 0.0.0.255
Stub
Phase 3: configure ACL, to meet the needs of the enterprise
Finance Department ACL Settings
R3
Acl number 2000
Rule 10 permit source 192.168.10.0 0.0.0.255
User-interface vty 0 4
Acl 2000 inbound
Authentication-mode password
one hundred and twenty three
Acl name cw
Rule 10 deny ip source 192.168.30.0 0.0.0.255 destination 1.1.1.0 0.0.0.255
Rule 20 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
Rule 30 permit tcp source 192.168.30.0 0.0.0.255 destination 192.168.40.1 0 destination-port eq www
Rule 40 deny ip source 192.168.30.0 0.0.0.255 destination 192.168.40.1 0
Interface GigabitEthernet0/0/1
Traffic-filter inbound acl name cw
ACL setting of R & D Department
R2
Acl number 2000
Rule 10 permit source 192.168.10.0 0.0.0.255
User-interface vty 0 4
Acl 2000 inbound
Authentication-mode password
one hundred and twenty three
Acl name yf
Rule 10 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.30.0 0.0.0.255
Rule 20 permit tcp source 192.168.20.0 0.0.0.255 destination 192.168.40.1 0 destination-port eq www
Rule 30 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.40.0 0.0.0.255
Interface GigabitEthernet0/0/2
Traffic-filter inbound acl 3name yf
IT ACL setting
R1
Acl number 2000
Rule 10 permit source 192.168.10.0 0.0.0.255
User-interface vty 0 4
Acl 2000 inbound
Authentication-mode password
one hundred and twenty three
Acl number 3000
Rule 10 permit tcp source 1.1.1.0 0.0.0.255 destination 192.168.40.0 0.0.0.255 destination-port eq www
Rule 20 deny ip source 1.1.1.0 0.0.0.255 destination 192.168.40.1 0
Interface GigabitEthernet0/0/1
Traffic-filter inbound acl 3000
Project verification: verification one: for verification on the CW network, the following financial personnel can access the web service of the server1 server
But cannot ping the server1 server
Verification 2: verify on the YF network, as follows
Develop web services that can access server1
But cannot ping the server1 server
Verification 3: R1, R2, R3 are only allowed to be managed by IT login, as follows
IT can log in to R2:
R1 cannot log in to R2:
So the project requires verification to be successful. Project summary: 1. When configuring ospf, the project must pay attention to the integrity of the configuration of special areas; 2. When configuring acl, the primary serial number and source and destination ip addresses should be configured correctly.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
