For the Horde!!

검색어 : Study (41)

  1. 2015. 01. 26. ZFW 2015.01.26
  2. 2015. 01. 13. BGP 2015.01.13
  3. 2014. 12. 09. STP 루트 지정 2014.12.09
  4. IPv6 frame-relay 2014.12.03

2015. 01. 26. ZFW

2015. 1. 26. 09:53    |    Study/Net

ZFW ( Zone-based policy FireWall )

 - 라우터의 각 인터페이스에 존을 부여하여 존 사이의 정책을 적용하는 것. 


존 사용순서

 - 존을 생성하고, 각 인터페이스에 지정

 - 존 페어 생성

 - CPL 보안 정책 

   ※ CPL : Access list => Class-map => Policy-map => Zone-pair 

 - CPL보안 정책을 존 페어에 적용


01. #zone security "name_in"

     #zone security "name_out"

02. int# zone-member security "name_in&out"

03. #zone-pair security "zp_name" source "name_in" destination "name_out"

04. #class-map type inspect match-any "class_name"

05. class# match access-group "acl_name"

06. #policy-map type inspect match-any "policy_name"

07. policy# class security inspect "class_name"

08. policy# inspect

09. #zone-pair security "zp_name" source "name_in" destination "name_out"

10. zone-pair# zone-pair security inspect "policy_name"



저작자표시 비영리 변경금지

'Study > Net' 카테고리의 다른 글

NAT - Par  (0) 2015.01.27
Cisco Tftp  (0) 2015.01.27
2014. 11. 25. Frame-relay  (0) 2014.11.25
2014. 11. 24. WAN 이론  (0) 2014.11.24
2014. 11. 19. NAT/PAT 이론  (0) 2014.11.19
   

2015. 01. 13. BGP

2015. 1. 13. 18:07    |    Study/Cisco







저작자표시 비영리 변경금지

'Study > Cisco' 카테고리의 다른 글

2014. 12. 09. STP 루트 지정  (0) 2014.12.09
IPv6 frame-relay  (0) 2014.12.03
2014. 11. 27. Frame-relay [PPP, Multi]  (0) 2014.11.27
2014. 11. 25. Frame-relay 1 : 多  (0) 2014.11.26
2014. 11. 25. PPP  (0) 2014.11.25
   

2014. 12. 09. STP 루트 지정

2014. 12. 9. 15:25    |    Study/Cisco





 Sw1

 spanning-tree vlan 10 root primary diameter 4

 spanning-tree vlan 100 root primary diameter 4


 Sw2

 spanning-tree vlan 10 root secondary diameter 4


 Sw3 

 spanning-tree vlan 100 root secondary diameter 4



Sw4

VLAN10

  Spanning tree enabled protocol ieee

  Root ID    Priority    8192

             Address     cc00.09e8.0001

             Cost        38

             Port        42 (FastEthernet1/1)

             Hello Time   2 sec  Max Age 14 sec  Forward Delay 10 sec


  Bridge ID  Priority    32768

             Address     cc03.09e8.0001

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time 300


Interface                                   Designated

Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID

-------------------- ------- ---- ----- --- ----- -------------------- ------

FastEthernet1/1      128.42   128    19 FWD    19 16384 cc01.09e8.0001 128.43

FastEthernet1/2      128.43   128    19 BLK    19 32768 cc02.09e8.0001 128.43

FastEthernet1/3      128.44   128    19 FWD    38 32768 cc03.09e8.0001 128.44



VLAN100

  Spanning tree enabled protocol ieee

  Root ID    Priority    8192

             Address     cc00.09e8.0002

             Cost        38

             Port        43 (FastEthernet1/2)

             Hello Time   2 sec  Max Age 14 sec  Forward Delay 10 sec


  Bridge ID  Priority    32768

             Address     cc03.09e8.0002

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time 300


Interface                                   Designated

Name                 Port ID Prio Cost  Sts Cost  Bridge ID            Port ID

-------------------- ------- ---- ----- --- ----- -------------------- ------

FastEthernet1/1      128.42   128    19 BLK    19 32768 cc01.09e8.0002 128.43

FastEthernet1/2      128.43   128    19 FWD    19 16384 cc02.09e8.0002 128.43

FastEthernet1/4      128.45   128    19 FWD    38 32768 cc03.09e8.0002 128.45


저작자표시 비영리 변경금지

'Study > Cisco' 카테고리의 다른 글

2015. 01. 13. BGP  (0) 2015.01.13
IPv6 frame-relay  (0) 2014.12.03
2014. 11. 27. Frame-relay [PPP, Multi]  (0) 2014.11.27
2014. 11. 25. Frame-relay 1 : 多  (0) 2014.11.26
2014. 11. 25. PPP  (0) 2014.11.25
   

IPv6 frame-relay

2014. 12. 3. 12:34    |    Study/Cisco

 

 R1

!
ipv6 unicast-routing

!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2000:1:1:1::1/64
 ipv6 enable
 ipv6 rip A enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 10.1.12.1 255.255.255.252
 encapsulation frame-relay
 ipv6 address 2000:1:1:12::1/64
 ipv6 enable
 ipv6 rip A enable
 serial restart-delay 0
 frame-relay map ipv6 FE80::CE05:FFF:FE10:0 102 broadcast
 frame-relay map ipv6 2000:1:1:12::2 102 broadcast
 frame-relay map ip 10.1.12.2 102 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type ansi
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
ipv6 router rip A
!

R1#sh ipv6 route

IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
C   2000:1:1:1::/64 [0/0]
     via ::, FastEthernet0/0
L   2000:1:1:1::1/128 [0/0]
     via ::, FastEthernet0/0
R   2000:1:1:2::/64 [120/2]
     via FE80::CE05:FFF:FE10:0, Serial1/0
C   2000:1:1:12::/64 [0/0]
     via ::, Serial1/0
L   2000:1:1:12::1/128 [0/0]
     via ::, Serial1/0
L   FF00::/8 [0/0]
     via ::, Null0


R1#sh ipv6 interface bri
FastEthernet0/0            [up/up]
    FE80::CE04:FFF:FE10:0
    2000:1:1:1::1
FastEthernet0/1            [up/up]
Serial1/0                  [up/up]
    FE80::CE04:FFF:FE10:0
    2000:1:1:12::1

 

저작자표시 비영리 변경금지

'Study > Cisco' 카테고리의 다른 글

2015. 01. 13. BGP  (0) 2015.01.13
2014. 12. 09. STP 루트 지정  (0) 2014.12.09
2014. 11. 27. Frame-relay [PPP, Multi]  (0) 2014.11.27
2014. 11. 25. Frame-relay 1 : 多  (0) 2014.11.26
2014. 11. 25. PPP  (0) 2014.11.25
   
1 2 3 4 5 ··· 11

티스토리툴바