관리 메뉴
kjh00n의 기록저장소
PBR 실습 본문
내가 진행한 풀이
PC1
ip 10.10.10.1 255.255.255.0 10.10.10.254
PC2
ip 20.20.20.1 255.255.255.0 20.20.20.254
PC3
ip 30.30.30.1 255.255.255.0 30.30.30.254
PC4
ip 40.40.40.1 255.255.255.0 40.40.40.254
PC5
ip 50.50.50.1 255.255.255.0 50.50.50.254
PC6
ip 60.60.60.1 255.255.255.0 60.60.60.254
PC7
ip 70.70.70.1 255.255.255.0 70.70.70.254
PC8
ip 80.80.80.1 255.255.255.0 80.80.80.254
R1-------------------
conf t
int fa 0/0
ip addr 10.10.10.254 255.255.255.0
no shu
int fa 0/1
ip addr 20.20.20.254 255.255.255.0
no shu
int fa 1/0
ip addr 1.1.1.1 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 1.1.1.2
[Tunneling]
int tunnel 13
ip addr 192.168.10.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 3.3.3.3
tunnel mode gre ip
ip route 70.70.70.0 255.255.255.0 192.168.10.3
ip route 80.80.80.0 255.255.255.0 192.168.10.3
int tunnel 14
ip addr 192.168.20.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 2.2.2.4
tunnel mode gre ip
ip route 30.30.30.0 255.255.255.0 192.168.20.4
ip route 40.40.40.0 255.255.255.0 192.168.20.4
int tunnel 15
ip addr 192.168.10.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 4.4.4.5
tunnel mode gre ip
ip route 50.50.50.0 255.255.255.0 192.168.20.4
ip route 60.60.60.0 255.255.255.0 192.168.20.4
[PBR]
access-list 100 permit ip host 10.10.10.1 host 80.80.80.1
route-map TEST1 permit
match ip address 100
set ip next-hop 192.168.10.3
int fa 0/0
ip policy route-map TEST1
R2------------------
conf t
int fa 0/0
ip addr 1.1.1.2 255.255.255.0
no shu
int fa 0/1
ip addr 3.3.3.2 255.255.255.0
no shu
int fa 1/0
ip addr 2.2.2.2 255.255.255.0
no shu
int fa 2/0
ip addr 4.4.4.2 255.255.255.0
no shu
R3-----------------
conf t
int fa 0/0
ip addr 80.80.80.254 255.255.255.0
no shu
int fa 0/1
ip addr 70.70.70.254 255.255.255.0
no shu
int fa 1/0
ip addr 3.3.3.3 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 3.3.3.2
[Tunneling]
int tunnel 31
ip addr 192.168.10.3 255.255.255.0
tunnel source 3.3.3.3
tunnel destination 1.1.1.1
tunnel mode gre ip
ip route 10.10.10.0 255.255.255.0 192.168.10.1
ip route 20.20.20.0 255.255.255.0 192.168.10.1
int tunnel 35
ip addr 192.168.30.3 255.255.255.0
tunnel source 3.3.3.3
tunnel destination 4.4.4.5
tunnel mode gre ip
ip route 50.50.50.0 255.255.255.0 192.168.30.5
ip route 60.60.60.0 255.255.255.0 192.168.30.5
int tunnel 34
ip addr 192.168.10.3 255.255.255
tunnel source 3.3.3.3
tunnel destination 2.2.2.4
tunnel mode gre ip
ip route 30.30.30.0 255.255.255.0 192.168.10.1
ip route 40.40.40.0 255.255.255.0 192.168.10.1
[PBR]
access-list 100 permit ip host 80.80.80.1 host 10.10.10.1
route-map TEST1 permit
match ip address 100
set ip next-hop 192.168.10.1
int fa 0/0
ip policy route-map TEST1
R4----------------
conf t
int fa 0/0
ip addr 30.30.30.254 255.255.255.0
no shu
int fa 0/1
ip addr 40.40.40.254 255.255.255.0
no shu
int fa 1/0
ip addr 2.2.2.4 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 2.2.2.2
[Tunneling]
int tunnel 41
ip addr 192.168.20.4 255.255.255.0
tunnel source 2.2.2.4
tunnel destination 1.1.1.1
tunnel mode gre ip
ip route 10.10.10.0 255.255.255.0 192.168.20.1
ip route 20.20.20.0 255.255.255.0 192.168.20.1
int tunnel 45
ip addr 192.168.40.4 255.255.255.0
tunnel source 2.2.2.4
tunnel destination 4.4.4.5
tunnel mode gre ip
ip route 50.50.50.0 255.255.255.0 192.168.40.5
ip route 60.60.60.0 255.255.255.0 192.168.40.5
int tunnel 43
ip addr 192.168.20.4 255.255.255.0
tunnel source 2.2.2.4
tunnel destination 3.3.3.3
tunnel mode gre ip
ip route 70.70.70.0 255.255.255.0 192.168.20.1
ip route 80.80.80.0 255.255.255.0 192.168.20.1
R5-------------------
conf t
int fa 0/0
ip addr 60.60.60.254 255.255.255.0
no shu
int fa 0/1
ip addr 50.50.50.254 255.255.255.0
no shu
int fa 2/0
ip addr 4.4.4.5 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 4.4.4.2
[Tunneling]
int tunnel 53
ip addr 192.168.30.5 255.255.255.0
tunnel source 4.4.4.5
tunnel destination 3.3.3.3
tunnel mode gre ip
ip route 70.70.70.0 255.255.255.0 192.168.30.3
ip route 80.80.80.0 255.255.255.0 192.168.30.3
int tunnel 54
ip addr 192.168.40.5 255.255.255.0
tunnel source 4.4.4.5
tunnel destination 2.2.2.4
tunnel mode gre ip
ip route 30.30.30.0 255.255.255.0 192.168.40.4
ip route 40.40.40.0 255.255.255.0 192.168.40.4
int tunnel 51
ip addr 192.168.40.5 255.255.255.0
tunnel source 4.4.4.5
tunnel destination 1.1.1.1
tunnel mode gre ip
ip route 10.10.10.0 255.255.255.0 192.168.40.4
ip route 20.20.20.0 255.255.255.0 192.168.40.4
------------------------------------------------------------------
이후에 default routing 빼고 Tunneling routing은 모두 제거했음
내가 한 코드에서는
20.0 <-> 80.0 / 40.0 <-> 50.0 / 60.0 <-> 70.0
↑ 얘네가 터널링 통신 가능하도록 설정은 하지 않고
10.0 <-> 80.0 만 터널링 통신 가능하도록 설정을 해놓은거임강사님 풀이
PC1
ip 10.10.10.1 255.255.255.0 10.10.10.254
PC2
ip 20.20.20.1 255.255.255.0 20.20.20.254
PC3
ip 30.30.30.1 255.255.255.0 30.30.30.254
PC4
ip 40.40.40.1 255.255.255.0 40.40.40.254
PC5
ip 50.50.50.1 255.255.255.0 50.50.50.254
PC6
ip 60.60.60.1 255.255.255.0 60.60.60.254
PC7
ip 70.70.70.1 255.255.255.0 70.70.70.254
PC8
ip 80.80.80.1 255.255.255.0 80.80.80.254
R1
conf t
int fa 0/0
ip addr 10.10.10.254 255.255.255.0
no shu
int fa 0/1
ip addr 20.20.20.254 255.255.255.0
no shu
int fa 1/0
ip addr 1.1.1.1 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 1.1.1.3
int tunnel 1
ip addr 192.168.10.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 3.3.3.4
tunnel mode gre ip
int tunnel 2
ip addr 192.168.20.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
tunnel mode gre ip
access-list 100 permit ip 10.10.10.0 0.0.0.255 80.80.80.0 0.0.0.255
route-map tun1 permit
match ip address 100
set ip next-hop 192.168.10.4
int fa 0/0
ip policy route-map tun1
access-list 101 permit ip 20.20.20.0 0.0.0.255 30.30.30.0 0.0.0.255
route-map tun2 permit
match ip address 101
set ip next-hop 192.168.20.2
int fa 0/1
ip policy route-map tun2
R4
conf t
int fa 0/0
ip addr 30.30.30.254 255.255.255.0
no shu
int fa 0/1
ip addr 40.40.40.254 255.255.255.0
no shu
int fa 1/0
ip addr 2.2.2.2 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 2.2.2.3
int tunnel 2
ip addr 192.168.20.2 255.255.255.0
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
tunnel mode gre ip
int tunnel 3
ip addr 192.168.40.2 255.255.255.0
tunnel source 2.2.2.2
tunnel destination 4.4.4.5
tunnel mode gre ip
access-list 100 permit ip 30.30.30.0 0.0.0.255 20.20.20.0 0.0.0.255
route-map tun2 permit
match ip address 100
set ip next-hop 192.168.20.1
int fa 0/0
ip policy route-map tun2
access-list 101 permit ip 40.40.40.0 0.0.0.255 50.50.50.0 0.0.0.255
route-map tun3 permit
match ip address 101
set ip next-hop 192.168.40.5
int fa 0/1
ip policy route-map tun3
R2
conf t
int fa 0/0
ip addr 1.1.1.3 255.255.255.0
no shu
int fa 1/0
ip addr 2.2.2.3 255.255.255.0
no shu
int fa 0/1
ip addr 3.3.3.3 255.255.255.0
no shu
int fa 2/0
ip addr 4.4.4.3 255.255.255.0
no shu
R3
conf t
int fa 0/0
ip addr 80.80.80.254 255.255.255.0
no shu
int fa 0/1
ip addr 70.70.70.254 255.255.255.0
no shu
int fa 1/0
ip addr 3.3.3.4 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 3.3.3.3
int tunnel 4
ip addr 192.168.30.4 255.255.255.0
tunnel source 3.3.3.4
tunnel destination 4.4.4.5
tunnel mode gre ip
int tunnel 1
ip addr 192.168.10.4 255.255.255.0
tunnel source 3.3.3.4
tunnel destination 1.1.1.1
tunnel mode gre ip
access-list 100 permit ip 70.70.70.0 0.0.0.255 60.60.60.0 0.0.0.255
route-map tun4 permit
match ip address 100
set ip next-hop 192.168.30.5
int fa 0/1
ip policy route-map tun4
access-list 101 permit ip 80.80.80.0 0.0.0.255 10.10.10.0 0.0.0.255
route-map tun1 permit
match ip address 101
set ip next-hop 192.168.10.1
int fa 0/0
ip policy route-map tun1
R5
conf t
int fa 0/0
ip addr 60.60.60.254 255.255.255.0
no shu
int fa 0/1
ip addr 50.50.50.254 255.255.255.0
no shu
int fa 1/0
ip addr 4.4.4.5 255.255.255.0
no shu
ip route 0.0.0.0 0.0.0.0 4.4.4.3
int tunnel 3
ip addr 192.168.40.5 255.255.255.0
tunnel source 4.4.4.5
tunnel destination 2.2.2.2
tunnel mode gre ip
int tunnel 4
ip addr 192.168.30.5 255.255.255.0
tunnel source 4.4.4.5
tunnel destination 3.3.3.4
tunnel mode gre ip
access-list 100 permit ip 50.50.50.0 0.0.0.255 40.40.40.0 0.0.0.255
route-map tun3 permit
match ip address 100
set ip next-hop 192.168.40.2
int fa 0/1
ip policy route-map tun3
access-list 101 permit ip 60.60.60.0 0.0.0.255 70.70.70.0 0.0.0.255
route-map tun4 permit
match ip address 101
set ip next-hop 192.168.30.4
int fa 0/0
ip policy route-map tun4'보안 장비 운용' 카테고리의 다른 글
| VPN (0) | 2025.01.23 |
|---|---|
| PBR 실습2 (0) | 2025.01.23 |
| PBR (Policy Based Routin) (0) | 2025.01.22 |
| Tunneling 실습2 (0) | 2025.01.22 |
| Tunneling 실습 (0) | 2025.01.21 |
'보안 장비 운용' Related Articles
more
