EuroSkills 2008 Võrk: Difference between revisions
From ICO wiki
Jump to navigationJump to search
No edit summary |
|||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Võrgu kirjeldus= | |||
On olemas neli VLAN-i, iga organisatsiooni üksuse kohta üks(iga kohta tuleks teha eraldi DHCP pool): | On olemas neli VLAN-i, iga organisatsiooni üksuse kohta üks(iga kohta tuleks teha eraldi DHCP pool): | ||
'''VLAN 10 - ICT System | '''VLAN 10 - ICT System management''' | ||
Network:192.168.5.0 | Network:192.168.5.0 | ||
Line 12: | Line 10: | ||
Network mask: 255.255.255.192 | Network mask: 255.255.255.192 | ||
'''VLAN 20 - Company | '''VLAN 20 - Company Management''' | ||
Network:192.168.5.64 | Network:192.168.5.64 | ||
Line 36: | Line 34: | ||
Network mask: 255.255.255.192 | Network mask: 255.255.255.192 | ||
==ACL Ruuteril== | |||
<pre> | |||
access-list 100 permit udp any any eq bootpc | |||
ip access-list extended VLAN20 | |||
permit ip host 192.168.5.6 192.168.5.64 0.0.0.63 | |||
permit ip host 192.168.5.2 192.168.5.64 0.0.0.63 | |||
permit tcp any 192.168.5.64 0.0.0.63 established | |||
permit icmp any 192.168.5.64 0.0.0.63 echo-reply | |||
ip access-list extended VLAN10 | |||
permit ip any host 192.168.5.6 | |||
permit ip 192.168.5.0 0.0.0.255 host 192.168.5.2 | |||
permit tcp any 192.168.5.0 0.0.0.63 established | |||
permit icmp any 192.168.5.0 0.0.0.63 echo-reply | |||
ip access-list extended VLAN30out | |||
permit ip host 192.168.5.6 192.168.5.128 0.0.0.63 | |||
permit ip host 192.168.5.2 192.168.5.128 0.0.0.63 | |||
permit tcp any 192.168.5.128 0.0.0.63 established | |||
permit icmp any 192.168.5.128 0.0.0.63 echo-reply | |||
ip access-list extended VLAN30in | |||
permit ip 192.168.5.128 0.0.0.63 host 192.168.5.6 | |||
permit ip 192.168.5.128 0.0.0.63 host 192.168.5.2 | |||
permit tcp 192.168.5.128 0.0.0.63 any eq www | |||
permit tcp 192.168.5.128 0.0.0.63 any eq 8080 | |||
permit tcp 192.168.5.128 0.0.0.63 any eq 443 | |||
permit icmp 192.168.5.128 0.0.0.63 any echo | |||
ip access-list extended VLAN40out | |||
permit ip host 192.168.5.6 192.168.5.128 0.0.0.63 | |||
permit ip host 192.168.5.2 192.168.5.192 0.0.0.63 | |||
permit ip host 192.168.5.6 192.168.5.192 0.0.0.63 | |||
permit tcp any 192.168.5.192 0.0.0.63 established | |||
permit icmp any 192.168.5.192 0.0.0.63 echo-reply | |||
ip access-list extended VLAN40in | |||
permit ip 192.168.5.192 0.0.0.63 host 192.168.5.6 | |||
permit ip 192.168.5.192 0.0.0.63 host 192.168.5.2 | |||
permit tcp 192.168.5.192 0.0.0.63 any eq www | |||
permit tcp 192.168.5.192 0.0.0.63 any eq 8080 | |||
permit tcp 192.168.5.192 0.0.0.63 any eq 443 | |||
permit icmp 192.168.5.192 0.0.0.63 any echo | |||
access-list 1 permit 192.168.5.0 0.0.0.255 | |||
</pre> | |||
=Võrgujoonis= | |||
[[File:Euroskill.jpg]] | |||
[[Category:EuroSkills2010]] | [[Category:EuroSkills2010]] |
Latest revision as of 10:07, 21 June 2010
Võrgu kirjeldus
On olemas neli VLAN-i, iga organisatsiooni üksuse kohta üks(iga kohta tuleks teha eraldi DHCP pool):
VLAN 10 - ICT System management
Network:192.168.5.0
Default Gateway: 192.168.5.1
Network mask: 255.255.255.192
VLAN 20 - Company Management
Network:192.168.5.64
Default Gateway: 192.168.5.65
Network mask: 255.255.255.192
VLAN 30 - Trade and Marketing
Network:192.168.5.128
Default Gateway: 192.168.5.129
Network mask: 255.255.255.192
VLAN 40 - Administration
Network:192.168.5.192
Default Gateway: 192.168.5.193
Network mask: 255.255.255.192
ACL Ruuteril
access-list 100 permit udp any any eq bootpc ip access-list extended VLAN20 permit ip host 192.168.5.6 192.168.5.64 0.0.0.63 permit ip host 192.168.5.2 192.168.5.64 0.0.0.63 permit tcp any 192.168.5.64 0.0.0.63 established permit icmp any 192.168.5.64 0.0.0.63 echo-reply ip access-list extended VLAN10 permit ip any host 192.168.5.6 permit ip 192.168.5.0 0.0.0.255 host 192.168.5.2 permit tcp any 192.168.5.0 0.0.0.63 established permit icmp any 192.168.5.0 0.0.0.63 echo-reply ip access-list extended VLAN30out permit ip host 192.168.5.6 192.168.5.128 0.0.0.63 permit ip host 192.168.5.2 192.168.5.128 0.0.0.63 permit tcp any 192.168.5.128 0.0.0.63 established permit icmp any 192.168.5.128 0.0.0.63 echo-reply ip access-list extended VLAN30in permit ip 192.168.5.128 0.0.0.63 host 192.168.5.6 permit ip 192.168.5.128 0.0.0.63 host 192.168.5.2 permit tcp 192.168.5.128 0.0.0.63 any eq www permit tcp 192.168.5.128 0.0.0.63 any eq 8080 permit tcp 192.168.5.128 0.0.0.63 any eq 443 permit icmp 192.168.5.128 0.0.0.63 any echo ip access-list extended VLAN40out permit ip host 192.168.5.6 192.168.5.128 0.0.0.63 permit ip host 192.168.5.2 192.168.5.192 0.0.0.63 permit ip host 192.168.5.6 192.168.5.192 0.0.0.63 permit tcp any 192.168.5.192 0.0.0.63 established permit icmp any 192.168.5.192 0.0.0.63 echo-reply ip access-list extended VLAN40in permit ip 192.168.5.192 0.0.0.63 host 192.168.5.6 permit ip 192.168.5.192 0.0.0.63 host 192.168.5.2 permit tcp 192.168.5.192 0.0.0.63 any eq www permit tcp 192.168.5.192 0.0.0.63 any eq 8080 permit tcp 192.168.5.192 0.0.0.63 any eq 443 permit icmp 192.168.5.192 0.0.0.63 any echo access-list 1 permit 192.168.5.0 0.0.0.255