Файл: Диплом жмысында Cisco компаниясы инновациялы архитектураны олдана отырып зірлеген Шексіз желілер корпоративтік желілерді руды.docx

Скачать файл
Заказать решение

ВУЗ: Не указан

Категория: Дипломная работа

Дисциплина: Не указана

Добавлен: 03.05.2024

Просмотров: 53

Скачиваний: 0

ВНИМАНИЕ! Если данный файл нарушает Ваши авторские права, то обязательно сообщите нам.


Список сокращений
AAA - Authentication, Authorization and Accounting

ACE - Access Control Entries

ACL - Access Control Lists

ACS -Access Control Server

BMS - Building Management System

CTS - Cisco TrustSec

dACL - downloadable Access Control Lists

DHCP - Dynamic Host Configuration Protocol

DMZ - Demilitarized Zone

DTG - Destination Group Tag

EAP - Extensible Authentication Protocol

EAPOL - Extensible Authentication Protocol over LAN

ISE - Identity Services Engine

ISP - Internet Service Provider

IT - Information Technologies

LAN - Local Area Network

MAB - MAC Authentication Bypass

OSI - Open Systems Interconnection

PoE - Power over Ethernet

RADIUS - Remote Authentication in Dial-In User Service

SAP - Security Association Protocol

SGACL - Security Group Access Control Lists

SGT - Security Group Tag

SNMP - Simple Network Management Protocol

UDP - User Datagram Protocol

VLAN - Virtual Local Area Network

VPN - Virtual Private Network

VTP - VLAN Trunking Protocol

WAN - Wide Area Network

ИТ - Информационные Технологии

МВОС - Модель Взаимодействия Открытых Систем

МЭ - Межсетевой Экран

ЦОД - Центр Обработки Данных


96
Приложение А
Топология сети банка и удаленного филиала (до внедрения Cisco TrustSec

и Cisco EnergyWise):

Рисунок А1 - Топология сети банка и удаленного филиала (MS Visio)

97



Продолжение приложения А
Топология сети банка и удаленного филиала, собранная в симуляторе

PacketTracer:

Рисунок А2 - Топология сети банка и удаленного филиала (Cisco PacketTracer)
98



Продолжение приложения А
Настройка и конфигурация сетевого оборудования, маршрутов и

протоколов передачи данных:
Коммутатор L2 HR:
no service timestamps log datetimemsec

no service timestamps debug datetimemsec

no service password-encryption

!

hostname Switch

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

spanning-tree mode pvst

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport trunk allowed vlan 10,20

switchport mode trunk

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11
99
Продолжение приложения А

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 10

switchport mode access

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!
100
Продолжение приложения А
interface Vlan1

no ip address

shutdown

!

line con 0

password cisco

login

!

linevty 0 4

password cisco

login

linevty 5 15

password cisco

login

!

End
Коммутатор L2_IT:
no service timestamps log datetimemsec

no service timestamps debug datetimemsec

no service password-encryption

!

hostname Switch

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

spanning-tree mode pvst

!

interface FastEthernet0/1

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/3

switchport trunk allowed vlan 10,20

switchport mode trunk

!

interface FastEthernet0/4

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 20

switchport mode access

!
101
Продолжение приложения А
interface FastEthernet0/8

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 20

switchport mode access


!

interface FastEthernet0/22

switchport access vlan 20

switchport mode access
102
Продолжение приложения А
!

interface FastEthernet0/23

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 20

switchport mode access

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

line con 0

password cisco

login

!

linevty 0 4

password cisco

login

linevty 5 15

password cisco

login

!

End

Коммутатор L3:
no service timestamps log datetimemsec

no service timestamps debug datetimemsec

no service password-encryption

!

hostname MSW

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

ip routing

!

spanning-tree mode pvst

!

interface FastEthernet0/1

switchport trunk allowed vlan 10,20

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

switchport trunk allowed vlan 10,20

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/3

noswitchport

ip address 192.168.4.1 255.255.255.0
103
Продолжение приложения А
duplex auto

speed auto

!

interface FastEthernet0/4

noswitchport

ip address 192.168.5.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/5

noswitchport

ip address 192.168.6.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/6

noswitchport

ip address 192.168.7.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/7

noswitchport

ip address 192.168.8.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/8

noswitchport

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/9

noswitchport

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet0/10

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18
104
Продолжение приложения А
!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 192.168.2.1 255.255.255.0

ip access-group DENY_TELNET_HR in

!

interface Vlan20

ip address 192.168.3.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.10.1

ip route 192.168.1.0 255.255.255.0 192.168.1.1

ip route 192.168.1.0 255.255.255.0 171.69.234.2

!

ip access-list extended DENY_TELNET_HR

permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.7.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.8.0 0.0.0.255

permiticmp 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 echo

permiticmp 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 echo

permiticmp 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255 echo

permiticmp 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255 echo

permiticmp 192.168.2.0 0.0.0.255 192.168.8.0 0.0.0.255 echo

permittcp 192.168.2.0 0.0.0.255 192.168.8.0 0.0.0.255 eq ftp

permittcp 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 eqsmtp

permittcp 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 eqsmtp

permittcp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eqsmtp

permittcp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq pop3

permittcp 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 eq pop3

permittcp 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 eq pop3

permittcp 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255 eq www


permit ip 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255

denytcp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 eq telnet
105
Продолжение приложения А
denytcp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255 eq telnet

denytcp 192.168.2.0 0.0.0.255 192.168.8.0 0.0.0.255 eq telnet

!

line con 0

password cisco

login

!

line aux 0

!

linevty 0 4

password cisco

login

linevty 5 15

passwordcisco

login

!

End

Граничный маршрутизатор с функциями ASA (главный офис):
no service timestamps log datetimemsec

no service timestamps debug datetimemsec

no service password-encryption

!

hostname HQ

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

cryptoisakmp policy 1

encr 3des

hash md5

authentication pre-share

group 5

lifetime 3600

!

cryptoisakmp key cisco address 171.69.233.1

!

cryptoipsec transform-set set1 ah-sha-hmac esp-3des

!

crypto map map1 1 ipsec-isakmp

set peer 171.69.233.1

set transform-set set1

match address 101

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface Tunnel1

ip address 10.0.0.1 255.255.255.0

tunnel source Serial1/0

tunnel destination 171.69.233.1

tunnel mode gre ip

!
106
Продолжение приложения А
interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.2.1 255.255.255.0

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.3.1 255.255.255.0

!

interface FastEthernet0/1

ip address 192.168.10.1 255.255.255.0

duplex auto

speed auto

!

interface Serial1/0

ip address 171.69.234.1 255.255.255.0

crypto map map1

!

interface Serial1/1

no ip address

shutdown

!

interface Serial1/2

no ip address

shutdown

!

interface Serial1/3

no ip address

shutdown

!

interface Vlan1

no ip address

shutdown

!

routereigrp 1

network 192.168.10.0

network 10.0.0.0

no auto-summary

!

ip classless

ip route 192.168.101.0 255.255.255.0 10.0.0.2

ip route 0.0.0.0 0.0.0.0 171.69.234.2

!

!

access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.101.0 0.0.0.255

!

telephony-service

max-ephones 20

max-dn 4

ip source-address 192.168.1.1 port 2000

auto assign 4 to 6

auto assign 1 to 5

!

ephone-dn 1

number 0001
107
Продолжение приложения А
!

ephone-dn 2

number 0002

!

ephone-dn 3

number 0003

!

ephone-dn 4

number 0004

!

line con 0

password cisco

login

!

line aux 0

!

linevty 0 4

password cisco

login

linevty 5 15

password cisco

login

!

End
Маршрутизатор ISP:
no service timestamps log datetimemsec

no service timestamps debug datetimemsec

no service password-encryption

!

hostname ISP

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

Смотрите также файлы