18/10/2021 10:24:45 PM

Bài viết sưu tầm

Lab GLBP_NAT_VTP_Inter-VLAN trên EVE-NG (Phần 2)

Cho sơ đồ mạng như sau:

Yêu cầu:

Cấu hình GLBP, NAT Overload trên 2 Router GW1 & GW2.
Cấu hình VTP & Inter-VLAN.

Xem các hướng dẫn khác:

Hướng dẫn cài EVE-NG

=> Xem video

https://drive.google.com/file/d/1qsTYuzu9R-WHHrwF70s1v4UxHqySQT8f/view

Thêm Cisco c3725 and c7206VXR Images.

Tải Images & xem hướng dẫn: https://tinyurl.com/ciscoiosdynamip

Hướng dẫn Import Cisco IOU vào EVE-NG

=> Xem video

https://drive.google.com/file/d/1XfcwQtrxrMnBztXRRu7aS-HaGUnrBVVD/view

Tiếp theo phần 1

Switch Core-SW

Core-SW#show running-config

Building configuration...

Current configuration : 1380 bytes

! Last configuration change at 17:25:36 EET Fri Oct 15 2021

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

hostname Core-SW

boot-start-marker

boot-end-marker

no aaa new-model

clock timezone EET 2 0

no ip cef

no ipv6 cef

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Ethernet0/0

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet0/2

shutdown

interface Ethernet0/3

shutdown

interface Ethernet1/0

shutdown

interface Ethernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet1/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet1/3

switchport mode access

interface Vlan1

ip address 192.168.1.100 255.255.255.0

interface Vlan10

ip address 192.168.10.1 255.255.255.0

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.1

control-plane

line con 0

logging synchronous

line aux 0

line vty 0 4

transport input none

end

Core-SW#

Core-SW#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Et0/2, Et0/3, Et1/0, Et1/3

10 KeToan active

20 TaiChinh active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Core-SW#

Core-SW#show vtp status

VTP Version capable : 1 to 3

VTP version running : 1

VTP Domain Name : dtu.vn

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : aabb.cc80.3000

Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34

Local updater ID is 192.168.1.100 on interface Vl1 (lowest numbered VLAN interface found)

Feature VLAN:

--------------

VTP Operating Mode : Server

Maximum VLANs supported locally : 1005

Number of existing VLANs : 7

Configuration Revision : 2

MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8

0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55

Core-SW#

Core-SW#show vtp password

VTP Password: dtu123

Core-SW#

Core-SW#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset up up

Ethernet0/1 unassigned YES unset up up

Ethernet0/2 unassigned YES unset administratively down down

Ethernet0/3 unassigned YES unset administratively down down

Ethernet1/0 unassigned YES unset administratively down down

Ethernet1/1 unassigned YES unset up up

Ethernet1/2 unassigned YES unset up up

Ethernet1/3 unassigned YES unset up up

Vlan1 192.168.1.100 YES NVRAM up up

Vlan10 192.168.10.1 YES NVRAM up up

Vlan20 192.168.20.1 YES NVRAM up up

Core-SW#

Core-SW#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.1.1

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, Vlan1

L 192.168.1.100/32 is directly connected, Vlan1

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.10.0/24 is directly connected, Vlan10

L 192.168.10.1/32 is directly connected, Vlan10

192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.20.0/24 is directly connected, Vlan20

L 192.168.20.1/32 is directly connected, Vlan20

Core-SW#

Switch Access-SW1

Access-SW1#show running-config

Building configuration...

Current configuration : 1058 bytes

! Last configuration change at 17:04:50 EET Fri Oct 15 2021

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

hostname Access-SW1

boot-start-marker

boot-end-marker

no aaa new-model

clock timezone EET 2 0

no ip cef

no ipv6 cef

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Ethernet0/0

switchport access vlan 10

switchport mode access

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet1/0

interface Ethernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet1/2

interface Ethernet1/3

interface Vlan1

ip address 192.168.1.10 255.255.255.0

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.1

control-plane

line con 0

logging synchronous

line aux 0

line vty 0 4

end

Access-SW1#

Access-SW1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset up up

Ethernet0/1 unassigned YES unset up up

Ethernet0/2 unassigned YES unset up up

Ethernet0/3 unassigned YES unset up up

Ethernet1/0 unassigned YES unset up up

Ethernet1/1 unassigned YES unset up up

Ethernet1/2 unassigned YES unset up up

Ethernet1/3 unassigned YES unset up up

Vlan1 192.168.1.10 YES NVRAM up up

Access-SW1#

Access-SW1#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Et0/1, Et0/2, Et0/3, Et1/0

Et1/2, Et1/3

10 KeToan active Et0/0

20 TaiChinh active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Access-SW1#

Access-SW1#show vtp status

VTP Version capable : 1 to 3

VTP version running : 1

VTP Domain Name : dtu.vn

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : aabb.cc80.4000

Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34

Feature VLAN:

--------------

VTP Operating Mode : Client

Maximum VLANs supported locally : 1005

Number of existing VLANs : 7

Configuration Revision : 2

MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8

0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55

Access-SW1#

Access-SW1#show vtp password

VTP Password: dtu123

Access-SW1#

Switch Access-SW1

Access-SW2#show running-config

Building configuration...

Current configuration : 1058 bytes

! Last configuration change at 17:05:09 EET Fri Oct 15 2021

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

hostname Access-SW2

boot-start-marker

boot-end-marker

no aaa new-model

clock timezone EET 2 0

no ip cef

no ipv6 cef

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface Ethernet0/0

switchport access vlan 20

switchport mode access

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet1/0

interface Ethernet1/1

interface Ethernet1/2

switchport trunk encapsulation dot1q

switchport mode trunk

interface Ethernet1/3

interface Vlan1

ip address 192.168.1.20 255.255.255.0

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.1

control-plane

line con 0

logging synchronous

line aux 0

line vty 0 4

end

Access-SW2#

Access-SW2#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Et0/1, Et0/2, Et0/3, Et1/0

Et1/1, Et1/3

10 KeToan active

20 TaiChinh active Et0/0

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

20 enet 100020 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Access-SW2#

Access-SW2#show vtp status

VTP Version capable : 1 to 3

VTP version running : 1

VTP Domain Name : dtu.vn

VTP Pruning Mode : Disabled

VTP Traps Generation : Disabled

Device ID : aabb.cc80.5000

Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34

Feature VLAN:

--------------

VTP Operating Mode : Client

Maximum VLANs supported locally : 1005

Number of existing VLANs : 7

Configuration Revision : 2

MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8

0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55

Access-SW2#

Access-SW2#show vtp password

VTP Password: dtu123

Access-SW2#

PC-VLAN10

ip 192.168.10.10/24 192.168.10.1

ip dns 8.8.8.8

set pcname PC10

save

PC10> show ip

NAME : PC10[1]

IP/MASK : 192.168.10.10/24

GATEWAY : 192.168.10.1

DNS : 8.8.8.8

MAC : 00:50:79:66:68:06

LPORT : 20000

RHOST:PORT : 127.0.0.1:30000

MTU : 1500

PC10>

PC-VLAN20

ip 192.168.20.20/24 192.168.20.1

ip dns 8.8.8.8

set pcname PC10

save

PC20> show ip

NAME : PC20[1]

IP/MASK : 192.168.20.20/24

GATEWAY : 192.168.20.1

DNS : 8.8.8.8

MAC : 00:50:79:66:68:07

LPORT : 20000

RHOST:PORT : 127.0.0.1:30000

MTU : 1500

PC20>

Mượn Router C3725 giả lập Web Server ktm.vn (http/https)

Cấu hình SSH & enable http/https:

hostname ktm.vn

enable secret dtu123

ip domain-name dtu.vn //dtu.vn là chuỗi domain-name

username dtu password dtu123

crypto key generate rsa //nhập 1024

ip ssh version 2

line vty 0 4 //có 16 line (0->15)

transport input ssh

exit

interface f0/0

no shutdown

ip address 192.168.1.200 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Một số kết quả kiểm thử kết nối

Truy cập vào Web Server ktm.vn: Sử dụng username dtu vs password dtu123

Edit lại file host

Thêm dòng “192.168.88.88 ktm.vn” vào cuối file host.

Xem bảng NAT trên 2 router GW1 vs GW2:

GW2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.88.88:80 192.168.1.200:80 --- ---

tcp 192.168.88.88:443 192.168.1.200:443 --- ---

GW2#

GW1#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.88.88:80 192.168.1.200:80 192.168.88.1:65291 192.168.88.1:65291

tcp 192.168.88.88:80 192.168.1.200:80 --- ---

tcp 192.168.88.88:443 192.168.1.200:443 --- ---

GW1#

PC-VLAN10 kết nối ra Internet

PC-VLAN20 kết nối ra Internet

GW2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.88.88:80 192.168.1.200:80 --- ---

tcp 192.168.88.88:443 192.168.1.200:443 --- ---

icmp 192.168.88.146:19504 192.168.10.10:19504 8.8.8.8:19504 8.8.8.8:19504

icmp 192.168.88.146:19760 192.168.10.10:19760 8.8.8.8:19760 8.8.8.8:19760

icmp 192.168.88.146:20016 192.168.10.10:20016 8.8.8.8:20016 8.8.8.8:20016

icmp 192.168.88.146:20272 192.168.10.10:20272 8.8.8.8:20272 8.8.8.8:20272

icmp 192.168.88.146:20528 192.168.10.10:20528 8.8.8.8:20528 8.8.8.8:20528

icmp 192.168.88.146:26160 192.168.10.10:26160 8.8.8.8:26160 8.8.8.8:26160

icmp 192.168.88.146:26416 192.168.10.10:26416 8.8.8.8:26416 8.8.8.8:26416

icmp 192.168.88.146:1025 192.168.10.10:26672 8.8.8.8:26672 8.8.8.8:1025

icmp 192.168.88.146:26928 192.168.10.10:26928 8.8.8.8:26928 8.8.8.8:26928

icmp 192.168.88.146:27184 192.168.10.10:27184 8.8.8.8:27184 8.8.8.8:27184

icmp 192.168.88.146:25392 192.168.20.20:25392 8.8.8.8:25392 8.8.8.8:25392

icmp 192.168.88.146:25648 192.168.20.20:25648 8.8.8.8:25648 8.8.8.8:25648

icmp 192.168.88.146:25904 192.168.20.20:25904 8.8.8.8:25904 8.8.8.8:25904

icmp 192.168.88.146:1024 192.168.20.20:26160 8.8.8.8:26160 8.8.8.8:1024

icmp 192.168.88.146:26672 192.168.20.20:26672 8.8.8.8:26672 8.8.8.8:26672

GW2#

» Tin mới nhất:

DB2 Developer Workbench (04/11/2025)
Cơn khát nhân lực AI Việt (03/11/2025)
Giới thiệu về phần mềm tạo ảnh Gemini (18/10/2025)
Quy trình kiểm thử tự động (17/10/2025)
Tuple trong Python (17/10/2025)

» Các tin khác:

Lab GLBP_NAT_VTP_Inter-VLAN trên EVE-NG (Phần 1) (18/10/2021)
Classes of Routing Protocols (18/10/2021)
Thị giác máy tính với các công nghệ hỗ trợ (18/10/2021)
TỔNG QUAN VỀ PHÁT HIỆN, NHẬN DẠNG VĂN BẢN TRONG ẢNH (18/10/2021)
Thiết lập tường lửa FirewallD trên CentOS 7 (16/10/2021)
Không gian trạng thái (16/10/2021)
Các khung nhìn (View) trong DB2 (09/10/2021)
SELinux là gì? Cách vô hiệu hóa SELinux trên CentOS (19/09/2021)
Chip mới dựa trên DNA có thể được lập trình để giải các bài toán phức tạp (18/09/2021)
AI có thể đưa ra các quyết định lâm sàng tốt hơn con người (18/09/2021)

Hôm nay, ngày

06/11/2025

Tuần học:

Sinh viên tiêu biểu

video

Số lượt truy cập: 10676753