Lab GLBP_NAT_VTP_Inter-VLAN trên EVE-NG (Phần 2)
Cho sơ đồ mạng như sau:
Yêu cầu:
-
Cấu hình GLBP, NAT Overload trên 2 Router GW1 & GW2.
-
Cấu hình VTP & Inter-VLAN.
Xem các hướng dẫn khác:
-
Hướng dẫn cài EVE-NG
=> Xem video
https://drive.google.com/file/d/1qsTYuzu9R-WHHrwF70s1v4UxHqySQT8f/view
-
Thêm Cisco c3725 and c7206VXR Images.
Tải Images & xem hướng dẫn: https://tinyurl.com/ciscoiosdynamip
-
Hướng dẫn Import Cisco IOU vào EVE-NG
=> Xem video
https://drive.google.com/file/d/1XfcwQtrxrMnBztXRRu7aS-HaGUnrBVVD/view
-
Switch Core-SW
Core-SW#show running-config
Building configuration...
Current configuration : 1380 bytes
!
! Last configuration change at 17:25:36 EET Fri Oct 15 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Core-SW
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone EET 2 0
!
no ip cef
no ipv6 cef
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet1/0
shutdown
!
interface Ethernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/3
switchport mode access
!
interface Vlan1
ip address 192.168.1.100 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end
Core-SW#
Core-SW#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/2, Et0/3, Et1/0, Et1/3
10 KeToan active
20 TaiChinh active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Core-SW#
Core-SW#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dtu.vn
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.3000
Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34
Local updater ID is 192.168.1.100 on interface Vl1 (lowest numbered VLAN interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 2
MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8
0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55
Core-SW#
Core-SW#show vtp password
VTP Password: dtu123
Core-SW#
Core-SW#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Ethernet1/0 unassigned YES unset administratively down down
Ethernet1/1 unassigned YES unset up up
Ethernet1/2 unassigned YES unset up up
Ethernet1/3 unassigned YES unset up up
Vlan1 192.168.1.100 YES NVRAM up up
Vlan10 192.168.10.1 YES NVRAM up up
Vlan20 192.168.20.1 YES NVRAM up up
Core-SW#
Core-SW#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.100/32 is directly connected, Vlan1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.1/32 is directly connected, Vlan10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.1/32 is directly connected, Vlan20
Core-SW#
-
Switch Access-SW1
Access-SW1#show running-config
Building configuration...
Current configuration : 1058 bytes
!
! Last configuration change at 17:04:50 EET Fri Oct 15 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Access-SW1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone EET 2 0
!
no ip cef
no ipv6 cef
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Ethernet0/0
switchport access vlan 10
switchport mode access
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet1/0
!
interface Ethernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/2
!
interface Ethernet1/3
!
interface Vlan1
ip address 192.168.1.10 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Access-SW1#
Access-SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset up up
Ethernet1/0 unassigned YES unset up up
Ethernet1/1 unassigned YES unset up up
Ethernet1/2 unassigned YES unset up up
Ethernet1/3 unassigned YES unset up up
Vlan1 192.168.1.10 YES NVRAM up up
Access-SW1#
Access-SW1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/1, Et0/2, Et0/3, Et1/0
Et1/2, Et1/3
10 KeToan active Et0/0
20 TaiChinh active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Access-SW1#
Access-SW1#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dtu.vn
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.4000
Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 2
MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8
0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55
Access-SW1#
Access-SW1#show vtp password
VTP Password: dtu123
Access-SW1#
-
Switch Access-SW1
Access-SW2#show running-config
Building configuration...
Current configuration : 1058 bytes
!
! Last configuration change at 17:05:09 EET Fri Oct 15 2021
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Access-SW2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone EET 2 0
!
no ip cef
no ipv6 cef
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Ethernet0/0
switchport access vlan 20
switchport mode access
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/3
!
interface Vlan1
ip address 192.168.1.20 255.255.255.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Access-SW2#
Access-SW2#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/1, Et0/2, Et0/3, Et1/0
Et1/1, Et1/3
10 KeToan active
20 TaiChinh active Et0/0
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Access-SW2#
Access-SW2#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : dtu.vn
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : aabb.cc80.5000
Configuration last modified by 0.0.0.0 at 10-13-21 03:37:34
Feature VLAN:
--------------
VTP Operating Mode : Client
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 2
MD5 digest : 0xC7 0x34 0x00 0xE2 0xF4 0xC1 0x22 0xE8
0xFE 0x2B 0x12 0x38 0x64 0xCA 0x37 0x55
Access-SW2#
Access-SW2#show vtp password
VTP Password: dtu123
Access-SW2#
-
PC-VLAN10
ip 192.168.10.10/24 192.168.10.1
ip dns 8.8.8.8
set pcname PC10
save
PC10> show ip
NAME : PC10[1]
IP/MASK : 192.168.10.10/24
GATEWAY : 192.168.10.1
DNS : 8.8.8.8
MAC : 00:50:79:66:68:06
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
PC10>
-
PC-VLAN20
ip 192.168.20.20/24 192.168.20.1
ip dns 8.8.8.8
set pcname PC10
save
PC20> show ip
NAME : PC20[1]
IP/MASK : 192.168.20.20/24
GATEWAY : 192.168.20.1
DNS : 8.8.8.8
MAC : 00:50:79:66:68:07
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
PC20>
-
Mượn Router C3725 giả lập Web Server ktm.vn (http/https)
Cấu hình SSH & enable http/https:
hostname ktm.vn
enable secret dtu123
ip domain-name dtu.vn //dtu.vn là chuỗi domain-name
username dtu password dtu123
crypto key generate rsa //nhập 1024
ip ssh version 2
line vty 0 4 //có 16 line (0->15)
transport input ssh
login local
exit
interface f0/0
no shutdown
ip address 192.168.1.200 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.1
Một số kết quả kiểm thử kết nối
Truy cập vào Web Server ktm.vn: Sử dụng username dtu vs password dtu123
Edit lại file host
Thêm dòng “192.168.88.88 ktm.vn” vào cuối file host.
Xem bảng NAT trên 2 router GW1 vs GW2:
GW2#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.88.88:80 192.168.1.200:80 --- ---
tcp 192.168.88.88:443 192.168.1.200:443 --- ---
GW2#
GW1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.88.88:80 192.168.1.200:80 192.168.88.1:65291 192.168.88.1:65291
tcp 192.168.88.88:80 192.168.1.200:80 --- ---
tcp 192.168.88.88:443 192.168.1.200:443 --- ---
GW1#
PC-VLAN10 kết nối ra Internet
PC-VLAN20 kết nối ra Internet
GW2#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.88.88:80 192.168.1.200:80 --- ---
tcp 192.168.88.88:443 192.168.1.200:443 --- ---
icmp 192.168.88.146:19504 192.168.10.10:19504 8.8.8.8:19504 8.8.8.8:19504
icmp 192.168.88.146:19760 192.168.10.10:19760 8.8.8.8:19760 8.8.8.8:19760
icmp 192.168.88.146:20016 192.168.10.10:20016 8.8.8.8:20016 8.8.8.8:20016
icmp 192.168.88.146:20272 192.168.10.10:20272 8.8.8.8:20272 8.8.8.8:20272
icmp 192.168.88.146:20528 192.168.10.10:20528 8.8.8.8:20528 8.8.8.8:20528
icmp 192.168.88.146:26160 192.168.10.10:26160 8.8.8.8:26160 8.8.8.8:26160
icmp 192.168.88.146:26416 192.168.10.10:26416 8.8.8.8:26416 8.8.8.8:26416
icmp 192.168.88.146:1025 192.168.10.10:26672 8.8.8.8:26672 8.8.8.8:1025
icmp 192.168.88.146:26928 192.168.10.10:26928 8.8.8.8:26928 8.8.8.8:26928
icmp 192.168.88.146:27184 192.168.10.10:27184 8.8.8.8:27184 8.8.8.8:27184
icmp 192.168.88.146:25392 192.168.20.20:25392 8.8.8.8:25392 8.8.8.8:25392
icmp 192.168.88.146:25648 192.168.20.20:25648 8.8.8.8:25648 8.8.8.8:25648
icmp 192.168.88.146:25904 192.168.20.20:25904 8.8.8.8:25904 8.8.8.8:25904
icmp 192.168.88.146:1024 192.168.20.20:26160 8.8.8.8:26160 8.8.8.8:1024
icmp 192.168.88.146:26672 192.168.20.20:26672 8.8.8.8:26672 8.8.8.8:26672
GW2#
