정보보안 스터디 - 4주차 6일 - eve-ng 네트워크 환경 구성

 

 

실제 eve 환경에서 네트워크 환경 구성하기

 

 

 

1. 물리적 연결 및 IP 설계

 

2. 기본 설정

@모든 스위치
conf t
hostname 이름
no ip domain-lookup
enable secret cisco
no cdp run
!
line con 0
logg synexec-timeout 0 0
!
line vty 0 4
password ciscovty
login
transport input all

 

3. 관리용 IP 주소 설정 및 게이트웨이 지정

@모든 스위위
int vlan 1
ip address 192.168.100.x 255.255.255.0.
no sh
ip default-gateway 192.168.100.254

각 스위치에서 관리용 ip 주소로 ping test

 

 

4. 트렁크, IEEE RSTP 구성

@DSW11
spanning-tree mode rapid-pvst

int range e1/0-3
switchport trunk encapsulation dot1q
switchport mode trunk

@ASW101,2,3,4
spanning-tree mode rapid-pvst

int e1/0
switchport trunk encapsulation dot1q
switchport mode trunk

 

 

5. vlan 설정

@모든 스위치
vlan 11 
name VLAN_user1
vlan 12 
name VLAN_user2
vlan 13 
name DHCP+FTP
vlan 14 
name Web+DNS
vlan 15
name EMAIL
vlan 16
name DMZ_Web

 

3. vlan access, portfast 적용

@ASW101
int range e0/1-2
switchport mode access 
switchport access vlan 11
spanning-tree portfast 

@ASW102
int range e0/1-2
switchport mode access 
switchport access vlan 12
spanning-tree portfast 

@ASW103
int e0/1
switchport mode access 
switchport access vlan 13
spanning-tree portfast 
int e0/2
switchport mode access 
switchport access vlan 14
spanning-tree portfast 

@ASW104
int e0/1
switchport mode access 
switchport access vlan 15
spanning-tree portfast 
int e0/2
switchport mode access 
switchport access vlan 16
spanning-tree portfast 

 

7. Inter-vlan 구성

@DSW11
int e0/0
switchport trunk encapsulation dot1qswitchport mode trunk
spanning-tree portfast trunk

@GW1
int e0/0
no sh

int e0/0.1
encapsulation dot1 1
ip address 192.168.100.254 255.255.255.0
no sh
int e0/0.11
encapsulation dot1q 11
ip address 10.1.11.254 255.255.255.0
int e0/0.12
encapsulation dot1q 12
ip address 10.1.12.254 255.255.255.0
int e0/0.13
encapsulation dot1q 13
ip address 10.1.13.254 255.255.255.0
int e0/0.14
encapsulation dot1q 14
ip address 10.1.14.254 255.255.255.0
int e0/0.15
encapsulation dot1q 15
ip address 10.1.15.254 255.255.255.0
int e0/0.16
encapsulation dot1q 16
ip address 10.1.16.254 255.255.255.0

 

8. PC ip 주소 설정

@VPC1
ip 10.1.11.1 255.255.255.0 10.1.11.254
ip dns 10.1.14.200 168.126.63.1

@VPC2
ip 10.1.11.2 255.255.255.0 10.1.11.254
ip dns 10.1.14.200 168.126.63.1

pc끼리 ping test

게이트웨이로 ping test

 

 

10. 인터넷(외부 네트워크)  연결 설정

@GW1
conf t
int e0/1
ip address 192.168.2.251 255.255.255.0
no sh

ip route 0.0.0.0 0.0.0.0 192.168.2.254

ping 192.168.2.254

ping 168.126.63.1 

 

 

11. 동적 NAT설정

@GW1
access-list 10 permit 10.1.0.0 0.0.255.255
access-list 10 permit 192.168.100.0 0.0.0.255

ip nat inside source list 10 interface e0/1 overload

int e0/1
ip nat outside
int e0/0.1
ip nat inside 
int e0/0.1x
ip nat inside

각각의 시스템에서 'ping 168.126.63.1' 테스트

 

 

12. DMZ_Web 서버 구성

@GW1
ip nat inside source static tcp 10.1.16.200 80 192.168.2.251 80ip nat inside source static tcp 10.1.16.200 443 192.168.2.251 443

show ip nat translations

 http://192.168.2.251 접속 테스트

 

 

13. dhcp 서버 구성

DHCP Relay Agent
@GW1 
int e0/0.1x
ip helper-address 10.1.13.200

 

14. FTP 서버 구성

 

15. WEB 서버 구성

 

16. DNS 서버 구성

 

17. email서버 구성