如何做强一个网站的品牌,腾讯体育,网络营销是做什么,哪里的网络推广培训好最近通过某个平台接的单子#xff0c;最后Kali做的测试没有公开可以私聊给教程。 下面是规划与配置
1.vlan方面#xff1a;推荐一个vlan下的所有主机为一个子网网段
连接电脑和http客户端的接口配置为access接口 交换机与交换机或路由器连接的接口配置为trunk接口---也可以…
最近通过某个平台接的单子最后Kali做的测试没有公开可以私聊给教程。 下面是规划与配置
1.vlan方面推荐一个vlan下的所有主机为一个子网网段
连接电脑和http客户端的接口配置为access接口 交换机与交换机或路由器连接的接口配置为trunk接口---也可以配置为access接口但是为了扩展性trunk接口更佳允许vlan10到vlan100通过 对汇聚层交换配置对应的vlanif的ip地址 两个汇聚层交换机间配置eth-trunk模式采用静态lacp 配置代码
交换机1
sys sys sw1 vlan 10 quit int g0/0/3 port link-type access port defult vlan 10 int g0/0/4 port link-type access port defult vlan 10 int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/2 port link-type trunk port trunk allow-pass vlan 10 to 100 交换机2 sys sys sw2 vlan batch 20 30 int g0/0/3 port link-type access port defult vlan 30
int g0/0/4 port link-type access port defult vlan 20
int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/2 port link-type trunk port trunk allow-pass vlan 10 to 100 交换机3 sys sys sw3 vlan batch 40 50
int g0/0/5 port link-type access port defult vlan 40
int g0/0/3 port link-type access port defult vlan 50
int g0/0/4 port link-type access port defult vlan 50
int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100
int g0/0/2 port link-type trunk port trunk allow-pass vlan 10 to 100 交换机4 sys sys sw4 vlan 60 quit int g0/0/3 port link-type access port defult vlan 60
int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/2 port link-type trunk
port trunk allow-pass vlan 10 to 100 交换机5
sys sys sw5 vlan batch 10 20 30 91 92 int eth-trunk 1 mode lacp quit int g0/0/2 eth-trunk 1 int g0/0/6 eth-trunk 1 quit lacp priority 100 //将优先级配置为100使改侧成为主动端 int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 100 int eth-trunk 1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/4 port link-type access port defult vlan 91 int g0/0/5 port link-type access port defult vlan 92 int vlanif 10 ip address 172.22.10.100 24 int vlanif 20
ip address 172.22.20.100 24
int vlanif 30 ip address 172.22.30.100 24
int vlanif 91 ip address 172.22.1.1 24
int vlanif 92 ip address 172.22.2.1 24 交换机6 sys sys sw6 vlan batch 10 20 30 93 94 int eth-trunk 1 mode lacp quit int g0/0/2 eth-trunk 1 int g0/0/6 eth-trunk 1 quit int g0/0/1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 100 int eth-trunk 1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/4 port link-type access port defult vlan 93 int g0/0/5 port link-type access port defult vlan 94 int vlanif 10 ip address 172.22.10.200 24 int vlanif 20
ip address 172.22.20.200 24
int vlanif 30 ip address 172.22.30.200 24
int vlanif 93 ip address 172.22.3.1 24
int vlanif 94 ip address 172.22.4.1 24 交换机7
sys sys sw7 vlan batch 40 50 60 95 96 int eth-trunk 1 mode lacp quit int g0/0/1 eth-trunk 1 int g0/0/7 eth-trunk 1 quit lacp priority 100 //将优先级配置为100使改侧成为主动端 int g0/0/2 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 100 int eth-trunk 1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/4 port link-type access port default vlan 95 int g0/0/5 port link-type access port default vlan 96 int vlanif 40 ip address 172.22.40.100 24 int vlanif 50
ip address 172.22.50.100 24
int vlanif 60 ip address 172.22.60.100 24
int vlanif 95 ip address 172.22.5.1 24
int vlanif 96 ip address 172.22.6.1 24 交换机8 sys sys sw8 vlan batch 40 50 60 97 98 int eth-trunk 1 mode lacp quit int g0/0/1 eth-trunk 1 int g0/0/6 eth-trunk 1 quit int g0/0/2 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/3 port link-type trunk port trunk allow-pass vlan 10 to 100 int eth-trunk 1 port link-type trunk port trunk allow-pass vlan 10 to 100 int g0/0/4 port link-type access port default vlan 97 int g0/0/5 port link-type access port default vlan 98 int vlanif 40 ip address 172.22.40.200 24 int vlanif 50
ip address 172.22.50.200 24
int vlanif 60 ip address 172.22.60.200 24
int vlanif 97 ip address 172.22.7.1 24
int vlanif 98 ip address 172.22.8.1 24 路由器1---IP地址配置 sys sys r1 int g5/0/3
ip address 172.22.1.2 24 int g0/0/1
ip address 172.22.3.2 24 int g0/0/2
ip address 172.22.5.2 24
int g0/0/0
ip address 172.22.7.2 24
int g5/0/0 ip address 172.22.9.1 24
int g5/0/1 ip address 115.200.60.1 24
int g5/0/2 ip address 172.22.70.1 24
int loop 1 ip address 1.1.1.1 32 //用于组播和测试 路由器2---IP地址配置 sys sys r2 int g0/0/0
ip address 172.22.2.2 24 int g0/0/1
ip address 172.22.4.2 24 int g0/0/2
ip address 172.22.6.2 24
int g2/0/0
ip address 172.22.8.2 24
int g2/0/1 ip address 172.22.9.2 24
int g2/0/2 ip address 223.104.244.1 24
int g2/0/3 ip address 172.22.80.1 24
int loop 1 ip address 2.2.2.2 32 //用于组播 2.dhcp方面在汇聚层交换机上配置dhcp用于给接入层的主机分配地址---http客户端可能得自己设置地址不能dhcp自动获得因此在配置dhcp地址池的时候应预先保留一部分的地址空间 交换机5 sys dhcp enable ip pool forvlan10 gateway-list 172.22.10.254 network 172.22.10.0 mask 24 lease day 1 excluded-ip-address 172.22.10.100 172.22.10.253 ip pool forvlan20 gateway-list 172.22.20.254 network 172.22.20.0 mask 24 lease day 1 excluded-ip-address 172.22.20.100 172.22.20.253 ip pool forvlan30 gateway-list 172.22.30.254 network 172.22.30.0 mask 24 lease day 1 excluded-ip-address 172.22.30.100 172.22.30.253 interface vlanif 10 dhcp select global
interface vlanif 20 dhcp select global
interface vlanif 30 dhcp select global 交换机6 sys dhcp enable ip pool forvlan10 gateway-list 172.22.10.254 network 172.22.10.0 mask 24 lease day 1 excluded-ip-address 172.22.10.1 172.22.10.100 excluded-ip-address 172.22.10.200 172.22.10.253 ip pool forvlan20 gateway-list 172.22.20.254 network 172.22.20.0 mask 24 lease day 1 excluded-ip-address 172.22.20.1 172.22.20.100 excluded-ip-address 172.22.20.200 172.22.20.253 ip pool forvlan30 gateway-list 172.22.30.254 network 172.22.30.0 mask 24 lease day 1 excluded-ip-address 172.22.30.1 172.22.30.100 excluded-ip-address 172.22.30.200 172.22.30.253 interface vlanif 10 dhcp select global
interface vlanif 20 dhcp select global
interface vlanif 30 dhcp select global 交换机7 sys dhcp enable ip pool forvlan40 gateway-list 172.22.40.254 network 172.22.40.0 mask 24 lease day 1 excluded-ip-address 172.22.40.100 172.22.40.253 ip pool forvlan50 gateway-list 172.22.50.254 network 172.22.50.0 mask 24 lease day 1 excluded-ip-address 172.22.50.100 172.22.50.253 ip pool forvlan60 gateway-list 172.22.60.254 network 172.22.60.0 mask 24 lease day 1 excluded-ip-address 172.22.60.100 172.22.60.253 interface vlanif 40 dhcp select global
interface vlanif 50 dhcp select global
interface vlanif 60 dhcp select global 交换机8 sys dhcp enable ip pool forvlan40 gateway-list 172.22.40.254 network 172.22.40.0 mask 24 lease day 1 excluded-ip-address 172.22.40.1 172.22.40.100 excluded-ip-address 172.22.40.200 172.22.40.253 ip pool forvlan50 gateway-list 172.22.50.254 network 172.22.50.0 mask 24 lease day 1 excluded-ip-address 172.22.50.1 172.22.50.100 excluded-ip-address 172.22.50.200 172.22.50.253 ip pool forvlan60 gateway-list 172.22.60.254 network 172.22.60.0 mask 24 lease day 1 excluded-ip-address 172.22.60.1 172.22.60.100 excluded-ip-address 172.22.60.200 172.22.60.253 interface vlanif 40 dhcp select global
interface vlanif 50 dhcp select global
interface vlanif 60 dhcp select global 至此各个vlan的主机ping 172.22.x.100和 172.22.x.200 都能ping通 3.mstp方面接入层和汇聚层的交换机配置mstp协议实现不同vlan对应的mstp实例的根桥不同以实现负载分担和主备备份-----注意对于一个vlan来说mstp的根桥和vrrp的主交换机应该一致 交换机5
sys stp region-configuration region-name campusnet1 revision-level 1 instance 1 vlan 10 instance 2 vlan 20 instance 3 vlan 30 active region- configuration stp instance 1 root primary stp instance 2 root secondary stp instance 3 root secondary 交换机6
sys stp region-configuration region-name campusnet1 revision-level 1 instance 1 vlan 10 instance 2 vlan 20 instance 3 vlan 30 active region-configuration quit stp instance 1 root secondary stp instance 2 root primary stp instance 3 root primary 交换机1
sys stp region-configuration region-name campusnet1 revision-level 1 instance 1 vlan 10 active region-configuration 交换机2
sys stp region-configuration region-name campusnet1 revision-level 1 instance 2 vlan 20 instance 3 vlan 30 active region-configuration 交换机7
sys stp region-configuration region-name campusnet2 revision-level 1 instance 1 vlan 40 instance 2 vlan 50 instance 3 vlan 60 active region-configuration stp instance 2 root primary stp instance 1 root secondary stp instance 3 root secondary 交换机8
sys stp region-configuration region-name campusnet2 revision-level 1 instance 1 vlan 40 instance 2 vlan 50 instance 3 vlan 60 active region-configuration quit stp instance 2 root secondary stp instance 1 root primary stp instance 3 root primary 交换机3
sys stp region-configuration region-name campusnet2 revision-level 1 instance 1 vlan 40 instance 2 vlan 50 active region-configuration 交换机4
sys stp region-configuration region-name campusnet2 revision-level 1 instance 3 vlan 60 active region-configuration 4.vrrp方面对汇聚层和核心层的交换机路由器配置vrrp协议实现不同vlan的主备备份和负载分担-----注意对于一个vlan来说mstp的根桥和vrrp的主交换机应该一致 交换机5
sys int vlanif 10
vrrp vrid 1 virtual-ip 172.22.10.254
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 3
vrrp vrid 1 authentication-mode md5 campus
int vlanif 20
vrrp vrid 2 virtual-ip 172.22.20.254
vrrp vrid 2 priority 90
vrrp vrid 2 preempt-mode timer delay 3
vrrp vrid 2 authentication-mode md5 campus
int vlanif 30
vrrp vrid 3 virtual-ip 172.22.30.254
vrrp vrid 3 priority 90
vrrp vrid 3 preempt-mode timer delay 3
vrrp vrid 3 authentication-mode md5 campus 交换机6
sys int vlanif 10
vrrp vrid 1 virtual-ip 172.22.10.254
vrrp vrid 1 priority 90
vrrp vrid 1 preempt-mode timer delay 3
vrrp vrid 1 authentication-mode md5 campus
int vlanif 20
vrrp vrid 2 virtual-ip 172.22.20.254
vrrp vrid 2 priority 110
vrrp vrid 2 preempt-mode timer delay 3
vrrp vrid 2 authentication-mode md5 campus
int vlanif 30
vrrp vrid 3 virtual-ip 172.22.30.254
vrrp vrid 3 priority 110
vrrp vrid 3 preempt-mode timer delay 3
vrrp vrid 3 authentication-mode md5 campus 交换机7
sys int vlanif 40
vrrp vrid 1 virtual-ip 172.22.40.254
vrrp vrid 1 priority 90
vrrp vrid 1 preempt-mode timer delay 3
vrrp vrid 1 authentication-mode md5 campus
int vlanif 50
vrrp vrid 2 virtual-ip 172.22.50.254
vrrp vrid 2 priority 110
vrrp vrid 2 preempt-mode timer delay 3
vrrp vrid 2 authentication-mode md5 campus
int vlanif 60
vrrp vrid 3 virtual-ip 172.22.60.254
vrrp vrid 3 priority 90
vrrp vrid 3 preempt-mode timer delay 3
vrrp vrid 3 authentication-mode md5 campus 交换机8
sys int vlanif 40
vrrp vrid 1 virtual-ip 172.22.40.254
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode timer delay 3
vrrp vrid 1 authentication-mode md5 campus
int vlanif 50
vrrp vrid 2 virtual-ip 172.22.50.254
vrrp vrid 2 priority 90
vrrp vrid 2 preempt-mode timer delay 3
vrrp vrid 2 authentication-mode md5 campus
int vlanif 60
vrrp vrid 3 virtual-ip 172.22.60.254
vrrp vrid 3 priority 110
vrrp vrid 3 preempt-mode timer delay 3
vrrp vrid 3 authentication-mode md5 campus 5.nat方面在核心层交换机的出口流量处配置nat映射acl设置成对内网已知的网段允许nat映射 路由器1和路由器2
sys
acl 2999 rule 5 permit source 0.0.0.0 0.0.255.255
quit
int g5/0/1 | int g2/0/2 nat out bound 2999
quit 6.ospf方面 交换机5
sys ospf 1 area 0 network 172.22.10.100 0.0.0.255 network 172.22.20.100 0.0.0.255 network 172.22.30.100 0.0.0.255 network 172.22.1.1 0.0.0.255 network 172.22.2.1 0.0.0.255 交换机6
sys ospf 1 area 0 network 172.22.10.200 0.0.0.255 network 172.22.20.200 0.0.0.255 network 172.22.30.200 0.0.0.255 network 172.22.3.1 0.0.0.255 network 172.22.4.1 0.0.0.255 交换机7
sys ospf 1 area 0 network 172.22.40.100 0.0.0.255 network 172.22.50.100 0.0.0.255 network 172.22.60.100 0.0.0.255 network 172.22.5.1 0.0.0.255 network 172.22.6.1 0.0.0.255 交换机8
sys ospf 1 area 0 network 172.22.40.200 0.0.0.255 network 172.22.50.200 0.0.0.255 network 172.22.60.200 0.0.0.255 network 172.22.7.1 0.0.0.255 network 172.22.8.1 0.0.0.255 路由器1 sys ospf 1 area 0 network 172.22.1.2 0.0.0.255 network 172.22.3.2 0.0.0.255 network 172.22.5.2 0.0.0.255 network 172.22.7.2 0.0.0.255 network 1.1.1.1 0.0.0.0 network 172.22.9.1 0.0.0.255 network 115.200.60.1 0.0.0.255 network 172.22.70.1 0.0.0.255 路由器2 sys ospf 1 area 0 network 172.22.2.2 0.0.0.255 network 172.22.4.2 0.0.0.255 network 172.22.6.2 0.0.0.255 network 172.22.8.2 0.0.0.255 network 2.2.2.2 0.0.0.0 network 172.22.9.2 0.0.0.255 network 223.104.244.1 0.0.0.255 network 172.22.80.1 0.0.0.255 至此各个主机ping 1.1.1.1 2.2.2.2115.200.60.2223.104.244.2都能ping通 7 igmp和pim方面 交换机5 sys multicast routing-enable
int vlanif 10 pim sm int vlanif 20 pim sm int vlanif 30 pim sm int vlanif 91 pim sm int vlanif 92 pim sm quit int vlanif 10 igmp enable igmp version 2 int vlanif 20 igmp enable igmp version 2
int vlanif 30 igmp enable igmp version 2 pim static-rp 1.1.1.1 交换机6 sys multicast routing-enable
int vlanif 10 pim sm int vlanif 20 pim sm int vlanif 30 pim sm int vlanif 93 pim sm int vlanif 94 pim sm quit int vlanif 10 igmp enable igmp version 2 int vlanif 20 igmp enable igmp version 2
int vlanif 30 igmp enable igmp version 2 pim static-rp 1.1.1.1 交换机7 sys multicast routing-enable
int vlanif 40 pim sm int vlanif 50 pim sm int vlanif 60 pim sm int vlanif 95 pim sm int vlanif 96 pim sm quit int vlanif 40 igmp enable igmp version 2 int vlanif 50 igmp enable igmp version 2
int vlanif 60 igmp enable igmp version 2 pim static-rp 1.1.1.1 交换机8 sys multicast routing-enable
int vlanif 40 pim sm int vlanif 50 pim sm int vlanif 60 pim sm int vlanif 97 pim sm int vlanif 98 pim sm quit int vlanif 40 igmp enable igmp version 2 int vlanif 50 igmp enable igmp version 2
int vlanif 60 igmp enable igmp version 2 pim static-rp 1.1.1.1 路由器1 sys multicast routing-enable int g5/0/3
pim sm int g0/0/1
pim sm int g0/0/2
pim sm
int g0/0/0 pim sm
int g5/0/0 pim sm
int loopback 1 pim sm
int g5/0/1 pim sm
int g5/0/2 pim sm
quit
pim static-rp 1.1.1.1 c-bsr priority 3 c-bsr loopback 1 c-rp priority 1 c-rp loopback 1 quit 路由器1 sys multicast routing-enable int g0/0/0
pim sm int g0/0/1
pim sm int g0/0/2
pim sm
int g2/0/0 pim sm
int g2/0/3 pim sm
int loopback 1 pim sm
int g2/0/2 pim sm
int g2/0/1 pim sm
quit
pim static-rp 1.1.1.1 c-rp priority 3 c-rp loopback 1 quit 至此各个主机都能收到组播源的数据 8.bfd方面bfd协议用于辅助vrrp和ospf协议实现快速切换主备以减少流量的丢失提高网络健壮性 交换机5 sys bfd bfd 1
bfd 1 bind peer-ip 172.22.1.2 source-ip 172.22.1.1
discriminator local 11
discriminator remote 21
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit bfd 2
bfd 2 bind peer-ip 172.22.2.2 source-ip 172.22.2.1
discriminator local 12
discriminator remote 22
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit int vlanif 10 vrrp vrid 1 track bfd-session 10 reduced 10 vrrp vrid 1 track bfd-session 11 reduced 10 交换机6 sys bfd bfd 3
bfd 3 bind peer-ip 172.22.3.2 source-ip 172.22.3.1
discriminator local 13
discriminator remote 23
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit bfd 4
bfd 4 bind peer-ip 172.22.4.2 source-ip 172.22.4.1
discriminator local 14
discriminator remote 24
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit int vlanif 20 vrrp vrid 2 track bfd-session 13 reduced 10 vrrp vrid 2 track bfd-session 14 reduced 10
int vlanif 30 vrrp vrid 3 track bfd-session 13 reduced 10 vrrp vrid 3 track bfd-session 14 reduced 10 交换机7 sys bfd quit bfd 5
bfd 5 bind peer-ip 172.22.5.2 source-ip 172.22.5.1
discriminator local 15
discriminator remote 25
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit bfd 6
bfd 6 bind peer-ip 172.22.6.2 source-ip 172.22.6.1
discriminator local 16
discriminator remote 26
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit int vlanif 50 vrrp vrid 2 track bfd-session 15 reduced 10 vrrp vrid 2 track bfd-session 16 reduced 10 交换机8 sys bfd quit bfd 7
bfd 7 bind peer-ip 172.22.7.2 source-ip 172.22.7.1
discriminator local 17
discriminator remote 27
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit bfd 8
bfd 8 bind peer-ip 172.22.8.2 source-ip 172.22.8.1
discriminator local 18
discriminator remote 28
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit int vlanif 40 vrrp vrid 1 track bfd-session 17 reduced 10 vrrp vrid 1 track bfd-session 18 reduced 10
int vlanif 60 vrrp vrid 3 track bfd-session 17 reduced 10 vrrp vrid 3 track bfd-session 18 reduced 10 路由器1
sys bfd quit bfd 1 bfd 1 bind peer-ip 172.22.1.1 source-ip 172.22.1.2 discriminator local 21
discriminator remote 11
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 3 bfd 3 bind peer-ip 172.22.3.1 source-ip 172.22.3.2 discriminator local 23
discriminator remote 13
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 5 bfd 5 bind peer-ip 172.22.5.1 source-ip 172.22.5.2 discriminator local 25
discriminator remote 15
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 7 bfd 7 bind peer-ip 172.22.7.1 source-ip 172.22.7.2 discriminator local 27
discriminator remote 17
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit 路由器2
sys bfd quit bfd 2 bfd 2 bind peer-ip 172.22.2.1 source-ip 172.22.2.2 discriminator local 22
discriminator remote 12
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 4 bfd 4 bind peer-ip 172.22.4.1 source-ip 172.22.4.2 discriminator local 24
discriminator remote 14
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 6 bfd 6 bind peer-ip 172.22.6.1 source-ip 172.22.6.2 discriminator local 26
discriminator remote 16
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit
bfd 8 bfd 8 bind peer-ip 172.22.8.1 source-ip 172.22.8.2 discriminator local 28
discriminator remote 18
detect-multiplier 3
min-tx-interval 100
min-rx-interval 100
commit quit display vrrp brief
display vrrp 1 9.端口镜像/防火墙方面在核心层路由器连接防火墙侧配置端口镜像使其通过流量同时复制到防火墙用于入侵检测或者攻击分析 路由器1 sys observe-port interface GigabitEthernet 5/0/2 int g5/0/3 mirror to observe-port both int g0/0/1 mirror to observe-port both int g0/0/2 mirror to observe-port both int g0/0/0 mirror to observe-port both int g5/0/0 mirror to observe-port both int g5/0/1 mirror to observe-port both 路由器2 sys observe-port interface GigabitEthernet 2/0/3 int g0/0/0 mirror to observe-port both int g0/0/1 mirror to observe-port both int g0/0/2 mirror to observe-port both int g2/0/0 mirror to observe-port both int g2/0/2 mirror to observe-port both int g2/0/1 mirror to observe-port both 10.配置kali虚拟机到目标网络 配置VMware中的虚拟网卡此配置为172.22.30.x网段并将其连接到交换机上注意交换机要配置端口类型为access并确保无ip地址冲突—真机的ip地址 kali虚拟机从交换机的dhcp服务器上获取ip地址 kali注意要先nat联网下载Dsniff套装工具集之后再连接到ensp虚拟环境切记不要在nat模式下使用macof macof的攻击指令 sudo macof 交换机2(实际是在所有上下行接口配置此处演示需要只在一个接口配置) sys
int g0/0/5 port-security enable port-security protect-action shutdown
port-security max-mac-num 50
port-security aging-time 1000 arp anti-attack entry-check fixed-all enable
arp gratuitous-arp send enable
arp gratuitous-arp send interval 1 启用ip报文转发模式echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
arp欺骗的指令sudo arpspoof -i eth0 -t 172.22.30.199 172.22.30.254 arp –d清理arp表 arp –a 查看arp表 第一条配置arp固化实验中没法显示将本来接入的正常主机替换为攻击的kali机再发送arp欺骗时可能可以显示效果
第二第三条配置免费arp并设置时间间隔为0.5s只能在一定程度上抵抗已经接入的“可信”主机
还可以配置dhcp snooping并在其基础上配置动态arp检测以在新主机接入时就防范于未然
还可以直接在主机上指定静态arp来预防 11.端口安全和密钥方面vrrp中使用了md5认证交换机2配置了端口安全用于限制mac地址最大学习数量交换机2.5.6配置了免费arp和arp固话用于预防arp欺骗telnet远程认证配置了aaa认证,nat配置了对应的acl 12.主机侧的http 学习到的
1~~~导入已有的包需要设置tomcat环境配置项目结构
2~~~leaflet的access_token已经过期需要自己去Account | Mapbox注册账号并替换
3~~~leaflet的地图库似乎更新了需要更换参数和导入方式 注意要开启mysql服务
ensp虚拟环境的任意http客户端通过该网址获取内容http://223.104.244.33:8888/Idea_war_exploded/index.html 主机记得关闭防火墙否则ping不通 13.telnet配置交换机和路由器
路由器1、2和交换机5-8
sys aaa local-user campaus privilege level 15 local-user campaus password cipher campaus quit user-interface vty 0 4
authentication-mode aaa quit ctrl]退出telnet界面 13.ftp在外网服务器上直接开启ftp服务即可
14.dns
交换机56
sys ip pool forvlan10 dns-list 223.104.244.2 ip pool forvlan20 dns-list 223.104.244.2
ip pool forvlan30 dns-list 223.104.244.2 交换机78
sys ip pool forvlan40 dns-list 223.104.244.2 ip pool forvlan50 dns-list 223.104.244.2
ip pool forvlan60 dns-list 223.104.244.2 15.m0n0wall防火墙于172.22.70.x网段处配置了m0n0wall防火墙可用于如流量控制流量监控的作用 16.wireshark 统计---捕获文件属性协议分级 snmp-agent
snmp-agent community read campaus
snmp-agent community read campaus1
snmp-agent sys-info version all
snmp-agent target-host trap-hostname zjut address 223.104.244.33 udp-port 162 trap-paramsname zjut
snmp-agent trap enable 开启步骤主机联网并关闭防火墙kali虚拟机端的云可能需要手动undo shutdown下---开启kali虚拟机和windows虚拟机windows 7为snmp用 有待改进的地方 内网ospf可以划分多个区域将核心层至出口路由器组成区域0核心层和汇聚层间的路由器/三层交换机组成区域x snmp-网管系统dhcp安全àipsg防止用户私自修改ip或防止非法用户使用静态ip地址私自接入和dai新开个端口接入设备模拟arp和dhcp攻击mac地址防漂移
