시스코 장비 공부중입니다.
설정하는데 어떤식으로 해야할지 몰라 질문드립니다.
일단 원하는 구성은 위와 같습니다.
서버1~3 에서 PC로는 통신이 되어야 하지만 인터넷은 되지 않아야 합니다.
즉 192.168.0.0/24 만 라우팅을 하고 싶은겁니다.
공유기 설정은 아래와 같이 했습니다.
지금까지는 아래와 같이 구성했습니다.
라우팅을 어떻게 걸어야 할지 몰라서 질문올립니다.
--------
Current configuration : 2850 bytes
!
! Last configuration change at 15:51:29 KST Wed Sep 14 2022
! NVRAM config last updated at 17:59:35 KST Tue Sep 13 2022
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
clock timezone KST 9
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip name-server 8.8.8.8
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
switchport access vlan 31
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 31
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 31
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 31
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 32
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 32
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 32
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 32
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 33
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 33
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 33
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 33
switchport mode access
!
interface GigabitEthernet1/0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
description Uplink Port
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
!
interface Vlan31
ip address 10.31.0.1 255.255.0.0
!
interface Vlan32
ip address 10.32.0.1 255.255.0.0
!
interface Vlan33
ip address 10.33.0.1 255.255.0.0
!
ip default-gateway 192.168.0.1
ip classless
ip http server
ip http secure-server
!
!
logging 192.168.0.204
!
!
vstack
!
line con 0
speed 115200
line vty 5 15
!
ntp clock-period 36028834
ntp server 211.233.40.78
ntp server 17.253.116.253
end
--------------------------
À̷лó ACL(access-list)À¸·Î ƯÁ¤ ´ë¿ª ¹× Æ÷Æ®¿¡ ´ëÇؼ Åë½ÅÀ» Â÷´Ü ÇÒ ¼ö Àִµ¥, ÀÎÅÍ³Ý ´ë¿ª¿¡ ´ëÇؼ´Â ¸·´Â °ÍÀº °ÅÀÇ ¹«¸ð Çϱ⠶§¹®¿¡ ±¸Á¶»ó »ó´Ü IP Time(ex. Firewall or Router)¿¡¼ ¸·´Â °ÍÀÌ ¸Â½À´Ï´Ù.
±×¸®°í ½Ç¹« ȯ°æ¿¡¼´Â L3 S/W ºÎÇÏ ¶§¹®¿¡ Åë½Å¿¡ ´ëÇÑ ACLÀº »ç¿ë ÇÏÁö ¾Ê½À´Ï´Ù.
¶ó¿ìÆÃÀ» ¹» Ãß°¡ ÇØ¾ß ÇÒ±î¿ä?
vlan 1 »èÁ¦ ===================================
no ip address 192.168.0.254 255.255.255.0
no interface Vlan1
Interface¿¡ IP ÇÒ´ç ============================================
interface GigabitEthernet1/0/24
description Uplink Port
no switchport
ip address 192.168.0.254 255.255.255.0
ip default-gateway¿Í ip default-network, ±×¸®°í Static(ex. route 0.0.0.0 0.0.0.0 x.x.x.x )ÀÌ 3°¡Áö Â÷ÀÌÁ¡À» Àß ¾Ë°í »ç¿ë ÇϽô °ÍÀ» ±Ç°í ÇÕ´Ï´Ù.
Áö±ÝÀº ¾÷ ¸µÅ© ÀÎÅÍÆäÀ̽º°¡ 1°³¶ó¼ ip default-gateway¸¸ Çصµ Å« ¹®Á¦°¡ ¾øÁö¸¸, ½Ç¹«¿¡¼´Â Àß »ç¿ë ÇÏÁö ¾Ê½À´Ï´Ù.
½Ç¹«¿¡¼´Â °ÅÀÇ Static RouteÀ» ¸¹ÀÌ »ç¿ë ÇÕ´Ï´Ù.
%Default VLAN 1 may not be deleted.
vlan 1 Àº »èÁ¦°¡ µÇÁú ¾Ê±¸¿ä
¸»¾¸ÇϽŴë·Î 24¹ø ¾÷¸µÅ© Æ÷Æ® ¼³Á¤À» À§¿Í°°ÀÌ Çߴµ¥µµ
PC¿¡¼ vlan 31 Gateway 10.31.0.1 ·Î ÇÎÀÌ °¡Áú ¾Ê½À´Ï´Ù.
PC¿¡¼ 192.168.0.254·Î´Â ÇÎÀÌ °©´Ï´Ù.
½ºÀ§Ä¡¿¡¼ vlan31, 32, 33 ÂÊÀ¸·Î ¶ó¿ìÆÃÀ» ÇØÁà¾ß ÇÒ°Í °°Àºµ¥ ±×ºÎºÐÀÌ ÇÊ¿äÇѰɱî¿ä?
interface GigabitEthernet1/0/24
description Uplink Port
no switchport
ip address 192.168.0.254 255.255.255.0
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan31
ip address 10.31.0.1 255.255.0.0
!
interface Vlan32
ip address 10.32.0.1 255.255.0.0
!
interface Vlan33
ip address 10.33.0.1 255.255.0.0
!
ip default-gateway 192.168.0.1
ip classless
ip http server
ip http secure-server
¼³Á¤À» ´Ù½Ã º¸´Ï. vlan inteface ¼³Á¤¸¸ µÇ¾î ÀÖ°í, vlan ¼±¾ð ¼³Á¤ ºÎºÐÀÌ ºüÁ® Àֳ׿ä. ÀÌ°Å ¼³Á¤ ¾È ÇØ ÁÖ¸é vlan È°¼ºÈ ¾È µÇÁö ¾Ê³ª¿ä?
¾Æ¸¶ ¼¹ö 1 ~3¹ø¿¡¼¼¼ G/WÀ¸·Î´Â Á¤»ó Åë½Åµµ ¾È µÉ°Å °°Àºµ¥, vlan ¼±¾ð ¼³Á¤ Ãß°¡ ÇØ ÁÖ¼¼¿ä.
vlan 31
name vlan31-Description
vlan 32
name vlan32-Description
vlan 33
name vlan33-Description
À§¿Í °°ÀÌ Çؼ ¼¹ö 1~3ÀÌ G/WÀ¸·Î pingÀÌ µÇ´ÂÁö ¸ÕÀú È®ÀÎ Çϼ¼¿ä. ÀÌ ºÎºÐÀÌ ¸ÕÀú Åë½ÅÀÌ µÇ¾î¾ß ´ÙÀ½ ¼ø¼°¡ ¶ó¿ìÆà º¸´Â °Í ÀÔ´Ï´Ù.
¼¹ö 1~3¹øÀÌ G/W Åë½ÅÀÌ µÇ´Âµ¥. ±×·¡µµ ¾È µÇ¸é,
ip default-gateway 192.168.0.1 ¼³Á¤ »èÁ¦ ÇÏ°í, route 0.0.0.0 0.0.0. 192.168.0.1 À¸·Î º¯°æ ÇØ º¸¼¼¿ä.
default-gateway´Â ¹«Á¶°Ç ¼³Á¤µÈ °÷À¸·Î °¡´Â°Å¶ó¼ Àß »ç¿ë ÇÏÁö ¾Ê´Â °æ¿ì°¡ ¸¹¾Æ¼¿ä.
vlan1Àº »èÁ¦ ¾È µÇ´Â °ÍÀº default native vlanÀÌ¿©¼ »èÁ¦ ¾È µÉ ¼öµµ ÀÖ½À´Ï´Ù.
¼¹ö´Â Port°¡ 4°³ÀÌ´Ï..
¼¹ö Ethernet
1¹ø Port :10.31.0.x/24 Àâ°í
2¹ø Port :192.168.0.x /24 Àâ¾ÆÁÖ¸é.
ÀÌ·±½ÄÀ¸·Î Åë½ÅÇÏ¸é µÉ°Í °°Àºµ¥¿ä..
2¹ø Æ÷Æ®¿Í PC¸¦ ¿¬°á.
»óȲºÁ¼ PC¿Í ¼¹ö¸¦ ¿¬°áÇÒ PortµéÀº °°Àº VLAN Àâ¾ÆÁּŵµ µÉ °Í °°±¸¿ä.
´Ü¼øÈ÷ VLAN±¸¼ºÇÏ°í Æ÷Æ®¸¦ ÇØ´ç VLAN ¾×¼¼½º·Î ¼±¾ðÇÑÈÄ
¾÷¸µÅ©´Â no switchport ·Î ±×³É °øÀ¯±â ip´ë¿ª¸¸ ¼±¾ðÇÏ¸é ³¡À̾ú³×¿ä
¸¶Áö¸·À¸·Î ip routing ¼³Á¤Çϴϱñ ´Ù Àß µ¿ÀÛÇÕ´Ï´Ù.
°¨»çµå¸³´Ï´Ù.