Aufbau des Labors
- Eine Debian Maschine soll uns als Firewall dienen
- Daran wird ein Cisco Layer 2 Switch angeschlossen.
- Zu diesem gegen 3 Vlans 1,21,22
- VLAN 1 = MGMT
- VLAN 21 = CLIENTS
- VLAN 22 = SERVER
- Des weiteren sind an der Firewal das WAN und das DMZ Interface
Die Netzzuteilung
IPv4
- gateway 172.30.34.1
- nameserver 8.8.8.8
- search labXX.linuggs.de
| Teilnehmer |
Labor |
Netz |
Öffentliche Adresse |
MGMT |
CLIENTS |
SERVER |
DMZ
|
| TN01 |
lab00 |
172.26.0.0/22 |
172.30.34.1 |
172.26.0.0/24 |
172.26.1.0/24 |
172.26.2.0/24 |
172.26.3.0/24
|
| TN02 |
lab04 |
172.26.4.0/22 |
172.30.34.2 |
172.26.4.0/24 |
172.26.5.0/24 |
172.26.6.0/24 |
172.26.7.0/24
|
| TN03 |
lab08 |
172.26.8.0/22 |
172.30.34.3 |
172.26.8.0/24 |
172.26.9.0/24 |
172.26.10.0/24 |
172.26.11.0/24
|
| TN04 |
lab0c |
172.26.12.0/22 |
172.30.34.4 |
172.26.12.0/24 |
172.26.13.0/24 |
172.26.14.0/24 |
172.26.15.0/24
|
| TN05 |
lab10 |
172.26.16.0/22 |
172.30.34.5 |
172.26.16.0/24 |
172.26.17.0/24 |
172.26.18.0/24 |
172.26.19.0/24
|
| TN06 |
lab14 |
172.26.20.0/22 |
172.30.34.6 |
172.26.20.0/24 |
172.26.21.0/24 |
172.26.22.0/24 |
172.26.23.0/24
|
| TN07 |
lab18 |
172.26.24.0/22 |
172.30.34.7 |
172.26.24.0/24 |
172.26.25.0/24 |
172.26.26.0/24 |
172.26.27.0/24
|
| TN08 |
lab1c |
172.26.28.0/22 |
172.30.34.8 |
172.26.28.0/24 |
172.26.29.0/24 |
172.26.30.0/24 |
172.26.31.0/24
|
| TN09 |
lab20 |
172.26.32.0/22 |
172.30.34.9 |
172.26.32.0/24 |
172.26.33.0/24 |
172.26.34.0/24 |
172.26.35.0/24
|
| TN10 |
lab24 |
172.26.36.0/22 |
172.30.34.10 |
172.26.36.0/24 |
172.26.37.0/24 |
172.26.38.0/24 |
172.26.39.0/24
|
| TN11 |
lab28 |
172.26.40.0/22 |
172.30.34.11 |
172.26.40.0/24 |
172.26.41.0/24 |
172.26.42.0/24 |
172.26.43.0/24
|
| TN12 |
lab2c |
172.26.44.0/22 |
172.30.34.12 |
172.26.44.0/24 |
172.26.45.0/24 |
172.26.46.0/24 |
172.26.47.0/24
|
| TN13 |
lab30 |
172.26.48.0/22 |
172.30.34.13 |
172.26.48.0/24 |
172.26.49.0/24 |
172.26.50.0/24 |
172.26.51.0/24
|
| TN14 |
lab34 |
172.26.52.0/22 |
172.30.34.14 |
172.26.52.0/24 |
172.26.53.0/24 |
172.26.54.0/24 |
172.26.55.0/24
|
IPv6
- gateway 2a02:24d8:71:3000::1
- nameserver 2001:4860:4860:8888
- search labXX.linuggs.de
| Teilnehmer |
Labor |
Netz |
Öffentliche Adresse |
MGMT |
CLIENTS |
SERVER |
DMZ
|
| TN01 |
lab00 |
2a02:24d8:71:3000::/62 |
2a02:24d8:71:3040::3000 |
2a02:24d8:71:3000::/64 |
2a02:24d8:71:3001::/64 |
2a02:24d8:71:3002::/64 |
2a02:24d8:71:3003::/64
|
| TN02 |
lab04 |
2a02:24d8:71:3004::/62 |
2a02:24d8:71:3040::3004 |
2a02:24d8:71:3004::/64 |
2a02:24d8:71:3005::/64 |
2a02:24d8:71:3006::/64 |
2a02:24d8:71:3007::/64
|
| TN03 |
lab08 |
2a02:24d8:71:3008::/62 |
2a02:24d8:71:3040::3008 |
2a02:24d8:71:3008::/64 |
2a02:24d8:71:3009::/64 |
2a02:24d8:71:300a::/64 |
2a02:24d8:71:300b::/64
|
| TN04 |
lab0c |
2a02:24d8:71:300c::/62 |
2a02:24d8:71:3040::300c |
2a02:24d8:71:300c::/64 |
2a02:24d8:71:300d::/64 |
2a02:24d8:71:300e::/64 |
2a02:24d8:71:300f::/64
|
| TN05 |
lab10 |
2a02:24d8:71:3010::/62 |
2a02:24d8:71:3040::3010 |
2a02:24d8:71:3010::/64 |
2a02:24d8:71:3011::/64 |
2a02:24d8:71:3012::/64 |
2a02:24d8:71:3013::/64
|
| TN06 |
lab14 |
2a02:24d8:71:3014::/62 |
2a02:24d8:71:3040::3014 |
2a02:24d8:71:3014::/64 |
2a02:24d8:71:3015::/64 |
2a02:24d8:71:3016::/64 |
2a02:24d8:71:3017::/64
|
| TN07 |
lab18 |
2a02:24d8:71:3018::/62 |
2a02:24d8:71:3040::3018 |
2a02:24d8:71:3018::/64 |
2a02:24d8:71:3019::/64 |
2a02:24d8:71:301a::/64 |
2a02:24d8:71:301b::/64
|
| TN08 |
lab1c |
2a02:24d8:71:301c::/62 |
2a02:24d8:71:3040::301c |
2a02:24d8:71:301c::/64 |
2a02:24d8:71:301d::/64 |
2a02:24d8:71:301e::/64 |
2a02:24d8:71:301f::/64
|
| TN09 |
lab20 |
2a02:24d8:71:3020::/62 |
2a02:24d8:71:3040::3020 |
2a02:24d8:71:3020::/64 |
2a02:24d8:71:3021::/64 |
2a02:24d8:71:3022::/64 |
2a02:24d8:71:3023::/64
|
| TN10 |
lab24 |
2a02:24d8:71:3024::/62 |
2a02:24d8:71:3040::3024 |
2a02:24d8:71:3024::/64 |
2a02:24d8:71:3025::/64 |
2a02:24d8:71:3026::/64 |
2a02:24d8:71:3027::/64
|
| TN11 |
lab28 |
2a02:24d8:71:3028::/62 |
2a02:24d8:71:3040::3028 |
2a02:24d8:71:3028::/64 |
2a02:24d8:71:3029::/64 |
2a02:24d8:71:302a::/64 |
2a02:24d8:71:302b::/64
|
| TN12 |
lab2c |
2a02:24d8:71:302c::/62 |
2a02:24d8:71:3040::302c |
2a02:24d8:71:302c::/64 |
2a02:24d8:71:302d::/64 |
2a02:24d8:71:302e::/64 |
2a02:24d8:71:302f::/64
|
| TN13 |
lab30 |
2a02:24d8:71:3030::/62 |
2a02:24d8:71:3040::3030 |
2a02:24d8:71:3030::/64 |
2a02:24d8:71:3031::/64 |
2a02:24d8:71:3032::/64 |
2a02:24d8:71:3033::/64
|
| TN14 |
lab34 |
2a02:24d8:71:3034::/62 |
2a02:24d8:71:3040::3034 |
2a02:24d8:71:3034::/64 |
2a02:24d8:71:3035::/64 |
2a02:24d8:71:3036::/64 |
2a02:24d8:71:3037::/64
|
Die Firewall
Setzen und anpassen des Hostnamen
- LAB=lab34
- hostnamectl set-hostname $LAB.linuggs.de
- hostnamectl
Static hostname: lab34.linuggs.de
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: a736abd11f52406db0e02d7a3877059b
Boot ID: 089a7ce53e6a429797007e7e4acba90b
Virtualization: oracle
Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.1.0-25-amd64
Architecture: x86-64
Hardware Vendor: innotek GmbH
Hardware Model: VirtualBox
Firmware Version: VirtualBox
127.0.0.1 localhost
127.0.1.1 firewall.lab34.int firewall
Installation des vlan Paketes
Anpassen der Netzwerk Konfiguration
- cat /etc/network/interfaces
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# WAN
auto enp0s3
iface enp0s3 inet static
address 172.30.34.14
gateway 172.30.34.254
iface enp0s3 inet6 static
address 2a02:24d8:71:3040::3034/64
gateway 2a02:24d8:71:3040::1
#MGMT
auto enp0s9
iface enp0s9 inet6 static
address 2a02:24d8:71:3034::1/64
iface enp0s9 inet static
address 172.26.52.1/24
#CLIENTS
auto enp0s9.21
iface enp0s9.21 inet6 static
address 2a02:24d8:71:3035::1/64
vlan-raw-device enp0s9
iface enp0s9.21 inet static
address 172.26.53.1/24
vlan-raw-device enp0s9
#SERVER
auto enp0s9.22
iface enp0s9.22 inet6 static
address 2a02:24d8:71:3036::1/64
vlan-raw-device enp0s9
iface enp0s9.22 inet static
address 172.26.54.1/24
vlan-raw-device enp0s9
#DMZ
auto enp0s8
iface enp0s8 inet6 static
address 2a02:24d8:71:3037::1/64
iface enp0s8 inet static
address 172.26.55.0/24
Forwarding anschalten
- echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
- echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf
Reboot
Der Cisco Router
Grundsätzliches
- Es dauert bis er bootet
- Zugang über ssh admin@localhost -p 3022
- User: admin
- Pass: admin
Wichtige Befehle
- Konfig anzeigen
- cisco# show running-config
- Konfig Modus
- cisco(config)# configure terminal
- Hostname setzen
- cisco(config)# hostname cisco-sw
- Wieder zurück
- Konfig zu Start Konfig machen
- cisco-sw# copy running-config startup-config
VLANS anlegen
- cisco-sw# configure terminal
- cisco-sw(config)# vlan 21
- cisco-sw(config-vlan)# name CLIENTS
- cisco-sw(config-vlan)# vlan 22
- cisco-sw(config-vlan)# name SERVER
- cisco-sw(config-vlan)# end
- cisco-sw# copy running-config startup-config
- cisco-sw# show vlan
Managment Interface Addressieren
- cisco-sw# conf t
- cisco-sw(config)# interface Vlan1
- cisco-sw(config-if)# description MGMT
- cisco-sw(config-if)# no shutdown
- cisco-sw(config-if)# ipv6 address 2a02:24d8:71:3034::2/64
- cisco-sw(config-if)# ip address 172.26.52.2/24
- cisco-sw(config-if)# end
- cisco-sw# show running-config interface vlan 1
!Command: show running-config interface Vlan1
!Running configuration last done at: Thu Oct 3 12:15:05 2024
!Time: Thu Oct 3 12:15:30 2024
version 10.1(1) Bios:version
interface Vlan1
description MGMT
no shutdown
ip address 172.26.52.2/24
ipv6 address 2a02:24d8:71:3034::2/64
- cisco-sw# copy running-config startup-config
Konnektivität testen
- cisco-sw# ping 172.26.52.1
- cisco-sw# ping6 2a02:24d8:71:3034::1
Defulat Routen
- cisco-sw# configure terminal
- cisco-sw(config)# ip route 0.0.0.0 0.0.0.0 172.26.52.1
- cisco-sw(config)# ipv6 route ::/0 2a02:24d8:71:3034::1
- cisco-sw(config)# end
Konnektivität testen
- cisco-sw# ping 8.8.8.8
- cisco-sw# ping6 2001:4860:4860::8888
![Bearbeiten](javascript:editDrawio("1506699959", "linux-heterogen-01.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}