DHCP NAT 및 SNMP 환경 확대 구축
토폴로지
DHCP NAT
- Router(vIOS1)
Router> en Router# conf t Router(config)# int g0/0 Router(config-if)# no shutdown Router(config-if)# ip add 000.000.000.000 255.255.255.0 //IP 예시 Router(config-if)# ip nat outside Router(config-if)# exit vIOS2 routing Router(config)# int g0/1 Router(config-if)# no shutdown Router(config-if)# ip add 192.168.11.1 255.255.255.0 Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly //보안 강화 Router(config-if)# duplex auto Router(config-if)# exit vIOS3 routing Router(config)# int g0/2 Router(config-if)# no shutdown Router(config-if)# ip add 192.168.12.1 255.255.255.0 Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly Router(config-if)# duplex auto Router(config-if)# exit HTTP 활성화 Router(config)# ip http server routing Router(config)# ip route 0.0.0.0 0.0.0.0 000.000.000.000 //IP 예시 Router(config)# ip routing NAT 설정 Router(config)# ip nat inside source list 1 int g0/0 overload Router(config)# access-list 1 permit 192.168.11.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.12.0 0.0.0.255 Router(config)# exit Router# write memory
- Router(vIOS2)
Router> en Router# conf t Router(config)# int g0/0 Router(config-if)# no shutdown Router(config-if)# ip add 192.168.11.11 255.255.255.0 //IP 예시 Router(config-if)# ip nat outside Router(config-if)# exit SERVER1 & CLIENT1 routing Router(config)# int g0/1 Router(config-if)# no shutdown Router(config-if)# no ip address Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly //보안 강화 Router(config-if)# duplex auto Router(config-if)# exit SERVER1 Router(config)# int g0/1.10 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip add 192.168.10.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# exit CLIENT1 Router(config)# int g0/1.20 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip add 192.168.20.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# ip helper-address 192.168.10.10 // 서버 IP Router(config-subif)# exit SERVER2 & CLIENT2 routing Router(config)# int g0/2 Router(config-if)# no shutdown Router(config-if)# no ip address Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly Router(config-if)# duplex auto Router(config-if)# exit SERVER1 Router(config)# int g0/2.30 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 30 Router(config-subif)# ip add 192.168.30.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# exit CLIENT1 Router(config)# int g0/2.40 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 40 Router(config-subif)# ip add 192.168.40.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# ip helper-address 192.168.30.30 // 서버 IP Router(config-subif)# exit HTTP 활성화 Router(config)# ip http server routing Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.11.1//IP 예시 Router(config)# ip routing NAT 설정 Router(config)# ip nat inside source list 1 int g0/0 overload Router(config)# access-list 1 permit 192.168.10.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.20.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.40.0 0.0.0.255 Router(config)# exit Router# write memory
- Router(vIOS3)
Router> en Router# conf t Router(config)# int g0/0 Router(config-if)# no shutdown Router(config-if)# ip add 192.168.12.12 255.255.255.0 //IP 예시 Router(config-if)# ip nat outside Router(config-if)# exit SERVER1 & CLIENT1 routing Router(config)# int g0/1 Router(config-if)# no shutdown Router(config-if)# no ip address Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly //보안 강화 Router(config-if)# duplex auto Router(config-if)# exit SERVER1 Router(config)# int g0/1.50 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 50 Router(config-subif)# ip add 192.168.50.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# exit CLIENT1 Router(config)# int g0/1.60 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 60 Router(config-subif)# ip add 192.168.60.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# ip helper-address 192.168.50.50 // 서버 IP Router(config-subif)# exit SERVER2 & CLIENT2 routing Router(config)# int g0/2 Router(config-if)# no shutdown Router(config-if)# no ip address Router(config-if)# ip nat inside Router(config-if)# ip virtual-reassembly Router(config-if)# duplex auto Router(config-if)# exit SERVER1 Router(config)# int g0/2.70 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 70 Router(config-subif)# ip add 192.168.70.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# exit CLIENT1 Router(config)# int g0/2.80 Router(config-subif)# no shutdown Router(config-subif)# encapsulation dot1q 80 Router(config-subif)# ip add 192.168.80.1 255.255.255.0 Router(config-subif)# ip nat inside Router(config-subif)# ip virtual-reassembly Router(config-subif)# ip helper-address 192.168.70.70 // 서버 IP Router(config-subif)# exit HTTP 활성화 Router(config)# ip http server routing Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.11.1//IP 예시 Router(config)# ip routing NAT 설정 Router(config)# ip nat inside source list 1 int g0/0 overload Router(config)# access-list 1 permit 192.168.50.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.60.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.70.0 0.0.0.255 Router(config)# access-list 1 permit 192.168.80.0 0.0.0.255 Router(config)# exit Router# write memory
- Swith 설정 예시(Switch5)
Switch> en Switch# conf t Switch(config)# vlan 10 Switch(config-vlan)# name SERVER1 Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name CLIENT1 Switch(config-vlan)# exit trunk 설정 Switch(config)# int g0/0 Switch(config-if)# switchport trunk encapsulation dopt1q Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed vlan 10,20 Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# int g0/1 Switch(config-if)# description SERVER1 Switch(config-if)# switchport access vlan 10 Switch(config-if)# switchport mode access Switch(config-if)# no shutdown Switch(config-if)# exit Switch(config)# int range g0/2-3, g1/0-1 Switch(config-if)# description CLIENT1 Switch(config-if)# switchport access vlan 20 Switch(config-if)# switchport mode access Switch(config-if)# no shutdown Switch(config-if)# end Switch# write memory
- Server 설정 예시 (Server1) - Ubuntu Server 20.04
고정 IP 설정 # vi /etc/netplan/01-netcfg.yaml 파일 수정 network: version: 2 renderer: networkd ethernets: eth0: //각 PC에 따라 변경 addresses: - 192.168.10.10/24 gateway4: 192.168.10.1 nameservers: addresses: [8.8.8.8, 8.8.4.4] :wq netplan 적용 # netplan apply ping 테스트 # ping 8.8.8.8 DHCP 패키지 설치 # apt-get update # apt-get install isc-dhcp-server -y DHCP 설정 # vi /etc/dhcp/dhcpd.conf 설정 파일 수정 option domain-name "example.local" option domain-name-servers 8.8.8.8, 8.8.4.4; subnet 192.168.10.0 netmask 255.255.255.0 { } subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.100 192.168.20.200; option routers 192.168.20.1; option domain-name-servers 8.8.8.8, 8.8.4.4; } :wq DHCP Interface 설정 # vi /etc/default/isc-dhcp-server 파일 수정 INTERFACESv4="eth0" :wq DHCP 데몬 재실행 # systemctl restart isc-dhcp-server # systemctl status isc-dhcp-server (active 뜨면 정상)
SNMP
- Router 설정 예시
Router> en Router# conf t Router(config)# snmp-server community [SNMP 그룹 ex) MAINSNMP] RO Router(config)# snmp-server enable traps Router(config)# exit Router# write memory
- Server 설정 예시 (Server1)
SNMP 패키지 설치 # apt-get update # apt-get install snmp -y # apt-get install snmpd -y SNMP 파일 편집 # vi /etc/snmp/snmpd.conf 파일 수정 agentAddress udp:161,udp6:[::1]:161 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.10.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.11.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.12.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.20.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.30.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.50.0/24 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.70.0/24 :wq SNMP 데몬 실행 # systemctl restart snmpd # systemctl status snmpd (active 뜨면 정상) 포트 개방 # iptables -A INPUT -p udp --dport 161 -j ACCEPT 저장 및 확인 # iptables-save | tee /etc/iptables/rules.v4 # iptables -L -n | grep 161
- Client 설정 예시(Client1)
SNMP 패키지 설치 # apt-get update # apt-get install snmp -y # apt-get install snmpd -y SNMP 파일 편집 # vi /etc/snmp/snmpd.conf 파일 수정 agentAddress udp:161,udp6:[::1]:161 rocommunity [SNMP 그룹 ex) MAINSNMP] 192.168.10.0/24 :wq SNMP 데몬 실행 # systemctl restart snmpd # systemctl status snmpd (active 뜨면 정상) 포트 개방 # iptables -A INPUT -p udp --dport 161 -j ACCEPT 저장 및 확인 # iptables-save | tee /etc/iptables/rules.v4 # iptables -L -n | grep 161
- Testing
# snmpwalk -v2c -c [SNMP 그룹 ex) MAINSNMP] 192.168.xx.xx