■Cisco3750のL2/L3設計と設定
まずはアクティブ、パッシブで接続出来るような
アクセスVLANとIP付与、スタティックルーティングできるような
環境を設計、設定してみる。
Switch#show version | include ^Model number
Model number : WS-C3750-24TS-E
Switch#show version | include ^Cisco
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
■まずはVLANとインターフェイスの関連を設計
$ cat vlanlist.log
VLAN101="[V-Internet]"
VLAN102="[V-DMZ]"
VLAN103="[V-Intra]"
VLAN104="[V-Internal1]"
VLAN105="[V-Internal2]"
VLAN106="[V-DMZ-BK]"
VLAN107="[V-Intra-BK]"
echo "
$ seq 1 14 | awk '{print "[fe1/0/"$1"]\t -- VLAN"(100+((($1%2)+$1)/2))"\t --> $VLAN"(100+((($1%2)+$1)/2))}' >> vlanlist.log
$ seq 1 14 | awk 'BEGIN {printf "(Cisco3750: "}{printf "[fe1/0/%d],",$1}' | sed -e 's/,$/)\n"/' >> vlanlist.log
$ /bin/bash vlanlist.log | graph-easy --dot > vlanlist.dot
$ dot -Tpng vlanlist.dot -o vlanlist.png
■上記をコンフィグとして流し込み
$ /bin/bash vlanlist.log | awk '/^\[/{sub("VLAN","");{print "vlan "$3"\n name \""$5"\"\n exit"}}' | xclip -i
Switch# configure terminal
Switch(config)#[中クリックで流し込み]
Switch(config)#end
Switch#show vlan | include \[
101 [V-Internet] active
102 [V-DMZ] active
103 [V-Intra] active
104 [V-Internal1] active
105 [V-Internal2] active
106 [V-DMZ-BK] active
107 [V-Intra-BK] active
■VLANをインターフェイスに割り当て
$ head -10 vlanlist.log > vlan2fe.log
$ seq 1 2 14 | \
awk '{print "interface range FastEthernet 1/0/"$1" - "($1+1) \
"\n description $VLAN"(100+((($1%2)+$1)/2)) \
"\n switchport mode access\n no shutdown\n switchport access vlan " \
(100+((($1%2)+$1)/2)) \
"\n exit"}END{print "\""}' >> vlan2fe.log
$ /bin/bash vlan2fe.log | xclip -i
Switch# configure terminal
Switch(config)#[中クリックで流し込み]
Switch(config)#end
Switch#show vlan | include \[
101 [V-Internet] active Fa1/0/1, Fa1/0/2
102 [V-DMZ] active Fa1/0/3, Fa1/0/4
103 [V-Intra] active Fa1/0/5, Fa1/0/6
104 [V-Internal1] active Fa1/0/7, Fa1/0/8
105 [V-Internal2] active Fa1/0/9, Fa1/0/10
106 [V-DMZ-BK] active Fa1/0/11, Fa1/0/12
107 [V-Intra-BK] active Fa1/0/13, Fa1/0/14
Switch#show interfaces status | include \[
Fa1/0/1 [V-Internet] connected 101 a-full a-100 10/100BaseTX
Fa1/0/2 [V-Internet] notconnect 101 auto auto 10/100BaseTX
Fa1/0/3 [V-DMZ] notconnect 102 auto auto 10/100BaseTX
Fa1/0/4 [V-DMZ] notconnect 102 auto auto 10/100BaseTX
Fa1/0/5 [V-Intra] notconnect 103 auto auto 10/100BaseTX
Fa1/0/6 [V-Intra] notconnect 103 auto auto 10/100BaseTX
Fa1/0/7 [V-Internal1] notconnect 104 auto auto 10/100BaseTX
Fa1/0/8 [V-Internal1] notconnect 104 auto auto 10/100BaseTX
Fa1/0/9 [V-Internal2] notconnect 105 auto auto 10/100BaseTX
Fa1/0/10 [V-Internal2] notconnect 105 auto auto 10/100BaseTX
Fa1/0/11 [V-DMZ-BK] notconnect 106 auto auto 10/100BaseTX
Fa1/0/12 [V-DMZ-BK] notconnect 106 auto auto 10/100BaseTX
Fa1/0/13 [V-Intra-BK] notconnect 107 auto auto 10/100BaseTX
Fa1/0/14 [V-Intra-BK] notconnect 107 auto auto 10/100BaseTX
■各VLANのIPセグメントを設計
ルーティングの有無は別として、IPアドレスを付与。
$ head -10 vlanlist.log > vlan2ip.log
$ seq 1 7 | awk '{if($1<3){print "[VLAN10"$1"] -- 192.168."$1".100 --> $VLAN10"$1} \
else{print "[VLAN10"$1"] -- 172.16."$1".100 --> $VLAN10"$1}}; \
END{print "\""}' >> vlan2ip.log
$ /bin/bash vlan2ip.log | graph-easy --dot > vlan2ip.dot
$ dot -Tpng vlan2ip.dot -o vlan2ip.png
■VLANインターフェイスにIPを振る。
$ seq 1 7 | awk '{if($1<3){print "interface vlan 10"$1 \
"\n ip addres 192.168."$1".100 255.255.255.0\n no shutdown\n exit"}\
else{print "interface vlan 10"$1 \
"\n ip address 172.16."$1".100 255.255.255.0\n no shutdown\n exit"}}' | xclip -i
Switch# configure terminal
Switch(config)#[中クリックで流し込み]
Switch(config)#end
Switch#show ip interface brief | exclude unassigned
Interface IP-Address OK? Method Status Protocol
Vlan101 192.168.1.100 YES manual up up
Vlan102 192.168.2.100 YES manual up down
Vlan103 172.16.3.100 YES manual up down
Vlan104 172.16.4.100 YES manual up down
Vlan105 172.16.5.100 YES manual up down
Vlan106 172.16.6.100 YES manual up down
Vlan107 172.16.7.100 YES manual up down
■ルーティングを設定
V-Intra用のルーティングのみとする。
Switch(config)#ip routing
Switch(config)#ip route 172.16.3.0 255.255.255.0 172.16.3.254
Switch(config)#end
Switch#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, Vlan101
Switch#write memory
