Пошаговые руководства
Блокнот с инструкциями по настройке сетевой инфраструктуры.
Содержание
ISP
hostnamectl hostname isp bash cd /etc/net/ sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' sysctl.conf cd ifaces/ cp -R ens19 ens20 cp -R ens19 ens20 sed -i 's/BOOTPROTO=static/BOOTPROTO=dhcp/g' ens19/options sed -i 's/SYSTEMD_BOOTPROTO=static/SYSTEMD_BOOTPROTO=dhcpv4/g' ens19/options echo 172.16.1.1/28 > ens20/ipv4address echo 172.16.2.1/28 > ens21/ipv4address systemctl restart network iptables -t nat -A POSTROUTING -o ens19 -j MASQUERADE iptables-save -f /etc/sysconfig/iptables systemctl enable --now iptables.service
HQ-RTR
hostname hq-rtr.au-team.irpo ip domain-name au-team.irpo ntp timezone utc+3 security none interface ISP no shutdown ip nat outside ip address 172.16.1.2/28 exit ip pool VLAN200 1 range 192.168.200.2-192.168.200.10 ! dhcp-server 1 lease 300 mask 255.255.255.0 pool VLAN200 1 domain-name au-team.irpo ntp 172.16.1.1 gateway 192.168.200.1 domain-search au-team.irpo ! interface VLAN100 ip mtu 1500 ip nat inside ip address 192.168.100.1/27 no shutdown exit ! interface VLAN200 ip mtu 1500 ip nat inside ip address 192.168.200.1/28 dhcp-server 1 no shutdown exit ! interface VLAN999 ip mtu 1500 ip address 192.168.99.1/29 no shutdown exit port ge0 mtu 9728 service-instance ISP encapsulation untagged connect ip interface ISP exit exit interface tunnel.0 ip mtu 1476 no shutdown ip ospf authentication message-digest ip ospf message-digest-key 1 md5 P@ssw0rd ip address 192.168.10.1/30 ip tunnel 172.16.1.2 172.16.2.2 mode gre ! exit port ge1 mtu 9728 service-instance VLAN100 encapsulation dot1q 100 rewrite pop 1 connect ip interface VLAN100 exit service-instance VLAN200 encapsulation dot1q 200 rewrite pop 1 connect ip interface VLAN200 exit service-instance VLAN999 encapsulation dot1q 999 rewrite pop 1 connect ip interface VLAN999 exit exit ! ip route 0.0.0.0/0 172.16.1.1 ip nat pool NAT 192.168.100.2-192.168.100.30,192.168.200.2-192.168.200.14 ip nat source dynamic inside-to-outside pool NAT overload interface ISP router ospf passive-interface default no passive-interface tunnel.0 network 192.168.10.0/30 area 0.0.0.0 network 192.168.100.0/27 area 0.0.0.0 network 192.168.200.0/29 area 0.0.0.0 ! exit username net_admin role admin password P@ssw0rd exit
BR-RTR
hostname br-rtr.au-team.irpo ip domain-name au-team.irpo ntp timezone utc+3 security none interface ISP no shutdown ip nat outside ip address 172.16.2.2/28 exit port ge0 mtu 9728 service-instance ISP encapsulation untagged connect ip interface ISP exit exit interface BR no shutdown ip nat inside ip address 192.168.0.1/28 exit port ge1 mtu 9728 service-instance BR encapsulation untagged connect ip interface BR exit exit ip route 0.0.0.0/0 172.16.2.1 ip nat pool NAT 192.168.0.2-192.168.0.14 ip nat source dynamic inside-to-outside pool NAT overload interface ISP interface tunnel.0 ip mtu 1476 no shutdown ip ospf authentication message-digest ip ospf message-digest-key 1 md5 P@ssw0rd ip address 192.168.10.2/30 ip tunnel 172.16.2.2 172.16.1.2 mode gre ! exit router ospf passive-interface default no passive-interface tunnel.0 network 192.168.10.0/30 area 0.0.0.0 network 192.168.0.0/28 area 0.0.0.0 ! exit username net_admin role admin password P@ssw0rd exit
HQ-SRV
hostnamectl hostname hq-srv.au-team.irpo bash cd /etc/net/ifaces/ echo 192.168.100.2/27 > ens19/ipv4address echo default via 192.168.100.1 > ens19/ipv4route echo nameserver 8.8.8.8 > ens19/resolv.conf echo search au-team.irpo >> ens19/resolv.conf echo domain au-team.irpo >> ens19/resolv.conf systemctl restart network useradd sshuser -u 2026 passwd sshuser gpasswd -a sshuser wheel echo 'sshuser ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers cat << EOF > /etc/openssh/banner ---------------------------- ---Authorized access only--- ---------------------------- EOF systemctl restart sshd
BR-SRV
hostnamectl hostname br-srv.au-team.irpo bash cd /etc/net/ifaces/ echo 192.168.0.2/28 > ens19/ipv4address echo default via 192.168.0.1 > ens19/ipv4route cat << EOF > /ens19.resolv.conf nameserver 8.8.8.8 search au-team.irpo domain au-team.irpo EOF systemctl restart network useradd sshuser -u 2026 gpasswd -a sshuser wheel echo 'sshuser ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers echo 'sshuser ALL=(ALL:ALL) NOPASSWD: /bin/cat,/bin/' >> /etc/sudoers cat << EOF > /etc/openssh/sshd_config Port 2026 MaxAuthTries 2 AllowUsers sshuser Banner /etc/openssh/banner EOF cat << EOF > /etc/openssh/banner ---------------------------- ---Authorized access only--- ---------------------------- EOF systemctl restart sshd passwd sshuser
HQ-RTR-LIN
hostnamectl hostname hq-rtr.au-team.irpo
bash
cd /etc/net/
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' sysctl.conf
cd ifaces/
cp -R ens19 ens20
cp -R ens19 ens20.100
cp -R ens19 ens20.200
cp -R ens19 ens20.999
cp -R ens19 gre10
echo 172.16.1.2/28 > ens19/ipv4address
echo default via 172.16.1.1 > ens19/ipv4route
echo 192.168.100.1/27 > ens20.100/ipv4address
echo 192.168.200.1/28 > ens20.200/ipv4address
echo 192.168.99.1/29 > ens20.999/ipv4address
echo 192.168.10.1/30 > gre10/ipv4address
echo HOST=ens20 >> ens20.100/options
echo HOST=ens20 >> ens20.200/options
echo HOST=ens20 >> ens20.999/options
echo VID=100 >> ens20.100/options
echo VID=200 >> ens20.200/options
echo VID=999 >> ens20.999/options
sed -i 's/TYPE=eth/TYPE=vlan/g' ens20.100/options
sed -i 's/TYPE=eth/TYPE=vlan/g' ens20.200/options
sed -i 's/TYPE=eth/TYPE=vlan/g' ens20.999/options
sed -i 's/TYPE=eth/TYPE=iptun/g' gre10/options
cat << EOF >> gre10/options
TUNLOCAL=172.16.1.2
TUNREMOTE=172.16.2.2
TUNTYPE=gre
TUNTTL=32
TUNOPTIONS='ttl 32'
EOF
systemctl restart network
iptables -t nat -A POSTROUTING -o ens19 -j MASQUERADE
iptables-save -f /etc/sysconfig/iptables
systemctl enable --now iptables.service
apt-get update
apt-get install frr-dhcp-server -y
sed -i 's/shopid=no/shopid=yes/g' /etc/frr/daemons
systemctl enable --now frr
vtysh
conf t
interface gre10
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 P@ssw0rd
no ip ospf passive
exit
!
router ospf
passive-interface default
network 192.168.10.0/30 area 0
network 192.168.99.0/29 area 0
network 192.168.100.0/27 area 0
network 192.168.200.0/28 area 0
exit
cat << EOF > /etc/dhcp/dhcpd.conf
ddns-update-style none;
subnet 192.168.200.0 netmask 255.255.255.240 {
option routers 192.168.200.1;
option subnet-mask 255.255.255.240;
option nis-domain "au-team.irpo";
option domain-name "au-team.irpo";
option domain-name-servers 192.168.100.2;
range 192.168.200.2 192.168.200.12;
default-lease-time 21600;
max-lease-time 43200;
}
EOF
sed -i 's/DHCPDARGS=/DHCPDARGS=ens20.200/g' /etc/sysconfig/dhcpd
systemctl enable --now dhcpdBR-RTR-LIN
hostnamectl hostname br-rtr.au-team.irpo bash cd /etc/net/ sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' sysctl.conf cd ifaces/ cp -R ens19 ens20 cp -R ens19 gre10 echo 172.16.2.2/28 > ens19/ipv4address echo default via 172.16.2.1 > ens19/ipv4route echo 192.168.0.1/28 > ens20/ipv4address echo 192.168.10.2/30 > gre10/ipv4address sed -i 's/TYPE=eth/TYPE=iptun/g' gre10/options cat << EOF >> gre10/options TUNLOCAL=172.16.2.2 TUNREMOTE=172.16.1.2 TUNTYPE=gre TUNTTL=32 TUNOPTIONS='ttl 32' EOF cat << EOF >> ens20/resolv.conf nameserver 192.168.100.2 search au-team.irpo domain au-team.irpo EOF systemctl restart network iptables -t nat -A POSTROUTING -o ens19 -j MASQUERADE iptables-save -f /etc/sysconfig/iptables systemctl enable --now iptables.service apt-get update apt-get install frr -y sed -i 's/ospfd=no/ospfd=yes/g' /etc/frr/daemons systemctl enable --now frr vtysh conf t interface gre10 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 P@ssw0rd no ip ospf passive exit ! router ospf passive-interface default network 192.168.10.0/30 area 0 network 192.168.0.0/28 area 0 exit exit write memory exit
HQ-RTR-Eltex
hostname hq-rtr.au-team.irpo
username net_admin
password P@ssw0rd
privilege 15
exit
router ospf 1
router-id gigabitethernet 1/0/4
area 0.0.0.0
network 192.168.100.0/27
network 192.168.200.0/28
network 192.168.99.0/29
network 192.168.10.0/30
enable
exit
enable
exit
interface gigabitethernet 1/0/3.100
ip firewall disable
ip address 192.168.100.1/27
exit
interface gigabitethernet 1/0/3.200
ip firewall disable
ip address 192.168.200.1/28
exit
interface gigabitethernet 1/0/3.999
ip firewall disable
ip address 192.168.99.1/29
exit
interface gigabitethernet 1/0/4
ip firewall disable
ip address 172.16.1.2/28
exit
tunnel gre 1
ttl 32
mtu 1450
ip firewall disable
local address 172.16.1.2
remote address 172.16.2.2
ip address 192.168.10.1/30
ip ospf instance 1
ip ospf authentication key ascii-text encrypted P@ssw0rd
ip ospf
enable
exit
security passwords default-expired
nat source
ruleset NAT
to interface gigabitethernet 1/0/4
rule 1
action source-nat interface
enable
exit
exit
exit
ip dhcp-server
ip dhcp-server pool VLAN200
network 192.168.200.0/28
domain-name au-team.irpo
address-range 192.168.200.3-192.168.200.10
default-router 192.168.200.1
dns-server 192.168.100.2
exit
ip route 0.0.0.0/0 172.16.1.1
clock timezone gmt +3
exitBR-RTR-Eltex
hostname br-rtr.au-team.irpo
username net_admin
password P@ssw0rd
privilege 15
exit
router ospf 1
router-id gigabitethernet 1/0/3
area 0.0.0.0
network 192.168.0.0/27
network 192.168.10.0/28
enable
exit
enable
exit
interface gigabitethernet 1/0/4
ip firewall disable
ip address 192.168.0.1/28
exit
interface gigabitethernet 1/0/3
ip firewall disable
ip address 172.16.2.2/28
exit
tunnel gre 1
ttl 32
mtu 1450
ip firewall disable
local address 172.16.2.2
remote address 172.16.1.2
ip address 192.168.10.2/30
ip ospf authentication key ascii-text P@ssw0rd
ip ospf instance 1
ip ospf
enable
exit
security passwords default-expired
nat source
ruleset NAT
to interface gigabitethernet 1/0/3
rule 1
action source-nat interface
enable
exit
exit
exit
ip route 0.0.0.0/0 172.16.2.1
clock timezone gmt +3
exit