NETSKILLS.RU
SKILL-ADMIN.BLOGSPOT.RU
Servers
Server
Room
Firewall
Switch Stack
Wireless LAN
Controller
Distribution
Switch
VPN
Routers
WAN
Firewall
Collapsed
LAN Core
LAN
Access
Internet
Access
Switch
................................................................................................................................. 4
................................................................................................................................. 5
............................................................................................................ 5
............................................................................................................................. 5
1.
................................................................................................................. 6
1.1.
2.
....................................................................................................... 7
.................................................................................................. 9
2.1.
2.1.1.
.................................................................................................................. 9
2.1.2.
...................................................................................................................... 10
2.1.3.
.............................................................................................. 11
2.1.4.
............................................................................................................. 12
2.2.
2.2.1.
................................................................................................................. 13
2.2.2.
...................................................................................................................... 14
2.2.3.
.............................................................................................. 14
2.2.4.
............................................................................................................. 16
2.3.
2.3.1.
................................................................................................................. 19
2.3.2.
...................................................................................................................... 19
2.3.3.
.............................................................................................. 19
2.3.4.
............................................................................................................. 20
3.
................................................................................................. 22
4.
......................................................................................................... 23
4.1.
........................................................ ! .
4.2.
............................................................... ! .
4.2.1.
..................................................................... ! .
4.2.2.
.................................................. ! .
4.2.3.
................................................................. ! .
4.3.
(IPS) ............................... ! .
4.3.1.
..................................................................... ! .
4.3.2.
.................................................. ! .
4.3.3.
................................................................. ! .
4.4.
............................................................... ! .
4.4.1.
..................................................................... ! .
4.4.2.
.................................................. ! .
3
4.4.3.
.................................................. ! .
4.4.4.
................................................................. ! .
4.5.
................................................... ! .
4.5.1.
..................................................................... ! .
4.5.2.
.................................................. ! .
4.5.3.
................................................................. ! .
4.6.
-........................................................................ ! .
4.6.1.
..................................................................... ! .
4.6.2.
.................................................. ! .
4.6.3.
................................................................. ! .
4.7.
5.
UTM .................................................................. ! .
WAN (WAN Edge) .......................... ! .
5.1.
........................................................................ ! .
5.2.
..................................................... ! .
5.3.
.................................................................... ! .
6.
................................................................. ! .
6.1.
........................................................................ ! .
6.1.1.
................. ! .
6.1.2.
...... ! .
6.2.
..................................................... ! .
6.2.1.
................. !
.
6.2.2.
..... !
.
6.3.
7.
.................................................................... ! .
................................................................................ ! .
7.1.
Cisco .................................... ! .
7.2.
............................... ! .
................................................................................. ! .
, - ,
,
.
,
.
, .
-
.
, ( )
Cisco SAFE Cisco SBA Borderless Networks.
, ,
.
,
( ,
(Internet Edge), WAN).
.
.
10 000.
/,
P.S.
.
, . ,
.
,
.
.
,
.
,
, .
Cisco,
( )
.
,
.
1.
.
.
-
. ,
, .
:
- .
-
, ,
.
,
.
- .
-
( Cisco Collaboration).
.1.1.
1.1.
, , .
, ,
. (),
. ()
. . 1.2 .
, .
. 1.2.
. 1.3.
, , ()
.
-
, , .
2.
:
, , , WAN ,
, ..
(. 1.3) /.
:
(Access Layer) - (,
, ip-) .
(Distribution Layer) - /
.
/ (Core Layer) - /
.
.
, .
10 .
, ,
, . ,
: ,
.
2.1.
(ACCESS LAYER)
(, , ip- ..). , .
.
. 2.1.
2.1.1.
, , (L2)
OSI, .. .
( VLAN).
10
(L3).
(Gigabit Ethernet) (802.11n) .
:
Cisco Catalyst 4507R+E 7-slot Chassis with 48Gbps per slot
Cisco Catalyst 4500 E-Series Supervisor Engine 7L-E
Cisco Catalyst 4500 E-Series 48 Ethernet 10/100/1000 (RJ45) PoE+ ports
Cisco Catalyst 4500 E-Series 48 Ethernet 10/100/1000 (RJ45) PoE+,UPoE ports
Cisco Catalyst 3750-X Series Stackable 48 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3750-X Series Stackable 24 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3560-X Series Standalone 48 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3560-X Series Standalone 24 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 2960-S Series 48 Ethernet 10/100/1000 PoE+ ports and Two 10GbE SFP+ Uplink ports
Cisco Catalyst 2960-S Series 48 Ethernet 10/100/1000 PoE+ ports and Four GbE SFP Uplink ports
Cisco Catalyst 2960-S Series 24 Ethernet 10/100/1000 PoE+ ports and Two 10GbE SFP+ Uplink ports
Cisco Catalyst 2960-S Series 24 Ethernet 10/100/1000 PoE+ ports and Four GbE SFP Uplink ports
2.1.2.
,
/ (
) , .
:
DHCP-snooping - DHCP, ip-.
IP Source guard - IP spoofing-, .. IP- .
Port security - - MAC
. MAC ,
.
Dynamic ARP inspection - ARP spoofing-, ..
.
,
.
11
2.1.3.
, ip-, ip ,
PoE (Power over Ethernet).
(
).
Catalyst 2960.
(
, - ),
( , QoS, PoE, ..).
. ,
Cisco Catalyst 2960-X,
.
. 3560, 3750, 4500 4507
,
( ).
.
,
( )
(. 2.3).
. 2.3.
12
. 24 , 72 .
,
. , ,
. 2960S 2960-X.
( ).
90
( )
.
100
, .
( SFP, SFP+).
2.1.4.
,
, -, .
24- Cisco (Catalyst 2960-X 24 GigE 4 x 1G SFP LAN Base)
2400$.
.
D-link, Zyxel
2-3 . .
,
, .
D-link Zyxel ,
.
, Cisco
.
2.2.
(DISTRIBUTION LAYER)
.
/
. . ,
,
: Internet, WAN , - (. 2.4).
13
. 2.4.
2.2.1.
, , (L3)
OSI.
( VLAN),
( ).
:
Cisco Catalyst 6500 E-Series 6-Slot Chassis
Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4
Cisco Catalyst 6500 16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 24-port GbE SFP Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module
14
Cisco
Cisco
Cisco
Cisco
Cisco
Cisco
Cisco
2.2.2.
:
-
( )
IP spoofing-
,
. .
2.2.3.
, .
Cisco SBA LAN
,
(redundant).
15
. 2.6.
SBA
( EtherChannel)
.
2-, 3- ()
. ,
(. 2.5).
, ,
- .
( STP, RSTP) (. 2.6).
,
.
(
StackWise Plus).
(. 2.7). ,
( ) ,
, - . .
,
.
16
. 2.7. PortChannel
(Redundant)
. ,
( STP).
2.2.4.
,
. .
Collapsed core (. 2.8).
Juniper
HP. Cisco
. Juniper HP ,
( , IPS) Cisco,
.
, (
Cisco).
.
D-Link.
DGS-3120-24PC/B1ARI - L3 , .
17
2.3.
(CORE LAYER)
, ,
. /
.
. . 2.9 2.10 ,
. ,
.
18
. 2.10.
19
. 2.11.
2.3.1.
- .
. ,
, ,
OSI, .. L3 L2.
OSI
(L3).
:
Cisco Catalyst 6500 E-Series 6-Slot Chassis
Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4
Cisco Catalyst 6500 24-port GbE SFP Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 8-port 10GbE Fiber Module w/ DFC4
2.3.2.
,
. .
( , port security, ..)
, .
2.3.3.
,
.
20
( , ..). ..
(
) .
,
- (Internet Edge) WAN (WAN area),
.
( ).
2.12.
. 2.12.
( 40 /).
,
.
EtherChannel, . 2.13
.
2.3.4.
(
). .
,
, . ,
(
). ,
, ..
21
(
).
, .
: Cisco, Juniper, HP, Brocade, Extreme Networks.
D-Link.
22
3.
.
- ,
, .
23
4.
Internet.
(web, ..). Internet
. (,
- Internet Edge).
,
.
.
:
() -
( , ..),
, NAT DMZ.
(IPS) - ()
.
(Remote access RA VPN) -
,
.
- , .
- -
.
- ,
. .
,
.
4.1 (Internet Edge).
. 4.1.
COOPER051@YANDEX.RU