John Cooper

2014 Ver 1.0

NETSKILLS.RU
SKILL-ADMIN.BLOGSPOT.RU

Servers
Server
Room

Firewall

Switch Stack

Wireless LAN
Controller

Distribution
Switch

VPN
Routers

WAN

Firewall

Collapsed
LAN Core

LAN
Access

Internet

Access
Switch

................................................................................................................................. 4
................................................................................................................................. 5
............................................................................................................ 5
............................................................................................................................. 5
1.

................................................................................................................. 6

1.1.
2.

....................................................................................................... 7
.................................................................................................. 9

2.1.

(Access Layer) ........................................................................................... 9

2.1.1.

.................................................................................................................. 9

2.1.2.

...................................................................................................................... 10

2.1.3.

.............................................................................................. 11

2.1.4.

............................................................................................................. 12

2.2.

(Distribution Layer) ........................................................................... 12

2.2.1.

................................................................................................................. 13

2.2.2.

...................................................................................................................... 14

2.2.3.

.............................................................................................. 14

2.2.4.

............................................................................................................. 16

2.3.

(Core Layer) ................................................................................................. 17

2.3.1.

................................................................................................................. 19

2.3.2.

...................................................................................................................... 19

2.3.3.

.............................................................................................. 19

2.3.4.

............................................................................................................. 20

3.

................................................................................................. 22

4.

......................................................................................................... 23

4.1.

........................................................ ! .

4.2.

............................................................... ! .

4.2.1.

..................................................................... ! .

4.2.2.

.................................................. ! .

4.2.3.

................................................................. ! .

4.3.

(IPS) ............................... ! .

4.3.1.

..................................................................... ! .

4.3.2.

.................................................. ! .

4.3.3.

................................................................. ! .

4.4.

............................................................... ! .

4.4.1.

..................................................................... ! .

4.4.2.

.................................................. ! .

3
4.4.3.

.................................................. ! .

4.4.4.

................................................................. ! .

4.5.

................................................... ! .

4.5.1.

..................................................................... ! .

4.5.2.

.................................................. ! .

4.5.3.

................................................................. ! .

4.6.

-........................................................................ ! .

4.6.1.

..................................................................... ! .

4.6.2.

.................................................. ! .

4.6.3.

................................................................. ! .

4.7.
5.

UTM .................................................................. ! .
WAN (WAN Edge) .......................... ! .

5.1.

........................................................................ ! .

5.2.

..................................................... ! .

5.3.

.................................................................... ! .

6.

................................................................. ! .

6.1.

........................................................................ ! .

6.1.1.

................. ! .

6.1.2.

...... ! .

6.2.

..................................................... ! .

6.2.1.
................. !
.
6.2.2.
..... !
.
6.3.
7.

.................................................................... ! .
................................................................................ ! .

7.1.

Cisco .................................... ! .

7.2.

............................... ! .

................................................................................. ! .

, - ,
,
.
,
.
, .
-
.

, ( )
Cisco SAFE Cisco SBA Borderless Networks.
, ,
.
,
( ,
(Internet Edge), WAN).

.
.

10 000.

/,

P.S.
.

, . ,

.
,
.
.
,
.
,
, .
Cisco,
( )
.
,
.

1.
.
.
-
. ,
, .
:
- .
-
, ,
.

,

.
- .
-
( Cisco Collaboration).

.1.1.

1.1.

, , .
, ,
. (),
. ()
. . 1.2 .
, .

. 1.2.

. 1.3.

, , ()
.
-
, , .

2.
:
, , , WAN ,
, ..
(. 1.3) /.
:
(Access Layer) - (,
, ip-) .
(Distribution Layer) - /
.
/ (Core Layer) - /
.
.
, .
10 .
, ,
, . ,
: ,
.

2.1.

(ACCESS LAYER)

(, , ip- ..). , .
.

. 2.1.

2.1.1.

, , (L2)
OSI, .. .
( VLAN).

10

(L3).
(Gigabit Ethernet) (802.11n) .
:
Cisco Catalyst 4507R+E 7-slot Chassis with 48Gbps per slot
Cisco Catalyst 4500 E-Series Supervisor Engine 7L-E
Cisco Catalyst 4500 E-Series 48 Ethernet 10/100/1000 (RJ45) PoE+ ports
Cisco Catalyst 4500 E-Series 48 Ethernet 10/100/1000 (RJ45) PoE+,UPoE ports
Cisco Catalyst 3750-X Series Stackable 48 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3750-X Series Stackable 24 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3560-X Series Standalone 48 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 3560-X Series Standalone 24 Ethernet 10/100/1000 PoE+ ports
Cisco Catalyst 2960-S Series 48 Ethernet 10/100/1000 PoE+ ports and Two 10GbE SFP+ Uplink ports
Cisco Catalyst 2960-S Series 48 Ethernet 10/100/1000 PoE+ ports and Four GbE SFP Uplink ports
Cisco Catalyst 2960-S Series 24 Ethernet 10/100/1000 PoE+ ports and Two 10GbE SFP+ Uplink ports
Cisco Catalyst 2960-S Series 24 Ethernet 10/100/1000 PoE+ ports and Four GbE SFP Uplink ports

2.1.2.

,
/ (
) , .
:
DHCP-snooping - DHCP, ip-.
IP Source guard - IP spoofing-, .. IP- .
Port security - - MAC
. MAC ,
.
Dynamic ARP inspection - ARP spoofing-, ..
.
,
.

. 2.2. DHCP-snooping ARP Inspection

11

2.1.3.

, ip-, ip ,
PoE (Power over Ethernet).
(
).
Catalyst 2960.
(
, - ),
( , QoS, PoE, ..).

. ,
Cisco Catalyst 2960-X,
.
. 3560, 3750, 4500 4507
,
( ).
.
,
( )
(. 2.3).

. 2.3.

12

. 24 , 72 .
,
. , ,
. 2960S 2960-X.

( ).
90
( )
.
100
, .

( SFP, SFP+).

2.1.4.

,
, -, .
24- Cisco (Catalyst 2960-X 24 GigE 4 x 1G SFP LAN Base)
2400$.
.
D-link, Zyxel
2-3 . .
,
, .
D-link Zyxel ,
.
, Cisco
.

2.2.

(DISTRIBUTION LAYER)

.
/
. . ,
,
: Internet, WAN , - (. 2.4).

13

. 2.4.

2.2.1.

, , (L3)
OSI.
( VLAN),
( ).
:
Cisco Catalyst 6500 E-Series 6-Slot Chassis
Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4
Cisco Catalyst 6500 16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 24-port GbE SFP Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module

14

Cisco
Cisco
Cisco
Cisco
Cisco
Cisco
Cisco

Catalyst 4507R+E 7-slot Chassis with 48Gbps per slot

Catalyst 4500 E-Series Supervisor Engine 7-E, 848Gbps
Catalyst 4500 E-Series 24-port GbE SFP Fiber Module
Catalyst 4500 E-Series 12-port 10GbE SFP+ Fiber Module
Catalyst 3750-X Series Stackable 12 GbE SFP ports
Catalyst 3750-X Series Two 10GbE SFP+ and Two GbE SFP ports network module
Catalyst 3750-X Series Four GbE SFP ports network module
:
Cisco Catalyst 3560-X Series Standalone 48 Ethernet 10/100/1000
Cisco Catalyst 3560-X Series Standalone 24 Ethernet 10/100/1000
, , Stand-Alone , ..
( 3750-X),
.

2.2.2.

:
-
( )
IP spoofing-
,
. .

2.2.3.

, .
Cisco SBA LAN
,
(redundant).

. 2.5. SBA LAN

15

. 2.6.
SBA
( EtherChannel)
.
2-, 3- ()
. ,
(. 2.5).
, ,
- .

( STP, RSTP) (. 2.6).
,
.
(
StackWise Plus).
(. 2.7). ,
( ) ,
, - . .
,
.

16

. 2.7. PortChannel
(Redundant)
. ,
( STP).

2.2.4.

,
. .
Collapsed core (. 2.8).
Juniper
HP. Cisco
. Juniper HP ,
( , IPS) Cisco,
.
, (
Cisco).
.
D-Link.
DGS-3120-24PC/B1ARI - L3 , .

17

. 2.8. (Collapsed core)

2.3.

(CORE LAYER)

, ,
. /
.
. . 2.9 2.10 ,
. ,
.

18

. 2.9. (Core Layer)

. 2.10.

19

. 2.11.

2.3.1.

- .
. ,
, ,
OSI, .. L3 L2.
OSI
(L3).
:
Cisco Catalyst 6500 E-Series 6-Slot Chassis
Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4
Cisco Catalyst 6500 24-port GbE SFP Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4
Cisco Catalyst 6500 8-port 10GbE Fiber Module w/ DFC4

2.3.2.

,
. .
( , port security, ..)
, .

2.3.3.

,
.

20

( , ..). ..
(
) .
,
- (Internet Edge) WAN (WAN area),
.
( ).
2.12.

. 2.12.

( 40 /).
,
.
EtherChannel, . 2.13
.

2.3.4.

(
). .
,
, . ,
(
). ,
, ..

21

(
).
, .
: Cisco, Juniper, HP, Brocade, Extreme Networks.
D-Link.

. 2.13. (LAN Core Layer)

22

3.

.
- ,
, .

23

4.
Internet.
(web, ..). Internet
. (,
- Internet Edge).
,
.
.

:
() -
( , ..),
, NAT DMZ.
(IPS) - ()
.
(Remote access RA VPN) -
,
.
- , .
- -
.
- ,
. .
,
.
4.1 (Internet Edge).
. 4.1.

COOPER051@YANDEX.RU