Configure virtual domains for an 802.1q VLAN trunk

最新推荐文章于 2019-08-06 15:27:00 发布
最新推荐文章于 2019-08-06 15:27:00 发布
阅读量1.7k 收藏
点赞数
分类专栏: fortinet 文章标签: interface cisco express service action manager
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/gotonet/article/details/1355775
版权
Introduction
This document describes how to configure virtual domains in Transparent mode to provide AV/IPS protection in an 802.1q VLAN trunk environment.
In a typical 802.1q VLAN trunk environment, the ports that connect the switch and the router are configured in trunk mode. All VLAN traffic passes through one physical cable.
In the Network Diagram below, traffic between the PC and the server is in VLAN 1 while voice traffic is in VLAN 2. Each VLAN is a single layer 2 broadcast domain, and no traffic can be forwarded to another VLAN. However, each VLAN is able to reach the router via the switch and router's trunk interface. A FortiGate-300 firewall in Transparent mode is inserted into the trunk to perform policy control and AV/IPS protection.
Products
·          Cisco Call Manager Express
·          Cisco2611XM
·          Cisco 7910SW IP phones
·          Cisco Cat 3550 Switch with voice VLAN feature

Prerequisites
The configuration is based on the following assumptions
·          Cisco Call Manager Express and the DHCP server are in one  Cisco2611XM.
·          The server and the PC are in Native VLAN 1.
·          The Cisco IP phones are in Voice VLAN 2.
·          Cisco Cat 3550 Switch has the voice VLAN feature

Configurations
Cisco Cat 3550 configuration
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
interface FastEthernet0/2
 switchport voice VLAN 2
interface FastEthernet0/3
 switchport voice VLAN 2
interface FastEthernet0/13
 switchport voice VLAN 2
 
Cisco Router configuration
interface FastEthernet0/0
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 10.11.14.1 255.255.255.0
 ip helper-address 10.202.1.15
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 10.11.15.1 255.255.255.0
 ip helper-address 10.202.1.15
!
interface FastEthernet0/1
 ip address 10.202.1.1 255.255.255.0
Firewall FortiGate-300 configuration
The FortiGate-300 is configured into two VDOMs: root and Voice. The internal and external interfaces are in the root VDOM. The vlan2-internal and vlan2-external interfaces are in the Voice VDOM. VDOM root is used for data traffic while VDOM Voice is used for voice traffic.
config system vdom
    edit root
    next
    edit Voice
    next
end
config system interface
    edit internal
        set stpforward enable
    next
    edit external
        set stpforward enable
    next
 
    edit vlan2-internal
        set vdom Voice
        set interface internal
        set vlanid 2
    next
    edit vlan2-external
        set vdom Voice
        set interface external
        set vlanid 2
    next
end
config firewall policy
    edit 1
        set srcintf internal
        set dstintf external
        set srcaddr all
        set dstaddr all
        set action accept
        set schedule always
        set service ANY
        set profile_status enable
        set profile scan
    next
end
exec enter Voice
config firewall address
    edit all
    next
end
config firewall policy
    edit 1
        set srcintf vlan2-internal
        set dstintf vlan2-external
        set srcaddr all
        set dstaddr all
        set action accept
        set schedule always
        set service ANY
        set profile_status enable
        set profile scan
    next
    edit 2
        set srcintf vlan2-external
        set dstintf vlan2-internal
        set srcaddr all
        set dstaddr all
        set action accept
        set schedule always
        set service ANY
        set profil
Troubleshooting

·          diagnose debug enable -- enable output on remote console
·          diagnose sniffer packet -- display packets   coming in and
      out on interfaces
·         exec enter [vdom] -- change VDOM
·          exec ping -- ping tool
 
gotonet
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
01.CCNA 200-301 题库_1-50
JonasWolfxin
08-29 3397
CCNA 考试题库
串口模拟软件 Configure Virtual Serial Port Driver ,亲测可用
05-28
串口模拟软件 Configure Virtual Serial Port Driver ,亲测可用,安装完后,使用Cracked目录下的文件替换安装目录下的文件即可
TeamViewer和Configure Virtual Serial Port Driver进行远程桌面控制
github_zwl的博客
10-12 1726
TeamViewer是一个能在任何防火墙和NAT代理的后台用于远程控制,桌面共享和文件传输的简单且快速的解决方案。为了连接到另一台计算机,只需要在两台计算机上同时运行 TeamViewer 即可,而不需要进行安装(也可以选择安装,安装后可以设置开机运行)。该软件第一次启动在两台计算机上自动生成伙伴 ID。只需要输入你的伙伴的ID到TeamViewer,然后就会立即建立起连接。 建议先从网络上下载
Configure Virtual Serial Port Driver (vspd)注册表
weixin_30436891的博客
04-06 3570
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSBC7\Ports\COM3COM4] “Port1”=”COM3” “Port2”=”COM4”https://www.eltima.com/wiki/user-guides/vspd/control-directly.html 转载于:https://www.cnblogs.com/...
新版CCNA_640-802_V13题库分析
weixin_33795093的博客
06-29 3527
新版CCNA_640-802_V13题库分析[强烈推荐]。将陆续整理近期部分老师对新版CCNA 802题库:TESTINSIDE 640-802 V13的试题分析,关注新版考试的同学可以关注一下,有更新就推出来,可以加为收藏,最后更新为2007年12月10日。最后感谢网上热心的朋友和网络小菜鸟的56CTO.com站点提供信息来源和资源共享,祝大家在新版CCNA考试中顺利通过。...
cisco VLAN
thmono的学习笔记
03-08 4329
Introduction This document provides basic information on how to create VLANs on Catalyst switches that run Catalyst OS (CatOS) and Cisco IOS® System Software. The sample commands for each section
Virtual LANs
阿来的专栏
01-16 1567
Table of ContentsVirtual LANsVLAN Description FeaturesComponents VLAN Configuration StepsAccessing the Virtual LAN MenuManagemen
Introduction to Networking: Part 2, A Few More Basics
lianliange85的专栏
10-09 796
From scott blog: In part 1 of this series, I covered some networking basics (OSI and DoD models; layer 2 vs. layer 3; bridging, switching, and routing; Spanning Tree Protocol; and ARP and floodin
SPAN, RSPAN, ERSPAN
weixin_30540691的博客
08-06 214
该文档摘自:Home>CCIE Routing and Switching Study Group>Discussions 由Deben于 2015-2-6 上午6:50 创建,最后由Deben于 2015-2-6 上午9:51 修改。 SPAN, RSPAN, ERSPAN Switch port Analyzer (SPAN) is a...
CISCO交换机配置AAA、802.1X以及VACL
01-02
2、802.1X是基于端口的认证策略(这里的端口可以是一个实实在在的物理端口也可以是一个就像VLAN一样的逻辑端口,对于无线局域网来说个“端口”就是一条信道) 3、802.1X的认证的最终目的就是确定一个端口是否可用。...
交换机802.1q vlan 的配置方法
03-08
802.1Q是IEEE制定的一个标准,它定义了如何在以太网帧中插入VLAN标签,以支持多个VLAN在同一物理介质上共存。以下将详细讲解交换机802.1Q VLAN的配置方法。 一、VLAN基础概念 1. VLAN ID:每个VLAN都有一个唯一的ID...
freeRadiusServer(802.1x)
05-29
FreeRADIUS服务器是一款强大的认证、授权和计费(AAA)解决方案,主要用于网络访问控制,特别是802.1X标准的无线和有线网络。它是一个开源项目,为各种网络服务提供灵活的身份验证机制,包括PPP、 Diameter、EAP、...
802.1.xxx功能验证需要的包和ntp客户端安装包
最新发布
09-10
802.1系列协议是IEEE为局域网(LAN)和城域网(MAN)设计的一组标准,主要用于访问控制和身份验证。这个标题提到的"802.1.xxx功能验证需要的包和ntp客户端安装包",暗示我们需要探讨的是802.1X认证技术和NTP...
linux下的802.1x认证
08-07
Linux下的802.1X认证 Linux下的802.1X认证是指在Linux系统中实现802.1X认证的过程。802.1X是一种基于端口的网络访问控制(Port-Based Network Access Control)协议,用于控制和管理网络中的设备访问权限。Linux下...
CCNA 基础练习题(1)
张庆(网眼)
11-27 4226
1.Which of the following factors determines the OSPF router ID when configuring a router with bothphysical and logical interfaces?A. The lowest network number of any interface.B. The highest network n
Fortigate防火墙忘记密码时恢复
gotonet的专栏
10-29 2649
如果用户忘记默认的"admin" password (or any other admin access), 如下为恢复密码的过程,仅供参考:1. Connect a PC serial (com port) to FG console.2. Bring up Hyper Terminal using proper setting.3. At the console login prompt, t
FortiGate has reached connection limit..message
gotonet的专栏
10-29 2312
This above message may be displayed on the Alert Message Console GUI. It is similar to the “The system has entered conserve mode” Event log message.Explanation:The antivirus engine was low on memo
如何使用CLI通过TFTP升级Fortigate防火墙系统文件
gotonet的专栏
10-29 2071
1,通过超级终端或其他工具,连接CONSOLE口,参数设置为默认即可,特别的例外,例如,Fortigate-300(A),速率为115200.其他相同。2,使用交叉线连接防火墙的internal口,A系列产品的接口为自适应。3,重新启动防火墙,出现如下提示:   Ver:03000300Serial number:FGT-602103243758RAM activation
基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (
04-05
具体实现方式是,当用户设备通过802.1x认证后,交换机会将其接入到指定的VLAN中,并向DHCP服务器发送请求,获取IP地址和VLAN配置信息。 下面是DHCP动态下发VLAN配置的配置步骤: 1、在DHCP服务器中创建VLAN范围 ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值