| lix switch | ||
Permette di definire un hub virtuale con mac address personalizzati.
lix switch switch_name num_ports ip_address netmask num_security | ||
| ambito di utilizzo | In configuration mode. | |
| sintassi | il comando clona il device di tipo tun ed associa ad esso un bridge virtuale denominato switch_name. Il device viene definito in modalità promiscua e vengono associate ad esso num_ports porte. Il device clonato dal tun funge, per il firewall, da porta di collegamento con la rete virtuale, esattamente come se fosse un device fisico di collegamento verso una rete da controllare. Per questo motivo viene associato un livello di sicurezza all'interfaccia di collegamente, in questo caso virtuale, integrando la gestione di questa rete virtuale a quella delle reti reali. | |
| switch_name: | l'etichetta che definisce il nome dello switch ed al contempo il nome dell'interfaccia virtuale di collegamento con la rete costruita su questo switch. | |
| num_ports: | numero di porte da definire sullo switch virtuale | |
| ip_address: | indirizzo IP. | |
| netmask: | netmask relative nella forma canonica. | |
| num_security: | il valore numerico della sicurezza da associare all'interfaccia virtuale di collegamento. | |
| esempi |
definiamo uno switch denominato vDMZ con 5 porte a cui diamo livello di sicurezza 50
liscoZero(config)# lix switch vDMZ 5 10.2.2.1 255.255.255.0 50
/tmp/mcs.dump.31496986
bridge name bridge id STP enabled interfaces
vDMZ 8000.fefe00000000 no vDMZ-p0
vDMZ-p1
vDMZ-p2
vDMZ-p3
vDMZ-p4
ethernet2 8000.000a5e0625e4 no eth2
inside 8000.004063d8e2af no eth1
outside 8000.004063d8e2d7 no eth0
liscoZero(config)# pL ( ip addr )
[ ip addr ]
dovrei eseguire [ ip addr ]
1: bond0: BROADCAST,MULTICAST,MASTER mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
2: eth0: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:63:d8:e2:d7 brd ff:ff:ff:ff:ff:ff
3: eth1: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:63:d8:e2:af brd ff:ff:ff:ff:ff:ff
4: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
5: tap0: BROADCAST,MULTICAST,NOARP mtu 1500 qdisc noop
link/ether fe:fd:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: shaper0: mtu 1500 qdisc noop qlen 10
link/ether
7: tunl0: NOARP mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
8: gre0: NOARP mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
9: eth2: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0a:5e:06:25:e4 brd ff:ff:ff:ff:ff:ff
10: outside: BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue
link/ether 00:40:63:d8:e2:d7 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.35/24 brd 10.0.0.255 scope global outside
11: inside: BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue
link/ether 00:40:63:d8:e2:af brd ff:ff:ff:ff:ff:ff
inet 10.0.1.100/24 brd 10.0.1.255 scope global inside
12: ethernet2: BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue
link/ether 00:0a:5e:06:25:e4 brd ff:ff:ff:ff:ff:ff
16: vDMZ: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc noqueue
link/ether fe:fe:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.2.2.1/24 brd 10.255.255.255 scope global vDMZ
17: vDMZ-p0: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 500
link/ether fe:fe:00:00:00:00 brd ff:ff:ff:ff:ff:ff
18: vDMZ-p1: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 500
link/ether fe:fe:00:00:00:01 brd ff:ff:ff:ff:ff:ff
19: vDMZ-p2: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 500
link/ether fe:fe:00:00:00:02 brd ff:ff:ff:ff:ff:ff
20: vDMZ-p3: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 500
link/ether fe:fe:00:00:00:03 brd ff:ff:ff:ff:ff:ff
21: vDMZ-p4: BROADCAST,MULTICAST,PROMISC,UP mtu 1500 qdisc pfifo_fast qlen 500
link/ether fe:fe:00:00:00:04 brd ff:ff:ff:ff:ff:ff
rc=0
| |