테스트 할때 간단하게 Ping을 위해서 PC를 만들고 싶을때가 있습니다. 그렇다고 라우터나 스위치 또는 윈도우 PC를 두기에는 시스템 리소스에 부담이 됩니다.
간단하게 Ping테스트만 할때는 VPC를 생성해서 테스트 가능 합니다.
VPC는 따로 이미지를 업로드 할 필요가 없고 EVE-NG를 설치 하면 자동으로 생성 됩니다.
1. Virtual PC를 선택합니다.
2. Save버튼을 클릭 합니다.
3. VPC이름을 변경후 실행하고 더블클릭하면 콘솔 창이 열립니다.
4. ? 실행해서 사용 가능한 명령어를 확인 합니다.
VPCS> ? arp Shortcut for: show arp. Show arp table clear ARG Clear IPv4/IPv6, arp/neighbor cache, command history dhcp [OPTION] Shortcut for: ip dhcp. Get IPv4 address via DHCP disconnect Exit the telnet session (daemon mode) echo TEXT Display TEXT in output. See also set echo ? help Print help history Shortcut for: show history. List the command history ip ARG ... [OPTION] Configure the current VPC's IP settings. See ip ? load [FILENAME] Load the configuration/script from the file FILENAME ping HOST [OPTION ...] Ping HOST with ICMP (default) or TCP/UDP. See ping ? quit Quit program relay ARG ... Configure packet relay between UDP ports. See relay ? rlogin [ip] port Telnet to port on host at ip (relative to host PC) save [FILENAME] Save the configuration to the file FILENAME set ARG ... Set VPC name and other options. Try set ? show [ARG ...] Print the information of VPCs (default). See show ? sleep [seconds] [TEXT] Print TEXT and pause running script for seconds trace HOST [OPTION ...] Print the path packets take to network HOST version Shortcut for: show version
To get command syntax help, please enter '?' as an argument of the command.
VPCS>
5. IP설정 및 Default Gateway 설정하기
VPCS> ip 172.17.70.100 255.255.255.0 gateway 172.17.70.254 Checking for duplicate address... VPCS : 172.17.70.100 255.255.255.0 gateway 172.17.70.254
6. IP 확인하기
VPCS> show ip
NAME : VPCS[1] IP/MASK : 172.17.70.100/24 GATEWAY : 172.17.70.254 DNS : MAC : 00:50:79:66:68:3f LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500
7. 설정값 저장 하기
VPCS> save Saving startup configuration to startup.vpc . done
VPCS>
8. Default-gateway ping시도
VPCS> ping 172.17.70.254
84 bytes from 172.17.70.254 icmp_seq=1 ttl=255 time=19.576 ms 84 bytes from 172.17.70.254 icmp_seq=2 ttl=255 time=7.160 ms 84 bytes from 172.17.70.254 icmp_seq=3 ttl=255 time=7.819 ms 84 bytes from 172.17.70.254 icmp_seq=4 ttl=255 time=5.114 ms 84 bytes from 172.17.70.254 icmp_seq=5 ttl=255 time=3.110 ms
9. Ping 옵션 확인하기
VPCS> ping ?
ping HOST [OPTION ...] Ping the network HOST. HOST can be an ip address or name Options: -1 ICMP mode, default -2 UDP mode -3 TCP mode -c count Packet count, default 5 -D Set the Don't Fragment bit -f FLAG Tcp header FLAG |C|E|U|A|P|R|S|F| bits |7 6 5 4 3 2 1 0| -i ms Wait ms milliseconds between sending each packet -l size Data size -P protocol Use IP protocol in ping packets 1 - ICMP (default), 17 - UDP, 6 - TCP -p port Destination port -s port Source port -T ttl Set ttl, default 64 -t Send packets until interrupted by Ctrl+C -w ms Wait ms milliseconds to receive the response
Notes: 1. Using names requires DNS to be set. 2. Use Ctrl+C to stop the command.
VPCS>
10. 100 ping 사용 하고 싶을때 옵션을 사용 합니다.
VPCS> ping 172.17.70.254 -c 100
84 bytes from 172.17.70.254 icmp_seq=1 ttl=255 time=8.538 ms 84 bytes from 172.17.70.254 icmp_seq=2 ttl=255 time=4.512 ms 84 bytes from 172.17.70.254 icmp_seq=3 ttl=255 time=4.085 ms 84 bytes from 172.17.70.254 icmp_seq=4 ttl=255 time=2.755 ms 84 bytes from 172.17.70.254 icmp_seq=5 ttl=255 time=7.133 ms
11. Static IP말고 DHCP로 IP를 사용 하고 싶을떄 아래 명령어를 사용 합니다.
VPCS> ip dhcp DDD Can't find dhcp server
VPCS>
현재 DHCP기능을 하는 서버가 없어서 IP받기 실패했습니다. 만약에 DHCP기능이 동작중은 서버가 있으면 Virtual-PC는 IP주소를 받아옵니다.
12. 상대방 목적지 까지 hop by hop를 확인 하고 싶을때
VPCS> trace 10.1.1.1 trace to 10.1.1.1, 8 hops max, press Ctrl+C to stop 1 172.17.73.254 4.191 ms 5.657 ms 4.454 ms 2 192.168.100.2 6.383 ms 5.133 ms 3.844 ms 3 *10.1.1.1 20.143 ms (ICMP type:3, code:3, Destination port unreachable) *
VPCS>
13. arp 확인하기
VPCS> arp
50:00:00:3c:00:03 172.17.73.254 expires in 77 seconds
VPCS>
Virtual PC는 꼭 필요한 기본 기능만 제공하기 때문에 리소를 많이 사용하지 않습니다. 그렇기 때문에 고급 기능도 없습니다.
config system interface edit "port1" set vdom "root" set mode dhcp set allowaccess ping https ssh http fgfm set type physical set snmp-index 1
디폴트값에서 아래와 같이 수정합니다.
FortiGate-VM64-KVM # config system interface FortiGate-VM64-KVM (interface) # edit port1 FortiGate-VM64-KVM (port1) # set mode static FortiGate-VM64-KVM (port1) # set ip 192.168.100.1 255.255.255.0
FortiGate-VM64-KVM (port1) # show config system interface edit "port1" set vdom "root" set ip 192.168.100.1 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set snmp-index 1 next end
디폴트 게이트웨이를 설정 합니다.
FortiGate-VM64-KVM # config router static
FortiGate-VM64-KVM (static) # edit 1 new entry '1' added 놰 FortiGate-VM64-KVM (1) # set dst 0.0.0.0/0
FortiGate-VM64-KVM (1) # set gateway 192.168.100.253
FortiGate-VM64-KVM (1) # set device port1
FortiGate-VM64-KVM (1) # end
FortiGate-VM64-KVM #
라우팅 테이블 확인
FortiGate-VM64-KVM # get router info routing-table details show routing table details information all show all routing table entries rip show rip routing table ospf show ospf routing table bgp show bgp routing table isis show isis routing table static show static routing table connected show connected routing table database show routing information base FortiGate-VM64-KVM # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 192.168.100.253, port1, [1/0] C 192.168.100.0/24 is directly connected, port1
FW01 MGMT에 Ping 확인
FW02 설정하기
IP설정
FortiGate-VM64-KVM # config system interface FortiGate-VM64-KVM (interface) # edit port1 FortiGate-VM64-KVM (port1) # set mode static FortiGate-VM64-KVM (port1) # set ip 192.168.100.2 255.255.255.0
FortiGate-VM64-KVM (port1) # show config system interface edit "port1" set vdom "root" set ip 192.168.100.2 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set snmp-index 1 next end
디폴트게이트웨이 설정
FortiGate-VM64-KVM # config router static
FortiGate-VM64-KVM (static) # edit 1 new entry '1' added 놰 FortiGate-VM64-KVM (1) # set dst 0.0.0.0/0
FortiGate-VM64-KVM (1) # set gateway 192.168.100.253
FortiGate-VM64-KVM (1) # set device port1
FortiGate-VM64-KVM (1) # end
FortiGate-VM64-KVM #
라우팅 테이블 확인
FortiGate-VM64-KVM # get router info routing-table details show routing table details information all show all routing table entries rip show rip routing table ospf show ospf routing table bgp show bgp routing table isis show isis routing table static show static routing table connected show connected routing table database show routing information base FortiGate-VM64-KVM # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 192.168.100.253, port1, [1/0] C 192.168.100.0/24 is directly connected, port1
FW02 MGMT IP ping확인
FW01 GUI 장비 접속
FW02 GUI 장비 접속
이렇게 장비 접속까지는 완료 하였습니다.
디폴트 Hostname를 FW01변경 하겠습니다.
System -> Settings -> Host name 아래 처럼 FW01로 변경하고 Save 버튼을 클릭 합니다.
LAN interface 설정하기
Network -> Interfaces -> Create New버튼을 클릭 합니다.
VL10 설정 정보
VL20 설정 정보
VL30 정보
VL40
port4번에 VLAN interface들 확인하기
SW01 기본 설정
en conf t no ip domain-lookup hostname sw01 line con 0 exec-time 0 logg syn end
Int g0/0 Trunk 설정
en conf t interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk no shutdown end
VLAN 설정 그리고 SVI 설정하기
en conf t vlan 10 vlan 20 vlan 30 vlan 40 \interface Vlan10 ip address 172.17.70.1 255.255.255.0 no shutdown interface Vlan20 ip address 172.17.71.1 255.255.255.0 no shutdown interface Vlan30 ip address 172.17.72.1 255.255.255.0 no shutdown interface Vlan40 ip address 172.17.73.1 255.255.255.0 no shutdown end
SVI interface 상태 확인
SW1#show ip int brie Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/2 unassigned YES unset up up GigabitEthernet0/3 unassigned YES unset up up GigabitEthernet1/0 unassigned YES unset up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset up up GigabitEthernet1/3 unassigned YES unset up up Vlan10 172.17.70.1 YES manual up up Vlan20 172.17.71.1 YES manual up up Vlan30 172.17.72.1 YES manual up up Vlan40 172.17.73.1 YES manual up up SW1#
Default Gateway 설정
en conf t ip route 0.0.0.0 0.0.0.0 172.17.70.254
라우팅 테이블 확인
SW1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override
Gateway of last resort is 172.17.70.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.17.70.254 172.17.0.0/16 is variably subnetted, 8 subnets, 2 masks C 172.17.70.0/24 is directly connected, Vlan10 L 172.17.70.1/32 is directly connected, Vlan10 C 172.17.71.0/24 is directly connected, Vlan20 L 172.17.71.1/32 is directly connected, Vlan20 C 172.17.72.0/24 is directly connected, Vlan30 L 172.17.72.1/32 is directly connected, Vlan30 C 172.17.73.0/24 is directly connected, Vlan40 L 172.17.73.1/32 is directly connected, Vlan40 SW1#
Default Gateway Ping Test from SW01
SW1#ping 172.17.70.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.70.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/5/18 ms SW1#
이렇게 SW01 기본설정 까지 완료 하였습니다.
이번에는 FW02 설정하겠습니다.
디폴트 hostname를 FW02로 변경하고 Apply버튼을 클릭합니다
LAN 인터페이스 설정 정보
SW02 기본설정
en conf t no ip domain-lookup hostname sw02 line con 0 exec-time 0 logg syn end
Int g0/0 IP설정
interface GigabitEthernet0/0 no switchport ip address 10.1.1.1 255.255.255.0 no shutdown end
인터페이스 확인
SW2#show ip int brie Interface IP-Address OK? Method Status Protocol GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/2 unassigned YES unset up up GigabitEthernet0/3 unassigned YES unset up up GigabitEthernet0/0 10.1.1.1 YES manual up up GigabitEthernet1/0 unassigned YES unset up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset up up GigabitEthernet1/3 unassigned YES unset up up SW2#
Default-gateway 설정
ip route 0.0.0.0 0.0.0.0 10.1.1.254
라우팅 테이블 확인
SW2#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override
Gateway of last resort is 10.1.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.1.254 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.1.0/24 is directly connected, GigabitEthernet0/0 L 10.1.1.1/32 is directly connected, GigabitEthernet0/0 SW2#
Default Gateway ping test from SW02
SW2#ping 10.1.1.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms SW2#
Site to SIte VPN를 테스트 하기 위해서 기본 설정을 다 하였습니다.
FW01에서 VPN -> IPsec Wizard
Name: S2S VPN
그리고 next를 클릭 합니다.
Remote IP: 192.168.100.2 -> 상대방 WAN IP주소 입니다. 이 주소는 서로간에 Ping이 가능해야지 IPsec vpn연결이 가능 합니다.
Outgoing Interface: WAN(port1)
Pre-sahre Key: CiscoCisco
그리고 next를 선택 합니다.
Local Subnet:
172.17.70.0/24
172.17.71.0/24
172.17.72.0/24
172.17.73.0/24
Remote Subnet
10.1.1.0/24
Interface access: None를 설정합니다. 이유는 위에 IP대역에 대해서만 IPsec VPN 터널를 타고 마너지 트래픽은 로컬 ISP01인터넷을 사용합니다.
아래 정보를 확인하고 Create를 클릭 합니다.
아래처럼 S2S VPN 터널이 자동으로 생성 되었습니다.
FW02도 똑같이 설정 합니다.
Remote IP: FW01 WAN에 IP를 입력합니다.
outging interface: WAN(port1)
Pre-shared Key: CiscoCisco
Local Subnet: 10.1.1.0/24
Remote Subnet: 172.17.70.0/24
172.17.71.0/24
172.17.72.0/24
172.17.73.0/24
아래 정보값을 확인후 맞으면 Create버튼을 클릭 합니다.
터널을 확인합니다.
현재 Traffic이 없기 때문에 터널이 Down 입니다.
Traffic를 발생해 보겠습니다.
방화벽에서 자체적으로 Tunnel쪽으로 Traffic를 발생 시켜서 Tunnel를 강제로 UP를 유지 할수 있습니다.
아래 처럼 auto-negotiate를 선택하면 자동으로 Autokey keep alive도 선택 됩니다.
FW02도 똑같이 설정합니다.
그리고 터널 인터페이스를 확인 합니다.
터널이 UP되었습니다.
SW01에서 SW02로 Ping시도
SW1#ping 10.1.1.1 source vlan10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: Packet sent with a source address of 172.17.70.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/39 ms SW1#
SW02에서 SW01 ping시도
SW2#ping 172.17.70.1 source g0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.17.70.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/18 ms SW2#
interface GigabitEthernet1/3 switchport access vlan 40 switchport mode access no shutdown end
PC01부터 04까지 IP및 디폴트 케이트웨이 설정
VPCS> ip 172.17.70.100 255.255.255.0 gateway 172.17.70.254 Checking for duplicate address... VPCS : 172.17.70.100 255.255.255.0 gateway 172.17.70.254
VPCS> show ip
NAME : VPCS[1] IP/MASK : 172.17.70.100/24 GATEWAY : 172.17.70.254 DNS : MAC : 00:50:79:66:68:3f LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500
VPCS>
VPCS> ip 172.17.71.100 255.255.255.0 gateway 172.17.71.254 Checking for duplicate address... VPCS : 172.17.71.100 255.255.255.0 gateway 172.17.71.254
VPCS> show ip
NAME : VPCS[1] IP/MASK : 172.17.71.100/24 GATEWAY : 172.17.71.254 DNS : MAC : 00:50:79:66:68:40 LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500
VPCS>
VPCS> ip 172.17.72.100 255.255.255.0 gateway 172.17.72.254 Checking for duplicate address... VPCS : 172.17.72.100 255.255.255.0 gateway 172.17.72.254
VPCS> show ip
NAME : VPCS[1] IP/MASK : 172.17.72.100/24 GATEWAY : 172.17.72.254 DNS : MAC : 00:50:79:66:68:41 LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500
VPCS>
VPCS> ip 172.17.73.100 255.255.255.0 gateway 172.17.73.254 Checking for duplicate address... VPCS : 172.17.73.100 255.255.255.0 gateway 172.17.73.254
VPCS> show ip
NAME : VPCS[1] IP/MASK : 172.17.73.100/24 GATEWAY : 172.17.73.254 DNS : MAC : 00:50:79:66:68:42 LPORT : 20000 RHOST:PORT : 127.0.0.1:30000 MTU : 1500
VPCS>
PC01(172.17.70.100)에서 SW02(10.1.1.1) Ping 시도
VPCS> ping 10.1.1.1
84 bytes from 10.1.1.1 icmp_seq=1 ttl=253 time=59.607 ms 84 bytes from 10.1.1.1 icmp_seq=2 ttl=253 time=9.527 ms 84 bytes from 10.1.1.1 icmp_seq=3 ttl=253 time=9.599 ms 84 bytes from 10.1.1.1 icmp_seq=4 ttl=253 time=10.493 ms 84 bytes from 10.1.1.1 icmp_seq=5 ttl=253 time=9.694 ms
VPCS>
PC02(172.17.71.100)에서 SW02(10.1.1.1) Ping 시도
VPCS> ping 10.1.1.1
84 bytes from 10.1.1.1 icmp_seq=1 ttl=253 time=18.606 ms 84 bytes from 10.1.1.1 icmp_seq=2 ttl=253 time=8.886 ms 84 bytes from 10.1.1.1 icmp_seq=3 ttl=253 time=8.346 ms 84 bytes from 10.1.1.1 icmp_seq=4 ttl=253 time=11.557 ms 84 bytes from 10.1.1.1 icmp_seq=5 ttl=253 time=8.162 ms
VPCS>
PC03(172.17.72.100)에서 SW02(10.1.1.1) Ping 시도
VPCS> ping 10.1.1.1
84 bytes from 10.1.1.1 icmp_seq=1 ttl=253 time=10.669 ms 84 bytes from 10.1.1.1 icmp_seq=2 ttl=253 time=54.042 ms 84 bytes from 10.1.1.1 icmp_seq=3 ttl=253 time=15.635 ms 84 bytes from 10.1.1.1 icmp_seq=4 ttl=253 time=62.423 ms 84 bytes from 10.1.1.1 icmp_seq=5 ttl=253 time=418.343 ms
VPCS>
PC04(172.17.73.100)에서 SW02(10.1.1.1) Ping 시도
VPCS> ping 10.1.1.1
84 bytes from 10.1.1.1 icmp_seq=1 ttl=253 time=8.883 ms 84 bytes from 10.1.1.1 icmp_seq=2 ttl=253 time=7.573 ms 84 bytes from 10.1.1.1 icmp_seq=3 ttl=253 time=10.828 ms 84 bytes from 10.1.1.1 icmp_seq=4 ttl=253 time=12.965 ms 84 bytes from 10.1.1.1 icmp_seq=5 ttl=253 time=8.135 ms
VPCS>
이렇게 두개 지점에 Fortigate 방화벽에 Site to Site VPN를 이용해서 통신 하는 방법에 대해서 알아보았습니다.
다음장에서는 Wizard를 이용해서 Site to Site VPN를 설정했을떄 어떤부분이 자동으로 생성이 되는지 확인해보겠습니다.
Fortigate 방화벽 소규모용은 MGMT Port가 없는 경우가 대부분입니다. Data LAN포트를 MGMT로 사용 합니다.
이번에 고객사에 Fortigate 90G를 설치해야하는 상황인데 이 장비를 기준으로 보시면 MGMT포트가 없습니다.
1. Console port
2. WAN1 and WAN2 port
3. LAN port
Console Port를 연결 합니다.
show 엔터를 누르시고 밑에 edit "lan" 정보를 확인 합니다. 디폴트로 기본 설정이 되어져 있습니다.
그리고 DHCP기능도 동작중이기 떄문에, 케이블 연결하시면 IP 할당 받을수 있습니다.
FortiGate-90G # show
edit "lan" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https ssh fgfm fabric set type hard-switch set stp enable set role lan set snmp-index 15
https://192.168.1.99 접속해서 로그인 합니다.
그리고 Lan인터페이스 정보를 보시면 아래와 같습니다.
장비에 접속 하셔서 사용 설정 하시면 됩니다.
EVE-NG기준으로 이번에는 설명 하겠습니다.
저는 SITE-TO-SITE VPN를 테스트 하기 위해서 기본 랩을 만들었습니다.
FW01 - PORT1를 MGMT 밑 WAN인터페이스로 사용하겠습니다
FW02 - PORT1를 MGMT 밑 WAN인터페이스로 사용하겠습니다.
1. FW01를 부팅하고 더블클릭 합니다. 아래 처름 부팅중임을 확인 가능 합니다.
admin/empty - no admin password by default
패스워드를 수정 합니다.
System is starting... Formatting shared data partition ... done! Starting system maintenance... Serial number is FGVMEVCML31MHVB5
FortiGate-VM64-KVM login: admin Password: You are forced to change your password. Please input a new password. New Password: Confirm Password: New passwords don't match. New Password: Confirm Password: Welcome!
FortiGate-VM64-KVM #
디폴트 값으로 IP주소가 없습니다. 장비에 접속 할수 없습니다.
IP주소를 입력합니다.
FortiGate-VM64-KVM # show
config system interface edit "port1" set vdom "root" set mode dhcp set allowaccess ping https ssh http fgfm set type physical set snmp-index 1
IP주소를 입력합니다
FortiGate-VM64-KVM # config system interface
FortiGate-VM64-KVM (interface) # edit port1
FortiGate-VM64-KVM (port1) # set mode static
FortiGate-VM64-KVM (port1) # set ip 192.168.100.3 255.255.255.0
FortiGate-VM64-KVM (port1) # show config system interface edit "port1" set vdom "root" set ip 192.168.100.3 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set snmp-index 1 next end
Default Gateway를 입력합니다
FortiGate-VM64-KVM # config router static
FortiGate-VM64-KVM (static) # edit 1 new entry '1' added 놰 FortiGate-VM64-KVM (1) # set dst 0.0.0.0/0
FortiGate-VM64-KVM (1) # set gateway 192.168.100.253
FortiGate-VM64-KVM (1) # set device port1
FortiGate-VM64-KVM (1) # end
FortiGate-VM64-KVM #
라우팅 테이블을 확인합니다
FortiGate-VM64-KVM # get router info routing-table details show routing table details information all show all routing table entries rip show rip routing table ospf show ospf routing table bgp show bgp routing table isis show isis routing table static show static routing table connected show connected routing table database show routing information base
FortiGate-VM64-KVM # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 192.168.100.253, port1, [1/0] C 192.168.100.0/24 is directly connected, port1
PC에서 ping를 합니다.
장비에 접속합니다
https://192.168.100.3
접속이 가능합니다.
이렇게 EVE-NG fortigate 기본 설정에 대해서 알아보았습니다. 장비 접속 가능하면 테스트 하고자 하는 토폴로지 구성후 테스트 가능 합니다
Oct 24 07:32:00.763: %IOSD_INFRA-6-IFS_DEVICE_OIR: Device usbflash0 added.
Switch#dir usbflash0: | in 17.12 463 -rwx 1303572959 Oct 12 2024 23:17:02 +00:00 cat9k_iosxe_npe.17.12.04.SPA.bin 464 -rwx 1306917133 Oct 12 2024 22:57:34 +00:00 cat9k_iosxe.17.12.04.SPA.bin
1. usb0에 이미지 파일을 복사하기 전에 불필요한 파일을 삭제합니다.
Switch#install remove inactive install_remove: START Thu Oct 24 07:35:45 UTC 2024 install_remove: Removing IMG Cleaning up unnecessary package files No path specified, will use booted path /flash/packages.conf
Cleaning /flash Scanning boot directory for packages ... done. Preparing packages list to delete ... [R0]: /flash/cat9k-cc_srdriver.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-cc_srdriver.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-espbase.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-espbase.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-guestshell.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-guestshell.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-lni.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-lni.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-rpbase.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-rpbase.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-sipbase.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-sipbase.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-sipspa.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-sipspa.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-srdriver.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-srdriver.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-webui.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-webui.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-wlc.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-wlc.17.12.03.SPA.pkg File is in use, will not delete. [R0]: /flash/packages.conf File is in use, will not delete. [R1]: /flash/packages.conf File is in use, will not delete. [R0]: /flash/cat9k-rpboot.17.12.03.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-rpboot.17.12.03.SPA.pkg File is in use, will not delete.
SUCCESS: No extra package or provisioning files found on media. Nothing to clean. SUCCESS: Files deleted.
--- Starting Post_Remove_Cleanup --- Performing REMOVE_POSTCHECK on all members Finished Post_Remove_Cleanup SUCCESS: install_remove Thu Oct 24 07:35:45 UTC 2024 Switch# *Oct 24 07:35:45.573: %INSTALL-5-INSTALL_START_INFO: Switch 1 R0/0: install_mgr: Started install remove *Oct 24 07:35:45.690: %INSTALL-5-INSTALL_COMPLETED_INFO: Switch 1 R0/0: install_mgr: Completed install remove Switch#
--- Starting Add --- Performing Add on all members
Finished Add
install_activate: START Thu Oct 24 07:46:56 UTC 2024 install_activate: Activating IMG Following packages shall be activated: /flash/cat9k-cc_srdriver.17.12.04.SPA.pkg /flash/cat9k-espbase.17.12.04.SPA.pkg /flash/cat9k-guestshell.17.12.04.SPA.pkg /flash/cat9k-lni.17.12.04.SPA.pkg /flash/cat9k-rpbase.17.12.04.SPA.pkg /flash/cat9k-sipbase.17.12.04.SPA.pkg /flash/cat9k-sipspa.17.12.04.SPA.pkg /flash/cat9k-srdriver.17.12.04.SPA.pkg /flash/cat9k-webui.17.12.04.SPA.pkg /flash/cat9k-wlc.17.12.04.SPA.pkg /flash/cat9k-rpboot.17.12.04.SPA.pkg
This operation may require a reload of the system. Do you want to proceed? [y/n] *Oct 24 07:46:56.671: %INSTALL-5-INSTALL_START_INFO: Switch 1 R0/0: install_mgr: Started install activate NONEy
--- Starting Activate --- Performing Activate on all members [1] Activate package(s) on Switch 1 [2] Activate package(s) on Switch 2
Switch#show version Cisco IOS XE Software, Version 17.12.04 Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.4, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2024 by Cisco Systems, Inc. Compiled Tue 23-Jul-24 09:40 by mcpre
9.불필요한 파일들을 삭제합니다.
Switch#install remove inactive install_remove: START Thu Oct 24 08:03:31 UTC 2024 install_remove: Removing IMG Cleaning up unnecessary package files No path specified, will use booted path /flash/packages.conf
Cleaning /flash Scanning boot directory for packages ... done. Preparing packages list to delete ... [R0]: /flash/packages.conf File is in use, will not delete. [R1]: /flash/packages.conf File is in use, will not delete. [R0]: /flash/cat9k-cc_srdriver.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-cc_srdriver.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-espbase.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-espbase.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-guestshell.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-guestshell.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-lni.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-lni.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-rpbase.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-rpbase.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-sipbase.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-sipbase.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-sipspa.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-sipspa.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-srdriver.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-srdriver.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-webui.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-webui.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k-wlc.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-wlc.17.12.04.SPA.pkg File is in use, will not delete. [R0]: /flash/cat9k_iosxe.17.12.04.SPA.conf File is in use, will not delete. [R1]: /flash/cat9k_iosxe.17.12.04.SPA.conf File is in use, will not delete. [R0]: /flash/cat9k-rpboot.17.12.04.SPA.pkg File is in use, will not delete. [R1]: /flash/cat9k-rpboot.17.12.04.SPA.pkg File is in use, will not delete.
--- Starting Post_Remove_Cleanup --- Performing REMOVE_POSTCHECK on all members Finished Post_Remove_Cleanup SUCCESS: install_remove Thu Oct 24 08:03:43 UTC 2024