Internal addresses and penetration of mercury routes

Virtual Network refers to configuring the logical topology of the network by using the functions of vswitches and vrouters in the physical network infrastructure, this allows the network administrator to aggregate any number of network segments in a LAN into a user group, as if they were a separate LAN, and some small networks do not have high network requirements, in addition, in order to save costs, many local area networks adopt a simple structure that implements segments through routers. In such a network, broadcast packets on each local area network can be received by all devices in the segment, whether or not these devices are required.

I. Port-based Virtual LAN is a popular and earliest way of partitioning. It is characterized by grouping routers by port. Each group is defined as a virtual LAN, port groups are currently the most commonly used method for defining virtual LAN members, and the configuration is straightforward. Using port groups to define Virtual LAN does not allow multiple virtual LANs to contain the same actual network segment, it is characteristic that all terminals on each port of a virtual LAN are in a broadcast domain, they can communicate with each other, and communication between different virtual LAN needs to be done through routing, the advantage of this virtual LAN partitioning method is that it is simple and easy to implement. broadcasts from one port are directly sent to other ports in the virtual LAN, which is also easy to monitor directly.

2. Virtual LAN Based on hardware MAC address layer address has different advantages and disadvantages. Because the IP address at the hardware address layer is hard connected to the network interface of the workstation, the virtual LAN Based on the IP address at the hardware address layer enables the network manager to move the workstation on the network to different locations, in addition, this workstation can automatically retain its original Virtual LAN membership. In this way, the virtual LAN defined by the hardware address layer address can be considered based on the user's Virtual LAN.

3. The so-called Intranet penetration means that the VPN Client can be located in a network with an internal address, while the VPN Server is located in a valid IP address on the public network. In connection, a VPN Server is first allocated, then dial the second VPN Server.

Refer to netsh.exe for implementation. The specific command is as follows:

1. netsh ras ip set addrassign method = pool

Use the address pool to allocate IP addresses;

2. netsh ras ip add range from = 192.168.3.1 to = 192.168.3.254

The address pool ranges from 192.168.3.1 to 192.168.3.254. A virtual internal address pool is used here;

3. netsh routing ip nat install

Install the NAT protocol;

4. netsh routing ip nat add interface = local connection mode = full

Set the local connection to an external Nic for address and port conversion. Note that the remoteregistry Service must be in the starting status;

5. netsh routing ip nat add interface = internal mode = private

Set the virtual network card as the internal address, which is an invisible network card virtualized by the operating system.

For pptp vpn, can penetrate the Intranet, can also be connected, L2TP/IPsec VPN using NAT-T technology, so that L2TP/IPsec VPN can cross the Intranet, of course, it can also be connected in series.