6.5

接昨日实验代码:

Rs路由器

Router>enable

Router#

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#ip address 201.10.8.2 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

 

Router(config-if)#interface loopback 0

 

Router(config-if)#

%LINK-5-CHANGED: Interface Loopback0, changed state to up

 

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

 

Router(config-if)#ip address 201.1.1.1 255.255.255.0

Router(config-if)#no shutdown

 

步骤9:在Ra和Rb上配置广域网链路,启用PPP协议和配置PAP认证 两台路由器

Ra路由器

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

 

Router(config-if)#ppp pap sent-username Ra password 0 123

Router(config-if)#exit

 

Rb路由器

Router(config)#username Ra password 0 123

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#encapsulation ppp

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up

 

Router(config-if)#ppp authentication pap

Router(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down

 

Router(config-if)#exit

步骤10:运用RIPv2路由协议,在企业内网实现全网路由互通,用静态路由实现企业内网到互联网的访问 两台三层交换机(上面)和两台路由器

左边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 10.1.1.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

 

右边

Switch(config)#route rip

Switch(config-router)#version 2

Switch(config-router)#network 20.2.2.0

Switch(config-router)#network 192.168.10.0

Switch(config-router)#network 192.168.20.0

Switch(config-router)#network 192.168.30.0

Switch(config-router)#exit

Switch(config)#ip route 0.0.0.0 0.0.0.0 20.2.2.1

 

Ra

Router(config)#route rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#network 10.1.1.0

Router(config-router)#network 20.2.2.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

 

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

 

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

 

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 10.0.0.0/8 [120/7] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 10.1.1.0/24 is directly connected, FastEthernet0/0

20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R 20.0.0.0/8 [120/6] via 10.1.1.2, 00:00:03, FastEthernet0/0

C 20.2.2.0/24 is directly connected, FastEthernet1/0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/24 is directly connected, Serial2/0

C 192.168.1.2/32 is directly connected, Serial2/0

R 192.168.10.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

[120/1] via 20.2.2.2, 00:00:03, FastEthernet1/0

R 192.168.20.0/24 [120/1] via 10.1.1.2, 00:00:25, FastEthernet0/0

--More--

 

Rb

Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#no auto-summary

Router(config-router)#network 192.168.1.0

Router(config-router)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 201.10.8.2

 

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

 

Gateway of last resort is 201.10.8.2 to network 0.0.0.0

 

192.168.1.0/32 is subnetted, 1 subnets

C 192.168.1.1 is directly connected, Serial2/0

C 201.10.8.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 201.10.8.2

 

步骤11:在路由器Rb上做NAT实现内网对外网的访问,可用的公网地址包括201.10.8.3/24—201.10.8.10/24 一台路由器Rb

Rb

Router(config)#interface Serial2/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#

Router(config-if)#exit

Router(config)#interface FastEthernet0/0

Router(config-if)#ip nat outside

Router(config-if)#exit

Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.20.0 0.0.0.255

Router(config)#access-list 1 permit 192.168.30.0 0.0.0.255

Router(config)#ip nat pool internet 201.10.8.3 201.10.8.10 netmask 255.255.255.0

Router(config)#ip nat inside source list 1 pool internet

Router(config)#exit

 

步骤12:为了控制内网对互联网的访问,在路由器Rb上做访问控制列表 一台路由器

Rb

Router(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 any

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.30.0 0.0.0.255 any eq 80

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 21

Router(config)#access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 20

Router(config)#access-list 101 deny tcp 192.168.10.0 0.0.0.255 any

Router(config)#access-list 101 deny tcp 192.168.30.0 0.0.0.255 any

Router(config)#access-list 101 permit ip any any

Router(config)#Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Router(config)#interface Serial2/0

Router(config-if)#ip access-group 101 in

Router(config-if)#exit

 

Router#show access-lists

Standard IP access list 1

10 permit 192.168.10.0 0.0.0.255

20 permit 192.168.20.0 0.0.0.255

30 permit 192.168.30.0 0.0.0.255

Extended IP access list 101

10 deny ip 192.168.20.0 0.0.0.255 any

20 permit tcp 192.168.10.0 0.0.0.255 any eq www

30 permit tcp 192.168.30.0 0.0.0.255 any eq www

40 permit tcp 192.168.10.0 0.0.0.255 any eq ftp

50 permit tcp 192.168.10.0 0.0.0.255 any eq 20

60 deny tcp 192.168.10.0 0.0.0.255 any

70 deny tcp 192.168.30.0 0.0.0.255 any

80 permit ip any any

posted @   意い十三章  阅读(180)  评论(0编辑  收藏  举报
相关博文:
· 每日总结11.2
· 每日总结11.6
· 6.5号今日总结
· 6.2号今日总结
· 6.13学习内容
阅读排行:
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)
点击右上角即可分享
微信分享提示