davidsergeant

网络七层图例详解

帧中继上配制OSPF

我这里有篇文章，《思科Catalyst1900交换机上速配VLAN》，是关于switch的vlan、vtp、trunk的，希望大家多提宝贵意见。

在NAT Internet User 路由中配置静态路由，使NAT路由器和Internet User之间相互通信
Internet(config)#ip route 0.0.0.0 0.0.0.0. 20.1.1.2
 
User(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
 
NAT (config)#ip route 3.3.3.0 255.255.255.0 10.1.1.1
NAT (config)#ip route 1.1.1.0 255.255.255.0 20.1.1.1
 
在使NAT路由器上配置静态NAT
NAT(config)#ip nat inside sostatic 10.1.1.1 20.1.1.2
NAT(config)#int s 2/3
NAT(config-if)#ip nat inside
NAT(config)#int s 2/1
NAT(config-if)#ip nat outside
 
在使Internet路由器上debug查看
Internet#
00:34:06: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.2
00:34:06: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.2
00:34:06: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.2
00:34:06: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.2
00:34:06: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.2
 
在使NAT路由器上配置PAT
NAT(config)#access-list 1 permit 10.1.1.0 0.0.0.255
NAT(config)#ip nat inside source lis 1 interface s 2/1 overload
NAT(config)#int s 2/3
NAT(config-if)#ip nat inside
NAT(config)#int s 2/1
NAT(config-if)#ip nat outside
 
在使Internet路由器上debug查看
Internet#
00:32:02: ICMP: echo reply sent, src 1.1.1.1, dst 10.1.1.1
Internet#
00:32:04: ICMP: echo reply sent, src 1.1.1.1, dst 10.1.1.1
Internet#
00:32:06: ICMP: echo reply sent, src 1.1.1.1, dst 10.1.1.1
Internet#
00:32:08: ICMP: echo reply sent, src 1.1.1.1, dst 10.1.1.1
Internet#
00:32:10: ICMP: echo reply sent, src 1.1.1.1, dst 10.1.1.1
 
在使NAT路由器上配置静态NAT
NAT(config)#ip nat pool NAT 20.1.1.3 20.1.1.7 netmask 255.255.255.248
NAT(config)#ip nat inside source lis的t 1 pool NAT
NAT(config)#int s 2/3
NAT(config-if)#ip nat inside
NAT(config)#int s 2/1
NAT(config-if)#ip nat outside
 
在使Internet路由器上debug查看
Internet#
00:39:04: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.3
00:39:04: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.3
00:39:04: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.3
00:39:04: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.3
00:39:04: ICMP: echo reply sent, src 1.1.1.1, dst 20.1.1.3

 [/img]..

在R1和R2上进行配置
Router>
Router>
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host R1
R1(config)#enabl sec cisco
R1(config)#no ip domain-lo
R1(config)#no ip http serv
R1(config)#line c 0
R1(config-line)#no exec-t
R1(config-line)#logg sy
R1(config-line)#pass cisco
R1(config-line)#line vty 0 4
R1(config-line)#pass cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#
 
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host R2
R2(config)#enabl sec cisco
R2(config)#no ip domain-lo
R2(config)#no ip http serv
R2(config)#line c 0
R2(config-line)#pass cisco
R2(config-line)#logg sy
R2(config-line)#no exec-t
R2(config-line)#line vty 0 4
R2(config-line)#login
R2(config-line)#pass cisco
R2(config-line)#exit
R2(config)#
 
在R1和R2上接口配置
R1#
00:05:15: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int lo 0
R1(config-if)#ip add 172.16.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int s 1/2
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#
00:06:05: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
R1(config-if)#
00:06:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to up
R1(config-if)#exit
R1(config)#exit
R1#sh
00:06:12: %SYS-5-CONFIG_I: Configured from console by console
R1#  
00:06:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to down
R1#
00:07:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to up
R1#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  administratively down down   
Ethernet0/1            unassigned      YES unset  administratively down down   
Ethernet0/2            unassigned      YES unset  administratively down down   
Ethernet0/3            unassigned      YES unset  administratively down down   
Serial1/0              unassigned      YES unset  administratively down down   
Serial1/1              unassigned      YES unset  administratively down down   
Serial1/2              192.168.0.1     YES manual up                    up     
Serial1/3              unassigned      YES unset  administratively down down   
Serial3/0              unassigned      YES unset  administratively down down   
Serial3/1              unassigned      YES unset  administratively down down   
Serial3/2              unassigned      YES unset  administratively down down   
Serial3/3              unassigned      YES unset  administratively down down   
Loopback0              172.16.0.1      YES manual up                    up     
R1#
 
R2#con
00:06:22: %SYS-5-CONFIG_I: Configured from console by console
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int lo 0
R2(config-if)#ip add 172.16.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int s 2/1
R2(config-if)#ip add 192.168.0.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#
00:07:07: %LINK-3-UPDOWN: Interface Serial2/1, changed state to up
R2(config-if)#
00:07:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to up
R2(config-if)#exit
R2(config)#exit
R2#sh ip
00:07:13: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  administratively down down   
Ethernet0/1            unassigned      YES unset  administratively down down   
Ethernet0/2            unassigned      YES unset  administratively down down   
Ethernet0/3            unassigned      YES unset  administratively down down   
Serial2/0              unassigned      YES unset  administratively down down   
Serial2/1              192.168.0.2     YES manual up                    up     
Serial2/2              unassigned      YES unset  administratively down down   
Serial2/3              unassigned      YES unset  administratively down down   
Serial3/0              unassigned      YES unset  administratively down down   
Serial3/1              unassigned      YES unset  administratively down down   
Serial3/2              unassigned      YES unset  administratively down down   
Serial3/3              unassigned      YES unset  administratively down down   
Loopback0              172.16.1.2      YES manual up                    up     
R2#
 
在R1和R2上配置RIPv2
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router rip
R1(config-router)#ver 2
R1(config-router)#net 172.168.0.0
R1(config-router)#net 192.168.0.0
R1(config-router)#exit
R1(config)#exit
R2#
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#route rip
% Ambiguous command:  "route rip"
R2(config)#router rip
R2(config-router)#v 
R2(config-router)#ve
R2(config-router)#version 2
R2(config-router)#net 172.16.1.0
R2(config-router)#net 192.168.0.0
R2(config-router)#
 
在R1和R2上用ping命令进行测试
 
 
R1#ping 192.168.0.2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/18/36 ms
R1#ping 172.16.1.2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/21/40 ms
 
在R1上配置密码
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#key chain R1
R1(config-keychain)#key 1
R1(config-keychain-key)#key-s
R1(config-keychain-key)#key-string cisco
R1(config-keychain-key)#exit
R1(config-keychain)#key 2
R1(config-keychain-key)#key-s
R1(config-keychain-key)#key-string cisco1
R1(config-keychain-key)#exit
R1(config-keychain)#exit
R1(config)#int s 1/2
R1(config-if)#ip rip auth
R1(config-if)#ip rip authentication mod
R1(config-if)#ip rip authentication mode ?
  md5   Keyed message digest
  text  Clear text authentication
 
R1(config-if)#ip rip authentication mode md5
R1(config-if)#ip rip au
R1(config-if)#ip rip authentication ke
R1(config-if)#ip rip authentication key-chain R1
R1(config-if)#exit
R1(config)#exit
 
在R2上配置密码
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#key ch
R2(config)#key chain R2
R2(config-keychain)#key 3
R2(config-keychain-key)#key
R2(config-keychain-key)#key-s
R2(config-keychain-key)#key-string cisco
R2(config-keychain-key)#exit
R2(config-keychain)#key 4
R2(config-keychain-key)#key-s
R2(config-keychain-key)#key-string cisco1
R2(config-keychain-key)#exit
R2(config-keychain)#exit
R2(config)#
R2(config)#int s 2/1
R2(config-if)#ip rip aut
R2(config-if)#ip rip authentication mod
R2(config-if)#ip rip authentication mode md5
R2(config-if)#ip rip aut
R2(config-if)#ip rip authentication ke
R2(config-if)#ip rip authentication key-chain R2
R2(config-if)#exit
 
在R2上再进行调试
R2#debug ip rip
RIP protocol debugging is on
R2#
00:52:35:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:52:35: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#clear ip route *
R2#
00:52:48: RIP: sending general request on Serial2/1 to 224.0.0.9
00:52:48: RIP: sending general request on Loopback0 to 224.0.0.9
00:52:48: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#
00:53:04: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:53:04:      172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:53:04: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.1.2)
00:53:04:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:53:04: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#
00:53:32: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:53:32:      172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:53:32: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.1.2)
00:53:32:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:53:32: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#
00:53:59: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:53:59:      172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:53:59: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.1.2)
00:53:59:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:53:59: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#
00:54:26: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:54:26:      172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:54:26: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.1.2)
00:54:26:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:54:26: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#
00:54:56: RIP: sending v2 update to 224.0.0.9 via Serial2/1 (192.168.0.2)
00:54:56:      172.16.0.0/16 -> 0.0.0.0, metric 1, tag 0
00:54:56: RIP: sending v2 update to 224.0.0.9 via Loopback0 (172.16.1.2)
00:54:56:      192.168.0.0/24 -> 0.0.0.0, metric 1, tag 0
00:54:56: RIP: ignored v2 packet from 172.16.1.2 (sourced from one of our addresses)
R2#u all
All possible debugging has been turned off
R2#[/img]..

这里有个，boson netsim 6.0内有注册机，共同提高吧！

一、Cisco 路由器口令类别
1．有效密码口令（enabled secret password）： 是一种安全级别最高的加密口令，适用于Cisco IOS 10.3 (2) 以后的版本，在路由器的配置表中以密码的形式出现。
2．有效口令（enabled password）：安全级别次高的非加密口令。当有效密码口令没设置时，使用该口令。
3．终端口令（console password）：用于防止非法或未授权用户修改路由器配置，在用户通过主控终端对路由器进行设置时，使用该口令。
��
二、口令恢复原理
1．内部内存种类（以2500系列为例）。Cisco 路由器保存了几种不同的配置参数，并存..

使用cisco pix 防火墙
    1.interface command
在配置用户接口的时候我们经常听到关于接口的专有名词
hardware_id指ethernet 0,e1,e2
interface_name指outside,inside,dmz
hardware_speed,通产设置为自动，但是cisco推荐我们手动配置速度.关于速度和你选择的网络传输介质有关.
no shutdown在router上用户激活这个端口，在pix中，没有no shutdown命令，只有使用到shutdown这个参数，主要用于管理关闭接口.
interface hardware_id hardware_speed [shutdown]
interface e0 auto
interface e1 auto
interface e..