0301_互連模拟

拓撲圖：

測試：

NORTH-R-14#sh ip na tr

Pro Inside global Inside local Outside local Outside global

udp 192.168.21.223:52813 10.10.10.50:52813 8.8.8.8:53 8.8.8.8:53

icmp192.168.21.223:1 10.10.10.50:1 192.168.21.254 192.168.21.254

udp 192.168.21.223:59348 10.10.10.50:59348 183.60.14.60:8000 183.60.14.60:8000

NORTH-R-14#

要求：

1.内網中的所有主機隻能通過位址轉換通路INTERNET。

2.使用兩條ACL規則實作，交換機CORE-S-A上的網段ACL号使用10，交換機CORE-S-B上的網段ACL号使用30。

3.禁VLAN9和VLAN60上班時間通路外網（上班時間為周一至周五的9：00—18：00和周六的9：00—12：00）（10分）

4.禁止diannao部門通路guanli部門，但guanli部門可以通路diannao部門。（16分）

5.将内網WEB伺服器釋出到外網，使得外網能通過路由器的接口位址通路到内網的WEB伺服器。

6.允許整個内部網絡到外網的下載下傳速率最大為2Mbps；為内網出外網時設定qos，分别為VLAN8保留20%，VLAN2保留10%的帶寬，VLAN30保留800Kbps帶寬。（25分）

配置檔案：

hostname NORTH-R-14

aaa new-model

aaa authentication login login local

aaa authentication ppp FROMS local

aaa authentication ppp l2tp local

time-range work

periodic Weekdays 8:59 to 17:59

periodic Weekend 8:59 to 11:59

username userdce password chappass

username teluser password admin

username l2tp password l2tp

ip access-list standard 1

10 permit 172.16.1.0 0.0.0.255

20 permit 10.10.10.0 0.0.0.255

ip access-list standard 2

10 permit 10.10.10.16 0.0.0.15

ip access-list standard 8

10 permit 10.10.10.112 0.0.0.15

ip access-list standard 30

10 permit 172.16.1.128 0.0.0.63

ip access-list extended 100

10 permit ip any 10.10.10.0 0.0.0.255

20 permit ip any 192.168.100.0 0.0.0.255

30 permit ip any 2.2.14.0 0.0.0.255

40 deny ip 172.16.1.192 0.0.0.63 any time-range work

50 permit ip any any

ip local pool l2tp 192.168.200.1 192.168.200.254

vpdn enable

vpdn-group l2tp

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

l2tp tunnel authentication

l2tp tunnel password l2tp

class-map match-all vlan2

match access-group 2

class-map match-all vlan8

match access-group 8

class-map match-all vlan30

match access-group 30

policy-map 1

class vlan2

bandwidth percent 10

class vlan8

bandwidth percent 20

class vlan30

police cir 800000 80000 80000 conform-action drop exceed-action drop

interface Serial 2/0

encapsulation PPP

ppp authentication chap pap FROMS

ppp chap hostname userdte

ppp chap password chappass

ip nat inside

ip address 2.2.14.2 255.255.255.252

clock rate 64000

interface FastEthernet 0/0

ip nat outside

ip address 192.168.21.214 255.255.255.0

rate-limit input 2000000 200000 200000 conform-action continue exceed-action drop

interface FastEthernet 0/1

ip access-group 100 in

ip address 192.168.100.9 255.255.255.252

service-policy output 1

interface Loopback 0

ip address 1.1.1.2 255.255.255.255

interface Loopback 10

ip address 192.168.200.1 255.255.255.0

interface Virtual-Template 1

ppp authentication pap l2tp

ip unnumbered Loopback 10

peer default ip address pool l2tp

ip nat pool connectpool 192.168.21.215 192.168.21.235 netmask 255.255.255.0

ip nat inside source list 1 pool connectpool overload

router ospf 10

router-id 1.1.1.2

redistribute rip subnets

network 2.2.14.0 0.0.0.3 area 0

default-information originate always

router rip

version 2

network 192.168.100.0

no auto-summary

redistribute ospf 10 metric 1

default-information originate

ip route 0.0.0.0 0.0.0.0 192.168.21.254

ip route 10.0.0.0 255.255.255.0 192.168.200.254

line vty 0 4

exec-timeout 0 90

end

NORTH-R-14#sh ip rou

S* 0.0.0.0/0 [1/0] via 192.168.21.254

C 1.1.1.2/32 is local host.

C 2.2.14.0/30 is directly connected, Serial 2/0

C 2.2.14.1/32 is directly connected, Serial 2/0

C 2.2.14.2/32 is local host.

S 10.0.0.0/24 [1/0] via 192.168.200.254

O E2 10.10.10.0/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.16/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.32/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.48/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.64/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.80/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.96/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.112/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.128/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 10.10.10.144/28 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

R 172.16.1.0/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.64/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.128/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

R 172.16.1.192/26 [120/1] via 192.168.100.10, 09:48:13, FastEthernet 0/1

C 192.168.21.0/24 is directly connected, FastEthernet 0/0

C 192.168.21.214/32 is local host.

O E2 192.168.100.0/30 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

O E2 192.168.100.4/30 [110/20] via 2.2.14.1, 09:42:00, Serial 2/0

C 192.168.100.8/30 is directly connected, FastEthernet 0/1

C 192.168.100.9/32 is local host.

C 192.168.200.0/24 is directly connected, Loopback 10

C 192.168.200.1/32 is local host.

C 192.168.200.254/32 is directly connected, virtual-access 0

NORTH-R-14#sh ip int b

Interface IP-Address(Pri) IP-Address(Sec) Status Protocol

Serial 2/0 2.2.14.2/30 no address up up

Serial 3/0 no address no address down down

Serial 4/0 no address no address down down

FastEthernet 0/0 192.168.21.214/24 no address up up

FastEthernet 0/1 192.168.100.9/30 no address up up

Loopback 0 1.1.1.2/32 no address up up

Loopback 10 192.168.200.1/24 no address up up

Virtual-Template 1 192.168.200.1/24 no address down down

virtual-access 0 192.168.200.1/24 no address up up

NORTH-R-14#sh vp

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocID RemID Remote Name State Remote Address Port Sessions L2TP Class/

VPDN Group

2079 2 SOUTH-R-14 est 2.2.14.1 1701 1 l2tp

LocID RemID TunID Username, Intf/ State Last Chg

Vcid, Circuit

1 1 2079 l2tp,va0 est 00:03:13

hostname SOUTH-R-14

username userdte password chappass

enable password star14

l2tp-class l2tp

authentication

password l2tp

pseudowire-class l2tp

encapsulation l2tpv2

protocol l2tpv2 l2tp

ip local interface Serial 2/0

ppp chap hostname userdce

ip address 2.2.14.1 255.255.255.252

ip address 192.168.100.1 255.255.255.252

ip address 192.168.100.5 255.255.255.252

ip address 1.1.1.1 255.255.255.255

ip address 192.168.14.193 255.255.255.255

interface Virtual-ppp 1

ppp pap sent-username l2tp password l2tp

ip address 192.168.200.254 255.255.255.0

pseudowire 2.2.14.2 11 encapsulation l2tpv2 pw-class l2tp

router ospf 1

router-id 1.1.1.1

redistribute ospf 1 metric 1

ip route 172.16.0.0 255.255.0.0 Virtual-ppp 1

SOUTH-R-14#SH IP ROU

O*E2 0.0.0.0/0 [110/1] via 2.2.14.2, 09:41:15, Serial 2/0

C 1.1.1.1/32 is local host.

C 2.2.14.1/32 is local host.

C 2.2.14.2/32 is directly connected, Serial 2/0

R 10.10.10.0/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

[120/1] via 192.168.100.6, 10:56:58, FastEthernet 0/1

R 10.10.10.16/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

[120/1] via 192.168.100.6, 10:56:58, FastEthernet 0/1

R 10.10.10.32/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.48/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.64/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.80/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.96/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.112/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

[120/1] via 192.168.100.6, 10:56:58, FastEthernet 0/1

R 10.10.10.128/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

R 10.10.10.144/28 [120/1] via 192.168.100.2, 10:56:58, FastEthernet 0/0

S 172.16.0.0/16 is directly connected, Virtual-ppp 1

O E2 172.16.1.0/26 [110/20] via 2.2.14.2, 09:41:15, Serial 2/0

O E2 172.16.1.64/26 [110/20] via 2.2.14.2, 09:41:15, Serial 2/0

O E2 172.16.1.128/26 [110/20] via 2.2.14.2, 09:41:15, Serial 2/0

O E2 172.16.1.192/26 [110/20] via 2.2.14.2, 09:41:15, Serial 2/0

C 192.168.14.193/32 is local host.

C 192.168.100.0/30 is directly connected, FastEthernet 0/0

C 192.168.100.1/32 is local host.

C 192.168.100.4/30 is directly connected, FastEthernet 0/1

C 192.168.100.5/32 is local host.

O E2 192.168.100.8/30 [110/20] via 2.2.14.2, 09:41:15, Serial 2/0

C 192.168.200.0/24 is directly connected, Virtual-ppp 1

C 192.168.200.1/32 is directly connected, Virtual-ppp 1

C 192.168.200.254/32 is local host.

SOUTH-R-14#SH VPDN

2 2079 NORTH-R-14 est 2.2.14.2 1701 1 l2tp

1 1 2 11,vp1 est 00:02:18

SOUTH-R-14#SH IP INT B

Interface IP-Address(Pri) OK? Status

Serial 2/0 2.2.14.1/30 YES UP

Serial 3/0 no address YES DOWN

Serial 4/0 no address YES DOWN

FastEthernet 0/0 192.168.100.1/30 YES UP

FastEthernet 0/1 192.168.100.5/30 YES UP

Loopback 0 1.1.1.1/32 YES UP

Loopback 10 192.168.14.193/32 YES UP

Virtual-ppp 1 192.168.200.254/24 YES UP

SOUTH-R-14#

本文轉自810105851 51CTO部落格，原文連結：http://blog.51cto.com/4708948/1144099，如需轉載請自行聯系原作者

0301_互連模拟

繼續閱讀

RMI vs Socket 比較

Rmi和Socket比較

RMI 和 Socket 差別簡介

網絡連接配接錯誤代碼大全及解決方法

HTTP 錯誤 403.9 - 禁止通路：連接配接的使用者過多 XP IIS伺服器連接配接數的修改

TCP和UDP傳輸的深入淺析,MSN和QQ檔案傳輸速度解析

UECapabilityInformation中bandEUTRA 64的含義

網絡通信原理OSI參考模型TCP/IP協定簇數值轉換IP位址分類子網路遮罩

QQ for Linux釋出帶來的感想。

事務（髒讀，不可重複讀，虛讀）

華為交換機與中興交換機結合配置MSTP執行個體

Socket套接字類 AS3

2.6核心netfilter包截獲

網絡協定之網頁資料包到伺服器的傳輸過程

圖解HTTP八：确認通路使用者身份的認證

在一個非套接字上嘗試了一個操作