综合作业二(1)
作者:互联网
*综合作业二
一、实验拓扑
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wpE3rs4U-1625647415510)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20210707151813475.png)]
二、配置IP地址
思路:1.由于题目没有给我限制IP地址的网段,所以我将四个路由器的网段依次设置为192.168.1.0——192.168.4.0网段,环回设置为1.1.1.1-4.4.4.4
[R1]interface s0/0/0
[R1-Serial0/0/0]ip add
[R1-Serial0/0/0]ip address 192.168.1.1 24
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 24
[R2]interface s0/0/0
[R2-Serial0/0/0]ip add
[R2-Serial0/0/0]ip address 192.168.2.1 24
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 24
[R3]interface s0/0/0
[R3-Serial0/0/0]ip add
[R3-Serial0/0/0]ip address 192.168.3.1 24
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 24
[R4]int
[R4]interface e0/0/0
[R4-Ethernet0/0/0]ip address 192.168.4.1 24
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 4.4.4.4 24
[R5]interface s0/0/0
[R5-Serial0/0/0]ip address 192.168.1.2 24
[R5]interface s0/0/1
[R5-Serial0/0/1]ip address 192.168.2.2 24
[R5]interface s0/0/2
[R5-Serial0/0/2]ip address 192.168.3.2 24
[R5]interface e0/0/0
[R5-Ethernet0/0/0]ip address 192.168.4.2 24
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 24
*所有的IP地址和环回地址必须手工配置正确,最好标记在拓扑图上。
三、R1和R5间使用PPP的PAP认证,R5为主认证方
1、思路
1.在谈一下什么是PAP认证(PasswordAuthenticationProtocol 密码认证协议)——PAP 是 PPP 协议集中的一种链路控制协议,通过2次握手建立认证,对等结点持续重复发送 ID/ 密码(明文)给验证者,直至认证得到响应或连接终止,常见于PPPOE拨号环境中。
2.首先我们先配置主认证方,R5为主认证方,因此我们应该在主认证方开启aaa模式,设置用户名密码。
[R5]aaa————————————————————————————进入aaa模式
[R5-aaa]local-user huawei ————————————设置用户名——huawei
[R5-aaa]local-user huawei p
[R5-aaa]local-user huawei password ?——————若忘记如何去写下一步的单词,可以在上一个句子后面加问号
cipher User password with cipher text
[R5-aaa]local-user huawei password ?
cipher User password with cipher text
[R5-aaa]local-user huawei password cipher 12345——————设置密码——12345
Info: Add a new user.————————增添了新用户
*注:AAA是Authentication(认证)、Authorization(授权)和Accounting(计费)的简称,是网络安全的一种管理机制,提供了认证、授权、计费三种安全功能。
这三种安全功能的具体作用如下:
认证:验证用户是否可以获得网络访问权。
授权:授权用户可以使用哪些服务。
计费:记录用户使用网络资源的情况。
用户可以使用AAA提供的一种或多种安全服务。例如,公司仅仅想让员工在访问某些特定资源的时候进行身份认证,那么网络管理员只要配置认证服务器即可。但是若希望对员工使用网络的情况进行记录,那么还需要配置计费服务器。
如上所述,AAA是一种管理框架,它提供了授权部分用户去访问特定资源,同时可以记录这些用户操作行为的一种安全机制,因其具有良好的可扩展性,并且容易实现用户信息的集中管理而被广泛使用。AAA可以通过多种协议来实现,在实际应用中,最常使用RADIUS协议。
3.在主认证方的路由器连接被认证方的路由器端口上配置服务类型
[R5-aaa]int s0/0/0——————主认证方连接被认证方的端口为Serial0/0/0
[R5-Serial0/0/0]link
[R5-Serial0/0/0]link-protocol ppp
[R5-Serial0/0/0]ppp auth
[R5-Serial0/0/0]ppp authentication-mode pap——————开启pap认证
Jul 7 2021 15:54:45-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
4.配置被认证端
[R1]int s0/0/0————找见主认证端连接的端口
[R1-Serial0/0/0]link
[R1-Serial0/0/0]link-protocol ppp————进入ppp模式
[R1-Serial0/0/0]ppp pap l
[R1-Serial0/0/0]ppp pap local-user huawei
[R1-Serial0/0/0]ppp pap local-user huawei p
[R1-Serial0/0/0]ppp pap local-user huawei password c
[R1-Serial0/0/0]ppp pap local-user huawei password cipher 12345——————输入账号和密码
Jul 7 2021 16:00:55-08:00 R1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.————————增添记录
*若不报错R1和R5间使用PPP的PAP认证,R5为主认证方的任务成功!
四、R2和R5间使用PPP的CHAP认证,R5为主认证方
1、思路
1.在谈一下什么是CHAP认证(ChallengeHandshakeAuthenticationProtocol 质询握手认证协议)——CHAP通过三次握手验证被认证方的身份(密文),在初始链路建立时完成,为了提高安全性,在链路建立之后周期性进行验证,目前在企业网的远程接入环境中用的比较常见。
2.和第三模块一样,只不过把服务从PAP改成CHAP,配置思路大致相同。
*对主认证方的路由器进行配置
[R5]aaa
[R5-aaa]local-user huawei666 p
[R5-aaa]local-user huawei666 password c
[R5-aaa]local-user huawei666 password cipher 54321——这里的用户名密码不能和刚刚配过的PAP的用户名密码一样
Info: Add a new user.——————增添记录
[R5-aaa]
Jul 7 2021 16:25:35-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 10, the c
hange loop count is 0, and the maximum number of records is 4095.
R5-aaa]int
[R5-aaa]int s0/0/1
[R5-Serial0/0/1]link-
[R5-Serial0/0/1]link-protocol ppp
[R5-Serial0/0/1]ppp a
[R5-Serial0/0/1]ppp authentication-mode chap————开启ppp下的chap认证
Jul 7 2021 16:28:25-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 11, the c
hange loop count is 0, and the maximum number of records is 4095.
*对被认证方的路由器进行配置
[R2]
[R2]int s0/0/0
[R2-Serial0/0/0]link
[R2-Serial0/0/0]link-protocol ppp
[R2-Serial0/0/0]ppp chap
[R2-Serial0/0/0]ppp chap user huawei666
Jul 7 2021 16:37:16-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R2-Serial0/0/0]ppp chap password
[R2-Serial0/0/0]ppp chap password c
[R2-Serial0/0/0]ppp chap password cipher 54321
[R2-Serial0/0/0]
Jul 7 2021 16:37:36-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.————增添记录
*若不报错说明R2和R5间使用PPP的CHAP认证,R5为主认证方任务成功!
五、R3与R5间使用HDLC封装
1、思路
1.谈一下什么是HDLC封装高级数据链路控制(High-Level Data Link Control或简称HDLC)—— 串线链路上的二层封装技术 属于点到点网络类型
2.配置
a.对R3进行配置
[R3]interface s0/0/0
[R3-Serial0/0/0]link
[R3-Serial0/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Jul 7 2021 16:54:12-08:00 R3 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
Jul 7 2021 16:54:12-08:00 R3 %%01PHY/1/PHY(l)[1]: Serial0/0/0: change status
to down
Jul 7 2021 16:54:12-08:00 R3 %%01PPP/4/PHYSICALDOWN(l)[2]:On the interface Seri
al0/0/0, PPP link was closed because the status of the physical layer was Down.
Jul 7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
on the interface Serial0/0/0 has entered the DOWN state.
Jul 7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP
IPCP on the interface Serial0/0/0 has entered the DOWN state.
[R3-Serial0/0/0]
Jul 7 2021 16:54:12-08:00 R3 %%01PHY/1/PHY(l)[5]: Serial0/0/0: change status
to up
Jul 7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol IP
on the interface Serial0/0/0 has entered the UP state.
Jul 7 2021 16:54:16-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.s
b.对R5进行配置
[R5]int
[R5]interface s0/0/2
[R5-Serial0/0/2]link
[R5-Serial0/0/2]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
Jul 7 2021 16:56:28-08:00 R5 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
Jul 7 2021 16:56:28-08:00 R5 %%01PHY/1/PHY(l)[1]: Serial0/0/2: change status
to down
[R5-Serial0/0/2]
Jul 7 2021 16:56:29-08:00 R5 %%01PHY/1/PHY(l)[2]: Serial0/0/2: change status
to up
Jul 7 2021 16:56:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP
on the interface Serial0/0/2 has entered the UP state.
六、缺省路由
1、思路
1.缺省路由 –一条不限定目标的路由;查表时,路由器在查询完本地所有直连、静态、动态路由后,若依然没有可达路径才使用该条目**
2、缺省路由的配置公式
ip route-static 0.0.0.0 + 0+下一跳地址
3、配置路由
R1:ip route-static 0.0.0.0 0 192.168.1.2
R2:ip route-static 0.0.0.0 0 192.168.2.2
R3:ip route-static 0.0.0.0 0 192.168.3.2
R4:ip route-static 0.0.0.0 0 192.168.4.2
七、net
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
Jul 7 2021 17:45:28-08:00 R1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R1]int s0/0/0
[R1-Serial0/0/0]nat out
[R1-Serial0/0/0]nat outbound 2000
[R1-Serial0/0/0]dis nat
[R1-Serial0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Serial0/0/0 2000 1.1.168.192 easyip
--------------------------------------------------------------------------
Total : 1
[R2]acl 2000
[R2-acl-basic-2000]
Jul 7 2021 18:04:08-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R2-acl-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]
Jul 7 2021 18:04:28-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.q
[R2]int s0/0/0
[R2-Serial0/0/0]nat o
[R2-Serial0/0/0]nat outbound 2000
[R2-Serial0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Serial0/0/0 2000 1.2.168.192 easyip
--------------------------------------------------------------------------
Total : 1
[R3]acl 2000
[R3-acl-basic-2000]
Jul 7 2021 18:05:48-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R3-acl-basic-2000]rule 5 p
[R3-acl-basic-2000]rule 5 permit s
[R3-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255
Jul 7 2021 18:06:18-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R3-acl-basic-2000]q
[R3]int s0/0/0
[R3-Serial0/0/0]nat
[R3-Serial0/0/0]nat ou
[R3-Serial0/0/0]nat outbound 2000
[R3-Serial0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Serial0/0/0 2000 1.3.168.192 easyip
--------------------------------------------------------------------------
Total : 1
[R4]acl 2000
[R4-acl-basic-2000]rule 5 p
[R4-acl-basic-2000]rule 5 permit s
[R4-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
Jul 7 2021 18:08:58-08:00 R4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R4]int e0/0/0
[R4-Ethernet0/0/0]nat out
[R4-Ethernet0/0/0]nat outbound 2000
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]dis nat out
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
Ethernet0/0/0 2000 1.4.168.192 easyip
--------------------------------------------------------------------------
Total : 1
标签:R5,Serial0,R2,R3,08,作业,number,综合 来源: https://blog.csdn.net/yulong0816/article/details/118551592