综合作业二(1)

*综合作业二

综合作业二(1)

一、实验拓扑

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-wpE3rs4U-1625647415510)(C:\Users\lenovo\AppData\Roaming\Typora\typora-user-images\image-20210707151813475.png)]

二、配置IP地址

思路:1.由于题目没有给我限制IP地址的网段,所以我将四个路由器的网段依次设置为192.168.1.0——192.168.4.0网段,环回设置为1.1.1.1-4.4.4.4

[R1]interface s0/0/0
[R1-Serial0/0/0]ip add	
[R1-Serial0/0/0]ip address 192.168.1.1 24

[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 24
[R2]interface s0/0/0
[R2-Serial0/0/0]ip add	
[R2-Serial0/0/0]ip address 192.168.2.1 24

[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 24
[R3]interface s0/0/0
[R3-Serial0/0/0]ip add	
[R3-Serial0/0/0]ip address 192.168.3.1 24

[R3]interface LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 24
[R4]int	
[R4]interface e0/0/0
[R4-Ethernet0/0/0]ip address 192.168.4.1 24

[R4]interface LoopBack 0	
[R4-LoopBack0]ip address 4.4.4.4 24

[R5]interface s0/0/0
[R5-Serial0/0/0]ip address 192.168.1.2 24
[R5]interface s0/0/1
[R5-Serial0/0/1]ip address 192.168.2.2 24
[R5]interface s0/0/2
[R5-Serial0/0/2]ip address 192.168.3.2 24
[R5]interface e0/0/0	
[R5-Ethernet0/0/0]ip address 192.168.4.2 24

[R5]interface LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 24

*所有的IP地址和环回地址必须手工配置正确,最好标记在拓扑图上。

三、R1和R5间使用PPP的PAP认证,R5为主认证方

1、思路

1.在谈一下什么是PAP认证(PasswordAuthenticationProtocol 密码认证协议)——PAP 是 PPP 协议集中的一种链路控制协议,通过2次握手建立认证,对等结点持续重复发送 ID/ 密码(明文)给验证者,直至认证得到响应或连接终止,常见于PPPOE拨号环境中。

综合作业二(1)

2.首先我们先配置主认证方,R5为主认证方,因此我们应该在主认证方开启aaa模式,设置用户名密码。
[R5]aaa————————————————————————————进入aaa模式
[R5-aaa]local-user huawei 	————————————设置用户名——huawei
[R5-aaa]local-user huawei p	
[R5-aaa]local-user huawei password ?——————若忘记如何去写下一步的单词,可以在上一个句子后面加问号
  cipher  User password with cipher text

[R5-aaa]local-user huawei password ?
  cipher  User password with cipher text
	
[R5-aaa]local-user huawei password cipher 12345——————设置密码——12345
Info: Add a new user.————————增添了新用户

*注:AAA是Authentication(认证)、Authorization(授权)和Accounting(计费)的简称,是网络安全的一种管理机制,提供了认证、授权、计费三种安全功能。
这三种安全功能的具体作用如下:

认证:验证用户是否可以获得网络访问权。
授权:授权用户可以使用哪些服务。
计费:记录用户使用网络资源的情况。
用户可以使用AAA提供的一种或多种安全服务。例如,公司仅仅想让员工在访问某些特定资源的时候进行身份认证,那么网络管理员只要配置认证服务器即可。但是若希望对员工使用网络的情况进行记录,那么还需要配置计费服务器。
如上所述,AAA是一种管理框架,它提供了授权部分用户去访问特定资源,同时可以记录这些用户操作行为的一种安全机制,因其具有良好的可扩展性,并且容易实现用户信息的集中管理而被广泛使用。AAA可以通过多种协议来实现,在实际应用中,最常使用RADIUS协议。

3.在主认证方的路由器连接被认证方的路由器端口上配置服务类型
[R5-aaa]int s0/0/0——————主认证方连接被认证方的端口为Serial0/0/0
[R5-Serial0/0/0]link	
[R5-Serial0/0/0]link-protocol ppp
[R5-Serial0/0/0]ppp auth	
[R5-Serial0/0/0]ppp authentication-mode pap——————开启pap认证
Jul  7 2021 15:54:45-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
4.配置被认证端
[R1]int s0/0/0————找见主认证端连接的端口
[R1-Serial0/0/0]link	
[R1-Serial0/0/0]link-protocol ppp————进入ppp模式
[R1-Serial0/0/0]ppp pap l	
[R1-Serial0/0/0]ppp pap local-user huawei
[R1-Serial0/0/0]ppp pap local-user huawei p	
[R1-Serial0/0/0]ppp pap local-user huawei password c	
[R1-Serial0/0/0]ppp pap local-user huawei password cipher 12345——————输入账号和密码
Jul  7 2021 16:00:55-08:00 R1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.————————增添记录

*若不报错R1和R5间使用PPP的PAP认证,R5为主认证方的任务成功!

四、R2和R5间使用PPP的CHAP认证,R5为主认证方

1、思路

1.在谈一下什么是CHAP认证(ChallengeHandshakeAuthenticationProtocol 质询握手认证协议)——CHAP通过三次握手验证被认证方的身份(密文),在初始链路建立时完成,为了提高安全性,在链路建立之后周期性进行验证,目前在企业网的远程接入环境中用的比较常见。

综合作业二(1)

2.和第三模块一样,只不过把服务从PAP改成CHAP,配置思路大致相同。

*对主认证方的路由器进行配置

[R5]aaa
[R5-aaa]local-user huawei666 p	
[R5-aaa]local-user huawei666 password c	
[R5-aaa]local-user huawei666 password cipher 54321——这里的用户名密码不能和刚刚配过的PAP的用户名密码一样
Info: Add a new user.——————增添记录
[R5-aaa]
Jul  7 2021 16:25:35-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 10, the c
hange loop count is 0, and the maximum number of records is 4095.
R5-aaa]int	
[R5-aaa]int s0/0/1
[R5-Serial0/0/1]link-	
[R5-Serial0/0/1]link-protocol ppp
[R5-Serial0/0/1]ppp a	
[R5-Serial0/0/1]ppp authentication-mode chap————开启ppp下的chap认证
Jul  7 2021 16:28:25-08:00 R5 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 11, the c
hange loop count is 0, and the maximum number of records is 4095.

*对被认证方的路由器进行配置

[R2]
[R2]int s0/0/0
[R2-Serial0/0/0]link	
[R2-Serial0/0/0]link-protocol ppp
[R2-Serial0/0/0]ppp chap 		
[R2-Serial0/0/0]ppp chap user huawei666 
Jul  7 2021 16:37:16-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.	
[R2-Serial0/0/0]ppp chap password 	
[R2-Serial0/0/0]ppp chap password c	
[R2-Serial0/0/0]ppp chap password cipher 54321
[R2-Serial0/0/0]
Jul  7 2021 16:37:36-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.————增添记录

*若不报错说明R2和R5间使用PPP的CHAP认证,R5为主认证方任务成功!

五、R3与R5间使用HDLC封装

1、思路

1.谈一下什么是HDLC封装高级数据链路控制(High-Level Data Link Control或简称HDLC)—— 串线链路上的二层封装技术 属于点到点网络类型
2.配置
a.对R3进行配置
[R3]interface s0/0/0
[R3-Serial0/0/0]link	
[R3-Serial0/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. 
Continue? [Y/N]:y
Jul  7 2021 16:54:12-08:00 R3 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed 
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
Jul  7 2021 16:54:12-08:00 R3 %%01PHY/1/PHY(l)[1]:    Serial0/0/0: change status
 to down
Jul  7 2021 16:54:12-08:00 R3 %%01PPP/4/PHYSICALDOWN(l)[2]:On the interface Seri
al0/0/0, PPP link was closed because the status of the physical layer was Down.
Jul  7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
 on the interface Serial0/0/0 has entered the DOWN state.
Jul  7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP
 IPCP on the interface Serial0/0/0 has entered the DOWN state.
[R3-Serial0/0/0]
Jul  7 2021 16:54:12-08:00 R3 %%01PHY/1/PHY(l)[5]:    Serial0/0/0: change status
 to up
Jul  7 2021 16:54:12-08:00 R3 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol IP 
on the interface Serial0/0/0 has entered the UP state.
Jul  7 2021 16:54:16-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.s
b.对R5进行配置
[R5]int	
[R5]interface s0/0/2
[R5-Serial0/0/2]link	
[R5-Serial0/0/2]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. 
Continue? [Y/N]:y
Jul  7 2021 16:56:28-08:00 R5 %%01IFNET/4/CHANGE_ENCAP(l)[0]:The user performed 
the configuration that will change the encapsulation protocol of the link and th
en selected Y.
Jul  7 2021 16:56:28-08:00 R5 %%01PHY/1/PHY(l)[1]:    Serial0/0/2: change status
 to down
[R5-Serial0/0/2]
Jul  7 2021 16:56:29-08:00 R5 %%01PHY/1/PHY(l)[2]:    Serial0/0/2: change status
 to up
Jul  7 2021 16:56:29-08:00 R5 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP 
on the interface Serial0/0/2 has entered the UP state.

六、缺省路由

1、思路

1.缺省路由 –一条不限定目标的路由;查表时,路由器在查询完本地所有直连、静态、动态路由后,若依然没有可达路径才使用该条目**

2、缺省路由的配置公式

ip route-static 0.0.0.0 + 0+下一跳地址

3、配置路由

R1:ip route-static 0.0.0.0 0 192.168.1.2
R2:ip route-static 0.0.0.0 0 192.168.2.2
R3:ip route-static 0.0.0.0 0 192.168.3.2
R4:ip route-static 0.0.0.0 0 192.168.4.2

七、net

[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
Jul  7 2021 17:45:28-08:00 R1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R1]int s0/0/0
[R1-Serial0/0/0]nat out	
[R1-Serial0/0/0]nat outbound 2000
[R1-Serial0/0/0]dis nat 	
[R1-Serial0/0/0]dis nat out
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 Serial0/0/0                  2000                    1.1.168.192    easyip  
 --------------------------------------------------------------------------
  Total : 1

[R2]acl 2000
[R2-acl-basic-2000]
Jul  7 2021 18:04:08-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R2-acl-basic-2000]rule 5 permit source 192.168.2.0 0.0.0.255
[R2-acl-basic-2000]
Jul  7 2021 18:04:28-08:00 R2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.q
[R2]int s0/0/0
[R2-Serial0/0/0]nat o	
[R2-Serial0/0/0]nat outbound 2000
[R2-Serial0/0/0]dis nat out
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 Serial0/0/0                  2000                    1.2.168.192    easyip  
 --------------------------------------------------------------------------
  Total : 1

[R3]acl 2000
[R3-acl-basic-2000]
Jul  7 2021 18:05:48-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R3-acl-basic-2000]rule 5 p	
[R3-acl-basic-2000]rule 5 permit s	
[R3-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255
Jul  7 2021 18:06:18-08:00 R3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R3-acl-basic-2000]q
[R3]int s0/0/0
[R3-Serial0/0/0]nat	
[R3-Serial0/0/0]nat ou	
[R3-Serial0/0/0]nat outbound 2000
[R3-Serial0/0/0]dis nat out
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 Serial0/0/0                  2000                    1.3.168.192    easyip  
 --------------------------------------------------------------------------
  Total : 1

[R4]acl 2000
[R4-acl-basic-2000]rule 5 p	
[R4-acl-basic-2000]rule 5 permit s	
[R4-acl-basic-2000]rule 5 permit source 192.168.4.0 0.0.0.255
[R4-acl-basic-2000]q
Jul  7 2021 18:08:58-08:00 R4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095.
[R4]int e0/0/0
[R4-Ethernet0/0/0]nat out	
[R4-Ethernet0/0/0]nat outbound 2000
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]
[R4-Ethernet0/0/0]dis nat out
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 Ethernet0/0/0                2000                    1.4.168.192    easyip  
 --------------------------------------------------------------------------
  Total : 1

上一篇:ospf分流实验


下一篇:6.数据处理指令