文章详细描述了RT1、RT2路由器通过RIP和RIPng协议互相发布路由,并使用route-map、ACL进行控制。同时,路由器间还通过chap认证和ISIS协议实现IPv4和IPv6互通,以及FW1配置NAT和NAT64以满足不同部门的互联网访问需求。
- RT1串行链路、RT2串行链路、FW1、AC1之间分别运行RIP和RIPng协议,FW1、RT1、RT2的RIP和RIPng发布loopback2地址路由,AC1 RIP发布loopback2地址路由,AC1 RIPng采用route-map匹配prefix-list重发布loopback2地址路由。RT1配置offset值为3的路由策略,实现RT1-S1/0_RT2-S1/1为主链路,RT1-S1/1_RT2-S1/0为备份链路,ipv4的ACL名称为AclRIP,ipv6的ACL名称为AclRIPng。RT1的S1/0与RT2的S1/1之间采用chap双向认证,用户名为对端设备名称,密码为Key-1122
RT1
router rip 1
no auto-summary
Ver 2
!
router ripng 1
!
int s 1/0
Ip rip 1 ena
Ipv ena
Ipv rip 1 ena
Int s 1/1
Enc ppp 开了pp才能开ipv6功能
Ip rip 1 ena
Ipv ena
Ipv rip 1 ena
int l2
ip rip 1 ena
ipv rip 1 ena
Int g 0/2
Ip rip 1 ena
Ipv ena
Ipv rip 1 ena
ip prefix-list lo2 seq 5 per 10.1.5.2/32
route-map lo2
match ip ad pre lo2
!
router ripng 1
red static route-map lo2
RT2
Router rip 1
No auto
Ver 2
Router ripng 1
Int s 1/1
Ip rip 1 ena
Ipv ena
Ipv rip 1 ena
Int s 1/0
Enc ppp
Ip rip 1 ena
Ipv ena
Ipv rip 1 ena
Int l2
Ip rip 1 ena
Ipv rip 1 ena
FW1:
Ip vr tr
Router rip
Ver 2
Netw 10.1.255.17/30
Netw 10.1.7.2/32
Exit
Ipv6 Router rip
Ntw e0/2
Netw l2
RT1
Ip access sta AclRIP
Per any seq 10
Exit
Ipv access AclRIPNG
Per ipv6 any any seq 10
Exit
Router rip 1
Offset s1/1 in AclRIP 3
Offset s1/1 out AclRIP 3
exit
Router ripng 1
Offset s1/1 in AclRIPNG 3
Offset s1/1 out AclRIPNG 3
Exit
RT2
Ip access sta AclRIP
Per any seq 10
exit
Ipv access AclRIPNG
Per ipv6 any any seq 10
Exit
Router rip 1
Offset s1/0 in AclRIP 3
Offset s1/0 out AclRIP 3
exit
Router ripng 1
Offset s1/0 in AclRIPNG 3
Offset s1/0 out AclRIPNG 3
Exit
RT1
interface Serial1/0
ip address 10.1.255.33 255.255.255.252
encapsulation ppp
ppp authentication chap RT1
ppp chap hostname RT2
ppp chap password 0 Key-1122
physical-layer speed 64000
ipv6 enable
ip rip 1 enable
ipv6 rip 1 enable
!
aaa authentication ppp RT1 local-case
!
username RT1 password 0 Key-1122
RT2
interface Serial1/1
ip address 10.1.255.34 255.255.255.252
encapsulation ppp
ppp authentication chap RT2
ppp chap hostname RT1
ppp chap password 0 Key-1122
physical-layer speed 64000
ipv6 enable
ip rip 1 enable
ipv6 rip 1 enable
!
aaa authentication ppp RT2 local-case
!
username RT2 password 0 Key-1122
- RT1以太链路、RT2以太链路之间运行ISIS协议,进程1,分别实现loopback3 之间ipv4互通和ipv6互通。RT1、RT2的NET分别为10.0000.0000.0001.00、10.0000.0000.0002.00,路由器类型是Level-2,接口网络类型为点到点。配置域md5认证和接口md5认证,密码均为Key-1122。
RT1
router isis 1
is-type level-2
authentication mode md5
authentication key 0 Key-1122
net 10.0000.0000.0001.00
interface GigaEthernet0/0
ip address 10.1.255.29 255.255.255.252
ipv6 enable
ip router isis 1
Isis netword point-to-point
isis authentication mode md5
isis authentication key 0 Key-1122
ipv6 ospf 1 area 0
interface Loopback3
ip address 10.1.5.3 255.255.255.255
ipv6 address 2001:10:1:5::3/128
ip router isis 1
isis authentication mode md5
isis authentication key 0 Key-1122
RT2
router isis 1
is-type level-2
authentication mode md5
authentication key 0 Key-1122
net 10.0000.0000.0002.00
interface Loopback3
ip address 10.1.6.3 255.255.255.255
ipv6 address 2001:10:1:6::3/128
ip router isis 1
isis authentication mode md5
isis authentication key 0 Key-1122
interface GigaEthernet0/0
ip address 10.1.255.30 255.255.255.252
ipv6 enable
ip router isis 1
isis network point-to-point
isis authentication mode md5
isis authentication key 0 Key-1122
ipv6 ospf 1 area 0
8.RT2配置ipv4 nat,实现AC1 ipv4产品部门用RT2外网接口ipv4地址访问Internet。RT2配置nat64,实现AC1 ipv6产品部门用RT2外网接口ipv4地址访问Internet,ipv4地址转ipv6地址前缀为64:ff9b::/96。
Ipv4 nat:
ip access-list standard nat4
permit 10.17.110.0 255.255.255.0 sequence 10
!
ip nat inside source list nat4 interface GigaEthernet0/3
interface GigaEthernet0/3
ip nat outside
interface GigaEthernet0/1
ip nat inside
nat64:IPV6主动访问IPV4
ipv6 access-list nat64
permit ipv6 2001:10:17:110::/64 any sequence 10
!
ipv6 access-list v
permit ipv6 2001:10:17:110::/64 64:FF9B::/96 sequence 10
! 设置这个acl,必须要做
ipv6 nat v6v4 source list nat64 interface GigaEthernet0/3
ipv6 nat prefix 64:FF9B::/96 v4-mapped v \\设置nat转换前缀动态转换后面一定加上v4参数再加 v访问控制列表
interface GigaEthernet0/1
ipv6 nat
interface GigaEthernet0/3
ipv6 nat \\出接口和入接口都需要开启ipv6 nat
522
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
