实验拓扑
RIP是最早的动态路由协议 ,是基于矢量算法的路由协议,基本不用了 。
两个版本 v1 v2
缺陷:
①谣传算法,路由不准确
②以跳数评估路由并非最优路径
③收敛3分钟,慢
实验要求
1、根据拓扑图中的IP地址对所有设备进行地址配置,使其能够实现全网通
2、在server上配置telnet服务。
3、通过使用ACL访问控制,实现192.168.1.0段 无法访问192.168.2.0服务,
PC1能够访问telnet服务,PC2无法访问telnet服务。PC3无法访问server1。
实验步骤
1、配置ip,起rip实现全网通
**IP PC1-3+server **
[H3C]sysn pc1
[pc1]ip rou 0.0.0.0 0 192.168.1.254
[pc1]int g0/0
[pc1-GigabitEthernet0/0]ip a 192.168.1.1 24
......
[sever]sysn server
[server]ip rou 0.0.0.0 0 192.168.3.254
[server]int g0/0
[server-GigabitEthernet0/0]ip a 192.168.3.1 24
**IP 交换机路由器 **
[H3C]sysn r1
[r1]int g0/0
[r1-GigabitEthernet0/0]ip a 192.168.1.254 24
[r1-GigabitEthernet0/0]int g0/1
[r1-GigabitEthernet0/1]ip a 192.168.10.1 24
[H3C]sysn r2
[r2]int g0/0
[r2-GigabitEthernet0/0]ip a 192.168.10.2 24
[r2-GigabitEthernet0/0]int g0/1
[r2-GigabitEthernet0/1]ip a 192.168.3.254 24
[r2-GigabitEthernet0/1]int g0/2
[r2-GigabitEthernet0/2]ip a 192.168.2.254 24
至此
相关设备rip
rip 1
[r1]dis thi
undo summary
version 2
network 192.168.1.0
network 192.168.10.0
[R2]dis cu
rip 1
undo summary
version 2
network 192.168.2.0
network 192.168.3.0
network 192.168.10.0
至此全网通
2、server上起Telnet
[server]telnet server en
[server]line vty 0 4
[server-line-vty0-4]authentication-mode none
验证 PC1 能访问 server的Telnet
[PC1]qu #退出到未登录状态
<PC1>telnet 192.168.3.1
Trying 192.168.3.1 ...
Press CTRL+K to abort
Connected to 192.168.3.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<server> # 登录成功
3、acl
1)1段 不能访问 1段 - 基本的acl就好了
注意:① 在宣告的时候 ,用反掩码
② 在端口上启用,用的是包过滤 packet-filte
[R2]acl b 2000
[R2-acl-ipv4-basic-2000]rul d s 192.168.1.0 0.0.0.255 # 记住 在宣告的时候叫 反掩码
[R2-acl-ipv4-basic-2000]int g0/2
[R2-GigabitEthernet0/2]packet-filter 2000 outbound # 记住 用的数据包过滤 ,而不是nat
注意:① 在宣告的时候 ,用反掩码
② 在端口上启用,用的是包过滤 packet-filter
2)pc2不能访问server的telnet - 高级的acl
注意:使用高级ACL实现PC2无法访问服务器的telnet服务,高级ACL不会造成误过滤,所以可以选择最近的路由器R1进行配置
[r1]acl a 3000
[r1-acl-ipv4-adv-3000]rule 5 deny tcp source 192.168.2.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 destination-port eq telnet
# 限制源地址至目的地址所需要访问的端口
[r1-acl-ipv4-adv-3000]int g0/0
[r1-GigabitEthernet0/0]packet-filter 3000 inbound # 在合适的方向上应用
验证
规则使用前,正常
<PC2>telne 192.168.3.1
Trying 192.168.3.1 ...
Press CTRL+K to abort
Connected to 192.168.3.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<server>
规则使用后 Telnet登录不上了,ping正常
<PC2>
<PC2>teln 192.168.3.1
Trying 192.168.3.1 ...
Press CTRL+K to abort
Connected to 192.168.3.1 ...
Failed to connect to the remote host!
<PC2>
<PC2>ping 192.168.3.1
Ping 192.168.3.1 (192.168.3.1): 56 data bytes, press CTRL+C to break
56 bytes from 192.168.3.1: icmp_seq=0 ttl=253 time=2.000 ms
56 bytes from 192.168.3.1: icmp_seq=1 ttl=253 time=2.000 ms
3) pc3不能访问server - 高级的acl
[R2]acl a 3000
[R2-acl-ipv4-adv-3000]ru d ip s 192.168.2.1 0 d 192.168.3.1 0
[R2-acl-ipv4-adv-3000]int g0/1
[R2-GigabitEthernet0/1]packet-filter 3000 outbound
验证
前
<PC3>ping 192.168.3.1
Ping 192.168.3.1 (192.168.3.1): 56 data bytes, press CTRL+C to break
56 bytes from 192.168.3.1: icmp_seq=0 ttl=254 time=0.000 ms
56 bytes from 192.168.3.1: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 192.168.3.1: icmp_seq=2 ttl=254 time=1.000 ms
<PC3>
<PC3>telnet 192.168.3.1
Trying 192.168.3.1 ...
Press CTRL+K to abort
Connected to 192.168.3.1 ...
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<server>
后
<PC3>telnet 192.168.3.1
Trying 192.168.3.1 ...
Press CTRL+K to abort
Connected to 192.168.3.1 ...
Failed to connect to the remote host!
<PC3>ping 192.168.3.1
Ping 192.168.3.1 (192.168.3.1): 56 data bytes, press CTRL+C to break
Request time out
Request time out
Request time out