路由器交换与配置综合实验（三）内外网连通远程登录

最新推荐文章于 2024-04-09 08:49:45 发布

大面积秃头

最新推荐文章于 2024-04-09 08:49:45 发布

阅读量2k

点赞数

分类专栏：笔记计算机网络综合实验文章标签：网络 p2p 运维

本文链接：https://blog.csdn.net/wode39/article/details/122104402

版权

笔记同时被 2 个专栏收录

28 篇文章 0 订阅

订阅专栏

计算机网络综合实验

3 篇文章 0 订阅

订阅专栏

内外网连通

内网和外网不能使用路由连通，使用NAT

第一步配置ACL 第二步地址池第三步用在出接口上绑定

[RT1]acl basic 2000

[RT1-acl-ipv4-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[RT1-acl-ipv4-basic-2000]rule permit source 172.16.2.0 0.0.0.255
[RT1-acl-ipv4-basic-2000]quit

[RT1]nat address-group 1

[RT1-address-group-1]address 100.0.0.10 100.0.0.20
[RT1-address-group-1]quit

[RT1]inter mp1

[RT1-MP-group1]nat outbound 2000 address-group 1
[RT1-MP-group1]quit

此时，pc1不可以访问pc3原因：pc1的网关SW2缺了一条默认路由

[SW2]ip route-static 0.0.0.0 0  10.0.0.2
[SW2]dis ip r

Destinations : 21       Routes : 21

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/0          Static  60  0           10.0.0.2        Vlan30
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
10.0.0.0/30        Direct  0   0           10.0.0.1        Vlan30
10.0.0.0/32        Direct  0   0           10.0.0.1        Vlan30
10.0.0.1/32        Direct  0   0           127.0.0.1       InLoop0
10.0.0.3/32        Direct  0   0           10.0.0.1        Vlan30
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
172.16.1.0/24      Direct  0   0           172.16.1.254    Vlan10
172.16.1.0/32      Direct  0   0           172.16.1.254    Vlan10
172.16.1.254/32    Direct  0   0           127.0.0.1       InLoop0
172.16.1.255/32    Direct  0   0           172.16.1.254    Vlan10
172.16.2.0/24      Direct  0   0           172.16.2.254    Vlan20
172.16.2.0/32      Direct  0   0           172.16.2.254    Vlan20
172.16.2.254/32    Direct  0   0           127.0.0.1       InLoop0
172.16.2.255/32    Direct  0   0           172.16.2.254    Vlan20
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

此时pc1和pc3连通

[RT1]dis acl 2000
Basic IPv4 ACL 2000, 2 rules,
ACL's step is 5
 rule 0 permit source 172.16.1.0 0.0.0.255 (1 times matched)
 rule 5 permit source 172.16.2.0 0.0.0.255

配置远程登录

先开启服务器

配置虚拟用户，设置验证密码，用户角色

[RT2]telnet server enable //开启服务器
[RT2]line vty 0 4        //设置虚拟用户个数，一个则为0

[RT2-line-vty0-4]set authentication password simple 123   //设置用户登录密码

[RT2-line-vty0-4]user-role network-admin //设置用户角色，角色不一样权限不同
[RT2-line-vty0-4]quit

验证可否进行远程登录

可用三层交换机和路由器进行登录，但登录时需要指定客户端

[SW2]telnet client  source ip 172.16.1.254
[SW2]

<SW2>telnet 100.0.0.2
Trying 100.0.0.2 ...
Press CTRL+K to abort
Connected to 100.0.0.2 ...

******************************************************************************
* Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

Password:
<RT2>
<RT2>
<RT2>dis ip r

Destinations : 17       Routes : 17

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
100.0.0.0/24       Direct  0   0           100.0.0.2       MP1
100.0.0.0/32       Direct  0   0           100.0.0.2       MP1
100.0.0.1/32       Direct  0   0           100.0.0.1       MP1
100.0.0.2/32       Direct  0   0           127.0.0.1       InLoop0
100.0.0.255/32     Direct  0   0           100.0.0.2       MP1
100.0.1.0/24       Direct  0   0           100.0.1.254     GE0/0
100.0.1.0/32       Direct  0   0           100.0.1.254     GE0/0
100.0.1.254/32     Direct  0   0           127.0.0.1       InLoop0
100.0.1.255/32     Direct  0   0           100.0.1.254     GE0/0
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
<RT2>quit

通过配置ACL，设置主机PC1不能和PC2 Ping通，但可以和其他主机Ping 通；主机PC2所在的网络不能telnet PC3;

配置高级ACL，配置在SW2上

[SW2]acl ad
[SW2]acl advanced 3000

[SW2-acl-ipv4-adv-3000]rule deny icmp source 172.16.1.1 0 destination  172.16.2.
1 0
[SW2-acl-ipv4-adv-3000]quit
[SW2]inter vlan 30
[SW2-Vlan-interface30]inter vlan 10


[SW2-Vlan-interface10]packet-filter 3000 inbound
[SW2-Vlan-interface10]quit

pc1不能ping通pc2，SW2查看是否是ACL起作用

先验证是否能登录

<SW2>telnet 100.0.0.2
Trying 100.0.0.2 ...
Press CTRL+K to abort
Connected to 100.0.0.2 ...

******************************************************************************
* Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

Password:
<RT2>quit

[SW2]acl advanced 3001

[SW2-acl-ipv4-adv-3001]rule deny tcp source 172.16.2.0 0.0.0.255 destination 100
.0.0.2 0 destination-port eq 23

[SW2-acl-ipv4-adv-3001]rule deny tcp source 172.16.2.0 0.0.0.255 destination 100
.0.1.254 0 destination-port eq telnet
[SW2-acl-ipv4-adv-3001]quit

[SW2]inter vlan 30

[SW2-Vlan-interface30]packet-filter 3001 outbound
[SW2-Vlan-interface30]quit


<SW2>telnet 100.0.0.2
Trying 100.0.0.2 ...
Press CTRL+K to abort
Connected to 100.0.0.2 ...
Failed to connect to the remote host!