close

Lab.jpg

說明:這是NA的LAB,與Coolking共同研究

條件:1.PC3(192.168.10.192)、PC0(192.168.10.210)這兩台不能對外連線
   2.除了Server與PC3、PC0,其餘皆由DHCP配送IP,並能連到WWW
   3.只有PC3(192.168.10.192)可以Telnet到 Ro_A
   4.連到WWW,要打tw.yahoo.com就可以連,不可打IP連網頁
   5.因模擬InterNet,故RO_ISP沒有設定路由,Ro_A、Ro_B需設定PAT
   6.Ro_A 與 Ro_B 建立GRE Tunnel,IP自行定義

 

Ro_A Show Run:

 

Building configuration...

Current configuration : 1173 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Ro_A
!

各介面設定
!
interface Tunnel10
 ip address 100.100.100.1 255.255.255.0
 tunnel source Serial0/0/0
 tunnel destination 10.0.1.2
!
!
interface FastEthernet0/0
 ip address 192.168.10.254 255.255.255.0
 ip helper-address 192.168.20.0
 ip access-group 100 in
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 10.0.0.2 255.255.255.0
 ip nat outside
!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!

PAT設定
ip nat inside source list 2 interface Serial0/0/0 overload
ip classless

 

路由設定
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.20.0 255.255.255.0 100.100.100.2
!
!

ACL設定
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 100 permit tcp host 192.168.10.192 any eq telnet
access-list 100 deny ip 192.168.10.192 0.0.0.18 any
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any

第一行:允許192可以Telnet到RO_A

第二行:不允許192、210對外

第三行:無法讓其它PC Telnet

第四行:全部流量都允許,ACL最後隱藏一條deny any any

ACL是看順序,所以判斷很重要!


!
end

 

Ro_B Show Run:

 

Building configuration...

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Ro_B

!

各介面之區域

interface Tunnel10

ip address 100.100.100.2 255.255.255.0

tunnel source Serial0/0/0

tunnel destination 10.0.0.2

!

interface FastEthernet0/0

ip address 192.168.20.254 255.255.255.0

ip helper-address 192.168.10.252

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.0.1.2 255.255.255.0

ip nat outside

!

PAT之區域

ip nat inside source list 2 interface Serial0/0/0 overload

ip classless

!

路由之區域

ip route 0.0.0.0 0.0.0.0 10.0.1.1

ip route 192.168.10.0 255.255.255.0 100.100.100.1

!

ACL之區域

access-list 2 permit 192.168.20.0 0.0.0.255

!

End

 

Ro_ISP Show Run:


Building configuration...

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Ro_ISP

!

各介面之區域

interface FastEthernet0/0

ip address 192.168.30.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.0.0.1 255.255.255.0

ip nat outside

clock rate 128000

!

interface Serial0/0/1

ip address 10.0.1.1 255.255.255.0

ip nat outside

clock rate 128000

!

End

 

arrow
arrow
    全站熱搜

    Maxcapie 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄