Upload
jody-perkins
View
400
Download
11
Embed Size (px)
Citation preview
DHCP服务配置 # ip dhcp pool global(配置一个根地址池, global是地址池的名称,你可以采用有意义的字符串来表示)
#network 192.168.0.0 255.255.0.0(动态分配的地址段)
#domain-name ghq.com(为客户机配置域后缀) #dns-server 192.168.1.1(为客户机配置 DNS服务器) #netbios-name-server 192.168.1.1(为客户机配置 wins #netbios-node-type h-node(为客户机配置 h节点模式)
#lease 30 (地址租用期为 30天)
#next-server 192.168.1.248 (配置 PXE引导 TFTP服务位置)
DHCP排除地址 IP地址 192.168.1.1至 192.168.1.5不能用于动态分配 ip dhcp excluded-address 192.168.1.1 192.16
8.1.5取消地址冲突记录日志
no ip dhcp conflict logging
网络地址转换
网络地址转换 NAT
Inside addressing
Outside addressing
Interface Configuration
ip nat { inside | outside }
标记接口是内部还是外部
Defining a pool
ip nat pool <name> <start-ip> <end-ip> { netmask <netmask> | prefix-length <prefix-length> } [ type { rotary } ]
定一个地址池
Defining ACLs
access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255
Enabling translation of inside source addresses ip nat inside source list <acl> pool <name>
[overload]
ip nat inside source static <local-ip><global-ip>
Enabling translation of inside destination addresses ip nat inside destination list <acl> pool <na
me>
ip nat inside destination static <global-ip> <local-ip>
Enabling translation of outside source addresses ip nat outside source list <acl> pool <nam
e>
ip nat outside source static <global-ip> <local-ip> }
Configuring translation timeouts
ip nat translation timeout <seconds>
ip nat translation udp-timeout <seconds> ip nat translation dns-timeout <seconds> ip nat translation tcp-timeout <seconds> ip nat translation finrst-timeout <seconds>
CONFIGURATION EXAMPLES
translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 nets to the globally-unique 171.69.233.208/28 network.
内部 192.168.1.0或者 192.168.2.0外部 171.69.233.208/28
CONFIGURATION EXAMPLES ip nat pool net-20 171.69.233.208 171.69.233.223 netmask 255.255.255.
240 ip nat inside source list 1 pool net-20 ! interface Ethernet0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet1 ip address 192.168.1.94 255.255.255.0 ip nat inside ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255
CONFIGURATION EXAMPLES
translates between inside hosts addressed from the 9.114.11.0 net to the globally unique 171.69.233.208/28 network.
Packets from outside hosts addressed from 9.114.11.0 net (the "true" 9.114.11.0 net) are translated to appear to be from net 10.0.1.0/24.
CONFIGURATION EXAMPLES ip nat pool net-20 171.69.233.208 171.69.233.223 netmask <netmask> 255.2
55.255.240 ip nat pool net-10 10.0.1.0 10.0.1.255 netmask <netmask> 255.255.255.0 ip nat inside source list 1 pool net-20 ip nat outside source list 1 pool net-10 ! interface Ethernet0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet1 ip address 9.114.11.39 255.255.255.0 ip nat inside ! access-list 1 permit 9.114.11.0 0.0.0.255
More flexible pool configuration
ip nat pool <name> { netmask <mask> | prefix-length <length> } [ type { rotary } ]
Router(config)#ip nat pool fred prefix-length 24 Router(config-ipnat-pool)#address 171.69.233.
225 171.69.233.226 Router(config-ipnat-pool)#address 171.69.233.
228 171.69.233.238
Translating to interface's address ip nat inside source list <number> interfac
e <interface> overload
ip nat inside source list 1 interface Serial0 overload
Static translations with ports
ip nat inside source static { tcp | udp } <localaddr> <localport> <globaladdr> <globalport>
ip nat inside source static tcp 192.168.10.1 25 171.69.232.209 25
SSH
配置 hostname和 ip domain-name Router#configure terminal Router(config)#hostname HOSTNAMEHOSTNA(config)#ip domain-name ie.cnu.edu.
cn
SSH
配置登录用户名和密码(以本地认证为例) (config)#username test password 0 test
配置 SSH服务 crypto key generate rsa hoose the size of the key modulus in the range of 360 to 20
48 for your General Purpose Keys. Choosing a key modulus greater t
han 512 may take a few minutes. How many bits in the modulus [512]: Generating 512 bit RSA keys ...[OK]
SSH
c2621XM-B#sh ip ssh SSH Enabled - version 1.5 Authentication timeout: 120 secs; Authenti
cation retries: 3
停止 SSH服务 crypto key zeroize rsa
SSH
设置 SSH参数 ip ssh {[time-out seconds]} | [authentication-re
tries interger]}