Bài Lab OSPF ACL NAT
Đề bài
lab ospf acl nat
Cấu hình R4:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos
Router(config)#hostname R4
R4(config)#ena
R4(config)#enable pas
R4(config)#enable password cisco
R4(config)#li
R4(config)#line con
R4(config)#line console 0
R4(config-line)#pas
R4(config-line)#password cisco
R4(config-line)#exit
R4(config)#li
R4(config)#line vty
R4(config)#line vty 0 4
R4(config-line)#pas
R4(config-line)#password cisco
R4(config-line)#exit
R4(config)#int f0/1
R4(config-if)#no shut
R4(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R4(config-if)#ip add 200.200.200.4 255.255.255.0
R4(config-if)#exit
R4(config)#int f0/0
R4(config-if)#no sh
R4(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R4(config-if)#ip add 100.100.100.4 255.255.255.0
R4(config-if)#exit
R4(config)#wr
^
% Invalid input detected at ‘^’ marker.
R4(config)#do wr
Building configuration…
[OK]
R4(config)#
Cấu hình R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos n
Router(config)#host
Router(config)#hostname R1
R1(config)#en
R1(config)#ena
R1(config)#enable pas
R1(config)#enable password cisco
R1(config)#li
R1(config)#line conf
R1(config)#line con
R1(config)#line console 0
R1(config-line)#pas
R1(config-line)#password cisco
R1(config-line)#exit
R1(config)#lin
R1(config)#line vty 0 4
R1(config-line)#pas
R1(config-line)#password cisco
R1(config-line)#exit
R1(config)#int f0/1
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R1(config-if)#ip add 172.16.2.1 255.255.255.0
R1(config-if)#exit
R1(config)#int e
R1(config)#int ethernet 0/0/0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0/0, changed state to up
R1(config-if)#ip add
R1(config-if)#ip address 100.100.100.1 255.255.255.0
R1(config-if)#exit
R1(config)#int e0/1/0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1/0, changed state to up
R1(config-if)#
R1(config-if)#
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#router os
R1(config)#router ospf 1
R1(config-router)#net
R1(config-router)#network 192.168.1.0 0.0.0.255 a
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#net
R1(config-router)#network 172.16.1.0 0.0.0.255 a
R1(config-router)#network 172.16.1.0 0.0.0.255 area 0
R1(config-router)#net
R1(config-router)#network 172.16.2.0 0.0.0.255 a
R1(config-router)#network 172.16.2.0 0.0.0.255 area 0
R1(config-router)#de
R1(config-router)#default-information o
R1(config-router)#default-information originate
R1(config-router)#exit
R1(config)#ip rou
R1(config)#ip rout
R1(config)#ip route
R1(config)#ip route 0.0.0.0 0.0.0.0 e0/0/0
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ac
R1(config)#access-list 1 per
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255
R1(config)#access-list 1 permit 192.168.2.0 0.0.0.255
R1(config)#access-list 1 permit 192.168.3.0 0.0.0.255
R1(config)#access-list 1 permit 172.16.1.0 0.0.0.255
R1(config)#access-list 1 permit 172.16.2.0 0.0.0.255
R1(config)#access-list 1 permit 172.16.3.0 0.0.0.255
R1(config)#ip na
R1(config)#ip nat in
R1(config)#ip nat inside s
R1(config)#ip nat inside source li
R1(config)#ip nat inside source list 1 in
R1(config)#ip nat inside source list 1 interface e0/0/0 o
R1(config)#ip nat inside source list 1 interface e0/0/0 overload
R1(config)#exit
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#wr
Building configuration…
[OK]
R1#
Cấu hình R2
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos
Router(config)#hostname R2
R2(config)#ena
R2(config)#enable pas
R2(config)#enable password cisco
R2(config)#lin
R2(config)#line con
R2(config)#line console 0
R2(config-line)#pas
R2(config-line)#password cisco
R2(config-line)#exit
R2(config)#lin
R2(config)#line vty 0 4
R2(config-line)#pas
R2(config-line)#password cisco
R2(config-line)#exit
R2(config)#int f0/0
R2(config-if)#no sh
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#ip add 172.16.1.2 255.255.255.0
R2(config-if)#exit
R2(config)#int f0/1
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R2(config-if)#ip add 172.16.3.2 255.255.255.0
R2(config-if)#exit
R2(config)#int e0/0/0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0/0, changed state to up
R2(config-if)#ip add 192.168.2.2 255.255.255.0
R2(config-if)#exit
R2(config)#int e0/1/0
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1/0, changed state to up
R2(config-if)#ip add 192.168.4.2 255.255.255.0
R2(config-if)#exit
R2(config)#router o
R2(config)#router ospf 1
R2(config-router)#net
R2(config-router)#network 192.168.2.0 0.0.0.255
R2(config-router)#network 192.168.2.0 0.0.0.255 area 0
R2(config-router)#network 192.168.4.0 0.0.0.255 area 0
R2(config-router)#network 172.16.1.0 0.0.0.255 area 0
R2(config-router)#network 172.16..0 0.0.0.255 area 0
00:25:02: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on FastEthernet0/0 fnetwork 172.16.2.0 0.0.0.255 area 0
R2(config-router)#network 172.16.3.0 0.0.0.255 area 0
R2(config-router)#no network 172.16.2.0 0.0.0.255 area 0
R2(config-router)#
R2(config-router)#exit
R2(config)#exit
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#
R2#
R2#wr
Building configuration…
[OK]
R2#
Cấu hình R3:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hos
Router(config)#hostname R3
R3(config)#ena
R3(config)#enable pas
R3(config)#enable password cisco
R3(config)#lin
R3(config)#line con
R3(config)#line console 0
R3(config-line)#pas
R3(config-line)#password cisco
R3(config-line)#exit
R3(config)#li
R3(config)#line vt
R3(config)#line vty 0 4
R3(config-line)#pas
R3(config-line)#password cisco
R3(config-line)#exit
R3(config)#int f0/1
R3(config-if)#no shut
R3(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R3(config-if)#
R3(config-if)#ip add 172.16.2.3 255.255.255.0
R3(config-if)#exit
R3(config)#int f0/0
R3(config-if)#no shut
R3(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R3(config-if)#ip add 172.16.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#int e0/0/0
R3(config-if)#no shu
R3(config-if)#no shutdown
R3(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0/0, changed state to up
R3(config-if)#ip add 192.168.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#router os
R3(config)#router ospf 1
R3(config-router)#net
R3(config-router)#network 192.168.3.0 0.0.0.255 a
R3(config-router)#network 192.168.3.0 0.0.0.255 area 0
R3(config-router)#net
R3(config-router)#network 172.16.2.0 0.0.0.255 a
R3(config-router)#network 172.16.2.0 0.0.0.255 area 0
R3(config-router)#network 172.16.3.0 0.0.0.255 area 0
00:31:29: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done
R3(config-router)#
00:31:44: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R3(config-router)#do wr
Building configuration…
[OK]
R3(config-router)#exit
R3(config)#exit
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#show ip r
R3#show ip rou
R3#show ip route
Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
* – candidate default, U – per-user static route, o – ODR
P – periodic downloaded static route
Gateway of last resort is 172.16.2.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 3 subnets
O 172.16.1.0 [110/2] via 172.16.2.1, 00:00:31, FastEthernet0/1
[110/2] via 172.16.3.2, 00:00:31, FastEthernet0/0
C 172.16.2.0 is directly connected, FastEthernet0/1
C 172.16.3.0 is directly connected, FastEthernet0/0
O 192.168.1.0/24 [110/11] via 172.16.2.1, 00:00:41, FastEthernet0/1
O 192.168.2.0/24 [110/11] via 172.16.3.2, 00:00:31, FastEthernet0/0
C 192.168.3.0/24 is directly connected, Ethernet0/0/0
O 192.168.4.0/24 [110/11] via 172.16.3.2, 00:00:31, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 172.16.2.1, 00:00:41, FastEthernet0/1
R3#
Cấu hình NAT trên R1:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int e0/0/0
R1(config-if)#ip nat
R1(config-if)#ip nat i
R1(config-if)#ip nat ou
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#int f0/1
R1(config-if)#ip nat
R1(config-if)#ip nat in
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#ip na
R1(config-if)#ip nat i
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int e0/1/0
R1(config-if)#ip na
R1(config-if)#ip nat i
R1(config-if)#ip nat inside
R1(config-if)#do wr
Building configuration…
[OK]
R1(config-if)#
Cau hinh acl cam mang 192.168.2.0/24 sang mang 192.168.3.0/24
Dung acl tieu chuan
R3>
R3>en
Password:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ac
R3(config)#access-list 2 per
R3(config)#access-list 2 permit ho
R3(config)#access-list 2 permit host 192.168.2.15
R3(config)#acc
R3(config)#access-list 2 de
R3(config)#access-list 2 deny 192.168.2.0 0.0.0.255
R3(config)#int e0/0/0
R3(config-if)#ip ac
R3(config-if)#ip access-group 2 ou
R3(config-if)#ip access-group 2 out
R3(config-if)#
R3(config-if)#do wr
Building configuration…
[OK]
R3(config-if)#
Thu lai pc2 khong ping duoc pc3. Nhung pc5 ping duoc pc3
Cau hinh acl cam web
R2>
R2>en
Password:
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ac
R2(config)#access-list 100 per
R2(config)#access-list 100 permit tc
R2(config)#access-list 100 permit tcp hos
R2(config)#access-list 100 permit tcp host 192.168.2.12 hos
R2(config)#access-list 100 permit tcp host 192.168.2.12 host 200.200.200.6 e
R2(config)#access-list 100 permit tcp host 192.168.2.12 host 200.200.200.6 eq
R2(config)#access-list 100 permit tcp host 192.168.2.12 host 200.200.200.6 eq 80
R2(config)#ac
R2(config)#access-list 100 de
R2(config)#access-list 100 deny tc
R2(config)#access-list 100 deny tcp 192.168.2.0 0.0.0.255 hos
R2(config)#access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 200.200.200.6 eq
R2(config)#access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 200.200.200.6 eq 80
R2(config)#ac
R2(config)#access-list 100 per
R2(config)#access-list 100 permit ip an
R2(config)#access-list 100 permit ip any an
R2(config)#access-list 100 permit ip any any
R2(config)#access-list 100 permit tcp any any
R2(config)#access-list 100 permit udp any any
R2(config)#int e0/0/0
R2(config-if)#ip ac
R2(config-if)#ip access-group 100 in
R2(config-if)#ip access-group 100 in
R2(config-if)#do wr
Building configuration…
[OK]
R2(config-if)#
Thu lai pc2 van vao web, pc5 van ping web nhung khong vao duoc