2016-12-12 00:00:00嘉辉 IBM认证
IBM路由器在MRS 3.3版本之后提供了对于动态IP地址的支持。动态地址具有以下3个方面的作用,一起和小编来看看吧:
提供了路由器通过IPCP取得PPP端口IP地址的能力。
如果IPCP同时提供 DNS 的信息,DHCP客户端也可以得到这些信息。
动态更新IP 访问控制,这样定义的filter就可以用于NAT/NAPT。
动态IP的功能使 IBM 路由器具备连接ISP并从ISP取得IP地址的能力,而不必事先知道IP地址
动态IP地址的设置
我们下面将通过一个例子来说明动态IP地址的具体配置。在这个例子中我们将同时配置 isp端和客户端的路由器。动态 IP 将在客户端的路由器上配置,客户端路由器会从isp端的路由器取得公网的IP地址。并且客户端路由器也激活了DHCP服务器和NAT功能。
ISP 端路由器的配置
设置系统名为isp。
添加Token ring 接口。
Config (only)>set hostname isp
Host name updated successfully
Config (only)>add device tr-2
Device Slot #(1-4) [1]?
Device Port #(1-2) [1]?
Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4
Use "net 4" to configure 2-port IBM Token Ring parameters
设置 WAN 口,使其支持远程拨入。
在WAN口上添加dial-in circuit。
Config (only)>set data v34 2
Config (only)>add device dial-in
Enter the number of PPP Dial-in Circuit interfaces [1]?
Adding device as interface 5
Defaulting data-link protocol to PPP
Base net for this circuit [0]? 2
Enable as a Multilink PPP link? [no]
Disabled as a Multilink PPP link.
Add more dial circuit interface(s)?(Yes or [No]):
Use "set data-link" command to change the data-link protocol
Use "net " command to configure dial circuit parameters
添加远程拨入的ppp用户 ’aaa’。
onfig (only)>add ppp-user
Enter name: []? aaa
Password:
Enter again to verify:
Allow inbound access for user? (Yes, No): [Yes]
Will user be tunneled? (Yes, No): [No]
Is this a ’DIALs’ user? (Yes, No): [Yes]
Type of route? (hostroute, netroute): [hostroute]
Number of days before account expires [0-1000] [0]?
Number of grace logins allowed after an expiration [0-100] [0]?
IP address: [0.0.0.0]?
Enter hostname: []?
Allow virtual connections? (Yes, No): [No]
Give user default time allotted ? (Yes, No): [Yes]
Enable callback for user? (Yes, No): [No]
Will user be able to dial-out ? (Yes, No): [No]
Set ECP encryption key for this user? (Yes, No): [No]
Disable user ? (Yes, No): [No]
PPP user name: aaa
User IP address: Interface Default
Netroute Mask: 255.255.255.255
Hostname:
Virtual Conn: disabled
Time alotted: Box Default
Callback type: disabled
Dial-out: disabled
Status: enabled
Account Expiry:
Password Expiry:
Is information correct? (Yes, No, Quit): [Yes]
User ’aaa’ has been added
设置 IPCP 使拨入端口向远端客户端发送IP 地址。
Config (only)>n 5
Circuit configuration
isp Dial-in Circuit config: 5>enc
Point-to-Point user configuration
isp PPP 5 Config>set ipcp
IP COMPRESSION [no]:
Request an IP address [no]:
Send our IP address [no]: y
Note: unnumbered interface addresses will not be sent.
Interface remote IP address to offer if requested (0.0.0.0 for none)
[0.0.0.0]? 9.1.1.1
isp PPP 5 Config>exit
isp Dial-in Circuit config: 5>exit
设置token ring 端口的IP地址
设置dial in circuit 端口的IP地址
Config (only)>p ip
Internet protocol user configuration
isp IP config>add add 4 192.1.1.254 255.255.255.0
isp IP config>add add 5 9.1.1.2 255.255.255.255
isp IP config>ena arp-subnet-routing
isp IP config>exit
设置发到客户端的DNS 的IP 地址。
Config (only)>fea dials
Dial-in Access to LANs global configuration
isp DIALs config>set enable dynamic
isp DIALs config>set dns primary
Primary Domain Name Server (DNS) address [0.0.0.0]? 192.1.1.240
isp DIALs config>exit
客户端路由器的配置:
设置系统名为client.
添加token ring 接口
设置WAN 口并连接V34 modem.
在WAN口上添加dial circuit
Config (only)>set host client
Config (only)>add device tr-2
Device Slot #(1-4) [1]?
Device Port #(1-2) [1]?
Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4
Use "net 4" to configure 2-port IBM Token Ring parameters
config (only)>set data v34
Interface Number [0]? 2
Config (only)>add device dial
Base net for the circuit(s) [0]? 2
Enter the number of PPP Dial Circuit interfaces [1]?
Adding device as interface 5
Defaulting data-link protocol to PPP
Add more dial circuit interface(s)?(Yes or [No]):
Use "set data-link" command to change the data-link protocol
在token ring 端口上添加 IP地址
在dial circuit 端口上添加 IP地址
添加通过 dial circuit 端口的缺省路由。
在dial circuit 端口上激活动态 IP
Config (only)>p ip
Internet protocol user configuration
client IP config>add add 4 192.168.89.254 255.255.255.0
client IP config>add add 5 0.0.0.5 255.255.255.255
client IP config>add router 0.0.0.0 0.0.0.0 0.0.0.5
Cost [1]?
client IP config>enable dynamic
Interface address []? 0.0.0.5
client IP config>exit
激活 DHCP 服务器功能
添加token ring 端口的IP子网掩码。
添加源DNS 的IP 地址。
Config (only)>fea dhcp
DHCP Server user configuration
client DHCP Server config>enable dhcp-server
client DHCP Server config>add subnet subnet1
Enter the IP subnet []? 192.168.89.0
Enter the IP subnet mask [255.255.255.0]?
Enter start of IP address range [192.168.89.1]?
Enter end of IP address range [192.168.89.31]?
Enter the subnet group name []?
Subnet record with name subnet1 has been added
Simple Internet Access config updated with subnet addition.
client DHCP Server config>add option subnet subnet1 1 255.255.255.0
client DHCP Server config>add option subnet subnet1 3 192.168.89.254
client DHCP Server config>add option subnet subnet1 6 0.0.0.5
client DHCP Server config>list option subnet subnet1 all
option option
code data
---------------------------------------------------------------
1 255.255.255.0
3 192.168.89.254
6 0.0.0.5
client DHCP Server config>exit
添加远端的 V34地址。
在dial circuit 端口上配置目的端信息
在 dial circuit 端口上配置出去的设置
设置为不检查LID
Config (only)>add v34-add
Assign address name [1-23] chars []? remote
Assign network dial address [1-30 digits] []? 9,3013461
Config (only)>n 5
client Circuit config: 5>set destination remote
client Circuit config: 5>set call out
client Circuit config: 5>set lids no
client Circuit config: 5>list all
Base net = 2
Destination name = remote
Circuit priority = 8
Destination address:subaddress = 9,3013461
Outbound calls = allowed
Idle timer = 60 sec
SelfTest Delay Timer = 150 ms
LIDs used = No
设置 IPCP 以从远端取得 IP 地址
设置用户名为 ’aaa’.
设置 MTU 的值
client Circuit config: 5>encapsulator
Point-to-Point user configuration
client PPP 5 Config>set ipcp
IP COMPRESSION [no]:
Request an IP address [no]: y
Interface remote IP address to offer if requested (0.0.0.0 for none) [0.0.0.0]?
client PPP 5 Config>set nam
Enter Local Name: []? aaa
Password:
Enter password again:
PPP Local Name = aaa
client PPP 5 Config>set lcp option
Maximum Receive Unit (bytes) [2044]? 1500
Magic Number [yes]:
Peer-to-Local Async Control Character Map (RX ACCM) [A0000]?
Protocol Field Compression(PFC) [no]:
Addr/Cntl Field Compression(ACFC) [no]:
client PPP 5 Config>exit
client Circuit config: 5>exit
设置NAT:
保留所有的IP 流量。
Config (only)>feature nat
Network Address Translation (NAT) user configuration
client NAT config>reserve
Dynamically allocate address via IPCP? [No]: yes
Network number to get dynamic address. [0]? 5
Reserve Pool name..................... [simple-net]? clien-nat
Complete! NAT Reserve Pool defined.
NOTE: The associated TRANSLATE RANGE for this RESERVE POOL
must still be configured.
It must have a pool name of: client-nat
NOTE: You must have a corresponding INBOUND IP Access Control rule
applied to your designated NAT interface.
The rule should include the following information:
Type=IN (include + NAT)
DESTINATION_Addr=0.0.0.0
DESTINATION_Mask=0.0.0.0
将私有地址翻译为公网地址
client NAT config>translate
Base (private) IP address to translate [0.0.0.0]? 192.168.89.0
Translate Range mask.................. [255.255.255.0]?
Associated Reserve Pool name.......... [client-nat]?
Complete! NAT Translate Range defined.
NOTE: The associated RESERVE POOL for this TRANSLATE RANGE has been found.
NOTE: You must have a corresponding OUTBOUND IP Access Control rule
applied to your designated NAT interface.
The rule should include the following information:
Type=IN (include + NAT)
SOURCE_Addr=192.168.89.0
SOURCE_Mask=255.255.255.0
NAT config>list all
NAT Globals:
Current State TCP Timeout Non-TCP Timeout
ENABLED 24:00:00 0:01:00
NAT Reserve Pool(s):
Index First Address Reserve Mask Size NAPT Address Pool Name
1 Dynamic 255.255.255.255 1 FromNet: 5 client-nat
NAT Translate Range(s):
Index Base Address Range Mask Associated Reserve Pool
1 192.168.89.0 255.255.255.0 client-nat
NAT Static Mapping(s):
Index Private Address//Port Public Address//Port
None.
NAT config>exit
IP filter 的设置:
激活访问控制。
添加向内的包过滤
添加向外的包过滤
针对NAT 更新包过滤
重起客户端路由器。
Config (only)>p ip
Internet protocol user configuration
client IP config>set acc on
client IP config>add packet-filter
Packet-filter name []? inbound
Filter incoming or outgoing traffic? [IN]?
Which interface is this filter for [0]? 5
client IP config>add packet-filter
Packet-filter name []? outbound
Filter incoming or outgoing traffic? [IN]? out
Which interface is this filter for [0]? 5
client IP config>update packet
Packet-filter name []? inbound
client Packet-filter ’inbound’ Config>add access
Access Control type [E]? n
Internet source [0.0.0.0]?
Source mask [0.0.0.0]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Use policy-based routing? [No]:
Enable logging? [No]:
client Packet-filter ’inbound’ Config>exit
client IP config>update packet
Packet-filter name []? outbound
client Packet-filter ’outbound’ Config>add access
Access Control type [E]? n
Internet source [0.0.0.0]? 192.168.89.0
Source mask [255.255.255.0]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Enable logging? [No]:
client Packet-filter ’outbound’ Config>exit
client IP config>exit
Config (only)>restart y y
本实验的监测
将工作站连接到客户端路由器上。V34 modem 会拨号连接ISP路由器。
配置Windows 95 工作站动态取得IP地址,重起。
键入C:>winipcfg 检查获得的IP地址是否正确。
检查 NAT状态。
client +fea nat
client NAT>list all
NAT Globals:
Current State TCP Timeout Non-TCP Timeout Memory Usage (in bytes)
ENABLED 24:00:00 0:01:00 312
NAT Statistics:
Requests : Passes Drops Holds
790 : 720 70 0
NAT Reserve Pool(s):
Reserve Pool Pool Size NAPT Address 1st Available Address
client-nat 0 9.1.1.1 None
------------------------------------------------------------
Number of Reserve Pools using NAPT.....: 1
Number of configured Reserved Addresses: 0
NAT Translate Range(s):
Base Address Range Mask Associated Reserve Pool
192.168.89.0 255.255.255.0 client-nat
NAT Address Binding(s):
Private Address//Port Public Address//Port Bind Type Entry Age
192.168.89.2 512 9.1.1.1 512 DYNAMIC 0:00:00
192.168.89.3 1073 9.1.1.1 1073 DYNAMIC 0:00:31
192.168.89.3 1074 9.1.1.1 1074 DYNAMIC 0:00:02
NAT TCP Session(s):
Private Address//Port Public Address//Port TCP State Data Delta Entry Age
client NAT>exit
检查DHCP server 状态。
Check t2 event log.
client +fea dhcp
client DHCP Server>request status
IP address: 192.168.89.1
Status: STOCKED
IP address: 192.168.89.2
Status: LEASED
Lease time: 86400 seconds
Start time: 18:30:36 May 30, 1999
Last time leased: 18:30:36 May 30, 1999
Client id: 6-0x40006666AAAA
IP address: 192.168.89.3
Status: STOCKED
client DHCP Server>exit
检查 t2 的日志。
client +event
Event Logging System user console
client ELS>nodips sub all all
client ELS>disp sub nat all
client ELS>
client *f 2
client *t 2
00:13:53 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT
00:13:53 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0
00:13:53 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS
00:13:53 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN
00:13:53 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0
00:13:53 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS
00:13:54 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT
00:13:54 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0
00:13:54 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS
00:13:54 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN
00:13:54 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0
00:13:54 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS
00:13:55 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT
00:13:55 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0
00:13:55 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS
00:13:55 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN
873
人