Mikrotik L2TP with IPsec for mobile clients

Standard

转自: http://www.firstdigest.com/2015/01/mikrotik-l2tp-with-ipsec-for-mobile-clients/

1.Add a new pool

GUI
IP > Pool
Name: L2TP-Pool
Adresses: 172.31.86.1-172.31.86.14
Next Pool: None
 
CLI
/ip pool add name="L2TP-Pool" ranges=172.31.86.1-172.31.86.14

L2TP Configuration

1. Configure L2TP Profile

GUI
PPP > Profiles
Name: l2tp-profile
Local Address: L2TP-Pool
Remote Address: L2TP-Pool
DNS Server: 8.8.8.8
Change TCP MSS: yes
Use Encryption: required
 
CLI
/ppp profile add name=l2tp-profile local-address=L2TP-Pool remote-address=L2TP-Pool use-encryption=required change-tcp-mss=yes dns-server=8.8.8.8

2. Add a L2TP-Server

GUI
PPP > Interface > L2TP Server
Enabled: Checked
Max MTU: 1460
Max MRU: 1460
Keepalive Timeout: 30
Default Profile: mschap2
Use IPsec: Checked
IPsec Secret: MYKEY
 
CLI
/interface l2tp-server server set authentication=mschap2 default-profile=l2tp-profile enabled=yes ipsec-secret=MYKEY max-mru=1460 max-mtu=1460 use-ipsec=yes

3. Add PPP Secrets

GUI
PPP > Secrets
Enabled: Checked
Name: MYUSER
Password: MYPASSWORD
Service: l2tp
Profile: l2tp-profile
 
CLI
/ppp secret add name=MYUSER password=MYPASSWORD service=l2tp profile=l2tp-profile

IPsec Configuration

1. IPsec Proposals

GUI
IPsec > Proposals
Enabled: Checked
Name: L2TP-Proposal
Auth. Algorithm: sha1
Encr. Algorithm: 3des, aes-256 cbc
PFS Group: none
 
CLI
/ip ipsec proposal add name=L2TP-Proposal auth-algorithms=sha1 enc-algorithms=3des,aes-256-cbc pfs-group=none

2. IPsec Peers

GUI
IPsec > Peers
Enabled: Checked
Address: 0.0.0.0
Auth. Method: pre shared key
Secret: MYKEY
Policy Template Group: default
Exchange Mode: main l2tp
Send Initial Contact: Checked
NAT Traversal: Checked
My ID: auto
Proposal check: obey
Hash Algorithm: sha1
Encryption Algorithm: 3des, aes-256
DH Group: modp1024
Generate policy: port override
 
CLI
/ip ipsec peer add address=0.0.0.0/0 port=500 auth-method=pre-shared-key secret="MYKEY" generate-policy=port-override exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=3des,aes-256 dh-group=modp1024

3. IPsec Policies

GUI
Enabled: Checked
Src. Address: ::/0
Dst. Address: ::/0
Protocol: 255(all)
Template: Checked
Group: default
Action: encrypt
Level: require
IPsec Protocols: esp
Tunnel: Not checked
SA Src. Address: 0.0.0.0
SA Dsr. Address: 0.0.0.0
Proposal: L2TP-Proposal
 
CLI
/ip ipsec policy add src-address=::/0 dst-address=::/0 protocol=all template=yes group=default action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=0.0.0.0 sa-dst-address=0.0.0.0 proposal=L2TP-Proposal

PS:
因为同事们在家里连国外的VPN不太稳,所以用它从园区分给公司的IP上绕一绕。
具体可见之前发的那贴: http://yemaosheng.com/?p=1587

Mikrotik as L2TP over IPsec client for Softether Server

Standard

I searched the google and youtube all day.
Now, it works.

Softether VPN Server IP: x.x.x.x
Mikrotik’s WAN IP: y.y.y.y

Create Ipsec proposal first:
IP->IPSec->Proposals

Then create ipsec peer:
IP->IPSec->Peers

And create ipsec policy:
IP->IPSec->Policies

Finally create L2TP Client:
Interfaces->Interface->Add L2TP Client

Other configuration options for Firewall and Routes:

用Packet Tracer模拟个网

Standard

隔段时间要拿出来用用,否则真的要忘记的…

路由器Firewall

Firewall#show running-config 
Building configuration...
 
Current configuration : 856 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Firewall
!
interface FastEthernet0/0
 ip address 192.10.10.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 202.1.1.1 255.255.255.0
 ip nat outside
!
router rip
 version 2
 network 192.10.10.0
 default-information originate
 no auto-summary
!
ip nat inside source list 1 interface Serial0/0 overload
ip nat inside source static tcp 192.10.1.3 80 202.1.1.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0 
!
access-list 1 permit 192.10.1.0 0.0.0.255
access-list 1 permit 192.10.2.0 0.0.0.255
access-list 1 permit 192.10.3.0 0.0.0.255
access-list 1 permit 192.10.4.0 0.0.0.255
access-list 1 permit 192.10.10.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

ISP

ISP#show running-config 
Building configuration...
 
Current configuration : 441 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
interface FastEthernet0/0
 ip address 202.1.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 202.1.1.2 255.255.255.0
 clock rate 64000
!
ip classless
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

中心交换CW

CW#show running-config 
Building configuration...
 
Current configuration : 1675 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CW
!
ip routing
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 no switchport
 ip address 192.10.10.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
.
.
.
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.10.0.2 255.255.255.0
!
interface Vlan2
 ip address 192.10.1.2 255.255.255.0
!
interface Vlan3
 ip address 192.10.2.2 255.255.255.0
!
interface Vlan4
 ip address 192.10.3.2 255.255.255.0
!
router rip
 version 2
 network 192.10.1.0
 network 192.10.2.0
 network 192.10.3.0
 network 192.10.4.0
 network 192.10.10.0
 no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

服务器汇聚SW

SW#show running-config 
Building configuration...
 
Current configuration : 1244 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode access
!
.
.
.

一楼

Floor1#sh running-config 
Building configuration...
 
Current configuration : 1206 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Floor1
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 3
 switchport mode access
!
.
.
.

源文件

Cisco案例小复习

Standard

照着他做的:http://ltyluck.blog.51cto.com/170459/209991

模拟一个小企业的实际情况,ISP分了几个IP给公司,想用一个给内部PC访问外网用,另外几个分配给内部的服务器用,这些内部的服务器要能被外网用户访问到。

ISP给他们分配了一个网段,公网IP地址如下:
218.2.135.1/29 – 218.2.135.6/29

想用218.2.135.1/29这个IP地址让内部的PC去访问外网,其它的几个IP地址都分配给内部的服务器使用,这三台内部的服务器需要提供给外网用户访问。
在这里PC1与PC2在VLAN 10里面,PC3和PC4在VLAN 20里面。

ISP(config)#username yemaosheng password test    //PC的上拨号使用此用户名密码 
ISP(config)#ip dhcp pool PSTN                             //拨号成功后ISP自动分配的IP地址就从名为PSTN的地址池中调用 
ISP(dhcp-config)#network 202.1.1.0 255.255.255.0  //给我们客户机分配的IP地址段 
ISP(dhcp-config)#default-router 202.1.1.1              //分配的默认网关 
ISP(dhcp-config)#dns-server 202.1.2.2                  //指定的DNS 
ISP(dhcp-config)#exit 
ISP(config)#ip dhcp excluded-address 202.1.1.1      //把网关IP地址排除掉
ISP(config)#int fa0/0              //连DNS服务器 
ISP(config-if)#ip add 202.1.2.1 255.255.255.0 
ISP(config-if)#no shut 
ISP(config-if)#exit 
ISP(config)#int fa0/1              //连WWW服务器 
ISP(config-if)#ip add 202.1.3.1 255.255.255.0 
ISP(config-if)#no shut 
ISP(config-if)#exit 
ISP(config)#int s0/0/0            //连公司的路由器 
ISP(config-if)#ip add 218.2.135.6 255.255.255.248 
ISP(config-if)#clock rate 64000 
ISP(config-if)#no shut 
ISP(config-if)#exit 
ISP(config)#

Enterprise(config)#int s0/0/0 
Enterprise(config-if)#ip add  218.2.135.1 255.255.255.248 
Enterprise(config-if)#no shut 
Enterprise(config-if)#int fa0/0 
Enterprise(config-if)#no shut 
Enterprise(config-if)#exit 
//以下这几行是做<a href='http://yemaosheng.com/?p=1314'>单臂路由</a> 
Enterprise(config)#int fa0/0.1 
Enterprise(config-subif)#encapsulation dot1Q 10 
Enterprise(config-subif)#ip add 192.168.1.1 255.255.255.0 
Enterprise(config-subif)#exit 
Enterprise(config)#int fa0/0.2 
Enterprise(config-subif)#encapsulation dot1Q 20 
Enterprise(config-subif)#ip add 192.168.2.1 255.255.255.0 
Enterprise(config-subif)#exit 
Enterprise(config)#int fa0/1 
Enterprise(config-if)#ip add 192.168.3.1 255.255.255.0 
Enterprise(config-if)#no shut 
Enterprise(config-if)#exit 
//以下是自动给两个VLAN分配不同IP地址的DHCP功能
Enterprise(config)#ip dhcp pool VLAN10 
Enterprise(dhcp-config)#network 192.168.1.0 255.255.255.0 
Enterprise(dhcp-config)#default-router 192.168.1.1 
Enterprise(dhcp-config)#dns-server 202.1.2.2 
Enterprise(dhcp-config)#exit 
Enterprise(config)#ip dhcp pool VLAN20 
Enterprise(dhcp-config)#network 192.168.2.0 255.255.255.0 
Enterprise(dhcp-config)#default-router 192.168.2.1 
Enterprise(dhcp-config)#dns-server 202.1.2.2 
Enterprise(dhcp-config)#exit 
Enterprise(config)#ip dhcp excluded-address 192.168.1.1 
Enterprise(config)#ip dhcp excluded-address 192.168.2.1 
//这下面是做PAT,以使内部PC可以正常访问我们的外网
Enterprise(config)#access-list 1 permit 192.168.1.0 0.0.0.255 
Enterprise(config)#access-list 1 permit 192.168.2.0 0.0.0.255 
Enterprise(config)#access-list 1 permit 192.168.3.0 0.0.0.255 //让内网的服务器也能访问外网
Enterprise(config)#ip nat inside source list 1 interface s0/0/0 overload 
Enterprise(config)#int s0/0/0 
Enterprise(config-if)#ip nat outside 
Enterprise(config-if)#exit 
Enterprise(config)#int fa0/0.1 
Enterprise(config-subif)#ip nat inside 
Enterprise(config-subif)#exit 
Enterprise(config)#int fa0/0.2 
Enterprise(config-subif)#ip nat inside 
Enterprise(config-subif)#exit 
//内网要想访问公网就必须使用一条默认路由出去,否则就只能访问到我们的ISP路由器那里
Enterprise(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0
Switch(config)#vlan 10           //创建VLAN10 
Switch(config-vlan)#exit 
Switch(config)#vlan 20           //创建VLAN20 
Switch(config-vlan)#exit 
Switch(config)#int range fa0/1 - 2     //将fa0/1与fa0/2两个端口加入到我们的VLAN10中 
Switch(config-if-range)#sw mo acc 
Switch(config-if-range)#sw acc vlan 10 
Switch(config-if-range)#exit 
Switch(config)#int range fa0/3 - 4    //将fa0/3与fa0/4两个端口加入到我们的VLAN20中       
Switch(config-if-range)#sw mo acc 
Switch(config-if-range)#sw acc vlan 20 
Switch(config-if-range)#exit 
Switch(config)#int fa0/24               //将fa0/24口接路由器这个端口配置成trunk端口 
Switch(config-if)#sw mo trunk 
Switch(config-if)#exit 
Switch(config)#
Enterprise(config)#ip nat inside source static 192.168.3.3 218.2.135.2   //给Server0指定公网IP地址218.2.135.2 
Enterprise(config)#ip nat inside source static 192.168.3.4 218.2.135.3   //给Server1指定公网IP地址218.2.135.3 
Enterprise(config)#ip nat inside source static 192.168.3.2 218.2.135.4   //给Server2指定公网IP地址218.2.135.4
Enterprise(config)#int fa0/1 
Enterprise(config-if)#ip nat inside

Cisco复习(帧中继)

Standard


帧中继

Router0>en
Router0#conf t
 
Router0(config)#int fa0/1
Router0(config-if)#ip add 172.16.1.1 255.255.255.0
Router0(config-if)#no shut
 
Router0(config-if)#int serial0/1/0
Router0(config-if)#encapsulation frame-relay //进行frame-relay封装
Router0(config-if)#no shut
 
Router0(config-if)#int serial0/1/0.1 point-to-point //子接口配置
Router0(config-subif)#ip address 192.168.3.2 255.255.255.0
Router0(config-subif)#description Link Router2 DLCI 41 //添加描述备注
Router0(config-subif)#frame-replay interface-dlci 20 //配置DLCI
 
Router0(config-subif)#int serial0/1/0.2 point-to-point
Router0(config-subif)#ip address 192.168.2.2 255.255.255.0
Router0(config-subif)#description Link Router1 DLCI 31
Router0(config-subif)#frame-replay interface-dlci 21
...
Router0(config)#router eigrp 100
Router0(config-router)#network 172.16.0.0
Router0(config-router)#network 192.168.3.0
Router0(config-router)#network 192.168.2.0
Router0(config-router)#end
//--------------------------
Router1>en
Router1#conf t
 
Router1(config)#int fa0/1
Router1(config-if)#ip add 172.17.1.1 255.255.255.0
Router1(config-if)#no shut
 
Router1(config-if)#int serial0/1/0
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#no shut
 
Router1(config-if)#int serial0/1/0.1 point-to-point
Router1(config-subif)#ip address 192.168.1.2 255.255.255.0
Router1(config-subif)#description Link Router2 DLCI 40
Router1(config-subif)#frame-replay interface-dlci 30
 
Router1(config-subif)#int serial0/1/0.2 point-to-point
Router1(config-subif)#ip address 192.168.2.1 255.255.255.0
Router1(config-subif)#description Link Router0 DLCI 21
Router1(config-subif)#frame-replay interface-dlci 31
...
Router1(config)#router eigrp 100
Router1(config-router)#network 172.17.0.0
Router1(config-router)#network 192.168.1.0
Router1(config-router)#network 192.168.2.0
Router1(config-router)#end
//--------------------------
Router2>en
Router2#conf t
 
Router2(config)#int fa0/1
Router2(config-if)#ip add 172.18.1.1 255.255.255.0
Router2(config-if)#no shut
 
Router2(config-if)#int serial0/1/0
Router2(config-if)#encapsulation frame-relay
Router2(config-if)#no shut
 
Router2(config-if)#int serial0/1/0.1 point-to-point
Router2(config-subif)#ip address 192.168.1.1 255.255.255.0
Router2(config-subif)#description Link Router1 DLCI 30
Router2(config-subif)#frame-replay interface-dlci 40
 
Router2(config-subif)#int serial0/1/0.2 point-to-point
Router2(config-subif)#ip address 192.168.3.1 255.255.255.0
Router2(config-subif)#description Link Router0 DLCI 20
Router2(config-subif)#frame-replay interface-dlci 41
Router2(config-subif)#end
...
Router2(config)#router eigrp 100
Router2(config-router)#network 172.18.0.0
Router2(config-router)#network 192.168.3.0
Router2(config-router)#network 192.168.1.0
Router2(config-router)#end

转载请注明出处:http://yemaosheng.com

Cisco复习(VOIP)

Standard


VOIP

CM#conf t
CM(config)#int fa 0/1
CM(config-if)#ip add 192.168.10.1 255.255.255.0
CM(config-if)#no shut
CM(config-if)#exit
CM(config)#ip dhcp pool voip
CM(dhcp-config)#network 192.168.10.0 255.255.255.0
CM(dhcp-config)#default-router 192.168.10.1
CM(dhcp-config)#option 150 ip 192.168.10.1
CM(dhcp-config)#exit
 
CM(config)#telephony-service
CM(config-telephony)#max-ephones 30 //定义最大电话数
CM(config-telephony)#max-dh 30 //定义最大目录号
CM(config-telephony)#ip source-address 192.168.10.1 port 2000 //IP电话充通信IP及端口
CM(config-telephony)#create cnf-files //建个xml文件记录每个电话的配置信息
CM(config)#ephone-dn 1 //设逻辑电话目录号
CM(config-ephone-dn)#number 1001 //电话号1001
CM(config)#ephone-dn 2 //设逻辑电话目录号
CM(config-ephone-dn)#number 1002 //电话号1001
CM(config)#ephone-dn 3 //设逻辑电话目录号
CM(config-ephone-dn)#number 1003 //电话号1001
CM(config)#ephone-dn 4 //设逻辑电话目录号
CM(config-ephone-dn)#number 1004 //电话号1001
CM(config)#ephone-dn 5 //设逻辑电话目录号
CM(config-ephone-dn)#number 1005 //电话号1001
CM(config)#ephone 1 //物理电话配置
CM(config-ephone)#mac-address 000D.BD7D.0C91
CM(config-ephone)#type CIPC //CIPC是软电话,7960是CISCO硬件电话,ata是模拟电话
CM(config-ephone)#button 1:1 //第一位数字你可以把它当vlan来理解,后面一个数字对应的是电话目录号
CM(config)#ephone 2
CM(config-ephone)#mac-address 0002.4A15.3CD7
CM(config-ephone)#type 7960
CM(config-ephone)#button 1:2
CM(config)#ephone 3
CM(config-ephone)#mac-address 000A.F34D.1A01
CM(config-ephone)#type ata
CM(config-ephone)#button 1:3
CM(config)#ephone 4
CM(config-ephone)#mac-address 00E0.A354.AA97
CM(config-ephone)#type CIPC
CM(config-ephone)#button 1:4
CM(config)#ephone 5
CM(config-ephone)#mac-address 0060.7035.0745
CM(config-ephone)#type CIPC
CM(config-ephone)#button 1:5
 
SW#conf t
SW(config)#int range fa 0/10-20
SW(config-if-range)#switchport mode access
SW(config-if-range)#switchport voice vlan 1
SW(config-if-range)#no shut
SW(config-if-range)#exit

转载请注明出处:http://yemaosheng.com

Cisco复习(VTP、单臂、EIGRP)

Standard


VTP

S_Core#vlan database
S_Core(vlan)#vtp domain S_Core
S_Core(vlan)#vtp server
 
S1#vlan database
S1(vlan)#vtp domain S_Core
S1(vlan)#vtp client
 
S2#vlan database
S2(vlan)#vtp domain S_Core
S2(vlan)#vtp client
 
S_Core(config)#int gigabitEthernet 0/1
S_Core(config-if)#switchport trunk encapsulation dot1q
S_Core(config-if)#switchport mode trunk
S_Core(config)#int gigabitEthernet 0/2
S_Core(config-if)#switchport trunk encapsulation dot1q
S_Core(config-if)#switchport mode trunk
 
S1(config)#int gigabitEthernet 1/1
S1(config-if)#switchport mode trunk
 
S2(config)#int gigabitEthernet 1/2
S2(config-if)#switchport mode trunk
 
S_Core(vlan)#vlan 10 name counter
S_Core(vlan)#vlan 11 name market
 
S1(config)#int fastethernet 0/1
S1(config-if)#switchport access vlan 10
S1(config)#int fastethernet 0/2
S1(config-if)#switchport access vlan 11
...
S2(config)#int fastethernet 0/1
S2(config-if)#switchport access vlan 10
S2(config)#int fastethernet 0/2
S2(config-if)#switchport access vlan 11


单臂路由

R1(config)#int f0/0
R1(config-if)#no shut
R1(config-if)#int f0/0.1
R1(config-if)#ip add 192.168.10.1 255.255.255.0
R1(config-if)#encapsulation dot1Q 10
R1(config-if)#no shut
R1(config-if)#int f0/0.2
R1(config-if)#ip add 192.168.20.1 255.255.255.0
R1(config-if)#encapsulation dot1Q 20
R1(config-if)#no shut
 
S1(config)#vlan database
S1(vlan)#vlan 10 name developer
S1(vlan)#vlan 20 name marketing
S1(vlan)#exit
S1(config)#int f0/1
S1(config-if)#switchport mode trunk
S1(config-if)#int f0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#int f0/3
S1(config-if)#switchport access vlan 20


EIGRP

R1(config)#router eigrp 100
R1(config-router)#network 192.168.1.0
R1(config-router)#network 192.168.10.0
R1(config-router)#network 192.168.20.0
 
R2(config)#router eigrp 100
R2(config-router)#network 192.168.1.0
R2(config-router)#network 192.168.2.0
 
R3(config)#router eigrp 100
R3(config-router)#network 192.168.2.0
R3(config-router)#network 10.1.1.0
 
R2#show ip router
R2#show ip eigrp neighbors


EIGRP非等价带宽负载均衡

R1(config)#int eth 1/0
R1(config-if)#ip add 172.16.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 100
R1(config-router)#network 172.16.1.0
 
R2(config)#int eth 1/0
R2(config-if)#ip add 172.16.1.2 255.255.255.0
R2(config-if)#exit
R2(config)#router eigrp 100
R2(config-router)#network 172.16.1.0
 
R1#show ip eigrp topology 
...
P 192.168.2.0/24, 2 successors, FD is 2195456
         via 172.16.1.2 (2195456/2169856), Ethernet1/0
         via 192.168.1.2 (2681856/2169856), Serial0/0
P 10.0.0.0/8, 2 successors, FD is 2198016
         via 172.16.1.2 (2198016/2172416), Ethernet1/0
         via 192.168.1.2 (2684416/2172416), Serial0/0
...
//此处看到eth1/0可行距离为2195456,要小于s0/0的数值。
//因为值越小越优先,路由会选取最小值,为了进行非等价负载,在eigrp协议中有variance这个参数。
//它的含义是把最优路径乘以此值,以让次优路径加入到路由选择表中。
//此处我们只要乘以2,那个s0/0的可行距离值就大于e1/0了。
R1#conf t
R1(config)#router eigrp 100
R1(config-router)#variance 2
R1(config-router)#end
 
R1#show ip route
D    10.0.0.0/8 [90/2198016] via 172.16.1.2, 00:02:59, Ethernet1/0
                [90/2684416] via 192.168.1.2, 00:02:59, Serial0/0
D    192.168.2.0/24 [90/2195456] via 172.16.1.2, 00:03:00, Ethernet1/0
                    [90/2681856] via 192.168.1.2, 00:02:59, Serial0/0
...
 
R2#conf t
R2(config)#router eigrp 100
R2(config-router)#variance 2
R2(config-router)#end

转载请注明出处:http://yemaosheng.com

Cisco复习(配置、CDP、静态、RIP、OSPF)

Standard

不用就忘,复习复习.
备份配置文件

Router>en
Router#int fa 0/0
Router#ip address 192.168.0.1 255.255.255.0
Router#no shut
Router#copy running-config tftp:
Address or name of remote host []? 192.168.0.2
Destination filename [Router-confg]? Router-config-bak-2011-7-20
 
Writing running-config...!!
[OK - 463 bytes]
 
463 bytes copied in 0.063 secs (7000 bytes/sec)
Router#

通过tftp加载配置文件

Router#copy tftp://192.168.0.2/Router-config-bak-2011-7-20 running-config
Accessing tftp://192.168.0.2/Router-config-bak-2011-7-20...
Loading Router-config-bak-2011-7-20 from 192.168.0.2: !
[OK - 463 bytes]
 
463 bytes copied in 0.031 secs (14935 bytes/sec)
Router#

Copy IOS到tftp

Router#copy flash: tftp:
Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin
Address or name of remote host []? 192.168.0.2
Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]? c2800nm-advipservicesk9-mz.124-15.T1_bak.bin
 
Writing c2800nm-advipservicesk9-mz.124-15.T1.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 50938004 bytes]
 
50938004 bytes copied in 27.891 secs (1826000 bytes/sec)

使用CDP获取相连设备信息

Router>en
Router#conf t
Router(config)#hostname Router0
Router0(config)#int fa 0/0
Router0(config-if)#ip address 192.168.1.1 255.255.255.0
Router0(config-if)#no shut
 
Router>en
Router#conf t
Router(config)#hostname Router1
Router1(config)#int fa 0/0
Router1(config-if)#ip address 192.168.1.2 255.255.255.0
Router1(config-if)#no shut
Router1(config)#int fa 0/1
Router1(config-if)#ip address 192.168.2.1 255.255.255.0
Router1(config-if)#no shut
Router1(config-if)#exit
Router1(config)#show cdp neighbors
Router1#no cdp run
Router1#cdp run
 
Switch>en
Switch#conf t
Switch(config)#hostname Switch0
Switch0(config)#int fa 0/1
Switch0(config-if)#cdp enable
Switch0(config-if)#no cdp enable
Switch0(config-if)#cdp enable

禁用域名解析

Router0>en
Router0#conf t
Router0(config)#no ip domain-lookup
Router0(config)#end
Router0#

静态路由

Router0#conf t
Router0(config)#ip route 192.168.4.0 255.255.255.0 192.168.2.2
 
Router1#conf t
Router1(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
Router1(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.2
 
Router2#conf t
Router2(config)#ip route 192.168.1.0 255.255.255.0 192.168.3.1
//PC0 ping 192.168.4.1 ok
//PC0 ping 192.168.3.1 unreachable
//PC1 ping 192.168.1.1 ok
//PC1 ping 192.168.2.1 unreachable
 
Router0(config)#ip route 192.168.3.0 255.255.255.0 192.168.2.2
//PC0 ping 192.168.3.1 ok
Router2(config)#ip route 192.168.2.0 255.255.255.0 192.168.3.2
//PC1 ping 192.168.2.1 ok

RIP

Router1#conf t
Router1(config)#int se 1/0
Router1(config-if)#ip address 192.168.1.1 255.255.255.0
Router1(config-if)#clock rate 64000
Router1(config)#int se 1/1
Router1(config-if)#ip address 10.3.1.1 255.255.255.0
Router1(config-if)#clock rate 64000
Router1#show interfaces serial 1/0
Serial1/1 is up, line protocol is up (connected)
...
Router1#show interfaces serial 1/1
Serial1/1 is up, line protocol is up (connected)
...
 
Router2#conf t
Router2(config)#int se 1/0
Router2(config-if)#ip address 192.168.1.2 255.255.255.0
Router2(config)#int fa 0/0
Router2(config-if)#ip address 192.168.3.1 255.255.255.0
 
Router3#conf t
Router3(config)#int se 1/1
Router3(config-if)#ip address 10.3.1.2 255.255.255.0
Router3(config)#int fa 0/0
Router3(config-if)#ip address 10.3.3.1 255.255.255.0
 
Router1(config)#router rip
Router1(config-router)#network 192.168.1.0
Router1(config-router)#network 10.3.1.0
 
Router2(config)#router rip
Router2(config-router)#network 192.168.1.0
Router2(config-router)#network 192.168.3.0
 
Router3(config)#router rip
Router3(config-router)#network 10.3.1.0
Router3(config-router)#network 10.3.3.0
 
Router1#debug ip rip
RIP protocol debugging is on
Router1#RIP: received v2 update from 10.3.1.2 on Serial1/1
      10.3.3.0/24 via 0.0.0.0 in 1 hops
      ...
 
Router1#show ip route
...
     10.0.0.0/24 is subnetted, 2 subnets
C       10.3.1.0 is directly connected, Serial1/1
R       10.3.3.0 [120/1] via 10.3.1.2, 00:00:08, Serial1/1
C    192.168.1.0/24 is directly connected, Serial1/0
R    192.168.3.0/24 [120/1] via 192.168.1.2, 00:00:15, Serial1/0
 
PC0>tracert 10.3.3.2
Tracing route to 10.3.3.2 over a maximum of 30 hops:
  1   62 ms     32 ms     31 ms     192.168.3.1
  2   62 ms     62 ms     63 ms     192.168.1.1
  3   78 ms     94 ms     94 ms     10.3.1.2
  4   *         125 ms    125 ms    10.3.3.2
Trace complete.

OSPF

采集站请慢,还没写完呢,有空再加…

转载请注明出处:http://yemaosheng.com

CCNA实验-OSPF

Standard

部门里要走专线去美国,当然这一切基本都由总公司的网管部门搞定.
听那边说路由协议用的是OSPF.
实际上在思科硬件这一块没怎么使用,一直想跟着管IDC机房的同学打打下手从头布一次,但也没这机会.
虽然之前也学过,但也多半是在模拟器里练习,隔一段时间就会忘.
这不,现在再把OSPF模拟一遍加深记忆.
没办法,这就和背英文单词一样,只有翻翻复复的一遍又一遍的来.

ps:
刚从驾校回了.快过年了人就少,哪都比较空,马陆的驾校练习场也清静了.今天练了足足一个上午,比较累了,就先做遍模拟练习贴上来,回头再整理下格式做些备注什么的.

RTA>en
RTA#conf t
RTA(config)#route ospf 1
RTA(config-router)#network 10.1.0.1 0.0.0.0 area 0
RTA(config-router)#network 172.16.2.1 0.0.0.0 area 0
RTA(config-router)#network 172.16.7.1 0.0.0.0 area 0
 
RTA(config-router)#exit
RTA(config)#exit
00:54:37: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on Serial0/0/0 from LOADING to FULL, Loading Done
01:19:23: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.3.1 on Serial0/0/1 from LOADING to FULL, Loading Done
02:05:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.7.2 on Serial0/1/0 from LOADING to FULL, Loading Done
RTA#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.3.1        1   FULL/-          00:00:32    172.16.2.2      Serial0/0/1
192.168.1.1       1   FULL/-          00:00:30    10.1.0.2        Serial0/0/0
172.16.7.2        1   FULL/-          00:00:31    172.16.7.2      Serial0/1/0
 
RTB>en
RTB#conf t
RTB(config)#route ospf 1
RTB(config-router)#network 10.1.0.2 0.0.0.0 area 0
00:54:37: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.7.1 on Serial0/0 from LOADING to FULL, Load
RTB(config-router)#network 10.2.0.1 0.0.0.0 area 0
RTB(config-router)#exit
RTB(config)#exit
RTB#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.7.1        1   FULL/-          00:00:31    10.1.0.1        Serial0/0
RTB#
01:15:26: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.4.1 on Serial0/1 from LOADING to FULL, Loading Done
 
RTC>en
RTC#conf t
RTC(config)#route ospf 1
RTC(config-router)#network 172.16.3.2 0.0.0.0 area 0
RTC(config-router)#network 10.2.0.2 0.0.0.0 area 0
01:15:26: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on Serial0/1 from LOADING to FULL, Loading Done
RTC(config-router)#exit
RTC(config)#exit
RTC#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.1.1       1   FULL/-          00:00:38    10.2.0.1        Serial0/1
RTC#
01:19:45: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.3.1 on Serial0/0 from EXCHANGE to FULL, Exchange Done
 
RTD>en
RTD#conf t
RTD(config)#route ospf 1
RTD(config-router)#network 172.16.2.2 0.0.0.0 area 0
RTD(config-router)#network 172.16.3.1 0.0.0.0 area 0
RTD(config-router)#exit
RTD(config)#exit
01:19:45: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.4.1 on Serial0/1 from EXCHANGE to FULL, Exchange Done
RTD#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.7.1        1   FULL/-          00:00:39    172.16.2.1      Serial0/0
172.16.4.1        1   FULL/-          00:00:32    172.16.3.2      Serial0/1
RTD#
 
RTE>en
RTE#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        172.16.6.1      YES manual up                    up
FastEthernet0/1        unassigned      YES manual administratively down down
Serial0/0              172.6.7.2       YES manual up                    up
Serial0/1              unassigned      YES manual administratively down down
Serial0/2              unassigned      YES manual administratively down down
Serial0/3              unassigned      YES manual administratively down down
FastEthernet1/0        unassigned      YES manual administratively down down
FastEthernet1/1        unassigned      YES manual administratively down down
RTE#conf t
RTE(config)#interface Serial 0/0
RTE(config-if)#ip address 172.16.7.2 255.255.255.0
RTE(config-if)#exit
RTE(config)#exit
RTE#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        172.16.6.1      YES manual up                    up
FastEthernet0/1        unassigned      YES manual administratively down down
Serial0/0              172.16.7.2      YES manual up                    up
Serial0/1              unassigned      YES manual administratively down down
Serial0/2              unassigned      YES manual administratively down down
Serial0/3              unassigned      YES manual administratively down down
FastEthernet1/0        unassigned      YES manual administratively down down
FastEthernet1/1        unassigned      YES manual administratively down down
RTE#conf t
RTE(config)#route ospf 1
RTE(config-router)#network 172.16.7.2 0.0.0.0 area 0
RTE(config-router)#
02:05:58: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.7.1 on Serial0/0 from LOADING to FULL, Loading Done
RTE#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.7.1        1   FULL/-          00:00:32    172.16.7.1      Serial0/0
RTE#