网络工程师——组网技术(六)

路由技术IPV6实验

路由技术IPV6隧道实验,拓扑配置如下
GRE(通用路由协议封装)规定了用一种网络协议去封装另一种网络协议的方法。下面是IPV6-over-IPV4GRE隧道配置实验

第一步:配置个各设备IP:R1、R2、及各PC。

system-view
[Huawei]
sysname R1
[R1]
interface GigabitEthernet 1/0/0
[R1-GigabitEthernet1/0/0]
ip address 10.1.1.1 24
[R1-GigabitEthernet1/0/0]
quit
[R1]
ipv6                    //全局启用IPV6
[R1]
interface GigabitEthernet 2/0/0
[R1-GigabitEthernet2/0/0]
ipv6 enable     //接口启用IPV6
[R1-GigabitEthernet2/0/0]
ipv6 add fc01::1 64
[R1-GigabitEthernet2/0/0]
quit

system-view
[Huawei]
sysname R2
[R2]
interface GigabitEthernet 1/0/0
[R2-GigabitEthernet1/0/0]
ip add 10.1.2.2 24
[R2-GigabitEthernet1/0/0]
quit
[R2]
ipv6
[R2]
interface GigabitEthernet 2/0/0
[R2-GigabitEthernet2/0/0]
ipv6 enable
[R2-GigabitEthernet2/0/0]
ipv6 add fc03::1 64
[R2-GigabitEthernet2/0/0]
quit

第二部:配置R1、R2的IPV4静态路由。

[R1]ip route-static 10.1.2.2 255.255.255.0 10.1.1.2

[R2]ip route-static 10.1.1.1 255.255.255.0 10.1.2.1

第三步:配置R1、R2的Tunnel接口。

[R1]interface tunnel 0/0/1          //进入隧道口
[R1-Tunnel0/0/1]
tunnel-protocol gre     //隧道协议GRE
[R1-Tunnel0/0/1]
ipv6 enable
[R1-Tunnel0/0/1]
ipv6 address fc02::1 64
[R1-Tunnel0/0/1]
source 10.1.1.1       //源IP地址
[R1-Tunnel0/0/1]
destination 10.1.2.2     //目的IP地址
[R1-Tunnel0/0/1]
quit

[R2]interface tunnel 0/0/1
[R2-Tunnel0/0/1]
tunnel-protocol gre
[R2-Tunnel0/0/1]ip
v6 enable
[R2-Tunnel0/0/1]
ipv6 address fc02::2 64
[R2-Tunnel0/0/1]
source 10.1.2.2
[R2-Tunnel0/0/1]
description 10.1.1.1
[R2-Tunnel0/0/1]
quit

第四步:配置R1、R2的Tunnel静态路由。

[R1]ipv6 route-static fc03::1 64 tunnel 0/0/1

[R2]ipv6 route-static fc01::1 64 tunnel 0/0/1

第五步:验证检查配置结果

[R2]ping 10.1.1.1
[R2]ping ipv6 fc01::1

路由技术IPV6的ISATAP隧道实验如下。

第一步:配置路由器接口IP、双栈。

system-view
[Huawei]
sysname Router
[Router]
ipv6
[Router]
interface GigabitEthernet 1/0/0
[Router-GigabitEthernet1/0/0]
ipv6 enable
[Router-GigabitEthernet1/0/0]
ipv6 address 3001::1 64
[Router-GigabitEthernet1/0/0]
quit
[Router]
interface GigabitEthernet 2/0/0
[Router-GigabitEthernet2/0/0]
ip address 2.1.1.1 255.0.0.0
[Router-GigabitEthernet2/0/0]
quit
[Router]
interface tunnel 0/0/2
[Router-Tunnel0/0/2]
tunnel-protocol ipv6-ipv4 isatap //隧道协议ISATAP
[Router-Tunnel0/0/2]
ipv6 enable
[Router-Tunnel0/0/2]
ipv6 address 2001:: 64 eui-64
[Router-Tunnel0/0/2]
source GigabitEthernet 0/0/2
[Router-Tunnel0/0/2]
undo ipv6 nd ra halt //发送RA消息

第二部:配置ISATAP主机。

C:\>netsh interface ipv6 isatap set router 2.1.1.1
C:\>netsh interface ipv6 isatap set router 2.1.1.1 enabled

第三步:配置IPV6网络主机。

C:\>netsh interface ipv6 set route 2001::/64 3001::1

路由器技术IPSec实验

路由技术IPSec实验,拓扑配置如下。
某公司总部和分支机构构成,通过IPSec VPN实现网络安全,具体机构和配置如下。

第一步:配置R1、R2的接口IP和静态路由。

system-view
[Huawei]
sysname R1
[R1]
interface GigabitEthernet 1/0/0
[R1-GigabitEthernet1/0/0]
ip address 168.1.1.1 24
[R1-GigabitEthernet1/0/0]
quit
[R1]
interface GigabitEthernet 2/0/0
[R1-GigabitEthernet2/0/0]
ip address 172.22.1.100 24
[R1-GigabitEthernet2/0/0]
quit
[R1]
ip route-static 167.1.1.1 24 168.1.1.2
[R1]
ip route-static 172.22.2.0 24 168.1.1.2

system-view
[Huawei]
sysname R2
[R2]
interface GigabitEthernet 1/0/0
[R2-GigabitEthernet1/0/0]
ip address 167.1.1.1 24
[R2-GigabitEthernet1/0/0]
quit
[R2]
interface GigabitEthernet 2/0/0
[R2-GigabitEthernet2/0/0]
ip address 172.22.2.100 24
[R2-GigabitEthernet2/0/0]
quit
[R2]
ip route-static 168.1.1.0 24 167.1.1.2
[R2]
ip route-static 172.22.1.0 24 167.1.1.2

第二部:配置R1、R2的ACL保护数据流。

[R1]acl number 3101
[R1-acl-adv-3101]
rule permit ip source 172.22.1.0 0.0.0.255 destination172.22.2.

[R2]
acl number 3101
[R2-acl-adv-3101]
rule permit ip source 172.22.2.0 0.0.0.255 destination 172.22.1.0 0.0.0.255

第三步:配置R1、R2的IPSec安全协议。

[R1]ipsec proposal tran1 //创建IPSes安全提议
[R1-ipsec-proposal-tran1]
esp authentication-algorithm sha2-256
[R1-ipsec-proposal-tran1]e
sp encryption-algorithm aes-128

[R2]
ipsec proposal tran1 //ESP采用SHA认证 SEA加密
[R2-ipsec-proposal-tran1]
esp authentication-algorithm sha2-256
[R2-ipsec-proposal-tran1]
esp encryption-algorithm aes-128

第四步:配置R1、R2的IKE对等体。

[R1]ike peer spub
[R1-ike-peer-spub]undo version 2
[R1-ike-peer-spub]ike-proposal 5
[R1-ike-peer-spub]pre-shared-key cipher huawei
[R1-ike-peer-spub]remote-address 167.1.1.1


[R2]ike peer spub
[R2-ike-peer-spub]
undo version 2
[R2-ike-peer-spub]
ike-proposal 5
[R2-ike-peer-spub]
pre-shared-key cipher huawei
[R2-ike-peer-spub]
remote-address 192.168.1.1

第五步:配置R1、R2的安全策略组。

[R1]ipsec policy map1 10 isakmp
[R1-ipsec-policy-isakmp-map1-10]
ike-peer spub
[R1-ipsec-policy-isakmp-map1-10]
proposal tran1
[R1-ipsec-policy-isakmp-map1-10]
security acl 3101

[R2]
ipsec policy map1 10 isakmp
[R2-ipsec-policy-isakmp-map1-10]
ike-peer spub
[R2-ipsec-policy-isakmp-map1-10]
proposal tran1
[R2-ipsec-policy-isakmp-map1-10]
security acl 3101

第六步:安全策略组应用R1、R2的接口上。

[R1]interface GigabitEthernet 1/0/0
[R1-GigabitEthernet1/0/0]
ipsec policy map1

[R2]
interface GigabitEthernet 1/0/0
[R2-GigabitEthernet1/0/0]
ipsec policy map1

第七步:测试配置验证结果。

display ipsec statistics
display ike sa
display ipsec proposal

资源下载

VMware Workstation 建议通过官网进行下载 激活码百度即可
Workstation Pro for Windows

eNSP V100R003C00SPC200T
Windows Server 2008    
Reb Hat Enterprise 7.0

链接: https://pan.baidu.com/s/1oFOcKUl2bl-JHMoRa0_KLg
提取码:ECHO

文章作者: 鲸一
文章标题: 网络工程师——组网技术(六)
   PS: 网工系列文章整理自网络
文章链接: https://www.saroin.com/archives/1395.html
版权声明: 本博客所有文章除特别声明外,均采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。转载请注明来自 鲸一
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇