關於IBM路由器動態IP地址的配置
IBM路由器在MRS 3.3版本之後提供了對於動態IP地址的支持。動態地址具有以下3個方面的作用,一起和小編來看看吧:
提供了路由器通過IPCP取得PPP端口IP地址的能力。
如果IPCP同時提供 DNS 的信息,DHCP客户端也可以得到這些信息。
動態更新IP 訪問控制,這樣定義的filter就可以用於NAT/NAPT。
動態IP的功能使 IBM 路由器具備連接ISP並從ISP取得IP地址的能力,而不必事先知道IP地址
動態IP地址的設置
我們下面將通過一個例子來説明動態IP地址的具體配置。在這個例子中我們將同時配置 isp端和客户端的路由器。動態 IP 將在客户端的路由器上配置,客户端路由器會從isp端的路由器取得公網的'IP地址。並且客户端路由器也激活了DHCP服務器和NAT功能。
ISP 端路由器的配置
設置系統名為isp。
添加Token ring 接口。
Config (only)>set hostname isp
Host name updated successfully
Config (only)>add device tr-2
Device Slot #(1-4) [1]?
Device Port #(1-2) [1]?
Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4
Use "net 4" to configure 2-port IBM Token Ring parameters
設置 WAN 口,使其支持遠程撥入。
在WAN口上添加diAL-in circuit。
Config (only)>set data v34 2
Config (only)>add device dial-in
Enter the number of PPP Dial-in Circuit interfaces [1]?
Adding device as interface 5
Defaulting data-link protocol to PPP
Base net for this circuit [0]? 2
Enable as a Multilink PPP link? [no]
Disabled as a Multilink PPP link.
Add more dial circuit interface(s)?(Yes or [No]):
Use "set data-link" command to change the data-link protocol
Use "net " command to configure dial circuit parameters
添加遠程撥入的ppp用户 ’aaa’。
onfig (only)>add ppp-user
Enter name: []? aaa
Password:
Enter again to verify:
Allow inbound access for user? (Yes, No): [Yes]
Will user be tunneled? (Yes, No): [No]
Is this a ’DIALs’ user? (Yes, No): [Yes]
Type of route? (hostroute, netroute): [hostroute]
Number of days before account expires [0-1000] [0]?
Number of grace logins allowed after an expiration [0-100] [0]?
IP address: []?
Enter hostname: []?
Allow virtual connections? (Yes, No): [No]
Give user default time allotted ? (Yes, No): [Yes]
Enable callback for user? (Yes, No): [No]
Will user be able to dial-out ? (Yes, No): [No]
Set ECP encryption key for this user? (Yes, No): [No]
Disable user ? (Yes, No): [No]
PPP user name: aaa
User IP address: Interface Default
Netroute Mask:
Hostname:
Virtual Conn: disabled
Time alotted: Box Default
Callback type: disabled
Dial-out: disabled
Status: enabled
Account Expiry:
Password Expiry:
Is information correct? (Yes, No, Quit): [Yes]
User ’aaa’ has been added
設置 IPCP 使撥入端口向遠端客户端發送IP 地址。
Config (only)>n 5
Circuit configuration
isp Dial-in Circuit config: 5>enc
Point-to-Point user configuration
isp PPP 5 Config>set ipcp
IP COMPRESSION [no]:
Request an IP address [no]:
Send our IP address [no]: y
Note: unnumbered interface addresses will not be sent.
Interface remote IP address to offer if requested ( for none)
[]?
isp PPP 5 Config>exit
isp Dial-in Circuit config: 5>exit
設置token ring 端口的IP地址
設置dial in circuit 端口的IP地址
Config (only)>p ip
Internet protocol user configuration
isp IP config>add add 4
isp IP config>add add 5
isp IP config>ena arp-subnet-routing
isp IP config>exit
設置發到客户端的DNS 的IP 地址。
Config (only)>fea dials
Dial-in Access to LANs global configuration
isp DIALs config>set enable dynamic
isp DIALs config>set dns primary
Primary Domain Name Server (DNS) address []?
isp DIALs config>exit
客户端路由器的配置:
設置系統名為client.
添加token ring 接口
設置WAN 口並連接V34 modem.
在WAN口上添加dial circuit
Config (only)>set host client
Config (only)>add device tr-2
Device Slot #(1-4) [1]?
Device Port #(1-2) [1]?
Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4
Use "net 4" to configure 2-port IBM Token Ring parameters
config (only)>set data v34
Interface Number [0]? 2
Config (only)>add device dial
Base net for the circuit(s) [0]? 2
Enter the number of PPP Dial Circuit interfaces [1]?
Adding device as interface 5
Defaulting data-link protocol to PPP
Add more dial circuit interface(s)?(Yes or [No]):
Use "set data-link" command to change the data-link protocol
在token ring 端口上添加 IP地址
在dial circuit 端口上添加 IP地址
添加通過 dial circuit 端口的缺省路由。
在dial circuit 端口上激活動態 IP
Config (only)>p ip
Internet protocol user configuration
client IP config>add add 4
client IP config>add add 5
client IP config>add router
Cost [1]?
client IP config>enable dynamic
Interface address []?
client IP config>exit
激活 DHCP 服務器功能
添加token ring 端口的IP子網掩碼。
添加源DNS 的IP 地址。
Config (only)>fea dhcp
DHCP Server user configuration
client DHCP Server config>enable dhcp-server
client DHCP Server config>add subnet subnet1
Enter the IP subnet []?
Enter the IP subnet mask []?
Enter start of IP address range []?
Enter end of IP address range []?
Enter the subnet group name []?
Subnet record with name subnet1 has been added
Simple Internet Access config updated with subnet addition.
client DHCP Server config>add option subnet subnet1 1
client DHCP Server config>add option subnet subnet1 3
client DHCP Server config>add option subnet subnet1 6
client DHCP Server config>list option subnet subnet1 all
option option
code data
---------------------------------------------------------------
1
3
6
client DHCP Server config>exit
添加遠端的 V34地址。
在dial circuit 端口上配置目的端信息
在 dial circuit 端口上配置出去的設置
設置為不檢查LID
Config (only)>add v34-add
Assign address name [1-23] chars []? remote
Assign network dial address [1-30 digits] []? 9,3013461
Config (only)>n 5
client Circuit config: 5>set destination remote
client Circuit config: 5>set call out
client Circuit config: 5>set lids no
client Circuit config: 5>list all
Base net = 2
Destination name = remote
Circuit priority = 8
Destination address:subaddress = 9,3013461
Outbound calls = allowed
Idle timer = 60 sec
SelfTest Delay Timer = 150 ms
LIDs used = No
設置 IPCP 以從遠端取得 IP 地址
設置用户名為 ’aaa’.
設置 MTU 的值
client Circuit config: 5>encapsulator
Point-to-Point user configuration
client PPP 5 Config>set ipcp
IP COMPRESSION [no]:
Request an IP address [no]: y
Interface remote IP address to offer if requested ( for none) []?
client PPP 5 Config>set nam
Enter Local Name: []? aaa
Password:
Enter password again:
PPP Local Name = aaa
client PPP 5 Config>set lcp option
Maximum Receive Unit (bytes) [2044]? 1500
Magic Number [yes]:
Peer-to-Local Async Control Character Map (RX ACCM) [A0000]?
Protocol Field Compression(PFC) [no]:
Addr/Cntl Field Compression(ACFC) [no]:
client PPP 5 Config>exit
client Circuit config: 5>exit
設置NAT:
保留所有的IP 流量。
Config (only)>feature nat
Network Address Translation (NAT) user configuration
client NAT config>reserve
Dynamically allocate address via IPCP? [No]: yes
Network number to get dynamic address. [0]? 5
Reserve Pool name..................... [simple-net]? clien-nat
Complete! NAT Reserve Pool defined.
NOTE: The associated TRANSLATE RANGE for this RESERVE POOL
must still be configured.
It must have a pool name of: client-nat
NOTE: You must have a corresponding INBOUND IP Access Control rule
applied to your designated NAT interface.
The rule should include the following information:
Type=IN (include + NAT)
DESTINATION_Addr=
DESTINATION_Mask=
將私有地址翻譯為公網地址
client NAT config>translate
Base (private) IP address to translate []?
Translate Range mask.................. []?
Associated Reserve Pool name.......... [client-nat]?
Complete! NAT Translate Range defined.
NOTE: The associated RESERVE POOL for this TRANSLATE RANGE has been found.
NOTE: You must have a corresponding OUTBOUND IP Access Control rule
applied to your designated NAT interface.
The rule should include the following information:
Type=IN (include + NAT)
SOURCE_Addr=
SOURCE_Mask=
NAT config>list all
NAT Globals:
Current State TCP Timeout Non-TCP Timeout
ENABLED 24:00:00 0:01:00
NAT Reserve Pool(s):
Index First Address Reserve Mask Size NAPT Address Pool Name
1 Dynamic 1 FromNet: 5 client-nat
NAT Translate Range(s):
Index Base Address Range Mask Associated Reserve Pool
1 client-nat
NAT Static Mapping(s):
Index Private Address//Port Public Address//Port
None.
NAT config>exit
IP filter 的設置:
激活訪問控制。
添加向內的包過濾
添加向外的包過濾
針對NAT 更新包過濾
重起客户端路由器。
Config (only)>p ip
Internet protocol user configuration
client IP config>set acc on
client IP config>add packet-filter
Packet-filter name []? inbound
Filter incoming or outgoing traffic? [IN]?
Which interface is this filter for [0]? 5
client IP config>add packet-filter
Packet-filter name []? outbound
Filter incoming or outgoing traffic? [IN]? out
Which interface is this filter for [0]? 5
client IP config>update packet
Packet-filter name []? inbound
client Packet-filter ’inbound’ Config>add access
Access Control type [E]? n
Internet source []?
Source mask []?
Internet destination []?
Destination mask []?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Use policy-based routing? [No]:
Enable logging? [No]:
client Packet-filter ’inbound’ Config>exit
client IP config>update packet
Packet-filter name []? outbound
client Packet-filter ’outbound’ Config>add access
Access Control type [E]? n
Internet source []?
Source mask []?
Internet destination []?
Destination mask []?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Enable logging? [No]:
client Packet-filter ’outbound’ Config>exit
client IP config>exit
Config (only)>restart y y
本實驗的監測
將工作站連接到客户端路由器上。V34 modem 會撥號連接ISP路由器。
配置Windows 95 工作站動態取得IP地址,重起。
鍵入C:>winipcfg 檢查獲得的IP地址是否正確。
檢查 NAT狀態。
client +fea nat
client NAT>list all
NAT Globals:
Current State TCP Timeout Non-TCP Timeout Memory Usage (in bytes)
ENABLED 24:00:00 0:01:00 312
NAT Statistics:
Requests : Passes Drops Holds
790 : 720 70 0
NAT Reserve Pool(s):
Reserve Pool Pool Size NAPT Address 1st Available Address
client-nat 0 None
------------------------------------------------------------
Number of Reserve Pools using NAPT.....: 1
Number of configured Reserved Addresses: 0
NAT Translate Range(s):
Base Address Range Mask Associated Reserve Pool
client-nat
NAT Address Binding(s):
Private Address//Port Public Address//Port Bind Type Entry Age
512 512 DYNAMIC 0:00:00
1073 1073 DYNAMIC 0:00:31
1074 1074 DYNAMIC 0:00:02
NAT TCP Session(s):
Private Address//Port Public Address//Port TCP State Data Delta Entry Age
client NAT>exit
檢查DHCP server 狀態。
Check t2 event log.
client +fea dhcp
client DHCP Server>request status
IP address:
Status: STOCKED
IP address:
Status: LEASED
Lease time: 86400 seconds
Start time: 18:30:36 May 30, 1999
Last time leased: 18:30:36 May 30, 1999
Client id: 6-0x40006666AAAA
IP address:
Status: STOCKED
client DHCP Server>exit
檢查 t2 的日誌。
client +event
Event Logging System user console
client ELS>nodips sub all all
client ELS>disp sub nat all
client ELS>
client *f 2
client *t 2
00:13:53 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT
00:13:53 NAT.003: -> - ICMP Type=8,Code=0
00:13:53 NAT.002: -> - Status=PASS
00:13:53 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN
00:13:53 NAT.003: -> - ICMP Type=0,Code=0
00:13:53 NAT.002: -> - Status=PASS
00:13:54 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT
00:13:54 NAT.003: -> - ICMP Type=8,Code=0
00:13:54 NAT.002: -> - Status=PASS
00:13:54 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN
00:13:54 NAT.003: -> - ICMP Type=0,Code=0
00:13:54 NAT.002: -> - Status=PASS
00:13:55 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT
00:13:55 NAT.003: -> - ICMP Type=8,Code=0
00:13:55 NAT.002: -> - Status=PASS
00:13:55 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN
-
IBM AIX 5.3 系統管理文件系統
IBM與中國的緣分源遠流長。早在1934年,IBM公司就為北京協和醫院安裝了第一台商用處理機。下面是小編整理的IBMAIX5.3系統管理文件系統,歡迎大家參考!一.文件系統類型在AIX5LVersion5.3中,支持下列類型的文件系統:1.1日誌文件系統之所以將這種類型文件系統稱為日誌...
-
IBM Bluemix 全球認證考試「常見問題」
IBMBluemix是新一代的雲計算應用平台。利用Bluemix”秒殺部署”,應用運維人員能快速又簡便地在雲端部署生產應用,無論是We網站、移動服務或其他應用;利用Bluemix“積木組合”,應用開發人員可以充分利用Bluemix平台提供的各種現成應用組件(開源社區、IBM及第三方提...
-
XML認證教程:SAX Parser
SAX是由XML-DEV郵件列表的成員開發的,Java版本由DavidMegginson維護。他們的目的是提供一種更自然的方法來使用XML,這種方法不會涉及到使用DOM的那種開銷。什麼是SAX讀取和操縱XML文件的標準方法是DOM(文檔對象模型)。遺憾的是,這種方法需要讀取整個文件並將它存...
-
基於Unix的Web服務器安全
在計算機網絡日益普及的今天,計算機安全不但要求防治計算機病毒,而且要提高系統抵抗黑客非法入侵的能力,還要提高對遠程數據傳輸的保密性,避免在傳輸途中遭受非法竊取。下面yjbys小編為大家準備了基於Unix的Web服務器安全的文章,歡迎閲讀。一.安全漏洞Web服務器上的...