人生只有一次,我认为最重要的就是要有最大的影响力,能够帮助自己、帮助家庭、帮助国家、帮助世界、帮助后人,能够让他们的日子过得更有效率,能够为他们带来幸福和快乐。

【分享】关于Cisco 的一些资料~~CCNA/CCNP/CCDA/CCIE的也看下

上一篇 / 下一篇  2007-01-25 18:46:02 / 精华(1) / 置顶(1) / 个人分类:电脑技巧

查看( 281 ) / 评论( 17 )
  Cisco访问列表大解密   

CISCO路由器中的access-list(访问列表)最基本的有两种,分别是标准访问列表和扩展访问列表,二者的区别主要是前者是基于目标地址的数据包过滤,而后者是基于目标地址、源地址和网络协议及其端口的数据包过滤。

(1)标准型IP访问列表的格式
  
  ---- 标准型IP访问列表的格式如下:
  
  ---- access-list[list number][permit|deny][source address]
  ---- [address][wildcard mask][log]
  
  ---- 下面解释一下标准型IP访问列表的关键字和参数。首先,在access和list这2个关键字之间必须有一个连字符"-";其次,list number的范围在0~99之间,这表明该access-list语句是一个普通的标准型IP访问列表语句。因为对于Cisco IOS,在0~99之间的数字指示出该访问列表和IP协议有关,所以list number参数具有双重功能: (1)定义访问列表的操作协议; (2)通知IOS在处理access-list语句时,把相同的list number参数作为同一实体对待。正如本文在后面所讨论的,扩展型IP访问列表也是通过list number(范围是100~199之间的数字)而表现其特点的。因此,当运用访问列表时,还需要补充如下重要的规则: 在需要创建访问列表的时候,需要选择适当的list number参数。
  
  ---- (2)允许/拒绝数据包通过
  
  ---- 在标准型IP访问列表中,使用permit语句可以使得和访问列表项目匹配的数据包通过接口,而deny语句可以在接口过滤掉和访问列表项目匹配的数据包。source address代表主机的IP地址,利用不同掩码的组合可以指定主机。
  
  ---- 为了更好地了解IP地址和通配符掩码的作用,这里举一个例子。假设您的公司有一个分支机构,其IP地址为C类的192.46.28.0。在您的公司,每个分支机构都需要通过总部的路由器访问Internet。要实现这点,您就可以使用一个通配符掩码 0.0.0.255。因为C类IP地址的最后一组数字代表主机,把它们都置1即允许总部访问网络上的每一台主机。因此,您的标准型IP访问列表中的access-list语句如下:
  
  ---- access-list 1 permit 192.46.28.0 0.0.0.255
  
  ---- 注意,通配符掩码是子网掩码的补充。因此,如果您是网络高手,您可以先确定子网掩码,然后把它转换成可应用的通配符掩码。这里,又可以补充一条访问列表的规则5。
  
  ---- (3)指定地址
  
  ---- 如果您想要指定一个特定的主机,可以增加一个通配符掩码0.0.0.0。例如,为了让来自IP地址为192.46.27.7的数据包通过,可以使用下列语句:
  
  ---- Access-list 1 permit 192.46.27.7 0.0.0.0
  
  ---- 在Cisco的访问列表中,用户除了使用上述的通配符掩码0.0.0.0来指定特定的主机外,还可以使用"host"这一关键字。例如,为了让来自IP地址为192.46.27.7的数据包通过,您可以使用下列语句:
  
  ---- Access-list 1 permit host 192.46.27.7
  
  ---- 除了可以利用关键字"host"来代表通配符掩码0.0.0.0外,关键字"any"可以作为源地址的缩写,并代表通配符掩码0.0.0.0 255.255.255.255。例如,如果希望拒绝来自IP地址为192.46.27.8的站点的数据包,可以在访问列表中增加以下语句:
  
  ---- Access-list 1 deny host 192.46.27.8
  ---- Access-list 1 permit any
  
  ---- 注意上述2条访问列表语句的次序。第1条语句把来自源地址为192.46.27.8的数据包过滤掉,第2条语句则允许来自任何源地址的数据包通过访问列表作用的接口。如果改变上述语句的次序,那么访问列表将不能够阻止来自源地址为192.46.27.8的数据包通过接口。因为访问列表是按从上到下的次序执行语句的。这样,如果第1条语句是:
  
  ---- Access-list 1 permit any
  
  ---- 的话,那么来自任何源地址的数据包都会通过接口。
  
  ---- (4)拒绝的奥秘
  
  ---- 在默认情况下,除非明确规定允许通过,访问列表总是阻止或拒绝一切数据包的通过,即实际上在每个访问列表的最后,都隐含有一条"deny any"的语句。假设我们使用了前面创建的标准IP访问列表,从路由器的角度来看,这条语句的实际内容如下:
  
  ---- access-list 1 deny host 192.46.27.8
  ---- access-list 1 permit any
  ---- access-list 1 deny any
  
  ---- 在上述例子里面,由于访问列表中第2条语句明确允许任何数据包都通过,所以隐含的拒绝语句不起作用,但实际情况并不总是如此。例如,如果希望来自源地址为192.46.27.8和192.46.27.12的数据包通过路由器的接口,同时阻止其他一切数据包通过,则访问列表的代码如下:
  
  ---- access-list 1 permit host 192.46.27.8
  ---- access-list 1 permit host 192.46.27.12
  
  ---- 注意,因为所有的访问列表会自动在最后包括该语句.
  
  ---- 顺便讨论一下标准型IP访问列表的参数"log",它起日志的作用。一旦访问列表作用于某个接口,那么包括关键字"log"的语句将记录那些满足访问列表中"permit"和"deny"条件的数据包。第一个通过接口并且和访问列表语句匹配的数据包将立即产生一个日志信息。后续的数据包根据记录日志的方式,或者在控制台上显示日志,或者在内存中记录日志。通过Cisco IOS的控制台命令可以选择记录日志方式。
  
  扩展型IP访问列表
  
  ---- 扩展型IP访问列表在数据包的过滤方面增加了不少功能和灵活性。除了可以基于源地址和目标地址过滤外,还可以根据协议、源端口和目的端口过滤,甚至可以利用各种选项过滤。这些选项能够对数据包中某些域的信息进行读取和比较。扩展型IP访问列表的通用格式如下:
  
  ---- access-list[list number][permit|deny]
  ---- [protocol|protocol key word]
  ---- [source address source-wildcard mask][source port]
  ---- [destination address destination-wildcard mask]
  ---- [destination port][log options]
  
  ---- 和标准型IP访问列表类似,"list number"标志了访问列表的类型。数字100~199用于确定100个惟一的扩展型IP访问列表。"protocol"确定需要过滤的协议,其中包括IP、TCP、UDP和ICMP等等。
  
  ---- 如果我们回顾一下数据包是如何形成的,我们就会了解为什么协议会影响数据包的过滤,尽管有时这样会产生副作用。图2表示了数据包的形成。请注意,应用数据通常有一个在传输层增加的前缀,它可以是TCP协议或UDP协议的头部,这样就增加了一个指示应用的端口标志。当数据流入协议栈之后,网络层再加上一个包含地址信息的IP协议的头部。

由于IP头部传送TCP、UDP、路由协议和ICMP协议,所以在访问列表的语句中,IP协议的级别比其他协议更为重要。但是,在有些应用中,您可能需要改变这种情况,您需要基于某个非IP协议进行过滤
  
  ---- 为了更好地说明,下面列举2个扩展型IP访问列表的语句来说明。假设我们希望阻止TCP协议的流量访问IP地址为192.78.46.8的服务器,同时允许其他协议的流量访问该服务器。那么以下访问列表语句能满足这一要求吗?
  
  ---- access-list 101 permit host 192.78.46.8
  ---- access-list 101 deny host 192.78.46.12
  
  ---- 回答是否定的。第一条语句允许所有的IP流量、同时包括TCP流量通过指定的主机地址。这样,第二条语句将不起任何作用。可是,如果改变上面2条语句的次序
反向访问列表

  
  有5个VLAN,分别为 管理(63)、办公(48)、业务(49)、财务(50)、家庭(51)。
  
  要求: 管理可以访问其它,而其它不能访问管理,并且其它VLAN之间不能互相访问!
  
  其它的应用不受影响,例如通过上连进行INTERNET的访问
  
  方法一: 只在管理VLAN的接口上配置,其它VLAN接口不用配置。
  
  在入方向放置reflect
  ip access-list extended infilter
  permit ip any any reflect cciepass
  !
  在出方向放置evaluate
  ip access-list extended outfilter
  evaluate cciepass
  deny ip 10.54.48.0 0.0.0.255 any
  deny ip 10.54.49.0.0.0.0.255 any
  deny ip 10.54.50.0 0.0.0.255 any
  deny ip 10.54.51.0 0.0.0.255 any
  permit ip any any
  !应用到管理接口
  int vlan 63
  ip access-group infilter in
  ip access-group outfilter out
  
  方法二:在管理VLAN接口上不放置任何访问列表,而是在其它VLAN接口都放。
  
  以办公VLAN为例:
  
  在出方向放置reflect
  ip access-list extended outfilter
  permit ip any any reflect cciepass
  !
  在入方向放置evaluate
  ip access-list extended infilter
  deny ip 10.54.48.0 0.0.0.255 10.54.49.0 0.0.0.255
  deny ip 10.54.48.0 0.0.0.255 10.54.50.0 0.0.0.255
  deny ip 10.54.48.0 0.0.0.255 10.54.51.0 0.0.0.255
  deny ip 10.54.48.0 0.0.0.255 10.54.63.0 0.0.0.255
  evaluate cciepass
  permit ip any any
  !
  应用到办公VLAN接口:
  int vlan 48
  ip access-group infilter in
  ip access-group outfilter out
  
  总结:
  
  1) Reflect放置在允许的方向上(可进可出)
  
  2) 放在管理VLAN上配置简单,但是不如放在所有其它VLAN上直接。
  
  3) 如果在内网口上放置: 在入上设置Reflect
  
  如果在外网口上放置: 在出口上放置Reflect
  
  LAN WAN
  -
  inbound outbound
  
  4)reflect不对本地路由器上的数据包跟踪,所以对待进入的数据包时注意,要允许一些数据流进入

关于访问列表的in/out


不管在那个端口启用,就在那个端口下ip access-group x in/out
所谓IN,就是在数据包进入路由器之前作访问表的对照,如果是OUT,就是数据可以先进路由器,然后在出路由器时检查访问列表,所以默认是IN.
例如,假如你的例子中,E口是指向内网,并用IN,就是数据包----来自内网----在进入路由器之前并检查.
思科的访问列表中,最后默认为DENY ANY,所以一般都要在列表最后一项加,access-list xxx permit ip any any

从IOS12.0开始,CISCO路由器新增加了一种基于时间的访问列表。通过它,可以根据一天中的不同时间,或者根据一星期中的不同日期,当然也可以二者结合起来,控制对网络数据包的转发。
  一、使用方法
  这种基于时间的访问列表就是在原来的标准访问列表和扩展访问列表中加入有效的时间范围来更合理有效的控制网络。它需要先定义一个时间范围,然后在原来的各种访问列表的基础上应用它。并且,对于编号访问表和名称访问表都适用。
  二、使用规则
  用time-range 命令来指定时间范围的名称,然后用absolute命令或者一个或多个 periodic命令来具体定义时间范围。
  IOS命令格式为:
  time-range time-range-name absolute [start time date] [end time date] periodic days-of-the week hh:mm to [days-of-the week] hh:mm
  我们分别来介绍下每个命令和参数的详细情况
  time-range : 用来定义时间范围的命令
  time-range-name:时间范围名称,用来标识时间范围,以便于在后面的访问列表中引用
  absolute: 该命令用来指定绝对时间范围。它后面紧跟这start和 end两个关键字。在这两个关键字后面的时间要以24小时制、hh:mm(小时:分钟)表示,日期要按照日/月/年来表示。可以看到,他们两个可以都省略。如果省略start及其后面的时间,那表示与之相联系的permit 或deny语句立即生效,并一直作用到end处的时间为止;若省略如果省略end及其后面的时间,那表示与之相联系的permit 或deny语句在start处表示的时间开始生效,并且永远发生作用,当然把访问列表删除了的话就不会起作用了。
  怎么样,看明白了吗?上面讲的就是命令和基本参数为了便于理解,我们看两个例子。
  1、如果要表示每天的早8点到晚8点就可以用这样的语句:
  absolute start 8:00 end 20:00
  2、再如,我们要使一个访问列表从2006年10月1日早5点开始起作用,直到2006年10月31日晚24点停止作用,语句如下:
  absolute start 5:00 1 December 2000 end 24:00 31 December 2000
  这样一来,我们就可以用这种基于时间的访问列表来实现,而不用半夜跑到办公室去删除那个访问列表了。这对于网络管理员来说,是个很好的事情。如果你恰好是网管。。哇。。。什么也不要讲了,快回去好好配置吧:)。好了接下来,让我们接着看下一个periodic命令及其参数。一个时间范围只能有一个absolute语句,但是可以有几个periodic语句。
  periodic:主要是以星期为参数来定义时间范围的一个命令。它的参数主要有宾Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday中的一个或者几个的组合,也可以是daily(每天)、 weekday(周一到周五)或者 weekend(周末)。

示例一: 带Established选项的扩展访问列表

拓扑:

R2-(S2/0)-----------------(S2/0)-R1(S2/1)---------------(S2/1)-R3


带有Established的扩展访问列表允许内部用户访问外部网络,而拒绝外部网络访问内部网络,而没带Established的标准访问列表和扩展访问列表没有这个特性.
这个示例首先用OSPF来使全网互联.

R1:

r1#sh run
*Mar 1 00:25:17.275: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...

Current configuration : 1410 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
ip address 12.1.1.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 12.1.1.2 102 broadcast
no frame-relay inverse-arp
!
interface Serial2/1
ip address 13.1.1.1 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 13.1.1.3 113 broadcast
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end






R2:

r2#sh run
Building configuration...

*Mar 1 00:27:29.871: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1298 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
ip address 12.1.1.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 12.1.1.1 201 broadcast
no frame-relay inverse-arp
!
interface Serial2/1
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end





r3

r3#sh run
Building configuration...

Current configuration : 1298 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
logging queue-limit 100
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
mpls ldp logging neighbor-changes
!
!
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/1
ip address 13.1.1.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
serial restart_delay 0
frame-relay map ip 13.1.1.1 311 broadcast
no frame-relay inverse-arp
!
interface Serial2/2
no ip address
shutdown
serial restart_delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart_delay 0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
no login
!
!
end
监视和测试配置:

我们让R2作为内部网络,R3作为内部网络,以下配置使R2发起访问R3没问题,从R3访问R2则被拒绝.注意这个配置方案是针对基于TCP的应用,任何TCP通讯都是双向的,从R2发起的访问外部网络之后,外部网络的流量得以通过,这个时候TCP报文,ACK或RST位被设置为1

R1(configure)access-list 101 permit tcp any any established log-input
R1(configure)access-list 101 permit ospf any any
R1(configure)access-list 101 deny ip any any log-input
R1(configure)int s2/1
R1(configure-if)ip access-group 101 in

以上log-input是为了显示监视数据报文被过滤的情况,接下来用debug ip packet detailed来监视报文经过R1的情况,应该路由器还有OSPF报文产生,因此我们对DEBUG信息做了限制.

r1(config)#access-list 102 permit tcp any any

我们这样做 让R2发起telnet访问R3
r1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open

r3>
*Mar 1 00:55:53.003: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.003: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 44, sending
*Mar 1 00:55:53.007: TCP src=11001, dst=23, seq=2398697781, ack=0, win=4128 SYN
*Mar 1 00:55:53.179: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 3.3.3.3(23) (Serial2/1 ) -> 13.1.1.1(11001), 1 packet
*Mar 1 00:55:53.183: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.183: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 44, rcvd 3
*Mar 1 00:55:53.187: TCP src=23, dst=11001, seq=949632690, ack=2398697782, win=4128 ACK SYN
*Mar 1 00:55:53.187: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.191: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 40, sending
*Mar 1 00:55:53.191: TCP src=11001, dst=23, seq=2398697782, ack=949632691, win=4128 ACK
*Mar 1 00:55:53.199: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.203: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 49, sending
*Mar 1 00:55:53.203: TCP src=11001, dst=23, seq=2398697782, ack=949632691, win=4128 ACK PSH
*Mar 1 00:55:53.207: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.211: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 40, sending
*Mar 1 00:55:53.215: TCP src=11001, dst=23, seq=2398697791, ack=949632691, win=4128 ACK
*Mar 1 00:55:53.455: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.455: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 52, rcvd 3
*Mar 1 00:55:53.459: TCP src=23, dst=11001, seq=949632691, ack=2398697791, win=4119 ACK PSH
*Mar 1 00:55:53.459: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.463: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 45, rcvd 3
*Mar 1 00:55:53.467: TCP src=23, dst=11001, seq=949632703, ack=2398697791, win=4119 ACK PSH
*Mar 1 00:55:53.467: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.471: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 43, rcvd 3
*Mar 1 00:55:53.471: TCP src=23, dst=11001, seq=949632708, ack=2398697791, win=4119 ACK PSH
*Mar 1 00:55:53.475: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.479: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 46, rcvd 3
*Mar 1 00:55:53.479: TCP src=23, dst=11001, seq=949632711, ack=2398697791, win=4119 ACK PSH
*Mar 1 00:55:53.483: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.487: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 43, sending
*Mar 1 00:55:53.487: TCP src=11001, dst=23, seq=2398697791, ack=949632717, win=4102 ACK PSH
*Mar 1 00:55:53.491: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.495: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 43, sending
*Mar 1 00:55:53.495: TCP src=11001, dst=23, seq=2398697794, ack=949632717, win=4102 ACK PSH
*Mar 1 00:55:53.499: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.503: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 49, sending
*Mar 1 00:55:53.503: TCP src=11001, dst=23, seq=2398697797, ack=949632717, win=4102 ACK PSH
*Mar 1 00:55:53.659: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.663: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 43, rcvd 3
*Mar 1 00:55:53.663: TCP src=23, dst=11001, seq=949632717, ack=2398697797, win=4113 ACK PSH
*Mar 1 00:55:53.867: IP: tableid=0, s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), routed via RIB
*Mar 1 00:55:53.867: IP: s=13.1.1.1 (local), d=3.3.3.3 (Serial2/1), len 40, sending
*Mar 1 00:55:53.871: TCP src=11001, dst=23, seq=2398697806, ack=949632720, win=4099 ACK
*Mar 1 00:55:53.963: IP: tableid=0, s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), routed via RIB
*Mar 1 00:55:53.967: IP: s=3.3.3.3 (Serial2/1), d=13.1.1.1 (Serial2/1), len 40, rcvd 3
*Mar 1 00:55:53.967: TCP src=23, dst=11001, seq=949632720, ack=2398697806, win=4104 ACK




注意R3返回R2的数据报文得以通过,接下来我们测试从R3发起访问R2的情况




r3#telnet 2.2.2.2
Trying 2.2.2.2 ...
% Destination unreachable; gateway or host down
r1#
*Mar 1 01:02:22.779: %SEC-6-IPACCESSLOGP: list 101 denied tcp 13.1.1.3(11002) (Serial2/1 ) -> 2.2.2.2(23), 1 packet
*Mar 1 01:02:22.783: IP: s=13.1.1.3 (Serial2/1), d=2.2.2.2, len 44, access denied
*Mar 1 01:02:22.783: IP: tableid=0, s=13.1.1.1 (local), d=13.1.1.3 (Serial2/1), routed via RIB
*Mar 1 01:02:22.787: IP: s=13.1.1.1 (local), d=13.1.1.3 (Serial2/1), len 56, sending
*Mar 1 01:02:24.139: IP: s=12.1.1.2 (Serial2/0), d=224.0.0.5, len 80, rcvd 0
*Mar 1 01:02:24.315: IP: s=13.1.1.1 (local), d=224.0.0.5 (Serial2/1), len 80, sending broad/multicast
*Mar 1 01:02:25.139: IP: s=12.1.1.1 (local), d=224.0.0.5 (Serial2/0), len 80, sending broad/multicast



注意,TCP协议的第一次发送是SYN字段,这是用来同步准备建立一个新连接的两端主机,而ACK位由接收者置位从而向发送者表明数据已经成功接收.RST(reset)位说明什么时候重新启动连接.带Eetablished的扩展访问列表只允许ACK或RST位置1的TCP报文通过.



[本帖最后由 walk110 于 2007-1-14 12:57 编辑]

论坛模式 推荐 收藏 分享给好友 推荐到圈子 管理

TAG: 电脑技巧

海盗头子的窝 walk110 发布于2007-01-14 11:57:54
Cisco IOS命名规则   

The name has three parts, separated by dashes: e.g. xxxx-yyyy-ww:

xxxx = Platform

yyyy = Features

ww = Format - Where it executes from if compressed.


 
Software Naming Conventions for IOS - Platform
as5200
5200

ca1003
Cisco Advantage 1003

ca1005
Cisco Advantage 1005

cpa1003
CiscoPro 1003,4

cpa1005
CiscoPro 1005

cpa25
CiscoPro 2500

cpa3620
CiscoPro 3620

cpa3640
CiscoPro 3640

cpa45
CiscoPro 4500

*cs
Communication Server

cs500
cs500

c1000
1003,4

c1005
1005

c1600
1600

c2500
25xx,3xxx,5100, AO (11.2 and later only)

c25fx
Fixed Frad

c2600
2600 Quake

c2800
Catalyst 2800

c2900
2910, 2950

c29atm
2900 ATM

c3620
3620

c3640
3640

c3800
3800

c4000
4000 (11.2 and later only)

c4500
4500, 4700

c5rsfc
 
c5rsm
Catalyst 5k RSP

c5atm
Catalyst ATM

c6400s
6400 NSP

c6400r
6400 NRP

c6msm
Catalyst

c7000
7000,7010 (11.2 and later only)

c7200
7200

igs
IGS, 25xx,3xxx,5100, AP

gs3
gateway server (AGS, AGS+)

gs7
gateway server(7000,7010)

gsr
Gigabit Switch Router (12000)

ls1010
Lightstream 1010

mc3810
Ardent Multiservice Cisco 3810

p
Partners' platform n

*pt
prootocol translator

rpm
MGX 8850

rsp
75xx

ubr7200
Universal Broadband Router 7200

ubr900
Universal Broadband Router 900

ubr920
Universal Broadband Router 920

vcw
Voice Card Ware

xx
4000

igsetx
2500 (media specific image that supports only ethernet, token ring, and x.25)


 
Software Naming Conventions for IOS - Format


Where the image runs in the router

f flash
m ram
r rom
l relocatable

Compression Types

z zip compressed (note lower case)
x mzip compressed
w "STAC" compressed

Extensions

.tar A utility and file format used for packaging files together. These files are compressed using gzip or some other form of compression
.html The file is used with a Web browser application.




Software Naming Conventions for IOS - Features
 

ALL 0-9 a b c d e f g h i j k l m n o p q r s t u v w x y z ALL


a
a APPN
a2 ATM
a3 APPN replacement


b
b Appletalk
boot boot image


c
c Comm-server/Remote Access Server (RAS) subset (SNMP, IP, Bridging,IPX, Atalk, Decnet, FR, HDLC, PPP, X,25, ARAP, tn3270, PT,
XRemote, LAT) (non-CiscoPro)
c CommServer lite (CiscoPro)
c2 Comm-server/Remote Access Server (RAS) subset (SNMP, IP, Bridging,IPX, Atalk, Decnet, FR, HDLC, PPP, X,25, ARAP, tn3270, PT,
XRemote, LAT) (CiscoPro)
c3 clustering


d
d Desktop subset (SNMP, IP, Bridging, WAN, Remote Node, Terminal
Services, IPX, Atalk, ARAP)
(11.2 - Decnet)
d2 reduced Desktop subset(SNMP, IP, IPX, ATALK, ARAP)
diag IOS based diagnostic images


e
e IPeXchange (no longer used in 11.3 and later)
- StarPipes DB2 Access - Enables Cisco IOS to act as a "Gateway" to
all IBM DB2 products for downstream clients/servers in 11.3T
eboot ethernet boot image for mc3810 platform


f
f FRAD subset (SNMP, FR, PPP, SDLLC, STUN)
f2 modified FRAD subset, EIGRP, Pcbus, Lan Mgr removed, OSPF added


g
g ISDN subset (SNMP, IP, Bridging, ISDN, PPP, IPX, Atalk)
g2 gatekeeper proxy, voice and video
g3 ISDN subset for c800 (IP, ISDN, FR)


h
h For Malibu(2910), 8021D, switch functions, IP Host
hdiag Diagnostics image for Malibu(2910)


i (used for image names of platforms c2500 and larger)
i IP subset (SNMP, IP, Bridging, WAN, Remote Node, Terminal Services)
i2 subset similar to IP subset for system controller image (3600)
i3 reduced IP subset with BGP/MIB, EGP/MIB, NHRP, DIRRESP removed.
i4 subset of IP (5200)
ipss7 IP subset with SS7 (2600)


j
j enterprise subset (formerly bpx, includes protocol translation)
*** not used until 10.3 ***


k
k kitchen sink (enterprise for high-end) (same as bx) (Not used after 10.3)
k1 Baseline Privacy key encryption (On 11.3 and up)
k2 high-end enterprise w/CIP2 ucode (Not used after 10.3)
k2 Triple DES (On 11.3 and up)
k3 56bit SSH encryption
k4 168bit SSH encryption
k5 Reserved for future encryption capabilities (On 11.3 and up)
k6 Reserved for future encryption capabilities (On 11.3 and up)
k7 Reserved for future encryption capabilities (On 11.3 and up)
k8 Reserved for future encryption capabilities (On 11.3 and up)
k9 Reserved for future encryption capabilities (On 11.3 and up)
   



l
l IPeXchange IPX, static routing, gateway


m
m RMON (11.1 only)
m Catalyst 2820-kernel, parser, ATM signaling, Lane Client, bridging


n
n IPX


o
o Firewall (formerly IPeXchange Net Management)
o2 Firewall (3xx0)
o3 Firewall with ssh (36x0 26x0)


p
p Service Provider (IP RIP/IGRP/EIGRP/OSPF/BGP, CLNS ISIS/IGRP)
p2 Service Provider w/CIP2 ucode
p3 as5200 service provider
p4 5800 (Nitro) service provider
p5 Service Provider (6400 NRP)
p7 Service Provider with PT/TARP (2600, 3640)


q
q Async
q2 IPeXchange Async


r
r IBM base option (SRB, SDLLC, STUN, DLSW, QLLC) - used with
i, in, d (See note below.)
r2 IBM variant for 1600 images
r3 IBM variant for Ardent images (3810)
r4 reduced IBM subset with BSC/MIB, BSTUN/MIB, ASPP/MIB, RSRB/MIB removed.


s
s source route switch (SNMP, IP, Bridging, SRB) (10.2 to 11.1)
s Additions by Platform via PLUS packs

c1000 (OSPF, PIM, SMRP, NLSP, ATIP, ATAURP, FRSVC, RSVP, NAT)
c1005 (X.25, full WAN, OSPF, PIM, NLSP, SMRP, ATIP, ATAURP, FRSVC, RSVP, NAT)
c1600 (OSPF, IPMULTICAST, NHRP, NTP, NAT, RSVP, FRAME_RELAY_SVC)
AT "s" images also have: (SMRP,ATIP,AURP)
IPX "s" images also have: (NLSP,NHRP)
c2500 (NAT, RMON, IBM, MMP, VPDN/L2F)
c2600 (NAT, IBM, MMP, VPDN/L2F, VOIP and ATM)
c3620 (NAT, IBM, MMP, VPDN/L2F) In 11.3T added VOIP
c3640 (NAT, IBM, MMP, VPDN/L2F) In 11.3T added VOIP
c4000 (NAT, IBM, MMP, VPDN/L2F)
c4500 (NAT, ISL, LANE, IBM, MMP, VPDN/L2F)
c5200 (PT, v.120, managed modems, RMON, MMP, VPDN/L2F)
c5300 (MMP, VPDN, NAT, Modem Management, RMON, IBM)
c5rsm (NAT, LANE and VLANS)
c7000 (ISL, LANE, IBM, MMP, VPDN/L2F)
c7200 (NAT, ISL, IBM, MMP, VPDN/L2F)
rsp (NAT, ISL, LANE, IBM, MMP, VPDN/L2F)

 



t
t AIP w/ modified Ucode to connect to Teralink 1000 Data (11.2)
t Telco return (12.0)


u
u IP with VLAN RIP (Network Layer 3 Switching Software, rsrb, srt, srb, sr/tlb)
   


v
v VIP and dual RSP (HSA) support
v2 Voice V2D
v3 Voice Feature Card
v4 Voice (ubr920)


w
w WBU Feature Sets

i IISP
l LANE & PVC
p PNNI
v PVC trafffic shaping

 

w2 Cisco Advantage ED train Feature Sets

a IPX, static routing, gateway
b Net Management
c FR/X25
y Async

 

w3 Distributed Director Feature Sets


x
x X.25 in 11.1 and earlier releases and on c800 in 12.0T
x FR/X.25 in 11.2 (IPeXchange)
x H.323 Gatekeeper/Proxy in 11.3 and later releases for 2500, 3620, 3640, mc3810


y (used for image names of platforms smaller than c2500)
y reduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, ISDN, PPP) (C1003/4)
y reduced IP (SNMP, IP RIP/IGRP/EIGRP, Bridging, WAN - X.25) (C1005)
(11.2 - includes X.25) (c1005)
y IP variant (no Kerberos, Radius, NTP, OSPF, PIM, SMRP, NHRP...) (c1600)
y2 IP variant (SNMP, IP RIP/IGRP/EIGRP, WAN - X.25, OSPF, PIM) (C1005)
y2 IP Plus variant (no Kerberos, Radius, NTP, ...) (c1600)
y3 IP/X.31
y4 reduced IP variant (Cable, Mibs, DHCP, EZHTTP)
y5 reduced IP variant (Cable, Mibs, DHCP, EZIP) Home Office
y6 reduced IP variant(c800)


z
z managed modems


0-9
40 40 bit encryption
56 56 bit encryption
56i 56 bit encryption with IPSEC

 


Obsolete
h reduced desktop subset (SNMP, IP RIP/IGRP/EIGRP, Bridging,
ISDN, PPP, IPX, Atalk) 1003/4
h reduced desktop subset (SNMP, IP RIP/IGRP/EIGRP, Bridging,
WAN - X.25, IPX, Atalk) 1005





[ 本帖最后由 walk110 于 2007-1-14 12:04 编辑 ]
海盗头子的窝 walk110 发布于2007-01-14 11:58:20
  OSPF实验过程详解(OSPF在NBMA上实现法)   


实验环境说明:
1.将路由器R5的Fa0/0端口的ip设为:192.168.4.5/24;S1/1端口的ip设为:192.168.3.5/24
2.将路由器R1的 S1/1端口的ip设为:192.168.3.1/24;S1/2端口的ip设为:192.168.2.1/24
3.将路由器R2的S1/2端口的ip设为:192.168.2.2/24;Fa0/0端口的ip设为:192.168.1.2/24

前言:我们都知道,OSPF的网络类型有:广播型(也称多路访问)、点到点、点到多点、非广播多路访问(NBMA),除了非广播型多点访问类型以外的其它类型都会自动选择DR和BDR,这样才会形成邻居,它们之间才可以互相通信。而我们今天要演示的OSPF在NBMA中的实现,就是要克服这种非广播型多路访问中无法自动选出DR和BDR而无法发现邻居。没有邻居的路由器之间是无法通信的。我们的解决思路主要有:1、手工为相应的端口指定邻居;2、改变相应端口的网络类型。下面请看我们的详细配置过程:

配置过程清单:

交换机SW1的配置:
分别将Fa1/11、Fa1/14端口设置为全双工模式:
SW1(config)#int fa1/11
SW1(config-if)#speed 100
SW1(config-if)#duplex full
SW1(config-if)#no shut
SW1(config-if)#exit

SW1(config)#int fa1/14
SW1(config-if)#speed 100
SW1(config-if)#duplex full
SW1(config-if)#no shut
SW1(config-if)#exit

路由器R2的配置清单:
1、分别为路由器R2的S1/2、Fa0/0端口设置iP:
R2(config)#int s1/2
R2(config-if)#ip add 192.168.2.2 255.255.255.0
R2(config-if)#no shut

R2(config)#int fa0/0
R2(config-if)#speed 100
R2(config-if)#duplex full
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit

2、在路由器R2上配置OSPF:
R2(config)#router ospf 100
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network
R2(config-router)#network 192.168.2.2 0.0.0.0 a 0
R2(config-router)#network 192.168.1.2 0.0.0.0 a 0
R2(config-router)#exit

路由器R1的配置清单:
1、为路由器R1的S1/1端口设置ip并封装桢中继:
R1(config)#int s1/1
R1(config-if)#ip add 192.168.3.1 255.255.255.0
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay map ip 192.168.3.5 105 br
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no shut

2、为路由器R1的S1/2端口设置ip:
R1(config)#int s1/2
R1(config-if)#ip add 192.168.2.1 255.255.255.0
R1(config-if)#no shut

3、在路由器R1上配置OSPF:
R1(config)#router ospf 100
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 192.168.3.1 0.0.0.0 a 0
R1(config-router)#network 192.168.2.1 0.0.0.0 a 0
R1(config-router)#exit

路由器R5的配置清单:
1、为路由器R5的S1/1端口配置ip并封装桢中继:
R5(config)#int s1/1
R5(config-if)#ip add 192.168.3.5 255.255.255.0
R5(config-if)#encapsulation frame-relay
R5(config-if)#frame-relay map ip 192.168.3.1 501 br
R5(config-if)#no frame-relay inverse-arp
R5(config-if)#no shut
R5(config-if)#exit

2、为路由器R5的Fa0/0端口配置ip并设为全双工模式:
R5(config)#int fa0/0
R5(config-if)#speed 100
R5(config-if)#duplex full
R5(config-if)#ip add 192.168.4.5 255.255.255.0
R5(config-if)#no shut
R5(config-if)#exit

3、在路由器R5上配置OSPF:
R5(config)#router ospf 100
R5(config-router)#router-id 5.5.5.5
R5(config-router)#network 192.168.4.5 0.0.0.0 a 0
R5(config-router)#network 192.168.3.5 0.0.0.0 a 0
R5(config-router)#exit

以上为正常的配置过程,如果我们来通过#show ip ospf nei命令来看看R1、R5的邻居表,你会发现它们的邻居表中根本没有对方,也就是说,它们之间根本没有发现邻居,这时它们之间是无法互相通信。在前面我们已经说过,非广播型多路访问是不会自动选出DR和BDR的,需要我们手工来指定。这时我们就有了两种思路:1改变R1 、R5之间的网络类型,将它们改变为点对多点(point-to-mu);2、手工为它们指定邻居。请看下面的配置,这就是关键所在:
A:改变网络类型实现OSPF在桢中继可以发现邻居:
1、改变R1的S1/1的网络类型为“点对多点”:
R1(config)#int s1/1
R1(config-if)#ip ospf network point-to-mu
R1(config-if)#no shut

2、改变R5的S1/1的网络类型为“点对多点”:
R5(config)#int s1/1
R5(config-if)#ip ospf network point-to-mu
R5(config-if)#no shut

这时,我们使用#show ip ospf nei命令来查看R1的邻居表:
R1#show ip ospf nei
Neighbor ID     Pri   State           Dead Time   Address         Interface
5.5.5.5           0   FULL/  -        00:01:47    192.168.3.5     Serial1/1
2.2.2.2           0   FULL/  -        00:00:33    192.168.2.2     Serial1/2

看到了吧,路由器R1的邻居表里面已经有了R5和R2,这时,我们再用ping命令来验证一下,我们用R1来pingR5:
R1#ping 192.168.4.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/73/112 ms

成功了!同样的道理,R5我们就不再验证了,您看明白了吗?

B:手工为R1、R5指定邻居:(//后面为注释)
R1(config)#router ospf 100
R1(config)#nei 192.168.3.5  //指定R5是R1的邻居,这里写对方的ip

R5(config)#router ospf 100
R5(config)#nei 192.168.3.1  //指定R1是R5的邻居,这里写对方的ip




  Vlan间路由实验(单臂路由实现法)   


实验环境说明:
1.利用路由器R1、R2模拟PC,关闭其路由功能;
2.将路由器R1的Fa0/0端口的ip设为:192.168.1.2/24,默认网关设为:192.168.1.1;
3.将路由器R2的Fa0/0端口的ip设为:192.168.0.2/24,默认网关设为:192.168.0.1;
4.将交换机SW1关闭路由功能,作为二层交换机使用,并划分VLAN14、VLAN15两个VLAN;
5.将交换机SW1的Fa1/14端口加入到VLAN14中,将Fa1/15端口加入到VLAN15中;
6.在路由器R3的Fa0/0接口启用子接口Fa0/0.14(ip设为:192.168.0.1/24)、
Fa0/0.15(ip设为:192.168.1.1/24)并封装相应的VLAN号;
实验结果要求R1、R2能够互相ping通对方。

实验配置过程:
交换机SW1的配置清单:
1.划分VLAN:
SW1#vlan data
SW1(vlan)#vlan 14
SW1(vlan)#vlan 15
SW1(vlan)#exit
2.将端口加入到相应的VLAN:
SW1(config)#int fa1/14
SW1(config-if)#speed 100
SW1(config-if)#duplex full
SW1(config-if)#switchport mod acc
SW1(config-if)#switchport acc vlan 14
SW1(config-if)#exit
SW1(config)#int fa1/15
SW1(config-if)#speed 100
SW1(config-if)#duplex full
SW1(config-if)#switchport mod acc
SW1(config-if)#switchport acc vlan 15
SW1(config-if)#exit
3.为Fa1/13端口配置干道:
SW1(config)#int fa1/13
SW1(config-if)#switchport mod trunk
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#no shut
SW1(config-if)#exit
4.关闭交换机的路由功能:
SW1(config)#no ip routing

路由器R3的配置清单:
1.开启路由器R3的路由功能:
R3(config)#ip routing
2.启用子接口、封装VLAN并设置ip:
R3(config)#int fa0/0.14
R3(config-subif)#encapsulation dot1q 14     
R3(config-subif)#ip add 192.168.0.1 255.255.255.0
R3(config-subif)#no shut
R3(config-subif)#exit
R3(config)#int fa0/0.15
R3(config-subif)#encapsulation dot1q 15
R3(config-subif)#ip add 192.168.1.1 255.255.255.0
R3(config-subif)#no shut
R3(config-subif)#exit
3.配置Fa0/0端口并启动该端口:
R3(config)#int fa0/0
R3(config-if)#speed 100
R3(config-if)#duplex full
R3(config-if)#no shut
路由器R2的配置清单:
R2(config)#no ip routing
R2(config)#ip default-gateway 192.168.0.1
R2(config)#int fa0/0
R2(config-if)#speed 100
R2(config-if)#duplex full
R2(config-if)#ip add 192.168.0.2 255.255.255.0
R2(config-if)#no shut
路由器R1的配置清单:
R1(config)#no ip routing
R1(config)#ip default-gateway 192.168.1.1
R1(config)#int fa0/0
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#ip add 192.168.1.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit




  MPLS-OSPF Sham-Link   
[img][[/img]

hostname r1

ip cef

ip vrf test
rd 123:1
import map from-pe-r3
export map to-pe-r3
route-target export 123:1
route-target import 123:3
route-target import 123:65006
!
ip vrf test16
rd 123:65006
route-target export 123:65006
route-target import 123:65007
route-target import 123:1

interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
ip vrf forwarding test
ip address 10.1.2.1 255.255.255.255
!
interface Ethernet0/0
ip vrf forwarding test
ip address 14.1.1.1 255.255.255.0
!
interface Serial0/0
no ip address
!
interface Serial0/0.12 point-to-point
ip address 12.1.1.1 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 102
!
interface Serial0/0.16 point-to-point
ip vrf forwarding test16
ip address 16.1.1.1 255.255.255.0
frame-relay interface-dlci 106
!
router ospf 1 vrf test
area 45 sham-link 10.1.2.1 30.1.2.1
redistribute bgp 13 subnets route-map ce5-only
network 14.1.1.0 0.0.0.255 area 45
!
router isis
net 49.0123.0000.0000.0001.00
passive-interface Loopback0
!
router bgp 13
no synchronization
bgp log-neighbor-changes
neighbor 30.1.1.1 remote-as 13
neighbor 30.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 30.1.1.1 activate
neighbor 30.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf test16
neighbor 16.1.1.6 remote-as 65006
neighbor 16.1.1.6 activate
neighbor 16.1.1.6 as-override
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test
redistribute connected route-map sham-loopback
redistribute ospf 1 vrf test
exit-address-family

ip prefix-list to65004 seq 5 deny 60.1.2.0/24
ip prefix-list to65004 seq 10 permit 0.0.0.0/0 le 32
access-list 10 permit 10.1.2.1
access-list 40 permit 40.1.1.0 0.0.0.255
access-list 41 permit 40.1.10.1
access-list 50 permit 10.1.2.1
access-list 50 permit 30.1.2.1
access-list 50 permit 35.1.1.0 0.0.0.255
access-list 60 deny 60.1.2.0 0.0.0.255
access-list 60 permit any
!
route-map ce5-only permit 10
match ip address 50
!
route-map to65004 permit 10
match ip address prefix-list to65004
!
route-map sham-loopback permit 10
match ip address 10
!
route-map from-pe-r3 permit 10
match ip address 60
!
route-map to-pe-r3 permit 10
match ip address 40
set extcommunity rt 123:65004
!
route-map ce1-ospf-to-bgp permit 10
match ip address 41
================================================== =================
hostname r2

ip cef
!
mpls label protocol ldp

interface Loopback0
ip address 20.1.1.1 255.255.255.0

interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.12 point-to-point
ip address 12.1.1.2 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 201
!
interface Serial0/0.23 point-to-point
ip address 23.1.1.2 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 203

router isis
net 49.0123.0000.0000.0002.00
passive-interface Loopback0
================================================== ==============
hostname r3

ip cef

ip vrf test
rd 123:3
route-target export 123:3
route-target import 123:1
!
ip vrf test37
rd 123:65007
route-target export 123:65007
route-target import 123:65006
!
!
mpls label protocol ldp

interface Loopback0
ip address 30.1.1.1 255.255.255.0
!
interface Loopback2
ip vrf forwarding test
ip address 30.1.2.1 255.255.255.255
!
interface Serial0/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial0/0.23 point-to-point
ip address 23.1.1.3 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 302

interface Serial0/2
ip vrf forwarding test37
ip address 37.1.1.3 255.255.255.0
serial restart-delay 0
clock rate 19200
!
interface Ethernet1/0
ip vrf forwarding test
ip address 35.1.1.3 255.255.255.0
half-duplex
!
router ospf 1 vrf test
log-adjacency-changes
area 45 sham-link 30.1.2.1 10.1.2.1
redistribute bgp 13 subnets
network 35.1.1.0 0.0.0.255 area 45
!
router isis
net 49.0123.0000.0000.0003.00
passive-interface Loopback0
!
router bgp 13
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 13
neighbor 10.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf test37
neighbor 37.1.1.7 remote-as 65006
neighbor 37.1.1.7 activate
neighbor 37.1.1.7 as-override
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test
redistribute connected route-map sham-loopback
redistribute ospf 1 vrf test match internal external 1 external 2
exit-address-family

access-list 30 permit 30.1.2.1
access-list 41 permit 40.1.10.1
access-list 42 deny 40.1.10.1
access-list 42 permit any
access-list 43 permit 40.1.10.1
access-list 43 permit 14.1.1.0 0.0.0.255
!
route-map ce4-only permit 10
match ip address 43
!
route-map sham-loopback permit 10
match ip address 30
!
route-map pe3-bgp-to-ce5 permit 10
match ip address 42
!
route-map pe3-bgp-to-ospf permit 10
match ip address 41
!
!
mpls ldp router-id Loopback0
================================================== ===============

hostname r4

ip cef

interface Loopback0
ip address 40.1.1.1 255.255.255.0
!
interface Loopback2
ip address 40.1.2.1 255.255.255.0
!
interface Loopback10
ip address 40.1.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 14.1.1.4 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 14.1.1.0 0.0.0.255 area 45
network 40.1.10.0 0.0.0.255 area 45

================================================== ============
hostname r5
interface Loopback0
ip address 50.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 35.1.1.5 255.255.255.0

router ospf 1
network 35.1.1.0 0.0.0.255 area 45

================================================== ====================
hostname r6

ip cef

interface Loopback0
ip address 60.1.1.1 255.255.255.0
!
interface Loopback2
ip address 60.1.2.1 255.255.255.0
!
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.16 point-to-point
ip address 16.1.1.6 255.255.255.0
frame-relay interface-dlci 601

router bgp 65006
no synchronization
bgp log-neighbor-changes
network 60.1.1.0 mask 255.255.255.0
network 60.1.2.0 mask 255.255.255.0
neighbor 16.1.1.1 remote-as 13
no auto-summary
================================================== ==============================
r1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
i L1 20.1.1.0 [115/10] via 12.1.1.2, Serial0/0.12
23.0.0.0/24 is subnetted, 1 subnets
i L1 23.1.1.0 [115/20] via 12.1.1.2, Serial0/0.12
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0.12
30.0.0.0/24 is subnetted, 1 subnets
i L1 30.1.1.0 [115/20] via 12.1.1.2, Serial0/0.12
================================================== ===============================

r1#sh ip b v v test
BGP table version is 54, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:1 (default for vrf test)
*> 10.1.2.1/32 0.0.0.0 0 32768 ?
*>i30.1.2.1/32 30.1.1.1 0 100 0 ?
*> 40.1.10.1/32 14.1.1.4 11 32768 ?
*> 60.1.1.0/24 16.1.1.6 0 0 65006 i


r1#sh ip b v v test 40.1.10.1
BGP routing table entry for 123:1:40.1.10.1/32, version 53
Paths: (1 available, best #1, table test)
Advertised to update-groups:
3
Local
14.1.1.4 from 0.0.0.0 (10.1.1.1)
Origin incomplete, metric 11, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:123:1 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.45:2:0 OSPF ROUTER ID:14.1.1.1:512,
mpls labels in/out 22/nolabel

================================================== ================================
r3(config-if)#do sh ip b v v test
BGP table version is 52, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:3 (default for vrf test)
*>i10.1.2.1/32 10.1.1.1 0 100 0 ?
*> 30.1.2.1/32 0.0.0.0 0 32768 ?
r>i40.1.10.1/32 10.1.1.1 11 100 0 ?


r3>en
r3#sh ip b v v test
BGP table version is 52, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:3 (default for vrf test)
*>i10.1.2.1/32 10.1.1.1 0 100 0 ?
*> 30.1.2.1/32 0.0.0.0 0 32768 ?
r>i40.1.10.1/32 10.1.1.1 11 100 0 ?
r3#sh ip b v v test 40.1.10.1
BGP routing table entry for 123:3:40.1.10.1/32, version 52
Paths: (1 available, best #1, table test, RIB-failure(17))
Not advertised to any peer
Local, imported path from 123:1:40.1.10.1/32
10.1.1.1 (metric 20) from 10.1.1.1 (10.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:123:1 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.45:2:0 OSPF ROUTER ID:14.1.1.1:512,
mpls labels in/out nolabel/22
-------------------------------------------------------------------------

r1#sh ip ospf 1 sham-link
Sham Link OSPF_SL1 to address 30.1.2.1 is up
Area 45 source address 10.1.2.1
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
---------------------------------------------------------------------------
r3(config-if)#do sh ip ospf 1 sham-link
Sham Link OSPF_SL1 to address 10.1.2.1 is up
Area 45 source address 30.1.2.1
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:04
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
----------------------------------------------------------------------------
r4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

35.0.0.0/24 is subnetted, 1 subnets
O 35.1.1.0 [110/12] via 14.1.1.1, 00:07:08, FastEthernet0/0
40.0.0.0/24 is subnetted, 3 subnets
C 40.1.10.0 is directly connected, Loopback10
C 40.1.1.0 is directly connected, Loopback0
C 40.1.2.0 is directly connected, Loopback2
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.1.2.1 [110/1] via 14.1.1.1, 00:07:08, FastEthernet0/0
14.0.0.0/24 is subnetted, 1 subnets
C 14.1.1.0 is directly connected, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.1.2.1 [110/1] via 14.1.1.1, 00:07:09, FastEthernet0/0
================================================== ====================================
r5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
C 50.1.1.0 is directly connected, Loopback0
35.0.0.0/24 is subnetted, 1 subnets
C 35.1.1.0 is directly connected, FastEthernet0/0
40.0.0.0/32 is subnetted, 1 subnets
O 40.1.10.1 [110/13] via 35.1.1.3, 00:07:18, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.1.2.1 [110/1] via 35.1.1.3, 00:07:18, FastEthernet0/0
14.0.0.0/24 is subnetted, 1 subnets
O 14.1.1.0 [110/12] via 35.1.1.3, 00:07:18, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.1.2.1 [110/1] via 35.1.1.3, 00:07:19, FastEthernet0/0




[ 本帖最后由 walk110 于 2007-1-14 12:19 编辑 ]
海盗头子的窝 walk110 发布于2007-01-14 11:59:35
思科千兆交换校园网应用
思科千兆交换校园网应用   

本文从需求分析入手,阐述了校园网的应用特点,并以陈经伦中学为例,介绍了思科系统公司的千兆交换产品和其它应用产品如何满足校园网用户的多方面需求。

校园网是各种类型网络中一大分属,有着非常广泛的应用,它以局域网为主,但网络结构和性能要求却有其特色,为此特在本例中对校园网作应用分析。

一、应用特点及需求分析


随着现代化教学活动的开展和与国内外教学机构交往的增多,对通过Internet/Intranet网络进行信息交流的需求越来越迫切,为促进教学、方便管理和进一步发挥学生的创造力,校园网络建设成为现代教育机构的必然选择。校园网大都属于中小型系统,以园区局域网为主,一个基本的校园网具有以下的特点:

高速的局域网连接——校园网的核心为面向校园内部师生的网络,因此园区局域网是该系统的建设重点,由于参与网络应用的师生数量众多,而且信息中包含大量多媒体信息,故大容量、高速率的数据传输是网络的一项基本要求;
信息结构多样化——校园网应用分为电子教学(多媒体教室、电子图书馆等)、办公管理和远程通讯(远程教学、互联网接入)三大部分内容:电子教学包含大量多媒体信息,办公管理以数据库为主,远程通讯则多为WWW方式,因此数据成分复杂,不同类型数据对网络传输有不同的质量需求;
安全可靠——校园网中同样有大量关于教学和档案管理的重要数据,不论是被损坏、丢失还是被窃取,都将带来极大的损失; 操作方便,易于管理——校园网面向不同知识层次的教师、学生和办公人员,应用和管理应简便易行,界面友好,不宜太过专业化;
经济实用——学校对网络建设的投入有限,因此要求建成的网络应经济实用,具备很高的性能价格比。
陈经伦中学是朝阳区乃至北京市的一所知名学校,作为典型的基础教育学校,该校校园网建设同样具有上述要求和特点。针对陈经伦中学的具体情况,承接此项工程的思科高级认证代理商北京蓝波科技发展公司(北京德胜门外双泉堡甲2号,邮编:100085,电话:68498450,64870926,传真:68498418)将该校园网分为三级结构:以位于图书馆楼内的校园网控制中心为核心;与校园内各建筑(校园内需要联网的建筑物共十座,3座教学楼、2座办公楼、1座综合楼、1座游泳馆、1座图书馆楼和2座宿舍楼)互连形成园区主干;各建筑物内再扩展面向用户的局域网。园区主干连接为100M/1000Mbps,建筑物内部的用户局域网提供到桌面的10/100Mbps网络带宽。

二. 方案设计:


拓扑结构
校园网整体拓扑结构如图1所示。


图1 陈经伦中学校园网拓扑结构图

图中思科系统公司的千兆交换产品Catalyst 3508G XL(8口千兆以太网)和Catalyst 3548 XL(2口千兆,48口10/100M)通过GigaStack千兆堆叠构成校园中心交换机和中心局域网(GigaStack是思科公司独有的千兆堆叠技术,可以在两个或多个3500 XL系列交换机间用廉价的不超过1米的铜线建立千兆高速堆叠,较光纤大大节省成本);各建筑物主交换机选择Catalyst 3524 XL(2口千兆,24口10/100M),中心的3508G和3548堆叠之后还具有八口空余的千兆端口,可与八栋建筑楼的3524作千兆光纤连接,为此除网控中心所在的图书馆楼外,其它九栋建筑采用了八条千兆和一条百兆(一栋办公楼)连接成网络主干;此外,中心3548和各楼3524交换机的10/100M局域网端口可为多台应用服务器提供高速网络连接。这种按需求设计带宽和架构的方式既节省经费,又能充分发挥设备优势,取得最优的整体能价格比。
建筑物内各楼层交换机采用Catalyst 2924 XL(24口10/100M),与本楼主交换机Catalyst 3524 XL通过100Base-TX连接,再以10M或100M连接到用户桌面,必要时还可再下联低端交换机扩展用户数。以综合楼为例(如图2所示),楼内共56个主节点,采用Catalyst 3524 XL和2924 XL、2912 XL(12口10/100M交换机)级联能够满足端口数量需求;楼内各办公区则采用Catalyst 1924(2口100M,24口10M),提供到桌面的10M交换带宽;考虑到各交换机都有多个100M端口,级联时可采用Fast Etherchannel(快速以太网通道)技术,将两交换机的2-4对100M或10/100M端口并行连接起来,使级联带宽成倍增加,同时提供线路冗余,其中任一条链路的断线不会妨碍其它链路继续传输数据,从而保障运行的可靠性。

在整体拓扑图中还可看到,为实现Internet接入和为在家办公、学习的远程用户提供拨号上网服务,校园网中还设立了位于网控中心内的Internet服务中心,采用Cisco 2610路由器(具1个10M以太网接口,2个WAN接口卡和1个支持多种模块的网络插槽)作远程连接,其10M以太网端口与网控中心的局域网相连,另可选配一块具备1个2M广域网串口的接口卡通过DDN专线连接到Internet;再选配一块NM-16AM网络模块,为远程用户提供16口拨号连接。
网络安全及管理
在安全方面,学校采用了集成在路由器2610操作系统中的防火墙功能将校园网分成内外两个部分,内部用户可以通过认证访问外部网和Internet;而未经授权的外部用户将不能穿过防火墙进入内部网,从而避免内部网上核心服务器受到侵害。
考虑到网络设备较多,结构较为复杂,学校还打算在二期工程中加装思科的网管系统Cisco Works Windows来对所有网络设备实施管理--由于整套系统均用到思科网络产品,那么采用同一厂商的网管能够对设备进行更为详尽细致的管理,它拥有思科全套产品的数据库,能够调出各种产品的直观视图,深入到每个物理端口去查询状态信息,其主要功能包括: 自动发现和显示网络的拓扑结构和设备; 生成和修改网络设备配置参数; 网络状态监控; 设备视图管理; Cisco Works Windows基于流行的Windows操作平台,界面友好,易于掌握,能够满足校园网对网管的功能全面而又要方便操作的要求
网络多媒体应用
在这样一种基于Cisco产品的全交换校园网中,带宽充分,并且划分合理,控制有效,不仅传统的校园网服务能应用自如,更为多媒体网络应用打下了良好基础,尤其是可以提供电视会议、影像互动教学、视频点播等多种视频网络服务。
Cisco IP/TV是Cisco公司隆重推出的一套基于TCP/IP协议传递MPEG-I格式的高质量全动态的视频图象、语音及数据的客户/服务器软件系统。该系统由内容管理服务器、内容服务器、客户端软件三大功能模块组成,拥有视频点播、定时广播、现场直播、多视频源广播等功能;它采用了先进的组内广播技术和磁盘优化读取技术,具有单机性能优异、网络传递高效、操作简明快捷、统计分析功能完备等特点,并完全遵从多媒体传输的国际标准RTP/RTCP和RTSP,可运行于各种介质的IP网络之上。陈经伦中学的全交换、高带宽校园网,可以轻松地满足计算机网络上的电视会议、广播领导讲话、电视节目广播与点播、楼宇监控、网上教学、现场实况转播、校园课件点播和广播等多种高标准应用,并且完全可以满足学校提出的网络闭路电视系统的各项要求。
三、 应用小结:


按照以上方案建设的陈经伦中学校园网,在局域网中合理地选择交换产品设计带宽,体现了性能卓越而又经济实用的原则;路由器的加入提供了完善的Internet接入和远程访问服务功能;IP/TV的应用则充分满足了信息多样化的需求;在基本功能实现的基础上,还用到了Fast Etherchannel、集成防火墙、Cisco Works Windows等技术和产品来保障网络的可靠性、安全性和易于管理性。

就已经建立校园网和正在建立校园网的学校而言,网络为教学管理和信息通讯、数据资源共享带来的利益是显而易见的。各校园网的建设经验表明,网络基础设施的建设总是在一定程度上超前于网络资源建设。因此,无论设计何种规模、何种目的的网络,都应在资金允许的范围内,尽可能地设计选用先进的网络设备、技术与方案。目前,陈经纶中学校园网是北京第一家全线基于Cisco产品架构的中学校园网,也是北京市最完整、最先进的中学校园网之一,这充分说明Cisco长期以来保持的技术先进性、产品可靠性,不仅令其高端产品成为大型企业网络的首选,它的中低端产品也是非常适合我国中小学构建校园网应用。




[ 本帖最后由 walk110 于 2007-1-14 12:35 编辑 ]
海盗头子的窝 walk110 发布于2007-01-14 12:00:34
Ping命令不能PING通的种种解惑
   Ping命令不能PING通的种种解惑  

网络工程师都会用到Ping,它是检查路由问题的有效办法。但也常听工程师抱怨:不可能,怎么会不通呢?

  这样的困惑一般发生在自认为路由设置正确的时候。举几个笔者遇到的问题,欢迎大家补充。

  最简单的三种情况:

  1.太心急。即网线刚插到交换机上就想Ping通网关,忽略了生成树的收敛时间。当然,较新的交换机都支持快速生成树,或者有的管理员干脆把用户端口(access port)的生成树协议关掉,问题就解决了。

  2.访问控制。不管中间跨越了多少跳,只要有节点(包括端节点)对ICMP进行了过滤,Ping不通是正常的。最常见的就是防火墙的行为。

  3.某些路由器端口是不允许用户Ping的。

  还遇到过这样的情形,更为隐蔽。

  1.网络因设备间的时延太大,造成ICMP echo报文无法在缺省时间(2秒)内收到。时延的原因有若干,比如线路(卫星网时延上下星为540毫秒),路由器处理时延,或路由设计不合理造成迂回路径。使用扩展Ping,增加timed out时间,可Ping通的话就属路由时延太大问题。

  2.引入NAT的场合会造成单向Ping通。NAT可以起到隐蔽内部地址的作用,当由内Ping外时,可以Ping通是因为NAT表的映射关系存在,当由外发起Ping内网主机时,就无从查找边界路由器的NAT表项了。

  3.多路由负载均衡场合。比如Ping远端目的主机,成功的reply和timed out交错出现,结果发现在网关路由器上存在两条到目的网段的路由,两条路由权重相等,但经查一条路由存在问题。

  4.IP地址分配不连续。地址规划出现问题象是在网络中埋了地雷,地址重叠或掩码划分不连续都可能在Ping时出现问题。比如一个极端情况,A、B两台主机,经过多跳相连,A能Ping通B的网关,而且B的网关设置正确,但A、B就是Ping不通。经查,在B的网卡上还设有第二个地址,并且这个地址与A所在的网段重叠。

  5.指定源地址的扩展Ping。登陆到路由器上,Ping远程主机,当ICMP echo request从串行广域网接口发出去的时候,路由器会指定某个IP地址作为源IP,这个IP地址可能不是此接口的IP或这个接口根本没有IP地址。而某个下游路由器可能并没有到这个IP网段的路由,导致不能Ping通。可以采用扩展Ping,指定好源IP地址。

  当主机网关和中间路由的配置认为正确时,出现Ping问题也是很普遍的现象。此时应该忘掉"不可能"几个字,把Ping的扩展参数和反馈信息、traceroute、路由器debug、以及端口镜像和Sniffer等工具结合起来进行分析。

  比如,当A、B两台主机经过多跳路由器相连时,二者网关设置正确,在A上可以Ping通B,但在B上不能Ping通A。可以通过在交换机做镜像,并用Sniffer抓包,来找出ICMP 报文终止于何处,报文内容是什么,就可以发现ICMP报文中的源IP地址并非预期的那样,此时很容易想象出可能是路由器的NAT功能使然,这样就能够逐步地发现一些被忽视的问题。而Ping不通时的反馈信息是"destination_net_unreachable"还是"timed out"也是有区别的。



[ 本帖最后由 walk110 于 2007-1-14 12:37 编辑 ]
海盗头子的窝 walk110 发布于2007-01-14 12:03:23
  发点下载资料   

[新教材]CCNP 教材下载   
http://www.net130.com/book/cisco ... 0%20Vol.1(2006).rar  CCNP BSCI Student Guide Version 3.0 Vol.1(2006)

http://www.net130.com/book/cisco ... 0%20Vol.2(2006).rar    CCNP BSCI Student Guide Version 3.0 Vol.2(2006)

http://www.net130.com/book/cisco ... 0%20Vol.1(2006).rar    CCNP BCMSN Student Guide Version 3.0 Vol.1(2006)

http://www.net130.com/book/cisco ... 0%20Vol.2(2006).rar    CCNP BCMSN Student Guide Version 3.0 Vol.2(2006)

http://www.net130.com/book/cisco ... 0%20Vol.1(2006).rar     CCNP ISCW Student Guide Version 1.0 Vol.1(2006)

http://www.net130.com/book/cisco ... 0%20Vol.2(2006).rar      CCNP ISCW Student Guide Version 1.0 Vol.2(2006)

http://www.net130.com/book/cisco ... 0%20Vol.1(2006).rar      CCNP ONT Student Guide Version 1.0 Vol.1(2006)

http://www.net130.com/book/cisco ... 0%20Vol.2(2006).rar     CCNP ONT Student Guide Version 1.0 Vol.2(2006)

  Pass4sure for CCNP   


http://www.netsp.com.cn/myupload ... _5_0_06-windows.exe     jre-1_5_0_06-windows.exe

http://www.netsp.com.cn/myupload ... co.642-801.Exam.rar Pass4sure.Cisco.642-801.Exam.rar   

http://www.netsp.com.cn/myupload ... CO.642-811.Exam.rar   Pass4sure.CISCO.642-811.Exam.rar
  
http://www.netsp.com.cn/myupload ... co.642-821.Exam.rar     Pass4sure.Cisco.642-821.Exam.rar  

http://www.netsp.com.cn/myupload ... co.642-831.Exam.rar    Pass4sure.Cisco.642-831.Exam.rar

http://www.netsp.com.cn/myupload ... co.642-891.Exam.rar   Pass4sure.Cisco.642-891.Exam.rar



[ 本帖最后由 walk110 于 2007-1-14 12:52 编辑 ]
海盗头子的窝 walk110 发布于2007-01-14 12:53:51
思科学院最全的电子教材下载
  思科学院最全的电子教材下载   

CCNA/CCDA
 Sybex - CCNA Fast Pass(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34477

Sybex - CCNA Cisco Certified Network Associate Study Guide 5th Edition(2005)
http://www.chinaitlab.com/www/news/article_show.asp?id=34478

Sybex - CCDA Cisco Certified Design Associate Study Guide Second Edition(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34480

Sybex - CCDA Cisco Certified Design Associate Second Edition(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34481

Sybex - CCNA Cisco Certified Network Associate Study Guide Third Edition(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34482


Sybex - CCNA Cisco Certified Network Associate Study Guide Fourth Edition(2004)  
http://www.chinaitlab.com/www/news/article_show.asp?id=34484


Cisco Press - Cisco Networking Academy Program-Engineering Journal and Workbook Volume I,Second Edition(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34485

Cisco Press - Cisco Certified Network Associate Basics Version 2.0(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34488

Cisco Press - Cisco Networking Academy Program-Engineering Journal and Workbook Volume II,Second Edition(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34487

Cisco Press - CCNA INTRO Certification Guid (2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34489

Cisco Press - CCNA ICND 2004
http://www.chinaitlab.com/www/news/article_show.asp?id=34490

Cisco Press - CCDA Certification Guide(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34491

Cisco Press - CCDA Certification Guide Second Edition(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34492

----------------------------------------
CCNP/CCDP
Cisco Press - CCNP Building Cisco Multilayer Switched Networks Student Guide Version 2.0(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34524

Cisco Press - CCNP Building Scalable Cisco Internetworks Student Guide Version 2.0(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34522

Cisco Press - CCNP Cisco Internetwork Troubleshooting Student Guide Version 5.0(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34521

Cisco Press - CCNP Cisco Internetwork Troubleshooting Student Guide Version 5.1(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34519

Cisco Press - CCNP CIT(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34518

Cisco Press - CCNP Practical Studies-Routing(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34517

Cisco Press - CCNP Remote Access Exam Certification Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34516

Cisco Press - CCNP Routing Exam Certification Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34515

Cisco Press - CCNP Self-Study BCRAN Exam Certification Guide Second Edition(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34514


Cisco Press - CCNP Self-Study CCNP BCMSN Exam Certification Guide(2004)  
http://www.chinaitlab.com/www/news/article_show.asp?id=34513

Cisco Press - CCNP Self-Study CCNP BSCI Exam Certification Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34510

Cisco Press - CCNP Self-Study CCNP BSCI Exam Certification Guide Third Edition(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34512

Cisco Press - CCNP Self-Study CIT Exam Certification Guide Second Edition(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34509

Cisco Press - CCNP Support Exam Certification Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34507

Que - CCNP CIT Exam Cram 2 (2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34504

Cisco Press - CCNP Switching Exam Certication Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34505

Sybex - CCNP BCMSN 642-811
http://www.chinaitlab.com/www/news/article_show.asp?id=34503

Sybex - CCNP BCRAN 642-821
http://www.chinaitlab.com/www/news/article_show.asp?id=34502

Sybex - CCNP Building Cisco Multilayer Switched Networks Study Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34500

Sybex - CCNP BSCI 642-801
http://www.chinaitlab.com/www/news/article_show.asp?id=34501

Sybex - CCNP CIT 642-831
http://www.chinaitlab.com/www/news/article_show.asp?id=34499

Sybex - CCNP Remote Access Study Guide(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34498

Sybex - CCNP Routing Study Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34497

Sybex - CCNP Support Study Guide(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34496

Cisco Press - CCNP Building Cisco Remote Access Networks Student Guide Version 2.0(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34523

TestKing - Study Guide Building Cisco Remote Access Networks v2.0
http://www.chinaitlab.com/www/news/article_show.asp?id=34495

Sybex - CCNP Switching Study Guide(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34494

-------------------------------------------------------
CCSP
Cisco Press - CCSP CSI Self-Study CSI Exam Certification Guide(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34551

Cisco Press - CCSP CSIDS Cisco Secure Intrusion Detection Student Guide Version4.0(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34550

Cisco Press - CCSP CSIDS Cisco Secure Intrusion Detection Systems Volume I Student Guide Version3.0(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34549

Cisco Press - CCSP CSIDS Cisco Secure Intrusion Detection Systems Volume II Student Guide Version3.0(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34548


Cisco Press - CCSP CSPFA Cisco Secure PIX Firewall Advanced Student Guide Version2.1(2002)  
http://www.chinaitlab.com/www/news/article_show.asp?id=34547

Cisco Press - CCSP CSPFA Cisco Secure PIX Firewall Advanced Student Guide Version3.2(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34546


Cisco Press - CCSP CSPFA Self-Study Cisco Secure PIX Firewall Advanced Exam Certification Guide(2003)  
http://www.chinaitlab.com/www/news/article_show.asp?id=34545

Cisco Press - CCSP CSVPN Self-Study Cisco Secure VPN Exam Certification Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34543

Cisco Press - CCSP CSVPN Cisco Secure Virtual Private Networks Student Guide Version4.0(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34544

Cisco Press - CCSP EVODD Enterprise Voice over Data Design Student Guide Version3.3(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34542

Cisco Press - CCSP SECUR Securing Cisco IOS Networks Student Guide Version1.1(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34541

Sybex - CCSP SECUR Securing Cisco IOS Networks Study Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34539

Testking - Study Guide Cisco SAFE Implementations Version1.0
http://www.chinaitlab.com/www/news/article_show.asp?id=34537

Syngress - Cisco Security Professional's Guide to PIX Firewalls(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34538

Syngress - Cisco Security Professional's Guide to Secure Intrusion Detection Systems(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34536


Cisco Press - CCSP CSI Cisco SAFE Implementation Student Guide Version2.0(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34553
-----------------------------------------------------------------
CCIE
Sybex - CCIE Cisco Certified Internetwork Expert Study Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34559

Cisco Press - CCIE Professional Development-Inside Cisco IOS Software Architecture(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34581

Cisco Press - CCIE Self-Study CCIE Security Exam Certification Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34580

Cisco Press - CCIE Fundamentals-Network Design
http://www.chinaitlab.com/www/news/article_show.asp?id=34579

Cisco Press - CCIE Practical Studies Volume I(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34578

Cisco Press - CCIE Practical Studies Volume I(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34577

Cisco Press - CCIE Practical Studies Volume II(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34576


Cisco Press - CCIE Professional Development BGP 4 Command and Configuration Handbook(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34575


Cisco Press - CCIE Professional Development Cisco LAN Switching(1999)
http://www.chinaitlab.com/www/news/article_show.asp?id=34574

Cisco Press - CCIE Professional Development Large-Scale IP Network Solutions(1999)
http://www.chinaitlab.com/www/news/article_show.asp?id=34573

Cisco Press - CCIE Professional Development Network Security Principles and Practices(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34572

Cisco Press - CCIE Professional Development OSPF Command and Configuration Handbook(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34571

Cisco Press - CCIE professional Development-Advanced IP Network Design(1999)
http://www.chinaitlab.com/www/news/article_show.asp?id=34570

Cisco Press - CCIE Professional Development-Routing TCP IP Volume II(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34568

Cisco Press - CCIE Professional Development-Routing TCP IP Volume I(1998)
http://www.chinaitlab.com/www/news/article_show.asp?id=34569

Cisco Press - CCIE professional Development-Troubleshooting IP Routing Protocols(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34567

Cisco Press - CCIE Routing and Switching Exam Certification Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34566

Cisco Press - CCIE Security Student Guide Volume 1(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34565

Cisco Press - CCIE Self Study CCIE Practical Studies Volume I(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34564

Cisco Press - CCIE Self Study CCIE Practical Studies Volume II(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34563

Cisco Press - CCIE Self Study CCIE Security Practice Labs(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34562

Cisco Press - Cisco CCIE Fundamentals-Case Studies
http://www.chinaitlab.com/www/news/article_show.asp?id=34561

Cisco Press - The definitive BGP resource-Internet Routing Architectures Second Edition(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34560

----------------------------------------------
CCIP
Cisco Press - Configuring BGP on Cisco Routers Volume 3 Student Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34557

Cisco Press - Traffic Engineering with MPLS(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34555

Cisco Press - MPLS and VPN Architectures(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=34556

Sybex Press - CCIP MPLS Study Guide(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=34554
------------------------------------------------------
SP
Planet3 - Certified Wireless Network Administrator Offical Study Guide
http://www.chinaitlab.com/www/news/article_show.asp?id=34527

Cisco Press - AWLF-Aironet Wireless LAN Fundamentals Volume 1 Version3.1 Student Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34535

Cisco Press - CVOICE Cisco Voice over IP Student Guide Version4.1(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34534

Cisco Press - IP Telephony Self-Study Cisco DQOS Exam Certification Guide(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34531


Cisco Press - IP Telephony Self-Study Cisco QOS Exam Certification Guide,Second Edition(2005)  
http://www.chinaitlab.com/www/news/article_show.asp?id=34530

Cisco Press - IP Telephony Unveiled(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=34529

Cisco Press - UCSA-Cisco Unified Communications System Administration Version1.1 Student Guide(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=34528

Syngress - Cisco AVVID and IP Telephony Design&Implementation(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=34526
-------------------------------------------------------------
配置手册
WAN CiscoView for the MGX 8220 V2(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=36568

Multiprotocol Label Switching on Cisco Routers
http://www.chinaitlab.com/www/news/article_show.asp?id=36567

mpls vpn configuration and design guide
http://www.chinaitlab.com/www/news/article_show.asp?id=36566

IP telephoney Qos design Guide
http://www.chinaitlab.com/www/news/article_show.asp?id=36565

Configuring Routing Information Protocol
http://www.chinaitlab.com/www/news/article_show.asp?id=36564

Configuring OSPF
http://www.chinaitlab.com/www/news/article_show.asp?id=36563

Configuring On-Demand Routing
http://www.chinaitlab.com/www/news/article_show.asp?id=36562

Configuring Multiprotocol BGP Extensions for IP Multicast
http://www.chinaitlab.com/www/news/article_show.asp?id=36561

Configuring IP Routing Protocol-Independent Features
http://www.chinaitlab.com/www/news/article_show.asp?id=36560

Configuring IP Enhanced IGRP
http://www.chinaitlab.com/www/news/article_show.asp?id=36559

Configuring Integrated IS-IS
http://www.chinaitlab.com/www/news/article_show.asp?id=36558

Configuring IGRP
http://www.chinaitlab.com/www/news/article_show.asp?id=36557

Configuring BGP
http://www.chinaitlab.com/www/news/article_show.asp?id=36556

Cisco Technical Solution Series-IP Telephony Solution Guide V2.1(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36555

Cisco Multiservice Broadband Cable Guide
http://www.chinaitlab.com/www/news/article_show.asp?id=36554

Cisco MPLS Controller Software Configuration Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36553

Cisco IP Telephony - Network Design Guide Cisco CallManager Release 3.0(5)
http://www.chinaitlab.com/www/news/article_show.asp?id=36552

Cisco IP SoftPhone User Guide Version 1.3(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=36551

Cisco IOS 12.2 Security Command Reference(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36550

Cisco Content Services Switch Getting Started Guide V4.01(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=36549

Cisco Content Services Switch Basic Configuration Guide V4.01(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=36548

Cisco BPX 8600 Series Installation and Configuration(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36547

Cisco AAA Implementation Case
http://www.chinaitlab.com/www/news/article_show.asp?id=36501

Cisco PIX 6.0 Firewall Configuration Guide(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36500

Catalyst 2950 2955 Switch Command Reference(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=36499
--------------------------------------------------
Cisco教材
Cisco Press - Top-Down Network Design 2nd Edition(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=36546

Cisco Press - The Road to IP Telephony How Cisco Systems Migrated from PBX to IP Telephony(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=36545

Cisco Press - SAFE Extending the Security Blueprint to Small Midsize and Remote-User Networks(2001)
http://www.chinaitlab.com/www/news/article_show.asp?id=36544


Cisco Press - Routing First-Step(2004)  
http://www.chinaitlab.com/www/news/article_show.asp?id=36543

Cisco Press - Network Sales and Services Handbook(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=36542

Cisco Press - Network Consultants Handbook
http://www.chinaitlab.com/www/news/article_show.asp?id=36541

Cisco Press - Metro Ethernet(2003)
http://www.chinaitlab.com/www/news/article_show.asp?id=36540

Cisco Press - IS-IS Network Design Solutions(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=36539

Cisco Press - Internet Routing Architechtures 2nd(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=36537

Cisco Press - Interdomain Multicast Solutions Guide(2002)
http://www.chinaitlab.com/www/news/article_show.asp?id=36536

Cisco Press - Cisco Router Configuration Second Edition(2000)
http://www.chinaitlab.com/www/news/article_show.asp?id=36535

Cisco Press - Cisco Network Design Solutions for Small-Medium Businesses(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=36534

Cisco Press - Cisco LAN Switching Fundamentals(2004)
http://www.chinaitlab.com/www/news/article_show.asp?id=36533

Cisco Press - Cisco Internetworks Troubleshooting
http://www.chinaitlab.com/www/news/article_show.asp?id=36530

Cisco Press - Cisco Catalyst QoS-Quality of Service in Campus Networks
http://www.chinaitlab.com/www/news/article_show.asp?id=36529




打不死的老巢 打不死 发布于2007-01-14 14:52:59
基于時間的ACL是很難作的
他是CISCO新加上來的內容
CISCO現在的IOS慢慢的將取消eigrip和IGRP
通別的網絡設備能同時使用
但是現在3大巨頭的設備還是不能一起使用
海盗头子的窝 walk110 发布于2007-01-14 17:57:32

QUOTE:

原帖由 打不死 于 2007-1-14 14:52 发表
基于時間的ACL是很難作的
他是CISCO新加上來的內容
CISCO現在的IOS慢慢的將取消eigrip和IGRP
通別的網絡設備能同時使用
但是現在3大巨頭的設備還是不能一起使用
怎么说了


三 大巨头设备要想兼容,那得  他们合并后吧。。他们为了各自的利益。。一定会有所限制的

我个人觉得。。。
IGRP  不错的。。
只是。 。。EIGRP  暂时不是很好使用。。。
打不死的老巢 打不死 发布于2007-01-14 18:27:05

QUOTE:

原帖由 walk110 于 2007-1-14 17:57 发表


怎么说了


三 大巨头设备要想兼容,那得  他们合并后吧。。他们为了各自的利益。。一定会有所限制的

我个人觉得。。。
IGRP  不错的。。
只是。 。。EIGRP  暂时不是很好使用。。。
IGRP 也是CISCO独有的  别的设备也不支持
RIP出第二代了 也支持VLSM但是不知道跳数和更新时间有没有改变
大一点的网络都用OSPF
csformat csformat 发布于2007-01-14 20:03:54
靠~~你们这帮牛人都在哪实践的???

愤愤的羡慕ing中
打不死的老巢 打不死 发布于2007-01-14 21:17:10

QUOTE:

原帖由 csformat 于 2007-1-14 20:03 发表
靠~~你们这帮牛人都在哪实践的???

愤愤的羡慕ing中
我们学校有CISCO实验室和锐捷实验室
海盗头子的窝 walk110 发布于2007-01-15 11:32:45

QUOTE:

原帖由 打不死 于 2007-1-14 21:17 发表

我们学校有CISCO实验室和锐捷实验室
我 以前在学校用的是模拟器模拟的思科的。华为的我就直接拿学校机房的操作!!!
哈哈~~~~~~~~
思科的还很多的没弄懂。。。。。。
逆水阁 y185209030 发布于2007-01-16 05:03:58
晕死这么专业也要我们看??
changshijia发布于2007-01-16 11:30:42
值得收藏. 好好学习一下.
hobo的个人空间 hobo 发布于2007-01-16 14:30:58

QUOTE:

原帖由 walk110 于 2007-1-15 11:32 发表



我 以前在学校用的是模拟器模拟的思科的。华为的我就直接拿学校机房的操作!!!
哈哈~~~~~~~~
思科的还很多的没弄懂。。。。。。
华为的比CISCO的容易上手
操作也简单
同样做一个NAT华为就比CISCO少好几条
younger98发布于2007-01-24 11:05:15
中国IT实验室



一看就知道了
抄水表的人发布于2007-01-31 14:29:29
不错,只是好象不是很全嘛
我来说两句

(可选)

日历

« 2008-11-01  
      1
2345678
9101112131415
16171819202122
23242526272829
30      

数据统计

  • 访问量: 1634
  • 日志数: 25
  • 图片数: 5
  • 建立时间: 2006-11-22
  • 更新时间: 2007-03-03

RSS订阅

Open Toolbar