html博客页面实验报告,×××实验报告
1.1實驗任務
在路由器組上配置×××
1.2實驗環(huán)境和網絡拓撲
1.3完成標準
(1)按照拓撲配置路由,保證網絡的連通性
(2)在R2和R3上配置×××,并檢查×××配置
2.詳細操作步驟
Step 1:配置接口、路由并檢查網絡連通性
(1)配置各交換機的接口和路由
路由器R1配置如下:
R1(config)#int f1/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
*Dec 27 16:36:52.115: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed stat
o up
*Dec 27 16:36:53.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEth
et1/0, changed state to up
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
路由器R2配置如下:
R2(config)#int f1/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Dec 27 16:37:12.027: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed stat
o up
*Dec 27 16:37:13.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEth
et1/0, changed state to up
R2(config-if)#int f1/1
R2(config-if)#ip add 202.193.1.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#
*Dec 27 16:37:31.347: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed stat
o up
*Dec 27 16:37:32.347: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEth
et1/1, changed state to up
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 202.193.1.2
路由器R3配置如下:
R3(config)#int f1/1
R3(config-if)#ip add 202.193.1.2 255.255.255.0
R3(config-if)#no shut
R3(config-if)#
*Dec 27 16:37:49.923: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed stat
o up
*Dec 27 16:37:50.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEth
et1/1, changed state to up
R3(config-if)#int f1/0
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R3(config-if)#no shut
R3(config-if)#
*Dec 27 16:38:14.075: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed stat
o up
*Dec 27 16:38:15.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEth
et1/0, changed state to up
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 202.193.1.1
路由器R4配置如下:
R4(config)#int f1/0
R4(config-if)#ip add 192.168.2.2 255.255.255.0
R4(config-if)#no shut
R4(config-if)#
*Dec 27 16:38:31.963: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state t
o up
*Dec 27 16:38:32.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et1/0, changed state to up
R4(config-if)#exit
R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.1
(2)連通性測試
路由器R1連通性測試如下:
R1(config)#do ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 80/115/176 ms
路由器R4連通性測試如下:
R4(config)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/77/140 ms
Step 2:配置路由器的×××
(1)配置路由器R2和R3上的×××
路由器R2配置如下:
R2(config)#crypto isakmp enable//啟動IKE
R2(config)#crypto isakmp policy 1//建立IKE協(xié)商策略1
R2(config-isakmp)#authentication pre-share//使用預定義秘鑰
R2(config-isakmp)#encryption des//加密算法DES
R2(config-isakmp)#hash md5//認證算法MD5
R2(config-isakmp)#lifetime 3600//SA的活動時間3600秒
R2(config-isakmp)#crypto isakmp key keywang address 202.193.1.2
//設置共享秘鑰keywang和對端IP地址
R2(config)#crypto ipsec transform-set setwang ah-md5-hmac esp-des
//設置名為setwang的傳輸模式集為AH驗證、ESP加密
R2(cfg-crypto-trans)#exit
R2(config)#access-list 101 permit ip any any
//配置保護訪問控制列表101允許IP協(xié)議通過所有
R2(config)#crypto map mapwang 1 ipsec-isakmp
//創(chuàng)建名為mapwang序列優(yōu)先級1的Crypto maps
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
//提示:這個新的Crypto map將保持未啟動,直到一個對端或存在的訪問列表被設置好
R2(config-crypto-map)#match address 101//配對ACL號101
R2(config-crypto-map)#set peer 202.193.1.2//設置對端IP地址
R2(config-crypto-map)#set transform-set setwang//設置傳輸模式名稱setwang
R2(config-crypto-map)#exit
R2(config)#int f1/1
R2(config-if)#crypto map mapwang//應用Crypto Mapsmapwang到接口
R2(config-if)#
*Dec 27 16:49:03.135: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
//網絡安全聯(lián)盟密鑰管理協(xié)議啟動
R2(config-if)#exit
路由器R3配置如下:
R3(config)#crypto isakmp enable
R3(config)#crypto isakmp policy 1
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#encryption des
R3(config-isakmp)#hash md5
R3(config-isakmp)#lifetime 3600
R3(config-isakmp)#crypto isakmp key keywang address 202.193.1.1
R3(config)#crypto ipsec transform-set setwang ah-md5-hmac esp-des
R3(cfg-crypto-trans)#exit
R3(config)#access-list 101 permit ip any any
R3(config)#crypto map mapwang 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
R3(config-crypto-map)#match address 101
R3(config-crypto-map)#set peer 202.193.1.1
R3(config-crypto-map)#set transform-set setwang
R3(config-crypto-map)#exit
R3(config)#int f1/1
R3(config-if)#crypto map mapwang
R3(config-if)#
*Dec 27 16:54:27.799: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R3(config-if)#exit
(2)檢查×××設置
路由器R2設置如下:
R2(config)#do show crypto isakmp policy//查看IKE策略
Global IKE policy
Protection suite of priority 1//優(yōu)先級1的保護套件
encryption algorithm:DES - Data Encryption Standard (56 bit keys).
//加密算法:DES –標準數據加密(56 bit密鑰)
hash algorithm:Message Digest 5
//驗證算法:MD5
authentication method: Pre-Shared Key
//認證方法:預定義密鑰
Diffie-Hellman group:#1 (768 bit)
lifetime:3600 seconds, no volume limit
//活動時間:3600秒,沒有容量限制
Default protection suite
encryption algorithm:DES - Data Encryption Standard (56 bit keys).
hash algorithm:Secure Hash Standard
authentication method:Rivest-Shamir-Adleman Signature
Diffie-Hellman group:#1 (768 bit)
lifetime:86400 seconds, no volume limit
R2(config)#do show crypto ipsec transform-set//查看IPSec策略
Transform set setwang: { ah-md5-hmac}//傳輸集設置setwang {AH驗證}
will negotiate = { Tunnel,},//將協(xié)商={通道, }
{ esp-des}//{ESP加密}
will negotiate = { Tunnel,},
R2(config)#do show crypto ipsec sa//查看SA信息
interface: FastEthernet1/1//接口F1/1
Crypto map tag: mapwang, local addr. 202.193.1.1
//Crypto Map標簽:mapwang,本地地址:202.193.1.1
protected vrf://保護的vrf成員
localident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)//本地鑒定
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)//偏遠鑒定
current_peer: 202.193.1.2:500//當前對端:202.193.1.2:500
PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
//允許,標記={ACL初始,SA請求的發(fā)送}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0//包封裝/包加密/包分類
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 202.193.1.1, remote crypto endpt.: 202.193.1.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet1/1
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
protected vrf:
localident (addr/mask/prot/port): (202.193.1.1/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer: 202.193.1.2:500
PERMIT, flags={}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 202.193.1.1, remote crypto endpt.: 202.193.1.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet1/1
current outbound spi: B65DE175
inbound esp sas:
spi: 0x8966F923(2305227043)
transform: esp-des ,
in use settings ={Tunnel, }
slot: 0, conn id: 2002, flow_id: 1, crypto map: mapwang
sa timing: remaining key lifetime (k/sec): (4413499/3588)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
spi: 0xAACACE76(2865417846)
transform: ah-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: mapwang
sa timing: remaining key lifetime (k/sec): (4413499/3588)
replay detection support: Y
inbound pcp sas:
outbound esp sas:
spi: 0xB65DE175(3059605877)
transform: esp-des ,
in use settings ={Tunnel, }
slot: 0, conn id: 2003, flow_id: 2, crypto map: mapwang
sa timing: remaining key lifetime (k/sec): (4413499/3588)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
spi: 0x61C0644B(1639998539)
transform: ah-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: mapwang
sa timing: remaining key lifetime (k/sec): (4413499/3586)
replay detection support: Y
outbound pcp sas:
R2(config)#do show crypto map//查看加密映射
Crypto Map "mapwang" 1 ipsec-isakmp
Peer = 202.193.1.2
Extended IP access list 101
access-list 101 permit ip any any
Current peer: 202.193.1.2
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
setwang,
}
Interfaces using crypto map mapwang:
FastEthernet1/1
總結
以上是生活随笔為你收集整理的html博客页面实验报告,×××实验报告的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: jquery html data属性,j
- 下一篇: 计算机专业大学生每天睡多久,大学生睡眠时