关于IBM路由器动态IP地址的配置

发布时间:2016-12-12 00:00:00 编辑:嘉辉 手机版

  IBM路由器在MRS 3.3版本之后提供了对于动态IP地址的支持。动态地址具有以下3个方面的作用,一起和小编来看看吧:

   提供了路由器通过IPCP取得PPP端口IP地址的能力。

   如果IPCP同时提供 DNS 的信息,DHCP客户端也可以得到这些信息。

   动态更新IP 访问控制,这样定义的filter就可以用于NAT/NAPT。

  动态IP的功能使 IBM 路由器具备连接ISP并从ISP取得IP地址的能力,而不必事先知道IP地址

  动态IP地址的设置

  我们下面将通过一个例子来说明动态IP地址的具体配置。在这个例子中我们将同时配置 isp端和客户端的路由器。动态 IP 将在客户端的路由器上配置,客户端路由器会从isp端的路由器取得公网的IP地址。并且客户端路由器也激活了DHCP服务器和NAT功能。

  ISP 端路由器的配置

  设置系统名为isp。

  添加Token ring 接口。

  Config (only)>set hostname isp

  Host name updated successfully

  Config (only)>add device tr-2

  Device Slot #(1-4) [1]?

  Device Port #(1-2) [1]?

  Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

  Use "net 4" to configure 2-port IBM Token Ring parameters

  设置 WAN 口,使其支持远程拨入。

  在WAN口上添加dial-in circuit。

  Config (only)>set data v34 2

  Config (only)>add device dial-in

  Enter the number of PPP Dial-in Circuit interfaces [1]?

  Adding device as interface 5

  Defaulting data-link protocol to PPP

  Base net for this circuit [0]? 2

  Enable as a Multilink PPP link? [no]

  Disabled as a Multilink PPP link.

  Add more dial circuit interface(s)?(Yes or [No]):

  Use "set data-link" command to change the data-link protocol

  Use "net " command to configure dial circuit parameters

  添加远程拨入的ppp用户 ’aaa’。

  onfig (only)>add ppp-user

  Enter name: []? aaa

  Password:

  Enter again to verify:

  Allow inbound access for user? (Yes, No): [Yes]

  Will user be tunneled? (Yes, No): [No]

  Is this a ’DIALs’ user? (Yes, No): [Yes]

  Type of route? (hostroute, netroute): [hostroute]

  Number of days before account expires [0-1000] [0]?

  Number of grace logins allowed after an expiration [0-100] [0]?

  IP address: [0.0.0.0]?

  Enter hostname: []?

  Allow virtual connections? (Yes, No): [No]

  Give user default time allotted ? (Yes, No): [Yes]

  Enable callback for user? (Yes, No): [No]

  Will user be able to dial-out ? (Yes, No): [No]

  Set ECP encryption key for this user? (Yes, No): [No]

  Disable user ? (Yes, No): [No]

  PPP user name: aaa

  User IP address: Interface Default

  Netroute Mask: 255.255.255.255

  Hostname:

  Virtual Conn: disabled

  Time alotted: Box Default

  Callback type: disabled

  Dial-out: disabled

  Status: enabled

  Account Expiry:

  Password Expiry:

  Is information correct? (Yes, No, Quit): [Yes]

  User ’aaa’ has been added

  设置 IPCP 使拨入端口向远端客户端发送IP 地址。

  Config (only)>n 5

  Circuit configuration

  isp Dial-in Circuit config: 5>enc

  Point-to-Point user configuration

  isp PPP 5 Config>set ipcp

  IP COMPRESSION [no]:

  Request an IP address [no]:

  Send our IP address [no]: y

  Note: unnumbered interface addresses will not be sent.

  Interface remote IP address to offer if requested (0.0.0.0 for none)

  [0.0.0.0]? 9.1.1.1

  isp PPP 5 Config>exit

  isp Dial-in Circuit config: 5>exit

  设置token ring 端口的IP地址

  设置dial in circuit 端口的IP地址

  Config (only)>p ip

  Internet protocol user configuration

  isp IP config>add add 4 192.1.1.254 255.255.255.0

  isp IP config>add add 5 9.1.1.2 255.255.255.255

  isp IP config>ena arp-subnet-routing

  isp IP config>exit

  设置发到客户端的DNS 的IP 地址。

  Config (only)>fea dials

  Dial-in Access to LANs global configuration

  isp DIALs config>set enable dynamic

  isp DIALs config>set dns primary

  Primary Domain Name Server (DNS) address [0.0.0.0]? 192.1.1.240

  isp DIALs config>exit

  客户端路由器的配置:

  设置系统名为client.

  添加token ring 接口

  设置WAN 口并连接V34 modem.

  在WAN口上添加dial circuit

  Config (only)>set host client

  Config (only)>add device tr-2

  Device Slot #(1-4) [1]?

  Device Port #(1-2) [1]?

  Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

  Use "net 4" to configure 2-port IBM Token Ring parameters

  config (only)>set data v34

  Interface Number [0]? 2

  Config (only)>add device dial

  Base net for the circuit(s) [0]? 2

  Enter the number of PPP Dial Circuit interfaces [1]?

  Adding device as interface 5

  Defaulting data-link protocol to PPP

  Add more dial circuit interface(s)?(Yes or [No]):

  Use "set data-link" command to change the data-link protocol

  在token ring 端口上添加 IP地址

  在dial circuit 端口上添加 IP地址

  添加通过 dial circuit 端口的缺省路由。

  在dial circuit 端口上激活动态 IP

  Config (only)>p ip

  Internet protocol user configuration

  client IP config>add add 4 192.168.89.254 255.255.255.0

  client IP config>add add 5 0.0.0.5 255.255.255.255

  client IP config>add router 0.0.0.0 0.0.0.0 0.0.0.5

  Cost [1]?

  client IP config>enable dynamic

  Interface address []? 0.0.0.5

  client IP config>exit

  激活 DHCP 服务器功能

  添加token ring 端口的IP子网掩码。

  添加源DNS 的IP 地址。

  Config (only)>fea dhcp

  DHCP Server user configuration

  client DHCP Server config>enable dhcp-server

  client DHCP Server config>add subnet subnet1

  Enter the IP subnet []? 192.168.89.0

  Enter the IP subnet mask [255.255.255.0]?

  Enter start of IP address range [192.168.89.1]?

  Enter end of IP address range [192.168.89.31]?

  Enter the subnet group name []?

  Subnet record with name subnet1 has been added

  Simple Internet Access config updated with subnet addition.

  client DHCP Server config>add option subnet subnet1 1 255.255.255.0

  client DHCP Server config>add option subnet subnet1 3 192.168.89.254

  client DHCP Server config>add option subnet subnet1 6 0.0.0.5

  client DHCP Server config>list option subnet subnet1 all

  option option

  code data

  ---------------------------------------------------------------

  1 255.255.255.0

  3 192.168.89.254

  6 0.0.0.5

  client DHCP Server config>exit

  添加远端的 V34地址。

  在dial circuit 端口上配置目的端信息

  在 dial circuit 端口上配置出去的设置

  设置为不检查LID

  Config (only)>add v34-add

  Assign address name [1-23] chars []? remote

  Assign network dial address [1-30 digits] []? 9,3013461

  Config (only)>n 5

  client Circuit config: 5>set destination remote

  client Circuit config: 5>set call out

  client Circuit config: 5>set lids no

  client Circuit config: 5>list all

  Base net = 2

  Destination name = remote

  Circuit priority = 8

  Destination address:subaddress = 9,3013461

  Outbound calls = allowed

  Idle timer = 60 sec

  SelfTest Delay Timer = 150 ms

  LIDs used = No

  设置 IPCP 以从远端取得 IP 地址

  设置用户名为 ’aaa’.

  设置 MTU 的值

  client Circuit config: 5>encapsulator

  Point-to-Point user configuration

  client PPP 5 Config>set ipcp

  IP COMPRESSION [no]:

  Request an IP address [no]: y

  Interface remote IP address to offer if requested (0.0.0.0 for none) [0.0.0.0]?

  client PPP 5 Config>set nam

  Enter Local Name: []? aaa

  Password:

  Enter password again:

  PPP Local Name = aaa

  client PPP 5 Config>set lcp option

  Maximum Receive Unit (bytes) [2044]? 1500

  Magic Number [yes]:

  Peer-to-Local Async Control Character Map (RX ACCM) [A0000]?

  Protocol Field Compression(PFC) [no]:

  Addr/Cntl Field Compression(ACFC) [no]:

  client PPP 5 Config>exit

  client Circuit config: 5>exit

  设置NAT:

  保留所有的IP 流量。

  Config (only)>feature nat

  Network Address Translation (NAT) user configuration

  client NAT config>reserve

  Dynamically allocate address via IPCP? [No]: yes

  Network number to get dynamic address. [0]? 5

  Reserve Pool name..................... [simple-net]? clien-nat

  Complete! NAT Reserve Pool defined.

  NOTE: The associated TRANSLATE RANGE for this RESERVE POOL

  must still be configured.

  It must have a pool name of: client-nat

  NOTE: You must have a corresponding INBOUND IP Access Control rule

  applied to your designated NAT interface.

  The rule should include the following information:

  Type=IN (include + NAT)

  DESTINATION_Addr=0.0.0.0

  DESTINATION_Mask=0.0.0.0

  将私有地址翻译为公网地址

  client NAT config>translate

  Base (private) IP address to translate [0.0.0.0]? 192.168.89.0

  Translate Range mask.................. [255.255.255.0]?

  Associated Reserve Pool name.......... [client-nat]?

  Complete! NAT Translate Range defined.

  NOTE: The associated RESERVE POOL for this TRANSLATE RANGE has been found.

  NOTE: You must have a corresponding OUTBOUND IP Access Control rule

  applied to your designated NAT interface.

  The rule should include the following information:

  Type=IN (include + NAT)

  SOURCE_Addr=192.168.89.0

  SOURCE_Mask=255.255.255.0

  NAT config>list all

  NAT Globals:

  Current State TCP Timeout Non-TCP Timeout

  ENABLED 24:00:00 0:01:00

  NAT Reserve Pool(s):

  Index First Address Reserve Mask Size NAPT Address Pool Name

  1 Dynamic 255.255.255.255 1 FromNet: 5 client-nat

  NAT Translate Range(s):

  Index Base Address Range Mask Associated Reserve Pool

  1 192.168.89.0 255.255.255.0 client-nat

  NAT Static Mapping(s):

  Index Private Address//Port Public Address//Port

  None.

  NAT config>exit

  IP filter 的设置:

  激活访问控制。

  添加向内的包过滤

  添加向外的包过滤

  针对NAT 更新包过滤

  重起客户端路由器。

  Config (only)>p ip

  Internet protocol user configuration

  client IP config>set acc on

  client IP config>add packet-filter

  Packet-filter name []? inbound

  Filter incoming or outgoing traffic? [IN]?

  Which interface is this filter for [0]? 5

  client IP config>add packet-filter

  Packet-filter name []? outbound

  Filter incoming or outgoing traffic? [IN]? out

  Which interface is this filter for [0]? 5

  client IP config>update packet

  Packet-filter name []? inbound

  client Packet-filter ’inbound’ Config>add access

  Access Control type [E]? n

  Internet source [0.0.0.0]?

  Source mask [0.0.0.0]?

  Internet destination [0.0.0.0]?

  Destination mask [0.0.0.0]?

  Starting protocol number ([0] for all protocols) [0]?

  Starting DESTINATION port number ([0] for all ports) [0]?

  Starting SOURCE port number ([0] for all ports) [0]?

  Filter on ICMP Type ([-1] for all types) [-1]?

  TOS/Precedence filter mask (00-FF - [0] for none) [0]?

  TOS/Precedence modification mask (00-FF - [0] for none) [0]?

  Use policy-based routing? [No]:

  Enable logging? [No]:

  client Packet-filter ’inbound’ Config>exit

  client IP config>update packet

  Packet-filter name []? outbound

  client Packet-filter ’outbound’ Config>add access

  Access Control type [E]? n

  Internet source [0.0.0.0]? 192.168.89.0

  Source mask [255.255.255.0]?

  Internet destination [0.0.0.0]?

  Destination mask [0.0.0.0]?

  Starting protocol number ([0] for all protocols) [0]?

  Starting DESTINATION port number ([0] for all ports) [0]?

  Starting SOURCE port number ([0] for all ports) [0]?

  Filter on ICMP Type ([-1] for all types) [-1]?

  TOS/Precedence filter mask (00-FF - [0] for none) [0]?

  TOS/Precedence modification mask (00-FF - [0] for none) [0]?

  Enable logging? [No]:

  client Packet-filter ’outbound’ Config>exit

  client IP config>exit

  Config (only)>restart y y

  本实验的监测

  将工作站连接到客户端路由器上。V34 modem 会拨号连接ISP路由器。

  配置Windows 95 工作站动态取得IP地址,重起。

  键入C:>winipcfg 检查获得的IP地址是否正确。

  检查 NAT状态。

  client +fea nat

  client NAT>list all

  NAT Globals:

  Current State TCP Timeout Non-TCP Timeout Memory Usage (in bytes)

  ENABLED 24:00:00 0:01:00 312

  NAT Statistics:

  Requests : Passes Drops Holds

  790 : 720 70 0

  NAT Reserve Pool(s):

  Reserve Pool Pool Size NAPT Address 1st Available Address

  client-nat 0 9.1.1.1 None

  ------------------------------------------------------------

  Number of Reserve Pools using NAPT.....: 1

  Number of configured Reserved Addresses: 0

  NAT Translate Range(s):

  Base Address Range Mask Associated Reserve Pool

  192.168.89.0 255.255.255.0 client-nat

  NAT Address Binding(s):

  Private Address//Port Public Address//Port Bind Type Entry Age

  192.168.89.2 512 9.1.1.1 512 DYNAMIC 0:00:00

  192.168.89.3 1073 9.1.1.1 1073 DYNAMIC 0:00:31

  192.168.89.3 1074 9.1.1.1 1074 DYNAMIC 0:00:02

  NAT TCP Session(s):

  Private Address//Port Public Address//Port TCP State Data Delta Entry Age

  client NAT>exit

  检查DHCP server 状态。

  Check t2 event log.

  client +fea dhcp

  client DHCP Server>request status

  IP address: 192.168.89.1

  Status: STOCKED

  IP address: 192.168.89.2

  Status: LEASED

  Lease time: 86400 seconds

  Start time: 18:30:36 May 30, 1999

  Last time leased: 18:30:36 May 30, 1999

  Client id: 6-0x40006666AAAA

  IP address: 192.168.89.3

  Status: STOCKED

  client DHCP Server>exit

  检查 t2 的日志。

  client +event

  Event Logging System user console

  client ELS>nodips sub all all

  client ELS>disp sub nat all

  client ELS>

  client *f 2

  client *t 2

  00:13:53 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

  00:13:53 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

  00:13:53 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

  00:13:53 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

  00:13:53 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0

  00:13:53 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS

  00:13:54 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

  00:13:54 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

  00:13:54 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

  00:13:54 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

  00:13:54 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0

  00:13:54 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS

  00:13:55 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

  00:13:55 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

  00:13:55 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

  00:13:55 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

本文已影响873
+1
0