bao cao trung

Bài Lap Sơ Cấp_Nguyễn Đức Trung_MSSV:1091021216_Lớp 10HTHM2

M c L cụ ụ

I/GIỚI THIỆU.......................................................................................................................................1

1. Mô hình.........................................................................................................................................1

2.Chi tiết............................................................................................................................................1

3.Các phần mềm sử dụng...................................................................................................................2

II/CẤU HÌNH ROUTER.......................................................................................................................2

1.Router R1.......................................................................................................................................2

2.Router R2.......................................................................................................................................5

3.Router R3.......................................................................................................................................8

4.Router R4.....................................................................................................................................11

5.Router R5.....................................................................................................................................15

6.Router R6.....................................................................................................................................18

7.Frame Replay................................................................................................................................20

III/CONFIG BẮT GÓI TIN TRÊN ROUTER.....................................................................................23

1.Cấu hình ssh.................................................................................................................................23

2.Cấu hình HTTPS..........................................................................................................................24

3.Cấu hình NetFlow trên R4............................................................................................................24

4.Cấu hình Tacacs trên R5...............................................................................................................24

IV/BẢNG ĐỊNH TUYẾN CÁC ROUTER.........................................................................................25

1.Router R1.....................................................................................................................................25

2.Router R2.....................................................................................................................................26

3.Router R3.....................................................................................................................................26

4.Router R4.....................................................................................................................................27

5.Router R5.....................................................................................................................................27

6.Router R6.....................................................................................................................................28

V/ KIỂM TRA CÁC GÓI TIN............................................................................................................29

1.WireShark.....................................................................................................................................29

1.1 HTTP.....................................................................................................................................29

1.2 HTTPS...................................................................................................................................29

1.3 TELNET................................................................................................................................30

1.4 SSH........................................................................................................................................30

1.5 NTP.......................................................................................................................................31

1


1.7 FTP........................................................................................................................................32

1.8 TFTP......................................................................................................................................32

1.9 DNS.......................................................................................................................................33

1.10 SIP.......................................................................................................................................33

1.11 H323....................................................................................................................................34

1.12 Keberos................................................................................................................................34

1.13 SQL.....................................................................................................................................35

1.14 SNMP..................................................................................................................................35

1.15 Radius..................................................................................................................................36

1.16 TACACS.............................................................................................................................36

1.17 SMTP...................................................................................................................................37

1.18 SNMP Trap..........................................................................................................................37

1.19 RTP......................................................................................................................................38

2


I/GIỚI THIỆU

1. Mô hình

2.Chi tiết Mô hình gồm 6 router và một Frame Relay Switch.Các router được gán tên R1, R2, R3, R4, R5, R6 như trên hình vẽ.

+ R1, R2 và R3 kết nối với nhau bằng công nghệ chuyển mạch khung (Frame Relay) với 2 PVC giữa R1 với R2 và giữa R1 với R3.

+ R3, R4 và R5 kết nối bằng công nghệ đường thuê bao (Leased Line) qua giao thức Point-to-Point Protocol.

+ R4 và R6 kết nối bằng công nghệ đường thuê bao (Leased Line) qua giao thức HDLC.

+ R1 kết nối với máy tính thật qua card mạng loopback và R6 kết nối vào máy tính ảo Vmware.

Giao thức định tuyến :

+ R1, R2, R3 định tuyến RIP,

+ R3,R4,R6 định tuyến OSPF,

3


+ R4, R5 định tuyến EIGRP.

(Chú ý : Cần phải phân phối định tuyến - Redistribution)

3.Các phần mềm sử dụng - Phần mềm GNS3 & IOS - Phầm mềm Wmware- Phần mềm Solarwinds- Phần mềm Netflow Analyzer- Phần mềm WireShark- Phần mềm Polycom - TFTP Server- WinRadius- CoreFtp- Mail Mdeamon- SQL Server2000

II/CẤU HÌNH ROUTER

1.Router R1

!

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$7FRK$Jqr0lm5OmZGrLJA3fix3Q.

enable password 456

!

no aaa new-model

memory-size iomem 5

!

4


!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.17 255.255.255.0

ip router isis

duplex auto

speed auto

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

!

interface Serial1/0.102 point-to-point

ip address 192.168.2.16 255.255.255.0

ip router isis

no cdp enable

frame-relay interface-dlci 102

!

5



ip address 192.168.3.16 255.255.255.0

ip router isis

no cdp enable


!

interface Serial1/1

no ip address

shutdown


!

interface Serial1/2

no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

router isis

net 49.0001.1111.1111.1111.00

!

ip http server

no ip http secure-server

!

!

!

no cdp run

!

!

!

control-plane

!

!

!

!

!

!

!

!

6


!

banner motd Router 1

!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

line vty 0 4

no login

!

!

end

2.Router R2

!

!

version 12.4




!

hostname R2

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$w1JF$eCgKoBIlzeEN1cF9LgFmU/

enable password 456

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

7


!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!


no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address



!


ip address 192.168.2.17 255.255.255.0

ip router isis

no cdp enable


!

interface Serial1/1

no ip address

shutdown


!

interface Serial1/2

8


no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

router isis

net 49.0001.2222.2222.2222.00

!

ip http server


!

!

!

no cdp run

!

!

!

control-plane

!

!

!

!

!

!

!

!

!


!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

line vty 0 4

no login

!

!

end

9


3.Router R3

!

!

version 12.4




!

hostname R3

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$Krmj$yqqWrXUDxTIcp.O2kqaZh1

enable password 456

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

ipv6 unicast-routing

ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

10


!

!

!

!

!

!

!

interface Loopback0

no ip address

ipv6 address 2004::1/64

ipv6 enable

ipv6 rip Ripng enable

!

interface Tunnel15

ip address 192.168.10.16 255.255.255.0

tunnel source Serial1/1

tunnel destination 2005::2

tunnel mode gre ipv6

!


no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address



!


ip address 192.168.3.17 255.255.255.0

ip router isis

no cdp enable


!

interface Serial1/1

ip address 192.168.4.16 255.255.255.0

ip router isis

encapsulation ppp


ipv6 enable



11


clock rate 64000

!

interface Serial1/2

no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

router isis

net 49.0001.3333.3333.3333.00

redistribute rip

!

router rip

redistribute connected

redistribute static

redistribute isis level-1-2 metric 10

network 192.168.3.0

network 192.168.10.0

!

ip http server


!

!

!

no cdp run

ipv6 router rip Ripng

maximum-paths 1

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

12


!


!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

line vty 0 4

no login

!

!

end

4.Router R4

!

!

version 12.4




!

hostname R4

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$xmEp$9KJFcx94M1QtUN1Fv01DJ/

enable password 456

!

no aaa new-model

ip flow-cache timeout active 1

!

!

ip cef

!

!

ipv6 unicast-routing

13


ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Tunnel15

ip address 192.168.10.17 255.255.255.0

tunnel source Serial1/0

tunnel destination 2005::1

tunnel mode gre ipv6

!


no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 192.168.4.17 255.255.255.0

ip flow ingress

ip flow egress

encapsulation ppp

ip route-cache flow


ipv6 enable



!

14


interface Serial1/1

ip address 192.168.5.16 255.255.255.0


clock rate 64000

!

interface Serial1/2

ip address 192.168.6.16 255.255.255.0


clock rate 64000

!

interface Serial1/3

no ip address

shutdown


!

interface Serial1/4

no ip address

shutdown


!

interface Serial1/5

no ip address

shutdown


!

interface Serial1/6

no ip address

shutdown


!

interface Serial1/7

no ip address

shutdown


!

interface ATM2/0

no ip address

no atm ilmi-keepalive

!

interface ATM2/0.1 point-to-point

ip address 192.168.8.16 255.255.255.0

pvc 1/100

protocol ip 192.168.8.16 broadcast

protocol ip 192.168.8.17 broadcast

15


!

!

!

router ospf 100

log-adjacency-changes

redistribute static subnets

redistribute rip metric 100 subnets

network 192.168.5.0 0.0.0.255 area 0

!

router rip

redistribute static

redistribute ospf 100 metric 10

network 192.168.4.0

network 192.168.6.0

network 192.168.8.0

network 192.168.10.0

!

ip forward-protocol nd

ip route 192.168.7.0 255.255.255.0 192.168.6.17

ip flow-export source Serial1/0

ip flow-export version 5

ip flow-export destination 192.168.0.16 9996

!

no ip http server


!

!

snmp-server community public RO

snmp-server community private RW

snmp-server ifindex persist

snmp-server enable traps tty

no cdp run

ipv6 router rip Ripng

maximum-paths 1

!

!

snmp mib persist circuit

!

!

control-plane

!

!

!

!

16


!

!

gatekeeper

shutdown

!


!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

stopbits 1

line aux 0

stopbits 1

line vty 0 4

no login

!

!

end

5.Router R5

!

!

version 12.4




!

hostname R5

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$p0Mm$eCyGZJcnbZO3Z5MY8w4Kj.

enable password 456

!

no aaa new-model

memory-size iomem 5

!

!

17


ip cef

!

!

!

!

crypto pki trustpoint TP-self-signed-4279256517

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4279256517

revocation-check none

rsakeypair TP-self-signed-4279256517

!

!

crypto pki certificate chain TP-self-signed-4279256517

certificate self-signed 01 nvram:IOS-Self-Sig#3737.cer

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!


no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

ip address 192.168.5.17 255.255.255.0


!

interface Serial1/1

no ip address

18


shutdown


!

interface Serial1/2

no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

router ospf 200

log-adjacency-changes

network 192.168.5.0 0.0.0.255 area 0

!

ip http server

ip http secure-server

!

!

!

no cdp run

!

!

!

control-plane

!

!

!

!

!

!

!

!

!


!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

19


line vty 0 4

no login

!

!

end

6.Router R6

!

!

version 12.4




!

hostname R6

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$iXbC$a5sWrBqf3OBHGpCulqeSA1

enable password 456

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

20


!

!

!

!

!

!

!

!

!

!

!

!


ip address 192.168.7.16 255.255.255.0

duplex auto

speed auto

!

interface Serial1/0

ip address 192.168.6.17 255.255.255.0


!

interface Serial1/1

no ip address

shutdown


!

interface Serial1/2

no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

ip http server


!

ip route 0.0.0.0 0.0.0.0 192.168.6.16

!

!

21


no cdp run

!

!

!

control-plane

!

!

!

!

!

!

!

!

!


!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

line vty 0 4

no login

!

!

end

7.Frame Replay

!

!

version 12.4




!

22


hostname FSS

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$A/OD$3pwbCMP1UqqjUqkEfekjj.

enable password 456

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

frame-relay switching

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!


no ip address

shutdown

duplex auto

speed auto

23


!

interface Serial1/0

no ip address



clock rate 64000

frame-relay intf-type dce

frame-relay route 102 interface Serial1/1 201


!

interface Serial1/1

no ip address



clock rate 64000



!

interface Serial1/2

no ip address



clock rate 64000



!

interface Serial1/3

no ip address

shutdown


!

ip http server


!

!

!

no cdp run

!

!

!

control-plane

!

24


!

!

!

!

!

!

!

!

banner motd Frame Replay

!

line con 0

exec-timeout 0 0

password 123

logging synchronous

login

line aux 0

line vty 0 4

no login

!

!

end

III/CONFIG BẮT GÓI TIN TRÊN ROUTER

1.Cấu hình ssh

conf t

ip domain name pantez.com

crypto key generate rsa general-keys modulus 1024

ip ssh time-out 60

ip ssh version 2

ip ssh authentication-retries 2

username pantez password 123456

line vty 0 4

login local

transport input ssh

end

25


2.C u hình HTTPSấ

conf t

ip http secure-server

end

3.Cấu hình NetFlow trên R4

conf t

interface Serial1/0

ip route-cache flow

exit

ip flow-export source Serial1/0

ip flow-export version 5

ip flow-export destination 192.168.0.16 9996

ip flow-cache timeout active 1

ip flow-cache timeout inactive 15

snmp-server ifindex persist

snmp-server community public ro

snmp-server community private rw

snmp-server enable traps tty

snmp mib persist circuit

snmp mib persist event

end

4.Cấu hình Tacacs trên R5

conf t

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+

aaa session-id common

tacacs-server host 192.168.0.19

tacacs-server directed-request

tacacs-server key 123456

end

26


IV/BẢNG ĐỊNH TUYẾN CÁC ROUTER

1.Router R1

27


2.Router R2

3.Router R3

28


4.Router R4

5.Router R5

29


6.Router R6

30


V/ KIỂM TRA CÁC GÓI TIN

1.WireShark

1.1 HTTP

1.2 HTTPS

31


1.3 TELNET

1.4 SSH

32


1.5 NTP

1.6 RD (Remote Desktop)

33


1.7 FTP

1.8 TFTP

34


1.9 DNS

1.10 SIP

35


1.11 H323

1.12 Keberos

36


1.13 SQL

1.14 SNMP

37


1.15 Radius

1.16 TACACS

38


1.17 SMTP

1.18 SNMP Trap

39


1.19 RTP

1.20 RTCP

40

bao cao trung

Documents

cc phn mm

type dce frame

ip http secure

relay serial

routing ipv6

cdp enable

ip http server

0 serial restart