网络安全学习--路由器学习
Posted 丢爸
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了网络安全学习--路由器学习相关的知识,希望对你有一定的参考价值。
路由
跨越从源主机到目标主机的一个互联网络来转发数据包的过程,即路由器为IP包选择路径的过程
路由器根据路由表做路径选择
路由表
- 直连网段
配置IP地址,端口UP - 非直连网段
管理距离值(A值):值越小,优先级越高
C(direct connection)直连路径:0
S(Static)静态路由:1
默认路由:S*
浮动路由:
简单的路由配置
# Router1路由器需要添加NM-2FE2W模块,添加时要先关闭电源
#------------------------配置三台路由器的IP,并启动-----
#--------------配置Route0
#进入特权模式
Router>enable
#进入全局模式
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
#关闭路由器自动解析功能
Router(config)#no ip domain-lookup
#修改路由器名称
Router(config)#hostname R1
#配置R1路由器f0/0接口IP
R1(config)#interface f0/0
R1(config-if)#ip addr 10.1.1.254 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
#配置R1路由器的f0/1接口IP
R1(config-if)#exit
R1(config)#interface f0/1
R1(config-if)#ip addr 20.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R1(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.254 YES manual up up
FastEthernet0/1 20.1.1.1 YES manual up down
Vlan1 unassigned YES unset administratively down down
#--------------配置Route0
#--------------配置Route1
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain-lookup
Router(config)#hostname R2
R2(config)#interface f0/1
R2(config-if)#ip addr 50.1.1.254 255.255.255.0
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R2(config-if)#exit
R2(config)#interface f0/0
R2(config-if)#ip addr 20.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
R2(config)#interface f1/0
R2(config-if)#ip addr 30.1.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
R2(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.2 YES manual up up
FastEthernet0/1 50.1.1.254 YES manual up up
FastEthernet1/0 30.1.1.1 YES manual up down
FastEthernet1/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
#--------------配置Route1
#--------------配置Route2
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip domain-lookup
Router(config)#hostname R3
R3(config)#interface f0/0
R3(config-if)#ip addr 30.1.1.2 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R3(config-if)#exit
R3(config)#interface f0/1
R3(config-if)#ip addr 40.1.1.254 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R3(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 30.1.1.2 YES manual up up
FastEthernet0/1 40.1.1.254 YES manual up up
Vlan1 unassigned YES unset administratively down down
#--------------配置Route2
#------------------------配置三台路由器的IP,并启动-----
#查看路由器路径表
R2(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet0/0
L 20.1.1.2/32 is directly connected, FastEthernet0/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/0
L 30.1.1.1/32 is directly connected, FastEthernet1/0
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 50.1.1.0/24 is directly connected, FastEthernet0/1
L 50.1.1.254/32 is directly connected, FastEthernet0/1
#----------------------配置路由条目
#--------R1配置路由条目
R1(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.2
R1(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 20.1.1.2 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
L 10.1.1.254/32 is directly connected, FastEthernet0/0
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet0/1
L 20.1.1.1/32 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 20.1.1.2
#--------R1配置路由条目
#--------R2配置路由条目
R2(config)#ip route 10.1.1.0 255.255.255.0 20.1.1.1
R2(config)#ip route 40.1.1.0 255.255.255.0 30.1.1.2
R2(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
S 10.1.1.0/24 [1/0] via 20.1.1.1
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet0/0
L 20.1.1.2/32 is directly connected, FastEthernet0/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/0
L 30.1.1.1/32 is directly connected, FastEthernet1/0
40.0.0.0/24 is subnetted, 1 subnets
S 40.1.1.0/24 [1/0] via 30.1.1.2
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 50.1.1.0/24 is directly connected, FastEthernet0/1
L 50.1.1.254/32 is directly connected, FastEthernet0/1
#--------R2配置路由条目
#--------R3配置路由条目
R3(config)#ip route 0.0.0.0 0.0.0.0 30.1.1.1
R3(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 30.1.1.1 to network 0.0.0.0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet0/0
L 30.1.1.2/32 is directly connected, FastEthernet0/0
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.1.1.0/24 is directly connected, FastEthernet0/1
L 40.1.1.254/32 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 30.1.1.1
#--------R3配置路由条目
#----------------------配置路由条目
#--------------------------配置完成后在PC0上面通过ping进行测试
C:\\>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=255
Reply from 20.1.1.1: bytes=32 time<1ms TTL=255
Ping statistics for 20.1.1.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\\>ping 30.1.1.1
Pinging 30.1.1.1 with 32 bytes of data:
Reply from 30.1.1.1: bytes=32 time<1ms TTL=254
Reply from 30.1.1.1: bytes=32 time<1ms TTL=254
Reply from 30.1.1.1: bytes=32 time<1ms TTL=254
Reply from 30.1.1.1: bytes=32 time<1ms TTL=254
Ping statistics for 30.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\\>ping 40.1.1.1
Pinging 40.1.1.1 with 32 bytes of data:
Request timed out.
Reply from 40.1.1.1: bytes=32 time<1ms TTL=125
Reply from 40.1.1.1: bytes=32 time<1ms TTL=125
Reply from 40.1.1.1: bytes=32 time<1ms TTL=125
Ping statistics for 40.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\\>ping 50.1.1.1
Pinging 50.1.1.1 with 32 bytes of data:
Request timed out.
Reply from 50.1.1.1: bytes=32 time<1ms TTL=126
Reply from 50.1.1.1: bytes=32 time<1ms TTL=126
Reply from 50.1.1.1: bytes=32 time<1ms TTL=126
Ping statistics for 50.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
配置第二个模型(使用浮动路由)
# Router0、1路由器需要添加NM-2FE2W模块,添加时要先关闭电源
#------------------------配置两台路由器的IP,并启动-----
#----------配置Router0
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface f0/0
Router(config-if)#ip addr 10.1.1.254 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#interface fa1/0
Router(config-if)#ip addr 20.1.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
Router(config-if)#exit
Router(config)#interface fa1/1
Router(config-if)#ip addr 30.1.1.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/1, changed state to up
#----------配置Router0
#----------配置Router1
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fa1/0
Router(config-if)#ip addr 20.1.1.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Router(config-if)#exit
Router(config)#interface fa1/1
Router(config-if)#ip addr 30.1.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up
Router(config-if)#exit
Router(config)#interface fa0/0
Router(config-if)#ip addr 40.1.1.254 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
#----------配置Router1
#----------配置Router0路由器的路由表
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#
Router(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
L 10.1.1.254/32 is directly connected, FastEthernet0/0
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet1/0
L 20.1.1.1/32 is directly connected, FastEthernet1/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/1
L 30.1.1.2/32 is directly connected, FastEthernet1/1
Router(config)#ip route 40.1.1.0 255.255.255.0 20.1.1.2
Router(config)#ip route 40.1.1.0 255.255.255.0 30.1.1.1 2
Router(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
L 10.1.1.254/32 is directly connected, FastEthernet0/0
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet1/0
L 20.1.1.1/32 is directly connected, FastEthernet1/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/1
L 30.1.1.2/32 is directly connected, FastEthernet1/1
40.0.0.0/24 is subnetted, 1 subnets
S 40.1.1.0/24 [1/0] via 20.1.1.2
#----------配置Router0路由器的路由表
#----------配置Router1路由器的路由表
Router(config-if)#exit
Router(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet1/0
L 20.1.1.2/32 is directly connected, FastEthernet1/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/1
L 30.1.1.1/32 is directly connected, FastEthernet1/1
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.1.1.0/24 is directly connected, FastEthernet0/0
L 40.1.1.254/32 is directly connected, FastEthernet0/0
Router(config)#ip route 10.1.1.0 255.255.255.0 20.1.1.1
Router(config)#ip route 10.1.1.0 255.255.255.0 30.1.1.2 2
Router(config)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
S 10.1.1.0/24 [1/0] via 20.1.1.1
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.1.1.0/24 is directly connected, FastEthernet1/0
L 20.1.1.2/32 is directly connected, FastEthernet1/0
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.1.1.0/24 is directly connected, FastEthernet1/1
L 30.1.1.1/32 is directly connected, FastEthernet1/1
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.1.1.0/24 is directly connected, FastEthernet0/0
L 40.1.1.254/32 is directly connected, FastEthernet0/0
#----------配置Router1路由器的路由表
#----------配置完成后通过PC0对PC1进行ping请求
C:\\>ping 40.1.1.1
Pinging 40.1.1.1 with 32 bytes of data:
Request timed out.
Reply from 40.1.1.1: bytes=32 time<1ms TTL=126
Reply from 40.1.1.1: bytes=32 time=4ms TTL=126
Reply from 40.1.1.1: bytes=32 time<1ms TTL=126
Ping statistics for 40.1.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms
#------------------------配置两台路由器的IP,并启动-----
以上是关于网络安全学习--路由器学习的主要内容,如果未能解决你的问题,请参考以下文章