关于防火墙该如何配置
如下图是我课程设计核心层路由器,pc1-pc5仅为测试用,R1-R4为核心层路由器,R5作为防火墙(由于模拟器是Boson NetSim只能用路由器代替防火墙),拓扑图如下:其中R1、R2和R3配置命令大体相同,配置命令如下:
interface Serial1/0
ip address 10.1.4.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
ip address 10.1.2.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/3
ip address 10.1.3.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
network 10.1.2.0 0.0.0.255 area 0
network 10.1.3.0 0.0.0.255 area 0
network 10.1.4.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
R1路由表:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
C 10.1.4.0 is directly connected, Serial1/0
C 10.1.2.0 is directly connected, Serial1/2
C 10.1.3.0 is directly connected, Serial1/3
O 10.2.3.0 via 10.2.3.1, 00:35:00, Serial1/2
O 10.2.4.0 via 10.2.4.1, 00:35:00, Serial1/2
O 10.4.5.0 via 10.1.4.2, 00:35:00, Serial1/0
O 10.3.4.0 via 10.3.4.2, 00:35:00, Serial1/0
C 192.168.1.0 is directly connected, FastEthernet0/0
O 192.168.2.0 via 192.168.2.1, 00:35:00, Serial1/2
O 192.168.4.0 via 192.168.4.1, 00:35:00, Serial1/0
O 192.168.3.0 via 192.168.3.1, 00:35:00, Serial1/3
R1邻居表:
R1#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme CapabilityPlatformPort ID
R2 Ser1/2 174 R 4500 Ser 1/1
R3 Ser1/3 174 R 4500 Ser 1/1
R4 Ser1/0 174 R 4500 Ser 1/1
R2路由表:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
C 10.2.4.0 is directly connected, Serial1/0
C 10.1.2.0 is directly connected, Serial1/1
C 10.2.3.0 is directly connected, Serial1/3
O 10.4.5.0 via 10.1.2.1, 00:36:55, Serial1/1
O 10.1.4.0 via 10.1.2.1, 00:36:55, Serial1/1
O 10.3.4.0 via 10.3.4.2, 00:36:55, Serial1/0
O 10.1.3.0 via 10.2.3.2, 00:36:55, Serial1/3
C 192.168.2.0 is directly connected, FastEthernet0/0
O 192.168.4.0 via 192.168.4.1, 00:36:55, Serial1/0
O 192.168.3.0 via 192.168.3.1, 00:36:55, Serial1/3
O 192.168.1.0 via 192.168.1.1, 00:36:35, Serial1/1
R2邻居表:
R2#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme CapabilityPlatformPort ID
R1 Ser1/1 161 R 4500 Ser 1/2
R3 Ser1/3 161 R 4500 Ser 1/2
R4 Ser1/0 161 R 4500 Ser 1/2
R3路由表:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
C 10.3.4.0 is directly connected, Serial1/0
C 10.1.3.0 is directly connected, Serial1/1
C 10.2.3.0 is directly connected, Serial1/2
O 10.4.5.0 via 10.1.3.1, 00:37:45, Serial1/1
O 10.1.4.0 via 10.1.3.1, 00:37:45, Serial1/1
O 10.2.4.0 via 10.1.3.1, 00:37:45, Serial1/1
O 10.1.2.0 via 10.1.3.1, 00:37:35, Serial1/1
C 192.168.3.0 is directly connected, FastEthernet0/0
O 192.168.4.0 via 192.168.4.1, 00:37:45, Serial1/0
O 192.168.1.0 via 192.168.1.1, 00:37:35, Serial1/1
O 192.168.2.0 via 192.168.2.1, 00:37:35, Serial1/2
R3邻居表:
R3#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme CapabilityPlatformPort ID
R1 Ser1/1 171 R 4500 Ser 1/3
R2 Ser1/2 171 R 4500 Ser 1/3
R4 Ser1/0 171 R 4500 Ser 1/3
R4配置命令:
interface Serial1/0
ip address 10.4.5.1 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
ip address 10.1.4.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/2
ip address 10.2.4.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/3
ip address 10.3.4.2 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address 192.168.4.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
network 10.1.4.0 0.0.0.255 area 0
network 10.2.4.0 0.0.0.255 area 0
network 10.3.4.0 0.0.0.255 area 0
network 10.4.5.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
R4路由表:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 7 subnets
C 10.4.5.0 is directly connected, Serial1/0
C 10.1.4.0 is directly connected, Serial1/1
C 10.2.4.0 is directly connected, Serial1/2
C 10.3.4.0 is directly connected, Serial1/3
O 10.1.2.0 via 10.1.2.1, 00:38:28, Serial1/1
O 10.1.3.0 via 10.1.3.1, 00:38:28, Serial1/1
O 10.2.3.0 via 10.2.3.1, 00:38:28, Serial1/2
C 192.168.4.0 is directly connected, FastEthernet0/0
O 192.168.5.0 via 192.168.5.1, 00:39:38, Serial1/0
O 192.168.1.0 via 192.168.1.1, 00:38:28, Serial1/1
O 192.168.2.0 via 192.168.2.1, 00:38:28, Serial1/2
O 192.168.3.0 via 192.168.3.1, 00:31:07, Serial1/3
R4邻居:
R4#sho cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme CapabilityPlatformPort ID
R1 Ser1/1 169 R 4500 Ser 1/0
R5 Ser1/0 169 R 4500 Ser 1/0
R2 Ser1/2 169 R 4500 Ser 1/0
R3 Ser1/3 169 R 4500 Ser 1/0
R5我想作为防火墙 该如何设置呢?采用什么协议 ?我现在是如下配置的
R5配置命令:
interface Serial1/0
ip address 10.4.5.2 255.255.255.0
no ip directed-broadcast
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
no ip directed-broadcast
ip ospf cost 1
!
router ospf 1
network 10.4.5.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
!
R5路由表:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
C 10.4.5.0 is directly connected, Serial1/0
O 10.1.4.0 via 10.1.4.2, 00:41:18, Serial1/0
O 10.2.4.0 via 10.2.4.2, 00:41:18, Serial1/0
O 10.3.4.0 via 10.4.5.1, 00:41:18, Serial1/0
C 192.168.5.0 is directly connected, FastEthernet0/0
O 192.168.4.0 via 192.168.4.1, 00:41:18, Serial1/0
R5邻居表:
R5#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme CapabilityPlatformPort ID
R4 Ser1/0 169 R 4500 Ser 1/0
我这么配置发现问题是,192.168.0.0 网段所有pc都不能访问 pc5192.168.5.2 ,我应该怎么配置防火墙(R5)?
作为核心层这样配置路由器可以么?麻烦各位啦!
描述问题,本身也是一种很重要的呈现~
不然别人不容易帮到你~
也容易浪费别人的时间~
提升看贴子的效率~
从别人看的角度来发问~
看到模拟器是Boson NetSim,建议使用GNS3来模拟,防止出现不可预知的bug。
关于GNS3如何使用的视频,论坛里很多,可以找下。
回复 2 # andersen 的帖子
哦 谢谢我知道了我会改正的 回复 3 # 1209665102 的帖子
我现在有在线,你把问题描述清楚些,我给你解答下。
and,防火墙可以使用GNS3来模拟,或者使用Vmware来模拟。
-77-很全面的分析啊~ 虽然技术我不大懂,但是一定要顶。-woniu5-
页:
[1]