Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • CCNA 640-802 by 4

    Încărcat de

    apisone.ya
    173 vizualizări14 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PPT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    173 vizualizări14 pagini

    CCNA 640-802 by 4

    Încărcat de

    apisone.ya

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 14

    Training Cisco Certified Network

    Associate (CCNA 640-802)

    Mr.Kriangsak Namkot
    jodoi@jodoi.com
    jodoi1819@hotmail.com
    http://www.jodoi.com
    Day 4
    • Security ( ACL ) , Standard Access Lists ,
    Extended Access Lists, Named ACLs
    • Network Address Translation (NAT), Static
    NAT , Dynamic NAT , PAT (Overloading)
    • LAB Configuration
    Access Lists
    Access list
    - Standard 1-99 ,1300-1999
    - Extended 100-199 , 2000-2699
    Standard access list (1-99)
    Config#access-list (access
    _______number) ______
    (permit,deny) ______
    (SA) ______
    (wildcard)

    Ex
    Config#access-list 1 deny 192.168.12.100 0.0.0.0
    Config#access-list 1 permit any
    Config#interface S0
    Config#ip access-group 1 in
    Access Lists
    Standard access list (1-99)
    #show ip interface S0 เพื่อตรวจสอบว่า access-list ถูก set ไว้หรือไม่
    Ex Block telnet
    Config#access-list 2 deny 192.168.1.2 0.0.0.0
    Config#access-list 2 permit any

    Config#line vty 0 4
    (config-line)#access-class 2 in
    Access Lists
    Extended access list (100-199)
    (access number) (permit,deny) (protocol tcp,udp,icmp) SA wildcard
    config#access-list __________ _________ ___________ ____ ______
    DA ________
    _____ wildcard __________
    Eq,Neq,lt,gt _________
    Port number

    Ex
    Config#access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.10.10.2 0.0.0.0 eq 23

    Config#access-list 101 permit ip any any

    config#interface S0
    config-if#ip access-group 101 in
    Access Lists
    Name access list
    Config#ip access-list Standard _______
    Name
    Extended

    Ex Standdard Ex Extended
    config#ip access-list standard Internet config#ip access-list extended BlockVirus2
    config#deny tcp any any eq 135
    config# permit 192.168.40.25 0.0.0.0
    Config#deny tcp any any eq 4899
    config#permit 192.168.40.26 0.0.0.0 Config#permit ip any any
    config#interface e0 config#interface S0
    config-if#ip access-group internet in config-if#ip access-group BlockVirus2 in
    Well-Known Port
    ECHO Server ---> TCP/7
    DISCARD Server ---> TCP/9
    DAYTIME Server ---> TCP/13
    CHARGET Server ---> TCP/19
    FTP Server ---> TCP/21
    SSH Server ---> TCP/22
    Telnet Server ---> TCP/23
    SMTP Server ---> TCP/25
    DNS Server ---> TCP/53 and UDP/53
    DHCP Server ---> UDP/68
    Web Server ---> TCP/80 (HTTP)
    Secure Web Server ---> TCP/443 (HTTPS)
    POP3 Server ---> TCP/110
    IMAP Server ---> TCP/143
    SNMP Server ---> UDP/161
    LDAP Server ---> TCP/389
    Web Proxy Server ---> TCP/3128 or TCP/8080
    Network AddressTranslation

    NAT
    - Static
    - dynamic
    - Overloading
    Static
    Config#ip nat inside source static 192.168.1.2 10.10.10.3

    Config#interface e0 Config#interface S0
    Config-if#ip nat inside Config-if#ip nat outside

    #debug ip nat เพื่อตรวจสอบดูว่ามีการทำา nat static หรือไม่


    ตัวอย่าง
    • routerB#debug ip nat

    • 00:28:33: NAT: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1276]


    • 00:28:33: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1276]
    • 00:28:34: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1277]
    • 00:28:34: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1277]
    • 00:28:35: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1279]
    • 00:28:35: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1279]
    • 00:28:36: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1281]
    • 00:28:36: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1281]
    • 00:28:42: NAT*: s=192.168.4.2->10.10.10.6, d=10.10.10.1 [1283]
    • 00:28:42: NAT*: s=10.10.10.1, d=10.10.10.6->192.168.4.2 [1283]
    Network AddressTranslation

    Dynamic
    Config#ip nat pool name pool start ip end ip netmask netmask
    Ex
    Config#ip nat pool ISP 10.10.10.4 10.10.10.8 netmask 255.255.255.0
    Config#access-list 1 permit 192.168.1.0 0.0.0.255
    Config#ip nat inside source list 1 pool ISP

    Config#interface e0 Config#interface S0
    Config-if#ip nat inside Config-if#ip nat outside
    Network AddressTranslation

    Overloading

    Config#access-list 1 permit 192.168.1.0 0.0.0.255


    Config#ip nat inside source list 1 interface S0 overload
    หรือ สามารถทำา overloading แบบ dynamic
    Config#ip nat inside source list 1 pool name pool overload

    Config#interface e0 Config#interface S0
    Config-if#ip nat inside Config-if#ip nat outside
    ตัวอย่าง
    • routerB#debug ip nat

    • 00:41:39: NAT: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1789]


    • 00:41:39: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1789]
    • 00:41:40: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1790]
    • 00:41:40: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1790]
    • 00:41:41: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1792]
    • 00:41:41: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1792]
    • 00:41:42: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1794]
    • 00:41:42: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1794]
    • 00:41:43: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1795]
    • 00:41:43: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1795]
    • 00:41:44: NAT*: s=192.168.4.2->10.10.10.2, d=192.168.1.1 [1797]
    • 00:41:44: NAT*: s=192.168.1.1, d=10.10.10.2->192.168.4.2 [1797]
    ตัวอย่าง
    routerB#debug ip nat

    • 00:52:12: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2332]


    • 00:52:12: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2332]
    • 00:52:13: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2333]
    • 00:52:13: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2333]
    • 00:52:14: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2337]
    • 00:52:14: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2337]
    • 00:52:15: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2339]
    • 00:52:15: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2339]
    • 00:52:16: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2340]
    • 00:52:16: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2340]
    • 00:52:17: NAT*: s=192.168.4.3->10.10.10.2, d=10.10.10.1 [2342]
    • 00:52:17: NAT*: s=10.10.10.1, d=10.10.10.2->192.168.4.3 [2342]
    Ex Static NAT
    • ip nat inside source list 7 interface Serial0 overload
    • ip nat inside source static tcp 192.168.42.30 5900 203.149.9.218 5900 extendable
    • ip nat inside source static udp 192.168.42.30 5900 203.149.9.218 5900 extendable
    • ip nat inside source static udp 192.168.42.30 5800 203.149.9.218 5800 extendable
    • ip nat inside source static tcp 192.168.42.30 5800 203.149.9.218 5800 extendable
    • ip nat inside source static tcp 192.168.42.2 6500 203.149.9.219 6500 extendable
    • ip nat inside source static tcp 192.168.42.2 80 203.149.9.219 80 extendable
    • ip nat inside source static tcp 192.168.42.5 143 203.149.9.218 143 extendable
    • ip nat inside source static tcp 192.168.42.5 21 203.149.9.218 21 extendable
    • ip nat inside source static tcp 192.168.42.5 20 203.149.9.218 20 extendable
    • ip nat inside source static tcp 192.168.42.5 22 203.149.9.218 22 extendable
    • ip nat inside source static udp 192.168.42.5 53 203.149.9.218 53 extendable
    • ip nat inside source static tcp 192.168.42.5 53 203.149.9.218 53 extendable
    • ip nat inside source static tcp 192.168.42.5 110 203.149.9.218 110 extendable
    • ip nat inside source static tcp 192.168.42.5 25 203.149.9.218 25 extendable
    • ip nat inside source static udp 192.168.42.5 22 203.149.9.218 22 extendable
    • ip nat inside source static tcp 192.168.42.5 80 203.149.9.218 80 extendable

    S-ar putea să vă placă și