lab2_bùi duy cương_lê quang bắc_09dthm

Lab 2 – Mạng sơ trung 1

Đại Học Kỹ Thuật Công Nghệ TP.HCM

Khoa Công Nghệ Thông Tin

BÁO CÁO MẠNG MÁY TÍNH

LAB 2 – MẠNG SƠ TRUNG

Giảng viên hướng dẫn : Nguyễn Đức Quang

Sinh viên thực hiện : Lê Quang Bắc_0951020030

Bùi Duy Cương_0951020036

Lớp : 09DTHM

TPHCM, 2012


Mục lục

I/ Mô hình mạng.......................................................................................................................................... 4

II/Cấu hình router ........................................................................................................................................ 5

1/ Router 1 (R1) ...................................................................................................................................... 5

2/ Router 2 (R2) ...................................................................................................................................... 7

3/ Router 3 (R3) ...................................................................................................................................... 9

4/ Router 4 (R4) .................................................................................................................................... 11

5/ Router 5 (R5) .................................................................................................................................... 13

6/ Router 6 (R6) .................................................................................................................................... 15

7/ Frame relay switch (FT_S) ................................................................................................................. 17

III/ Bảng định tuyến của router ................................................................................................................... 19

1/Router 1 ............................................................................................................................................. 19

2/Router 2 ............................................................................................................................................. 19

3/Router 3 ............................................................................................................................................. 20

4/Router 4 ............................................................................................................................................. 20

5/Router 5 ............................................................................................................................................. 21

6/Router 6 ............................................................................................................................................. 21

IV/ Kết quả bắt gói tin: ............................................................................................................................... 22

HTTP: ................................................................................................................................................... 22

HTTPS:................................................................................................................................................. 23

TELNET: ............................................................................................................................................... 24

SSH: ..................................................................................................................................................... 25

NTP: ..................................................................................................................................................... 26

Netmeeting ........................................................................................................................................... 27

FTP ...................................................................................................................................................... 28

TFTP .................................................................................................................................................... 29

DNS ..................................................................................................................................................... 30

SIP ....................................................................................................................................................... 31

H323..................................................................................................................................................... 32

Kerberos ............................................................................................................................................... 33

SNMP trap ............................................................................................................................................ 34

RADIUS ................................................................................................................................................ 35

TACACS ............................................................................................................................................... 36

SMTP ................................................................................................................................................... 37

RTP ...................................................................................................................................................... 38


RTCP ................................................................................................................................................... 39

POP ..................................................................................................................................................... 40

DHCP ................................................................................................................................................... 41

V/ C2 vào net:........................................................................................................................................... 42

VI/ Thể hiện sự ưu tiên lưu lượng từ cao đến thấp ở trường DSCP cho các lưu lượng theo thứ tự sau : RTP,

Netmeeting, TELNET, SSH. ...................................................................................................................... 44

VII/ Cầu hình cho giao thức RTP chiếm 25% tổng băng thông, Netmeeting 15% tổng băng thông và 60% còn

lại dành cho các giao thức khác. ............................................................................................................... 45


I/ Mô hình mạng

Mô hình được triển khai trên phần mềm GNS3:

- Client (Win 7) sử dụng card Loopback

- Server (Win 2k3) sử dụng card VMNET

- Router 7200


II/Cấu hình router

1/ Router 1 (R1) ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1

! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login default group radius aaa authorization exec default group radius aaa accounting exec default start-stop group radius ! aaa session-id common ! ! ip cef no ip domain lookup ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

class-map match-all telnet match access-group 102

class-map match-all netmeeting

match access-group 101

class-map match-all ssh match access-group 103

class-map match-all rtp match access-group 100 ! !

policy-map LLQ-OUT-2 class rtp

priority percent 25 class netmeeting

priority percent 15 class class-default

fair-queue

policy-map Marking-IN-1 class rtp

set dscp cs6 class netmeeting

set dscp cs5 class telnet

set dscp cs4 class ssh set dscp cs3 ! ! ! ! ! !

interface FastEthernet0/0 ip address dhcp shutdown duplex half !

interface Serial1/0 no ip address ip virtual-reassembly encapsulation frame-relay serial restart-delay 0 priority-group 1 !

interface Serial1/0.12 point-to-point bandwidth 50 ip address 192.168.1.30 255.255.255.0 ip router isis frame-relay interface-dlci 98 service-policy input Marking-IN-1 !

interface Serial1/0.13 point-to-point bandwidth 50 ip address 192.168.2.30 255.255.255.0 ip router isis ip nat inside ip virtual-reassembly frame-relay interface-dlci 96 service-policy input Marking-IN-1 !

interface Serial1/1 no ip address shutdown serial restart-delay 0 !



interface Serial1/4


no ip address shutdown serial restart-delay 0 !




interface FastEthernet2/0

bandwidth 50 ip address 10.0.0.36 255.255.255.0 ip helper-address 192.168.5.36 ip router isis ip nat outside ip virtual-reassembly duplex auto speed auto priority-group 1 service-policy input Marking-IN-1 !

interface FastEthernet2/1 no ip address shutdown duplex auto speed auto !

router isis net 00.0001.0000.0000.0001.00 ! !

no ip http server no ip http secure-server ! ip nat inside source list 1 interface FastEthernet2/0 overload ! access-list 1 permit any access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community private RW ! ! ! radius-server host 20.0.0.36 auth-port 1645 acct-port 1646 radius-server key 123456 ! control-plane ! ! ! ! ! !

gatekeeper shutdown ! !

line con 0

exec-timeout 0 0 logging synchronous stopbits 1

line aux 0 stopbits 1 line vty 0 4 ! ! end


2/ Router 2 (R2)

!* R2.CiscoConfig !* IP Address : 192.168.1.36 !* Community : private !* Downloaded 3/1/2012 8:02:28 AM by SolarWinds Config Transfer Engine Version 5.5.0 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2

! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !


class-map match-all netmeeting match access-group 101





priority percent 15 class class-default fair-queue

policy-map Marking-IN-1

class rtp



set dscp cs4

class ssh set dscp cs3 ! ! ! ! ! !

interface FastEthernet0/0 no ip address shutdown duplex half !

interface Serial1/0 no ip address encapsulation frame-relay serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 !

interface Serial1/0.21 point-to-point ip address 192.168.1.36 255.255.255.0 ip router isis frame-relay interface-dlci 89 !



interface Serial1/3




interface Serial1/6 no ip address shutdown serial restart-delay 0


!


router isis net 00.0001.0000.0000.0002.00 ! ! no ip http server no ip http secure-server ! ! access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community private RW ! ! ! !

control-plane ! ! ! ! ! !


line con 0 exec-timeout 0 0 logging synchronous stopbits 1

line aux 0 stopbits 1

line vty 0 4 login ! ! end


3/ Router 3 (R3)

!* R3.CiscoConfig !* IP Address : 192.168.3.30 !* Community : private !* Downloaded 3/1/2012 8:23:17 AM by SolarWinds Config Transfer Engine Version 5.5.0 ! ! No configuration change since last restart ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3

! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login default group tacacs+ aaa authorization exec default group tacacs+ aaa accounting exec default start-stop group tacacs+ ! aaa session-id common clock timezone GTM 7 ! ! ip cef no ip domain lookup ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !





class-map match-all rtp

match access-group 100 ! !

policy-map LLQ-OUT-2

class rtp








interface Serial1/0

no ip address encapsulation frame-relay serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 !

interface Serial1/0.31 point-to-point ip address 192.168.2.36 255.255.255.0 ip router isis ip nat outside ip virtual-reassembly frame-relay interface-dlci 69 !

interface Serial1/1 ip address 192.168.3.30 255.255.255.0 ip nat inside ip virtual-reassembly ipv6 address 2001::2/64 ipv6 enable ipv6 rip CNTT enable serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 !

interface Serial1/2 no ip address


shutdown serial restart-delay 0 !





interface Serial1/7


router isis net 00.0001.0000.0000.0003.00 redistribute connected redistribute rip ! address-family ipv6 redistribute connected metric 0 redistribute rip CNTT metric 0 exit-address-family !

router rip redistribute connected redistribute isis level-1-2 metric 5 passive-interface Serial1/0 network 192.168.3.0 ! ip route 0.0.0.0 0.0.0.0 Serial1/0.31 ! no ip http server no ip http secure-server !

! access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community private RW snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps config snmp-server enable traps syslog snmp-server host 192.168.2.36 R3 snmp-server manager

ipv6 router rip CNTT maximum-paths 1 redistribute connected metric 1 redistribute isis metric 10 level-1-2 ! ! ! tacacs-server host 20.0.0.36 tacacs-server directed-request tacacs-server key 123456 ! ! control-plane ! ! ! ! ! !



line aux 0 stopbits 1 line vty 0 4 ! ntp master 3 ! end


4/ Router 4 (R4)

!* R4.bac.com.CiscoConfig !* IP Address : 192.168.3.36 !* Community : private !* Downloaded 3/1/2012 8:07:41 AM by SolarWinds Config Transfer Engine Version 5.5.0 ! ! No configuration change since last restart ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4

! boot-start-marker boot-end-marker ! enable password 123 ! no aaa new-model ip flow-cache timeout active 1 ! ! ip cef no ip domain lookup ip domain name bac.com ! ! ip ssh time-out 30 ip ssh authentication-retries 2 ip ssh version 2 ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! username hello password 0 123 username bac password 0 123 ! !







policy-map LLQ-OUT-2

class rtp








interface Serial1/0

ip address 192.168.3.36 255.255.255.0 ip flow egress ip nat outside ip virtual-reassembly ip route-cache flow ipv6 address 2001::1/64 ipv6 enable ipv6 rip hutech enable serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 ip rsvp bandwidth !

interface Serial1/1 ip address 192.168.4.30 255.255.255.0 ipv6 enable serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 ip rsvp bandwidth !

interface Serial1/2 ip address 192.168.5.30 255.255.255.0 ip nat inside ip virtual-reassembly serial restart-delay 0


priority-group 1 service-policy input Marking-IN-1 !





interface Serial1/7


router ospf 1 log-adjacency-changes redistribute static metric 10 subnets redistribute rip metric 10 subnets network 192.168.4.0 0.0.0.255 area 0 !

router rip redistribute static metric 10 redistribute ospf 1 metric 10 network 192.168.3.0 network 192.168.5.0 ! ip route 0.0.0.0 0.0.0.0 Serial1/0 ip route 20.0.0.0 255.255.255.0 Serial1/2 ip flow-export source Serial1/0 ip flow-export version 5 ip flow-export destination 10.0.0.30 9996 !

no ip http server no ip http secure-server ! ! access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community private RW snmp-server ifindex persist

ipv6 router rip hutech maximum-paths 1 ! ! ! ! ! control-plane ! ! ! ! ! !




line vty 0 4 password 123456 login transport input ssh ! ntp clock-period 17179773 ntp server 192.168.3.30 ! end


5/ Router 5 (R5)

!* R5.bac.com.CiscoConfig !* IP Address : 192.168.4.36 !* Community : private !* Downloaded 3/1/2012 8:10:10 AM by SolarWinds Config Transfer Engine Version 5.5.0 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R5

! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef no ip domain lookup ip domain name bac.com ! ! ip ssh time-out 40 ip ssh authentication-retries 4 ! ! !

crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! ! ! ! ! ! ! ! ! ! ! ! username bac password 0 123456 ! !



class-map match-all ssh











interface Serial1/0

ip address 192.168.4.36 255.255.255.0 serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 !




interface Serial1/4 no ip address shutdown


serial restart-delay 0 !




router ospf 1 log-adjacency-changes network 192.168.4.0 0.0.0.255 area 0 ! ! ip http server ip http secure-server ! ! ! ip access-list standard wo ip access-list standard wr access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389

access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community public RO wo snmp-server community private RW ! ! ! ! control-plane ! ! ! ! ! !




line vty 0 4 login local transport input ssh ! ! end


6/ Router 6 (R6)

!* R6.CiscoConfig !* IP Address : 192.168.5.36 !* Community : private !* Downloaded 3/1/2012 8:09:04 AM by SolarWinds Config Transfer Engine Version 5.5.0 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R6

! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef no ip domain lookup no ip dhcp use vrf connected ip dhcp excluded-address 10.0.0.1 10.0.0.36 ! ip dhcp pool network10.0.0.0 network 10.0.0.0 255.255.255.0 default-router 10.0.0.36 dns-server 8.8.8.8 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username bac password 0 123 ! !








priority percent 15

class class-default fair-queue


class rtp

set dscp cs6

class netmeeting




interface Serial1/0 ip address 192.168.5.36 255.255.255.0 ip nat outside ip virtual-reassembly serial restart-delay 0 priority-group 1 service-policy input Marking-IN-1 !




interface Serial1/4 no ip address shutdown serial restart-delay 0


!




interface FastEthernet2/0 ip address 20.0.0.30 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto priority-group 1 service-policy input Marking-IN-1 !

interface FastEthernet2/1 no ip address shutdown duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 Serial1/0 ip route 10.0.0.0 255.255.255.0 Serial1/0 ip route 192.168.1.0 255.255.255.0 Serial1/0 ip route 192.168.2.0 255.255.255.0 Serial1/0 ip route 192.168.3.0 255.255.255.0 Serial1/0 ip route 192.168.4.0 255.255.255.0 Serial1/0 !

no ip http server no ip http secure-server ! ! access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet access-list 103 permit tcp any any eq 22 snmp-server community private RW ! ! ! ! control-plane ! ! ! ! ! !




line vty 0 4 password 123 login ! ! end


7/ Frame relay switch (FT_S)

! ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FRS

! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef no ip domain lookup ! ! ! frame-relay switching ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !









class rtp



set dscp cs4 class ssh

set dscp cs3 ! ! ! ! ! !


interface Serial1/0 no ip address encapsulation frame-relay serial restart-delay 0 priority-group 1 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 96 interface Serial1/2 69 frame-relay route 98 interface Serial1/1 89 service-policy input Marking-IN-1 !

interface Serial1/1 no ip address encapsulation frame-relay serial restart-delay 0 priority-group 1 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 89 interface Serial1/0 98 service-policy input Marking-IN-1 !

interface Serial1/2 no ip address encapsulation frame-relay serial restart-delay 0 priority-group 1 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 69 interface Serial1/0 96 service-policy input Marking-IN-1 !

interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface Serial1/4





interface Serial1/7 no ip address shutdown serial restart-delay 0 ! ! no ip http server no ip http secure-server ! ! access-list 100 permit tcp any any eq 3230 access-list 100 permit udp any any eq 3230 access-list 101 permit tcp any any eq 3389 access-list 102 permit tcp any any eq telnet

access-list 103 permit tcp any any eq 22 ! ! ! ! control-plane ! ! ! ! ! !




line vty 0 4 login ! ! end


III/ Bảng định tuyến của router

1/Router 1

2/Router 2


3/Router 3

4/Router 4


5/Router 5

6/Router 6


IV/ Kết quả bắt gói tin:

Bắt gói tin bằng Netflow trên cổng S1/0 của R4 và WireShark trên card loopback của máy thật

HTTP:


HTTPS:


TELNET:


SSH:


NTP:


Netmeeting


FTP


TFTP


DNS


SIP


H323


Kerberos


SNMP trap


RADIUS


TACACS


SMTP


RTP


RTCP


POP


DHCP


V/ C2 vào net:


VI/ Thể hiện sự ưu tiên lưu lượng từ cao đến thấp ở trường DSCP cho các lưu lượng theo

thứ tự sau : RTP, Netmeeting, TELNET, SSH.


VII/ Cầu hình cho giao thức RTP chiếm 25% tổng băng thông, Netmeeting 15% tổng

băng thông và 60% còn lại dành cho các giao thức khác.

lab2_bùi duy cương_lê quang bắc_09dthm

Documents