Cem Kemal Erbaş Cem Kemal Erbaş
- Cihaz isim ve ip address yapılandırması.
[Huawei]sysname Router1
[Router1]interface GigabitEthernet 0/0/1
[Router1-GigabitEthernet0/0/1]ip address 10.0.4.1 24
[Router3]interface GigabitEthernet 0/0/2
[Router3-GigabitEthernet0/0/2]ip address 10.0.6.3 24 [Huawei]sysname Switch1
[Switch1]vlan 4
[Switch1-vlan4]quit
[Switch1]interface vlanif 4
[Switch1-Vlanif4]ip address 10.0.4.254 24
[Switch1-Vlanif4]quit [Huawei]sysname Switch2
[Switch2]vlan 6
[Switch2-vlan6]quit
[Switch2]interface vlanif 6
[Switch2-Vlanif6]ip address 10.0.6.254 24
[Switch2-Vlanif6]quit
- Switch1 ve Switch2 için Vlan oluşturalım.
[Switch1]interface GigabitEthernet 0/0/1
[Switch1-GigabitEthernet0/0/1]port link-type trunk
[Switch1-GigabitEthernet0/0/1]port trunk pvid vlan 4
[Switch1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Switch1-GigabitEthernet0/0/1]quit
[Switch2-GigabitEthernet0/0/2]port link-type trunk
[Switch2-GigabitEthernet0/0/2]port trunk pvid vlan 6
[Switch2-GigabitEthernet0/0/2]port trunk allow-pass vlan all [Router1]interface GigabitEthernet 0/0/0
[Router1-GigabitEthernet0/0/0]ip address 119.84.111.1 24 [Router3]interface GigabitEthernet 0/0/0
[Router3-GigabitEthernet0/0/0]ip address 119.84.111.3 24
Router1’in Switch1 ve Router3 ile bağlantısını kontrol edelim.
ping 10.0.4.254
PING 10.0.4.254: 56 data bytes, press CTRL_C to break
Reply from 10.0.4.254: bytes=56 Sequence=1 ttl=255 time=150 ms
Reply from 10.0.4.254: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 10.0.4.254: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 10.0.4.254: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.0.4.254: bytes=56 Sequence=5 ttl=255 time=30 ms
— 10.0.4.254 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/62/150 ms
ping 119.84.111.3
PING 119.84.111.3: 56 data bytes, press CTRL_C to break
Reply from 119.84.111.3: bytes=56 Sequence=1 ttl=255 time=170 ms
Reply from 119.84.111.3: bytes=56 Sequence=2 ttl=255 time=70 ms
Reply from 119.84.111.3: bytes=56 Sequence=3 ttl=255 time=90 ms
Reply from 119.84.111.3: bytes=56 Sequence=4 ttl=255 time=90 ms
Reply from 119.84.111.3: bytes=56 Sequence=5 ttl=255 time=90 ms
— 119.84.111.3 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/102/170 ms
- Router1 ve Router3 cihazları için Access Control List konfigürasyonu oluşturalım.
Router1 cihazı için advance bir ACL konfigürasyonu oluşturalım ve Switch1 source’unu data flow seçelim , Router3 destination ve telnet servis noktasına kadar izin verelim.
[Router1]acl 3000
[Router1-acl-adv-3000]rule 5 permit tcp source 10.0.4.254 0.0.0.0 destination 119.84.111.3 0.0.0.0 destination-port eq 23
[Router1-acl-adv-3000]rule 10 permit ip source 10.0.4.0 0.0.0.255 destination any
[Router1-acl-adv-3000]rule 15 deny ip
Router3 cihazı için basic bir ACL konfigürasyonu oluşturalım ve data flaw source IP address 10.0.6.0/24 yazalım.
[Router3]acl 2000
[Router3-acl-basic-2000]rule permit source 10.0.6.0 0.0.0.255
- Dynamic NAT konfigürasyonu.
Switch1 ve Switch2 cihazları için static route yapılandıralım.
[Switch1]ip route-static 0.0.0.0 0.0.0.0 10.0.4.1
Router1 cihazı interface G0/0/0 için dynamic NAT’ı yapılandıralım.
[Router1]nat address-group 1 119.84.111.240 119.84.111.243
[Router1]interface GigabitEthernet 0/0/0
[Router1-GigabitEthernet0/0/0]nat outbound 3000 address-group 1
Router3 cihazınıda telnet server olarak yapılandıralım.
[Router3]user-interface vty 0 4
[Router3-ui-vty0-4]authentication-mode password
[Router3-ui-vty0-4]set authentication password cipher huawei
[Router3-ui-vty0-4]quit
Adres grubunun doğru yapılandırıldıgını kontrol edelim.
display nat address-groupNAT Address-Group Information:————————————–
Index Start-address End-address
————————————–
1 119.84.111.240 119.84.111.243
————————————–Total : 1
Konfigürasyonmuzun çalıştıgını kontrol edelim.
ping 119.84.111.3PING 119.84.111.3: 56 data bytes, press CTRL_C to breakReply from 119.84.111.3: bytes=56 Sequence=1 ttl=255 time=170 ms
Reply from 119.84.111.3: bytes=56 Sequence=2 ttl=255 time=70 ms
Reply from 119.84.111.3: bytes=56 Sequence=3 ttl=255 time=90 ms
Reply from 119.84.111.3: bytes=56 Sequence=4 ttl=255 time=90 ms
Reply from 119.84.111.3: bytes=56 Sequence=5 ttl=255 time=90 ms
— 119.84.111.3 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/102/170 ms
Sonuç..
display current-configuration#sysname Router1#
firewall-nat session icmp aging-time 300
#
nat address-group 1 119.84.111.240 119.84.111.243
#
acl number 3000
rule 5 permit tcp source 10.0.4.254 0 destination 119.84.111.3 0 destination-port eq telnet
rule 10 permit ip source 10.0.4.0 0.0.0.255
rule 15 deny ip
#
interface GigabitEthernet0/0/0
ip address 119.84.111.1 255.255.255.0
nat outbound 3000 address-group 1
#
interface GigabitEthernet0/0/1
ip address 10.0.4.1 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
display current-configuration#sysname Switch1#
vlan batch 4
#
interface Vlanif4
ip address 10.0.4.254 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 4
port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 10.0.4.1
#
user-interface con 0
user-interface vty 0 4
#
return
display current-configuration
#
sysname Switch2
#
vlan batch 6
#
interface Vlanif6
ip address 10.0.6.254 255.255.255.0
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 6
port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 10.0.6.3
#
user-interface con 0
user-interface vty 0 4
#
return
disply current-configuration
#
sysname Router3
#
acl number 2000
rule 5 permit source 10.0.6.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 119.84.111.3 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/2
ip address 10.0.6.3 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
set authentication password cipher BF8HNYzg(UajUn1vMEIBsZw#
user-interface vty 16 20
#
return
