Professional Documents
Culture Documents
5.2
5.2 IOS
5.2
)
[PacketTracer 5.2 ] CA ( VPN
[PacketTracer 5.2 ] PacketTracer
5.2 GRE
5.2 GRE
5.2 GRE ()
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
Cisco PacketTracer
( Cisco PacketTracer
5.2 pkt PacketTracer
5.2
T
VPN
Internet VPN
PacketTracer
2 IPsec VPN ( PacketTracer
5.
5.2 )
VPN Int
ernet IP Internet
NAT Internet
Easy
VPN web
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
IP
192.168.1.124
fa 0/0 192.168.1.254/24
fa 0/1 100.1.1.2/24
fa 0/0 200.1.1.1/24
fa 0/0
fa 0/1 172.16.1.254/24
200.1.1.2/24
172.16.1.124
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
no shutdown
interface FastEthernet0/1
ip address 100.1.1.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 100.1.1.1
Internet
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
no shutdown
interface FastEthernet0/1
ip address 100.1.1.1 255.255.255.0
no shutdown
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.0
ip nat outside
no shutdown
interface FastEthernet0/1
ip address 172.16.1.254 255.255.255.0
ip nat inside
shutdown
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 200.1.1.1
access-list 1 permit 172.16.1.0 0.0.0.255
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
Web E
asy VPN
aaa new-model AAA
aaa authentication login eza local eza eza
aaa authorization network ezo local ezo ezo
username tang password 123
crypto isakmp policy 10Ipsec
hash md5
authentication pre-share
group 2
interface FastEthernet0/1
crypto map tom
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
Easy VPN
connect IP
Ipsec VPN
ping 100.1.1.2 Easy VPN
web Desktop Web Browser IP192.1
68.1.1 web .
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
PacketTracer5.2 VPN
T
T (
Cisco PacketTracer5.2
PacketTracer
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
PKT
IPSEC VPN Easy VPN
PacketTracer
5.2 Easy VP
N
IP
PC0 PC1 :DHCP
laptop0 wuxianDHCP
Web 192.168.1.253/24
ISP ISP
TFTP 192.168.1.252/24
DNS 202.103.96.112/24
fa0/0:192.168.1.254/24
51CTO -----tom9916
fa0/1:100.1.1.2/24
http://9916376.blog.51cto.com/
PacketTracer 5.2
fa 0/0:200.1.1.1/24
E1/0:210.1.1.1/24( wuxian )
E1/1:202.103.96.1/24ISP DNS ISP Web
f0/0:200.1.1.2/24
fa 0/1:192.168.2.254/24
Desktop IP configuration IP
51CTO -----tom9916
http://9916376.blog.51cto.com/
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
10
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
11
PacketTracer 5.2
Internet
enable
configure terminal
51CTO -----tom9916
http://9916376.blog.51cto.com/
12
PacketTracer 5.2
hostname Internet
line console 0
logg sy
exec-time 0 0
exit
no ip domain-lookup
interface fastethernet 0/1
ip add 100.1.1.1 255.255.255.0
no shut
exit
interface fastethernet 0/0
ip add 200.1.1.1 255.255.255.0
no shut
exit
interface ethernet 1/1
ip add 202.103.96.1 255.255.255.0
no shut
exit
interface ethernet 1/0
ip add 210.1.1.1 255.255.255.0
no shut
exit
ip dhcp excluded-address 210.1.1.1
ip dhcp pool wifi
network 210.1.1.0 255.255.255.0
default-router 210.1.1.1
dns-server 202.103.96.112
exit
51CTO -----tom9916
http://9916376.blog.51cto.com/
13
PacketTracer 5.2
enable
configure terminal
hostname Internet
line console 0
logg sy
exec-time 0 0
exit
no ip domain-lookup
interface fastethernet 0/1
ip add 100.1.1.2 255.255.255.0
no shut
ip nat outside
exit
interface fastethernet 0/0
ip add 192.168.1.254 255.255.255.0
no shut
ip nat inside
exit
ip route 0.0.0.0 0.0.0.0 100.1.1.1
ip dhcp excluded-address 192.168.1.254
ip dhcp pool zongbu
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 202.103.96.112
exit
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.2
55
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
51CTO -----tom9916
http://9916376.blog.51cto.com/
14
PacketTracer 5.2
enable
configure terminal
hostname fenbu
line console 0
logg sy
exec-time 0 0
exit
no ip domain-lookup
interface fastethernet 0/0
ip add 200.1.1.2 255.255.255.0
no shut
ip nat outside
exit
interface fastethernet 0/1
ip add 192.168.2.254 255.255.255.0
no shut
ip nat inside
exit
ip route 0.0.0.0 0.0.0.0 200.1.1.1
ip dhcp excluded-address 192.168.2.254
ip dhcp pool zongbu
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 202.103.96.112
exit
51CTO -----tom9916
http://9916376.blog.51cto.com/
15
PacketTracer 5.2
www.xiaoT.com www.tom.com
VPN PC Ping PC
VPN
51CTO -----tom9916
http://9916376.blog.51cto.com/
16
PacketTracer 5.2
interface FastEthernet0/1
crypto map tom
aaa new-model
aaa authentication login eza local
aaa authorization network ezo local
username tang password 123
http://9916376.blog.51cto.com/
17
PacketTracer 5.2
key 123
pool ez
51CTO -----tom9916
http://9916376.blog.51cto.com/
18
PacketTracer 5.2
interface FastEthernet0/0
crypto map tom
PKT PKT
http://9916376.blog.51cto.com/468239/197253
51CTO -----tom9916
http://9916376.blog.51cto.com/
19
PacketTracer 5.2
PacketTracer
5.2
cisco
PacketTracer
cisco
PacketTracer
T 30%
PacketTracer
cisco
PacketTracer
PacketTra
cer
T PacketTracer
PacketTracer
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
20
PacketTracer 5.2
T
()
51CTO -----tom9916
http://9916376.blog.51cto.com/
21
PacketTracer 5.2
HUB AP
PC
PC IP IP
console R232
console
568B 568A
DCE DTE
,DCE ISP
DCE serial
51CTO -----tom9916
http://9916376.blog.51cto.com/
22
PacketTracer 5.2
Physical
config Web
CLI
PC PC
51CTO -----tom9916
http://9916376.blog.51cto.com/
23
PacketTracer 5.2
PC Physical Conf
ig Desktop IP
configuration IP isl-up T
erminal
command prompt CMD telnetpingtra
ce web Brower PC Wireless
AP VPN Easvy VPN ;Traffic General
T 5.2
SMNP 5.2 T SMNP
51CTO -----tom9916
http://9916376.blog.51cto.com/
24
PacketTracer 5.2
Realtime
51CTO -----tom9916
http://9916376.blog.51cto.com/
25
PacketTracer 5.2
ARP
Auto capture/play,
A B
TCP/IP
Auto capture/play
51CTO -----tom9916
http://9916376.blog.51cto.com/
26
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
27
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
28
PacketTracer 5.2
PacketTracer
5.2 IOS
T
T TFTP IOS
PC CPU B
ser
ver xp IOS
c1841-ipbase-mz.123-14.T7.bin
Ipsec
51CTO -----tom9916
http://9916376.blog.51cto.com/
29
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
30
PacketTracer 5.2
OK Windows >
>>>
51CTO -----tom9916
http://9916376.blog.51cto.com/
31
PacketTracer 5.2
show version
R1#show version
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Vers
ion 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
http://9916376.blog.51cto.com/
32
PacketTracer 5.2
Flash
R1#show flash:
Length
Name/status
33591768 c1841-advipservicesk9-mz.124-15.T1.bin
13832032 c1841-ipbase-mz.123-14.T7.bin
28282
sigdef-category.xml
227537
sigdef-default.xml
51CTO -----tom9916
http://9916376.blog.51cto.com/
33
PacketTracer 5.2
IOS
R1(config) tftp-server flash c1841-ipbase-mz.123-14.T7.bin
IOS cisco
4 console cisco
ROM IOS
rommon 1 > IP_ADDRESS=10.1.1.1
rommon 2 > IP_SUBNET_MASK=255.255.0.0
rommon 3 > DEFAULT_GATEWAY=10.1.1.2
rommon 4 > TFTP_SERVER=10.1.1.2
rommon 5 > TFTP_FILE=c1841-ipbase-mz.123-14.T7.bin
rommon 6 > tftpdnld
Y boot
51CTO -----tom9916
http://9916376.blog.51cto.com/
34
PacketTracer 5.2
PacketTracer 5.2
(
T
telnetSSH
Web
cisco IOSH3C
VRP
T
TFTP TFP cisco
startup-config running-configRuning-config ci
sco cisco
startup-config cisco cisco
IOS startup-config
cisco copy running-config startup-confi
g write
startup-config cisco
T
51CTO -----tom9916
http://9916376.blog.51cto.com/
35
PacketTracer 5.2
PC0PC1TFTP
IP
PC0192.168.2.1/24
PC1:192.168.3.1/24
TFTP:192.168.1.2/24
IP192.168.1.1/24
enable
config t
line console 0
logg sy
exec-time 0 0
exit
hostname R1
51CTO -----tom9916
http://9916376.blog.51cto.com/
36
PacketTracer 5.2
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
no shut
interface FastEthernet0/0.1
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
no shut
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.254 255.255.255.0
no shut
enable
conf t
line console 0
logg sy
exec-time 0 0
exit
vlan 2 name vlan2
vlan 3 name vlan3
interface range fastEthernet 0/1 -5
switchport mode access
switchport access vlan 2
spanning-tree portfast
exit
interface range fastEthernet 0/6 -10
switchport mode access
switchport access vlan 3
51CTO -----tom9916
http://9916376.blog.51cto.com/
37
PacketTracer 5.2
spanning-tree portfast
exit
interface fastEthernet 0/24
switchport mode turnk
exit
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no shut
exit
ip default-gateway 192.168.1.254 ping
PC
Console
line console 0
password xiaot
login
console
Password:
R1>
telnet
line vty 0 4 0-4
password xiaot
login
51CTO -----tom9916
http://9916376.blog.51cto.com/
38
PacketTracer 5.2
PC CMD telnet
Console
username xiaot password
tang AA
A AAA PacketTracer
5.2 AAA
Easy VPN
line con 0
login local
console
Username: xiaot
Password:
51CTO -----tom9916
http://9916376.blog.51cto.com/
39
PacketTracer 5.2
R1>
Telnet
username xiaot password
tang
line vty 0 4
login local
enable password 123
SSH
hostname R1
ip domain-name cicso.com
RSA
SSH
51CTO -----tom9916
http://9916376.blog.51cto.com/
40
PacketTracer 5.2
SSH
line vty 0 4
login local
transport input ssh
enable password 123
SSH
51CTO -----tom9916
http://9916376.blog.51cto.com/
41
PacketTracer 5.2
IOSIOS
PacketTracer
5.2 IOS
Length
Name/status
50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin
28282
sigdef-category.xml
227537
sigdef-default.xml
51CTO -----tom9916
http://9916376.blog.51cto.com/
42
PacketTracer 5.2
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!
[OK - 50938004 bytes]
50938004 bytes copied in 59.468 secs (856000 bytes/sec)
TFTP IOS IO
S startup-config running-config
TFTP startup-config
running-config
http://9916376.blog.51cto.com/
43
PacketTracer 5.2
TFTP
startup-config
R1#copy tftp: flash:
Address or name of remote host []? 192.168.1.2
Source filename []? startup-config
Destination filename [startup-config]? flash
Accessing tftp://192.168.1.2/startup-config...
Loading startup-config from 192.168.1.2: !
[OK - 684 bytes]
684 bytes copied in 0.062 secs (11032 bytes/sec)
51CTO -----tom9916
http://9916376.blog.51cto.com/
44
PacketTracer 5.2
T cis
co startup-config
0x2102 startup-config 0x2142 s
tartup-config
PacketTrac
er 5.2 ####
Ctrl+Break ROM
Self decompressing the image :
############
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142
rommon 2 > boot
no
run
ning-config startup-config startup-co
nfig
Continue with configuration dialog? [yes/no]: no
http://9916376.blog.51cto.com/
45
PacketTracer 5.2
telnetssh s
tartup-config
T cisco 2950
Modem
flash_init
load helper
dir flash: flash config.text
boot
PKT
51CTO -----tom9916
http://9916376.blog.51cto.com/
46
PacketTracer 5.2
CDP
CDP cisco
IP
Bfa0/0 10.1.1.1/24
Afa0/0 10.1.1.2/24
fa0/1 172.16.1.1/24
Cfa 0/1 172.16.1.2/24
B
51CTO -----tom9916
http://9916376.blog.51cto.com/
47
PacketTracer 5.2
hostname B
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
C
hostname C
interface FastEthernet0/1
ip address 172.16.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.16.1.1
B#show cd neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
51CTO -----tom9916
http://9916376.blog.51cto.com/
48
PacketTracer 5.2
Local Intrfce
Fas 0/0
Holdtme
171
Capability
R
Platform
Port ID
C1841
Fas 0/0
Local Intrfce
Holdtme
Fas 0/0
135
Fas 0/1
142
Capability
Platform
Port ID
C2600
Fas 0/0
C2800
Fas 0/1
Local Intrfce
Fas 0/1
Holdtme
125
Capability
R
Platform
Port ID
C1841
Fas 0/1
Device ID
hostname Local Interfce Holdtme
180 B A Holdtme
Capability R
Capability Codes Platform
Port ID Port ID Local Int
erfce
CDP
CDP Cdp timer
CDP 60
clear cdp table CDP show cdp
51CTO -----tom9916
http://9916376.blog.51cto.com/
49
PacketTracer 5.2
neighbor CDP
Show cdp interface: CDP
show cdp traffic
CDP CDP debug
cdp [packets][ip][adjacency][events]:cdp
51CTO -----tom9916
http://9916376.blog.51cto.com/
50
PacketTracer 5.2
T
PacketTracer 5.2
SNMP SNMP SNMP
SNMP T SNMP 20% PT
SNMP
TelnetSSH
Web
Web
SNMP
SNMP TCP/IP T
20% PC cisco cisco ne
tworkWindows server
SNMP SNMP
SNMP
SNMP SNMP
SNMP T
MIB
MIB
MIB MIB
P
C MIB MIB Get
Set SNMP
51CTO -----tom9916
http://9916376.blog.51cto.com/
51
PacketTracer 5.2
IOS
SNMP MIB
MIB
MIB T MIBMIB
MIB
MIB
MIB
OID
MIB
1.3.6.1.2.1.1 iso.org.dod.internet.mgmt.mib-2.system
TPC/IP
T
SNMP T SNMP
T p
acketTracer 5.2 SNMP
51CTO -----tom9916
http://9916376.blog.51cto.com/
52
PacketTracer 5.2
IP
fa0/0 192.168.1.1/24
VLAN 1 192.168.1.2/24
PC:192.168.1.10/24
hostname R1
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shut
interface Vlan1
ip address 192.168.1.2 255.255.255.0
http://9916376.blog.51cto.com/
53
PacketTracer 5.2
PT T
SNMP
PC Destop MIBpacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
54
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
55
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
56
PacketTracer 5.2
read-only
SNMP write-read
SNMP hostnamePT T
SNMP PT hostname
51CTO -----tom9916
http://9916376.blog.51cto.com/
57
PacketTracer 5.2
h
ostname R1 xiaoTrouter
51CTO -----tom9916
http://9916376.blog.51cto.com/
58
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
59
PacketTracer 5.2
PT MIB
System:
If
At ARP
IPIP
OSPFOSPF
RIP2rip
Privatecisco MIB
51CTO -----tom9916
http://9916376.blog.51cto.com/
60
PacketTracer 5.2
SNMP T
SNMP QQ
PKT http://9916376.blog.51cto.com/468239/21
0637
51CTO -----tom9916
http://9916376.blog.51cto.com/
61
PacketTracer 5.2
CCIE
IE http://g.51cto.com/ciscotest/54780
MPLS VPN IE IS-ISOSPF
BGPMPLS MPSL VPN IE
MPLS VPN ISP
MPLS VPN MPLS VPN
80 G
MPLS VPN MPLS Configuration on Cisco IOS Software
MPLS
MPLS
BOption C IE T CPU
4 3.0 512M CPU
IOS cisco IOS
IOSc2691-jk9o3s-mz.122-15.T17.bin M
PLS VPN LDP IPSec VPN
IOS
T
IE
IE http:
//g.51cto.com/ciscotest/54780 85%,
T
http://9916376.blog.51cto.com/
62
PacketTracer 5.2
MPLS VPN PE
PE
http://g.51cto.com/ciscotest/54780
R1 CER2R3R4R5 PE PR6 PP
51CTO -----tom9916
http://9916376.blog.51cto.com/
63
PacketTracer 5.2
VPNv4 PE P PE VPNv4 P
PE R1R3R5 MPLS VPN
172.99.11.0/24192.168.202.0/24172.99.5.0/24
R1 R5 R1 172.99.11.0/24 172.
99.5.0/24 R1 R1 CE
R1-R2.R2R3R3R5
R2 R2 R1
IP
MPLS PE
PE
IP
IP
loopback:
R1:99.99.0.1 255.255.255.255
R2:99.99.0.2 255.255.255.255
R3:99.99.0.3 255.255.255.255
R4:99.99.0.4 255.255.255.255
R5:99.99.0.5 255.255.255.255
R6:99.99.0.6 255.255.255.255
IP
R1<--->R2
R1 172.99.12.1 255.255.255.0
R2 172.99.12.2 255.255.255.0
to YW
R1 172.99.11.1 255.255.255.0
R1<--->R4
51CTO -----tom9916
http://9916376.blog.51cto.com/
64
PacketTracer 5.2
R1 172.99.14.1 255.255.255.0
R4 172.99.14.2 255.255.255.0
R2<--->R4
R2 99.99.24.1 255.255.255.0
R4 99.99.24.2 255.255.255.0
R2<--->R3
R2 99.99.23.1 255.255.255.0
R3 99.99.23.2 255.255.255.0
R3<--->R4
R3 99.99.34.1 255.255.255.0
R4 99.99.34.2 255.255.255.0
to YW
R3 192.168.202.1 255.255.255.0
R3<--->R5
R3 99.99.35.1 255.255.255.0
R5 99.99.35.2 255.255.255.0
R4<--->R6
R6 99.99.46.2 255.255.255.0
R4 99.99.46.1 255.255.255.0
R5<--->R6
R5 99.99.56.1 255.255.255.0
R6 99.99.56.2 255.255.255.0
to YW
51CTO -----tom9916
http://9916376.blog.51cto.com/
65
PacketTracer 5.2
R5 172.99.5.1 255.255.255.0
IP
IP T
IP Ping IP IP
MPLS AS
PE VRF CE
VRF PE VRF CE CE
VRF
CE
http://9916376.blog.51cto.com/
66
PacketTracer 5.2
router bgp 99
no bgp default route-target filter MP-EGBP
VPNv4
address-family vpnv4VPNv4
neighbor 99.99.0.2 activate MP-GBP MP-IBGP
neighbor 99.99.0.2 send-community extended VPNv4
ip vrf xiaot
rd 1:110
route-target export 2:110
route-target import 2:110
exit
int s 1/1
ip vrf forwarding xiaot VRF
ip add 172.99.14.2 255.255.255.0
no shut
exit
http://9916376.blog.51cto.com/
67
PacketTracer 5.2
router bgp 99
address-family ipv4 vrf xiaot VRF
redistribute ospf 299 metric 1000 match internal external 1 exter
nal 2( OSPF BGP )
R2R3R4 IS-IS
Interface
SNPA
R3
Se1/3
*HDLC*
Up
25
L1
IS-IS
R4
Se1/2
*HDLC*
Up
21
L1
IS-IS
ol
System Id
Interface
SNPA
R4
Se1/0
*HDLC*
Up
20
L2
IS-IS
R2
Se1/3
*HDLC*
Up
29
L1
IS-IS
ol
http://9916376.blog.51cto.com/
68
PacketTracer 5.2
System Id
Interface
SNPA
R3
Se1/0
*HDLC*
Up
26
L2
IS-IS
R2
Se1/2
*HDLC*
Up
27
L1
IS-IS
ol
CE
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
O E1
http://9916376.blog.51cto.com/
69
PacketTracer 5.2
R2 VPNv4
R1#traceroute 172.99.5.1
284 msec
PE
R2#show mpls forwarding-table
Local Outgoing
Prefix
Next Hop
tag
tag or VC
or Tunnel Id
switched
interface
16
Pop tag
99.99.0.3/32
4230
Se1/3
point2point
17
Pop tag
99.99.0.4/32
3633
Se1/2
point2point
18
Pop tag
99.99.34.0/24
Se1/2
point2point
Pop tag
99.99.34.0/24
Se1/3
point2point
22
Untagged
99.99.0.1/32[V]
Se1/0
point2point
23
Untagged
172.99.14.0/24[V] 0
Se1/0
point2point
24
Aggregate
172.99.12.0/24[V] 636
Next Hop
In label/Out label
172.99.12.1
22/nolabel
172.99.5.0/24
99.99.0.3
nolabel/30
172.99.12.0/24
0.0.0.0
24/aggregate(xiaot)
51CTO -----tom9916
http://9916376.blog.51cto.com/
70
PacketTracer 5.2
172.99.14.0/24
172.99.12.1
23/nolabel
192.168.202.0
99.99.0.3
nolabel/27
MP-BGP
51CTO -----tom9916
http://9916376.blog.51cto.com/
71
PacketTracer 5.2
85%
MPLS
VPN
--------------------- T
http://9916376.blog.51cto.com/468239/21
7626
51CTO -----tom9916
http://9916376.blog.51cto.com/
72
PacketTracer 5.2
PacketTracer
5.2 )
[www.renzhengwang.com(]
~~
T
VPN MPLS VOIP
PacketTracer
501950872
PacketTracer 5.2 VPN
PacketTracer 5.2 (
ftp://renzhengwang:renzhengwang@www.renzhengwang.com/sim/PacketTracer%
205.2_setup.rar
PacketTracer
PacketTracer
Router 1 Internet IP
VPN Internet
Router 3 Router 4
IP
Router 1 FastEthernet0/0
200.1.1.1
FastEthernet0/1 100.1.1.1
200.1.1.2
FastEthernet0/1
192.168.2.254
PC1 192.168.1.1/24
PC2:
192.168.2.1/24
( VPN
VPN PC1
Ping
Router1 Internet
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
no shutdown
51CTO -----tom9916
http://9916376.blog.51cto.com/
73
PacketTracer 5.2
interface FastEthernet0/1
ip address 100.1.1.1 255.255.255.0
no shutdown
Router 3
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key tom address 200.1.1.2
crypto ipsec transform-set tim esp-3des esp-md5-hmac
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
51CTO -----tom9916
http://9916376.blog.51cto.com/
74
PacketTracer 5.2
5.2 VPN
51CTO -----tom9916
http://9916376.blog.51cto.com/
75
PacketTracer 5.2
:http://9916376.blog.51cto.com/468239/196247
51CTO -----tom9916
http://9916376.blog.51cto.com/
76
PacketTracer 5.2
CA ( VPN
VPN T
cisco 3640 ca
2.
enable
conf t
hostname zongbu
no ip domain-lookup
line console 0
logging sy
exec-time 0 0
exit
interface ethernet 0/0
ip address dhcp 200.1.1.2 200.1.1.1
no shut
exit
interface ethernet 0/2
ip address 192.168.1.1 255.255.255.0
no shut
no keepalive
exit
enable
conf t
hostname fenbu
51CTO -----tom9916
http://9916376.blog.51cto.com/
77
PacketTracer 5.2
no ip domain-lookup
line console 0
logging sy
exec-time 0 0
exit
interface ethernet 0/0
ip address dhcp 210.1.1.2 210.1.1.1
no shut
exit
interface ethernet 0/2
ip address 192.168.2.1 255.255.255.0
no shut
no keepalive
exit
ca
clock set 10:25:00 apr 18 2009
ca ca
ip domain-name t31.com
crypto key generate rsa general-keys label lab modulus 1024
ip http server
crypto pki server lab ca lab
issuer-name CN=zongbu.t31.com,L=changsha,C=CN ca
no shutdown ( ca )
%Some server settings cannot be changed after CA certificate generation.
% Please enter a passphrase to protect the private key
% or type Return to exit
Password:
Re-enter password:
7
% Certificate Server enabled.
ca ca
zongbu#show crypto ca certificates ca
CA Certificate
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Issuer:
cn=zongbu.t31.com
l=changsha
c=CN
51CTO -----tom9916
http://9916376.blog.51cto.com/
78
PacketTracer 5.2
Subject:
cn=zongbu.t31.com
l=changsha
c=CN
Validity Date:
start date: 10:25:41 UTC Apr 18 2009
end date: 10:25:41 UTC Apr 17 2012
Associated Trustpoints: lab
51CTO -----tom9916
http://9916376.blog.51cto.com/
79
PacketTracer 5.2
ca
zongbu#crypto pki server lab info requests
ca lab ca
Enrollment Request Database:
Subordinate CA certificate requests:
ReqID State Fingerprint SubjectName
-------------------------------------------------------------RA certificate requests:
ReqID State Fingerprint SubjectName
-------------------------------------------------------------Router certificates requests:
ReqID State Fingerprint SubjectName
-------------------------------------------------------------1 pending FF549ED70F2050DD712E3CEBAC68AB6F hostname=zongbu.t31.co
m
Certificate
Status: Available
Certificate Serial Number: 02
Certificate Usage: General Purpose
Issuer:
cn=zongbu.t31.com
l=changsha
c=CN
Subject:
Name: zongbu.t31.com
hostname=zongbu.t31.com
Validity Date:
start date: 10:33:44 UTC Apr 18 2009
end date: 10:33:44 UTC Apr 18 2010
Associated Trustpoints: 200.1.1.2
CA Certificate
51CTO -----tom9916
http://9916376.blog.51cto.com/
80
PacketTracer 5.2
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Issuer:
cn=zongbu.t31.com
l=changsha
c=CN
Subject:
cn=zongbu.t31.com
l=changsha
c=CN
Validity Date:
start date: 10:25:41 UTC Apr 18 2009
end date: 10:25:41 UTC Apr 17 2012
Associated Trustpoints: 200.1.1.2 lab
51CTO -----tom9916
http://9916376.blog.51cto.com/
81
PacketTracer 5.2
Certificate
Status: Available
Certificate Serial Number: 03
Certificate Usage: General Purpose
Issuer:
cn=zongbu.t31.com
l=changsha
c=CN
Subject:
51CTO -----tom9916
http://9916376.blog.51cto.com/
82
PacketTracer 5.2
Name: fenbu.t31.com
hostname=fenbu.t31.com
Validity Date:
start date: 10:43:55 UTC Apr 18 2009
end date: 10:43:55 UTC Apr 18 2010
Associated Trustpoints: 200.1.1.2
CA Certificate
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Issuer:
cn=zongbu.t31.com
l=changsha
c=CN
Subject:
cn=zongbu.t31.com
l=changsha
c=CN
Validity Date:
start date: 10:25:41 UTC Apr 18 2009
end date: 10:25:41 UTC Apr 17 2012
Associated Trustpoints: 200.1.1.2
3.VPN
51CTO -----tom9916
http://9916376.blog.51cto.com/
83
PacketTracer 5.2
51CTO -----tom9916
http://9916376.blog.51cto.com/
84
PacketTracer 5.2
PacketTracer
Cisco PacketTracer
P
acketTracer 5.2PacketTracer
PN ( PacketTracer
5.2 IPsec V
5.2 ) AAA
Easy VPN
AAA AuthenticationAuthorization
Accounting
AAA
AAA
AAA
51CTO -----tom9916
http://9916376.blog.51cto.com/
85
PacketTracer 5.2
AAA
Config AAA
51CTO -----tom9916
http://9916376.blog.51cto.com/
86
PacketTracer 5.2
http://9916376.blog.51cto.com/
87
PacketTracer 5.2
http://9916376.blog.51cto.com/
88
PacketTracer 5.2
interface fa 0/1
crypto map tom
exit
VPN
GroupNamemyez
Group key123
Host IP(server IP)100.1.1.2
UsernamexiaoT
Password123
connect IP
Ipsec VPN
ping 100.1.1.2 Easy VPNEasy VPN pin
g
PKT
http://9916376.blog.51cto.com/468239/197816
51CTO -----tom9916
http://9916376.blog.51cto.com/
89
PacketTracer 5.2
PacketTracer
T PacketTracer
5.2 PSTN
PSTN VP
PSTN
Internet IP
NAT PS
TN
PacketTracer
5.2
http://9916376.blog.51cto.com/
90
PacketTracer 5.2
Cisco PacketTracer
PSTN
IP
Fa 0/0 192.168.1.254/24
Fa 0/1 100.1.1.2/24
Fa 0/1 200.1.1.1/24
PSTN
51CTO -----tom9916
http://9916376.blog.51cto.com/
91
PacketTracer 5.2
Internet
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
interface FastEthernet0/1
ip address 100.1.1.1 255.255.255.0
hostname zongbu
aaa new-model
51CTO -----tom9916
http://9916376.blog.51cto.com/
92
PacketTracer 5.2
interface FastEthernet0/0
51CTO -----tom9916
http://9916376.blog.51cto.com/
93
PacketTracer 5.2
interface FastEthernet0/1
ip address 100.1.1.2 255.255.255.0
crypto map tom
interface Modem0/3/0
ip address 192.168.3.254 255.255.255.0
config
5.2 Easy VP
N PSTN 110
DHCP Desktop
Dial-up
51CTO -----tom9916
http://9916376.blog.51cto.com/
94
PacketTracer 5.2
Dial ping
PKT
51CTO -----tom9916
http://9916376.blog.51cto.com/
95
PacketTracer 5.2
PacketTracer
5.2 GRE
51CTO -----tom9916
http://9916376.blog.51cto.com/
96
PacketTracer 5.2
IP
Internetzongbu
Internet 30.1.1.1/24
zongbu 30.1.1.2/24
Internetfenbu_2
Internet 20.1.1.1/24
fenbu_2 20.1.1.2/24
Internetfenbu_1
Internet 10.1.1.1/24
fenbu_1 10.1.1.2/24
zongbuServer
zongbu 192.168.3.254/24
server 192.168.3.1/24
fenbu_2PC1
zongbu 192.168.2.254/24
PC1
192.168.2.1/24
PC0
192.168.2.1/24
fenbu_1PC0
zongbu 192.168.2.254/24
51CTO -----tom9916
http://9916376.blog.51cto.com/
97
PacketTracer 5.2
Internet IP
PKT GRE GRE
GRE
GRE
Zongbu
interface Tunnel0
Tunnel 0 fenbu_1 GR
E
ip address 1.1.1.1 255.255.255.0 ( Tunnel 0 IP IP fenbu_1
)
tunnel source FastEthernet0/0 GRE IP fa 0/0 IP
tunnel destination 10.1.1.2
interface Tunnel1
GRE IP 10.1.1.2 IP
Tunnel 1 fenbu_2 GR
E
ip address 2.1.1.1 255.255.255.0 ( Tunnel 1 IP IP fenbu_2
)
tunnel source FastEthernet0/0 GRE IP fa 0/0 IP
tunnel destination 20.1.1.2
GRE IP 20.1.1.2 IP
fenbu_1fenbu_2
fenbu_1
interface Tunnel0
51CTO -----tom9916
http://9916376.blog.51cto.com/
98
PacketTracer 5.2
fenbu_2
interface Tunnel0
ip address 2.1.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 30.1.1.2
ip route 192.168.3.0 255.255.255.0 2.1.1.1
ip route 192.168.1.0 255.255.255.0 2.1.1.1
zongbu#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
http://9916376.blog.51cto.com/
99
PacketTracer 5.2
S*
fenbu_1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
51CTO -----tom9916
http://9916376.blog.51cto.com/
100
PacketTracer 5.2
S*
fenbu_2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
S*
ping
fenbu_1
Fenbu_1 zongbu
Fenbu_1 PC0192.168.1.1/24 zongbu server(192.168.3.1/24)
PC0 fenbu_1 192.168.3.0/24 I
P 1.1.1.1 1.1.1.1 1.1.1.1 Tu
51CTO -----tom9916
http://9916376.blog.51cto.com/
101
PacketTracer 5.2
nnel0 GRE
IP IPfa 0/0 IP IP
zongbu fa 0/0 IP zongb
u fa 0/0 InternetInternet
IP IP
zongbu IP I
P GRE IP IP
fa 0/1 serverServer
IP fenbu_1 PC0 PC0 server
GRE
http://9916376.blog.51cto.com/468239/268823
51CTO -----tom9916
http://9916376.blog.51cto.com/
102
PacketTracer 5.2
PacketTracer
5.2 GRE
GRE OSPF
Zongbu
interface Tunnel0
ip address 1.1.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.1.1.2
interface Tunnel1
ip address 2.1.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 20.1.1.2
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 2.1.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
fenbu_1
interface Tunnel0
ip address 1.1.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 30.1.1.2
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
fenbu_2
interface Tunnel0
ip address 2.1.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 30.1.1.2
router ospf 1
network 192.168.2.0 0.0.0.255 area 0
network 2.1.1.0 0.0.0.255 area 0
51CTO -----tom9916
http://9916376.blog.51cto.com/
103
PacketTracer 5.2
OSPF
zongbu#show ip ospf neighbor
Neighbor ID
Pri State
Dead Time Address
192.168.1.254
0 FULL/ 00:00:39
1.1.1.2
192.168.2.254
0 FULL/ 00:00:38
2.1.1.2
zongbu#show ip route
Gateway of last resort is 30.1.1.1 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Tunnel0
2.0.0.0/24 is subnetted, 1 subnets
C
2.1.1.0 is directly connected, Tunnel1
30.0.0.0/24 is subnetted, 1 subnets
C
30.1.1.0 is directly connected, FastEthernet0/0
O
192.168.1.0/24 [110/1001] via 1.1.1.2, 00:30:49, Tunnel0
O
192.168.2.0/24 [110/1001] via 2.1.1.2, 00:30:49, Tunnel1
C
192.168.3.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [1/0] via 30.1.1.1
Interface
Tunnel0
Tunnel1
Pri
0
State
Dead Time
Address
Interface
FULL/ -
00:00:36
1.1.1.1
Tunnel0
fenbu_1#show ip route
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C
1.1.1.0 is directly connected, Tunnel0
2.0.0.0/24 is subnetted, 1 subnets
O
2.1.1.0 [110/2000] via 1.1.1.1, 00:28:13, Tunnel0
10.0.0.0/24 is subnetted, 1 subnets
C
10.1.1.0 is directly connected, FastEthernet0/0
C
192.168.1.0/24 is directly connected, FastEthernet0/1
O
192.168.2.0/24 [110/2001] via 1.1.1.1, 00:28:03, Tunnel0
O
192.168.3.0/24 [110/1001] via 1.1.1.1, 00:28:13, Tunnel0
S* 0.0.0.0/0 [1/0] via 10.1.1.1
Pri
51CTO -----tom9916
State
Dead Time
Address
http://9916376.blog.51cto.com/
Interface
104
PacketTracer 5.2
192.168.3.254
FULL/ -
00:00:38
2.1.1.1
Tunnel0
fenbu_2#show ip route
Gateway of last resort is 20.1.1.1 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
O
1.1.1.0 [110/2000] via 2.1.1.1, 00:26:12, Tunnel0
2.0.0.0/24 is subnetted, 1 subnets
C
2.1.1.0 is directly connected, Tunnel0
20.0.0.0/24 is subnetted, 1 subnets
C
20.1.1.0 is directly connected, FastEthernet0/0
O
192.168.1.0/24 [110/2001] via 2.1.1.1, 00:26:02, Tunnel0
C
192.168.2.0/24 is directly connected, FastEthernet0/1
O
192.168.3.0/24 [110/1001] via 2.1.1.1, 00:26:12, Tunnel0
S* 0.0.0.0/0 [1/0] via 20.1.1.1
ospf
ospf ospf GRE
Tunnel ospf IP
GRE IP
GRE
IP OSPF OSPF
GRE
GRE OSPF
IP IP IP
51CTO -----tom9916
http://9916376.blog.51cto.com/
105
PacketTracer 5.2
IP GRE
R2
interface Tunnel0
ip address 1.1.1.2 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 10.1.23.1
router ospf 1
network 10.1.12.0 0.0.0.255 area 0
network 1.1.1.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 1
R3
interface Tunnel0
ip address 1.1.1.1 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 10.1.23.2
router ospf 1
log-adjacency-changes
51CTO -----tom9916
http://9916376.blog.51cto.com/
106
PacketTracer 5.2
OSPF
51CTO -----tom9916
http://9916376.blog.51cto.com/
107
PacketTracer 5.2
PacketTracer
5.2 GRE ()
GRE GRE
51CTO -----tom9916
http://9916376.blog.51cto.com/
108
PacketTracer 5.2
Ipsec
PT
51CTO -----tom9916
http://9916376.blog.51cto.com/
109
PacketTracer 5.2
Ipsec VPN
http://9916376.blog.51cto.com/
110
PacketTracer 5.2
encr 3des
hash md5
authentication pre-share
group 2
interface FastEthernet0/0
crypto map tom
http://9916376.blog.51cto.com/
111
PacketTracer 5.2
GRE IP fa 0/0
IP IP fa 0/0 Ipsec VPN
Ipsec Ipsec ACL
IP Ipsec VPN
IP IP
PC Ping Server ping Ipsec VPN
51CTO web2.0 IT
Down
IT
51CTO
IT
51CTO -----tom9916
http://9916376.blog.51cto.com/
112