IBM路由器動態IP地址的配置

關于IBM路由器動態IP地址的配置

　　IBM路由器在MRS 3.3版本之后提供了對于動態IP地址的支持。動態地址具有以下3個方面的作用，一起和小編來看看吧：

　　 提供了路由器通過IPCP取得PPP端口IP地址的能力。

　　 如果IPCP同時提供 DNS 的信息，DHCP客戶端也可以得到這些信息。

　　 動態更新IP 訪問控制，這樣定義的filter就可以用于NAT/NAPT。

　　動態IP的功能使 IBM 路由器具備連接ISP并從ISP取得IP地址的能力，而不必事先知道IP地址

　　動態IP地址的設置

　　我們下面將通過一個例子來說明動態IP地址的具體配置。在這個例子中我們將同時配置 isp端和客戶端的路由器。動態 IP 將在客戶端的路由器上配置，客戶端路由器會從isp端的路由器取得公網的IP地址。并且客戶端路由器也激活了DHCP服務器和NAT功能。

　　ISP 端路由器的配置

　　設置系統名為isp。

　　添加Token ring 接口。

　　Config (only)>set hostname isp

　　Host name updated successfully

　　Config (only)>add device tr-2

　　Device Slot #(1-4) [1]?

　　Device Port #(1-2) [1]?

　　Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

　　Use "net 4" to configure 2-port IBM Token Ring parameters

　　設置 WAN 口，使其支持遠程撥入。

　　在WAN口上添加dial-in circuit。

　　Config (only)>set data v34 2

　　Config (only)>add device dial-in

　　Enter the number of PPP Dial-in Circuit interfaces [1]?

　　Adding device as interface 5

　　Defaulting data-link protocol to PPP

　　Base net for this circuit [0]? 2

　　Enable as a Multilink PPP link? [no]

　　Disabled as a Multilink PPP link.

　　Add more dial circuit interface(s)?(Yes or [No]):

　　Use "set data-link" command to change the data-link protocol

　　Use "net " command to configure dial circuit parameters

　　添加遠程撥入的ppp用戶 ’aaa’。

　　onfig (only)>add ppp-user

　　Enter name: []? aaa

　　Password:

　　Enter again to verify:

　　Allow inbound access for user? (Yes, No): [Yes]

　　Will user be tunneled? (Yes, No): [No]

　　Is this a ’DIALs’ user? (Yes, No): [Yes]

　　Type of route? (hostroute, netroute): [hostroute]

　　Number of days before account expires [0-1000] [0]?

　　Number of grace logins allowed after an expiration [0-100] [0]?

　　IP address: [0.0.0.0]?

　　Enter hostname: []?

　　Allow virtual connections? (Yes, No): [No]

　　Give user default time allotted ? (Yes, No): [Yes]

　　Enable callback for user? (Yes, No): [No]

　　Will user be able to dial-out ? (Yes, No): [No]

　　Set ECP encryption key for this user? (Yes, No): [No]

　　Disable user ? (Yes, No): [No]

　　PPP user name: aaa

　　User IP address: Interface Default

　　Netroute Mask: 255.255.255.255

　　Hostname:

　　Virtual Conn: disabled

　　Time alotted: Box Default

　　Callback type: disabled

　　Dial-out: disabled

　　Status: enabled

　　Account Expiry:

　　Password Expiry:

　　Is information correct? (Yes, No, Quit): [Yes]

　　User ’aaa’ has been added

　　設置 IPCP 使撥入端口向遠端客戶端發送IP 地址。

　　Config (only)>n 5

　　Circuit configuration

　　isp Dial-in Circuit config: 5>enc

　　Point-to-Point user configuration

　　isp PPP 5 Config>set ipcp

　　IP COMPRESSION [no]:

　　Request an IP address [no]:

　　Send our IP address [no]: y

　　Note: unnumbered interface addresses will not be sent.

　　Interface remote IP address to offer if requested (0.0.0.0 for none)

　　[0.0.0.0]? 9.1.1.1

　　isp PPP 5 Config>exit

　　isp Dial-in Circuit config: 5>exit

　　設置token ring 端口的IP地址

　　設置dial in circuit 端口的IP地址

　　Config (only)>p ip

　　Internet protocol user configuration

　　isp IP config>add add 4 192.1.1.254 255.255.255.0

　　isp IP config>add add 5 9.1.1.2 255.255.255.255

　　isp IP config>ena arp-subnet-routing

　　isp IP config>exit

　　設置發到客戶端的DNS 的IP 地址。

　　Config (only)>fea dials

　　Dial-in Access to LANs global configuration

　　isp DIALs config>set enable dynamic

　　isp DIALs config>set dns primary

　　Primary Domain Name Server (DNS) address [0.0.0.0]? 192.1.1.240

　　isp DIALs config>exit

　　客戶端路由器的配置：

　　設置系統名為client.

　　添加token ring 接口

　　設置WAN 口并連接V34 modem.

　　在WAN口上添加dial circuit

　　Config (only)>set host client

　　Config (only)>add device tr-2

　　Device Slot #(1-4) [1]?

　　Device Port #(1-2) [1]?

　　Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

　　Use "net 4" to configure 2-port IBM Token Ring parameters

　　config (only)>set data v34

　　Interface Number [0]? 2

　　Config (only)>add device dial

　　Base net for the circuit(s) [0]? 2

　　Enter the number of PPP Dial Circuit interfaces [1]?

　　Adding device as interface 5

　　Defaulting data-link protocol to PPP

　　Add more dial circuit interface(s)?(Yes or [No]):

　　Use "set data-link" command to change the data-link protocol

　　在token ring 端口上添加 IP地址

　　在dial circuit 端口上添加 IP地址

　　添加通過 dial circuit 端口的缺省路由。

　　在dial circuit 端口上激活動態 IP

　　Config (only)>p ip

　　Internet protocol user configuration

　　client IP config>add add 4 192.168.89.254 255.255.255.0

　　client IP config>add add 5 0.0.0.5 255.255.255.255

　　client IP config>add router 0.0.0.0 0.0.0.0 0.0.0.5

　　Cost [1]?

　　client IP config>enable dynamic

　　Interface address []? 0.0.0.5

　　client IP config>exit

　　激活 DHCP 服務器功能

　　添加token ring 端口的IP子網掩碼。

　　添加源DNS 的IP 地址。

　　Config (only)>fea dhcp

　　DHCP Server user configuration

　　client DHCP Server config>enable dhcp-server

　　client DHCP Server config>add subnet subnet1

　　Enter the IP subnet []? 192.168.89.0

　　Enter the IP subnet mask [255.255.255.0]?

　　Enter start of IP address range [192.168.89.1]?

　　Enter end of IP address range [192.168.89.31]?

　　Enter the subnet group name []?

　　Subnet record with name subnet1 has been added

　　Simple Internet Access config updated with subnet addition.

　　client DHCP Server config>add option subnet subnet1 1 255.255.255.0

　　client DHCP Server config>add option subnet subnet1 3 192.168.89.254

　　client DHCP Server config>add option subnet subnet1 6 0.0.0.5

　　client DHCP Server config>list option subnet subnet1 all

　　option option

　　code data

　　---------------------------------------------------------------

　　1 255.255.255.0

　　3 192.168.89.254

　　6 0.0.0.5

　　client DHCP Server config>exit

　　添加遠端的 V34地址。

　　在dial circuit 端口上配置目的端信息

　　在 dial circuit 端口上配置出去的設置

　　設置為不檢查LID

　　Config (only)>add v34-add

　　Assign address name [1-23] chars []? remote

　　Assign network dial address [1-30 digits] []? 9,3013461

　　Config (only)>n 5

　　client Circuit config: 5>set destination remote

　　client Circuit config: 5>set call out

　　client Circuit config: 5>set lids no

　　client Circuit config: 5>list all

　　Base net = 2

　　Destination name = remote

　　Circuit priority = 8

　　Destination address:subaddress = 9,3013461

　　Outbound calls = allowed

　　Idle timer = 60 sec

　　SelfTest Delay Timer = 150 ms

　　LIDs used = No

　　設置 IPCP 以從遠端取得 IP 地址

　　設置用戶名為 ’aaa’.

　　設置 MTU 的值

　　client Circuit config: 5>encapsulator

　　Point-to-Point user configuration

　　client PPP 5 Config>set ipcp

　　IP COMPRESSION [no]:

　　Request an IP address [no]: y

　　Interface remote IP address to offer if requested (0.0.0.0 for none) [0.0.0.0]?

　　client PPP 5 Config>set nam

　　Enter Local Name: []? aaa

　　Password:

　　Enter password again:

　　PPP Local Name = aaa

　　client PPP 5 Config>set lcp option

　　Maximum Receive Unit (bytes) [2044]? 1500

　　Magic Number [yes]:

　　Peer-to-Local Async Control Character Map (RX ACCM) [A0000]?

　　Protocol Field Compression(PFC) [no]:

　　Addr/Cntl Field Compression(ACFC) [no]:

　　client PPP 5 Config>exit

　　client Circuit config: 5>exit

　　設置NAT：

　　保留所有的IP 流量。

　　Config (only)>feature nat

　　Network Address Translation (NAT) user configuration

　　client NAT config>reserve

　　Dynamically allocate address via IPCP? [No]: yes

　　Network number to get dynamic address. [0]? 5

　　Reserve Pool name..................... [simple-net]? clien-nat

　　Complete! NAT Reserve Pool defined.

　　NOTE: The associated TRANSLATE RANGE for this RESERVE POOL

　　must still be configured.

　　It must have a pool name of: client-nat

　　NOTE: You must have a corresponding INBOUND IP Access Control rule

　　applied to your designated NAT interface.

　　The rule should include the following information:

　　Type=IN (include + NAT)

　　DESTINATION_Addr=0.0.0.0

　　DESTINATION_Mask=0.0.0.0

　　將私有地址翻譯為公網地址

　　client NAT config>translate

　　Base (private) IP address to translate [0.0.0.0]? 192.168.89.0

　　Translate Range mask.................. [255.255.255.0]?

　　Associated Reserve Pool name.......... [client-nat]?

　　Complete! NAT Translate Range defined.

　　NOTE: The associated RESERVE POOL for this TRANSLATE RANGE has been found.

　　NOTE: You must have a corresponding OUTBOUND IP Access Control rule

　　applied to your designated NAT interface.

　　The rule should include the following information:

　　Type=IN (include + NAT)

　　SOURCE_Addr=192.168.89.0

　　SOURCE_Mask=255.255.255.0

　　NAT config>list all

　　NAT Globals:

　　Current State TCP Timeout Non-TCP Timeout

　　ENABLED 24:00:00 0:01:00

　　NAT Reserve Pool(s):

　　Index First Address Reserve Mask Size NAPT Address Pool Name

　　1 Dynamic 255.255.255.255 1 FromNet: 5 client-nat

　　NAT Translate Range(s):

　　Index Base Address Range Mask Associated Reserve Pool

　　1 192.168.89.0 255.255.255.0 client-nat

　　NAT Static Mapping(s):

　　Index Private Address//Port Public Address//Port

　　None.

　　NAT config>exit

　　IP filter 的設置：

　　激活訪問控制。

　　添加向內的包過濾

　　添加向外的包過濾

　　針對NAT 更新包過濾

　　重起客戶端路由器。

　　Config (only)>p ip

　　Internet protocol user configuration

　　client IP config>set acc on

　　client IP config>add packet-filter

　　Packet-filter name []? inbound

　　Filter incoming or outgoing traffic? [IN]?

　　Which interface is this filter for [0]? 5

　　client IP config>add packet-filter

　　Packet-filter name []? outbound

　　Filter incoming or outgoing traffic? [IN]? out

　　Which interface is this filter for [0]? 5

　　client IP config>update packet

　　Packet-filter name []? inbound

　　client Packet-filter ’inbound’ Config>add access

　　Access Control type [E]? n

　　Internet source [0.0.0.0]?

　　Source mask [0.0.0.0]?

　　Internet destination [0.0.0.0]?

　　Destination mask [0.0.0.0]?

　　Starting protocol number ([0] for all protocols) [0]?

　　Starting DESTINATION port number ([0] for all ports) [0]?

　　Starting SOURCE port number ([0] for all ports) [0]?

　　Filter on ICMP Type ([-1] for all types) [-1]?

　　TOS/Precedence filter mask (00-FF - [0] for none) [0]?

　　TOS/Precedence modification mask (00-FF - [0] for none) [0]?

　　Use policy-based routing? [No]:

　　Enable logging? [No]:

　　client Packet-filter ’inbound’ Config>exit

　　client IP config>update packet

　　Packet-filter name []? outbound

　　client Packet-filter ’outbound’ Config>add access

　　Access Control type [E]? n

　　Internet source [0.0.0.0]? 192.168.89.0

　　Source mask [255.255.255.0]?

　　Internet destination [0.0.0.0]?

　　Destination mask [0.0.0.0]?

　　Starting protocol number ([0] for all protocols) [0]?

　　Starting DESTINATION port number ([0] for all ports) [0]?

　　Starting SOURCE port number ([0] for all ports) [0]?

　　Filter on ICMP Type ([-1] for all types) [-1]?

　　TOS/Precedence filter mask (00-FF - [0] for none) [0]?

　　TOS/Precedence modification mask (00-FF - [0] for none) [0]?

　　Enable logging? [No]:

　　client Packet-filter ’outbound’ Config>exit

　　client IP config>exit

　　Config (only)>restart y y

　　本實驗的監測

　　將工作站連接到客戶端路由器上。V34 modem 會撥號連接ISP路由器。

　　配置Windows 95 工作站動態取得IP地址，重起。

　　鍵入C:>winipcfg 檢查獲得的IP地址是否正確。

　　檢查 NAT狀態。

　　client +fea nat

　　client NAT>list all

　　NAT Globals:

　　Current State TCP Timeout Non-TCP Timeout Memory Usage (in bytes)

　　ENABLED 24:00:00 0:01:00 312

　　NAT Statistics:

　　Requests : Passes Drops Holds

　　790 : 720 70 0

　　NAT Reserve Pool(s):

　　Reserve Pool Pool Size NAPT Address 1st Available Address

　　client-nat 0 9.1.1.1 None

　　------------------------------------------------------------

　　Number of Reserve Pools using NAPT.....: 1

　　Number of configured Reserved Addresses: 0

　　NAT Translate Range(s):

　　Base Address Range Mask Associated Reserve Pool

　　192.168.89.0 255.255.255.0 client-nat

　　NAT Address Binding(s):

　　Private Address//Port Public Address//Port Bind Type Entry Age

　　192.168.89.2 512 9.1.1.1 512 DYNAMIC 0:00:00

　　192.168.89.3 1073 9.1.1.1 1073 DYNAMIC 0:00:31

　　192.168.89.3 1074 9.1.1.1 1074 DYNAMIC 0:00:02

　　NAT TCP Session(s):

　　Private Address//Port Public Address//Port TCP State Data Delta Entry Age

　　client NAT>exit

　　檢查DHCP server 狀態。

　　Check t2 event log.

　　client +fea dhcp

　　client DHCP Server>request status

　　IP address: 192.168.89.1

　　Status: STOCKED

　　IP address: 192.168.89.2

　　Status: LEASED

　　Lease time: 86400 seconds

　　Start time: 18:30:36 May 30, 1999

　　Last time leased: 18:30:36 May 30, 1999

　　Client id: 6-0x40006666AAAA

　　IP address: 192.168.89.3

　　Status: STOCKED

　　client DHCP Server>exit

　　檢查 t2 的日志。

　　client +event

　　Event Logging System user console

　　client ELS>nodips sub all all

　　client ELS>disp sub nat all

　　client ELS>

　　client *f 2

　　client *t 2

　　00:13:53 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

　　00:13:53 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

　　00:13:53 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

　　00:13:53 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

　　00:13:53 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0

　　00:13:53 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS

　　00:13:54 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

　　00:13:54 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

　　00:13:54 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

　　00:13:54 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

　　00:13:54 NAT.003: 192.1.1.254 -> 9.1.1.1 - ICMP Type=0,Code=0

　　00:13:54 NAT.002: 192.1.1.254 -> 192.168.89.2 - Status=PASS

　　00:13:55 NAT.001: 192.168.89.2 -> 192.1.1.254 - Prot=1 Flg=x0000 Dir=OUT

　　00:13:55 NAT.003: 192.168.89.2 -> 192.1.1.254 - ICMP Type=8,Code=0

　　00:13:55 NAT.002: 9.1.1.1 -> 192.1.1.254 - Status=PASS

　　00:13:55 NAT.001: 192.1.1.254 -> 9.1.1.1 - Prot=1 Flg=x0000 Dir=IN

【IBM路由器動態IP地址的配置】相關文章：

交換機VLAN接口動態獲取IP地址配置06-20

路由器的IP地址怎么查找07-30

華為路由器IP性能配置命令10-23

教你怎么找到路由器的IP地址06-27

交換機VLAN接口靜態IP地址配置08-19

橋接中路由器配置IP參數問題08-05

交換機VLAN接口靜態IP地址配置「案例」08-28

三層交換機端口配置ip地址及綁定MAC地址的方法07-14

查找本地IP/網絡IP/對方IP地址圖文教程07-17

解析動態NAT配置09-24