1. 网络设计与管理实践 DHCP 和网络地址转换 首都师范大学信息工程学院 liuyu@mail.cnu.edu.cn

2. DHCP 服务配置 # ip dhcp pool global （配置一个根地址池， global 是地址 池的名称，你可以采用有意义的字符串来表示） #network 192.168.0.0 255.255.0.0 （动态分配的地址段） #domain-name ghq.com （为客户机配置域后缀） #dns-server 192.168.1.1 （为客户机配置 DNS 服务器） #netbios-name-server 192.168.1.1 （为客户机配置 wins #netbios-node-type h-node （为客户机配置 h 节点模式） #lease 30 （地址租用期为 30 天） #next-server 192.168.1.248 （配置 PXE 引导 TFTP 服务位 置）

3. DHCP 排除地址 IP 地址 192.168.1.1 至 192.168.1.5 不能用于 动态分配  ip dhcp excluded-address 192.168.1.1 192.168.1.5 取消地址冲突记录日志  no ip dhcp conflict logging

4. 网络地址转换

5. 网络地址转换 NAT

6. Inside addressing

7. Outside addressing

8. Interface Configuration ip nat { inside | outside } 标记接口是内部还是外部

9. Defining a pool ip nat pool { netmask | prefix-length } [ type { rotary } ] 定一个地址池

10. Defining ACLs access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255

11. Enabling translation of inside source addresses ip nat inside source list pool [overload] ip nat inside source static

12. Enabling translation of inside destination addresses ip nat inside destination list pool ip nat inside destination static

13. Enabling translation of outside source addresses ip nat outside source list pool ip nat outside source static }

14. Configuring translation timeouts ip nat translation timeout ip nat translation udp-timeout ip nat translation dns-timeout ip nat translation tcp-timeout ip nat translation finrst-timeout

15. CONFIGURATION EXAMPLES translates between inside hosts addressed from either the 192.168.1.0 or 192.168.2.0 nets to the globally-unique 171.69.233.208/28 network. 内部 192.168.1.0 或者 192.168.2.0 外部 171.69.233.208/28

16. CONFIGURATION EXAMPLES ip nat pool net-20 171.69.233.208 171.69.233.223 netmask 255.255.255.240 ip nat inside source list 1 pool net-20 ! interface Ethernet0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet1 ip address 192.168.1.94 255.255.255.0 ip nat inside ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255

17. CONFIGURATION EXAMPLES translates between inside hosts addressed from the 9.114.11.0 net to the globally unique 171.69.233.208/28 network. Packets from outside hosts addressed from 9.114.11.0 net (the "true" 9.114.11.0 net) are translated to appear to be from net 10.0.1.0/24.

18. CONFIGURATION EXAMPLES ip nat pool net-20 171.69.233.208 171.69.233.223 netmask 255.255.255.240 ip nat pool net-10 10.0.1.0 10.0.1.255 netmask 255.255.255.0 ip nat inside source list 1 pool net-20 ip nat outside source list 1 pool net-10 ! interface Ethernet0 ip address 171.69.232.182 255.255.255.240 ip nat outside ! interface Ethernet1 ip address 9.114.11.39 255.255.255.0 ip nat inside ! access-list 1 permit 9.114.11.0 0.0.0.255

19. More flexible pool configuration ip nat pool { netmask | prefix-length } [ type { rotary } ] Router(config)#ip nat pool fred prefix- length 24 Router(config-ipnat-pool)#address 171.69.233.225 171.69.233.226 Router(config-ipnat-pool)#address 171.69.233.228 171.69.233.238

20. Translating to interface's address ip nat inside source list interface overload ip nat inside source list 1 interface Serial0 overload

21. Static translations with ports ip nat inside source static { tcp | udp } ip nat inside source static tcp 192.168.10.1 25 171.69.232.209 25

22. SSH 配置 hostname 和 ip domain-name  Router#configure terminal  Router(config)#hostname HOSTNAME  HOSTNA(config)#ip domain-name ie.cnu.edu.cn

23. SSH 配置登录用户名和密码（以本地认证为例）  (config)#username test password 0 test 配置 SSH 服务  crypto key generate rsa  hoose the size of the key modulus in the range of 360 to 2048 for your  General Purpose Keys. Choosing a key modulus greater than 512 may take  a few minutes.  How many bits in the modulus [512]:  Generating 512 bit RSA keys...[OK]

24. SSH c2621XM-B#sh ip ssh SSH Enabled - version 1.5 Authentication timeout: 120 secs; Authentication retries: 3 停止 SSH 服务 crypto key zeroize rsa

25. SSH 设置 SSH 参数  ip ssh {[time-out seconds]} | [authentication- retries interger]} 