table of Contents
Dynamic routing protocol classification
The working principle of RIP routing protocol
Formation of the routing table
RIP measurement value and update time
RIP configuration and verification
Comprehensive experimental topology diagram
NAT
No company can get online without it! High status
1. Network Address Translations
2. The IPv4 address is seriously insufficient.
xxxx x: 0-255
A B C can be used in three categories. D Multicast E. The purpose of scientific research
and NAT is to solve the problem of insufficient addresses.
3. IP addresses are divided into public IP and private IP (public IP and private IP).
Public IP can only be used on the public network.
Private IP can only be used on the internal network.
Private IP addresses are not allowed on the public network! ! ! ! ! ! (The public network is China Unicom, China Telecom, China Mobile...) The
private network IP can be used repeatedly in the internal network.
192.168.1.1 is a private IP address
Private IP address range:
select a small part from the ABC three categories as private IP addresses
1) 10.0.0.0/8 ( starting with 10 , only the first eight digits are checked, that is, the first decimal digit is a private address as long as 10 is What is the subnet mask?
2) 172.16.0.0/16 — 172.31.0.0/16 ( starting with 172.16 and ending with 172.31 )
3) 192.168.0.0/16 ( starting with 192.168 )
routing table on the public network router Private IP will not appear in the file, otherwise it will be killedAs long as these three ranges are not all public IPs (provided they are within the ABC three categories)
Every public IP is very valuable! (Maybe most of the money for broadband is the money for renting public IP addresses, and a small part is the money for bandwidth)
4. NAT mainly realizes the conversion of public and private IP addresses , which is usually done on a router or firewall. It is not recommended to configure it on a Layer 3 switch!
I hope that the private IP address of the internal network can go to the Internet through the public IP address
5. There are 3 categories of NAT:
1) Static NAT: 1 to 1 mapping, ( static PAT , port mapping technology)
2) Dynamic NAT (obsolete) The
NAT address translation table does not exist, that is, the address translation table is Dynamically generated, not written by the engineer
3) PAT (Port Address Translations) is best!
PAT is also called port multiplexing technology ( overload multiplexing ) dynamic PAT
Port number range: 0-65535
6. NAT command:
1) Define the internal network port:
int f0/0
ip nat inside
exit
2) Define the external network port:
int f0/1
ip nat outside
exit
3) Configure PAT: ( for multiple employees, use one public Internet IP Internet access, many-to-one ) Define the internal address pool for Internet access from the inside to the outside
: (Define who I allow to do address translation, usually the owner of the company)
acc 1 permit 192.168.0.0 0.0.255.255 (acl is in This is for the role of the container, not for traffic filtering)
Do dynamic PAT mapping:
conf t
ip nat inside source list 1 int f0/1 overload (make a nat for the IP address, I will treat you if it comes from the intranet As long as the source IP meets the list1 table, I will allow you to use the public network interface f0/1 for address conversion and reuse) The
acl table can only be used for filtering when it is applied to the interface, and it is used in other knowledge points. (In the NAT command), not for traffic filtering, just for matching
4) Configure static port conversion: (each command is used to map a server) external to internal
conf t
ip nat inside source static tcp 192.168.1.3 80 100.1.1.2 80 (mapped to a certain port of this server) (I want to map the port 80 of the server 192.168.1.3 to 80 on 100.1.1.2)
When the external network accesses the 80 of 100.1.1.2, it is the 80 of the internal network 192.168.1.3 address.
NAT experiment demonstration:
The router on the public network cannot be equipped with a route to a private IP address
1. Configure IP for router and PC (step omitted)
2. Define internal and external network interfaces for the company router
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#int f0/1
R1(config-if)#ip nat outside
R1(config-if)#exit
3. Match PAT to the company router
R1(config)#access-list 1 permit any
R1(config)#ip nat inside source list 1 int f0/1 overload
4. Verify that all company owners can access the Internet at the same time:
sh ip nat translations (see nat address translation table)
clear ip nat translation * (clear the nat address translation table, don’t just type this command)
5. Turn on the server
Netizens on the Internet (200.1.1.1) want to access our company’s web server
Now suppose that our company also bought the public IP of 100.1.1.3, and now we want to map this server address to 100.1.1.3.
Note that the f0/1 interface does not need to be configured. This interface is 100.1.1.1.
R1(config)#ip nat inside source static tcp 192.168.1.222 80 100.1.1.3 80
我们要发布192.168.1.222地址的80,映射到公司买的100.1.1.3这个公网IP的80
Open the Internet user’s computer browser:
Just enter the 100.1.1.3 purchased by the company and you can access the web server of the company's intranet (obviously you are accessing the address of the public network but you see the server of the private network---successful mapping)
Frames are routed from the internal network to the external network, and then do the NAT address translation (do it on the external network port). When the
frame enters the internal network from the external network, the router first decapsulates, first performs address translation, and then performs routingAddress translation is always done on the external network port
Summary: Employees on the internal network (many-to-one) use the IP of the external network interface of the company router to access the Internet (with PAT). When the
external network wants to come in actively, they can only use static conversion (static port mapping, access to the server) )
What does PAT use to distinguish different people on the intranet? Through the port number, the port number is generated by the router
Overview of dynamic routing
Dynamic routing protocol
It can be simply understood as the agreement is the "brain" and also a kind of language
19.2Kb/s is the bandwidth
The metric value is a criterion for choosing a path
When all routers have learned all routing entries, it is called convergence completion. The sooner the better
Dynamic routing protocol classification
The biggest difference between these two protocols is that their metric values are different. The
distance vector routing protocol only recognizes distance and direction, and does not consider comprehensive factors (using the number of hops as the metric value) RIP, IGRP, etc.
Link state routing protocols OSPF, IS-IS, etc.
The working principle of RIP routing protocol
Once the rip routing protocol is enabled on this router, with this "brain" installed, it will chat with the router next to it every once in a while (updated every
30s by default) 30s through broadcast to all routers to update my routing table, let you know me Which routes do you know, do you want to learn
Routing table formation
Metric is the meaning of the metric value. If it is the RIP routing protocol, the metric value is the number of hops. Writing 0 means 0 hops.
R means RIP protocol.
RIP measurement value and update time
Routing loop
Split horizon
Split horizon is enabled as soon as the RIP router is turned on, no additional configuration is required
RIP configuration and verification
Start the RIP process
Router(config)# router rip
announces the main network number
Router(config-router)# network network-number
View the routing table
Router# show ip route
View the configuration of the routing protocol
Router# show ip protocols
Small experiment:
Interoperability across the entire network is required
1. Configure IP (omitted)
2. Configure router
R1(config)#router rip 启用RIP协议
R1(config-router)#version 2 版本1或2都行
R1(config-router)#network 10.0.0.0 把f0/0端口激活
R1(config-router)#network 20.0.0.0 把f0/1端口激活 不是写你真正的网段,只要写开头就行
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 20.0.0.0 激活f0/1接口
R2(config-router)#network 30.0.0.0 激活f0/0接口
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 30.0.0.0
R3(config-router)#network 40.0.0.0
R3(config-router)#exit
Just activate the interface, don’t care about the next hop
3. Check the R1 routing table: do sh ip route
The router does not carry the subnet mask when updating the routing table
[120/1] Yes [Management distance value/hop count]
via is the next hop
4. Ping
to sum up:
RIP v1:
Router rip
version 1
network 10.0.0.0
network 20.0.0.0
exit
RIP v2:
Router rip
version 2
no auto-summary
network 10.0.0.0
network 20.0.0.0
exit