--- tags: Network, Class --- [TOC] # 109-2 CCNA - [109-1 CCNA note](https://hackmd.io/G2VPUsY_RLOg3gCEUiPMgw) ## Subnet Mask 對照 | | Subnet Mask | 代表意義 | | -------- | -------- | -------- | -------- | | /24| 255.255.255.0 | 切 1份 , 每份256個位址(0~255) | |/25 | 255.255.255.128 | 切 2份 , 每份128個位址(0~127 , 128~255) | |/26 | 255.255.255.192 | 切 4份 , 每份 64個位址(0~63 , 64~127 , 128~191 , 192~255 ) | |/27 | 255.255.255.224 | 切 8份 , 每份 32個位址(0~31 , 32~63 , 64~95 , 96~127 , 128~159 , 160~191 , 192~223 , 224~255) | |/28 | 255.255.255.240 | 切16份 , 每份 16個位址(0~15 , 16~31 , 32~47 , 48~63 , 64~79 , 80~95 , 96~111 , 112~127 , 128~143 , 144~159 , 160~175 , 176~191 , 192~207 , 208~223 , 224~239 , 240~255) | |/29 | 255.255.255.248 | 切32份 , 每份 8個位址 | |/30 | 255.255.255.252 | 切64份 , 每份 4個位址 | ## 設備資訊設定 - console 密碼 ```bash= line console 0 password PASSWD login ``` - enable 模式密碼 (需要加密) ```bash= enable secret PASSWD ``` - Telnet 密碼 以及 連線限制 ```bash= line vty 0 4 #代表五個連線 password PASSWD login ``` - Console 以及 Telnet 密碼 加密顯示 ```bash= service password-encryption ``` - 將設定寫入設定檔 ```bash= do copy running-config startup-config ``` ## 網路設定 - [Packet Tracer Router、Switch IP Address設定](http://it-life.puckwang.com/2015/12/cisco-packet-tracer-routerswitch-ip.html) - Switch IP Address 以及 Gateway ``` int Vlan1 ip address 192.168.1.0 255.255.255.0 #/24 no shutdown exit ip default-gateway 192.168.1.254 ``` - Router ``` R1>en R1#conf t R1(config)#int g0/0 R1(config-if)#ip address 192.168.X.XX 255.255.255.0 R1(config-if)#no shutdown ``` ## 03/04 OSPF ### 靜態路由協議&動態路由協議的區別: - 靜態路由:這種路由由網路管理員手動輸入路由器命令管理。缺點:需要手工指定,網路過大無法使用。 - 動態路由:這種路由由網路路由協議根據拓撲或流量改變而自動調整。缺點:容易佔用網路頻寬。 > 當路由器數量少的時候建議使用靜態路由,當路由器數量多的時候建議使用動態路由。 ### OSPF(Open Shortest Path First) - OSPF 提出了區域 **Area** 的概念,一個網路可以由單一或多個 Area 組成。 - 其中有個特別的 Area 被稱為 **Backbone Area** ,該 Area 是整個 OSPF 網路的核心區域,並且**所有其他的區域都與之直接連接**。所有的內部路由都通過 Backbone Area 傳遞到其他 Area 。 - 同一個 Broadcast Domain 的 router 或一對等連接(Point To Point)的兩端的 router ,在發現彼此的時候會建立鄰接(Adjacencies)。 ### DR/BDR - [Designated & Backup Designated Router](https://study-ccna.com/designated-backup-designated-router/) - 多路存取網路以及非廣播多路存取網路的 router 會選舉指定路由器(Designated Router, DR)和備份指定路由器(Backup Designated Router, BDR),DR和BDR作為網路的中心**負責 router 之間的資訊交換從而降低了網路中的資訊流量**。 > ==Wiki== 多路存取(Multiple Access)指多個裝置可以同時存取媒介,一個裝置傳送的影格也可以被多個裝置接收。 ### CSMA(Carrier Sense Multiple Access) - ==Wiki== Carrier Sense 指任何連接到媒介的裝置在欲傳送影格前,必須對媒介進行偵聽,當確認其空閒時,才可以傳送。 - **CSMA/CD** ( Carrier Sense Multiple Access with Collision Detection ) - 裝置在傳送資料的同時要對信道進行偵聽,以確定是否發生碰撞( collision ),若在傳送資料過程中檢測到碰撞,就傳送特殊阻塞資訊並立即停止傳送資料,在固定時間內等待隨機的時間再次傳送。 - **CSMA/CA** ( Carrier Sense Multiple Access with Collision Avoidance ) - 主動避免碰撞而非被動偵測的方式來解決碰撞問題。可以滿足那些不易準確偵測是否有碰撞發生的需求,如無線網域。 - ==Wiki== RTS-CTS handshake:裝置欲發送訊框前,先發送一個很小的RTS(Request to Send)訊框給最近的接入點(Access Point),等待目標端回應CTS(Clear to Send)影格後,才開始傳送。此方式可以確保接下來傳送資料時,不會發生碰撞。 - ==Wiki== 裝置欲發送訊框(Frame),且訊框聽到通道空閒時,維持一段訊框間隔時間後,再等待一段隨機的時間依然空閒時,才送出資料。由於各個裝置的等待時間是分別隨機產生的,因此很大可能有所區別,由此可以減少碰撞的可能性。 ## 4/8 上課練習 ![](https://i.imgur.com/0pJE0zq.png) ## 設定需求 請使用 2960-24TT 和 2911 兩款設備 ``` Switch1 的網段是 192.168.1.0/24 Switch2 的網段是 192.168.2.0/24 Switch3 的網段是 192.168.3.0/24 Switch4 的網段是 192.168.4.0/24 Switch5 的網段是 192.168.5.0/24 Switch6 的網段是 192.168.6.0/24 最後一個可用IP Address是 Gateway 第一個可用的IP Address 設定在 Switch 上 ``` ``` R1和R2之間的網段是10.10.1.0/30 第一個可用的IP Address 設定在R1上 (10.10.1.1) 第二個可用的IP Address 設定在R2上 (10.10.1.2) ``` ``` R1與R2之間透過OSPF交換路由 R1設定router-id為 1.1.1.1 R2設定router-id為 2.2.2.2 Process ID : 10 Area Value 0 ``` - R1 ```bash= router ospf 10 #Process ID router-id 1.1.1.1 # 設定網段 network 192.168.1.0 0.0.0.255 area 0 #Switch 1 #SUbnet Mask :255.255.255.0 , Wildcard Mask = 0.0.0.255 network 192.168.2.0 0.0.0.255 area 0 #Switch 2 network 192.168.3.0 0.0.0.255 area 0 #Switch 3 network 10.10.1.0 0.0.0.3 area 0 #R1 與 R2 之間 #SUbnet Mask :255.255.255.252 , Wildcard Mask = 0.0.0.3 #if want to delete route Switch1 no network 192.168.1.0 0.0.0.255 area 0 ``` - R2 same as R1 - [Enterprise Networking, Security, and Automation](https://contenthub.netacad.com/ensa-dl/1.1.1) ``` SW1(config)#int vlan 1 SW1(config-if)#ip address 10.0.0.2 255.0.0.0 SW1(config-if)#no shutdown Switch(config-if)#ip default-gateway 192.168.0.254 ``` ## ACL - Configure, Apply, and Verify a Standard ACL - Apply the ACL by placing it for outbound traffic on the GigabitEthernet 0/0 interface. - ``` R2(config)# interface GigabitEthernet0/0 R2(config-if)# ip access-group 1 out ``` - Create an ACL using the number 1 on R2 with a statement that denies access to the 192.168.20.0/24 network from the 192.168.11.0/24 network. - ```R2(config)# access-list 1 deny 192.168.11.0 0.0.0.255``` - By default, an access list denies all traffic that does not match any rules. To permit all other traffic, configure the following statement: - ```R2(config)# access-list 1 permit any``` - Configure and Apply a Named Standard ACL ``` ip access-list standard File_Server_Restrictions permit host 192.168.20.4 permit host 192.168.100.100 deny any interface f0/1 ip access-group File_Server_Restrictions out ``` - Configure, Apply and Verify an Extended Numbered ACL ``` access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62 interface gigabitEthernet 0/0 ip access-group 100 in ip access-list extended HTTP_ONLY permit tcp 172.22.34.96 0.0.0.15 permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62 interface gigabitEthernet 0/1 ip access-group HTTP_ONLY in ``` - Configure a Named Extended ACL ``` ip access-list extended ACL deny tcp host 172.31.1.101 host 64.101.255.254 eq www deny tcp host 172.31.1.101 host 64.101.255.254 eq 443 deny tcp host 172.31.1.101 host 64.103.255.254 eq www deny tcp host 172.31.1.101 host 64.103.255.254 eq 443 deny tcp host 172.31.1.102 host 64.101.255.254 eq ftp deny tcp host 172.31.1.102 host 64.103.255.254 eq ftp deny icmp host 172.31.1.103 host 64.101.255.254 deny icmp host 172.31.1.103 host 64.103.255.254 permit ip any any interface GigabitEthernet0/0 ip access-group ACL in end ``` - Configure interfaces. - Configure the G0/0 interface as an inside interface. - ```R1(config)# interface g0/0 R1(config-if)# ip nat inside ``` - Configure the s0/0/0 public interface as an outside interface. - ```R1(config)# interface s0/0/0 R1(config-if)# ip nat outside ``` - Configure Dynamic NAT ``` access-list 1 permit 172.16.0.0 0.0.255.255 ip nat pool ANY_POOL_NAME 209.165.200.229 209.165.200.230 netmask 255.255.255.252 ip nat inside source list 1 pool ANY_POOL_NAME interface s0/0/0 ip nat outside interface s0/0/1 ip nat inside end ``` - Configure Dynamic NAT with Overload ``` interface GigabitEthernet0/0/0 ip nat inside interface GigabitEthernet0/0/1 ip nat inside interface Serial0/1/0 ip nat outside ip nat pool DYNAMIC 209.165.200.233 209.165.200.234 netmask 255.255.255.252 ip nat inside source list 1 pool DYNAMIC overload access-list 1 permit 172.16.0.0 0.0.255.255 end ``` ``` enable configure terminal interface GigabitEthernet0/0/0 ip nat inside interface GigabitEthernet0/0/1 ip nat inside interface Serial0/1/1 ip nat outside ip nat inside source list 2 interface Serial0/1/1 overload access-list 2 permit 172.17.0.0 0.0.255.255 end ``` - IPv6 ``` ipv6 unicast-routing ipv6 router ospf 10 router-id 1.1.1.1 end clear ipv6 ospf process y interface GigabitEthernet 0/0 ipv6 ospf 10 area 0 ``` ## 6/3 期末練習 ![](https://i.imgur.com/Y6aMqSw.png) ### 網段規劃 | 網段 | IP Address | Subnet Mask | Gateway | | -------- | -------- | -------- | -------- | | 50人 | 192.168.1.0 | 255.255.255.192 (/26) | 192.168.1.62 | | 30人 | 192.168.1.64 | 255.255.255.224 (/27) | 192.168.1.94 | | 10人 | 192.168.1.96 | 255.255.255.240 (/28) | 192.168.1.110 | | 設備 | IP Address | Gateway | | -------- | -------- | -------- | | S1 | 192.168.1.93 | 192.168.1.94 | | S2 | 192.168.1.61 | 192.168.1.62 | | S3 | 192.168.1.109 | 192.168.1.110 | | PC1 | 192.168.1.65 | 192.168.1.94 | | PC2 | 192.168.1.1 | 192.168.1.62 | | PC3 | 192.168.1.97 | 192.168.1.110 | ### S1 ```bash= en conf t hostname S1 int Vlan1 ip address 192.168.1.93 255.255.255.224 no sh exit ip default-gateway 192.168.1.94 do write ``` ### S2 ```bash= en conf t hostname S2 int Vlan1 ip address 192.168.1.61 255.255.255.192 no sh ip default-gateway 192.168.1.62 do write ``` ### S3 ```bash= en conf t hostname S3 int Vlan1 ip address 192.168.1.109 255.255.255.240 no sh ip default-gateway 192.168.1.110 do write ``` ### R1 ```bash= en conf t hostname R1 ipv6 unicast-routing ip route 192.168.1.96 255.255.255.240 192.168.4.2 ipv6 route 2001:e10:6840:3::2/64 2001:e10:6840:4::2 int g0/0 ip address 192.168.1.94 255.255.255.224 ipv6 address 2001:e10:6840:1::1/64 no sh int g0/1 ip address 192.168.1.62 255.255.255.192 ipv6 address 2001:e10:6840:2::1/64 no sh int s0/0/0 ip address 192.168.4.1 255.255.255.252 ipv6 address 2001:e10:6840:4::1/64 ipv6 address fe80::1 link-local no sh ``` ### R2 ```bash= en conf t hostname R2 ipv6 unicast-routing ip route 0.0.0.0 0.0.0.0 192.168.4.1 ipv6 route ::/0 2001:e10:6840:4::1 int g0/0 ip address 192.168.1.110 255.255.255.240 ipv6 address 2001:e10:6840:3::1/64 no sh int s0/0/0 ip address 192.168.4.2 255.255.255.252 ipv6 address 2001:e10:6840:4::2/64 ipv6 address fe80::2 link-local no sh ``` --- ## 06/10 ### 網段規劃 | 網段 | IP Address | Subnet Mask | Gateway | | -------- | -------- | -------- | -------- | | 64人 | 192.168.1.0 | 255.255.255.192 (/26) | 192.168.1.63 | | 16人 | 192.168.1.64 | 255.255.255.240 (/28) | 192.168.1.79 | | 8人 | 192.168.1.80 | 255.255.255.248 (/29) | 192.168.1.87 | | 設備 | IPv6 Address | Gateway | | -------- | -------- | -------- | | S1 | 192.168.1.62 | 192.168.1.63 | | S2 | 192.168.1.78 | 192.168.1.79 | | S3 | 192.168.1.86 | 192.168.1.87 | | PC1 | 2001:288:c000:254::2/64 | 2001:288:c000:254::1 | | PC2 | 2001:288:c000:253::2/64 | 2001:288:c000:253::1 | | PC3 | 2001:288:c000:252::2/64 | 2001:288:c000:252::1 | ### S1 ```bash= en conf t hostname S1 int vlan1 ip address 192.168.1.62 255.255.255.192 no sh exit ip default-gateway 192.168.1.63 do write ``` ### S2 ```bash= en conf t hostname S2 int vlan1 ip address 192.168.1.78 255.255.255.240 no sh exit ip default-gateway 192.168.1.79 do write ``` ### S3 ```bash= en conf t hostname S3 int vlan1 ip address 192.168.1.86 255.255.255.248 no sh exit ip default-gateway 192.168.1.87 do write ``` ### R1 ```bash= en conf t hostname R1 ipv6 unicast-routing ip route 192.168.1.80 255.255.255.248 192.168.4.2 ipv6 route 2001:288:c000:252::2/64 2001:288:c000:251::2 ip route 192.168.6.2 255.255.255.252 192.168.5.2 int g0/0 ip address 192.168.1.63 255.255.255.192 ipv6 address 2001:288:c000:254::1/64 no sh int g0/1 ip address 192.168.1.79 255.255.255.240 ipv6 address 2001:288:c000:253::1/64 no sh int s0/0/0 ip address 192.168.4.1 255.255.255.252 ipv6 address 2001:288:c000:251::1/64 ipv6 address fe80::1 link-local no sh int s0/0/1 ip address 192.168.5.1 255.255.255.252 no sh ``` ### R2 ```bash= en conf t hostname R2 ipv6 unicast-routing ip route 0.0.0.0 0.0.0.0 192.168.4.1 ipv6 route ::/0 2001:288:c000:251::1 int g0/0 ip address 192.168.1.87 255.255.255.248 ipv6 address 2001:288:c000:252::1/64 no sh int s0/0/0 ip address 192.168.4.2 255.255.255.252 ipv6 address 2001:288:c000:251::2/64 ipv6 address fe80::2 link-local no sh ``` ### R3 ```bash= int s0/0/0 ip address 192.168.5.2 255.255.255.252 no sh int g0/0 ip address 192.168.6.1 255.255.255.252 no sh ```