关于IBM路由器动态IP地址的配置

IBM路由器在MRS 3.3版本之后提供了对于动态IP地址的支持。动态地址具有以下3个方面的作用，一起和小编来看看吧：

 提供了路由器通过IPCP取得PPP端口IP地址的能力。

 如果IPCP同时提供 DNS 的信息，DHCP客户端也可以得到这些信息。

 动态更新IP 访问控制，这样定义的filter就可以用于NAT/NAPT。

动态IP的功能使 IBM 路由器具备连接ISP并从ISP取得IP地址的能力，而不必事先知道IP地址

动态IP地址的设置

我们下面将通过一个例子来说明动态IP地址的具体配置。在这个例子中我们将同时配置 isp端和客户端的路由器。动态 IP 将在客户端的路由器上配置，客户端路由器会从isp端的路由器取得公网的'IP地址。并且客户端路由器也激活了DHCP服务器和NAT功能。

ISP 端路由器的配置

设置系统名为isp。

添加Token ring 接口。

Config (only)>set hostname isp

Host name updated successfully

Config (only)>add device tr-2

Device Slot #(1-4) [1]?

Device Port #(1-2) [1]?

Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

Use "net 4" to configure 2-port IBM Token Ring parameters

设置 WAN 口，使其支持远程拨入。

在WAN口上添加dial-in circuit。

Config (only)>set data v34 2

Config (only)>add device dial-in

Enter the number of PPP Dial-in Circuit interfaces [1]?

Adding device as interface 5

Defaulting data-link protocol to PPP

Base net for this circuit [0]? 2

Enable as a Multilink PPP link? [no]

Disabled as a Multilink PPP link.

Add more dial circuit interface(s)?(Yes or [No]):

Use "set data-link" command to change the data-link protocol

Use "net " command to configure dial circuit parameters

添加远程拨入的ppp用户 ’AAa’。

onfig (only)>add ppp-user

Enter name: []? aaa

Password:

Enter again to verify:

Allow inbound access for user? (Yes, No): [Yes]

Will user be tunneled? (Yes, No): [No]

Is this a ’DIALs’ user? (Yes, No): [Yes]

Type of route? (hostroute, netroute): [hostroute]

Number of days before account expires [0-1000] [0]?

Number of grace logins allowed after an expiration [0-100] [0]?

IP address: []?

Enter hostname: []?

Allow virtual connections? (Yes, No): [No]

Give user default time allotted ? (Yes, No): [Yes]

Enable callback for user? (Yes, No): [No]

Will user be able to dial-out ? (Yes, No): [No]

Set ECP encryption key for this user? (Yes, No): [No]

Disable user ? (Yes, No): [No]

PPP user name: aaa

User IP address: Interface Default

Netroute Mask:

Hostname:

Virtual Conn: disabled

Time alotted: Box Default

Callback type: disabled

Dial-out: disabled

Status: enabled

Account Expiry:

Password Expiry:

Is information correct? (Yes, No, Quit): [Yes]

User ’aaa’ has been added

设置 IPCP 使拨入端口向远端客户端发送IP 地址。

Config (only)>n 5

Circuit configuration

isp Dial-in Circuit config: 5>enc

Point-to-Point user configuration

isp PPP 5 Config>set ipcp

IP COMPRESSION [no]:

Request an IP address [no]:

Send our IP address [no]: y

Note: unnumbered interface addresses will not be sent.

Interface remote IP address to offer if requested ( for none)

[]?

isp PPP 5 Config>exit

isp Dial-in Circuit config: 5>exit

设置token ring 端口的IP地址

设置dial in circuit 端口的IP地址

Config (only)>p ip

Internet protocol user configuration

isp IP config>add add 4

isp IP config>add add 5

isp IP config>ena arp-subnet-routing

isp IP config>exit

设置发到客户端的DNS 的IP 地址。

Config (only)>fea dials

Dial-in Access to LANs global configuration

isp DIALs config>set enable dynamic

isp DIALs config>set dns primary

Primary Domain Name Server (DNS) address []?

isp DIALs config>exit

客户端路由器的配置：

设置系统名为client.

添加token ring 接口

设置WAN 口并连接V34 modem.

在WAN口上添加dial circuit

Config (only)>set host client

Config (only)>add device tr-2

Device Slot #(1-4) [1]?

Device Port #(1-2) [1]?

Adding 2-port IBM Token Ring device in slot 1 port 1 as interface #4

Use "net 4" to configure 2-port IBM Token Ring parameters

config (only)>set data v34

Interface Number [0]? 2

Config (only)>add device dial

Base net for the circuit(s) [0]? 2

Enter the number of PPP Dial Circuit interfaces [1]?

Adding device as interface 5

Defaulting data-link protocol to PPP

Add more dial circuit interface(s)?(Yes or [No]):

Use "set data-link" command to change the data-link protocol

在token ring 端口上添加 IP地址

在dial circuit 端口上添加 IP地址

添加通过 dial circuit 端口的缺省路由。

在dial circuit 端口上激活动态 IP

Config (only)>p ip

Internet protocol user configuration

client IP config>add add 4

client IP config>add add 5

client IP config>add router

Cost [1]?

client IP config>enable dynamic

Interface address []?

client IP config>exit

激活 DHCP 服务器功能

添加token ring 端口的IP子网掩码。

添加源DNS 的IP 地址。

Config (only)>fea dhcp

DHCP Server user configuration

client DHCP Server config>enable dhcp-server

client DHCP Server config>add subnet subnet1

Enter the IP subnet []?

Enter the IP subnet mask []?

Enter start of IP address range []?

Enter end of IP address range []?

Enter the subnet group name []?

Subnet record with name subnet1 has been added

Simple Internet Access config updated with subnet addition.

client DHCP Server config>add option subnet subnet1 1

client DHCP Server config>add option subnet subnet1 3

client DHCP Server config>add option subnet subnet1 6

client DHCP Server config>list option subnet subnet1 all

option option

code data

---------------------------------------------------------------

1

3

6

client DHCP Server config>exit

添加远端的 V34地址。

在dial circuit 端口上配置目的端信息

在 dial circuit 端口上配置出去的设置

设置为不检查LID

Config (only)>add v34-add

Assign address name [1-23] chars []? remote

Assign network dial address [1-30 digits] []? 9,3013461

Config (only)>n 5

client Circuit config: 5>set destination remote

client Circuit config: 5>set call out

client Circuit config: 5>set lids no

client Circuit config: 5>list all

Base net = 2

Destination name = remote

Circuit priority = 8

Destination address:subaddress = 9,3013461

Outbound calls = allowed

Idle timer = 60 sec

SelfTest Delay Timer = 150 ms

LIDs used = No

设置 IPCP 以从远端取得 IP 地址

设置用户名为 ’aaa’.

设置 MTU 的值

client Circuit config: 5>encapsulator

Point-to-Point user configuration

client PPP 5 Config>set ipcp

IP COMPRESSION [no]:

Request an IP address [no]: y

Interface remote IP address to offer if requested ( for none) []?

client PPP 5 Config>set nam

Enter Local Name: []? aaa

Password:

Enter password again:

PPP Local Name = aaa

client PPP 5 Config>set lcp option

Maximum Receive Unit (bytes) [2044]? 1500

Magic Number [yes]:

Peer-to-Local Async Control Character Map (RX ACCM) [A0000]?

Protocol Field Compression(PFC) [no]:

Addr/Cntl Field Compression(ACFC) [no]:

client PPP 5 Config>exit

client Circuit config: 5>exit

设置NAT：

保留所有的IP 流量。

Config (only)>feature nat

Network Address Translation (NAT) user configuration

client NAT config>reserve

Dynamically allocate address via IPCP? [No]: yes

Network number to get dynamic address. [0]? 5

Reserve Pool name..................... [simple-net]? clien-nat

Complete! NAT Reserve Pool defined.

NOTE: The associated TRANSLATE RANGE for this RESERVE POOL

must still be configured.

It must have a pool name of: client-nat

NOTE: You must have a corresponding INBOUND IP Access Control rule

applied to your designated NAT interface.

The rule should include the following information:

Type=IN (include + NAT)

DESTINATION_Addr=

DESTINATION_Mask=

将私有地址翻译为公网地址

client NAT config>translate

Base (private) IP address to translate []?

Translate Range mask.................. []?

Associated Reserve Pool name.......... [client-nat]?

Complete! NAT Translate Range defined.

NOTE: The associated RESERVE POOL for this TRANSLATE RANGE has been found.

NOTE: You must have a corresponding OUTBOUND IP Access Control rule

applied to your designated NAT interface.

The rule should include the following information:

Type=IN (include + NAT)

SOURCE_Addr=

SOURCE_Mask=

NAT config>list all

NAT Globals:

Current State TCP Timeout Non-TCP Timeout

ENABLED 24:00:00 0:01:00

NAT Reserve Pool(s):

Index First Address Reserve Mask Size NAPT Address Pool Name

1 Dynamic 1 FromNet: 5 client-nat

NAT Translate Range(s):

Index Base Address Range Mask Associated Reserve Pool

1 client-nat

NAT Static Mapping(s):

Index Private Address//Port Public Address//Port

None.

NAT config>exit

IP filter 的设置：

激活访问控制。

添加向内的包过滤

添加向外的包过滤

针对NAT 更新包过滤

重起客户端路由器。

Config (only)>p ip

Internet protocol user configuration

client IP config>set acc on

client IP config>add packet-filter

Packet-filter name []? inbound

Filter incoming or outgoing traffic? [IN]?

Which interface is this filter for [0]? 5

client IP config>add packet-filter

Packet-filter name []? outbound

Filter incoming or outgoing traffic? [IN]? out

Which interface is this filter for [0]? 5

client IP config>update packet

Packet-filter name []? inbound

client Packet-filter ’inbound’ Config>add access

Access Control type [E]? n

Internet source []?

Source mask []?

Internet destination []?

Destination mask []?

Starting protocol number ([0] for all protocols) [0]?

Starting DESTINATION port number ([0] for all ports) [0]?

Starting SOURCE port number ([0] for all ports) [0]?

Filter on ICMP Type ([-1] for all types) [-1]?

TOS/Precedence filter mask (00-FF - [0] for none) [0]?

TOS/Precedence modification mask (00-FF - [0] for none) [0]?

Use policy-based routing? [No]:

Enable logging? [No]:

client Packet-filter ’inbound’ Config>exit

client IP config>update packet

Packet-filter name []? outbound

client Packet-filter ’outbound’ Config>add access

Access Control type [E]? n

Internet source []?

Source mask []?

Internet destination []?

Destination mask []?

Starting protocol number ([0] for all protocols) [0]?

Starting DESTINATION port number ([0] for all ports) [0]?

Starting SOURCE port number ([0] for all ports) [0]?

Filter on ICMP Type ([-1] for all types) [-1]?

TOS/Precedence filter mask (00-FF - [0] for none) [0]?

TOS/Precedence modification mask (00-FF - [0] for none) [0]?

Enable logging? [No]:

client Packet-filter ’outbound’ Config>exit

client IP config>exit

Config (only)>restart y y

本实验的监测

将工作站连接到客户端路由器上。V34 modem 会拨号连接ISP路由器。

配置Windows 95 工作站动态取得IP地址，重起。

键入C:>winipcfg 检查获得的IP地址是否正确。

检查 NAT状态。

client +fea nat

client NAT>list all

NAT Globals:

Current State TCP Timeout Non-TCP Timeout Memory Usage (in bytes)

ENABLED 24:00:00 0:01:00 312

NAT Statistics:

Requests : Passes Drops Holds

790 : 720 70 0

NAT Reserve Pool(s):

Reserve Pool Pool Size NAPT Address 1st Available Address

client-nat 0 None

------------------------------------------------------------

Number of Reserve Pools using NAPT.....: 1

Number of configured Reserved Addresses: 0

NAT Translate Range(s):

Base Address Range Mask Associated Reserve Pool

client-nat

NAT Address Binding(s):

Private Address//Port Public Address//Port Bind Type Entry Age

512 512 DYNAMIC 0:00:00

1073 1073 DYNAMIC 0:00:31

1074 1074 DYNAMIC 0:00:02

NAT TCP Session(s):

Private Address//Port Public Address//Port TCP State Data Delta Entry Age

client NAT>exit

检查DHCP server 状态。

Check t2 event log.

client +fea dhcp

client DHCP Server>request status

IP address:

Status: STOCKED

IP address:

Status: LEASED

Lease time: 86400 seconds

Start time: 18:30:36 May 30, 1999

Last time leased: 18:30:36 May 30, 1999

Client id: 6-0x40006666AAAA

IP address:

Status: STOCKED

client DHCP Server>exit

检查 t2 的日志。

client +event

Event Logging System user console

client ELS>nodips sub all all

client ELS>disp sub nat all

client ELS>

client *f 2

client *t 2

00:13:53 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT

00:13:53 NAT.003: -> - ICMP Type=8,Code=0

00:13:53 NAT.002: -> - Status=PASS

00:13:53 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN

00:13:53 NAT.003: -> - ICMP Type=0,Code=0

00:13:53 NAT.002: -> - Status=PASS

00:13:54 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT

00:13:54 NAT.003: -> - ICMP Type=8,Code=0

00:13:54 NAT.002: -> - Status=PASS

00:13:54 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN

00:13:54 NAT.003: -> - ICMP Type=0,Code=0

00:13:54 NAT.002: -> - Status=PASS

00:13:55 NAT.001: -> - Prot=1 Flg=x0000 Dir=OUT

00:13:55 NAT.003: -> - ICMP Type=8,Code=0

00:13:55 NAT.002: -> - Status=PASS

00:13:55 NAT.001: -> - Prot=1 Flg=x0000 Dir=IN