rl 2014-2015 practic sample2 sol
Post on 02-Jun-2018
239 Views
Preview:
TRANSCRIPT
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
1/17
Test Practic RLVarianta sample2, ianuarie 2015
Rezolvari
1. Subpunctul (a)
Cele trei ret,ele cont
,in, respectiv, 2 stat
,ii, 4 stat
,ii s
,i 5 stat
,ii. Avem as
,adar nevoie de o subret
,ea cu
masca /30 (o astfel de ret,ea poate cont
,ine 23230 2 = 2 stat
,ii) s
,i de doua subret
,ele cu masca /29
(o astfel de subret,ea poate cont
,ine 23229 2 = 6 stat
,ii).
Pornim de la ret,eaua 1.1.1.01100000/27. Dorim sa obt
,inem, pentru nceput doua subret
,ele cu
masca /29. Adica 1.1.1.011XY000/29. Alocam spat,iul 1.1.1.01100000/29 pentru a doua ret
,ea
din topologie s,i spat
,iul 1.1.1.01101000/29 pentru a treia ret
,ea din topologie.
Mai raman spat,iile 1.1.1.01110000/29 s
,i 1.1.1.01111000/29. Alegem primul spat
,iu pentru a
obt,ine o subret
,ea cu masca /30rezultand, astfel, 1.1.1.01110000/30.
Cele trei spat,ii pentru cele trei subret
,ele, sunt as
,adar:
1.1.1.01110000/30, adica 1.1.1.112/30 pentru prima ret,ea (cea cu 2 stat
,ii)
1.1.1.01100000/29, adica 1.1.1.96/29 pentru a doua ret,ea (cea cu 4 stat
,ii)
1.1.1.01101000/29, adica 1.1.1.104/29 pentru a treia ret,ea (cea cu 5 stat
,ii)
Subpunctele (b), (c) s,i (d)
Vom configura pe stat,ii urmatoarele adrese:
prima ret,ea: 1.1.1.113/30, 1.1.1.114/30; masca n format zecimal este 255.255.255.252
a doua ret,ea: 1.1.1.97/29, 1.1.1.98/29, 1.1.1.99/29, 1.1.1.100/29; masca n formatzecimal este 255.255.255.248
a treia ret,ea: 1.1.1.105/29, 1.1.1.106/29, 1.1.1.107/29, 1.1.1.108/29, 1.1.1.109/29;
masca n format zecimal este 255.255.255.248
In PacketTracer se acceseaza fiecare stat,ie (Desktop IP Configuration) s
,i se completeaza adresa
IP s,i masca de ret
,ea corespunzatoare. Apoi se verifica folosind mesaje PacketTracer (n dreapta icon-
ul Add Simple PDU sau tasta p) sau direct din consola unei stat,ii (Desktop Command Prompt,
urmat de o comanda ping $adresaIP, unde $adresa IPeste adresa unei alte stat,ii din ret
,ea).
Solut,ia se gases
,te n fis
,ierulrl_practic_2014-2015_sample2_ex1_sol.pkt.
2. Subpunctul (a)Pentru dezactivarea rularii STP accesam switch-ul Switch0 s
,i intram n modul de configurare:
Switch0>en
Switch0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch0(config)#
Informat,ii despre dezactivarea STP se gasesc la adresahttp://www.cisco.com/en/US/docs/switches/
lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html#wp1108279.Dezactivam STP pe VLAN-ul implicit (1) cu posibilitatea de a salva configurat
,ia s
,i verificam configurat
,ia:
Switch0(config)#no spanning-tree vlan 1
Switch0(config)#^ZSwitch0#
%SYS-5-CONFIG_I: Configured from console by console
Test Practic RL Varianta sample2 ianuarie 2015
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html#wp1108279http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html#wp1108279http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html#wp1108279http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swstp.html#wp1108279 -
8/10/2019 RL 2014-2015 Practic Sample2 Sol
2/17
Switch0#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Switch0#show spanning-tree
No spanning tree instance exists.
Switch0#show spanning-tree vlan 1
No spanning tree instance exists.
Subpunctul (b)
Pentru configurarea de VLAN-uri nu este nevoie sa configuram switch-ul Switch1 ntrucat ambelestat
,ii conectate la acesta (PC3s
,i PC4) se gasesc n acelas
,i VLAN (VLAN-ul 10).
In prima faza vom configura pe switch-ul Switch2porturile Fa2/1(portul dintre switch-ul Switch1)s,i Fa0/1(portul dintre stat
,ia PC6) n modul access pe VLAN-ul 10.
Switch2>en
Switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch2(config)#vlan 10
Switch2(config-vlan)#name 10
Switch2(config-vlan)#exit
Switch2(config)#int fa2/1
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 10
Switch2(config-if)#exitSwitch2(config)#int fa0/1
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 10
Switch2(config-if)#exit
Switch2(config)#
Dupa aceata configurare, dupa rularea STP, stat,iile PC3, PC4s
,i PC6 vor avea conectivitate, dar nu s
,i
stat,ia PC7 care nu a fost nca adaugata n VLAN-ul 10. Pentru verificarea conectivitat
,ii folosim fie
mesaje PacketTracer (Add Simple PDUsau tastap) sau comandapingdin consola stat,iilor (Desktop
Command Prompt).
Subpunctul (c)
Pentru a adauga stat,ia PC7 n VLAN-ul 10, vom configura:
pe switch-ul Switch3 portul Fa1/1 (portul dinspre stat,ia PC7) n modul acces pe VLAN-ul 10
pe switch-ul Switch3 portul Fa3/1 (portul dinspre switch-ul Switch2) n modul trunchi
pe switch-ul Switch2 portul Fa3/1 (portul dinspre switch-ul Switch3) n modul trunchi
Configurarea este cea de mai jos:
Switch3>en
Switch3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch3(config)#vlan 10Switch3(config-vlan)#name zece
Switch3(config-vlan)#exit
Switch3(config)#int fa1/1
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
3/17
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
4/17
Building configuration...
[OK]
Switch3#
Mai sus am s,i salvat configurat
,ia pentru cele doua switch-uri configurate: Switch2 s
,i Switch3.
In acest moment avem conectivitatea ntre cele doua stat,ii din VLAN-ul 20: PC5s
,i PC8.
Solut,ia se gases
,te n fis
,ierulrl_practic_2014-2015_sample2_ex2_sol.pkt.
3. Subpunctul (a)
Configuram ret,elele dintre rutere n conformitate cu enunt
,ul astfel:
Router0(Fa1/0): 100.100.100.1/30
Router1(Fa0/0): 100.100.100.2/30
Router1(Fa1/0): 200.200.200.1/30
Router2(Fa1/0): 200.200.200.2/30
Configurarea este cea de mai jos:
Router0>en
Router0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#int fa1/0
Router0(config-if)#ip address 100.100.100.1 255.255.255.252
Router0(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
Router0(config-if)#Router0(config-if)#exit
Router0(config)#
Router1>en
Router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#int fa0/0
Router1(config-if)#ip address 100.100.100.2 255.255.255.252
Router1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router1(config-if)#
Router1(config-if)#exit
Router1(config)#int fa1/0
Router1(config-if)#ip address 200.200.200.1 255.255.255.252
Router1(config-if)#no shut
Router1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
Router1(config-if)#exit
Router1(config)#
Router2>en
Router2#conf t
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
5/17
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#int fa1/0
Router2(config-if)#ip address 200.200.200.2 255.255.255.252
Router2(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Router2(config-if)#
Router2(config-if)#exit
Router2(config)#
Acum ruterele sunt conectate ntre ele. Putem verifica folosind comanda ping:
Router0#ping 100.100.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/6/15 ms
Router0#
Router1#ping 100.100.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms
Router1#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/4/6 ms
Router1#
Router2#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms
Router2#
Subpunctul (b)
Pentru a avea conectivatea ntre toate ruterele trebuie sa realizam urmatoarele configurari:
pe ruterul Router0 sa fie adaugata o ruta catre ret, eaua dintre ruterul Router1 s, i Router2(200.200.200.0/30) avand ca next hop adresa IP a interfet
,ei Fa0/0 de pe ruterul Router1
(100.100.100.2)
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
6/17
pe ruterul Router2 sa fie adaugata o ruta catre ret,eaua dintre ruterul Router0 s
,i Router1
(100.100.100.0/30) avand ca next hop adresa IP a interfet,ei Fa1/0 de pe ruterul Router1
(200.200.200.1)
Configurarea este cea de mai jos:
Router0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#ip route 200.200.200.0 255.255.255.252 100.100.100.2
Router2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#ip route 100.100.100.0 255.255.255.252 200.200.200.1
Acum ruterele sunt conectate toate ntre ele. Putem verifica folosind comandaping:
Router0#ping 200.200.200.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
Router2#ping 100.100.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms
Subpunctul (c)
Pentru ca ruterulRouter1sa aiba acces la ret,ele switch-urilorSwitch0s
,iSwitch3trebuie sa realizam
urmatoarele configurari:
adaugam o ruta catre ret,eaua switch-ului Switch0 (1.1.1.0/24) avand ca next hop adresa
interfet,ei Fa1/0de pe ruterul Router0(100.100.100.1)
adaugam o ruta catre ret,eaua switch-ului Switch3 (4.4.4.0/24) avand ca next hop adresa
interfet,ei Fa1/0de pe ruterul Router2(200.200.200.2)
pe stat,iile PC0 s
,i PC1 configuram ca default gateway adresa IP a interfet
,ei Fa0/0 a ruterului
Router0(1.1.1.1
pe stat,
iile PC6 s,
i PC7 configuram ca default gateway adresa IP a interfet,
ei Fa0/0 a ruteruluiRouter2(4.4.4.1
Configurarea este cea de mai jos:
Router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 1.1.1.0 255.255.255.0 100.100.100.1
Router1(config)#ip route 4.4.4.0 255.255.255.0 200.200.200.2
Configurareadefault gatewaype stat,ii se realizeaza prin intermediul interfet
,ei grafice PacketTracer
(Desktop IP Configuration Default Gateway).
Verificam configurarea folosind comanda ping:
Router1(config)#do ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
7/17
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/12/17 ms
Router1(config)#do ping 1.1.1.3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 9/11/14 ms
Router1(config)#do ping 4.4.4.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 10/12/14 ms
Router1(config)#do ping 4.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 10/12/15 ms
Router1(config)#
Subpunctul (d)
Pentru ca rutereleRouter0s,
iRouter2sa aiba acces la ret,
ele switch-urilorSwitch1s,
iSwitch2trebuiesa realizam urmatoarele configurari:
pe ruterul Router0 adaugam o ruta catre ret,eaua switch-ului Switch1 (2.2.2.0/24) s
,i una
catre ret,eaua switch-ului Switch2 (3.3.3.0/24) avand ca next hop adresa interfet
,ei Fa0/0 de
pe ruterul Router1(100.100.100.2)
pe ruterul Router2 adaugam o ruta catre ret,eaua switch-ului Switch1 (2.2.2.0/24) s
,i una
catre ret,eaua switch-ului Switch2 (3.3.3.0/24) avand ca next hop adresa interfet
,ei Fa1/0 de
pe ruterul Router1(200.200.200.1)
pe stat,iile PC2 s
,i PC3 configuram ca default gateway adresa IP a interfet
,ei Fa2/0 a ruterului
Router1(2.2.2.1
pe stat,iile PC4 s
,i PC5 configuram ca default gateway adresa IP a interfet
,ei Fa3/0 a ruterului
Router1(3.3.3.1
Configurarea este cea de mai jos:
Router0#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#ip route 2.2.2.0 255.255.255.0 100.100.100.2
Router0(config)#ip route 3.3.3.0 255.255.255.0 100.100.100.2
Router2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#ip route 2.2.2.0 255.255.255.0 200.200.200.1
Router2(config)#ip route 3.3.3.0 255.255.255.0 200.200.200.1
Configurareadefault gatewaype stat,ii se realizeaza prin intermediul interfet
,ei grafice PacketTracer
(Desktop IP Configuration Default Gateway).
Verificam configurarea folosind comanda ping:
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
8/17
Router0(config)#do ping 2.2.2.2
[...]
Router0(config)#do ping 2.2.2.3
[...]
Router0(config)#do ping 3.3.3.2[...]
Router0(config)#do ping 3.3.3.3
[...]
Router2(config)#do ping 2.2.2.2
[...]
Router2(config)#do ping 2.2.2.3
[...]
Router2(config)#do ping 3.3.3.2
[...]
Router2(config)#do ping 3.3.3.3
[...]
Subpunctul (e)
Pentru a definitiva configurat,ia mai trebuie ca ruterul Router0 sa ajunga la ret
,eaua switch-ului
Switch3iar ruterulRouter2sa ajunga la ret,eaua switch-uluiSwitch0. Trebuie sa realizam urmatoarele
configurari:
pe ruterul Router0 adaugam o ruta catre ret,eaua switch-ului Switch3 (4.4.4.0/24) avand ca
next hop adresa interfet,ei Fa0/0de pe ruterul Router1(100.100.100.2)
pe ruterul Router2 adaugam o ruta catre ret,eaua switch-ului Switch0 (1.1.1.0/24) avand ca
next hop adresa interfet,ei Fa1/0de pe ruterul Router1(200.200.200.1)
Configurarea este cea de mai jos:
Router0(config)#ip route 4.4.4.0 255.255.255.0 100.100.100.2
Router0(config)#do show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
S 2.2.2.0 [1/0] via 100.100.100.2
3.0.0.0/24 is subnetted, 1 subnets
S 3.3.3.0 [1/0] via 100.100.100.2
4.0.0.0/24 is subnetted, 1 subnets
S 4.4.4.0 [1/0] via 100.100.100.2
100.0.0.0/30 is subnetted, 1 subnets
C 100.100.100.0 is directly connected, FastEthernet1/0
200.200.200.0/30 is subnetted, 1 subnetsS 200.200.200.0 [1/0] via 100.100.100.2
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
9/17
Router2(config)#ip route 1.1.1.0 255.255.255.0 200.200.200.1
Router2(config)#do show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 200.200.200.1
2.0.0.0/24 is subnetted, 1 subnets
S 2.2.2.0 [1/0] via 200.200.200.1
3.0.0.0/24 is subnetted, 1 subnets
S 3.3.3.0 [1/0] via 200.200.200.14.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, FastEthernet0/0
100.0.0.0/30 is subnetted, 1 subnets
S 100.100.100.0 [1/0] via 200.200.200.1
200.200.200.0/30 is subnetted, 1 subnets
C 200.200.200.0 is directly connected, FastEthernet1/0
Am folosit comanda do show ip route pentru a vizualiza tabela de comutare a ruterelor s,i pentru
validarea configurat,iei.
Verificam configurarea daca avem conectivitate ntre toate stat,iile. Folosim fie mesa je PacketTracer
(Add Simple PDUsau tastap) sau comandapingdin consola stat,iilor (Desktop Command Prompt).
Solut, ia se gases,te n fis, ierulrl_practic_2014-2015_sample2_ex3_sol.pkt.
4. In prima faza rulam scriptul de configurare a topologiei:
root@host:~# ./rl-practical-sample2-prepare 4
Subpunctul (a)
Vom configura adresa192.168.10.1/24pe host(veth-red)s,i adresa192.168.10.2pe red(eth0).
Avem n vedere sa ridicam interfet,ele s
,i sa validam configurat
,ia:
root@host:~# ip a a 192.168.10.1/24 dev veth-red
root@host:~# ip l s dev veth-red uproot@host:~# ip a s veth-red
31: veth-red: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 0a:31:65:b4:86:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 scope global veth-red
root@host:~# ip r s dev veth-red
192.168.10.0/24 proto kernel scope link src 192.168.10.1
root@red:~# ip a a 192.168.10.2/24 dev eth0
root@red:~# ip l s dev eth0 up
root@red:~# ip a s eth0
30: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3e:8e:84:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.2/24 scope global eth0inet6 fe80::216:3eff:fe8e:8421/64 scope link
valid_lft forever preferred_lft forever
root@red:~# ip r s
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
10/17
192.168.10.0/24 proto kernel scope link src 192.168.10.2
Verificam folosind comandaping:
root@red:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.64 bytes from 192.168.10.1: icmp_req=1 ttl=64 time=0.071 ms
^C
--- 192.168.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.071/0.071/0.071/0.000 ms
Vom configura adresa192.168.20.1/24pe host(veth-green)s,i adresa192.168.20.2pe green(eth0).
Avem n vedere sa ridicam interfet,ele s
,i sa validam configurat
,ia:
root@host:~# ip a a 192.168.20.1/24 dev veth-green
root@host:~# ip l s dev veth-green up
root@host:~# ip a s veth-green
34: veth-green: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000link/ether 1e:2f:76:82:85:de brd ff:ff:ff:ff:ff:ff
inet 192.168.20.1/24 scope global veth-green
root@host:~# ip r s dev veth-green
192.168.20.0/24 proto kernel scope link src 192.168.20.1
root@green:~# ip a a 192.168.20.2/24 dev eth0
root@green:~# ip l s dev eth0 up
root@green:~# ip a s eth0
33: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3e:d1:b2:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.2/24 scope global eth0
inet6 fe80::216:3eff:fed1:b295/64 scope linkvalid_lft forever preferred_lft forever
root@green:~# ip r s
192.168.20.0/24 proto kernel scope link src 192.168.20.2
Verificam folosind comandaping:
root@green:~# ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
64 bytes from 192.168.20.1: icmp_req=1 ttl=64 time=0.104 ms
^C
--- 192.168.20.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.104/0.104/0.104/0.000 ms
Vom configura adresa192.168.30.1/24pe host(veth-blue)s,i adresa192.168.30.2peblue(eth0).
Avem n vedere sa ridicam interfet,ele s
,i sa validam configurat
,ia:
root@host:~# ip a a 192.168.30.1/24 dev veth-blue
root@host:~# ip l s dev veth-blue up
root@host:~# ip a s veth-blue
37: veth-blue: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether ca:40:75:73:78:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.1/24 scope global veth-blue
root@host:~# ip r s dev veth-blue
192.168.30.0/24 proto kernel scope link src 192.168.30.1
root@blue:~# ip a a 192.168.30.2/24 dev eth0
root@blue:~# ip l s dev eth0 up
root@blue:~# ip a s eth0
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
11/17
36: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:16:3e:32:0f:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.30.2/24 scope global eth0
inet6 fe80::216:3eff:fe32:fae/64 scope link
valid_lft forever preferred_lft forever
root@blue:~# ip r s192.168.30.0/24 proto kernel scope link src 192.168.30.2
Verificam folosind comandaping:
root@blue:~# ping 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_req=1 ttl=64 time=0.115 ms
^C
--- 192.168.30.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.115/0.115/0.115/0.000 ms
Subpunctul (b)
Pentru conectivitate ntre stat,iile de tip containere trebuie sa realizam urmatorii pas
,i:
adaugareadefault gatewaype fiecare container; adresa este adresa interfet,eivethcorespunzatoare
de pe stat,ia host
activarea rutarii pe stat,ia host
Configurarea este cea de mai jos:
root@red:~# ip r a default via 192.168.10.1
root@red:~# ip r s dev eth0default via 192.168.10.1
192.168.10.0/24 proto kernel scope link src 192.168.10.2
root@green:~# ip r a default via 192.168.20.1
root@green:~# ip r s
default via 192.168.20.1 dev eth0
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.2
root@blue:~# ip r a default via 192.168.30.1
root@blue:~# ip r s
default via 192.168.30.1 dev eth0
192.168.30.0/24 dev eth0 proto kernel scope link src 192.168.30.2
root@host:~# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
Verificam conectivitatea ntre containere:
root@red:~# ping 192.168.20.2 # OK de la red la green
root@red:~# ping 192.168.30.2 # OK de la red la blue
root@green:~# ping 192.168.10.2 # OK de la green la red
root@green:~# ping 192.168.30.2 # OK de la green la blue
root@blue:~# ping 192.168.10.2 # OK de la blue la red
root@blue:~# ping 192.168.20.2 # OK de la blue la green
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
12/17
Subpunctul (c)
Pentru conectivitate la Internet a containerelor trebuie sa configuram o regula de NAT (MASQUERADE)pe stat
,ia host.
Configurarea este cea de mai jos:
root@host:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
root@host:~# iptables -t nat -L POSTROUTING -n -v
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
Verificam conectivitatea de pe containere la google.com:
root@red:~# ping google.com
PING google.com (173.194.112.102) 56(84) bytes of data.
64 bytes from fra07s30-in-f6.1e100.net (173.194.112.102): icmp_req=1 ttl=48 time=38.1 ms
^C
--- google.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.138/38.138/38.138/0.000 ms
root@green:~# ping google.com
PING google.com (173.194.112.100) 56(84) bytes of data.
64 bytes from fra07s30-in-f4.1e100.net (173.194.112.100): icmp_req=1 ttl=48 time=38.0 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.042/38.042/38.042/0.000 ms
root@blue:~# ping google.comPING google.com (173.194.112.105) 56(84) bytes of data.
64 bytes from fra07s30-in-f9.1e100.net (173.194.112.105): icmp_req=1 ttl=48 time=38.0 ms
^C
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.088/38.088/38.088/0.000 ms
5. In prima faza rulam scriptul de configurare a topologiei:
root@host:~# ./rl-practical-sample2-prepare 5
Subpunctul (a)
Pentru a permite traficul FTP catre stat,ia green doar de la stat
,ia red configuram iptables astfel:
permitem traficul FTP de la stat,ia red la green
respingem traficul FTP de la orice stat,ie catregreen; ntrucat va trebui sa blocam s
,i stat
,iahost
vom folosi s,i lant
,ul OUTPUT
Configurarea este cea de mai jos:
root@host:~# iptables -t filter -A FORWARD -s 20.20.20.2 -d 30.30.30.2 -p tcp --dport 21 -j ACCEPT
root@host:~# iptables -t filter -A FORWARD -d 30.30.30.2 -p tcp --dport 21 -j REJECT
root@host:~# iptables -t filter -A OUTPUT -d 30.30.30.2 -p tcp --dport 21 -j REJECT
root@host:~# iptables -t filter -L -n -vChain INPUT (policy ACCEPT 84 packets, 6160 bytes)
pkts bytes target prot opt in out source destination
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
13/17
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 20.20.20.2 30.30.30.2 tcp dpt:21
0 0 REJECT tcp -- * * 0.0.0.0/0 30.30.30.2 tcp dpt:21 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 41 packets, 4132 bytes)pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 30.30.30.2 tcp dpt:21 reject-with icmp-port-unreachable
Folosim clientulftppentru verificare:
root@host:~# ftp 30.30.30.2 # Conexiune refuzata de la host la green
ftp: connect: Connection refused
ftp>
root@host:~# ftp 20.20.20.2 # Conexiune OK de la host la red (nu am stricat altceva)
Connected to 20.20.20.2.
220 (vsFTPd 2.3.5)
Name (20.20.20.2:root): ^C
root@red:~# ftp 30.30.30.2 # Conexiune OK de la red la green
Connected to 30.30.30.2.
220 (vsFTPd 2.3.5)
Name (30.30.30.2:root): ^C
root@blue:~# ftp 30.30.30.2 # Conexiune refuzata de la blue la green
ftp: connect: Connection refused
ftp>
root@blue:~# ftp 20.20.20.2 # Conexiune OK de la blue la red (nu am stricat altceva)
Connected to 20.20.20.2.
220 (vsFTPd 2.3.5)
Name (20.20.20.2:root): ^C
Subpunctul (b)
Pentru a permite comunicarea ICMP a stat,ieired doar cu stat
,iahostrealizam o configurare simpla:
respingem traficul ICMP pe lant,ul iptables FORWARD pe stat
,ia host
Configurarea este cea de mai jos:
root@host:~# iptables -t filter -A FORWARD -p icmp -d 20.20.20.2 -j REJECT
Folosim comanda ping pentru verificare:
root@host:~# ping 20.20.20.2 # OK de la host la red
PING 20.20.20.2 (20.20.20.2) 56(84) bytes of data.
64 bytes from 20.20.20.2: icmp_req=1 ttl=64 time=0.078 ms
^C
--- 20.20.20.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.078/0.078/0.078/0.000 ms
root@green:~# ping 20.20.20.2 # Respins de la green la red
PING 20.20.20.2 (20.20.20.2) 56(84) bytes of data.
From 30.30.30.1 icmp_seq=1 Destination Port Unreachable
^C--- 20.20.20.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
14/17
root@green:~# ping 40.40.40.2 # OK de la green la blue (nu am stricat altceva)
PING 40.40.40.2 (40.40.40.2) 56(84) bytes of data.
64 bytes from 40.40.40.2: icmp_req=1 ttl=64 time=0.045 ms
^C
--- 40.40.40.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.045/0.045/0.045/0.000 ms
root@blue:~# ping 20.20.20.2 # Respins de la blue la red
PING 20.20.20.2 (20.20.20.2) 56(84) bytes of data.
From 40.40.40.1 icmp_seq=1 Destination Port Unreachable
^C
--- 20.20.20.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
root@blue:~# ping 30.30.30.2 # OK de la blue la geen (nu am stricat altceva)
PING 30.30.30.2 (30.30.30.2) 56(84) bytes of data.
64 bytes from 30.30.30.2: icmp_req=1 ttl=63 time=0.117 ms^C
--- 30.30.30.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.117/0.117/0.117/0.000 ms
Subpunctul (c)
Pentru ca stat,iared sa poata comunica ICMP cu alte stat
,ii trebuie ca stat
,ia sa poata trimite pachete
IMCP de tipecho-requests,i sa poata primi pachete ICMP de tip echo-reply. Pentru aceasta vom
face urmatoarea configuare:
inseram o regula n lant,ul FORWARD care accepta pachetele ICMP de tip echo-reply trimise
stat,iei red
restul regulilor ramane ceea ce nseamna ca alte pachete ICMP (de tip echo-request) nu vorajunge la stat
,ia reds
,i, deci, stat
,ia nu va putea fi contactata de alte stat
,ii
Configurarea este cea de mai jos (exemple de configurare iptablesse gasesc la adresahttp://www.thegeekstuff.com/scripts/iptables-rules):
root@host:~# iptables -t filter -L FORWARD -n -v --line-number
Chain FORWARD (policy ACCEPT 2 packets, 168 bytes)
num pkts bytes target prot opt in out source destination
1 5 256 ACCEPT tcp -- * * 20.20.20.2 30.30.30.2 tcp dpt:21
2 2 120 REJECT tcp -- * * 0.0.0.0/0 30.30.30.2 tcp dpt:21 reject-with icmp-port-unreachable
3 3 252 REJECT icmp -- * * 0.0.0.0/0 20.20.20.2 reject-with icmp-port-unreachable
root@host:~# iptables -t filter -I FORWARD 3 -d 20.20.20.2 -p icmp --icmp-type echo-reply -j ACCEPT
root@host:~# iptables -t filter -L FORWARD -n -v --line-number
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 5 256 ACCEPT tcp -- * * 20.20.20.2 30.30.30.2 tcp dpt:21
2 2 120 REJECT tcp -- * * 0.0.0.0/0 30.30.30.2 tcp dpt:21 reject-with icmp-port-unreachable
3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 20.20.20.2 icmptype 0
4 3 252 REJECT icmp -- * * 0.0.0.0/0 20.20.20.2 reject-with icmp-port-unreachable
Folosim comanda ping pentru verificare:
root@red:~# ping 30.30.30.2 # OK de la red la greenPING 30.30.30.2 (30.30.30.2) 56(84) bytes of data.
64 bytes from 30.30.30.2: icmp_req=1 ttl=63 time=0.091 ms
^C
Test Practic RL Varianta sample2 ianuarie 2015
http://www.thegeekstuff.com/scripts/iptables-ruleshttp://www.thegeekstuff.com/scripts/iptables-ruleshttp://www.thegeekstuff.com/scripts/iptables-ruleshttp://www.thegeekstuff.com/scripts/iptables-rules -
8/10/2019 RL 2014-2015 Practic Sample2 Sol
15/17
--- 30.30.30.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.091/0.091/0.091/0.000 ms
root@red:~# ping 40.40.40.2 # OK de la red la blue
PING 40.40.40.2 (40.40.40.2) 56(84) bytes of data.
64 bytes from 40.40.40.2: icmp_req=1 ttl=63 time=0.122 ms^C
--- 40.40.40.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.122/0.122/0.122/0.000 ms
root@green:~# ping 20.20.20.2 # Respins de la green la red
PING 20.20.20.2 (20.20.20.2) 56(84) bytes of data.
From 30.30.30.1 icmp_seq=1 Destination Port Unreachable
^C
--- 20.20.20.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root@blue:~# ping 20.20.20.2 # Respins de la blue la red
PING 20.20.20.2 (20.20.20.2) 56(84) bytes of data.
From 40.40.40.1 icmp_seq=1 Destination Port Unreachable
^C
--- 20.20.20.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
6. In prima faza rulam scriptul de configurare a topologiei:
root@host:~# ./rl-practical-sample2-prepare 6
Subpunctul (a)
Pentru a conecta stat,iile red s
,i greenvom realiza urmatorii pas
,i:
vom crea bridge-ul br0
vom adauga interfat,a de tip veth specifica stat
,iei red(adica veth-red) la bridge-ul br0
vom adauga interfat,a de tip veth specifica stat
,iei green (adica veth-green) la bridge-ul br0
Configurarea este cea de mai jos:
root@host:~# brctl addbr br0
root@host:~# brctl addif br0 veth-redroot@host:~# brctl addif br0 veth-green
root@host:~# ip l s dev br0 up
root@host:~# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.7e86d6631dbc no veth-green
veth-red
Folosim comanda ping pentru verificare:
root@red:~# ping 42.42.42.3
PING 42.42.42.3 (42.42.42.3) 56(84) bytes of data.
64 bytes from 42.42.42.3: icmp_req=1 ttl=64 time=0.125 ms
^C--- 42.42.42.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.125/0.125/0.125/0.000 ms
Test Practic RL Varianta sample2 ianuarie 2015
-
8/10/2019 RL 2014-2015 Practic Sample2 Sol
16/17
root@green:~# ping 42.42.42.2
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.
64 bytes from 42.42.42.2: icmp_req=1 ttl=64 time=0.080 ms
^C
--- 42.42.42.2 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.080/0.080/0.080/0.000 ms
Subpunctul (b)
Pentru a crea o pereche de interfet,evethfolosim comandaip link(detalii la adresahttp://people.
debian.org/~ultrotter/talks/dc10/networking.html): Configurarea este cea de mai jos:
Folosim comanda ping pentru verificare:
root@host:~# ip link add name veth-conn0 type veth peer name veth-conn1
root@host:~# ip link set dev veth-conn0 up
root@host:~# ip link set dev veth-conn1 up
root@host:~# ip a s
[...]
63: veth-conn1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 96:59:c1:93:7b:a2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9459:c1ff:fe93:7ba2/64 scope link
valid_lft forever preferred_lft forever
64: veth-conn0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 12:eb:e2:15:d5:f2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::10eb:e2ff:fe15:d5f2/64 scope link
valid_lft forever preferred_lft forever
Subpunctul (c)
Pentru a conecta stat,ia blue la celelalte stat
,ii vom realiza urmatorii pas
,i:
vom crea bridge-ul br1
vom adauga interfat,a de tip veth specifica stat
,iei blue(adica veth-blue) la bridge-ul br1
vom adauga interfat,a de legature de tip veth (veth-conn0) la bridge-ul br1
vom ridica interfat,a br1
vom adauga interfat,a pereche de tip veth(veth-conn1) la bridge-ul br0
Configurarea este cea de mai jos:
root@host:~# brctl addbr br1
root@host:~# brctl addif br1 veth-blue
root@host:~# brctl addif br1 veth-conn0
root@host:~# ip l s dev br1 up
root@host:~# brctl addif br0 veth-conn1
root@host:~# brctl show br1
bridge name bridge id STP enabled interfaces
br1 8000.12ebe215d5f2 no veth-blue
veth-conn0
root@host:~# brctl show br0
bridge name bridge id STP enabled interfacesbr0 8000.7e86d6631dbc no veth-conn1
veth-green
veth-red
Test Practic RL Varianta sample2 ianuarie 2015
http://people.debian.org/~ultrotter/talks/dc10/networking.htmlhttp://people.debian.org/~ultrotter/talks/dc10/networking.htmlhttp://people.debian.org/~ultrotter/talks/dc10/networking.htmlhttp://people.debian.org/~ultrotter/talks/dc10/networking.htmlhttp://people.debian.org/~ultrotter/talks/dc10/networking.htmlhttp://people.debian.org/~ultrotter/talks/dc10/networking.html -
8/10/2019 RL 2014-2015 Practic Sample2 Sol
17/17
Folosim comanda ping pentru verificare:
root@blue:~# ping 42.42.42.2 # Conexiune OK de la blue la red
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.
64 bytes from 42.42.42.2: icmp_req=1 ttl=64 time=0.125 ms
^C--- 42.42.42.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.125/0.125/0.125/0.000 ms
root@blue:~# ping 42.42.42.3 # Conexiune OK de la blue la green
PING 42.42.42.3 (42.42.42.3) 56(84) bytes of data.
64 bytes from 42.42.42.3: icmp_req=1 ttl=64 time=0.121 ms
^C
--- 42.42.42.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.121/0.121/0.121/0.000 ms
Subpunctul (d)
Stat,iile de tip container au adrese IP din ret
,eaua42.42.42.0/24. Vom configura adresa42.42.42.1/24
interfet,ei br1. In acest fel s
,i stat
,ia hostva fi conectata la stat
,iile de tip container.
Configurarea este cea de mai jos:
root@host:~# ip a a 42.42.42.1/24 dev br1
root@host:~# ip a s dev br1
62: br1: mtu 1500 qdisc noqueue state UP
link/ether 12:eb:e2:15:d5:f2 brd ff:ff:ff:ff:ff:ff
inet 42.42.42.1/24 scope global br1
inet6 fe80::10eb:e2ff:fe15:d5f2/64 scope linkvalid_lft forever preferred_lft forever
root@host:~# ip r s dev br1
42.42.42.0/24 proto kernel scope link src 42.42.42.1
Folosim comanda ping pentru verificare:
root@host:~# ping 42.42.42.2 # OK de la host la red
PING 42.42.42.2 (42.42.42.2) 56(84) bytes of data.
64 bytes from 42.42.42.2: icmp_req=1 ttl=64 time=0.156 ms
^C
--- 42.42.42.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.156/0.156/0.156/0.000 msroot@host:~# ping 42.42.42.3 # OK de la host la green
PING 42.42.42.3 (42.42.42.3) 56(84) bytes of data.
64 bytes from 42.42.42.3: icmp_req=1 ttl=64 time=0.127 ms
^C
--- 42.42.42.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.127/0.127/0.127/0.000 ms
root@host:~# ping 42.42.42.4 # OK de la host la blue
PING 42.42.42.4 (42.42.42.4) 56(84) bytes of data.
64 bytes from 42.42.42.4: icmp_req=1 ttl=64 time=0.099 ms
^C
--- 42.42.42.4 ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.099/0.099/0.099/0.000 ms
top related