1、PIX的基本操作实验,PIX实验拓扑结构,实验基本连接:PC 通过控制口来登录配置防火墙,在这里我们是通过访问我们的试验台来登录的.,PIX实验基本内容,这个实验主要来操作下面的基本配置命令.a.hostname 设置名称命令 b.nameif 设置接口名称和优先级 c.interface 激活接口 d.ip add 设置接口 IP地址 e.route 设置静态路由 f.passwd enable pass 设置远程访问的密码 g.wr mem 保持配置 h.wr erase 清除配置 i.reload 重新启动,PIX实验过程,进入 PIX系统;此时系统提示 pixfirewall。 pix
2、firewall en Password: 直接进入没有密码,第一次,出厂没有被设置 pixfirewall# conf t pixfirewall(config)# hostname fxh 为路由器配置名字 fxh(config)# sh nameif 查询接口名字 nameif ethernet0 outside security0 nameif ethernet1 inside security100 fxh(config)# sh interface 详细查询接口信息,看看是否链路层起来,是派查错误的必要命令 interface ethernet0 outside is admini
3、stratively down, 说明没有启动接口 line protocol is up,PIX实验过程,Hardware is i82558 ethernet, address is 0004.ac15.c562 MTU 1500 bytes, BW 10000 Kbit half duplex 407 packets input, 50763 bytes, 0 no buffer Received 407 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4、0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/0) output queue (curr/max blocks): hardware (0/0) software (0/0),PIX实验过程,interf
5、ace ethernet1 inside is administratively down, line protocol is up Hardware is i82558 ethernet, address is 0004.acc5.465b MTU 1500 bytes, BW 10000 Kbit half duplex 407 packets input, 50763 bytes, 0 no buffer Received 407 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 igno
6、red, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/0) output queue (curr/max blocks): hardware (0/0) software (0/0),P
7、IX实验过程,fxh(config)# int e0 auto 自动启用接口命令 fxh(config)# int e1 auto fxh(config)# sh inter interface ethernet0 outside is up, line protocol is up Hardware is i82558 ethernet, address is 0004.ac15.c562 MTU 1500 bytes, BW 10000 Kbit half duplex 410 packets input, 51039 bytes, 0 no buffer Received 410 bro
8、adcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) so
9、ftware (0/0) output queue (curr/max blocks): hardware (0/0) software (0/0),PIX实验过程,interface ethernet1 inside is up, line protocol is up Hardware is i82558 ethernet, address is 0004.acc5.465b MTU 1500 bytes, BW 10000 Kbit half duplex 410 packets input, 51039 bytes, 0 no buffer Received 410 broadcast
10、s, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software
11、 (0/0) output queue (curr/max blocks): hardware (0/0) software (0/0),PIX实验过程,fxh(config)# inter e0 100full 手动启动接口的速率和双工模式 fxh(config)# inter e1 100full fxh(config)# sh inter interface ethernet0 outside is up, line protocol is down,PIX实验过程,Hardware is i82558 ethernet, address is 0004.ac15.c562 MTU 15
12、00 bytes, BW 100000 Kbit full duplex 414 packets input, 51558 bytes, 0 no buffer Received 414 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisi
13、ons, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/0) software (0/0),PIX实验过程,interface ethernet1 inside is up, line protocol is down Hardware is i82558 ethernet, address is 0004.acc5.465b MTU 1500
14、bytes, BW 100000 Kbit full duplex 414 packets input, 51558 bytes, 0 no buffer Received 414 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions
15、, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/0) software (0/0),PIX实验过程,fxh(config)# exit fxh# sh run | in inter 快速的查询命令 interface ethernet0 100full interface ethernet1 100full fxh# conf t fxh(co
16、nfig)# ip add outside 1.1.1.125 255.255.0 设置内部和外部接口的命令 fxh(config)# ip add inside 1.2.3.125 255.255.255.0 fxh(config)# sh ip add 查询设置地址的命令 System IP Addresses: ip address outside 1.1.1.125 255.255.0.0 ip address inside 1.2.3.125 255.255.255.0,PIX实验过程,Current IP Addresses: ip address outside 1.1.1.12
17、5 255.255.0.0 ip address inside 1.2.3.125 255.255.255.0 fxh(config)# ip add outside 1.1.1.125 255.255.255.0 fxh(config)# sh ip add System IP Addresses: ip address outside 1.1.1.125 255.255.255.0 ip address inside 1.2.3.125 255.255.255.0 Current IP Addresses:,PIX实验过程,ip address outside 1.1.1.125 255.
18、255.255.0 ip address inside 1.2.3.125 255.255.255.0 fxh(config)# sh route outside 1.1.1.0 255.255.255.0 1.1.1.125 1 CONNECT static inside 1.2.3.0 255.255.255.0 1.2.3.125 1 CONNECT static fxh(config)# route outside 0 0 1.1.1.124 建立路由的方法,可以让内部的数据穿越 PIX到外部去。 fxh(config)# route inside 10.1.1.0 255.255.2
19、55.0 1.2.3.124 控制路由信息的静态路由建立 fxh(config)# passwd cisco 建立 telnet和 ssh 登录的密码 fxh(config)# en pass cisco 建立 enable的密码 fxh(config)# exit fxh# disable fxh en,PIX实验过程,Password: * fxh# wri mem 保存配置信息 Building configuration. Cryptochecksum: 3a115dcb 6d5645e4 94c3e380 687a5015 OK fxh# fxh# fxh# fxh# wr era
20、清除配置信息 Erase PIX configuration in flash memory? confirm fxh# fxh# fxh# fxh# reload 重新启动你的 PIX,PIX实验思考题,如何保存配置信息?如何cisco 建立 telnet和 ssh 登录的密码 ?如何清除配置信息?如何设置内部和外部接口的命令?如何查询接口名字?写出自动启用接口命令。写出手动启动接口的速率和双工模式。,小结,PIX实验主要内容搭建实验环境a.hostname 设置名称命令 b.nameif 设置接口名称和优先级 c.interface 激活接口 d.ip add 设置接口 IP地址 e.route 设置静态路由 f.passwd enable pass 设置远程访问的密码 g.wr mem 保持配置 h.wr erase 清除配置 i.reload 重新启动PIX实验基本步骤,
