You are currently browsing the 巴鲁 blog archives for 二月, 2010
For English users about how to use GNS3 to run ASA, please visit http://www.gns3.net/phpBB/topic1369-30.html, and read the post that posted by me (ID: jresins).
详见:http://bbs.56cto.com/thread-41418-1-1.html
或 http://www.netemu.cn/bbs/thread-12203-1-1.html
或 http://www.51chongdian.net/bbs/thread-21730-1-1.html
以上各连接内容一样。 Continue reading →
1、模拟的方法
模拟的方法很简单,从网上下载pix的IOS(是.bin格式的文件),然后在GNS3的“编辑”–>“首选项”–>”Qemu”–>”PIX”,在binary image中设置相应IOS文件即可。
2. PIX的激活
要完全使用PIX的功能,需要激活PIX,激活方法如下(引用自网络):
pixfirewall> en
Password:
pixfirewall# sh versionCisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”pixfirewall up 3 mins 23 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium II 1 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB0: Ext: Ethernet0 : address is 0000.abcd.ef00, irq 9
1: Ext: Ethernet1 : address is 0000.abcd.ef01, irq 11
2: Ext: Ethernet2 : address is 0000.abcd.ef02, irq 11
3: Ext: Ethernet3 : address is 0000.abcd.ef03, irq 11
4: Ext: Ethernet4 : address is 0000.abcd.ef04, irq 11
The Running Activation Key is not valid, using default settings:Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Disabled //Failover不可用
VPN-DES : Disabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : UnlimitedThis platform has a Restricted (R) license.
Serial Number: 808102688 //序列号
Running Activation Key: 0×00000000 0×00000000 0×00000000 0×00000000 0×00000000 //激活码
Configuration has not been modified since last system restart.
pixfirewall# activation-key 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1 //输入激活码
The following features available in flash activation key are NOT
available in new activation key:
Failover is different.
flash activation key: Restricted(R)
new activation key: Unrestricted(UR)
Proceed with update flash activation key? [confirm]
The following features available in running activation key are NOT
available in new activation key:
Failover is different.
running activation key: Restricted(R)
new activation key: Unrestricted(UR)
WARNING: The running activation key was not updated with the requested key.
The flash activation key was updated with the requested key, and will
become active after the next reload.
pixfirewall# write //保存配置
Building configuration…
Cryptochecksum: 70b1d47e d807251d 47f50cb7 f851d3901226 bytes copied in 0.800 secs
[OK]然后在GNS3中直接停掉PIX,重新启动即可,不能reload。
下面是重启后的
pixfirewall> en
Password:
pixfirewall# sh versionCisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”pixfirewall up 17 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium II 1 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB0: Ext: Ethernet0 : address is 0000.abcd.ef00, irq 9
1: Ext: Ethernet1 : address is 0000.abcd.ef01, irq 11
2: Ext: Ethernet2 : address is 0000.abcd.ef02, irq 11
3: Ext: Ethernet3 : address is 0000.abcd.ef03, irq 11
4: Ext: Ethernet4 : address is 0000.abcd.ef04, irq 11Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : UnlimitedThis platform has an Unrestricted (UR) license.
Serial Number: 808102688
Running Activation Key: 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1
Configuration has not been modified since last system restart.附上我找到的PIX序列号&激活码
Serial Number: 302aab20
Running Activation Key: 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1Serial Number: 807211225
Running Activation Key: 0x5236f5a7 0x97def6da 0x732a91f5 0xf5deef57Serial Number: 808181272
Running Activation Key: 0x052a1524 0x3712a12b 0xb636cc54 0xa178eeac
3、修改PIX Serial Number,套用已有激活码激活PIX
通常无法获得与上文中相同的Serial Number,那么也就没办法使用对应的激活码了。但是,我们可以通过修改GNS3中的PIX参数来修改PIX的Serial Number,这样,我们就可以使用已有的激活码了。
具体操作:
方法一:
“编辑”–>“首选项”–>”Qemu”–>”PIX”–>”PIX Specific Settings”—>”Serial”
方法二:
进入设置的Qemu的工作目录,找到FW1目录,修改该目录下的pemu.ini文件中相应的内容
注:只有在GNS中创建了PIX防火墙,才会有FW1目录产生。以此类推,若创建了多个PIX,则就会产生FW2,FW3…等多个目录。
至此,大功告成。
附:通过google查找PIX IOS及激活码
Google Searches:
Google Search for IOS Images
Google Search for Pix Images
Google Search for Pix Serial Numbers and Authorization Keys
前提:要手动指定AP的IP地址,需要先保证RFS7000已经管理上了该AP,即在RFS7000上已经可以看到该AP(不论二层、三层)
1、通过命令行show wireless ap,获知要指定IP地址的AP的编号
2、进入无线配置模式
RFS7000#show wireless ap
Number of access-ports adopted : 1
Number of AAPs adopted : 0
Available AP licenses :256
Available AAP licenses : 0
Redundancy enabled : N
Redundancy mode : active
# MAC RADIOS [indices] MODEL-NUMBER ADOPTION-MODE STATIC IP
1 00-23-68-4A-54-A4 1 [ 5 ] WSAP-5100-050-WWR L3 (IP: 172.16.0.2)
RFS7000#
通过上边的show wireless ap命令,我们获知三层部署的AP的AP编号为1
进入无线配置模式示例:
RFS7000#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RFS7000(config)#wireless
RFS7000(config-wireless)#
RFS7000(config-wireless)#ap-ip 1 static-ip 172.16.0.2/16 172.16.0.1
RFS7000(config-wireless)#ap-ip 1 switch-ip add 10.10.10.1
RFS7000(config-wireless)#ap-ip default-ap switch-ip add 10.10.10.1
格式说明:
ap-ip 1 static-ip 172.16.0.2/16 172.16.0.1
ap-ip AP编号 static-ip 指定的IP地址/网络位长度 AP的默认网关
ap-ip 1 switch-ip add 10.10.10.1
ap-ip AP编号 switch-ip add AC的IP地址
ap-ip default-ap switch-ip add 10.10.10.1
ap-ip default-ap switch-ip add AC的IP地址
集群模式下手动配置说明:
1、 保证全网每个AP的IP地址唯一
2、 为AP手动指定switch-ip,需要将集群中的每一台AC的IP地址都加进去。
3、 手动为AP指定IP后,当AP因某种原因切换到另一台AC上去之后,AP的IP地址不变。
一、RFS7000的配置
(假如要做端口聚合的为GE1和GE2)
RFS7000#conf t
RFS7000(config)#interface vlan 1
RFS7000(config-if)#ip address 192.168.1.1/24
RFS7000(config-if)#no shutdown
RFS7000(config-if)#exit
RFS7000(config)#interface ge 1
RFS7000(config-if)#switchport mode access
RFS7000(config-if)#switchport access vlan 1
RFS7000(config-if)#static-channel-group 1
RFS7000(config-if)#no shutdown
RFS7000(config-if)#exit
RFS7000(config)interface ge 2
RFS7000(config-if)#switchport mode access
RFS7000(config-if)#switchport access vlan 1
RFS7000(config-if)#static-channel-group 1
RFS7000(config-if)#no shutdown
RFS7000(config-if)#exit
RFS7000(config)# interface sa1
RFS7000(config-if)#switchport mode access
RFS7000(config-if)#switchport access vlan 1
RFS7000(config-if)#end
RFS7000#wr
说明:
1、 做链路聚合的端口的工作模式必须相同,比如都是access模式或者都是trunk模式
2、 当各端口均为trunk模式时,各端口允许通过的VLAN必须相同
3、 同一个聚合组的端口必须配置为相同的static-channel-group,比如端口配置都为static-channel-group 1,表示该端口为聚合端口SA1 的成员端口。
4、 聚合端口,比如上面的sa1 的端口工作模式必须与各成员端口一致,且允许通过的VLAN必须一致。
5、 配置完成后,在各参与端口及聚合端口上使用no shutdown启用端口
6、 当端口使用的是光路时,必须保证RFS7000及对端交换机的端口设置为:双工模式 自动,速率自动。
7、 RFS7000无线交换机支持的链路聚合协议为LACP
8、在对RFS7000端口做链路聚合配置时,端口的链路会先中断,再恢复。
二、思科交换机的配置
(假如要做端口聚合的端口为FastEthernet0/1和FastEthernet0/2)
Switch# configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)# interface range FastEthernet0/1 -2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 1
Switch(config-if-range)# channel-group 1 mode <active | passive>
Switch(config-if)#exit
Switch(config)# interface Port-channel1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 1
Switch(config-if)#no shutdown
Switch(config-if)#end
Switch#copy run start