j*y
2 楼
周末了
x*n
3 楼
不好意思,偷了个懒。我发包子答谢。
interface FastEthernet0/0
ip address 209.254.138.1 255.255.255.224 secondary
ip address 10.16.67.1 255.255.255.0
ip helper-address 10.16.64.20
no ip redirects
no ip proxy-arp
ip nat inside--------------------------
speed auto
half-duplex
no cdp enable
!
interface Serial0/0
bandwidth 1544
no ip address
no ip redirects
encapsulation frame-relay IETF
fair-queue 64 64 0
frame-relay lmi-type ansi
crypto map vpn
!
interface Serial0/0.1 point-to-point
ip address 209.254.131.50 255.255.255.252
ip nat outside----------------------------------------------------
no cdp enable
frame-relay interface-dlci 100
crypto map vpn
!
ip nat inside source list 101 interface Serial0/0.1 overload
ip nat inside source static tcp 10.16.67.42 1500 209.254.138.2 1500
extendable
ip nat inside source static udp 10.16.67.42 1500 209.254.138.2 1500
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
!
no logging trap
access-list 101 deny ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.16.67.0 0.0.0.255 any
access-list 150 permit ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
no cdp run
我的理解是NAT只是ip的转换,router的fa0/0inside IP是10.16.67.1,outside就给他
一个代号,209.254.138.1。
那么ip nat inside source static tcp 10.16.67.42 1500 209.254.138.2 1500
extendable是什么意思呢?10.16.67.42是一个dhcp server,然后所有的LAN IP都通过
nat转成209.254.138.2?
interface FastEthernet0/0
ip address 209.254.138.1 255.255.255.224 secondary
ip address 10.16.67.1 255.255.255.0
ip helper-address 10.16.64.20
no ip redirects
no ip proxy-arp
ip nat inside--------------------------
speed auto
half-duplex
no cdp enable
!
interface Serial0/0
bandwidth 1544
no ip address
no ip redirects
encapsulation frame-relay IETF
fair-queue 64 64 0
frame-relay lmi-type ansi
crypto map vpn
!
interface Serial0/0.1 point-to-point
ip address 209.254.131.50 255.255.255.252
ip nat outside----------------------------------------------------
no cdp enable
frame-relay interface-dlci 100
crypto map vpn
!
ip nat inside source list 101 interface Serial0/0.1 overload
ip nat inside source static tcp 10.16.67.42 1500 209.254.138.2 1500
extendable
ip nat inside source static udp 10.16.67.42 1500 209.254.138.2 1500
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
!
no logging trap
access-list 101 deny ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.16.67.0 0.0.0.255 any
access-list 150 permit ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
no cdp run
我的理解是NAT只是ip的转换,router的fa0/0inside IP是10.16.67.1,outside就给他
一个代号,209.254.138.1。
那么ip nat inside source static tcp 10.16.67.42 1500 209.254.138.2 1500
extendable是什么意思呢?10.16.67.42是一个dhcp server,然后所有的LAN IP都通过
nat转成209.254.138.2?
l*4
4 楼
找了这么久只有一个面试, 然后也没有下午的, 好歹也要是不是给我个邮件电话什么
的, 鼓励
一下嘛。
大家找工作的情况都一样么?
的, 鼓励
一下嘛。
大家找工作的情况都一样么?
d*h
5 楼
很一般,位置还不好
x*n
7 楼
NAT具有block IP的作用么?还是只是换个IP?
B*d
8 楼
你啥背景啊?这个行业是不太好找。加油吧。
s*g
9 楼
First line of NAT configuration(ip nat inside) is called PAT, it is mostly
used for Internet access,i.e, flow can only be created when traffic is
initiated from inside, second and third line are called static NAT, your
client must have a TCP/UDP service running on port 1500 which can be
accessible from Internet. When there is a overlapping of NAT rules, static
translation rules take precedence.
PAT will provide basic security, but static NAT does not.
used for Internet access,i.e, flow can only be created when traffic is
initiated from inside, second and third line are called static NAT, your
client must have a TCP/UDP service running on port 1500 which can be
accessible from Internet. When there is a overlapping of NAT rules, static
translation rules take precedence.
PAT will provide basic security, but static NAT does not.
j*a
11 楼
wa kao, 这个配置好难,谁给小弟弟看看帮帮忙,我是不会。
【在 x*********n 的大作中提到】
: 不好意思,偷了个懒。我发包子答谢。
: interface FastEthernet0/0
: ip address 209.254.138.1 255.255.255.224 secondary
: ip address 10.16.67.1 255.255.255.0
: ip helper-address 10.16.64.20
: no ip redirects
: no ip proxy-arp
: ip nat inside--------------------------
: speed auto
: half-duplex
【在 x*********n 的大作中提到】
: 不好意思,偷了个懒。我发包子答谢。
: interface FastEthernet0/0
: ip address 209.254.138.1 255.255.255.224 secondary
: ip address 10.16.67.1 255.255.255.0
: ip helper-address 10.16.64.20
: no ip redirects
: no ip proxy-arp
: ip nat inside--------------------------
: speed auto
: half-duplex
l*4
12 楼
To bloooood, 我本科环境工程, 污水处理。 硕士水文。 发现没有什么position的
。
。
a*n
13 楼
what is not working?
the ip address 209.254.138.1 255.255.255.224 secondary
looks strange to me on the interface w/ ip nat inside
the ping will use the outgoing interface IP by default.
so if you ping 10.16.67.151, it will originate from fa0/0
primary IP. You can always specify the source int to be sure.
【在 x*********n 的大作中提到】
: 不好意思,偷了个懒。我发包子答谢。
: interface FastEthernet0/0
: ip address 209.254.138.1 255.255.255.224 secondary
: ip address 10.16.67.1 255.255.255.0
: ip helper-address 10.16.64.20
: no ip redirects
: no ip proxy-arp
: ip nat inside--------------------------
: speed auto
: half-duplex
the ip address 209.254.138.1 255.255.255.224 secondary
looks strange to me on the interface w/ ip nat inside
the ping will use the outgoing interface IP by default.
so if you ping 10.16.67.151, it will originate from fa0/0
primary IP. You can always specify the source int to be sure.
【在 x*********n 的大作中提到】
: 不好意思,偷了个懒。我发包子答谢。
: interface FastEthernet0/0
: ip address 209.254.138.1 255.255.255.224 secondary
: ip address 10.16.67.1 255.255.255.0
: ip helper-address 10.16.64.20
: no ip redirects
: no ip proxy-arp
: ip nat inside--------------------------
: speed auto
: half-duplex
l*4
14 楼
wawa,I think I have already submitted more than 100 right now.
one interview under the circumstance that I told them I will be in New York
during the time. Sign.
one interview under the circumstance that I told them I will be in New York
during the time. Sign.
x*n
15 楼
nothing is wrong,just copy from one customer site,and dont know it。
【在 a***n 的大作中提到】
: what is not working?
: the ip address 209.254.138.1 255.255.255.224 secondary
: looks strange to me on the interface w/ ip nat inside
: the ping will use the outgoing interface IP by default.
: so if you ping 10.16.67.151, it will originate from fa0/0
: primary IP. You can always specify the source int to be sure.
【在 a***n 的大作中提到】
: what is not working?
: the ip address 209.254.138.1 255.255.255.224 secondary
: looks strange to me on the interface w/ ip nat inside
: the ping will use the outgoing interface IP by default.
: so if you ping 10.16.67.151, it will originate from fa0/0
: primary IP. You can always specify the source int to be sure.
m*t
17 楼
i know little abot cisco router, but this line seems spooky, try removing it
access-list 101 deny ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny ip 10.16.67.0 0.0.0.255 10.0.0.0 0.255.255.255
l*4
18 楼
Microwave, the interview was a long time ago, and never heard back from them
again.
again.
x*n
19 楼
多谢,讲的很好,做了一下笔记。
【在 s*****g 的大作中提到】
: First line of NAT configuration(ip nat inside) is called PAT, it is mostly
: used for Internet access,i.e, flow can only be created when traffic is
: initiated from inside, second and third line are called static NAT, your
: client must have a TCP/UDP service running on port 1500 which can be
: accessible from Internet. When there is a overlapping of NAT rules, static
: translation rules take precedence.
: PAT will provide basic security, but static NAT does not.
【在 s*****g 的大作中提到】
: First line of NAT configuration(ip nat inside) is called PAT, it is mostly
: used for Internet access,i.e, flow can only be created when traffic is
: initiated from inside, second and third line are called static NAT, your
: client must have a TCP/UDP service running on port 1500 which can be
: accessible from Internet. When there is a overlapping of NAT rules, static
: translation rules take precedence.
: PAT will provide basic security, but static NAT does not.
B*d
20 楼
不要泄气。我的方向比你难找多了。想想你自己还是比很多人有优势的。
s*g
23 楼
It is a common configuration when you have public IPs in the LAN also. In this customer's case, their ISP link is
a /30, so they need extra public IPs for NAT, easiest way is to park the IP range in any up interface.
【在 a***n 的大作中提到】
: what is not working?
: the ip address 209.254.138.1 255.255.255.224 secondary
: looks strange to me on the interface w/ ip nat inside
: the ping will use the outgoing interface IP by default.
: so if you ping 10.16.67.151, it will originate from fa0/0
: primary IP. You can always specify the source int to be sure.
a /30, so they need extra public IPs for NAT, easiest way is to park the IP range in any up interface.
【在 a***n 的大作中提到】
: what is not working?
: the ip address 209.254.138.1 255.255.255.224 secondary
: looks strange to me on the interface w/ ip nat inside
: the ping will use the outgoing interface IP by default.
: so if you ping 10.16.67.151, it will originate from fa0/0
: primary IP. You can always specify the source int to be sure.
l*4
24 楼
Microwave, 你好歹也要署名恭喜谁好吧。我还以为恭喜我了。 好莫乱,怎么不能想
xiaonei里 回复谁这个功能了。
xiaonei里 回复谁这个功能了。
l*4
26 楼
Wawa, 你什么方向? 能分享一下经验么? 比如面试问题,还有工作什么公司?之类的
。谢谢啦。
。谢谢啦。
m*t
27 楼
hmmm, ACL should have nothing to do with NAT. but anyways I am almost cisco
CLI blind, lol
CLI blind, lol
l*4
28 楼
bloooooooooooood, 一起加油....
w*3
32 楼
air permitting/modeling/GHG
Interview questions are pretty straightforward:
why change job?
tell me about urself?
project management skill?
organization skill?
any achievement?
any questions?
I am going to an energy company in TX. more questions?
【在 l*****4 的大作中提到】
: Wawa, 你什么方向? 能分享一下经验么? 比如面试问题,还有工作什么公司?之类的
: 。谢谢啦。
m*t
33 楼
明白了,这里ACL 是个 source pool.
如果我有个ACL 给安全用的:
access-list 110 permit host 192.168.1.100 eq ftp-data any
把这个放到 ip nat rule 里会怎么死法?
如果我有个ACL 给安全用的:
access-list 110 permit host 192.168.1.100 eq ftp-data any
把这个放到 ip nat rule 里会怎么死法?
S*9
34 楼
给大家分享下你的回答思路也是很受欢迎的啊。
x*n
35 楼
nat里面有个功能是pool的,可以直接定义。
ACL不是global config,有direction,你得apply到interface下,才有用,和poliy-
map一样,不service-policy under interface,就是nothing。
access-map是global的,没有direction的,用了,直接就block了。
说错了还请大侠指正啊。
【在 m**t 的大作中提到】
: 明白了,这里ACL 是个 source pool.
: 如果我有个ACL 给安全用的:
: access-list 110 permit host 192.168.1.100 eq ftp-data any
: 把这个放到 ip nat rule 里会怎么死法?
ACL不是global config,有direction,你得apply到interface下,才有用,和poliy-
map一样,不service-policy under interface,就是nothing。
access-map是global的,没有direction的,用了,直接就block了。
说错了还请大侠指正啊。
【在 m**t 的大作中提到】
: 明白了,这里ACL 是个 source pool.
: 如果我有个ACL 给安全用的:
: access-list 110 permit host 192.168.1.100 eq ftp-data any
: 把这个放到 ip nat rule 里会怎么死法?
w*k
36 楼
祝贺Wawa。你有卡没?TX的能源公司最近基本不考虑没卡的申请人。
m*t
37 楼
看了juniper 也类似的设计. 就是各种RULE 和policy 在data plane 顺序或并行处理的问
题。 具体到ACCESS LIST, 有多种ACCESS LIST, 大概在CLI 有SYNTAX 检查,MATCH
OPTIONS 在不同CONTEXT 下有不同。 在DATA PLANE 都可以做到ASIC 或 NPU 里面,最好不
要太复杂。
【在 x*********n 的大作中提到】
: nat里面有个功能是pool的,可以直接定义。
: ACL不是global config,有direction,你得apply到interface下,才有用,和poliy-
: map一样,不service-policy under interface,就是nothing。
: access-map是global的,没有direction的,用了,直接就block了。
: 说错了还请大侠指正啊。
题。 具体到ACCESS LIST, 有多种ACCESS LIST, 大概在CLI 有SYNTAX 检查,MATCH
OPTIONS 在不同CONTEXT 下有不同。 在DATA PLANE 都可以做到ASIC 或 NPU 里面,最好不
要太复杂。
【在 x*********n 的大作中提到】
: nat里面有个功能是pool的,可以直接定义。
: ACL不是global config,有direction,你得apply到interface下,才有用,和poliy-
: map一样,不service-policy under interface,就是nothing。
: access-map是global的,没有direction的,用了,直接就block了。
: 说错了还请大侠指正啊。
w*3
38 楼
No GC but TN and got several years experience too.
Currently working for an oil company so switch to another one for better pay
.I am not familiar with US job market but got an impression, for entry level
, might have to pay more attention to consulting firms since they need
peoples with strong tech skills. Industry like oil companies look for
experienced peoples with management skills. Especially in air quality field
with oil companies, hard to see Chinese for this reason ( I guess ).
Regarding to interview questions,
my language skill is so so so no too much thoughts. Just follow the guidance
on the internet and customized it to fit my situation. I always answer
questions in this way:
2 or 3 sentences statement by following an example:
Situation,prepare report
Task,finish by deadline
Action, plan, data collection, calculation, report, review
Result, done.
Currently working for an oil company so switch to another one for better pay
.I am not familiar with US job market but got an impression, for entry level
, might have to pay more attention to consulting firms since they need
peoples with strong tech skills. Industry like oil companies look for
experienced peoples with management skills. Especially in air quality field
with oil companies, hard to see Chinese for this reason ( I guess ).
Regarding to interview questions,
my language skill is so so so no too much thoughts. Just follow the guidance
on the internet and customized it to fit my situation. I always answer
questions in this way:
2 or 3 sentences statement by following an example:
Situation,prepare report
Task,finish by deadline
Action, plan, data collection, calculation, report, review
Result, done.
l*4
39 楼
wawa, 你太厉害了。膜拜ing
l*4
40 楼
明天又是周一了。 害怕周一到周五。周末自己比较轻松一点, 因为就算没有结果的话
, 也是周末嘛。 负罪感少点。 不过weekdays压力就比较大了。 希望这周有点好消息
吧。 不然就要考虑归了。
, 也是周末嘛。 负罪感少点。 不过weekdays压力就比较大了。 希望这周有点好消息
吧。 不然就要考虑归了。
w*9
41 楼
我也和你情况差不多,我也是做水的。我在西部,你在什么地方?上次和CDM的人扯淡
,他们说东部和中部都好奇来了
,他们说东部和中部都好奇来了
l*4
42 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。
招人。
l*4
43 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
44 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 凭什么呀?
招人。 凭什么呀?
l*4
45 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
46 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
47 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
48 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
49 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
l*4
50 楼
wangjun7679, 我在南部。 CDM我投的简历, 都没有回信的。 搞的我都以为他们不
招人。 为什么呀为什么压
招人。 为什么呀为什么压
相关阅读
新能源方向的工作怎么样?讨论并且求助请教大牛们一个visio画图的问题 (转载)PE exam book for saleMaster+1.5 yr intern, where can I apply for PE test?CH2M Hill 最近有很多entry level 的职位贴出来复旦环境系副教授自白,八年留学如梦一场 回国才知何为“踏实”无题,,,请问比较有名的环境方面的journal 都有哪些?Job Opening: Ecolab Wastewater Scientist Position in Minnesota一个跟大气采样相关的contract-long term hire的工作机会,北卡地区环境咨询公司associate/senior associate算什么级别?2011 EWRI代人发一个招聘广告Sustainable design 在污水/水处理中的前景环境领域发现印度人势力好强大啊Seeking for a Senior Geomorphologist有谁知道CH2M_Hill年初在DENVER开的招聘会是怎么回事吗?问个找工作身份的问题EB1a I-140 通过(DIY)-环境工程 (转载)