思科1800路由配置

telnet 150.150.150.12

Username: adm
Password:
chanyeyuan1800#sh run
Building configuration...

Current configuration : 6603 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname chanyeyuan1800 //命名路由器
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model //停用AAA验证模式
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.17.0.0 172.17.120.255 // DHCP排除地址
ip dhcp excluded-address 172.17.150.0 172.17.255.255 //DHCP排除地址
!
!
ip domain name //配置路由器所属域名
ip name-server 172.16.0.10 //添加DNS服务器
ip name-server 172.16.0.3 //添加DNS服务器
!
username adm privilege 15 secret 5 $1$KCmJ$OrWgQEYSaiZ9iu0ATycBd1 //配置管理用户
!
!
class-map match-any SDMScave-FastEthernet0/1
match protocol napster
match protocol fasttrack
match protocol gnutella
class-map match-any SDMTrans-FastEthernet0/1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMVoice-FastEthernet0/1
match protocol rtp audio
class-map match-any SDMSVideo-FastEthernet0/1
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
class-map match-any SDMIVideo-FastEthernet0/1
match protocol rtp video
class-map match-any SDMManage-FastEthernet0/1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMRout-FastEthernet0/1
match protocol bgp
match protocol egp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMSignal-FastEthernet0/1
match protocol h323
match protocol rtcp
class-map match-any SDMBulk-FastEthernet0/1
match protocol exchange
match protocol ftp
match protocol irc
match protocol nntp
match protocol pop3
match protocol printer
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
!
!
policy-map SDM-Pol-FastEthernet0/1
class SDMManage-FastEthernet0/1
bandwidth remaining percent 8
set dscp cs2
class SDMVoice-FastEthernet0/1
priority percent 24
set dscp ef
class SDMRout-FastEthernet0/1
bandwidth remaining percent 8
set dscp cs6
class SDMTrans-FastEthernet0/1
set dscp af21

priority percent 50
class SDMSignal-FastEthernet0/1
bandwidth remaining percent 1
set dscp cs3
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
ip address 150.150.150.12 255.255.255.0
ip directed-broadcast
ip flow ingress
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 172.17.1.240 255.255.255.0
ip access-group 102 out //使用ACL102过滤该端口出流量
ip nbar protocol-discovery
duplex auto
speed auto
service-policy output SDM-Pol-FastEthernet0/1
!
router ospf 81 //启用OSPF路由 81
log-adjacency-changes //启用路由协议邻接关系变化日志
network 150.150.150.0 0.0.0.255 area 0
network 172.17.1.0 0.0.0.255 area 0
network 172.17.0.0 0.0.255.255 area 0
!
ip classless //缺省IP默认路由
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 0.0.0.0 0.0.0.0 172.17.1.254 //添加默认路由
ip route 172.16.0.0 255.255.0.0 150.150.150.11 //添加静态路由
ip route 192.168.16.0 255.255.255.0 150.150.150.11 //添加静态路由
ip flow-top-talkers
top 5
sort-by bytes
!
ip http server //启用WEB管理
ip http authentication local //web管理验证采用本地认证
ip http timeout-policy idle 60 life 86400 requests 10000 //WE管理空闲时间60秒
!
logging 172.17.0.33 //日志服务器
access-list 101 permit ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.8.25
access-list 101 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.
access-list 101 permit ip any any
access-list 102 deny ip 172.16.16.0 0.0.0.255 172.17.4.0 0.0.0.255
access-list 102 deny udp 172.16.16.0 0.0.0.255 172.17.4.0 0.0.0.255
access-list 102 deny tcp 172.16.16.0 0.0.0.255 172.17.4.0 0.0.0.255
access-list 102 deny ip 172.16.16.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 deny tcp 172.16.16.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 deny udp 172.16.16.0 0.0.0.255 192.168.17.0 0.0.0.2
access-list 102 deny tcp 172.16.16.0 0.0.0.255 192.168.17.0 0.0.0.2
access-list 102 deny ip 172.16.16.0 0.0.0.255 192.168.27.0 0.0.0.25
access-list 102 deny tcp 172.16.16.0 0.0.0.255 192.168.27.0 0.0.0.2
access-list 102 deny udp 172.16.16.0 0.0.0.255 192.168.27.0 0.0.0.2
access-list 102 deny ip 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.25
access-list 102 deny tcp 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.2
access-list 102 deny udp 172.16.16.0 0.0.0.255 192.168.16.0 0.0.0.2
access-list 102 deny ip 172.16.99.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 deny tcp 172.16.99.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 deny udp 172.16.99.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 permit ip 172.16.0.0 0.0.255.255 any
access-list 102 permit tcp 172.16.0.0 0.0.255.255 any
access-list 102 permit udp 172.16.0.0 0.0.255.255 any
access-list 102 permit icmp 172.16.0.0 0.0.255.255 any
access-list 102 permit igmp 172

.16.0.0 0.0.255.255 any
access-list 102 deny ip 192.168.16.0 0.0.0.255 172.17.8.0 0.0.0.255
access-list 102 deny tcp 192.168.16.0 0.0.0.255 172.17.8.0 0.0.0.25
access-list 102 deny udp 192.168.16.0 0.0.0.255 172.17.8.0 0.0.0.25
access-list 102 deny ip 192.168.16.0 0.0.0.255 172.17.9.0 0.0.0.255
access-list 102 deny tcp 192.168.16.0 0.0.0.255 172.17.9.0 0.0.0.25
access-list 102 deny udp 192.168.16.0 0.0.0.255 172.17.9.0 0.0.0.25
access-list 102 permit tcp 192.168.16.0 0.0.0.255 any
access-list 102 permit udp 192.168.16.0 0.0.0.255 any
access-list 102 permit ip 192.168.16.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 102 deny tcp any any
access-list 102 deny udp any any
access-list 120 permit tcp any any eq telnet
access-list 120 permit tcp any any eq www
access-list 120 permit tcp any any eq 1521
access-list 120 permit tcp any any eq 139
access-list 120 permit tcp any any eq 135
access-list 120 permit tcp any any eq 137
access-list 120 permit tcp any any log
access-list 120 permit udp any any
access-list 120 permit icmp any any
snmp-server community haigenet RO
snmp-server community haigenetwork RW
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password lt@9117
login local
transport input telnet
line vty 5 15
privilege level 15
password lt@9117
login local
transport input telnet
!
end