神州数码路由交换配置命令(全)
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
路由 ssh aaa authentication login ssh local aaa authentication enable default enable enable password 0 123456 username
admin password 0 123456 ip sshd enable ip sshd auth-method
ssh ip sshd auth-retries 5 ip sshd timeout 60 TELNET
R1_config#aaa authentication login default local R1_config#aaa
authentication enable default enable R1_config#enable password
0 ruijie R1_config#line vty 0 4 R1_config_line#login
authentication default R1_config_line#password 0 cisco 方法2,
不需要经过3A认证R1_config#aaa authentication login default none R1_config#aaa authentication enable default enable R1_config#enable password 0 cisco R1_config#line vty 0 4 R1_config_line#login authentication default CHAP认证单向认证,密码可以不一致 R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp R2_config_s0/2#ppp authentication chap test R2_config_s0/2#ppp chap hostname R1 R1_config#aaa authentication ppp test local R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp R1_config_s0/1#ppp authentication chap test R1_config_s0/1#ppp chap hostname R2 pap认证双向认证,密码要求一致R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp R2_config_s0/2#ppp
authentication pap test R2_config_s0/2#ppp pap sent-username
R1 password 123456 R1_config#aaa authentication ppp test local
R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp R1_config_s0/1#ppp authentication pap test
R1_config_s0/1#ppp pap sent-username R2 password 123456 FR Router-A_config_s1/1#encapsulation frame-relay !封装帧
中继协议 Router-A_config_s1/1#frame-relay local-dlci 17 !设
置本地DLCI 号Router-A_config_s1/1# frame-relay intf-type dce !配置 FR的 DCE Router-A_config_s1/1# frame-relay map 192.168.1.2 pvc 17 broadcast !配置DLCI 与对端IP的映射Vrrp Int g0/4 vrrp 1 associate 192.168.20.254 255.255.255.0 vrrp 1 priority 120 设置优先级,为主 vrrp 1 preempt 开启抢
占 vrrp 1 track interface Serial0/1 30 追踪上行接口,防止上行
接口DOWN了,自动降低优先级Int g0/6 vrrp 1 associate 192.168.20.254 255.255.255.0 vrrp 1 priority 100 设置优先级,
为备,默认为100 vrrp 1 preempt 开启抢占vrrp 1 track interface Serial0/2 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级RIP 验证,只有V2支持验证interface Serial0/2 接口起验证和配密码 ip rip authentication simple ip
rip password 123456
RIP改单播 router rip nei 192.168.1.1 RIP定时器 router rip timers update 10 更新时间 timers exipire 30 失效时间 timers
hosddown 50 抑制时间ospf router os 1 net 192.168.1.0 255.255.255.0 ar 0 不能写32位掩码 OSPF 虚链路 ROUTER OS
2 进程起用AR 1 VI 2.2.2.2 对方ROUTER-ID OSPF 汇总
ROUTER OS 2 进程起用 ar 0 range 192.168.0.0 255.255.252.0
OSPF 验证 ROUTER OS 2 明文 AR 0 AUTHEN SP 进程给需要
验证的区域启用验证 INT S0/1 IP OS passw 123456 接口配置密码密文 router os 2 ar 0 authen me int s0/1 ip os me 1 md5 123456 bgp router bgp 100 no synchronization bgp全互联必须要关闭同步检查 nei 192.168.12.1 remot 200 与AS外部路由建立邻居 nei 2.2.2.2 remot 100 与AS内部路由建立邻居
nei 2.2.2.2 up lo0 改更新接口为环回接口 nei 2.2.2.2 next-
hop-self 改下一跳为自己 net 2.2.2.0 通告路由表里面
有的路由ACL 路由上面的ACL要写子网掩码,不能写反掩码!!!!!基于时间的ACL time-range acl 定义一个时间范围periodic weekdays 09:00 to 12:00 periodic weekdays 14:00 to 17:00 IP access-list extended time 写一个基于时间的acl,调用时间段 deny ip 192.168.10.0 255.255.255.0 any time-range acl permit ip any any int g0/4 应用到接口 ip access-group time in int g0/6 ip access-group time in 静态NAT ip route 0.0.0.0 0.0.0.0 192.168.12.2 ip nat inside source static 192.168.10.10 192.168.12.1 int g0/6 ip nat in ints0/1 ip nat out NAPT ip