神州数码路由器配置命令
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
神州数码路由器配置命令
端口基本配置
•interface serial 1/0
–encapsulation hdlc
–ip address 192.168.10.1 255.255.255.252
–physical-layer speed 2048000
–!
PAP认证配置(双向认证)
•DCR-1配置:
•interface s0/1
–encapsulate ppp
–ip add 192.168.10.1 255.255.0.0
–ppp authentication pap
–ppp pap user routerA aaa
–physical-layer speed 2048000
•username routerB password bbb
•DCR-2配置:
•username routerA password aaa
•interface s0/1
–encapsulate ppp
–ip add 192.168.10.2 255.255.0.0
–ppp authentication pap
–ppp pap user routerB bbb
CHAP协议配置
•DCR-1配置:
•username digitalchina2 password legend
•interface Serial1/0
–encapsulation ppp
–ppp authentication chap
–ppp chap hostname digitalchina1
–PPP chap password legend
–ip address 192.168.10.1 255.255.255.252
–physical-layer speed 2048000
•DCR-2配置:
•username digitalchina1 password legend
•interface Serial1/0 encapsulation ppp
–ppp authentication chap
–ppp chap hostname digitalchina2
–PPP chap password legend
–ip address 192.168.10.2 255.255.255.252
RIP协议配置
•DCR-1(config)#router rip
–DCR-1(router-rip)#network 192.200.10.4 255.255.255.252
–DCR-1(router-rip)#version 2
–DCR-1(router-rip)#redistribute connect
OSPF协议配置
•router ospf 1
–network 192.200.10.4 255.255.255.252 area 0
–redistribute connect
NAT配置
如上图所示,公司申请了一个合法的IP地址,公司局域网用户使用一个IP地址连接入internet
•interface fastethernet 0/0
–ip address 192.168.1.1 255.255.255.0
–ip nat inside
•interface serial 1/0
–encapsulation ppp
–ip address 61.1.1.1 255.255.255.252
–ppp pap sent-username 169 169
–ip nat outside
•ip access-list standard test1
–permit any
•ip nat inside source list test1 interface serial 1/0
•ip route default serial 1/0
IPSEC的配置
crypto ipsec transform-set test1 -------------------------------------------设置变换集合transform-type ah-md5-hmac esp-des
ip access-list extended ipsec -------------------------------------------设置要保护的数据permit ip 3.3.3.0 255.255.255.0 2.2.2.0 255.255.255.0
set transform-set test1 ----------------- ----------------- -------- ---------------运用变换集合test1 match address ipsec -------------------------指定所要保护的IP数据
●配置SSH Server,允许可以通过SSH远程管理设备,并使用AAA本地验证。SSH配置
•Router (Config)#ssh-user test password 0 test
•Router (Config)#ssh-server enable
使用AAA配置本地登录验证
Router (Config)#aaa authentication login default local
Router (Config)#line vty 0 4
Router (Config-line)#login auth default
Router (Config)#username test pass test 设置本地验证的用户名和密码
●访问控制功能的设置
Router (Config)#Time-range aaa
Router (Config)#Periodic weekdays 9 to 18
Access-list 100 permit tcp 192.168.11.0 0.0.0.255 any time-range aaa
Access-list 100 permit tcp 192.168.12.0 0.0.0.255 any time-range aaa
Access-list 100 permit tcp 192.168.13.0 0.0.0.255 any time-range aaa
Access-list 100 permit tcp 192.168.14.0 0.0.0.255 any
Int f0/0
Ip access-group 100 in