思科网络典型配置案例集锦
2900XL VLAN config??
--------------------------------------------------------------------------------
Switch# vlan database
Switch(vlan)# vtp domain domain-name
Switch(vlan)# vtp domain domain-name password password-value
Switch(vlan)# vtp server
Switch(vlan)# show vtp status
若想Disable VTP,只须将VTP模式改为transparent
即Switch(vlan)# vtp transparent
2. 激活VTP V2(交换机默认的是VTP V1)。
Switch# vlan database
Switch(vlan)# vtp v2-mode
Switch# show vtp status
3. 增加VLAN。Catalyst 2900XL系列交换机最大支持64个激活的VLAN,
VLAN ID 号从1-1005。
Switch# vlan database
Switch(vlan)# vlan vlan-id name vlan-name
Switch# show vlan name vlan-name
Switch(vlan)# no vlan vlan-id //删除VLAN
4. 将端口加入VLAN。
Switch# configure terminal
Switch(config)# interface interface
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan vlan-id
Switch(config-if)# show interface interface-id switchport
5. 配置trunk 端口。
Switch# configure terminal
Switch(config)# interface interface
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation isl
Switch(config-if)# end
Switch# show interface interface switchport
Switch# copy running-config startup-config
6. 配置trunk 上允许的VLAN。
Switch(config)# interface interface
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan remove vlan-id-range
Switch(config-if)# switchport trunk allowed vlan add vlan-id-range
Switch(config-if)# end
Switch# show interface interface switchport allowed-vlan
若想取消trunk端口,只需
Switch(config-if)# no switchport mode
7. 使用STP实现负载。
实现负载分担有两种方法:
1) 使用端口优先级。
配置:
Switch_1(config-if)# interface fa0/1
Switch_1(config-if)# spanning-tree vlan 8 9 10 port-priority 10
Switch_1(config)# interface fa0/2
Switch_1(config-if)# spanning-tree vlan 3 4 5 6 port-priority 10
2) 使用路径值。例如:
Switch_1(config)# interface fa0/1
Switch_1(config-if)# spanning-tree vlan 2 3 4 cost 30
Switch_1(config)# interface fa0/2
Switch_1(config-if)# spanning-tree vlan 8 9 10 cost 30
-----------------------------------
Cisco HSRP的配置
-----------------
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
enable password cisco
!
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 136.147.107.101 255.255.0.0
no ip redirects
no ip directed-broadcast
standby 150 timers 5 15? ?/* 定义150组5秒交换一次hello信息,15秒没收到
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ? hello信息就开始切换 */
standby 150 priority 110 /* 定义150组的主路由器权值,值越大,为主路由
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?器希望越大 */
standby 150 preempt /* enable 150组的hsrp抢占功能 */
standby 150 authentication cisco??/* 设置150组的router身份验证串 */
standby 150 ip 136.147.107.100 /* 定义150组的浮动地址,也是这台router
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ? 连接的网络的网关 */
standby 150 track Ethernet0 /* 定义监控的端口 */
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
ip classless
!
!
line con 0
transport input none
line 1 16
line aux 0
line vty 0 4
password cisco
login
!
end
-----------------------------------
ISDN 拨号备份
最近我在调试一个网络,该网络使用一对二方式.
其中一个远端A与Internet互连,中心点与另外一个远端B
通过该远端A连入Internet. 并且三点之间内部互通.
现三地之间用三台Cisco互连,能正常工作.
但是现需要备份中心点与两个远端之间的通信线路.
计划采用ISDN拨号备份.
-----------------------------------------------------------
Sample Configuration for C2503
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
dialer hold-queue 5
dialer load-threshold 100
dialer-group 1
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
ppp authentication chap
!
router igrp 1
network 172.16.0.0
!
ip route 192.168.24.0 255.255.255.0 172.16.20.2
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C2503 Configuration
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco
The username "C4000" is the hostname of the remote router and is used
by the dialer map command below. The username is case sensitive and mu
st match the remote router's hostname exactly.
The password, which is used by the CHAP authentication process, is cas
e sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco i
s shown in this sample configuration. In the actual configuration, the
password would appear in its encrypted form: 7 13061E010803, where 7
denotes the encryption type and 13061E010803 is the encrypted form of
the password cisco. When entering or making changes to the username co
mmand, always type the password in its unencrypted form and do not ent
er the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you chang
e the switch-type, you must reload the router for the new switch type
to take effect.
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use o
f CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you confi
gured your dialer map statements with the speed 56 option, you should
include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It se
ts the correct reference point for the BRI port's show interface stati
stics, for the dialer load-threshold command, and for IGRP/EIGRP routi
ng metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remai
n open if no interesting traffic is being routed. The timer is reset e
ach time an interesting packet is forwarded.
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
The dialer map command is used with CHAP authentication to place the i
nitial call to the remote router when interesting traffic is forwarded
to the BRI interface. Once the connection is active, the dialer idle-
timeout command determines how long it will remain active. A dialer ma
p statement is required for each ISDN phone number that will be called
. Be aware though, that two dialer map statements pointing to the same
location might activate both B channels when you may only want to use
one channel.
Note: The command parameters for this example are:
172.16.20.2 = the IP address of the remote router's BRI interface. To
determine this address, type show interface bri 0 at the remote router
's console prompt.
name C4000 = the hostname of the remote router. The name is case sensi
tive and should match the name configured for the username command abo
ve.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not
64k end-to-end, and should be included in both routers' dialer map st
atements. Most installations in North America must be configured for 5
6K.
broadcast = allows the forwarding of broadcast packets. Unless broadca
st packets are specified as interesting packets by the dialer-list com
mand, they will only be forwarded when the ISDN link is active.
14155551234
14155556789 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN co
nnection is established. In this example, five interesting packets wil
l be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the m
aximum load before the dialer places another call through the second B
channel. The load is the calculated weighted average load value for t
he interface, where 1 is unloaded and 255 is fully loaded. The actual
load value you should configure depends on the characteristics of your
particular network. In this example, the second B channel will be act
ivated when the load reaches 39% of maximum utilization, which is 100
divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interf
ace, which determines which packets will be interesting and activate t
he ISDN connection.
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
ip route 192.168.24.0 255.255.255.0 172.16.20.2
This IP route command creates a static route to the remote router's ne
twork via the remote router's BRI interface. This is required because
dynamic routes are lost when the ISDN link is down.
Note: The command parameters for this example are:
192.168.24.0 = the target network.
255.255.255.0 = the target network mask. A 255 in an octet's position
specifies an exact match for that octet is required, and a 0 in an oct
et's position specifies any value will match.
172.16.20.2 = the address of the next hop that can be used to reach th
e target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
This access list determines which IP packets will be interesting and a
ctivate the ISDN link. The access-list you should create depends on yo
ur particular network design.
Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0255.255.255.2
55
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP pack
ets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Sample Configuration for C4000
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
dialer hold-queue 5
dialer load-threshold 100
dialer-group 1
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
ppp authentication chap
!
router igrp 1
network 172.16.0.0
network 192.168.24.0
!
ip route 172.16.10.0 255.255.255.0 172.16.20.1
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C4000 Configuration
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco
The username "C2503" is the hostname of the remote router and is used
by the dialer map command below. The username is case sensitive and mu
st match the remote router's hostname exactly.
The password, which is used by the CHAP authentication process, is cas
e sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco i
s shown in this sample configuration. In the actual configuration, the
password would appear in its encrypted form: 7 13061E010803, where 7
denotes the encryption type and 13061E010803 is the encrypted form of
the password cisco. When entering or making changes to the username co
mmand, always type the password in its unencrypted form and do not ent
er the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you chang
e the switch-type you must reload the router for the new switch type t
o take effect.
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use o
f CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you confi
gured your dialer map statements with the speed 56 option, you should
include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It se
ts the correct reference point for the BRI port's show interface stati
stics, for the dialer load-threshold command, and for IGRP/EIGRP routi
ng metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remai
n open if no interesting traffic is being routed. The timer is reset e
ach time an interesting packet is forwarded.
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
The dialer map command is used with CHAP authentication to place the i
nitial call to the remote router when interesting traffic is forwarded
to the BRI interface. After the connection is active, the dialer idle
-timeout command determines how long it will remain active. A dialer m
ap statement is required for each ISDN phone number that will be calle
d. Be aware though, that two dialer map statements pointing to the sam
e location might activate both B channels when you may only want to us
e one channel.
Note: The command parameters for this example are:
172.16.20.1 = the IP address of the remote router's BRI interface. To
determine this address, type show interface bri 0 at the remote router
's console prompt.
name C2503 = the hostname of the remote router. The name is case sensi
tive and should match the name configured for the username command abo
ve.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not
64k end-to-end, and should be included in both routers' dialer map st
atements. Most installations in North America must be configured for 5
6K.
broadcast = allows the forwarding of broadcast packets. Unless broadca
st packets are specified as interesting packets by the dialer-list com
mand, they will only be forwarded when the ISDN link is active.
14085554321
14085559876 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN co
nnection is established. In this example, five interesting packets wil
l be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the m
aximum load before the dialer places another call through the second B
channel. The load is the calculated weighted average load value for t
he interface, where 1 is unloaded and 255 is fully loaded. The actual
load value you should configure depends on the characteristics of your
particular network. In this example, the second B channel will be act
ivated when the load reaches 39% of maximum utilization, which is 100
divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interf
ace, which determines which packets will be interesting and activate t
he ISDN connection.
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
network 192.168.24.0
ip route 172.16.10.0 255.255.255.0 172.16.20.1
This ip route command creates a static route to the remote router's ne
twork via the remote router's BRI interface. This is required because
dynamic routes are lost when the ISDN link is down.
Note: The command parameters for this example are:
172.16.0.0 = the target network.
255.255.0.0 = the target network mask. A 255 in an octet's position sp
ecifies an exact match for that octet is required, and a 0 in an octet
's position specifies any value will match.
172.16.20.1 = the address of the next hop that can be used to reach th
e target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
This access list determines which IP packets will be interesting and a
ctivate the ISDN link. The access-list you should create depends on yo
ur particular network design.
Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP pack
ets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
---
备份的话,用静态路由足矣!下面是我公司在北京的工程配置:Current config
uration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname feihua
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.0.1 255.255.255.0
!
!
interface Serial0
backup delay 5 30
backup interface BRI0
ip address 10.10.10.1 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.2 name jianhua1 broadcast 86521075
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.1.0 255.255.255.0 10.10.10.2
ip route 10.10.1.0 255.255.255.0 10.10.20.2
ip route 10.10.2.0 255.255.255.0 10.10.10.2
ip route 10.10.2.0 255.255.255.0 10.10.20.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
被叫端的配置:(建国门广发证券)
urrent configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname jianhua1
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.1.1 255.255.255.0
!
!
interface Serial0
ip address 10.10.10.2 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.2 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.1 name feihua broadcast
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.0.0 255.255.255.0 10.10.10.1
ip route 10.10.0.0 255.255.255.0 10.10.20.1
ip route 10.10.2.0 255.255.255.0 10.10.1.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
------------------------
16AM配置
----------
设置16口Modem拨号模块,使用内部DHCP服务为拨入用户分配地址
Cisco2620(config)#interface Group-Async1
Cisco2620(config-if)# ip unnumbered FastEthernet0/0
Cisco2620(config-if)# encapsulation ppp
Cisco2620(config-if)# ip tcp header-compression passive:启用被动IP包头压缩
Cisco2620(config-if)# async mode dedicated:只在异步模式下工作
Cisco2620(config-if)# peer default ip address dhcp:将IP地址请求转发至DHCP服务器
Cisco2620(config-if)# ppp authentication chap:将认证设为CHAP
Cisco2620(config-if)# group-range 33 48:拨号组包括16个口
Cisco的16AM模块提供了高密度的模拟电路接入方式,不在办公大楼的员工可以用Modem拨号联入局域网、登录服务器,实现远程办公。
peer default ip address dhcp命令可以使拨入的工作站通过局域网内的DHCP服务器动态地获得IP地址,节约了IP地址资源,同时还接收了在DHCP服务器上配置的参数,比如DNS服务器的IP地址,并配合全局模式下配置的指向防火墙的静态路由,使工作站同时也可以通过防火墙访问Internet。
Cisco2620(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.4:设置到防火墙的静态路由
(5) 对16AM模块物理特性的设置
Cisco2620(config)#line 33 48: 进入Modem 口线模式
Cisco2620(config-line)# session-timeout 30:超时设为30分钟
Cisco2620(config-line)# autoselect during-login:自动登录
Cisco2620(config-line)# autoselect ppp:自动选择PPP协议
Cisco2620(config-line)# login local:允许本地口令检查
Cisco2620(config-line)# modem InOut:允许拨入拨出
Cisco2620(config-line)# transport input all:指定传输协议
Cisco2620(config-line)# stopbits 1:设置一位停止位
Cisco2620(config-line)# flowcontrol hardware:设置硬件流控制
(6) 添加拨号用户的用户名和密码
Cisco2620(config)#username shixuegang password abc123:增加用户名shixuegang,口令为abc123
-------------------------
一个voip的配置
Building configuration...
Current configuration : 10640 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ahu_router
!
boot system slot0:aaa0202.bin
logging rate-limit console 10 except errors
enable secret 5??
enable password 7??
!
username hfe_router password 7??
username whu_router password 7??
username aqi_router password 7??
username bbu_router password 7??
username czh_router password 7??
username xch_router password 7??
username chu_router password 7??
username hbe_router password 7??
username mas_router password 7??
username txi_router password 7??
username lan_router password 7??
username chz_router password 7??
username szh_router password 7??
username fya_router password 7??
username tli_router password 7??
username bzh_router password 7??
username hna_router password 7??
username swe_router password 7??
username zji_router password 7??
username tester password 7??
username shsh password 7??
username test password 7??
username hwh password 0??
voice-card 2
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip host hbsy.domain 10.184.80.10
ip name-server 10.184.80.10
!
isdn voice-call-failure 0
chat-script default "" "ATDT\T" TIMEOUT 60 CONNECT \c
call rsvp-sync
!
!
!
!
!
!
!
controller E1 2/0
framing NO-CRC4
ds0-group 1 timeslots 1-15,17-31 type r2-digital r2-compelled ani
cas-custom 1
unused-abcd 0 1 1 1
country china use-defaults
answer-signal group-b 1
!
controller E1 3/0
channel-group 0 timeslots 1
channel-group 1 timeslots 2
channel-group 2 timeslots 3
channel-group 3 timeslots 4
channel-group 4 timeslots 5
channel-group 5 timeslots 6
channel-group 6 timeslots 7
channel-group 7 timeslots 8
channel-group 8 timeslots 9
channel-group 9 timeslots 10
channel-group 10 timeslots 11
channel-group 11 timeslots 12
channel-group 12 timeslots 13
channel-group 13 timeslots 14
channel-group 14 timeslots 15
channel-group 15 timeslots 16
!
!
interface Ethernet0/0
ip address 10.184.1.2 255.255.255.0
half-duplex
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Serial3/0:0
ip address 10.184.252.5 255.255.255.252
fair-queue 64 256 0
!
interface Serial3/0:1
description ppp channel 1_anqing
ip address 10.184.252.9 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:2
description ppp channel 2_bengbu
ip address 10.184.252.13 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:3
description ppp channel 3_chizhou
ip address 10.184.252.17 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:4
description ppp channel 4_xuancheng
ip address 10.184.252.21 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:5
description ppp channel 5_caohu
ip address 10.184.252.25 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:6
description ppp channel 6_huaibei
bandwidth 128
ip address 10.184.252.29 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:7
description ppp channel 7_maanshan
ip address 10.184.252.33 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:8
description ppp channel 8_huangshan
ip address 10.184.252.37 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:9
description ppp channel 9_liuan
ip address 10.184.252.41 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:10
description ppp channel 10_chuzhou
ip address 10.184.252.45 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:11
description ppp channel 11_suzhou
ip address 10.184.252.49 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:12
description ppp channel 12_fuyang
ip address 10.184.252.53 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:13
description ppp channel 13_tongling
ip address 10.184.252.57 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:14
description ppp channel 14_bozhou
ip address 10.184.252.61 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:15
description ppp channel 15_huainan
ip address 10.184.252.65 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Async39
ip address 10.2.1.19 255.255.255.192
encapsulation ppp
dialer in-band
dialer map ip 10.2.1.1 name shsh 01064998899
dialer map ip 10.184.1.40 name test 2867839
dialer map ip 10.184.1.252 name hwh 2867639
dialer hold-queue 10
dialer-group 1
async dynamic routing
async mode dedicated
pulse-time 3
ppp authentication chap
!
interface Async40
ip unnumbered Ethernet0/0
encapsulation ppp
async mode dedicated
peer default ip address 10.184.1.254
ppp authentication chap
!
interface Group-Async1
no ip address
dialer in-band
dialer rotary-group 1
async default routing
async dynamic routing
async mode dedicated
fair-queue 64 16 0
group-range 33 38
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
ip address 10.184.254.225 255.255.255.224
encapsulation ppp
dialer in-band
dialer map ip 10.184.254.226 name hfe_router
dialer map ip 10.184.254.227 name whu_router
dialer map ip 10.184.254.228 name aqi_router
dialer map ip 10.184.254.229 name bbu_router
dialer map ip 10.184.254.230 name czh_router
dialer map ip 10.184.254.231 name xch_router
dialer map ip 10.184.254.232 name chu_router
dialer map ip 10.184.254.233 name hbe_router
dialer map ip 10.184.254.234 name mas_router
dialer map ip 10.184.254.235 name txi_router
dialer map ip 10.184.254.236 name lan_router
dialer map ip 10.184.254.237 name chz_router
dialer map ip 10.184.254.238 name szh_router
dialer map ip 10.184.254.239 name fya_router
dialer map ip 10.184.254.240 name tli_router
dialer map ip 10.184.254.241 name bzh_router
dialer map ip 10.184.254.242 name hna_router
dialer-group 1
pulse-time 3
no cdp enable
ppp authentication chap
!
router rip
version 2
redistribute connected
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.184.1.30
ip route 10.0.0.0 255.0.0.0 10.184.1.1
ip route 10.184.10.0 255.255.255.0 10.184.254.226 150
ip route 10.184.20.0 255.255.255.0 10.184.254.227 150
ip route 10.184.30.0 255.255.255.0 10.184.254.228 150
ip route 10.184.40.0 255.255.255.0 10.184.254.229 150
ip route 10.184.50.0 255.255.255.0 10.184.254.230 150
ip route 10.184.60.0 255.255.255.0 10.184.254.231 150
ip route 10.184.70.0 255.255.255.0 10.184.254.232 150
ip route 10.184.80.0 255.255.255.0 10.184.254.233 150
ip route 10.184.90.0 255.255.255.0 10.184.254.234 150
ip route 10.184.100.0 255.255.255.0 10.184.254.235 150
ip route 10.184.110.0 255.255.255.0 10.184.254.236 150
ip route 10.184.120.0 255.255.255.0 10.184.254.237 150
ip route 10.184.130.0 255.255.255.0 10.184.254.238 150
ip route 10.184.140.0 255.255.255.0 10.184.254.239 150
ip route 10.184.150.0 255.255.255.0 10.184.254.240 150
ip route 10.184.160.0 255.255.255.0 10.184.254.241 150
ip route 10.184.170.0 255.255.255.0 10.184.254.242 150
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server engineID local 000000090200003019237741
snmp-server community??RO
!
voice-port 2/0:1
timeouts interdigit 3
!
dial-peer cor custom
!
!
!
dial-peer voice 1 pots
answer-address +51
destination-pattern 51....
direct-inward-dial
port 2/0:1
!
dial-peer voice 14 voip
answer-address +64
destination-pattern +64
session target ipv4:10.184.110.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 15 voip
answer-address +65
destination-pattern +65
session target ipv4:10.184.70.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 2 voip
answer-address +52
destination-pattern +52
session target ipv4:10.184.40.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 3 voip
answer-address +53
destination-pattern +53
session target ipv4:10.184.20.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 4 voip
answer-address +54
destination-pattern +54
session target ipv4:10.184.170.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 5 voip
answer-address +55
destination-pattern +55
session target ipv4:10.184.90.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 6 voip
answer-address +56
destination-pattern +56
session target ipv4:10.184.30.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 7 voip
answer-address +57
destination-pattern +57
session target ipv4:10.184.130.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 8 voip
answer-address +58
destination-pattern +58
session target ipv4:10.184.140.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 9 voip
answer-address +59
destination-pattern +59
session target ipv4:10.184.100.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 10 voip
answer-address +50
destination-pattern +50
session target ipv4:10.184.120.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 11 voip
answer-address +61
destination-pattern +61
session target ipv4:10.184.80.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 12 voip
answer-address +62
destination-pattern +62
session target ipv4:10.184.150.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 13 voip
answer-address +63
destination-pattern +63
session target ipv4:10.184.60.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 16 voip
answer-address +66
destination-pattern +66
session target ipv4:10.184.50.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 17 voip
answer-address +60
destination-pattern +60
session target ipv4:10.184.160.2
codec g729r8 pre-ietf
ip precedence 5
!
!
line con 0
transport input none
line 33 39
no exec
script dialer default
login local
modem InOut
modem autoconfigure discovery
rotary 1
transport input all
stopbits 1
flowcontrol hardware
line 40
login local
modem InOut
modem autoconfigure discovery
transport input all
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7??
login
!
end
----------------------------------
Cisco PIX防火墙的安装流程
1. 将PIX安放至机架,经检测电源系统后接上电源,并加电主机。
2. 将CONSOLE口连接到PC的串口上,运行HyperTerminal程序从CONSOLE口进入
PIX系统;此时系统提示pixfirewall>。
3. 输入命令:enable,进入特权模式,此时系统提示为pixfirewall#。
4. 输入命令: configure terminal,对系统进行初始化设置。
5. 配置以太口参数:
interface ethernet0 auto (auto选项表明系统自适应网卡类型 )
interface ethernet1 auto
6. 配置内外网卡的IP地址:
ip address inside ip_address netmask
ip address outside ip_address netmask
7. 指定外部地址范围:
global 1 ip_address-ip_address
8. 指定要进行要转换的内部地址:
nat 1 ip_address netmask
9. 设置指向内部网和外部网的缺省路由
route inside 0 0 inside_default_router_ip_address
route outside 0 0 outside_default_router_ip_address
10. 配置静态IP地址对映:
static outside ip_address inside ip_address
11. 设置某些控制选项:
conduit global_ip port[-port] protocol foreign_ip [netmask]
global_ip 指的是要控制的地址
port 指的是所作用的端口,其中0代表所有端口
protocol 指的是连接协议,比如:TCP、UDP等
foreign_ip 表示可访问global_ip的外部ip,其中表示所有的ip。
12. 设置telnet选项:
telnet local_ip [netmask]
local_ip 表示被允许通过telnet访问到pix的ip地址(如果不设此项,
PIX的配
置只能由consle方式进行)。
13. 将配置保存:
wr mem
14. 几个常用的网络测试命令:
#ping
#show interface 查看端口状态
#show static 查看静态地址映射
