Switch# vlan database
Switch(vlan)# vtp domain domain-name
Switch(vlan)# vtp domain domain-name password password-value
Switch(vlan)# vtp server
Switch(vlan)# show vtp status
若想Disable VTP,只須將VTP模式改爲transparent
即Switch(vlan)# vtp transparent
2. 激活VTP V2(交換機默認的是VTP V1)。
Switch# vlan database
Switch(vlan)# vtp v2-mode
Switch# show vtp status
3. 增加VLAN。Catalyst 2900XL系列交換機最大支持64個激活的VLAN,
VLAN ID 號從1-1005。
Switch# vlan database
Switch(vlan)# vlan vlan-id name vlan-name
Switch# show vlan name vlan-name
Switch(vlan)# no vlan vlan-id //刪除VLAN
4. 將端口加入VLAN。
Switch# configure terminal
Switch(config)# interface interface
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan vlan-id
Switch(config-if)# show interface interface-id switchport
5. 配置trunk 端口。
Switch# configure terminal
Switch(config)# interface interface
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation isl
Switch(config-if)# end
Switch# show interface interface switchport
Switch# copy running-config startup-config
6. 配置trunk 上允許的VLAN。
Switch(config)# interface interface
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan remove vlan-id-range
Switch(config-if)# switchport trunk allowed vlan add vlan-id-range
Switch(config-if)# end
Switch# show interface interface switchport allowed-vlan
若想取消trunk端口,只需
Switch(config-if)# no switchport mode
7. 使用STP實現負載。
實現負載分擔有兩種方法:
1) 使用端口優先級。
配置:
Switch_1(config-if)# interface fa0/1
Switch_1(config-if)# spanning-tree vlan 8 9 10 port-priority 10
Switch_1(config)# interface fa0/2
Switch_1(config-if)# spanning-tree vlan 3 4 5 6 port-priority 10
2) 使用路徑值。例如:
Switch_1(config)# interface fa0/1
Switch_1(config-if)# spanning-tree vlan 2 3 4 cost 30
Switch_1(config)# interface fa0/2
Switch_1(config-if)# spanning-tree vlan 8 9 10 cost 30
-----------------------------------
Cisco HSRP的配置
-----------------
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
enable password cisco
!
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 136.147.107.101 255.255.0.0
no ip redirects
no ip directed-broadcast
standby 150 timers 5 15 /* 定義150組5秒交換一次hello信息,15秒沒收到
hello信息就開始切換 */
standby 150 priority 110 /* 定義150組的主路由器權值,值越大,爲主路由
器希望越大 */
standby 150 preempt /* enable 150組的hsrp搶佔功能 */
standby 150 authentication cisco /* 設置150組的router身份驗證串 */
standby 150 ip 136.147.107.100 /* 定義150組的浮動地址,也是這臺router
連接的網絡的網關 */
standby 150 track Ethernet0 /* 定義監控的端口 */
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
ip classless
!
!
line con 0
transport input none
line 1 16
line aux 0
line vty 0 4
password cisco
login
!
end
-----------------------------------
ISDN 撥號備份
最近我在調試一個網絡,該網絡使用一對二方式.
其中一個遠端A與Internet互連,中心點與另外一個遠端B
通過該遠端A連入Internet. 並且三點之間內部互通.
現三地之間用三臺Cisco互連,能正常工作.
但是現需要備份中心點與兩個遠端之間的通信線路.
計劃採用ISDN撥號備份.
-----------------------------------------------------------
Sample Configuration for C2503
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
dialer hold-queue 5
dialer load-threshold 100
dialer-group 1
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
ppp authentication chap
!
router igrp 1
network 172.16.0.0
!
ip route 192.168.24.0 255.255.255.0 172.16.20.2
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C2503 Configuration
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco
The username "C4000" is the hostname of the remote router and is used
by the dialer map command below. The username is case sensitive and mu
st match the remote router's hostname exactly.
The password, which is used by the CHAP authentication process, is cas
e sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco i
s shown in this sample configuration. In the actual configuration, the
password would appear in its encrypted form: 7 13061E010803, where 7
denotes the encryption type and 13061E010803 is the encrypted form of
the password cisco. When entering or making changes to the username co
mmand, always type the password in its unencrypted form and do not ent
er the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you chang
e the switch-type, you must reload the router for the new switch type
to take effect.
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use o
f CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you confi
gured your dialer map statements with the speed 56 option, you should
include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It se
ts the correct reference point for the BRI port's show interface stati
stics, for the dialer load-threshold command, and for IGRP/EIGRP routi
ng metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remai
n open if no interesting traffic is being routed. The timer is reset e
ach time an interesting packet is forwarded.
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
The dialer map command is used with CHAP authentication to place the i
nitial call to the remote router when interesting traffic is forwarded
to the BRI interface. Once the connection is active, the dialer idle-
timeout command determines how long it will remain active. A dialer ma
p statement is required for each ISDN phone number that will be called
. Be aware though, that two dialer map statements pointing to the same
location might activate both B channels when you may only want to use
one channel.
Note: The command parameters for this example are:
172.16.20.2 = the IP address of the remote router's BRI interface. To
determine this address, type show interface bri 0 at the remote router
's console prompt.
name C4000 = the hostname of the remote router. The name is case sensi
tive and should match the name configured for the username command abo
ve.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not
64k end-to-end, and should be included in both routers' dialer map st
atements. Most installations in North America must be configured for 5
6K.
broadcast = allows the forwarding of broadcast packets. Unless broadca
st packets are specified as interesting packets by the dialer-list com
mand, they will only be forwarded when the ISDN link is active.
14155551234
14155556789 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN co
nnection is established. In this example, five interesting packets wil
l be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the m
aximum load before the dialer places another call through the second B
channel. The load is the calculated weighted average load value for t
he interface, where 1 is unloaded and 255 is fully loaded. The actual
load value you should configure depends on the characteristics of your
particular network. In this example, the second B channel will be act
ivated when the load reaches 39% of maximum utilization, which is 100
divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interf
ace, which determines which packets will be interesting and activate t
he ISDN connection.
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
ip route 192.168.24.0 255.255.255.0 172.16.20.2
This IP route command creates a static route to the remote router's ne
twork via the remote router's BRI interface. This is required because
dynamic routes are lost when the ISDN link is down.
Note: The command parameters for this example are:
192.168.24.0 = the target network.
255.255.255.0 = the target network mask. A 255 in an octet's position
specifies an exact match for that octet is required, and a 0 in an oct
et's position specifies any value will match.
172.16.20.2 = the address of the next hop that can be used to reach th
e target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
This access list determines which IP packets will be interesting and a
ctivate the ISDN link. The access-list you should create depends on yo
ur particular network design.
Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0255.255.255.2
55
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP pack
ets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Sample Configuration for C4000
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
dialer hold-queue 5
dialer load-threshold 100
dialer-group 1
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
ppp authentication chap
!
router igrp 1
network 172.16.0.0
network 192.168.24.0
!
ip route 172.16.10.0 255.255.255.0 172.16.20.1
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C4000 Configuration
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco
The username "C2503" is the hostname of the remote router and is used
by the dialer map command below. The username is case sensitive and mu
st match the remote router's hostname exactly.
The password, which is used by the CHAP authentication process, is cas
e sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco i
s shown in this sample configuration. In the actual configuration, the
password would appear in its encrypted form: 7 13061E010803, where 7
denotes the encryption type and 13061E010803 is the encrypted form of
the password cisco. When entering or making changes to the username co
mmand, always type the password in its unencrypted form and do not ent
er the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you chang
e the switch-type you must reload the router for the new switch type t
o take effect.
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use o
f CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you confi
gured your dialer map statements with the speed 56 option, you should
include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It se
ts the correct reference point for the BRI port's show interface stati
stics, for the dialer load-threshold command, and for IGRP/EIGRP routi
ng metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remai
n open if no interesting traffic is being routed. The timer is reset e
ach time an interesting packet is forwarded.
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
The dialer map command is used with CHAP authentication to place the i
nitial call to the remote router when interesting traffic is forwarded
to the BRI interface. After the connection is active, the dialer idle
-timeout command determines how long it will remain active. A dialer m
ap statement is required for each ISDN phone number that will be calle
d. Be aware though, that two dialer map statements pointing to the sam
e location might activate both B channels when you may only want to us
e one channel.
Note: The command parameters for this example are:
172.16.20.1 = the IP address of the remote router's BRI interface. To
determine this address, type show interface bri 0 at the remote router
's console prompt.
name C2503 = the hostname of the remote router. The name is case sensi
tive and should match the name configured for the username command abo
ve.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not
64k end-to-end, and should be included in both routers' dialer map st
atements. Most installations in North America must be configured for 5
6K.
broadcast = allows the forwarding of broadcast packets. Unless broadca
st packets are specified as interesting packets by the dialer-list com
mand, they will only be forwarded when the ISDN link is active.
14085554321
14085559876 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN co
nnection is established. In this example, five interesting packets wil
l be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the m
aximum load before the dialer places another call through the second B
channel. The load is the calculated weighted average load value for t
he interface, where 1 is unloaded and 255 is fully loaded. The actual
load value you should configure depends on the characteristics of your
particular network. In this example, the second B channel will be act
ivated when the load reaches 39% of maximum utilization, which is 100
divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interf
ace, which determines which packets will be interesting and activate t
he ISDN connection.
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
network 192.168.24.0
ip route 172.16.10.0 255.255.255.0 172.16.20.1
This ip route command creates a static route to the remote router's ne
twork via the remote router's BRI interface. This is required because
dynamic routes are lost when the ISDN link is down.
Note: The command parameters for this example are:
172.16.0.0 = the target network.
255.255.0.0 = the target network mask. A 255 in an octet's position sp
ecifies an exact match for that octet is required, and a 0 in an octet
's position specifies any value will match.
172.16.20.1 = the address of the next hop that can be used to reach th
e target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
This access list determines which IP packets will be interesting and a
ctivate the ISDN link. The access-list you should create depends on yo
ur particular network design.
Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP pack
ets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
---
備份的話,用靜態路由足矣!下面是我公司在北京的工程配置:Current config
uration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname feihua
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.0.1 255.255.255.0
!
!
interface Serial0
backup delay 5 30
backup interface BRI0
ip address 10.10.10.1 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.2 name jianhua1 broadcast 86521075
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.1.0 255.255.255.0 10.10.10.2
ip route 10.10.1.0 255.255.255.0 10.10.20.2
ip route 10.10.2.0 255.255.255.0 10.10.10.2
ip route 10.10.2.0 255.255.255.0 10.10.20.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
被叫端的配置:(建國門廣發證券)
urrent configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname jianhua1
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.1.1 255.255.255.0
!
!
interface Serial0
ip address 10.10.10.2 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.2 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.1 name feihua broadcast
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.0.0 255.255.255.0 10.10.10.1
ip route 10.10.0.0 255.255.255.0 10.10.20.1
ip route 10.10.2.0 255.255.255.0 10.10.1.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
------------------------
16AM配置
----------
設置16口Modem撥號模塊,使用內部DHCP服務爲撥入用戶分配地址
Cisco2620(config)#interface Group-Async1
Cisco2620(config-if)# ip unnumbered FastEthernet0/0
Cisco2620(config-if)# encapsulation ppp
Cisco2620(config-if)# ip tcp header-compression passive:啓用被動IP包頭壓縮
Cisco2620(config-if)# async mode dedicated:只在異步模式下工作
Cisco2620(config-if)# peer default ip address dhcp:將IP地址請求轉發至DHCP服務器
Cisco2620(config-if)# ppp authentication chap:將認證設爲CHAP
Cisco2620(config-if)# group-range 33 48:撥號組包括16個口
Cisco的16AM模塊提供了高密度的模擬電路接入方式,不在辦公大樓的員工可以用Modem撥號聯入局域網、登錄服務器,實現遠程辦公。
peer default ip address dhcp命令可以使撥入的工作站通過局域網內的DHCP服務器動態地獲得IP地址,節約了IP地址資源,同時還接收了在DHCP服務器上配置的參數,比如DNS服務器的IP地址,並配合全局模式下配置的指向防火牆的靜態路由,使工作站同時也可以通過防火牆訪問Internet。
Cisco2620(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.4:設置到防火牆的靜態路由
(5) 對16AM模塊物理特性的設置
Cisco2620(config)#line 33 48: 進入Modem 口線模式
Cisco2620(config-line)# session-timeout 30:超時設爲30分鐘
Cisco2620(config-line)# autoselect during-login:自動登錄
Cisco2620(config-line)# autoselect ppp:自動選擇PPP協議
Cisco2620(config-line)# login local:允許本地口令檢查
Cisco2620(config-line)# modem InOut:允許撥入撥出
Cisco2620(config-line)# transport input all:指定傳輸協議
Cisco2620(config-line)# stopbits 1:設置一位停止位
Cisco2620(config-line)# flowcontrol hardware:設置硬件流控制
(6) 添加撥號用戶的用戶名和密碼
Cisco2620(config)#username shixuegang password abc123:增加用戶名shixuegang,口令爲abc123
-------------------------
一個voip的配置
Building configuration...
Current configuration : 10640 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ahu_router
!
boot system slot0:aaa0202.bin
logging rate-limit console 10 except errors
enable secret 5
enable password 7
!
username hfe_router password 7
username whu_router password 7
username aqi_router password 7
username bbu_router password 7
username czh_router password 7
username xch_router password 7
username chu_router password 7
username hbe_router password 7
username mas_router password 7
username txi_router password 7
username lan_router password 7
username chz_router password 7
username szh_router password 7
username fya_router password 7
username tli_router password 7
username bzh_router password 7
username hna_router password 7
username swe_router password 7
username zji_router password 7
username tester password 7
username shsh password 7
username test password 7
username hwh password 0
voice-card 2
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip host hbsy.domain 10.184.80.10
ip name-server 10.184.80.10
!
isdn voice-call-failure 0
chat-script default "" "ATDT/T" TIMEOUT 60 CONNECT /c
call rsvp-sync
!
!
!
!
!
!
!
controller E1 2/0
framing NO-CRC4
ds0-group 1 timeslots 1-15,17-31 type r2-digital r2-compelled ani
cas-custom 1
unused-abcd 0 1 1 1
country china use-defaults
answer-signal group-b 1
!
controller E1 3/0
channel-group 0 timeslots 1
channel-group 1 timeslots 2
channel-group 2 timeslots 3
channel-group 3 timeslots 4
channel-group 4 timeslots 5
channel-group 5 timeslots 6
channel-group 6 timeslots 7
channel-group 7 timeslots 8
channel-group 8 timeslots 9
channel-group 9 timeslots 10
channel-group 10 timeslots 11
channel-group 11 timeslots 12
channel-group 12 timeslots 13
channel-group 13 timeslots 14
channel-group 14 timeslots 15
channel-group 15 timeslots 16
!
!
interface Ethernet0/0
ip address 10.184.1.2 255.255.255.0
half-duplex
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Serial3/0:0
ip address 10.184.252.5 255.255.255.252
fair-queue 64 256 0
!
interface Serial3/0:1
description ppp channel 1_anqing
ip address 10.184.252.9 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:2
description ppp channel 2_bengbu
ip address 10.184.252.13 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:3
description ppp channel 3_chizhou
ip address 10.184.252.17 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:4
description ppp channel 4_xuancheng
ip address 10.184.252.21 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:5
description ppp channel 5_caohu
ip address 10.184.252.25 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:6
description ppp channel 6_huaibei
bandwidth 128
ip address 10.184.252.29 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:7
description ppp channel 7_maanshan
ip address 10.184.252.33 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:8
description ppp channel 8_huangshan
ip address 10.184.252.37 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:9
description ppp channel 9_liuan
ip address 10.184.252.41 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:10
description ppp channel 10_chuzhou
ip address 10.184.252.45 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:11
description ppp channel 11_suzhou
ip address 10.184.252.49 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:12
description ppp channel 12_fuyang
ip address 10.184.252.53 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:13
description ppp channel 13_tongling
ip address 10.184.252.57 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:14
description ppp channel 14_bozhou
ip address 10.184.252.61 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:15
description ppp channel 15_huainan
ip address 10.184.252.65 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Async39
ip address 10.2.1.19 255.255.255.192
encapsulation ppp
dialer in-band
dialer map ip 10.2.1.1 name shsh 01064998899
dialer map ip 10.184.1.40 name test 2867839
dialer map ip 10.184.1.252 name hwh 2867639
dialer hold-queue 10
dialer-group 1
async dynamic routing
async mode dedicated
pulse-time 3
ppp authentication chap
!
interface Async40
ip unnumbered Ethernet0/0
encapsulation ppp
async mode dedicated
peer default ip address 10.184.1.254
ppp authentication chap
!
interface Group-Async1
no ip address
dialer in-band
dialer rotary-group 1
async default routing
async dynamic routing
async mode dedicated
fair-queue 64 16 0
group-range 33 38
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
ip address 10.184.254.225 255.255.255.224
encapsulation ppp
dialer in-band
dialer map ip 10.184.254.226 name hfe_router
dialer map ip 10.184.254.227 name whu_router
dialer map ip 10.184.254.228 name aqi_router
dialer map ip 10.184.254.229 name bbu_router
dialer map ip 10.184.254.230 name czh_router
dialer map ip 10.184.254.231 name xch_router
dialer map ip 10.184.254.232 name chu_router
dialer map ip 10.184.254.233 name hbe_router
dialer map ip 10.184.254.234 name mas_router
dialer map ip 10.184.254.235 name txi_router
dialer map ip 10.184.254.236 name lan_router
dialer map ip 10.184.254.237 name chz_router
dialer map ip 10.184.254.238 name szh_router
dialer map ip 10.184.254.239 name fya_router
dialer map ip 10.184.254.240 name tli_router
dialer map ip 10.184.254.241 name bzh_router
dialer map ip 10.184.254.242 name hna_router
dialer-group 1
pulse-time 3
no cdp enable
ppp authentication chap
!
router rip
version 2
redistribute connected
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.184.1.30
ip route 10.0.0.0 255.0.0.0 10.184.1.1
ip route 10.184.10.0 255.255.255.0 10.184.254.226 150
ip route 10.184.20.0 255.255.255.0 10.184.254.227 150
ip route 10.184.30.0 255.255.255.0 10.184.254.228 150
ip route 10.184.40.0 255.255.255.0 10.184.254.229 150
ip route 10.184.50.0 255.255.255.0 10.184.254.230 150
ip route 10.184.60.0 255.255.255.0 10.184.254.231 150
ip route 10.184.70.0 255.255.255.0 10.184.254.232 150
ip route 10.184.80.0 255.255.255.0 10.184.254.233 150
ip route 10.184.90.0 255.255.255.0 10.184.254.234 150
ip route 10.184.100.0 255.255.255.0 10.184.254.235 150
ip route 10.184.110.0 255.255.255.0 10.184.254.236 150
ip route 10.184.120.0 255.255.255.0 10.184.254.237 150
ip route 10.184.130.0 255.255.255.0 10.184.254.238 150
ip route 10.184.140.0 255.255.255.0 10.184.254.239 150
ip route 10.184.150.0 255.255.255.0 10.184.254.240 150
ip route 10.184.160.0 255.255.255.0 10.184.254.241 150
ip route 10.184.170.0 255.255.255.0 10.184.254.242 150
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server engineID local 000000090200003019237741
snmp-server community RO
!
voice-port 2/0:1
timeouts interdigit 3
!
dial-peer cor custom
!
!
!
dial-peer voice 1 pots
answer-address +51
destination-pattern 51....
direct-inward-dial
port 2/0:1
!
dial-peer voice 14 voip
answer-address +64
destination-pattern +64
session target ipv4:10.184.110.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 15 voip
answer-address +65
destination-pattern +65
session target ipv4:10.184.70.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 2 voip
answer-address +52
destination-pattern +52
session target ipv4:10.184.40.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 3 voip
answer-address +53
destination-pattern +53
session target ipv4:10.184.20.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 4 voip
answer-address +54
destination-pattern +54
session target ipv4:10.184.170.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 5 voip
answer-address +55
destination-pattern +55
session target ipv4:10.184.90.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 6 voip
answer-address +56
destination-pattern +56
session target ipv4:10.184.30.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 7 voip
answer-address +57
destination-pattern +57
session target ipv4:10.184.130.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 8 voip
answer-address +58
destination-pattern +58
session target ipv4:10.184.140.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 9 voip
answer-address +59
destination-pattern +59
session target ipv4:10.184.100.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 10 voip
answer-address +50
destination-pattern +50
session target ipv4:10.184.120.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 11 voip
answer-address +61
destination-pattern +61
session target ipv4:10.184.80.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 12 voip
answer-address +62
destination-pattern +62
session target ipv4:10.184.150.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 13 voip
answer-address +63
destination-pattern +63
session target ipv4:10.184.60.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 16 voip
answer-address +66
destination-pattern +66
session target ipv4:10.184.50.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 17 voip
answer-address +60
destination-pattern +60
session target ipv4:10.184.160.2
codec g729r8 pre-ietf
ip precedence 5
!
!
line con 0
transport input none
line 33 39
no exec
script dialer default
login local
modem InOut
modem autoconfigure discovery
rotary 1
transport input all
stopbits 1
flowcontrol hardware
line 40
login local
modem InOut
modem autoconfigure discovery
transport input all
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7
login
!
end
----------------------------------
Cisco PIX防火牆的安裝流程
1. 將PIX安放至機架,經檢測電源系統後接上電源,並加電主機。
2. 將CONSOLE口連接到PC的串口上,運行HyperTerminal程序從CONSOLE口進入
PIX系統;此時系統提示pixfirewall>。
3. 輸入命令:enable,進入特權模式,此時系統提示爲pixfirewall#。
4. 輸入命令: configure terminal,對系統進行初始化設置。
5. 配置以太口參數:
interface ethernet0 auto (auto選項表明系統自適應網卡類型 )
interface ethernet1 auto
6. 配置內外網卡的IP地址:
ip address inside ip_address netmask
ip address outside ip_address netmask
7. 指定外部地址範圍:
global 1 ip_address-ip_address
8. 指定要進行要轉換的內部地址:
nat 1 ip_address netmask
9. 設置指向內部網和外部網的缺省路由
route inside 0 0 inside_default_router_ip_address
route outside 0 0 outside_default_router_ip_address
10. 配置靜態IP地址對映:
static outside ip_address inside ip_address
11. 設置某些控制選項:
conduit global_ip port[-port] protocol foreign_ip [netmask]
global_ip 指的是要控制的地址
port 指的是所作用的端口,其中0代表所有端口
protocol 指的是連接協議,比如:TCP、UDP等
foreign_ip 表示可訪問global_ip的外部ip,其中表示所有的ip。
12. 設置telnet選項:
telnet local_ip [netmask]
local_ip 表示被允許通過telnet訪問到pix的ip地址(如果不設此項,
PIX的配
置只能由consle方式進行)。
13. 將配置保存:
wr mem
14. 幾個常用的網絡測試命令:
#ping
#show interface 查看端口狀態
#show static 查看靜態地址映射
