3.1 配置接入路由器InternetRouter的基本参数
 
InternetRouter(config)#enble secret youguess
InternetRouter(config)#line con 0
InternetRouter(config-line)#logging sy
InternetRouter(config-line)#exec-timeout 5 30
InternetRouter(config-line)#exit
InternetRouter(config)#line vty 0 4
InternetRouter(config-line)#password abc
InternetRouter(config-line)#login
InternetRouter(config-line)#exec-timeout 5 30
InternetRouter(config-line)#exit
InternetRouter(config)#no ip do lo
-----------------------------------------------------------------------------
接口参数
InternetRouter(config)#int f0/0
InternetRouter(config-if)#no shut
InternetRouter(config-if)#ip add 192.168.0.254 255.255.255.0
InternetRouter(config-if)#exit
InternetRouter(config)#int s0/0
InternetRouter(config-if)#no shut
InternetRouter(config-if)#ip add 193.1.1.1 255.255.255.252
InternetRouter(config-if)#exit
----------------------------------------------------------------------------
路由功能
InternetRouter(config)#ip route 192.168.0.0 255.255.248.0 192.168.0.3
InternetRouter(config)#ip route 192.168.100.0 255.255.255.0 192.168.0.3
InternetRouter(config)#ip route 0.0.0.0 0.0.0.0 s0/0
-----------------------------------------------------------------------
配置NAT   (202.206.222.1~202.206.222.8用作NAT)
 
InternetRouter(config)#int f0/0
InternetRouter(config-if)#ip nat inside
InternetRouter(config-if)#exit
InternetRouter(config)#int s0/0
InternetRouter(config-if)#ip nat outside
InternetRouter(config-if)#exit
InternetRouter(config)#ip nat inside source static 192.168.100.1 202.206.222.1
InternetRouter(config)#ip nat inside source static 192.168.100.2 202.206.222.2
InternetRouter(config)#ip nat inside source static 192.168.100.3 202.206.222.3
InternetRouter(config)#ip nat pool cisco 202.206.222.4 202.206.222.8 netmask 255.255.255. 240
InternetRouter(config)#access-list 1 permit 192.168.0.0 0.0.7.255
InternetRouter(config)#ip nat inside source list 1 pool cisco overload
-------------------------------------------------------------------------
配置ACL
 
InternetRouter(config)#access-list 101 deny udp any any eq snmp
InternetRouter(config)#access-list 101 deny udp any any eq snmptrap
InternetRouter(config)#access-list 101 deny tcp any any eq telnet
InternetRouter(config)#access-list 101 deny tcp any any eq range 512 514
InternetRouter(config)#access-list 101 deny tcp any any eq 111
InternetRouter(config)#access-list 101 deny udp any any eq 111
InternetRouter(config)#access-list 101 deny tcp any any eq 2049
InternetRouter(config)#access-list 101 deny icmp any any eq echo-request
InternetRouter(config)#access-list 101 deny udp any any eq echo
InternetRouter(config)#access-list 2 permit 192.168.100.0 0.0.0.255
InternetRouter(config)#int s0/0
InternetRouter(config-if)#ip access-group 101 in
InternetRouter(config-if)#exit
InternetRouter(config)#int f0/0
InternetRouter(config-if)#no ip directed-broadcast
InternetRouter(config)#line vty 0 4
InternetRouter(config-line)#access-class 2 in
InternetRouter(config-line)#exit
---------------------------------------------------------------------------
其他配置
 
InternetRouter(config)#ip classless
InternetRouter(config)#ip subnet-zero