思科网络典型配置案例集锦

思科网络典型配置案例集锦(吐血推荐)

本人整理的部分配置方案,现在还不全,一直在努力中
,我会不断更新



2900XL VLAN config  

--------------------------------------------------------------------------------

Switch# vlan database
Switch(vlan)# vtp domain domain-name

Switch(vlan)# vtp domain domain-name password password-value

Switch(vlan)# vtp server

Switch(vlan)# show vtp status

若想 Disable VTP ,只须将 VTP 模式改为 transparent

Switch(vlan)# vtp transparent

2.
激活 VTP V2 (交换机默认的是 VTP V1 )。

Switch# vlan database

Switch(vlan)# vtp v2-mode

Switch# show vtp status

3.
增加 VLAN Catalyst 2900XL 系列交换机最大支持 64 个激活的 VLAN

VLAN ID
号从 1 1005

Switch# vlan database

Switch(vlan)# vlan vlan-id name vlan-name

Switch# show vlan name vlan-name

Switch(vlan)# no vlan vlan-id //
删除 VLAN

4.
将端口加入 VLAN

Switch# configure terminal

Switch(config)# interface interface

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan vlan-id

Switch(config-if)# show interface interface-id switchport

5.
配置 trunk 端口。

Switch# configure terminal

Switch(config)# interface interface

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk encapsulation isl

Switch(config-if)# end

Switch# show interface interface switchport

Switch# copy running-config startup-config

6.
配置 trunk 上允许的 VLAN

Switch(config)# interface interface

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk allowed vlan remove vlan-id-range

Switch(config-if)# switchport trunk allowed vlan add vlan-id-range

Switch(config-if)# end

Switch# show interface interface switchport allowed-vlan

若想取消 trunk 端口,只需

Switch(config-if)# no switchport mode

7.
使用 STP 实现负载。

实现负载分担有两种方法:

1)
使用端口优先级。

配置:

Switch_1(config-if)# interface fa0/1

Switch_1(config-if)# spanning-tree vlan 8 9 10 port-priority 10

Switch_1(config)# interface fa0/2

Switch_1(config-if)# spanning-tree vlan 3 4 5 6 port-priority 10

2)
使用路径值。例如:

Switch_1(config)# interface fa0/1

Switch_1(config-if)# spanning-tree vlan 2 3 4 cost 30

Switch_1(config)# interface fa0/2

Switch_1(config-if)# spanning-tree vlan 8 9 10 cost 30
-----------------------------------

Cisco HSRP
的配置
-----------------

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
enable password cisco
!
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 136.147.107.101 255.255.0.0
no ip redirects
no ip directed-broadcast
standby 150 timers 5 15   /*
定义 150 5 秒交换一次 hello 信息, 15 秒没收到
                                  hello
信息就开始切换 */
standby 150 priority 110 /*
定义 150 组的主路由器权值,值越大,为主路由
                              
器希望越大 */
standby 150 preempt /* enable 150
组的 hsrp 抢占功能 */
standby 150 authentication cisco  /*
设置 150 组的 router 身份验证串 */
standby 150 ip 136.147.107.100 /*
定义 150 组的浮动地址,也是这台 router
                                 
连接的网络的网关 */
standby 150 track Ethernet0 /*
定义监控的端口 */
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
ip classless
!
!
line con 0
transport input none
line 1 16
line aux 0
line vty 0 4
password cisco
login
!
end
-----------------------------------


ISDN
拨号备份

最近我在调试一个网络 , 该网络使用一对二方式 .

其中一个远端 A Internet 互连 , 中心点与另外一个远端 B

通过该远端 A 连入 Internet. 并且三点之间内部互通 .

 

现三地之间用三台 Cisco 互连 , 能正常工作 .

但是现需要备份中心点与两个远端之间的通信线路 .

计划采用 ISDN 拨号备份 .

-----------------------------------------------------------

 

 

Sample Configuration for C2503

 

C2503#wr t

######

Current configuration:

!

version 10.2

!

hostname C2503

!

enable password test

!

username C4000 password cisco (See username explanation in the followi

ng

section.)

isdn switch-type basic-dms100

!

interface Ethernet0

ip address 172.16.10.1 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 172.16.20.1 255.255.255.0

encapsulation ppp

bandwidth 56

dialer idle-timeout 300

dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234

dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789

dialer hold-queue 5

dialer load-threshold 100

dialer-group 1

isdn spid1 408555432101 5554321

isdn spid2 408555987601 5559876

ppp authentication chap

!

router igrp 1

network 172.16.0.0

!

ip route 192.168.24.0 255.255.255.0 172.16.20.2

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

0

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.

255

!

!

dialer-list 1 list 100

!

line con 0

line aux 0

line vty 0 4

password test

login

!

end

 

Explanation of C2503 Configuration

 

 

C2503#wr t

######

Current configuration:

!

version 10.2

!

hostname C2503

!

enable password test

!

username C4000 password cisco

 

The username "C4000" is the hostname of the remote router and is used

by the dialer map command below. The username is case sensitive and mu

st match the remote router's hostname exactly.

The password, which is used by the CHAP authentication process, is cas

e sensitive and must match the remote router's password exactly.

 

Note: To avoid confusion, the unencrypted form of the password cisco i

s shown in this sample configuration. In the actual configuration, the

password would appear in its encrypted form: 7 13061E010803, where 7

denotes the encryption type and 13061E010803 is the encrypted form of

the password cisco. When entering or making changes to the username co

mmand, always type the password in its unencrypted form and do not ent

er the encryption type (7). It is set automatically.

 

isdn switch-type basic-dms100

 

 

The ISDN switch type must match your carrier's equipment. If you chang

e the switch-type, you must reload the router for the new switch type

to take effect.

 

interface Ethernet0

ip address 172.16.10.1 255.255.255.0

 

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 172.16.20.1 255.255.255.0

 

encapsulation ppp

 

PPP encapsulation is recommended over HDLC in order to allow the use o

f CHAP authentication.

bandwidth 56

 

 

The default bandwidth setting for a BRI interface is 64k. If you confi

gured your dialer map statements with the speed 56 option, you should

include the bandwidth statement.

Note: This command does not control the speed of your ISDN line. It se

ts the correct reference point for the BRI port's show interface stati

stics, for the dialer load-threshold command, and for IGRP/EIGRP routi

ng metrics.

 

dialer idle-timeout 300

 

 

This command sets the number of seconds the ISDN connection will remai

n open if no interesting traffic is being routed. The timer is reset e

ach time an interesting packet is forwarded.

dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234

dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789

 

 

The dialer map command is used with CHAP authentication to place the i

nitial call to the remote router when interesting traffic is forwarded

to the BRI interface. Once the connection is active, the dialer idle-

timeout command determines how long it will remain active. A dialer ma

p statement is required for each ISDN phone number that will be called

. Be aware though, that two dialer map statements pointing to the same

location might activate both B channels when you may only want to use

one channel.

Note: The command parameters for this example are:

 

172.16.20.2 = the IP address of the remote router's BRI interface. To

determine this address, type show interface bri 0 at the remote router

's console prompt.

 

name C4000 = the hostname of the remote router. The name is case sensi

tive and should match the name configured for the username command abo

ve.

 

speed 56 = sets the dialer speed to 56k for ISDN circuits that are not

64k end-to-end, and should be included in both routers' dialer map st

atements. Most installations in North America must be configured for 5

6K.

 

broadcast = allows the forwarding of broadcast packets. Unless broadca

st packets are specified as interesting packets by the dialer-list com

mand, they will only be forwarded when the ISDN link is active.

 

14155551234

14155556789 = the remote router's ISDN telephone numbers.

 

dialer hold-queue 5

 

 

This command allows interesting packets to be queued until the ISDN co

nnection is established. In this example, five interesting packets wil

l be queued.

dialer load-threshold 100

 

 

This command is used to configure bandwidth on demand by setting the m

aximum load before the dialer places another call through the second B

channel. The load is the calculated weighted average load value for t

he interface, where 1 is unloaded and 255 is fully loaded. The actual

load value you should configure depends on the characteristics of your

particular network. In this example, the second B channel will be act

ivated when the load reaches 39% of maximum utilization, which is 100

divided by 255.

dialer-group 1

 

 

The dialer-group 1 command enables the dialer-list 1 on the BRI interf

ace, which determines which packets will be interesting and activate t

he ISDN connection.

isdn spid1 408555432101 5554321

isdn spid2 408555987601 5559876

 

 

The isdn spid commands are used if your carrier assigns spids to your

ISDN lines.

ppp authentication chap

 

 

This command enables CHAP authentication.

router igrp 1

network 172.16.0.0

 

ip route 192.168.24.0 255.255.255.0 172.16.20.2

 

 

This IP route command creates a static route to the remote router's ne

twork via the remote router's BRI interface. This is required because

dynamic routes are lost when the ISDN link is down.

Note: The command parameters for this example are:

 

192.168.24.0 = the target network.

 

255.255.255.0 = the target network mask. A 255 in an octet's position

specifies an exact match for that octet is required, and a 0 in an oct

et's position specifies any value will match.

 

172.16.20.2 = the address of the next hop that can be used to reach th

e target network.

 

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

0

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.

255

 

 

This access list determines which IP packets will be interesting and a

ctivate the ISDN link. The access-list you should create depends on yo

ur particular network design.

Note: The command parameters for this example are:

 

 

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

0

defines all broadcast packets as uninteresting.

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0255.255.255.2

55

defines all other IP packets as interesting.

 

 

dialer-list 1 list 100

 

 

This command points to access-list 100, which determines which IP pack

ets will be interesting.

 

 

line con 0

line aux 0

line vty 0 4

password test

login

!

end

 

Sample Configuration for C4000

 

C4000#wr t

######

Current configuration:

!

version 10.2

!

hostname C4000

!

enable password test

!

username C2503 password cisco (See username explanation in the followi

ng

section.)

isdn switch-type basic-dms100

!

interface Ethernet0

ip address 192.168.24.65 255.255.255.0

!

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 172.16.20.2 255.255.255.0

encapsulation ppp

bandwidth 56

dialer idle-timeout 300

dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321

dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876

dialer hold-queue 5

dialer load-threshold 100

dialer-group 1

isdn spid1 415555123401 5551234

isdn spid2 415555678901 5556789

ppp authentication chap

!

router igrp 1

network 172.16.0.0

network 192.168.24.0

!

ip route 172.16.10.0 255.255.255.0 172.16.20.1

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

0

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.

255

!

!

dialer-list 1 list 100

!

line con 0

line aux 0

line vty 0 4

password test

login

!

end

 

Explanation of C4000 Configuration

 

 

C4000#wr t

######

Current configuration:

!

version 10.2

!

hostname C4000

!

enable password test

!

username C2503 password cisco

 

The username "C2503" is the hostname of the remote router and is used

by the dialer map command below. The username is case sensitive and mu

st match the remote router's hostname exactly.

The password, which is used by the CHAP authentication process, is cas

e sensitive and must match the remote router's password exactly.

 

Note: To avoid confusion, the unencrypted form of the password cisco i

s shown in this sample configuration. In the actual configuration, the

password would appear in its encrypted form: 7 13061E010803, where 7

denotes the encryption type and 13061E010803 is the encrypted form of

the password cisco. When entering or making changes to the username co

mmand, always type the password in its unencrypted form and do not ent

er the encryption type (7). It is set automatically.

 

isdn switch-type basic-dms100

 

 

The ISDN switch type must match your carrier's equipment. If you chang

e the switch-type you must reload the router for the new switch type t

o take effect.

interface Ethernet0

ip address 192.168.24.65 255.255.255.0

 

 

 

interface Serial0

no ip address

shutdown

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 172.16.20.2 255.255.255.0

 

encapsulation ppp

 

PPP encapsulation is recommended over HDLC in order to allow the use o

f CHAP authentication.

 

bandwidth 56

 

The default bandwidth setting for a BRI interface is 64k. If you confi

gured your dialer map statements with the speed 56 option, you should

include the bandwidth statement.

Note: This command does not control the speed of your ISDN line. It se

ts the correct reference point for the BRI port's show interface stati

stics, for the dialer load-threshold command, and for IGRP/EIGRP routi

ng metrics.

 

dialer idle-timeout 300

 

 

This command sets the number of seconds the ISDN connection will remai

n open if no interesting traffic is being routed. The timer is reset e

ach time an interesting packet is forwarded.

dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321

dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876

 

 

The dialer map command is used with CHAP authentication to place the i

nitial call to the remote router when interesting traffic is forwarded

to the BRI interface. After the connection is active, the dialer idle

-timeout command determines how long it will remain active. A dialer m

ap statement is required for each ISDN phone number that will be calle

d. Be aware though, that two dialer map statements pointing to the sam

e location might activate both B channels when you may only want to us

e one channel.

Note: The command parameters for this example are:

 

172.16.20.1 = the IP address of the remote router's BRI interface. To

determine this address, type show interface bri 0 at the remote router

's console prompt.

 

name C2503 = the hostname of the remote router. The name is case sensi

tive and should match the name configured for the username command abo

ve.

 

speed 56 = sets the dialer speed to 56k for ISDN circuits that are not

64k end-to-end, and should be included in both routers' dialer map st

atements. Most installations in North America must be configured for 5

6K.

 

broadcast = allows the forwarding of broadcast packets. Unless broadca

st packets are specified as interesting packets by the dialer-list com

mand, they will only be forwarded when the ISDN link is active.

 

14085554321

14085559876 = the remote router's ISDN telephone numbers.

 

 

dialer hold-queue 5

 

This command allows interesting packets to be queued until the ISDN co

nnection is established. In this example, five interesting packets wil

l be queued.

dialer load-threshold 100

 

 

This command is used to configure bandwidth on demand by setting the m

aximum load before the dialer places another call through the second B

channel. The load is the calculated weighted average load value for t

he interface, where 1 is unloaded and 255 is fully loaded. The actual

load value you should configure depends on the characteristics of your

particular network. In this example, the second B channel will be act

ivated when the load reaches 39% of maximum utilization, which is 100

divided by 255.

 

dialer-group 1

 

The dialer-group 1 command enables the dialer-list 1 on the BRI interf

ace, which determines which packets will be interesting and activate t

he ISDN connection.

isdn spid1 415555123401 5551234

isdn spid2 415555678901 5556789

 

 

The isdn spid commands are used if your carrier assigns spids to your

ISDN lines.

ppp authentication chap

 

 

This command enables CHAP authentication.

 

 

router igrp 1

network 172.16.0.0

network 192.168.24.0

 

ip route 172.16.10.0 255.255.255.0 172.16.20.1

 

This ip route command creates a static route to the remote router's ne

twork via the remote router's BRI interface. This is required because

dynamic routes are lost when the ISDN link is down.

Note: The command parameters for this example are:

 

172.16.0.0 = the target network.

 

255.255.0.0 = the target network mask. A 255 in an octet's position sp

ecifies an exact match for that octet is required, and a 0 in an octet

's position specifies any value will match.

 

172.16.20.1 = the address of the next hop that can be used to reach th

e target network.

 

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

0

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.

255

 

 

This access list determines which IP packets will be interesting and a

ctivate the ISDN link. The access-list you should create depends on yo

ur particular network design.

Note: The command parameters for this example are:

 

 

access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.

 

defines all broadcast packets as uninteresting.

access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.

255

defines all other IP packets as interesting.

dialer-list 1 list 100

 

 

This command points to access-list 100, which determines which IP pack

ets will be interesting.

 

 

line con 0

line aux 0

line vty 0 4

password test

login

!

end

 

 

---

 

备份的话,用静态路由足矣!下面是我公司在北京的工程配置: Current config

uration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname feihua

!

enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.

enable password 7 011F0F110A5A565B

!

username feihua password 7 141B1B1E5D557A7F

username jianhua1 password 7 00081A13550A5B52

no ip source-route

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 10.10.0.1 255.255.255.0

!

!

interface Serial0

backup delay 5 30

backup interface BRI0

ip address 10.10.10.1 255.255.255.0

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 10.10.20.1 255.255.255.0

encapsulation ppp

dialer idle-timeout 300

dialer map ip 10.10.20.2 name jianhua1 broadcast 86521075

dialer load-threshold 128 outbound

dialer-group 1

isdn switch-type basic-net3

ppp authentication chap

ppp multilink

hold-queue 75 in

!

ip classless

ip route 10.10.1.0 255.255.255.0 10.10.10.2

ip route 10.10.1.0 255.255.255.0 10.10.20.2

ip route 10.10.2.0 255.255.255.0 10.10.10.2

ip route 10.10.2.0 255.255.255.0 10.10.20.2

!

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0

password 7 045702135E701C1A

login

line vty 1 4

login

!

end

 

被叫端的配置:(建国门广发证券)

urrent configuration:

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname jianhua1

!

enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.

enable password 7 011F0F110A5A565B

!

username feihua password 7 141B1B1E5D557A7F

username jianhua1 password 7 00081A13550A5B52

no ip source-route

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 10.10.1.1 255.255.255.0

!

!

interface Serial0

ip address 10.10.10.2 255.255.255.0

!

interface Serial1

no ip address

shutdown

!

interface BRI0

ip address 10.10.20.2 255.255.255.0

encapsulation ppp

dialer idle-timeout 300

dialer map ip 10.10.20.1 name feihua broadcast

dialer load-threshold 128 outbound

dialer-group 1

isdn switch-type basic-net3

ppp authentication chap

ppp multilink

hold-queue 75 in

!

ip classless

ip route 10.10.0.0 255.255.255.0 10.10.10.1

ip route 10.10.0.0 255.255.255.0 10.10.20.1

ip route 10.10.2.0 255.255.255.0 10.10.1.2

!

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0

password 7 045702135E701C1A

login

line vty 1 4

login

!

end
------------------------
16AM
配置
----------
设置 16 Modem 拨号模块,使用内部 DHCP 服务为拨入用户分配地址

Cisco2620(config)#interface Group-Async1

Cisco2620(config-if)# ip unnumbered FastEthernet0/0

Cisco2620(config-if)# encapsulation ppp

Cisco2620(config-if)# ip tcp header-compression passive
:启用被动 IP 包头压缩

Cisco2620(config-if)# async mode dedicated:
只在异步模式下工作

Cisco2620(config-if)# peer default ip address dhcp
:将 IP 地址请求转发至 DHCP 服务器

Cisco2620(config-if)# ppp authentication chap
:将认证设为 CHAP

Cisco2620(config-if)# group-range 33 48
:拨号组包括 16 个口

Cisco
16AM 模块提供了高密度的模拟电路接入方式,不在办公大楼的员工可以用 Modem 拨号联入局域网、登录服务器,实现远程办公。

peer default ip address dhcp
命令可以使拨入的工作站通过局域网内的 DHCP 服务器动态地获得 IP 地址,节约了 IP 地址资源,同时还接收了在 DHCP 服务器上配置的参数,比如 DNS 服务器的 IP 地址,并配合全局模式下配置的指向防火墙的静态路由,使工作站同时也可以通过防火墙访问 Internet

Cisco2620(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.4
:设置到防火墙的静态路由

(5)
16AM 模块物理特性的设置

Cisco2620(config)#line 33 48:
进入 Modem 口线模式

Cisco2620(config-line)# session-timeout 30:
超时设为 30 分钟

Cisco2620(config-line)# autoselect during-login
:自动登录

Cisco2620(config-line)# autoselect ppp
:自动选择 PPP 协议

Cisco2620(config-line)# login local
:允许本地口令检查

Cisco2620(config-line)# modem InOut
:允许拨入拨出

Cisco2620(config-line)# transport input all:
指定传输协议

Cisco2620(config-line)# stopbits 1
:设置一位停止位

Cisco2620(config-line)# flowcontrol hardware
:设置硬件流控制

(6)
添加拨号用户的用户名和密码

Cisco2620(config)#username shixuegang password abc123
:增加用户名 shixuegang ,口令为 abc123

-------------------------
一个 voip 的配置


Building configuration...

Current configuration : 10640 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ahu_router
!
boot system slot0:aaa0202.bin
logging rate-limit console 10 except errors
enable secret 5 <removed>
enable password 7 <removed>
!
username hfe_router password 7 <removed>
username whu_router password 7 <removed>
username aqi_router password 7 <removed>
username bbu_router password 7 <removed>
username czh_router password 7 <removed>
username xch_router password 7 <removed>
username chu_router password 7 <removed>
username hbe_router password 7 <removed>
username mas_router password 7 <removed>
username txi_router password 7 <removed>
username lan_router password 7 <removed>
username chz_router password 7 <removed>
username szh_router password 7 <removed>
username fya_router password 7 <removed>
username tli_router password 7 <removed>
username bzh_router password 7 <removed>
username hna_router password 7 <removed>
username swe_router password 7 <removed>
username zji_router password 7 <removed>
username tester password 7 <removed>
username shsh password 7 <removed>
username test password 7 <removed>
username hwh password 0 <removed>
voice-card 2
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip host hbsy.domain 10.184.80.10
ip name-server 10.184.80.10
!
isdn voice-call-failure 0
chat-script default "" "ATDT\T" TIMEOUT 60 CONNECT \c
call rsvp-sync
!
!
!
!
!
!
!
controller E1 2/0
framing NO-CRC4
ds0-group 1 timeslots 1-15,17-31 type r2-digital r2-compelled ani
cas-custom 1
unused-abcd 0 1 1 1
country china use-defaults
answer-signal group-b 1
!
controller E1 3/0
channel-group 0 timeslots 1
channel-group 1 timeslots 2
channel-group 2 timeslots 3
channel-group 3 timeslots 4
channel-group 4 timeslots 5
channel-group 5 timeslots 6
channel-group 6 timeslots 7
channel-group 7 timeslots 8
channel-group 8 timeslots 9
channel-group 9 timeslots 10
channel-group 10 timeslots 11
channel-group 11 timeslots 12
channel-group 12 timeslots 13
channel-group 13 timeslots 14
channel-group 14 timeslots 15
channel-group 15 timeslots 16
!
!
interface Ethernet0/0
ip address 10.184.1.2 255.255.255.0
half-duplex
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Serial3/0:0
ip address 10.184.252.5 255.255.255.252
fair-queue 64 256 0
!
interface Serial3/0:1
description ppp channel 1_anqing
ip address 10.184.252.9 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:2
description ppp channel 2_bengbu
ip address 10.184.252.13 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:3
description ppp channel 3_chizhou
ip address 10.184.252.17 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:4
description ppp channel 4_xuancheng
ip address 10.184.252.21 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:5
description ppp channel 5_caohu
ip address 10.184.252.25 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:6
description ppp channel 6_huaibei
bandwidth 128
ip address 10.184.252.29 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:7
description ppp channel 7_maanshan
ip address 10.184.252.33 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:8
description ppp channel 8_huangshan
ip address 10.184.252.37 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:9
description ppp channel 9_liuan
ip address 10.184.252.41 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:10
description ppp channel 10_chuzhou
ip address 10.184.252.45 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:11
description ppp channel 11_suzhou
ip address 10.184.252.49 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:12
description ppp channel 12_fuyang
ip address 10.184.252.53 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:13
description ppp channel 13_tongling
ip address 10.184.252.57 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:14
description ppp channel 14_bozhou
ip address 10.184.252.61 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Serial3/0:15
description ppp channel 15_huainan
ip address 10.184.252.65 255.255.255.252
ip mroute-cache
no cdp enable
ip rsvp bandwidth 48 48
!
interface Async39
ip address 10.2.1.19 255.255.255.192
encapsulation ppp
dialer in-band
dialer map ip 10.2.1.1 name shsh 01064998899
dialer map ip 10.184.1.40 name test 2867839
dialer map ip 10.184.1.252 name hwh 2867639
dialer hold-queue 10
dialer-group 1
async dynamic routing
async mode dedicated
pulse-time 3
ppp authentication chap
!
interface Async40
ip unnumbered Ethernet0/0
encapsulation ppp
async mode dedicated
peer default ip address 10.184.1.254
ppp authentication chap
!
interface Group-Async1
no ip address
dialer in-band
dialer rotary-group 1
async default routing
async dynamic routing
async mode dedicated
fair-queue 64 16 0
group-range 33 38
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
ip address 10.184.254.225 255.255.255.224
encapsulation ppp
dialer in-band
dialer map ip 10.184.254.226 name hfe_router
dialer map ip 10.184.254.227 name whu_router
dialer map ip 10.184.254.228 name aqi_router
dialer map ip 10.184.254.229 name bbu_router
dialer map ip 10.184.254.230 name czh_router
dialer map ip 10.184.254.231 name xch_router
dialer map ip 10.184.254.232 name chu_router
dialer map ip 10.184.254.233 name hbe_router
dialer map ip 10.184.254.234 name mas_router
dialer map ip 10.184.254.235 name txi_router
dialer map ip 10.184.254.236 name lan_router
dialer map ip 10.184.254.237 name chz_router
dialer map ip 10.184.254.238 name szh_router
dialer map ip 10.184.254.239 name fya_router
dialer map ip 10.184.254.240 name tli_router
dialer map ip 10.184.254.241 name bzh_router
dialer map ip 10.184.254.242 name hna_router
dialer-group 1
pulse-time 3
no cdp enable
ppp authentication chap
!
router rip
version 2
redistribute connected
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.184.1.30
ip route 10.0.0.0 255.0.0.0 10.184.1.1
ip route 10.184.10.0 255.255.255.0 10.184.254.226 150
ip route 10.184.20.0 255.255.255.0 10.184.254.227 150
ip route 10.184.30.0 255.255.255.0 10.184.254.228 150
ip route 10.184.40.0 255.255.255.0 10.184.254.229 150
ip route 10.184.50.0 255.255.255.0 10.184.254.230 150
ip route 10.184.60.0 255.255.255.0 10.184.254.231 150
ip route 10.184.70.0 255.255.255.0 10.184.254.232 150
ip route 10.184.80.0 255.255.255.0 10.184.254.233 150
ip route 10.184.90.0 255.255.255.0 10.184.254.234 150
ip route 10.184.100.0 255.255.255.0 10.184.254.235 150
ip route 10.184.110.0 255.255.255.0 10.184.254.236 150
ip route 10.184.120.0 255.255.255.0 10.184.254.237 150
ip route 10.184.130.0 255.255.255.0 10.184.254.238 150
ip route 10.184.140.0 255.255.255.0 10.184.254.239 150
ip route 10.184.150.0 255.255.255.0 10.184.254.240 150
ip route 10.184.160.0 255.255.255.0 10.184.254.241 150
ip route 10.184.170.0 255.255.255.0 10.184.254.242 150
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server engineID local 000000090200003019237741
snmp-server community <removed> RO
!
voice-port 2/0:1
timeouts interdigit 3
!
dial-peer cor custom
!
!
!
dial-peer voice 1 pots
answer-address +51
destination-pattern 51....
direct-inward-dial
port 2/0:1
!
dial-peer voice 14 voip
answer-address +64
destination-pattern +64
session target ipv4:10.184.110.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 15 voip
answer-address +65
destination-pattern +65
session target ipv4:10.184.70.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 2 voip
answer-address +52
destination-pattern +52
session target ipv4:10.184.40.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 3 voip
answer-address +53
destination-pattern +53
session target ipv4:10.184.20.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 4 voip
answer-address +54
destination-pattern +54
session target ipv4:10.184.170.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 5 voip
answer-address +55
destination-pattern +55
session target ipv4:10.184.90.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 6 voip
answer-address +56
destination-pattern +56
session target ipv4:10.184.30.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 7 voip
answer-address +57
destination-pattern +57
session target ipv4:10.184.130.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 8 voip
answer-address +58
destination-pattern +58
session target ipv4:10.184.140.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 9 voip
answer-address +59
destination-pattern +59
session target ipv4:10.184.100.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 10 voip
answer-address +50
destination-pattern +50
session target ipv4:10.184.120.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 11 voip
answer-address +61
destination-pattern +61
session target ipv4:10.184.80.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 12 voip
answer-address +62
destination-pattern +62
session target ipv4:10.184.150.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 13 voip
answer-address +63
destination-pattern +63
session target ipv4:10.184.60.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 16 voip
answer-address +66
destination-pattern +66
session target ipv4:10.184.50.2
codec g729r8 pre-ietf
ip precedence 5
!
dial-peer voice 17 voip
answer-address +60
destination-pattern +60
session target ipv4:10.184.160.2
codec g729r8 pre-ietf
ip precedence 5
!
!
line con 0
transport input none
line 33 39
no exec
script dialer default
login local
modem InOut
modem autoconfigure discovery
rotary 1
transport input all
stopbits 1
flowcontrol hardware
line 40
login local
modem InOut
modem autoconfigure discovery
transport input all
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
login
!
end


----------------------------------
Cisco PIX
防火墙的安装流程
 
1.
PIX 安放至机架,经检测电源系统后接上电源,并加电主机。
2.
CONSOLE 口连接到 PC 的串口上,运行 HyperTerminal 程序从 CONSOLE 口进入
PIX
系统;此时系统提示 pixfirewall>
3.
输入命令: enable, 进入特权模式,此时系统提示为 pixfirewall#
4.
输入命令: configure terminal, 对系统进行初始化设置。
5.
配置以太口参数:
interface ethernet0 auto
auto 选项表明系统自适应网卡类型
interface ethernet1 auto
6.
配置内外网卡的 IP 地址:
ip address inside ip_address netmask
ip address outside ip_address netmask
7.
指定外部地址范围:
global 1 ip_address-ip_address
8.
指定要进行要转换的内部地址:
nat 1 ip_address netmask
9.
设置指向内部网和外部网的缺省路由
route inside 0 0 inside_default_router_ip_address
route outside 0 0 outside_default_router_ip_address
10.
配置静态 IP 地址对映:
static outside ip_address inside ip_address
11.
设置某些控制选项:
conduit global_ip port[-port] protocol foreign_ip [netmask]
global_ip
指的是要控制的地址
port
指的是所作用的端口,其中 0 代表所有端口
protocol
指的是连接协议,比如: TCP UDP
foreign_ip
表示可访问 global_ip 的外部 ip ,其中表示所有的 ip
12.
设置 telnet 选项:
telnet local_ip [netmask]
local_ip
表示被允许通过 telnet 访问到 pix ip 地址(如果不设此项,
PIX
的配
置只能由 consle 方式进行)。
13.
将配置保存:
wr mem
14.
几个常用的网络测试命令:
#ping
#show interface
查看端口状态
#show static
查看静态地址映射

你可能感兴趣的:(网络,职场,休闲,思科,交换)