啥也没写
分类: 系统运维
2007-05-10 20:13:31
1,路由器配置几要素:
2,配置pap认证
3,设置内部dhcp服务器
4,设置ACL
5,设置本地回环路由
6,设置内网接口
7,设置外网接口
(设置动态ip地址)
8,配置rip版本2路由
9,配置ospf路由
10,设置默认路由及回指路由
11,设置NAT
12,ip地址映射
13,基于ip地址的限速
14,静态ARP表项绑定IP+MAC地址
15,设置密码
16,保存设置
例:可以直接粘贴的配置案例:
1,配置pap认证(服务端dce,在全局下面配置)
conf t
username hancj password aaa
int ser 0
encap ppp
ip add 1.1.1.1 255.255.255.0
cl 64000
ppp au pap
no shutdown
exit
2,配置pap认证(客户端dte,在接口下面配置)
conf t
int ser 0
encap ppp
ip add 1.1.1.2 255.255.255.0
ppp pap sent-username hancj password 0 aaa
no shutdown
exit
3,设置内部dhcp服务器:
ip dhcp pool route-dhcp
default-router 192.168.1.1
dns-server 218.2.135.1 61.147.37.1
network 192.168.1.0 255.255.255.0
exit
4,设置ACL:
!
access-list 1 permit any
!
!
access-list 101 deny udp any any eq tftp
access-list 101 deny udp any any eq 135
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 5554
access-list 101 deny tcp any any eq 9996
access-list 101 deny tcp any any eq 1068
access-list 101 permit ip any any
5,设置本地回环路由地址:
interface loopback 0
ip add 10.10.10.10 255.255.255.0
6,设置内网接口:
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.0
ip access-group 101 in
ip nat inside
no shut
exit
7,设置外网接口:
(设置静态ip地址)
interface FastEthernet1/0
ip address 61.1.1.2 255.255.255.0
ip access-group 101 in
ip nat outside
no shut
exit
(设置动态ip地址)
interface FastEthernet0/0
ip address dhcp
ip access-group 101 in
ip nat inside
no shut
exit
8,配置rip版本2路由
router rip
version 2
network 10.10.10.0
network 172.16.0.0
no auto-summary
9,配置ospf路由
router ospf
router-id 10.10.10.10
network 172.16.0.0 0.0.0.255 area 0.0.0.0
network 10.10.10.0 0.0.0.255 area 0.0.0.1
10,设置默认路由及回指路由:
ip route 0.0.0.0 0.0.0.0 61.1.1.1
ip route 192.168.0.0 255.255.0.0 172.16.0.254
11,设置NAT:
ip nat inside source list 1 interface FastEthernet1/0 overload
限制每用户会话数
ip nat translation per-user 0.0.0.0 300 //控制每个原ip的会话数为300个
调整NAT会话时间
ip nat translation udp-timeout 80
ip nat translation icmp-timeout 20
ip nat translation tcp-timeout 80 //控制每个原ip的tcp的老化时间
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 20
12,ip地址映射:(web发布,传奇私服)
ip nat inside source static tcp 192.168.0.209 80 218.94.103.6 80
ip nat inside source static tcp 192.168.0.209 21 218.94.103.6 21
ip nat inside source static tcp 192.168.0.209 25 218.94.103.6 25
ip nat inside source static tcp 192.168.0.209 110 218.94.103.6 110
ip nat inside source static tcp 192.168.0.209 7200 218.94.103.6 7200
ip nat inside source static tcp 192.168.0.209 7100 218.94.103.6 7100
ip nat inside source static tcp 192.168.0.209 7000 218.94.103.6 7000
13,基于ip地址的限速:
ip nat translation rate-limit default inbound 2000 outbound 2000 //控制每个原ip的速度2M
ip nat translation rate-limit iprange 192.168.0.1 192.168.0.253 inbound 1000 outbound 1000 //控制某个段原ip的速度1M
12,静态ARP表项绑定IP+MAC地址
arp 192.168.1.47 00d0.f800.4251 arpa
15,设置密码:
enable password 0 nbr1000
line vty 0 4
login
password nbr1000
exit
16,保存设置:
end
wr
例:可以直接粘贴的配置案例:
conf t
!
ip dhcp pool route-dhcp
default-router 192.168.1.1
dns-server 202.102.3.141 61.147.37.1
network 192.168.1.0 255.255.255.0
exit
!
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq 445
access-list 101 deny tcp any any eq 9996
access-list 101 deny tcp any any eq 5554
access-list 101 deny tcp any any eq 1068
access-list 101 permit ip any any
!
interface fa 1/0
ip address 172.17.3.126 255.255.255.224
ip access-group 101 in
ip nat outside
no shut
exit
!
interface fa 0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
ip nat inside
no shut
exit
!
ip nat inside source list 1 interface fa 1/0
!
ip nat translation rate-limit default inbound 2000 outbound 2000
ip nat translation per-user 0.0.0.0 350
ip nat translation udp-timeout 80
ip nat translation icmp-timeout 20
ip nat translation tcp-timeout 80
ip nat translation finrst-timeout 20
ip nat translation dns-timeout 20
!
ip route 0.0.0.0 0.0.0.0 172.17.3.125
!
access-list 1 permit any
!
enable pas 0 nbr1000
!
line vty 0 4
password nbr1000
login
exit
exit
wr
wr
