red backbas配置说明书.docx

1、red backbas配置说明书配置模版aaa global reject empty-username 拒绝空用户名aaa last-resort context pppoe 设置最后默认响应域!service multiple-contexts 启用多conetxt服务!service inter-context routing 启用conetxt间路由! software license 服务license subscriber high-availability encrypted 1 $1$btnUa7He$m4HwvsBIBNgdzhTMAWMG./ subscriber acti

2、ve 32000 encrypted 1 $1$kHWAs0n0$JyO.QFiSbKNAycNtPjGXy1 subscriber bandwidth 250 encrypted 1 $1$tN8G8DxK$rJNw4s2/1uid7SGyTAUIU.!context local! no ip domain-lookup 禁止域名查找! interface loopback loopback 建立loopback接口 ip address 124.205.97.32/32 设定接口使用的IP地址 ip source-address snmp 用loopback来作snmp的源地址! inte

3、rface mgmt 建立管理接口 ip address 192.168.1.1/24! interface to_9500 建立连接9505的上行口 ip address 124.205.98.129/30! interface to_cr 建立连接NE40E的上行口 ip address 124.205.98.14/30 logging console 日志输出到console台!ip access-list secure-accessseq 10 permit tcp 211.103.228.0 0.0.0.255 any eq telnet /允许登录的地址seq 20 permit

4、tcp 211.103.228.0 0.0.0.255 any eq ssh /允许登录的地址seq 50 permit tcp 124.42.97.120 0.0.0.7 any eq telnet /允许登录的地址seq 60 permit tcp 124.42.99.128 0.0.0.7 any eq telnet /允许登录的地址seq 70 permit tcp 192.168.1.0 0.0.0.255 any eq telnet /xcrp mangement interface seq 80 permit tcp 192.168.1.0 0.0.0.255 any eq ss

5、h /xcrp mangement interface seq 90 permit tcp 192.168.1.0 0.0.0.255 any eq ftp /xcrp mangement interfaceseq 100 permit icmp any any /icmpseq 110 permit ospf any any /ospfseq 120 permit tcp host 124.205.98.130 eq bgp /bgp neighbor seq 130 permit tcp host 124.205.98.14 eq bgp/bgp neighbor，所有neighbor l

6、oopbackseq 140 permit ip host 124.205.98.130 /上联口地址seq 150permit ip host 124.205.98.14 /上联口地址seq 510 permit ip host 10.63.5.3 / radius1seq 520 permit ip host 10.63.5.4 /radius2seq 530permit udp host x.x.x.x any eq snmp /单点snmpseq 540 permit udp host x.x.x.x any eq snmptrap /单点snmpseq 550 permit udp

7、host 123.189.246.15 eq ntp /ntp server 1 /允许NTP服务器seq 560 permit udp host x.x.x.x eq ntp /ntp server 2! router bgp 64527 启用BGP路由协议 address-family ipv4 unicast 单播IPV4协议族 redistribute static 重发布静态路由! neighbor 124.205.98.13 internal 建立IBGP邻居 update-source to_cr 使用to_cr口建立邻居 address-family ipv4 unicast!

8、 neighbor 124.205.98.130 internal update-source to_9500 address-family ipv4 unicast!router isis 1 启用ISIS路由协议 net 86.0010.1242.0597.0032.00 添加网络号 is type level-2-only 设定ISIS路由类型 address-family ipv4 unicast 启用IPV4协议族 ! interface to_9500 添加接口到ISIS ! bind to ethernet 3/1 circuit type level-2-only addres

9、s-family ipv4 unicast ! interface loopback circuit type level-2-only address-family ipv4 unicast ! interface to_cr ! bind to link-group circuit type level-2-only address-family ipv4 unicast!administrator gti encrypted 1 $1$.$5.QLKoZoAP0zv0Jk0GZca. 建立本地管理账号 privilege start 15 privilege max 15 adminis

10、trator redback encrypted 1 $1$.$Pe5LzZaHzYjB/iLRsjYvI0 privilege start 15 privilege max 15! ip route 124.204.128.0/20 context pppoe permanent 指静态路由到pppoe context ip route 124.204.160.0/20 context pppoe permanent ip route 124.204.192.0/19 context pppoe permanent ip route 124.204.254.0/23 context pppo

11、e permanent ip route 124.204.255.0/24 context pppoe permanent ip route 124.205.97.34/32 context pppoe permanent!context pppoe 建立名为pppoe的context! ip name-servers 211.167.242.34 设定DNS服务器 no ip domain-lookup 关闭域名查找! interface cs ip address 10.255.35.30/28! interface dowei ip address 10.255.35.4/28! int

12、erface loopback loopback 指定本context下的loopback地址 ip address 124.205.97.34/32 ip source-address radius 用loopback地址与radius对接! interface pool01 multibind 建立地址池接口 ip address 124.204.128.1/20 设定地址池网关 ip pool 124.204.128.0/20 name changcheng#0 设定地址池范围并命名为changcheng#0! interface pool02 multibind 设定其他地址池 ip

13、address 124.204.160.1/20 ip pool 124.204.160.0/20 name gugong#0! interface pool03 multibind ip address 124.204.192.1/19 ip pool 124.204.192.0/19! interface zhuanxian multiband 设定专线用户接口 ip address 124.204.254.1/24 设定专线用户网关，一个接口下最多配16个子网 ip address 1.1.1.1/30 secondary ip address 1.1.1.5/30 secondary

14、ip address 1.1.1.9/30 secondary ip address 1.1.1.13/30 secondary ip address 1.1.1.17/30 secondary ip address 1.1.1.21/30 secondary ip address 1.1.1.25/30 secondary ip address 1.1.1.29/30 secondary ip address 1.1.1.33/30 secondary ip address 1.1.1.37/30 secondary ip address 1.1.1.41/30 secondary ip a

15、ddress 1.1.1.45/30 secondary ip address 1.1.1.49/30 secondary ip address 1.1.1.53/30 secondary!no logging console! ip access-list anti-virus 设定用户用防病毒控制列表 seq 10 deny udp any any eq netbios-ss seq 20 deny udp any any eq netbios-dgm seq 30 deny udp any any eq 135 seq 40 deny udp any any eq netbios-ns

16、seq 50 deny udp any any eq 445 seq 60 deny udp any any eq 1434 seq 70 deny tcp any any eq 139 seq 80 deny tcp any any eq 135 seq 90 deny tcp any any eq 137 seq 100 deny tcp any any eq 138 seq 110 deny tcp any any eq 445 seq 130 deny tcp any any eq 2745 seq 140 deny tcp any any eq 3127 seq 150 deny t

17、cp any any eq 593 seq 160 deny tcp any any eq 6129 seq 5000 permit ip any any! policy access-list nwspeed 配置二次限速中去内网的策略 seq 30 permit ip 220.113.16.0 0.0.15.255 any class neiwang seq 40 permit ip 211.161.0.0 0.0.15.255 any class neiwang seq 50 permit ip 211.162.228.0 0.0.0.255 any class neiwang seq

18、60 permit ip 220.113.10.0 0.0.1.255 any class neiwang seq 70 permit ip 220.113.12.0 0.0.3.255 any class neiwang seq 80 permit ip 220.113.8.0 0.0.0.255 any class neiwang seq 90 permit ip 124.14.224.0 0.0.31.255 any class neiwang seq 100 permit ip 124.254.0.0 0.0.63.255 any class neiwang seq 110 permi

19、t ip 211.162.224.0 0.0.3.255 any class neiwang seq 120 permit ip 220.113.0.0 0.0.7.255 any class neiwang seq 130 permit ip 124.14.64.0 0.0.63.255 any class neiwang seq 140 permit ip 220.113.32.0 0.0.15.255 any class neiwang seq 150 permit ip 211.161.32.0 0.0.15.255 any class neiwang seq 160 permit i

20、p 60.253.128.0 0.0.127.255 any class neiwang seq 170 permit ip 115.183.0.0 0.0.255.255 any class neiwang seq 180 permit ip 113.46.0.0 0.0.255.255 any class neiwang seq 190 permit ip 113.45.0.0 0.0.255.255 any class neiwang seq 200 permit ip 125.39.134.0 0.0.1.255 any class neiwang seq 210 permit ip

21、113.44.0.0 0.0.255.255 any class neiwang seq 220 permit ip 125.39.108.0 0.0.1.255 any class neiwang seq 230 permit ip 117.79.72.0 0.0.3.255 any class neiwang seq 240 permit ip 117.79.68.0 0.0.3.255 any class neiwang seq 250 permit ip 211.152.192.0 0.0.31.255 any class neiwang seq 260 permit ip 211.1

22、00.192.0 0.0.15.255 any class neiwang seq 270 permit ip 210.76.96.0 0.0.31.255 any class neiwang seq 280 permit ip 202.108.125.0 0.0.0.255 any class neiwang seq 290 permit ip 202.106.160.0 0.0.7.255 any class neiwang seq 300 permit ip 125.39.34.0 0.0.1.255 any class neiwang seq 310 permit ip 123.196

23、.0.0 0.1.255.255 any class neiwang seq 320 permit ip 118.204.0.0 0.3.255.255 any class neiwang seq 330 permit ip 123.151.96.0 0.0.15.255 any class neiwang seq 340 permit ip 218.247.128.0 0.0.127.255 any class neiwang seq 350 permit ip 210.75.96.0 0.0.31.255 any class neiwang seq 360 permit ip 211.10

24、3.128.0 0.0.127.255 any class neiwang seq 370 permit ip 118.196.0.0 0.3.255.255 any class neiwang seq 380 permit ip 202.108.19.0 0.0.0.255 any class neiwang seq 390 permit ip 211.147.0.0 0.0.31.255 any class neiwang seq 400 permit ip 125.39.68.0 0.0.1.255 any class neiwang seq 410 permit ip 219.238.

25、0.0 0.1.255.255 any class neiwang seq 420 permit ip 124.192.0.0 0.1.255.255 any class neiwang seq 430 permit ip 218.241.128.0 0.0.127.255 any class neiwang seq 440 permit ip 116.216.0.0 0.3.255.255 any class neiwang seq 450 permit ip 123.151.48.0 0.0.15.255 any class neiwang seq 460 permit ip 218.24

26、7.0.0 0.0.31.255 any class neiwang seq 470 permit ip 202.4.252.0 0.0.3.255 any class neiwang seq 480 permit ip 117.75.0.0 0.0.255.255 any class neiwang seq 490 permit ip 116.242.0.0 0.1.255.255 any class neiwang seq 500 permit ip 211.155.240.0 0.0.15.255 any class neiwang seq 510 permit ip 219.234.8

27、0.0 0.0.15.255 any class neiwang seq 520 permit ip 125.39.66.0 0.0.1.255 any class neiwang seq 530 permit ip 219.234.128.0 0.0.127.255 any class neiwang seq 540 permit ip 124.200.0.0 0.7.255.255 any class neiwang seq 550 permit ip 118.144.0.0 0.7.255.255 any class neiwang seq 560 permit ip 118.224.0

28、.0 0.3.255.255 any class neiwang seq 570 permit ip 123.151.128.0 0.0.7.255 any class neiwang seq 580 permit ip 218.244.224.0 0.0.31.255 any class neiwang seq 590 permit ip 60.29.151.128 0.0.0.127 any class neiwang seq 600 permit ip 60.194.0.0 0.1.255.255 any class neiwang seq 610 permit ip 117.100.0

29、.0 0.1.255.255 any class neiwang seq 620 permit ip 118.244.0.0 0.3.255.255 any class neiwang seq 630 permit ip 211.167.224.0 0.0.31.255 any class neiwang seq 640 permit ip 211.154.160.0 0.0.15.255 any class neiwang seq 650 permit ip 115.120.0.0 0.0.127.255 any class neiwang seq 660 permit ip 202.130

30、.0.0 0.0.31.255 any class neiwang seq 670 permit ip 211.101.0.0 0.0.63.255 any class neiwang seq 680 permit ip 60.206.0.0 0.1.255.255 any class neiwang seq 690 permit ip 116.244.0.0 0.1.255.255 any class neiwang seq 700 permit ip 202.108.18.128 0.0.0.127 any class neiwang seq 710 permit ip 211.100.2

31、24.0 0.0.31.255 any class neiwang seq 720 permit ip 123.151.32.32 0.0.0.31 any class neiwang seq 730 permit ip 123.151.32.64 0.0.0.63 any class neiwang seq 740 permit ip 123.151.32.128 0.0.0.127 any class neiwang seq 750 permit ip 218.249.0.0 0.0.255.255 any class neiwang seq 760 permit ip 121.68.0.0 0.3.255.255 any class neiwang seq 770 permit ip 111.161.8.0 0.0.0.255 any class neiwang seq 5000 permit ip any any class def! p