cisco 路由器配置实例.docx

1、cisco 路由器配置实例配置1：Building configuration.Current configuration : 3069 bytes!version 12.2service tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug uptimeservice timestamps log datetime msecservice password-encryptionservice udp-small-serversservice tcp-small-serversservice disable-ip

2、-fast-frag!hostname router!logging buffered 8192 debugginglogging console notificationsenable secret 5 $1$rpa6$T8xgLGmNpv0h1EOExo4At.enable password 7 10681D300B161E5900!memory-size iomem 10ip subnet-zerono ip source-routeip cefip cef accounting per-prefix!no ip domain-lookupip domain-name ip name-s

3、erver 192.168.69.69ip name-server 205.152.0.20ip name-server 205.152.0.5!ip audit notify logip audit po max-events 100ip ssh time-out 15ip ssh authentication-retries 1!class-map match-any http-hacks match protocol http url *cmd.exe* match protocol http url *root.exe* match protocol http url *.ida* m

4、atch protocol http url *readme.eml*class-map match-any arp match protocol arp!policy-map ratelimitarp class arp police 8000 1500 1500 conform-action transmit exceed-action drop violate-action droppolicy-map mark-inbound-http-hacks class http-hacks set ip dscp 1!call rsvp-sync!interface Loopback0 no

5、ip address!interface FastEthernet1/0interface FastEthernet1/0 mac-address 0010.4b68.194c ip address dhcp hostname router ip access-group no_icmp in no ip redirects no ip proxy-arp ip nat outside speed 10 half-duplex!interface Serial1/0 no ip address shutdown!interface FastEthernet1/1 ip address 192.

6、168.69.132 255.255.255.0 no ip redirects no ip proxy-arp ip nat inside speed 100 full-duplex timeout absolute 5 0 fair-queue!interface Serial1/1 no ip address shutdown!ip nat translation timeout 30ip nat translation udp-timeout 5ip nat translation finrst-timeout 5ip nat translation syn-timeout 5ip n

7、at translation dns-timeout 5ip nat translation icmp-timeout 5ip nat translation max-entries ip nat pool bellsouth 208.61.52.65 208.61.52.95 netmask 255.255.252.0ip nat inside source list 69 pool bellsouth overloadip classlessno ip http serverip pim bidir-enable!ip access-list extended no_icmp deny i

8、cmp any any echo log permit ip any any deny udp any any eq snmp deny udp any any eq snmptrap deny tcp any any eq 161 deny tcp any any eq 162 deny udp any any eq 1993 deny tcp any any eq 1993 deny ip 10.0.0.0 0.255.255.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 172.16.0.0 0.15.255.25

9、5 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 192.0.2.0 0.0.0.255 any log deny ip 224.0.0.0 31.255.255.255 any log deny ip 224.0.0.0 15.255.255.255 any loglogging 192.168.69.132access-list 69 permit 192.168.69.0 0.0.0.255access-list rate-limit 101 0000.39df.f78c!dial-peer cor custom!bann

10、er login Cniggie plzC!line con 0 timeout login response 0 password 7 F411B login speed line aux 0 password 7 05080F1C22435C060CA191C loginline vty 0 4 password 7 096A5AB4007 login!end配置2：! Last configuration change at 12:25:25 UTC Fri Jan 12 2007 by admin! NVRAM config last updated at 12:31:29 UTC M

11、on Jan 8 2007 by admin!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname c2650-mso!boot-start-markerboot-end-marker!aaa new-model!aaa authentication login default localaaa authentication ppp default if-needed group radius local

12、aaa authorization network default group radius localaaa accounting delay-startaaa accounting exec default start-stop group radiusaaa accounting network default start-stop group radiusaaa session-id commonip subnet-zeroip tcp selective-ackip tcp path-mtu-discovery!ip inspect name external ftpip inspe

13、ct name external udpip inspect name external fragment maximum 256 timeout 1ip inspect name external icmpip inspect name internal tcpip inspect name internal udpip inspect name internal icmpip inspect name internal fragment maximum 256 timeout 1ip inspect name internal ftpip inspect name internal htt

14、p!ip cefip audit notify logip audit po max-events 100ip domain name ip host radiologie-gw 172.27.55.20ip host hausser-gw 172.27.55.21ip host c2900xl 172.27.55.2ip name-server 217.145.99.9ip name-server 217.145.98.135ip ssh time-out 60ip ssh authentication-retries 2ip ssh version 2vpdn enablevpdn mul

15、tihopvpdn source-ip 217.145.96.27vpdn loggingvpdn search-order domainvpdn domain-delimiter # suffix!vpdn-group ispgate description incoming tunnel from tmt/ispgate accept-dialin protocol l2tp virtual-template 1 terminate-from hostname lac_ispg_tmt local name lns_ispg_tmtp01 lcp renegotiation on-mism

16、atch l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxx ip pmtu ip mtu adjust!vpdn-group pptp! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 2 lcp renegotiation on-mismatch ip pmtu ip mtu adjust!no ftp-server write-enable!no crypto isakmp enable!interface FastEthernet0/0 description F

17、E ip address 217.145.96.27 255.255.255.128 ip broadcast-address 217.145.96.127 ip access-group 101 in ip access-group 102 out no ip proxy-arp ip inspect external in ip inspect external out speed 100 full-duplex fair-queue no cdp enable!interface FastEthernet1/0 ip address 172.27.55.1 255.255.255.128

18、 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 xxxxxxxxxxxxxxxxxxxxxxx ip ospf mtu-ignore speed 100 full-duplex fair-queue no cdp enable!interface Virtual-Template1 description vt for ispgate ip unnumbered FastEthernet1/0 no peer default ip address fair-queue ppp quality 0

19、 ppp max-configure 3 ppp authentication chap pap callin!interface Virtual-Template2 description VT for PPTP ip unnumbered FastEthernet1/0 ip access-group 110 in ip access-group 110 out ip inspect internal in ip inspect internal out peer default ip address pool PPTP compress mppc fair-queue ppp encry

20、pt mppe 128 required ppp authentication ms-chap ms-chap-v2!router ospf 10 router-id 172.27.55.1 log-adjacency-changes area 0.0.0.0 authentication message-digest redistribute connected metric 5 subnets route-map connected redistribute static subnets passive-interface default no passive-interface Fast

21、Ethernet1/0 network 172.27.55.0 0.0.0.255 area 0.0.0.0!router ospf 1 router-id 217.145.96.27 log-adjacency-changes passive-interface default no passive-interface FastEthernet0/0 network 217.145.96.0 0.0.0.31 area 0.0.0.0!ip local pool PPTP 172.27.55.210 172.27.55.239ip classlessip route 0.0.0.0 0.0.

22、0.0 217.145.96.3 200ip route 172.27.55.128 255.255.255.128 Null0ip route 192.168.10.0 255.255.255.0 172.27.55.20ip route 192.168.101.0 255.255.255.0 172.27.55.21no ip http serverno ip http secure-server!ip prefix-list connected seq 5 deny 0.0.0.0/0 ge 32ip prefix-list connected seq 100 deny 217.145.

23、96.0/25 ge 26ip prefix-list connected seq 2000 deny 0.0.0.0/0 ge 1ip radius source-interface FastEthernet0/0logging history debugginglogging 217.145.99.49access-list 101 remark - fa0/0 in -access-list 101 permit icmp any host 217.145.96.27access-list 101 permit udp host 217.145.96.5 host 217.145.96.

24、27 eq 1701access-list 101 permit 117 host 217.145.96.5 host 217.145.96.27access-list 101 permit tcp 217.145.96.0 0.0.0.128 host 217.145.96.27 eq telnetaccess-list 101 permit tcp 217.145.96.0 0.0.0.128 host 217.145.96.27 eq 22access-list 101 permit tcp host 217.145.98.130 host 217.145.96.27 eq telnet

25、access-list 101 permit tcp host 217.145.98.130 host 217.145.96.27 eq 22access-list 101 permit tcp any host 217.145.96.27 eq 1723access-list 101 permit gre any host 217.145.96.27access-list 101 permit udp host 217.145.99.9 eq domain host 217.145.96.27access-list 101 permit udp host 217.145.98.135 eq

26、domain host 217.145.96.27access-list 101 permit udp host 217.145.99.4 eq ntp host 217.145.96.27access-list 101 permit udp host 217.145.99.9 eq ntp host 217.145.96.27access-list 101 permit udp host 217.145.96.24 eq 1812 host 217.145.96.27access-list 101 permit udp host 217.145.96.24 eq 1813 host 217.

27、145.96.27access-list 101 permit udp host 217.145.98.132 eq tftp host 217.145.96.27access-list 101 permit udp host 217.145.98.132 host 217.145.96.27 eq tftpaccess-list 101 permit udp host 217.145.98.158 host 217.145.96.27 eq snmpaccess-list 101 permit ospf any host 217.145.96.27access-list 101 permit

28、 ip any 224.0.0.0 0.0.0.255access-list 101 deny ip any anyaccess-list 102 remark - fa0/0 out -access-list 102 permit icmp host 217.145.96.27 anyaccess-list 102 permit tcp host 217.145.96.27 eq 1723 anyaccess-list 102 permit gre host 217.145.96.27 anyaccess-list 102 permit udp host 217.145.96.27 host

29、 217.145.99.49 eq syslogaccess-list 102 permit udp host 217.145.96.27 host 217.145.99.9 eq domainaccess-list 102 permit udp host 217.145.96.27 host 217.145.98.135 eq domainaccess-list 102 permit udp host 217.145.96.27 host 217.145.99.4 eq ntpaccess-list 102 permit udp host 217.145.96.27 host 217.145

30、.99.9 eq ntpaccess-list 102 permit udp host 217.145.96.27 host 217.145.96.24 eq 1812access-list 102 permit udp host 217.145.96.27 host 217.145.96.24 eq 1813access-list 102 permit udp host 217.145.96.27 host 217.145.98.132 eq tftpaccess-list 102 permit udp host 217.145.96.27 eq tftp host 217.145.98.132access-list 102 permit udp host 217.145.96.27 eq snmp host 217.145.98.158access-list 102 permit udp host 217.145.96.27 eq 1701 host 217.145.96.5access-list 102 perm