烽火路由器常用配置案例分析

1、烽火路由器常用配置简介及案例分析一、配置命令简介：1， Route(config)#hostname /此为路由器名称配置2， Route(config)#aaa authentication login default localRoute(config)#aaa authentication enable default none/ “login ”及“ telnet ”用户登陆权限配置3， Route(config)#username t password 0 w /用户名及密码配置4， Route(config)#interface FastEthernet0/0 /接口模式下命令配置

2、 Route(config-fa-0/0)#ip address 222.160.140.10 255.255.255.248 配置上联接口地址(必配)Route(config)#ip nat outside- 地址转换外部接口(必配)Route(config)#interface FastEthernet1/0 Route(config-fa-1/0)#ip address 10.18.11.1 255.255.255.0 配置内部接口地址(必配)Route(config-fa-1/0)#ip nat inside- 地址转换内部接口(必配)Route(config)#interface F

3、astEthernet2/0 Route(config-fa-2/0)#ip address 10.18.12.1 255.255.255.0Route(config-fa-2/0)#ip nat inside5， Route(config)#ip route default 222.160.140.9- 配置缺省路由，指向上联设备网关的地址6， Route(config)#ip nat pool pool1 222.160.140.10 222.160.140.10 255.255.255.248/ 配置地址转换的地址池， 如果没有多的公网地址，那么可以用上联口地址配置多个地址转换池。Rou

4、te(config)#ip nat pool pool2 222.160.140.10 222.160.140.10 255.255.255.2487， Route(config)#ip nat inside source list list1 pool pool1 overload/ 将地址转换池加入到标准访问控制表中 Route(config)#ip nat inside source list list2 pool pool2 overload8， Rouer_config#ip nat service privateservice (将外部地址 -公网 映给私网)Rouer_confi

5、g#ip nat inside source static 1.1.1.1 (内部地址) A.A.A.A (外部地址) ip nat inside source static tcp 192.168.0.1 23 211.98.68.54 23 通过这个命令指定定制的端口映射 (如只走 TCP 端口)9， Route(config)#ip access-list standard list1 Router_config_std_nacl#permit 10.18.11.0 255.255.255.0 Route(config)#ip access-list standard list2 Rou

6、ter_config_std_nacl#permit 10.18.12.0 255.255.255.010， Route(config)#ip dhcpd pool p1- 网段的划分，每个地址池代表一个小区的地址范围。并且必须只与一 个接口发生关联。Route(config-pool-p1)#network 10.18.11.0 255.255.255.0 Route(config-pool-p1)#range 10.18.11.3 10.18.11.254Route(config-pool-p1)#default-router 10.18.11.1-fast 1/0 内部接口的地址 Rou

7、te(config-pool-p1)#dns-server 202.98.0.68 202.98.5.68Route(config-pool-p1)#lease 0 3 0 Route(config)#ip dhcpd pool p2Route(config-pool-p1)#network 10.18.12.0 255.255.255.0 Route(config-pool-p1)#range 10.18.12.3 10.18.12.254Route(config-pool-p1)#default-router 10.18.12.1-fast 2/0 内部接口的地址 Route(config

8、-pool-p1)#dns-server 202.98.0.68 202.98.5.68Route(config-pool-p1)#lease 0 3 0Route(config)#ip dhcpd enable- 必须启用 DHCP 协议后， DHCP 的所有配置才会起作用二、常用配置案例1. 单 IP 上网配置： Router#sho run Building configuration.Current configuration:!version 1.3.3Fservice timestamps log date service timestamps debug date no serv

9、ice password-encryption !gbsc group default !aaa authentication login default enable aaa 的 login 认证（必配）aaa authentication enable default enable aaa的 ena 认证（必配） !username admin password 0 adminenable password 0 admin level 15 建立一个用户名： admin 和密码： admin !interface Loopback1虚拟 loopback 口上配置外网 IPip addre

10、ss 211.140.195.15 255.255.255.255no ip directed-broadcast!interface FastEthernet0/0下联内部局域网的接口配置IPip address 192.168.0.1 255.255.255.0 内网 IP 的配置，也是内网的网关 no ip directed-broadcastip nat inside配置为内部转换接口（必配）!interface FastEthernet0/1no ip addressno ip directed-broadcast!interface Serial0/2no ip addressno

11、 ip directed-broadcast!interface Serial0/3no ip addressno ip directed-broadcast!interface Serial1/0:0互联接口 E1 口配置ip address 10.60.63.30 255.255.255.252互联本端 IPno ip directed-broadcastencapsulation ppp ip nat outsidePPP封装协议设置，端口默认 HDLC （必配）配置为外部转换接口（必配）interface Async0/0no ip addressno ip directed-broa

12、dcast!ip route default 10.60.63.29默认路由配置，一般是对端路由器接口IP!ip access-list standard list1下联内部网络的访问控制列表设置permit 192.168.0.0 255.255.255.0!ip nat pool pool1 211.140.195.15 211.140.195.15 255.255.255.240 地址池的配置，如果只有一个外网地址，开 始和结束 IP 为同一个 IPip nat inside source list list1 pool pool1 overload 将访问控制列表允许的 IP 绑定到地

13、址池上进行 NAT 重载 !2. 2个公网IP，一个网段MAS，个网段邮件服务器：Router#sho runBuilding configuration.Current configuration:!version 1.3.3Fservice timestamps log dateservice timestamps debug dateno service password-encryption!gbsc group default!aaa authentication login default local enableaaa authentication enable default

14、enable!username fenghuo password 0 fenghuo!interface Loopback1ip address 211.140.198.115 255.255.255.255no ip directed-broadcast!interface Loopback2ip address 211.140.202.49 255.255.255.255no ip directed-broadcast!interface FastEthernet0/0ip address 192.168.135.30 255.255.255.0no ip directed-broadca

15、stip nat inside!interface FastEthernet0/1ip address 192.168.0.1 255.255.255.0no ip directed-broadcastip nat inside!interface Serial0/2no ip addressno ip directed-broadcast!interface Serial0/3no ip addressno ip directed-broadcast!interface Serial1/0:0ip address 10.60.7.222 255.255.255.252no ip direct

16、ed-broadcast encapsulation ppp ip nat outside!interface Async0/0no ip addressno ip directed-broadcast!ip route default 10.60.7.221!ip access-list standard 1permit 192.168.135.0 255.255.255.0!ip access-list standard 2permit 192.168.0.0 255.255.255.0!ip nat service peekip nat service privateserviceip

17、nat outside destination static tcp 211.140.202.49 80 192.168.0.2 80ip nat outside destination static tcp 211.140.202.49 50110 192.168.0.2 50110ip nat outside destination static tcp 211.140.202.49 22 192.168.0.2 22 ip nat outside destination static tcp 211.140.202.49 7001 192.168.0.2 7001ip nat outsi

18、de destination static udp 211.140.202.49 161 192.168.0.2 161 ip nat outside destination static udp 211.140.202.49 162 192.168.0.2 162ip nat outside destination static tcp 211.140.198.115 8080 192.168.135.135 8080 ip nat outside destination static tcp 211.140.198.115 1000 192.168.135.135 1000 ip nat

19、outside destination static tcp 211.140.198.115 3000 192.168.135.135 3000 ip nat outside destination static tcp 211.140.198.115 80 192.168.135.135 80 ip nat outside destination static tcp 211.140.198.115 25 192.168.135.135 25 ip nat outside destination static tcp 211.140.198.115 110 192.168.135.135 1

20、10 ip nat outside destination static tcp 211.140.198.115 3389 192.168.135.135 3389 ip nat inside source static tcp 192.168.0.2 80 211.140.202.49 80 ip nat inside source static tcp 192.168.0.2 50110 211.140.202.49 50110 ip nat inside source static tcp 192.168.0.2 22 211.140.202.49 22 ip nat inside so

21、urce static tcp 192.168.0.2 7001 211.140.202.49 7001 ip nat inside source static udp 192.168.0.2 161 211.140.202.49 161 ip nat inside source static udp 192.168.0.2 162 211.140.202.49 162 ip nat inside source static tcp 192.168.135.135 8080 211.140.198.115 8080 ip nat inside source static tcp 192.168

22、.135.135 1000 211.140.198.115 1000 ip nat inside source static tcp 192.168.135.135 3000 211.140.198.115 3000 ip nat inside source static tcp 192.168.135.135 80 211.140.198.115 80 ip nat inside source static tcp 192.168.135.135 25 211.140.198.115 25 ip nat inside source static tcp 192.168.135.135 110

23、 211.140.198.115 110 ip nat inside source static tcp 192.168.135.135 3389 211.140.198.115 3389 ip nat inside source list 1 interface Loopback1 ip nat inside source list 2 interface Loopback2!3. 4M单IP上联,2个2M绑定：Router#sho runBuilding configuration.Current configuration:!version 1.3.3Fservice timestamp

24、s log date service timestamps debug date no service password-encryption !gbsc group default!aaa authentication login default local enable aaa authentication enable default enable !interface Loopback1ip address 211.140.202.49 255.255.255.255no ip directed-broadcastip nat outside!interface Multilink1i

25、p address 10.60.63.38 255.255.255.252 no ip directed-broadcast ppp multilinkmultilink-group 1!interface FastEthernet0/0ip address 192.168.0.1 255.255.255.0 no ip directed-broadcastip nat inside!interface FastEthernet0/1no ip addressno ip directed-broadcast!interface Serial0/2no ip addressno ip direc

26、ted-broadcast!interface Serial0/3no ip addressno ip directed-broadcast!interface Serial1/0:0no ip addressno ip directed-broadcast encapsulation ppp ppp multilink multilink-group 1!interface Serial1/1:0no ip addressno ip directed-broadcast encapsulation ppp ppp multilink multilink-group 1!interface A

27、sync0/0no ip addressno ip directed-broadcast!ip route default 10.60.63.37!ip access-list standard list1permit 192.168.0.0 255.255.255.0ip nat service peekip nat service privateserviceip nat outside destination static tcp 211.140.202.49 80 192.168.0.2 80 ip nat outside destination static tcp 211.140.

28、202.49 50110 192.168.0.2 50110 ip nat outside destination static tcp 211.140.202.49 22 192.168.0.2 22 ip nat outside destination static tcp 211.140.202.49 7001 192.168.0.2 7001 ip nat outside destination static udp 211.140.202.49 161 192.168.0.2 161 ip nat outside destination static udp 211.140.202.

29、49 162 192.168.0.2 162 ip nat inside source static tcp 192.168.0.2 80 211.140.202.49 80 ip nat inside source static tcp 192.168.0.2 50110 211.140.202.49 50110 ip nat inside source static tcp 192.168.0.2 22 211.140.202.49 22 ip nat inside source static tcp 192.168.0.2 7001 211.140.202.49 7001 ip nat

30、inside source static udp 192.168.0.2 161 211.140.202.49 161 ip nat inside source static udp 192.168.0.2 162 211.140.202.49 162 ip nat inside source list list1 interface Loopback1!4. GRE案例（DDN业务）：Router#sh runBuilding configuration.Current configuration:!version 1.3.3F service timestamps log date ser

31、vice timestamps debug date no service password-encryption !gbsc group default!interface Loopback1ip address 211.140.223.181 255.255.255.255no ip directed-broadcast!interface Tunnel1mtu 1476ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast tunnel source 211.140.223.181 tunnel destination

32、211.137.34.66!interface FastEthernet0/0ip address 10.28.67.28 255.255.255.0no ip directed-broadcastinterface FastEthernet0/1no ip addressno ip directed-broadcast!interface Serial0/2no ip addressno ip directed-broadcast!interface Serial0/3no ip addressno ip directed-broadcast!interface Serial1/0:0ip

33、address 10.61.165.90 255.255.255.252no ip directed-broadcast encapsulation ppp ip nat outside!interface Async0/0no ip addressno ip directed-broadcast!ip route default 10.61.165.89ip route 90.144.17.0 255.255.255.0 Tunnel1!ip access-list extended natpermit ip 90.144.17.0 255.255.255.0 10.28.67.0 255.

34、255.255.0!ip nat inside source list nat interface Serial1/0:0!附路由器配置模版：1. 首先配置 telnet 认证，登陆用户名及密码 进入 config 模式Router#configRouter_config#aaa authentication login default enableRouter_config#aaa authentication enable default noneRouter_config#username jzyd password 0 123qazwsx2. 进入接口配置模式Router_config

35、#interface loopback0Router_config_loop0#ip add 211.140.207.104 255.255.255.255 / 配置公网 IPRouter_config#controller E1 2/0Router_config_controller#unframedRouter_config_controller#exit/2M 板卡所在槽位 2Router_config#interface Serial2/0:0/配置互联口Router_config_Serial2/0:0#ip address 10.62.16.34 255.255.255.252Router_config_Serial2/0:0#encapsulation p