路由
ssh
aaa authentication login ssh local
aaa authentication enable default enable enable password 0 123456
username admin password 0 123456
ip sshd enable
ip sshd auth-method ssh ip sshd auth-retries 5 ip sshd timeout 60
TELNET
R1_config#aaa authentication login default local R1_config#aaa authentication enable default enable R1_config#enable password 0 ruijie R1_config#line vty 0 4
R1_config_line#login authentication default R1_config_line#password 0 cisco
方法2,不需要经过3A认证
R1_config#aaa authentication login default none R1_config#aaa authentication enable default enable R1_config#enable password 0 cisco R1_config#line vty 0 4
R1_config_line#login authentication default
CHAP认证 单向认证,密码可以不一致 R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp
R2_config_s0/2#ppp authentication chap test R2_config_s0/2#ppp chap hostname R1
R1_config#aaa authentication ppp test local R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp
R1_config_s0/1#ppp authentication chap test R1_config_s0/1#ppp chap hostname R2
pap认证 双向认证,密码要求一致 R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp
R2_config_s0/2#ppp authentication pap test
R2_config_s0/2#ppp pap sent-username R1 password 123456
R1_config#aaa authentication ppp test local R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp
R1_config_s0/1#ppp authentication pap test
R1_config_s0/1#ppp pap sent-username R2 password 123456 FR
Router-A_config_s1/1#encapsulation frame-relay !封装帧中继协议 Router-A_config_s1/1#frame-relay local-dlci 17 !设置本地 DLCI 号 Router-A_config_s1/1# frame-relay intf-type dce !配置 FR的 DCE
Router-A_config_s1/1# frame-relay map 192.168.1.2 pvc 17 broadcast !配置 DLCI 与对端 IP的映射
Vrrp Int g0/4
vrrp 1 associate 192.168.20.254 255.255.255.0 vrrp 1 priority 120 设置优先级,为主 vrrp 1 preempt 开启抢占
vrrp 1 track interface Serial0/1 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级
Int g0/6
vrrp 1 associate 192.168.20.254 255.255.255.0
vrrp 1 priority 100 设置优先级,为备,默认为100 vrrp 1 preempt 开启抢占
vrrp 1 track interface Serial0/2 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级
RIP 验证,只有V2支持验证
interface Serial0/2 接口起验证和配密码 ip rip authentication simple ip rip password 123456
RIP改单播 router rip
nei 192.168.1.1
RIP定时器 router rip
timers update 10 更新时间 timers exipire 30 失效时间 timers hosddown 50 抑制时间
ospf
router os 1
net 192.168.1.0 255.255.255.0 ar 0 不能写32位掩码
OSPF 虚链路
ROUTER OS 2 进程起用 AR 1 VI 2.2.2.2 对方ROUTER-ID
OSPF 汇总
ROUTER OS 2 进程起用 ar 0 range 192.168.0.0 255.255.252.0
OSPF 验证
ROUTER OS 2 明文
AR 0 AUTHEN SP 进程给需要验证的区域启用验证 INT S0/1
IP OS passw 123456 接口配置密码 密文
router os 2 ar 0 authen me int s0/1
ip os me 1 md5 123456
bgp
router bgp 100
no synchronization bgp全互联必须要关闭同步检查 nei 192.168.12.1 remot 200 与AS外部路由建立邻居 nei 2.2.2.2 remot 100 与AS内部路由建立邻居
nei 2.2.2.2 up lo0 改更新接口为环回接口 nei 2.2.2.2 next-hop-self 改下一跳为自己
net 2.2.2.0 通告路由表里面有的路由
ACL
路由上面的ACL要写子网掩码,不能写反掩码!!!!!
基于时间的ACL
time-range acl 定义一个时间范围 periodic weekdays 09:00 to 12:00 periodic weekdays 14:00 to 17:00
IP access-list extended time 写一个基于时间的acl,调用时间段 deny ip 192.168.10.0 255.255.255.0 any time-range acl permit ip any any
int g0/4 应用到接口 ip access-group time in int g0/6
ip access-group time in
静态NAT
ip route 0.0.0.0 0.0.0.0 192.168.12.2
ip nat inside source static 192.168.10.10 192.168.12.1 int g0/6 ip nat in ints0/1 ip nat out
NAPT
ip access-list standard NAT 定义要转换的IP网段 permit 192.168.10.0 255.255.255.0
ip nat pool NAT 192.168.23.10 192.168.23.20 255.255.255.0 创建转换的IP地址池 ip nat inside source list NAT pool NAT overload 关联要转换的IP网段和地址池
ip route default 192.168.23.3 写一条缺省路由,下一跳为出口网关的下一跳
router rip 如果跑路由协议,要把缺省重分发到动态路由 redistribute static
interface Serial0/1 运用到内网接口 ip nat inside
interface Serial0/2 运用到外网接口 ip nat outside
route-map
ip acce sta acl 定义要匹配的流量 per 192.168.20.0 255.255.255.0
route-map SHENMA 10 permit
ma ip add acl 调用ACL set ip next-hop 192.168.12.1 改下一跳
int g0/3
ip po route-map SHENMA 定义到原接口
DHCP
给路由接口分配IP,不能是S口!!! R1
ip dhcpd enable ip dhcpd pool 1
network 192.168.12.0 255.255.255.0 range 192.168.12.10 192.168.12.20 R2
interface GigaEthernet0/6 ip address dhcp
给PC分配IP,底层网络要起路由互通!!!! 实验全网起了RIP协议 R1
ip dhcpd enable ip dhcpd pool 2
network 192.168.1.0 255.255.255.0 range 192.168.1.10 192.168.1.20 default-router 192.168.1.1 R2
ip dhcpd enable 要开启DHCP服务! interface GigaEthernet0/4