{chap | chap pap | pap chap | pap} [if-needed] [list-name | default] [callin]指定口令username name password secret设置DCE端线路速度clockrate speed
举例Cisco思科路由器Router1和Router2的S0口均封装PPP协议,采用CHAP做认证,在Router1中应建立一个用户,以对端Cisco思科路由器主机名作为用户名,即用户名应为router2.同时在Router2中应建立一个用户,以对端Cisco思科路由器主机名作为用户名,即用户名应为router1.所建的这两用户的password必须相同。
设置如下:Router1:hostname router1 username router2 password xxx interface Serial0 ip address 192.200.10.1 255.255.255.0 clockrate 1000000 ppp authentication chap!
Router2:hostname router2 username router1 password xxx interface Serial0 ip address 192.200.10.2 255.255.255.0 ppp authentication chap!
ISDN
1.综合数字业务网(ISDN)
综合数字业务网(ISDN)由数字电话和数据传输服务两部分组成,一般由电话局提供这种服务。ISDN的基本速率接口(BRI)服务提供2个B信道和1个D信道(2B+D)。BRI的B信道速率为64Kbps,用于传输用户数据。D信道的速率为16Kbps,主要传输控制信号。在北美和日本,ISDN的主速率接口(PRI)提供23个B信道和1个D信道,总速率可达1.544Mbps,其中D信道速率为64Kbps.而在欧洲、澳大利亚等国家,ISDN的PRI提供30个B信道和1个64Kbps D信道,总速率可达2.048Mbps.我国电话局所提供ISDN PRI为30B+D.
2.基本命令
任务命令设置ISDN交换类型isdn switch-type switch-type1接口设置interface bri 0设置PPP封装encapsulation ppp设置协议地址与电话号码的映射dialer map protocol next-hop-address [name hostname] [broadcast] [dial-string]启动PPP多连接ppp multilink设置启动另一个B通道的阈值dialer load-threshold load显示ISDN有关信息show isdn {active | history | memory | services | status [dsl | interface-type number] | timers} 注:1.交换机类型如下表,国内交换机一般为basic-net3.按区域分关键字 交换机类型Australia basic-ts013 Australian TS013 switches Europe basic-1tr6 German 1TR6 ISDN switches basic-nwnet3 Norway NET3 switches (phase 1)
basic-net3 NET3 ISDN switches (UK, Denmark, and other nations); covers the Euro-ISDN E-DSS1 signalling system primary-net5 NET5 switches (UK and Europe) vn2 French VN2 ISDN switches vn3 French VN3 ISDN switches Japan ntt Japanese NTT ISDN switches primary-ntt Japanese ISDN PRI switches North America basic-5ess AT&T basic rate switches basic-dms100 NT DMS-100 basic rate switches
basic-ni1 National ISDN-1 switches primary-4ess AT&T 4ESS switch type for the U.S. (ISDN PRI only)
primary-5ess AT&T 5ESS switch type for the U.S. (ISDN PRI only) primary-dms100 NT DMS-100 switch type for the U.S. (ISDN PRI only) New Zealand basic-nznet3 New Zealand Net3 switches 3.ISDN实现DDR(dial-on-demand routing)实例:
设置如下:Router1:hostname router1 user router2 password cisco! isdn switch-type basic-net3!
interface bri 0 ip address 192.200.10.1 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.2 name router2 572 dialer load-threshold 80 ppp multilink dialer-group 1 ppp authentication chap!
dialer-list 1 protocol ip permit!
Router2:hostname router2 user router1 password cisco! isdn switch-type basic-net3!
interface bri 0 ip address 192.200.10.2 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.1 name router1 571 dialer load-threshold 80 ppp multilink dialer-group 1 ppp authentication chap!
dialer-list 1 protocol ip permit!
CiscoCisco思科路由器同时支持回拨功能,我们将Cisco思科路由器Router1作为Callback Server,Router2作为Callback Client.
与回拨相关命令:
任务命令映射协议地址和电话号码,并在接口上使用在全局模式下定义的PPP回拨的映射类别。dialer map protocol address name hostname class classname dial-string设置接口支持PPP回拨ppp callback accept在全局模式下为PPP回拨设置映射类别map-class dialer classname通过查找注册在dialer map里的主机名来决定回拨。 dialer callback-server [username]设置接口要求PPP回拨ppp callback request
设置如下:Router1:hostname router1 user router2 password cisco! isdn switch-type basic-net3!
interface bri 0 ip address 192.200.10.1 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.2 name router2 class s3 572 dialer load-threshold 80 ppp callback accept ppp multilink dialer-group 1 ppp authentication chap!
map-class dialer s3 dialer callback-server username dialer-list 1 protocol ip permit!
Router2:hostname router2 user router1 password cisco! isdn switch-type basic-net3!
interface bri 0 ip address 192.200.10.2 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.1 name router1 571 dialer load-threshold 80 ppp callback request ppp multilink dialer-group 1 ppp authentication chap!
dialer-list 1 protocol ip permit!
相关调试命令:debug dialer debug isdn event debug isdn q921 debug isdn q931 debug ppp authentication debug ppp error debug ppp negotiation debug ppp packet show dialer show isdn status
举例:执行debug dialer命令观察router2呼叫router1,router1回拨router2的过程。
router1#debug dialer router2#ping 192.200.10.1
router1# 00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:03:50: BRI0:1PP callback Callback server starting to router2 572 00:03:50: BRI0:1: disconnecting call 00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:03:50: BRI0:1: disconnecting call 00:03:51: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up 00:03:52: callback to router2 already started 00:03:52: BRI0:2: disconnecting call 00:03:52: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down 00:03:52: BRI0:2: disconnecting call 00:04:05: : Callback timer expired 00:04:05: BRI0:beginning callback to router2 572 00:04:05: BRI0: Attempting to dial 572 00:04:05: Freeing callback to router2 572 00:04:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:04:05: BRI0:1: No callback negotiated 00:04:05: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up 00:04:05: dialer Protocol up for Vi1 00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, chang ed state to up 00:04:11: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 572 #router1
4.ISDN访问首都在线263网实例:本地局部网地址为10.0.0.0/24,属于保留地址,通过NAT地址翻译功能,局域网用户可以通过ISDN上263网访问Internet.263的ISDN
电话号码为2633,用户为263,口令为263,所涉及的命令如下表:
任务命令指定接口通过PPP/IPCP地址协商获得IP地址ip address negotiated指定内部和外部端口ip nat {inside | outside}使用ppp/pap作认证ppp authentication pap callin指定接口属于拨号组1dialer-group 1定义拨号组1允许所有IP协议dialer-list 1 protocol ip permit设定拨号,号码为2633dialer string 2633设定登录263的用户名和口令ppp pap sent-username 263 password 263设定默认路由ip route 0.0.0.0 0.0.0.0 bri 0设定符合访问列表2的所有源地址被翻译为bri 0所拥有的地址ip nat inside source list 2 interface bri 0 overload设定访问列表2,允许所有协议access-list 2 permit any
具体配置如下:hostname Cisco2503! isdn switch-type basic-net3!
ip subnet-zero no ip domain-lookup ip routing!
interface Ethernet 0 ip address 10.0.0.1 255.255.255.0 ip nat inside no shutdown!
interface Serial 0 shutdown no description no ip address! interface Serial 1 shutdown no description no ip address!
interface bri 0 ip address negotiated ip nat outside encapsulation ppp ppp authentication pap callin ppp multilink dialer-group 1 dialer hold-queue 10 dialer string 2633 dialer idle-timeout 120 ppp pap sent-username 263 password 263 no cdp enable no ip split-horizon no shutdown!
ip classless!! Static Routes!
ip route 0.0.0.0 0.0.0.0 bri 0!! Access Control List 2! access-list 2 permit any!
dialer-list 1 protocol ip permit!! Dynamic NAT!
ip nat inside source list 2 interface bri 0 overload snmp-server community public ro!
line console 0 exec-timeout 0 0! line vty 0 4! end
路由协议配置 RIP协议
RIP(Routing information Protocol)是应用较早、使用较普遍的内部网关协议(Interior Gateway Protocol,简称IGP),适用于小型同类网络,是典型的距离向量(distance-vector)协议。文档见RFC1058、RFC1723.
RIP通过广播UDP报文来交换路由信息,每30秒发送一次路由信息更新。RIP提供跳跃计数(hop count)作为尺度来衡量路由距离,跳跃计数是一个包到达目标所必须经过的Cisco思科路由器的数目。如果到相同目标有二个不等速或不同带宽的Cisco思科路由器,但跳跃计数相同,则RIP认为两个路由是等距离的。RIP最多支持的跳数为15,即在源和目的网间所要经过的最多Cisco思科路由器的数目为15,跳数16表示不可达。
1.有关命令
任务命令指定使用RIP协议router rip指定RIP版本version {1|2}1指定与该Cisco思科路由器相连的网络network network注:1.Cisco的RIP版本2支持验证、密钥管理、路由汇总、无类域间路由(CIDR)和变长子网掩码(VLSMs)
2.举例Router1:
router rip version 2 network 192.200.10.0 network 192.20.10.0! 相关调试命令:show ip protocol show ip route
IGRP协议IGRP (Interior Gateway Routing Protocol)是一种动态距离向量路由协议,它由Cisco公司八十年代中期设计。使用组合用户配置尺度,包括延迟、带宽、可靠性和负载。
缺省情况下,IGRP每90秒发送一次路由更新广播,在3个更新周期内(即270秒),没有从路由中的第一个Cisco思科路由器接收到更新,则宣布路由不可访问。在7个更新周期即630秒后,Cisco IOS 软件从路由表中清除路由。
1.有关命令
任务命令指定使用igrp协议router igrp autonomous-system1指定与该Cisco思科路由器相连的网络network network指定与该Cisco思科路由器相邻的节点地址neighbor ip-address注:1、autonomous-system可以随意建立,并非实际意义上的
autonomous-system,但运行IGRP的Cisco思科路由器要想交换路由更新信息其autonomous-system需相同。
2.举例Router1:router igrp 200 network 192.200.10.0 network 192.20.10.0!