首頁>Club>
12
回覆列表
  • 1 # 殘疾人傷

    1.配置管理的IP地址和閘道器

    interface Vlanif1

    ip address 10.20.69.1 255.255.255.0

    2.使用FTP上傳web管理的配置檔案web.zip

    ftp server enable

    aaa

    local-user user1 password cipher user1

    local-user user1 service-type ftp

    local-user user1 ftp-directory flash:/

    電腦上傳web.zip

    ftp> binary 使用二進位制上傳

    ftp> put web.zip

    3.啟用web管理,建立web管理的使用者

    http server enable

    http server load web.zip 載入web管理檔案

    aaa

    local-user user2 password cipher user2

    local-user user2 service-type http

    local-user user2 privilege level 3

    二、配置DHCP服務:

    1.全域性啟用dhcp

    dhcp enable

    #

    ip pool lan

    gateway-list 10.20.69.1

    network 10.20.69.0 mask 255.255.255.0

    excluded-ip-address 10.20.69.2 10.20.69.100

    excluded-ip-address 10.20.69.200 10.20.69.254

    dns-list 172.16.10.25 172.16.10.21

    #

    dns resolve

    dns proxy enable

    #

    interface Vlanif1

    dhcp select global

    2.只在介面上啟用dhcp

    interface Vlanif1

    ip address 10.20.69.1 255.255.255.0

    dhcp select interface

    dhcp server dns-list 172.16.10.25 172.16.10.21

    #

    三、ppoe客戶端配置:

    1.配置nat轉換:

    acl number 3000

    rule 10 deny ip source 10.20.69.0 0.0.0.255 destination 172.16.0.0 0.7.255.255

    rule 20 deny ip source 10.20.69.0 0.0.0.255 destination 192.168.0.0 0.0.0.255

    rule 30 permit ip source 192.168.254.0 0.0.0.255

    rule 40 permit ip source 10.20.69.0 0.0.0.255

    2.配置執行ppoe的物理介面

    interface Ethernet0/0/8

    pppoe-client dial-bundle-number 1 on-demand

    undo shutdown

    3.配置ppoe

    dialer-rule

    dialer-rule 1 ip permit

    #

    interface Dialer1

    link-protocol ppp

    ppp chap user 2100771@xmadsl

    ppp chap password cipher xmgov123

    ppp pap local-user 2100771@xmadsl password cipher xmgov123

    tcp adjust-mss 1400

    ip address ppp-negotiate

    dialer user 2100771@xmadsl

    dialer bundle 1

    dialer queue-length 8

    dialer timer idle 300

    dialer-group 1

    nat outbound 3000 啟用nat

    #

    ip route-static 0.0.0.0 0.0.0.0 Dialer1

    4.檢查ppoe狀態

    display pppoe-client session summarydisplay pppoe-client session summary

    四、在配置ike vpn

    1.配置感興趣流

    acl number 3002

    rule 10 permit ip source 10.20.69.0 0.0.0.255 destination 172.16.0.0 0.7.255.255

    rule 20 permit ip source 10.20.69.0 0.0.0.255 destination 192.168.0.0 0.0.0.255

    2. 在Router上配置進行IKE協商時需要的本機ID和IKE Peer。

    ike peer jfgf v1

    pre-shared-key simple XMgovVPNPS

    ike-proposal 10

    r

    emote-address 28.5.6.29

    野蠻模式中,如果local-id-type取值為name的時候,對於發起協商端需要增加remote-adress x.x.x.x的配置。[ 顯示配置資訊:display ike peer name jfgf verbose ]

    3.建立安全提議:

    ipsec proposal xmjf

    ike peer 10 v2 這個應該可以不用,因為前面有ike peer jfgf v1

    ike proposal 10

    authentication-algorithm md5

    執行display ipsec proposal會顯示所配置的資訊

    4.配置安全策略

    ipsec policy map 10 isakmp

    security acl 3002

    ike-peer jfgf

    proposal xmjf

    執行display ipsec policy會顯示所配置的資訊

    5.應用安全策略

    interface Dialer1

    ipsec policy map

    display ipsec sa會顯示所配置的資訊

    display ike sa會顯示所配置的資訊

    五、路由器管理配置:

    clock timezone utc add 08:00:00

    aaa

    local-user xmjf password cipher xmjf

    local-user xmjf privilege level 3

    local-user xmjf service-type telnet telnet ssh http

    local-user admin password cipher admin

    local-user admin service-type telnet http

    user-interface con 0

    authentication-mode password

    set authentication password cipher admin

    user-interface vty 0 4

    authentication-mode aaa

    user privilege level 15

  • 中秋節和大豐收的關聯?
  • 岳飛手下的十二軍部將,最後分別什麼結局?