最簡單的Cisco路由器設定
有一天,忘記哪一天,阿民跑來問阿貝,Cisco路由器怎麼設定?
香蕉芭樂,這是怎麼回事?
原來現在的 IT人員都用現成圖形界面習慣了,
阿貝只好去翻一翻舊資料,就這樣吧,至少讓你能動
假定有三台cisco路由器,一台在台北Taipei,一台在香港HK,一台在上海SH,做專線連接
我們就舉台北香港兩台機器做範例
這是台北的設定
=======================================
Current configuration:
!
version nn.nn (版本號碼)
no service password-encryption (不理它 )
!
hostname Taipei (這台主機名稱)
!
enable secret 5 $1$qtIQ$u2jM1J46XUwV2kIp8TIHh0
enable password cisco (內定密碼)
!
no ip domain-lookup (讓路由器只管ip的對應,不要理會domain name,減輕覆載)
!
interface Hssi1/0 (某條高速界面卡,安裝卡片後cisco會自己找到)
ip address 172.16.2.9 255.255.255.252 (準備跟HK連線)
no ip mroute-cache (不要讓路由器做ip multi-cast)
bandwidth 46080 (強迫設定頻寬)
!
interface Serial2/0
no ip address
shutdown (沒事做就關掉它)
!
interface Hssi3/0
ip address 172.16.2.5 255.255.255.252 (記得不要跟Hssi1/0的網段衝突)
encapsulation ppp (做ppp的通訊協定)
no ip mroute-cache
!
interface FastEthernet4/0 (你的內部區域網路,內部的PC都指定它為default gateway)
ip address 192.168.10.254 255.255.255.0
no keepalive (減少頻寬的覆載,叫路由器沒事不要亂叫hello)
full-duplex (強迫設定卡片為全雙工,有點多此一舉,不過隨便你要不要設定,自己爽就好)
!
ip classless
ip route 192.168.11.0 255.255.255.255 172.16.2.6
ip route 192.168.101.0 255.255.255.0 172.16.2.10
ip route 0.0.0.0 0.0.0.0 192.168.10.248 (強迫到下一個內部路由器,阿民你懂的)
(這是權限設定的問題,就不要管了,可以把它NO掉)
#access-list 100 permit ip host 192.168.11.252 any
#access-list 100 permit ip host 192.168.11.254 any
#access-list 100 deny ip any any
#access-list 100 permit ip host 172.16.2.6 any
#access-list 101 permit ip 192.168.101.0 0.0.0.255 any
#access-list 101 permit ip 192.168.10.248 0.0.0.7 any
#access-list 101 deny ip any any
#access-list 102 deny ip host 192.168.11.249 any
#access-list 102 deny ip host 192.168.11.250 any
#snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
香蕉芭樂,這是怎麼回事?
原來現在的 IT人員都用現成圖形界面習慣了,
阿貝只好去翻一翻舊資料,就這樣吧,至少讓你能動
假定有三台cisco路由器,一台在台北Taipei,一台在香港HK,一台在上海SH,做專線連接
我們就舉台北香港兩台機器做範例
這是台北的設定
=======================================
Current configuration:
!
version nn.nn (版本號碼)
no service password-encryption (不理它 )
!
hostname Taipei (這台主機名稱)
!
enable secret 5 $1$qtIQ$u2jM1J46XUwV2kIp8TIHh0
enable password cisco (內定密碼)
!
no ip domain-lookup (讓路由器只管ip的對應,不要理會domain name,減輕覆載)
!
interface Hssi1/0 (某條高速界面卡,安裝卡片後cisco會自己找到)
ip address 172.16.2.9 255.255.255.252 (準備跟HK連線)
no ip mroute-cache (不要讓路由器做ip multi-cast)
bandwidth 46080 (強迫設定頻寬)
!
interface Serial2/0
no ip address
shutdown (沒事做就關掉它)
!
interface Hssi3/0
ip address 172.16.2.5 255.255.255.252 (記得不要跟Hssi1/0的網段衝突)
encapsulation ppp (做ppp的通訊協定)
no ip mroute-cache
!
interface FastEthernet4/0 (你的內部區域網路,內部的PC都指定它為default gateway)
ip address 192.168.10.254 255.255.255.0
no keepalive (減少頻寬的覆載,叫路由器沒事不要亂叫hello)
full-duplex (強迫設定卡片為全雙工,有點多此一舉,不過隨便你要不要設定,自己爽就好)
!
ip classless
ip route 192.168.11.0 255.255.255.255 172.16.2.6
ip route 192.168.101.0 255.255.255.0 172.16.2.10
ip route 0.0.0.0 0.0.0.0 192.168.10.248 (強迫到下一個內部路由器,阿民你懂的)
(這是權限設定的問題,就不要管了,可以把它NO掉)
#access-list 100 permit ip host 192.168.11.252 any
#access-list 100 permit ip host 192.168.11.254 any
#access-list 100 deny ip any any
#access-list 100 permit ip host 172.16.2.6 any
#access-list 101 permit ip 192.168.101.0 0.0.0.255 any
#access-list 101 permit ip 192.168.10.248 0.0.0.7 any
#access-list 101 deny ip any any
#access-list 102 deny ip host 192.168.11.249 any
#access-list 102 deny ip host 192.168.11.250 any
#snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
香港
=======================================
Current configuration:
!
version nn.nn
no service udp-small-servers (沒事,就留著吧)
no service tcp-small-servers
!
hostname Hongkong
!
enable secret 5 $1$F80/$EjF1LELJ58iVbWCpr9ohU1
enable password cisco
!
ip subnet-zero (新版本應該是內定值)
no ip domain-lookup
!
interface FastEthernet0/0
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
!
interface Hssi2/0
ip address 172.16.2.10 255.255.255.252
bandwidth 46080
!
interface FastEthernet3/0
ip address 192.168.101.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.2.9 (往台北總公司丟資料)
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
=======================================
就降子,另一台自己會意一下,有問題再發問
留言
張貼留言