IT课程

 新网工在YESLAB   

IT技术专业学习平台
IT人才专业服务提供商

 

VUE考试注册预约电话:010-82608710

全国热线:400-004-8626

【路由交换】分享个自己家用的路由配置案例

首页    思科专题    【路由交换】分享个自己家用的路由配置案例

硬件平台: I3-7100U 8G/2400 64GmstatSSD
宿主系统:esx 6.7
路由系统固件:csr1000v-universalk9.16.09.03.SPA.bin
没有写说明的IKEv2/IPsec DMVPN 和OSPFv2、BGP 这三个协议/(协议族)是用于做什么的可以等小伙伴猜想下
====================================================以下===========================================================
version 16.9
service timestamps debug datetime localtime //让debug的时间戳变成当前时间
service timestamps log datetime localtime //让log的时间戳变成当前时间
service password-encryption //自身密码加密
!
hostname gateway //设置系统名称
!
boot-start-marker
boot system bootflash:csr1000v-universalk9.16.09.03.SPA.bin //更新系统固件
boot-end-marker
!
logging console notifications //打开控制台日志提示级别6
enable secret 5 $1$YBp/$JbbIgwH7OoaaSQ5cZm6kU/ //设置15级提权密码
!
aaa new-model //开启三A
!
aaa authentication login default local //本地登入认证默认走本地账户
aaa authentication ppp default local //LNC拨入默认走本地账户
!
clock timezone CST 8 0 //设置时区为北京标准时间
!
ip nbar http-services //开启流量分类

ip name-server 8.8.8.8 //指定域名服务器8.8.8.8
ip host gateway.local 192.168.0.1 //设置网关FQDN
ip host vmware.local 192.168.0.100 //设置网关后台FQDN
ip domain name local //设置域名

ip ddns update method 3322 //开启动态域名解析
HTTP
  add http://马赛克:马赛克<s>/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 0 1 0
interval minimum 0 0 1 0
!
ip dhcp excluded-address 192.168.0.1 192.168.0.100 //排除DHCP池地址
ip dhcp excluded-address 192.168.1.1 192.168.1.100 //排除DHCP池地址
ip dhcp pool LAN //设置DHCP池地址本地用户
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.0.1
ip dhcp pool l2tp-pool //设置DHCP池地址LNC用户
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
login on-success log //开启登录日志提示
!
vpdn enable
!
vpdn-group l2tpv2 //虚拟拨号网络允许L2TP拨入
  Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
no l2tp tunnel authentication
!
spanning-tree mode mst //开启生成树及其特性
spanning-tree extend system-id
spanning-tree mst 0 priority 24576
username Chloe password 7 097D5F5X4C534647525F507X //设置本地账户名
!
bridge-domain 1 //配置LAN口
member GigabitEthernet6 service-instance 1
member GigabitEthernet2 service-instance 1
member GigabitEthernet3 service-instance 1
member GigabitEthernet4 service-instance 1
member GigabitEthernet5 service-instance 1
!
crypto ikev2 proposal DMVPN
encryption aes-cbc-256 aes-cbc-192 aes-cbc-128
integrity sha512 sha384 sha256 sha1 md5
group 5 2
crypto ikev2 policy DMVPN
proposal DMVPN
crypto ikev2 keyring DMVPN
peer DMVPN
  address 0.0.0.0 0.0.0.0
  pre-shared-key 马赛克
crypto ikev2 profile DMVPN
match identity remote any
authentication remote pre-share
authentication local pre-share
keyring local DMVPN
!
lldp run //开启链路层邻居发现
cdp run //开启邻居发现
!
crypto isakmp policy 1 //创建ikev1策略
encr aes 256 //加密算法AES256
hash md5 //散列算法md5
authentication pre-share //加密方式 使用预共享密钥
group 14 //DH分组
crypto isakmp key 马赛克 address 0.0.0.0 //预共享密钥 XXXX
crypto ipsec transform-set l2tp esp-aes 256 esp-md5-hmac //设置ipsec的转换集,使用ESP加密和散列数据包荷载时的算法
mode transport //使用传输模式
crypto ipsec profile DMVPN
set ikev2-profile DMVPN
crypto dynamic-map l2tp 1 //创建map,匹配转换集
set transform-set l2tp
crypto map l2tp 1 ipsec-isakmp dynamic l2tp
!
interface Tunnel0
description VPN-interface
ip address 192.168.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication 马赛克
ip nhrp map 192.168.2.254 95.179.242.141
ip nhrp map multicast 95.179.242.141
ip nhrp network-id 1
ip nhrp nhs 192.168.2.254
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 0
ip ospf 110 area 0
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
!
interface GigabitEthernet1 //用于PPPoE拨号的接口
no ip address
negotiation auto
pppoe enable group global
cdp enable
pppoe-client dial-pool-number 1
interface GigabitEthernet2 //LAN口
no ip address
negotiation auto
cdp enable
service instance 1 ethernet
  encapsulation untagged
interface GigabitEthernet3 //LAN口
no ip address
negotiation auto
cdp enable
service instance 1 ethernet
  encapsulation untagged
interface GigabitEthernet4 //LAN口
no ip address
negotiation auto
no mop sysid
service instance 1 ethernet
  encapsulation untagged
interface GigabitEthernet5 //LAN口
no ip address
negotiation auto
cdp enable
service instance 1 ethernet
  encapsulation untagged
interface GigabitEthernet6 //LAN口
no ip address
negotiation auto
service instance 1 ethernet
  encapsulation untagged
!
interface Virtual-Template1 //L2TP拨号模板
ip address 192.168.1.1 255.255.255.0 //配置网关地址
ip nat inside  //配置NAT
ip ospf 110 area 0
peer default ip address dhcp-pool l2tp-pool //关联DHCP池
ppp authentication chap eap ms-chap ms-chap-v2 pap //开启全部认证方式
!
interface Dialer1 //PPPoE拨号接口
description WAN //描述
ip ddns update hostname XXXf3322.net //开启DDNS动态域名解析
ip ddns update 3322 host members.3322.net
ip address negotiated //地址自动协商
ip nat outside //开启NAT
encapsulation ppp //链路层分装PPP
ip tcp adjust-mss 1452 //调整TCP荷载大小为1518-18-8-20-20=1452
dialer pool 1 //使用拨号池1
ppp pap sent-username 马赛克 password 7 091D1C5A4D50414553 //ISP的账户名密码
ppp ipcp route default //获取缺省路由
crypto map l2tp //调用crypto map
ip virtual-reassembly max-reassemblies 1024 //防止分片攻击
!
interface BDI1 //LAN口
description LAN //描述
ip address 192.168.0.1 255.255.255.0 //配置本地用户网关地址
ip nat inside //开启NAT
ip nbar protocol-discovery //开启流量识别
ip ospf 110 area 0
arp timeout 60 //arp超时
!
router ospf 110
router-id 192.168.2.1
!
router bgp 64512
template peer-policy iBGP
  soft-reconfiguration inbound
  send-community both
exit-peer-policy
template peer-session iBGP
  remote-as 64512
  update-source Tunnel0
exit-peer-session
bgp router-id 192.168.2.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.168.2.254 inherit peer-session iBGP
address-family ipv4
  neighbor 192.168.2.254 activate
  neighbor 192.168.2.254 inherit peer-policy iBGP
exit-address-family
!
ip nat inside source list 1 interface Dialer1 overload //PAT内部源转换
!
ip http server //开启HTTP
ip http authentication local //HTTP本地认证
ip http secure-server //开启HTTPS
ip tftp source-interface BDI1 //TFTP源使用BDI接口
!
ip dns server //指定自身可为DNS转发
!
access-list 1 permit 192.168.0.0 0.0.0.255 //访问控制列表匹配本地用户
access-list 1 permit 192.168.1.0 0.0.0.255 //访问控制列表匹配LNC用户
!
line vty 0 4
exec-timeout 3600 0 //超时
transport input all //允许登入协议
!
ntp master 1 //指定自身可作为NTP服务器
ntp server cn.pool.ntp.org //指定远端服务器地址
!

end
===========================================================show==============================================================
gateway#sh ip route
S*    0.0.0.0/0 [1/0] via 4X.11X.72.1
      8.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        8.8.4.0/24 [200/0] via 192.168.2.254, 1d06h
B        8.8.8.0/24 [200/0] via 192.168.2.254, 1d06h
B        8.34.208.0/21 [200/0] via 192.168.2.254, 1d06h
B        8.34.216.0/21 [200/0] via 192.168.2.254, 1d06h
B        8.35.192.0/21 [200/0] via 192.168.2.254, 1d06h
B        8.35.200.0/21 [200/0] via 192.168.2.254, 1d06h
      23.0.0.0/8 is variably subnetted, 5 subnets, 5 masks
B        23.228.128.0/18 [200/0] via 192.168.2.254, 1d06h
B        23.228.128.0/21 [200/0] via 192.168.2.254, 1d06h
B        23.236.48.0/20 [200/0] via 192.168.2.254, 1d06h
B        23.251.128.0/19 [200/0] via 192.168.2.254, 1d06h
B        23.255.128.0/17 [200/0] via 192.168.2.254, 1d06h
      34.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
B        34.64.0.0/11 [200/0] via 192.168.2.254, 1d06h
B        34.64.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.68.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.72.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.76.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.80.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.84.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.88.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.92.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.96.0.0/12 [200/0] via 192.168.2.254, 1d06h
B        34.96.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.100.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.104.0.0/14 [200/0] via 192.168.2.254, 1d06h
B        34.108.0.0/14 [200/0] via 192.168.2.254, 1d06h
      35.0.0.0/8 is variably subnetted, 92 subnets, 8 masks
B        35.184.0.0/13 [200/0] via 192.168.2.254, 1d06h
B        35.184.0.0/19 [200/0] via 192.168.2.254, 1d06h

2019年7月12日 17:02
浏览量:0
收藏