|
更换路由器注意事项 1. 路由器不保存配置问题 2. 路由器重启才能打开浏览器网页,不然只能上QQ 3. 配置一份防火墙的路由模式配置命令清单 4. 整体优化一下网络配置,包括上网行为管理配置 5. 向专业人士请教学习网络管理,网络配置方面的经验。 6. 其它可能想到的遇见的网络问题 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 conf t no ssh 0.0.0.0 0.0.0.0 outside no ssh timeout 5 *************************** User Access Verification Username: 8 Password: ****** Type help or '?' for a list of available commands. ciscoasa> en Password: ****** ciscoasa# show run : Saved : ASA Version 8.0(4) ! hostname ciscoasa enable password GYXZIPGXIpqkhvbr encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 22.19.73.18 255.255.255.248 ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.178.10.1 255.255.255.252 ! interface GigabitEthernet0/2 no nameif no security-level no ip address ! interface GigabitEthernet0/3 no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! ftp mode passive access-list out extended permit icmp any any access-list out extended permit tcp any host 221.1.73.19 eq 9080 access-list out extended permit tcp any host 221.1.73.19 eq 9999 access-list out extended permit tcp any host 221.1.73.18 eq telnet access-list out extended permit tcp any host 221.1.73.19 eq 9082 access-list out extended permit tcp any host 221.1.73.20 eq 9080 access-list NAT extended permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 access-list NAT static (inside,outside) tcp 22.19.73.20 9080 192.168.0.77 www netmask 255.255.255.255 access-group out in interface outside route outside 0.0.0.0 0.0.0.0 22.19.73.17 1 route inside 10.10.2.0 255.255.255.0 192.178.10.2 2 route inside 192.168.0.0 255.255.0.0 192.178.10.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept username 8 password KTgDX8iR83mrRqex encrypted ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:14d7b5a5f4e711ffd24c3c632d0dd376 : end ciscoasa# show ver Cisco Adaptive Security Appliance Software Version 8.0(4) Compiled on Thu 07-Aug-08 20:53 by builders System image file is "disk0:/asa804-k8.bin" Config file at boot was "startup-config" ciscoasa up 270 days 13 hours Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz Internal ATA Compact Flash, 256MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05 0: Ext: GigabitEthernet0/0 : address is 0023.33bb.9486, irq 9 1: Ext: GigabitEthernet0/1 : address is 0023.33bb.9487, irq 9 2: Ext: GigabitEthernet0/2 : address is 0023.33bb.9488, irq 9 3: Ext: GigabitEthernet0/3 : address is 0023.33bb.9489, irq 9 4: Ext: Management0/0 : address is 0023.33bb.948a, irq 11 5: Int: Not used : irq 11 6: Int: Not used : irq 5 Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 200 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Disabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 5000 WebVPN Peers : 2 AnyConnect for Mobile : Disabled AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled UC Proxy Sessions : 2 This platform has an ASA 5540 VPN Premium license. Serial Number: JMX1307L05W Running Activation Key: 0xe019655b 0x0424a2b4 0xd052a9d0 0xac50a048 0xc03e0fa5 Configuration register is 0x2001 Configuration last modified by enable_15 at 01:32:26.817 UTC Tue Jan 17 2017 ************************************* User Access Verification Username: 8 Password: HTHL_7206_Router#show run Building configuration... Current configuration : 1640 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HTHL_7206_Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ip source-route ! ! ! ! ip cef ! ! multilink bundle-name authenticated call rsvp-sync ! ! ! interface GigabitEthernet0/1 no ip address media-type rj45 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/2 description *CNC1* ip address 192.178.10.2 255.255.255.252 media-type rj45 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/3 ip address 10.10.20.1 255.255.255.0 media-type rj45 speed auto duplex auto negotiation auto ! ip nat translation timeout 900 ip nat translation tcp-timeout 900 ip nat translation udp-timeout 900 ip nat translation syn-timeout 900 ip nat inside source list nat interface GigabitEthernet0/2 overload ip nat inside source static tcp 192.168.20.104 9080 22.19.73.19 9080 extendable ip nat inside source static tcp 192.168.0.10 80 22.19.73.19 9999 extendable ip classless ip route 0.0.0.0 0.0.0.0 192.178.10.1 ip route 192.168.0.0 255.255.0.0 10.10.20.254 ! ! no ip http server no ip http secure-server ! ip access-list extended nat permit ip any any ! ! ! ! control-plane ! ! dial-peer cor custom ! ! ! ! gatekeeper shutdown ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 logging synchronous login local line vty 5 15 logging synchronous login local ! end HTHL_7206_Router# show ver Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.2(33)SRD2, RELEASE SOFTWARE (fc2) Technical Support: http://www./techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 20-May-09 20:57 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1) HTHL_7206_Router uptime is 20 weeks, 5 days, 15 hours, 29 minutes System returned to ROM by reload at 06:24:04 UTC Fri May 5 2000 System image file is "disk2:c7200-adventerprisek9-mz.122-33.SRD2.bin" Last reload type: Normal Reload Last reload reason: Reload command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www./wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@. Cisco 7206VXR (NPE-G1) processor (revision C) with 229376K/32768K bytes of memory. Processor board ID 36044624 SB-1 CPU at 700Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache 6 slot VXR midplane, Version 2.11 Last reset from power-on PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points. Current configuration on bus mb1 has a total of 0 bandwidth points. This configuration is within the PCI bus capacity and is supported. PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points. Current configuration on bus mb2 has a total of 0 bandwidth points. This configuration is within the PCI bus capacity and is supported. Please refer to the following document "Cisco 7200 Series Port Adaptor Hardware Configuration Guidelines" on Cisco.com <http://www.> for c7200 bandwidth points oversubscription and usage guidelines. 3 Gigabit Ethernet interfaces 509K bytes of NVRAM. 500472K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes). 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 HTHL_7206_Router# --------------- ASA防火墙配置SSH 以前pix上的ssh配置很简单,现在照样在asa上配置,结果不行,琢磨了一下,终于ok了,分享给大家 关键语句主要以下几条 access-list 102 extended permit tcp any interface outside eq ssh放开外口ssh登陆 access-group 102 in interface outside外口启用ssh aaa authentication ssh console LOCAL aaa authentication enable console LOCAL 开放aaa本地数据验证,这两句很重要,不能省略 ssh 0.0.0.0 0.0.0.0 outside开放允许ssh的端口iu ssh timeout 45设置ssh超时时间 ssh version 1 设置ssh版本,3des才支持v2 设置用户 username admin password <removed> privilege 15 以上几句就可以在asa上实现ssh了 ASA5500系列命令,我发现的软件版本7.0以上的正确配置方法如下: //配置服务器端 ciscoasa(config)#crypto key generate rsa modulus 1024 //指定rsa系数的大小,这个值越大,产生rsa的时间越长,cisco推荐使用1024. ciscoasa(config)#write mem //保存刚刚产生的密钥 ciscoasa(config)#ssh 0.0.0.0 0.0.0.0 outside //0.0.0.0 0.0.0.0表示任何外部主机都能通过SSH访问outside接口,当然你可以指定具体的主机或网络来进行访问,outside也可 以改为inside即表示内部通过SSH访问防火墙ciscoasa(config)#ssh timeout 30 //设置超时时间,单位为分钟 ciscoasa(config)#ssh version 1 //指定SSH版本,可以选择版本2 //配置客户端ciscoasa(config)#passwd 密码 //passwd命令所指定的密码为远程访问密码,同样适用于telnet 所有7.0版本以上的用户名默认为pix,其它的版本我不知道。这里可以看出ASA还有PIX的影子的,呵呵,网上说的ASA防火墙配置SSH通过命令"username 用户名 password密码"来创建账号,我测试了n次都说账号错误.由此看出软件版本7.0上的用户名都是pix.不信大家可以试试. //相关命令 show ssh //参看SSH配置信息 show crypto key mypubkey rsa //查看产生的rsa密钥值 crypto key zeroize //清空所有产生的密钥 以上命令资料都是来自ASA5500系列防火墙官方配置指南和实际测试通过 1.设置用户名: hostname yliang 2.设置域名,在生成加密密码时要用到用户名和域名 ip domain-name yliang.com 3.为加密会话产生加密密钥: crypto key generate rsa general-keys modulus 1024 4.为SSH会话设置最大空闲定时器: ip ssh time-out 60 5.为SSH连接设置最大失败尝试值: ip ssh authentication-retries 2 line vty 0 1180 6.连接到路由器的vty线路上 transport input ssh telnet ssh 0.0.0.0 0.0.0.0 7.配置SSH并将Telnet作为访问协议 ************************ 交换机:192.168.0.254 User Access Verification Username: 8 Password: HXSwitch-1#show run Building configuration... Current configuration : 13515 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service compress-config ! hostname HXSwitch-1 ! boot-start-marker boot-end-marker ! ! username hailong privilege 15 password 7 141F1302000B242C username 8 privilege 15 password 7 130D121E04025C no aaa new-model ip subnet-zero ! ip dhcp pool binguan network 192.168.12.0 255.255.255.0 default-router 192.168.12.254 dns-server 202.102.134.68 202.102.154.3 ! ip vrf mgmtVrf ! ! power redundancy-mode redundant ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! redundancy mode sso main-cpu auto-sync startup-config auto-sync config-register ! vlan internal allocation policy ascending ! ! ! interface Port-channel1 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel2 switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet1 ip vrf forwarding mgmtVrf no ip address speed auto duplex auto ! interface TenGigabitEthernet1/1 ! interface TenGigabitEthernet1/2 ! interface GigabitEthernet1/3 ! interface GigabitEthernet1/4 ! interface GigabitEthernet1/5 ! interface GigabitEthernet1/6 ! interface TenGigabitEthernet2/1 ! interface TenGigabitEthernet2/2 ! interface GigabitEthernet2/3 ! interface GigabitEthernet2/4 ! interface GigabitEthernet2/5 ! interface GigabitEthernet2/6 ! interface GigabitEthernet4/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/2 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/3 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/4 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/6 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/7 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/8 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/9 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/10 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/11 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/12 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/14 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/15 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/16 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/17 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/18 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/19 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/21 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/22 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/23 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/24 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/25 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/26 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/27 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/28 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/29 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/30 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/31 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/32 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/33 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/34 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/35 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/36 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/37 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/38 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/39 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/40 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/41 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/42 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/43 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/44 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet4/45 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet4/46 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet4/47 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet4/48 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet6/1 no switchport ip address 10.10.20.252 255.255.255.0 standby 88 ip 10.10.20.254 standby 88 priority 120 standby 88 preempt ! interface GigabitEthernet6/2 switchport access vlan 2 switchport mode access speed 1000 duplex full ! interface GigabitEthernet6/3 ! interface GigabitEthernet6/4 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/5 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/6 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/7 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/8 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/9 switchport access vlan 2 switchport mode access interface GigabitEthernet6/9 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/10 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/11 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/12 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/13 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/14 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/15 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/16 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/17 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/18 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/19 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/20 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/21 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/22 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/23 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/24 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/25 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/26 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/27 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/28 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/29 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/30 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/31 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet6/32 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/33 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/34 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/35 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/36 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/37 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/38 switchport access vlan 2 switchport mode access ! interface GigabitEthernet6/39 switchport access vlan 3 switchport mode access ! interface GigabitEthernet6/40 switchport access vlan 30 switchport mode access ! interface GigabitEthernet6/41 switchport access vlan 3 switchport mode access ! interface GigabitEthernet6/42 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet6/43 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet6/44 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet6/45 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet6/46 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet6/47 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface GigabitEthernet6/48 switchport trunk encapsulation dot1q switchport mode trunk channel-group 2 mode on ! interface Vlan1 ip address 172.16.1.1 255.255.255.0 ! interface Vlan2 description *Server* ip address 192.168.0.252 255.255.255.0 vrrp 2 ip 192.168.0.254 vrrp 2 priority 120 ! interface Vlan3 description *xinxizhongxin* ip address 192.168.1.252 255.255.255.0 vrrp 3 ip 192.168.1.254 ! interface Vlan4 description *zonghelou* ip address 192.168.2.252 255.255.255.0 vrrp 4 ip 192.168.2.254 ! interface Vlan5 description *changsifenchang* ip address 192.168.3.252 255.255.255.0 vrrp 5 ip 192.168.3.254 vrrp 5 priority 120 ! interface Vlan6 description *duanyifenchang* ip address 192.168.4.252 255.255.255.0 vrrp 6 ip 192.168.4.254 ! interface Vlan7 description *duanerfenchang* ip address 192.168.5.252 255.255.255.0 vrrp 7 ip 192.168.5.254 ! interface Vlan8 description *donglifenchang* ip address 192.168.6.252 255.255.255.0 vrrp 8 ip 192.168.6.254 ! interface Vlan9 description *jiangfengongchang* ip address 192.168.7.252 255.255.255.0 vrrp 9 ip 192.168.7.254 ! interface Vlan10 description *xinduansier* ip address 192.168.8.252 255.255.255.0 vrrp 10 ip 192.168.8.254 ! interface Vlan12 description *changsifenchang* ip address 192.168.10.252 255.255.255.0 vrrp 12 ip 192.168.10.254 vrrp 12 priority 120 ! interface Vlan13 description *jiyuan&gongxiaogongsi* ip address 192.168.11.252 255.255.255.0 vrrp 13 ip 192.168.11.254 ! interface Vlan14 description *binguan* ip address 192.168.12.252 255.255.255.0 vrrp 14 ip 192.168.12.254 ! interface Vlan15 description *changchuchubei* ip address 192.168.13.252 255.255.255.0 vrrp 15 ip 192.168.13.254 ! interface Vlan17 description *wushuichejian* ip address 192.168.15.252 255.255.255.0 vrrp 17 ip 192.168.15.254 ! interface Vlan18 description *duansanfenchang* ip address 192.168.16.252 255.255.255.0 vrrp 18 ip 192.168.16.254 vrrp 18 priority 120 ! interface Vlan20 description *jishuzhongxin* ip address 192.168.18.252 255.255.255.0 vrrp 20 ip 192.168.18.254 ! interface Vlan24 description *xinzongcaiwu* ip address 192.168.22.252 255.255.255.0 vrrp 24 ip 192.168.22.254 vrrp 24 priority 120 ! interface Vlan25 description *xinzongcaiwu* ip address 192.168.23.252 255.255.255.0 vrrp 25 ip 192.168.23.254 vrrp 25 priority 120 ! interface Vlan26 description *xinzongcaiwu* ip address 192.168.24.252 255.255.255.0 vrrp 26 ip 192.168.24.254 vrrp 26 priority 120 ! interface Vlan30 description *jianyanchu* ip address 192.168.28.252 255.255.255.0 vrrp 30 ip 192.168.28.254 vrrp 30 priority 120 ! interface Vlan31 description *cangchulingdaou* ip address 192.168.29.252 255.255.255.0 vrrp 31 ip 192.168.29.254 vrrp 31 priority 120 ! interface Vlan42 description *xinzongcaiwu2* ip address 192.168.40.252 255.255.255.0 vrrp 42 ip 192.168.40.254 vrrp 42 priority 120 ! interface Vlan172 ip address 172.16.8.1 255.255.255.0 vrrp 172 ip 172.16.8.254 vrrp 172 priority 120 ! router rip version 2 network 192.168.8.0 network 192.168.10.0 network 192.168.24.0 network 192.168.28.0 network 192.168.30.0 network 192.168.31.0 network 192.168.40.0 ! ip route 0.0.0.0 0.0.0.0 10.10.20.1 ip http server ! control-plane ! ! line con 0 stopbits 1 line vty 0 4 login local ! ! monitor session 1 source interface Gi4/1 - 32 monitor session 1 source interface Gi6/1 monitor session 1 destination interface Gi6/3 end |
|
|
