cisco路由器配置命令手册

《cisco路由器配置命令手册》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

目录一．过telnet管理设备2二．配置修改路由器31.配置修改接口IP32.设置修改设备名称33.设置修改设备用户、密码44.设置修改DHCP服务器55.添加修改路由66.配置修改NAT地址转换67.限制某些IP上网78.配置拔入VPN7 一．过telnet管理设备思科设备均可通过telnet设备管理地址管理。例子：如路由器的内部接口地址为10.130.176.254，我们可以能过在命令行下telnel10.130.176.254管理该设备。点击操作系统桌面左下角的”开始”->”运行”,在弹出菜单输入”cmd”后按确定。在命令窗口输入”telnet10.130.176.254”输入用户名：Rvpn和密码：ciscovpn便可以进入路由器特权模式 二．配置修改路由器1.配置修改接口IP设置内部接口IP为10.130.176.254Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#interfaceFastEthernet0Router(config-if)#ipaddress10.130.176.254255.255.255.0Router(config-if)#noshutdownRouter(config-if)#exitRouter(config)#exitRouter#writeRouter#修改内部接口IP为192.168.1.1命令设置内部接口IP一样，新设置的IP将替换原有的IP。Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#interfaceFastEthernet0Router(config-if)#ipaddress192.168.1.1255.255.255.0Router(config-if)#noshutdownRouter(config-if)#exitRouter(config)#exitRouter#writeRouter#2.设置修改设备名称设置设备名称为R1Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#hostnameR1R1(config)#exitR1#writeR1#修改设备名称为R2 命令设置设备名称一样，新设置的设备名称将替换原有。Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.R1(config)#hostnameR2R2(config)#exitR2#writeR2#3.设置修改设备用户、密码设置特权模式密码为fzgz（用于CONSOLE口方式）Router#Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#enablepasswordfzgzRouter(config)#exitRouter#writeRouter#修改特权模式密码为cisco命令与设置特权模式密码一样，新密码将替换原来的密码Router#Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#enablepasswordfzgzRouter(config)#exitRouter#writeRouter#添删管理用户添加一个用户名为test，密码为testpassRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#usernametestpasswordtestpassRouter(config)#exitRouter#writeRouter#删除用户testRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z. Router(config)#nousernametestRouter(config)#exitRouter#writeRouter#*设备的特权模式密码只能有一个，但用户则可以多个。4.设置修改DHCP服务器设置动态地址分配设置动态分配的地址段为10.130.176.0，掩码为255.255.255.0，网关为10.130.176.254，dns为10.130.230.9和202.96.128.166。保留10.130.176.1－16IP地址Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#ipdhcppoolIP-POOLRouter(dhcp-config)#network10.130.176.0255.255.255.0Router(dhcp-config)#default-router10.130.176.254Router(dhcp-config)#dns-server10.130.230.9202.96.128.166Router(dhcp-config)#exitRouter(config)#ipdhcpexcluded-address10.130.176.110.130.176.16Router(config)#exitRouter#writeRouter#修改DHCP服务器修改动态分配的地址段为10.11.17.0，掩码为255.255.255.0，网关为10.11.17.1，dns为61.144.56.100和61.144.56.101保留地址为10.11.17.1和10.11.17.254Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#ipdhcppoolIP-POOLRouter(dhcp-config)#nonetwork10.130.176.0255.255.255.0Router(dhcp-config)#network10.11.17.0255.255.255.0Router(dhcp-config)#nodefault-router10.130.176.254Router(dhcp-config)#default-router10.11.17.1Router(dhcp-config)#nodns-server10.130.230.9202.96.128.166Router(dhcp-config)#dns-server61.144.56.10061.144.56.101Router(dhcp-config)#exitRouter(config)#noipdhcpexcluded-address10.130.176.110.130.176.16Router(config)#ipdhcpexcluded-address10.11.17.1 Router(config)#ipdhcpexcluded-address10.11.17.254Router(config)#exitRouter#writeRouter#5.添加修改路由添加默认路由，下一跳为121.8.108.113Router#Router(config)#iproute0.0.0.00.0.0.0121.8.108.113Router(config)#exitRouter#writeRouter#添加静态路由，网段为10.0.0.0掩码255.0.0.0，下一跳为10.130.176.1Router#Router(config)#iproute10.0.0.0255.0.0.010.130.176.1Router(config)#exitRouter#writeRouter#删除网段为10.0.0.0掩码255.0.0.0，下一跳为10.130.176.1的静态路由Router#Router(config)#noiproute10.0.0.0255.0.0.010.130.176.1Router(config)#exitRouter#writeRouter#6.配置修改NAT地址转换设置属于10.130.176.1-254范围内的IP都通过NAT转换上网。Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#access-list110permitip10.130.176.00.0.0.255anyRouter(config)#route-mapnonatpermit10Router(config-route-map)#matchipaddress110Router(config-route-map)#exitRouter(config)#ipnatinsidesourceroute-mapnonatinterfaceFastEthernet0/0overloadRouter(config)#interfaceFastEthernet0/0Router(config-if)#ipnatoutside Router(config-if)#exitRouter(config)#interfaceFastEthernet0/1Router(config-if)#ipnatinsideRouter(config-if)#exitRouter(config)#exitRouter#writeRouter#修改NAT转换设置属于10.11.17.1-254范围内的IP都通过NAT转换上网。Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#noaccess-list110permitip10.130.176.00.0.0.255anyRouter(config)#access-list110permitip10.11.17.00.0.0.255anyRouter(config)#exitRouter#writeRouter#7.限制某些IP上网限制10.130.176.1-128和10.130.176.253不能上网.Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#access-list111denyip10.130.176.00.0.0.127anyRouter(config)#access-list111denyiphost10.130.176.253anyRouter(config)#interfaceFastEthernet0/1Router(config-if)#ipaccess-group111inRouter(config)#exitRouter#writeRouter#8.配置拔入VPNA.定义VPN地址池范围10.130.176.239-253Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#iplocalpoolREMOTE-POOL10.130.176.23910.130.176.253Router(config)#exitRouter#writeRouter# B.定义NAT穿透Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#noaccess-list110permitip10.130.176.00.0.0.255anyRouter(config)#access-list110denyip10.130.176.00.0.0.25510.130.177.00.0.0.255Router(config)#access-list110permitip10.130.176.00.0.0.255anyRouter(config)#exitRouter#writeRouter#C.定义加密策略Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#cryptoisakmppolicy3Router(config-isakmp)#encr3desRouter(config-isakmp)#authenticationpre-shareRouter(config-isakmp)#group2Router(config-isakmp)#exitRouter(config)#cryptoipsectransform-setmysetesp-3desesp-md5-hmacRouter(cfg-crypto-trans)#cryptodynamic-mapdynmap10Router(config-crypto-map)#settransform-setmysetRouter(config-crypto-map)#reverse-routeRouter(config-crypto-map)#Router(config-crypto-map)#Router(config-crypto-map)#exitRouter(config)#cryptomapclientmapclientauthenticationlistuserauthenRouter(config)#cryptomapclientmapisakmpauthorizationlistgroupauthorRouter(config)#cryptomapclientmapclientconfigurationaddressrespondRouter(config)#cryptomapclientmap10ipsec-isakmpdynamicdynmapRouter(config)#exitRouter#writeRouter#D.定义VPN隧道定义隧道名为”RvpnClient”，密码为”cisco123”,为配置的地址池为”REMOTE-POOL”dns为：10.130.176.233Router#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#cryptoisakmpclientconfigurationgroupRvpnClientRouter(config-isakmp-group)#keycisco123Router(config-isakmp-group)#poolREMOTE-POOLRouter(config-isakmp-group)#netmask255.255.255.0 Router(config-isakmp-group)#dns10.130.176.233Router(config-isakmp-group)#exitRouter(config)#exitRouter#writeRouter#E.在外部接口启用VPNRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#interfacefastEthernet0Router(config-if)#cryptomapclientmapRouter(config-if)#exitRouter(config)#exitRouter#writeRouter#F.增加删除VPN用户名添删管理用户添加一个用户名为test，密码为testpassRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#usernametestpasswordtestpassRouter(config)#exitRouter#writeRouter#H.删除用户testRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#nousernametestRouter(config)#exitRouter#writeRouter#I.修改VPN客户端DNS为10.130.176.111，隧道密码为ciscovpnRouter#conftEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router(config)#cryptoisakmpclientconfigurationgroupRvpnClientRouter(config-isakmp-group)#nodns10.130.176.233Router(config-isakmp-group)#dns10.130.176.111Router(config-isakmp-group)#nokeycisco123Router(config-isakmp-group)#keyciscovpnRouter(config-isakmp-group)#exitRouter(config)#exit Router#writeRouter#