下面是以前我在一家isp工作时维护的一个客户路由器上的配置,这个客户租了我们12条IP- VPN线路,是个大客户。对于IP-VPN内部专线,这个客户主要用于访问远程ERP系统和VOIP语音电话。下面是完整的配置,除了名称用xxx代替外,其它都保留不变。对于爱好网络技术的朋友是一个学习cisco技术的难得的参考。有兴趣的朋友可以分析一下,注:一般IP-VPN专线其实就是DDN加IPVPN技术,一般采用EIGRP协议的。
User Access Verification Username: xxxx01x Password: xxxx01-BJ-4>en Password: xxxx01-BJ-4#sh run Building configuration... Current configuration : 5624 bytes ! ! Last configuration change at 12:05:04 SHT Thu Feb 2 2006 by xxxx01user ! NVRAM config last updated at 12:05:05 SHT Thu Feb 2 2006 by xxxx01user ! version 12.1 service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname xxxx01-BJ-4 ! logging buffered 4096 debugging enable secret 5 $1$Tmai$BXXdfdfdfdfdf&%$$#Y4xm2uMbBBW/ enable password 7 01100B081E1D090631 ! username netuser password 7 121A0A041F041F username netuser autocommand menu netuser username xxxx01user password 7 070C2C400B1F1dfdfd60C07 username ispuser privilege 15 password 7 13061A1E0Adfdfd08092325 ! ! ! ! clock timezone SHT 8 ip subnet-zero no ip finger no ip domain-lookup ! ! ! ! interface Loopback0 description "Loopback for Voice" ip address 10.136.71.254 255.255.255.255 ! interface Tunnel40101 description "BJ-xxxx01 - SH-xxxx02" ip address 172.16.255.14 255.255.255.252 tunnel source 10.136.252.50 tunnel destination 10.23.252.70 ! interface Tunnel40102 description "BJ-xxxx01 - SH-xxxx02 (Voice)" ip address 172.16.254.14 255.255.255.252 tunnel source 10.136.71.254 tunnel destination 10.16.67.254 ! interface Tunnel40201 description "BJ-xxxx01 - SZ-xxxx02" ip address 172.16.255.22 255.255.255.252 tunnel source 10.136.252.50 tunnel destination 10.144.253.58 ! interface Tunnel40202 description "BJ-xxxx01 - SZ-xxxx02 (Voice)" ip address 172.16.254.22 255.255.255.252 tunnel source 10.136.71.254 tunnel destination 10.144.80.254 ! interface Tunnel40301 description "BJ-xxxx01 - SH-xxxx01" ip address 172.16.255.6 255.255.255.252 ip mtu 1600 tunnel source 10.136.252.50 tunnel destination 10.23.252.82 ! interface Tunnel40302 description "BJ-xxxx01 - SH-xxxx01 (Voice)" ip address 172.16.254.6 255.255.255.252 tunnel source 10.136.71.254 tunnel destination 10.16.70.254 ! interface Tunnel40501 description "To xxxx01-GZ" ip address 172.16.255.29 255.255.255.252 ip mtu 1600 tunnel source 10.136.252.50 tunnel destination 10.144.253.78 ! interface Tunnel40502 description "To xxxx01-GZ (Voice)" ip address 172.16.254.29 255.255.255.252 tunnel source 10.136.71.254 tunnel destination 10.144.85.254 ! interface Ethernet0 ip address 192.168.2.253 255.255.255.0 ! interface Serial0 bandwidth 256 ip address 10.136.252.50 255.255.255.252 encapsulation ppp priority-group 1 ! router eigrp 1 redistribute static metric 100 100 255 1 1500 route-map rm_static2eigrp network 172.16.254.0 0.0.0.255 network 172.16.255.0 0.0.0.255 network 192.168.2.0 distribute-list prefix 111 out Tunnel40101 distribute-list prefix 112 out Tunnel40102 distribute-list prefix 111 out Tunnel40201 distribute-list prefix 112 out Tunnel40202 distribute-list prefix 111 out Tunnel40301 distribute-list prefix 112 out Tunnel40302 distribute-list prefix 111 out Tunnel40501 distribute-list prefix 112 out Tunnel40502 no auto-summary no eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0 ip route 10.0.0.0 255.0.0.0 Serial0 ip route 10.16.67.254 255.255.255.255 Serial0 ip route 10.16.70.254 255.255.255.255 Serial0 ip route 10.23.252.70 255.255.255.255 Serial0 ip route 10.23.252.82 255.255.255.255 Serial0 ip route 10.23.253.0 255.255.255.0 Serial0 ip route 10.144.80.254 255.255.255.255 Serial0 ip route 10.144.85.254 255.255.255.255 Serial0 ip route 10.144.253.58 255.255.255.255 Serial0 ip route 10.144.253.78 255.255.255.255 Serial0 ip route 192.168.2.252 255.255.255.255 Ethernet0 ip route 192.168.4.0 255.255.255.0 192.168.2.254 ip route 192.168.5.0 255.255.255.0 192.168.2.254 ip route 192.168.30.0 255.255.255.0 192.168.2.254 ip route 192.168.31.0 255.255.255.0 192.168.2.254 no ip http server ! ! ip prefix-list 111 description "Deny Voice" ip prefix-list 111 seq 5 permit 0.0.0.0/0 le 31 ! ip prefix-list 112 description "Permit Voice" ip prefix-list 112 seq 5 permit 0.0.0.0/0 ge 32 access-list 1 permit 192.168.2.252 access-list 1 permit 192.168.4.0 0.0.0.255 access-list 1 permit 192.168.5.0 0.0.0.255 access-list 1 permit 192.168.30.0 0.0.0.255 access-list 1 permit 192.168.31.0 0.0.0.255 access-list 10 permit 10.23.253.0 0.0.0.255 access-list 101 permit ip host 10.136.71.254 any priority-list 1 protocol ip high list 101 priority-list 1 queue-limit 100 100 100 100 ! menu netuser title ^C Testing Menu ^C menu netuser prompt ^C Please enter your selection : ^C menu netuser text 1 show interface s0 menu netuser command 1 show interface s0 menu netuser options 1 pause menu netuser text 2 show interface e0 menu netuser command 2 show interface e0 menu netuser options 2 pause menu netuser text e exit menu netuser command e logout menu netuser clear-screen menu netuser default e menu netuser line-mode route-map rm_static2eigrp permit 10 match ip address 1 ! snmp-server community xxxx RO 10 alias exec sion sh ip ospf nei alias exec sbro sh run | be router ospf alias exec sbrb sh run | be router bgp alias exec sibs sh ip bgp su alias exec sib sh ip bgp alias exec sipr sh ip pim rp alias exec siprm sh ip pim rp map alias exec sbrr sh run | be router rip alias exec sri sh run int alias exec si sh run | in alias exec sb sh run | be alias exec siib sh ip int brief alias exec i sh ip route alias exec sal sh ip access-l alias exec ct conf t alias exec sip sh ip pro alias exec sbre sh run | be router eigrp alias exec sien sh ip eigrp nei ! line con 0 exec-timeout 360 0 logging synchronous login local transport input none line vty 0 4 exec-timeout 360 0 logging synchronous login local ! sntp server 10.23.253.254 end xxxx01-BJ-4# |