下面是以前我在一家isp工作时维护的一个客户路由器上的配置,这个客户租了我们12条IP- VPN线路,是个大客户。对于IP-VPN内部专线,这个客户主要用于访问远程ERP系统和VOIP语音电话。下面是完整的配置,除了名称用xxx代替外,其它都保留不变。对于爱好网络技术的朋友是一个学习cisco技术的难得的参考。有兴趣的朋友可以分析一下,注:一般IP-VPN专线其实就是DDN加IPVPN技术,一般采用EIGRP协议的。
User Access Verification
Username: xxxx01x
Password:
xxxx01-BJ-4>en
Password:
xxxx01-BJ-4#sh run
Building configuration...
Current configuration : 5624 bytes
!
! Last configuration change at 12:05:04 SHT Thu Feb 2 2006 by xxxx01user
! NVRAM config last updated at 12:05:05 SHT Thu Feb 2 2006 by xxxx01user
!
version 12.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname xxxx01-BJ-4
!
logging buffered 4096 debugging
enable secret 5 $1$Tmai$BXXdfdfdfdfdf&%$$#Y4xm2uMbBBW/
enable password 7 01100B081E1D090631
!
username netuser password 7 121A0A041F041F
username netuser autocommand menu netuser
username xxxx01user password 7 070C2C400B1F1dfdfd60C07
username ispuser privilege 15 password 7 13061A1E0Adfdfd08092325
!
!
!
!
clock timezone SHT 8
ip subnet-zero
no ip finger
no ip domain-lookup
!
!
!
!
interface Loopback0
description "Loopback for Voice"
ip address 10.136.71.254 255.255.255.255
!
interface Tunnel40101
description "BJ-xxxx01 - SH-xxxx02"
ip address 172.16.255.14 255.255.255.252
tunnel source 10.136.252.50
tunnel destination 10.23.252.70
!
interface Tunnel40102
description "BJ-xxxx01 - SH-xxxx02 (Voice)"
ip address 172.16.254.14 255.255.255.252
tunnel source 10.136.71.254
tunnel destination 10.16.67.254
!
interface Tunnel40201
description "BJ-xxxx01 - SZ-xxxx02"
ip address 172.16.255.22 255.255.255.252
tunnel source 10.136.252.50
tunnel destination 10.144.253.58
!
interface Tunnel40202
description "BJ-xxxx01 - SZ-xxxx02 (Voice)"
ip address 172.16.254.22 255.255.255.252
tunnel source 10.136.71.254
tunnel destination 10.144.80.254
!
interface Tunnel40301
description "BJ-xxxx01 - SH-xxxx01"
ip address 172.16.255.6 255.255.255.252
ip mtu 1600
tunnel source 10.136.252.50
tunnel destination 10.23.252.82
!
interface Tunnel40302
description "BJ-xxxx01 - SH-xxxx01 (Voice)"
ip address 172.16.254.6 255.255.255.252
tunnel source 10.136.71.254
tunnel destination 10.16.70.254
!
interface Tunnel40501
description "To xxxx01-GZ"
ip address 172.16.255.29 255.255.255.252
ip mtu 1600
tunnel source 10.136.252.50
tunnel destination 10.144.253.78
!
interface Tunnel40502
description "To xxxx01-GZ (Voice)"
ip address 172.16.254.29 255.255.255.252
tunnel source 10.136.71.254
tunnel destination 10.144.85.254
!
interface Ethernet0
ip address 192.168.2.253 255.255.255.0
!
interface Serial0
bandwidth 256
ip address 10.136.252.50 255.255.255.252
encapsulation ppp
priority-group 1
!
router eigrp 1
redistribute static metric 100 100 255 1 1500 route-map rm_static2eigrp
network 172.16.254.0 0.0.0.255
network 172.16.255.0 0.0.0.255
network 192.168.2.0
distribute-list prefix 111 out Tunnel40101
distribute-list prefix 112 out Tunnel40102
distribute-list prefix 111 out Tunnel40201
distribute-list prefix 112 out Tunnel40202
distribute-list prefix 111 out Tunnel40301
distribute-list prefix 112 out Tunnel40302
distribute-list prefix 111 out Tunnel40501
distribute-list prefix 112 out Tunnel40502
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.0.0.0 255.0.0.0 Serial0
ip route 10.16.67.254 255.255.255.255 Serial0
ip route 10.16.70.254 255.255.255.255 Serial0
ip route 10.23.252.70 255.255.255.255 Serial0
ip route 10.23.252.82 255.255.255.255 Serial0
ip route 10.23.253.0 255.255.255.0 Serial0
ip route 10.144.80.254 255.255.255.255 Serial0
ip route 10.144.85.254 255.255.255.255 Serial0
ip route 10.144.253.58 255.255.255.255 Serial0
ip route 10.144.253.78 255.255.255.255 Serial0
ip route 192.168.2.252 255.255.255.255 Ethernet0
ip route 192.168.4.0 255.255.255.0 192.168.2.254
ip route 192.168.5.0 255.255.255.0 192.168.2.254
ip route 192.168.30.0 255.255.255.0 192.168.2.254
ip route 192.168.31.0 255.255.255.0 192.168.2.254
no ip http server
!
!
ip prefix-list 111 description "Deny Voice"
ip prefix-list 111 seq 5 permit 0.0.0.0/0 le 31
!
ip prefix-list 112 description "Permit Voice"
ip prefix-list 112 seq 5 permit 0.0.0.0/0 ge 32
access-list 1 permit 192.168.2.252
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255
access-list 1 permit 192.168.31.0 0.0.0.255
access-list 10 permit 10.23.253.0 0.0.0.255
access-list 101 permit ip host 10.136.71.254 any
priority-list 1 protocol ip high list 101
priority-list 1 queue-limit 100 100 100 100
!
menu netuser title ^C
Testing Menu
^C
menu netuser prompt ^C
Please enter your selection : ^C
menu netuser text 1 show interface s0
menu netuser command 1 show interface s0
menu netuser options 1 pause
menu netuser text 2 show interface e0
menu netuser command 2 show interface e0
menu netuser options 2 pause
menu netuser text e exit
menu netuser command e logout
menu netuser clear-screen
menu netuser default e
menu netuser line-mode
route-map rm_static2eigrp permit 10
match ip address 1
!
snmp-server community xxxx RO 10
alias exec sion sh ip ospf nei
alias exec sbro sh run | be router ospf
alias exec sbrb sh run | be router bgp
alias exec sibs sh ip bgp su
alias exec sib sh ip bgp
alias exec sipr sh ip pim rp
alias exec siprm sh ip pim rp map
alias exec sbrr sh run | be router rip
alias exec sri sh run int
alias exec si sh run | in
alias exec sb sh run | be
alias exec siib sh ip int brief
alias exec i sh ip route
alias exec sal sh ip access-l
alias exec ct conf t
alias exec sip sh ip pro
alias exec sbre sh run | be router eigrp
alias exec sien sh ip eigrp nei
!
line con 0
exec-timeout 360 0
logging synchronous
login local
transport input none
line vty 0 4
exec-timeout 360 0
logging synchronous
login local
!
sntp server 10.23.253.254
end
xxxx01-BJ-4# |