路由器和路由器之間的配置代碼
Hub Router
2503#show running-config
Building configuration
Current configuration : 1466 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2503
ip subnet-zero
--- Configuration for IKE policies
crypto isakmp policy 10
--- Enables the IKE policy configuration (config-isakmp)
--- command mode, where you can specify the parameters that
--- are used during an IKE negotiation
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200121
crypto isakmp key cisco123 address 200131
--- Specifies the preshared key "cisco123" which should
--- be identical at both peers This is a global
--- configuration mode command
--- Configuration for IPSec policies
crypto ipsec transform-set myset esp-des esp-md5-hmac
--- Enables the crypto transform configuration mode,
--- where you can specify the transform sets that are used
--- during an IPSec negotiation
crypto map mymap 10 ipsec-isakmp
--- Indicates that IKE is used to establish
--- the IPSec security association for protecting the
--- traffic specified by this crypto map entry
set peer 200121
--- Sets the IP address of the remote end
set transform-set myset
--- Configures IPSec to use the transform-set
--- "myset" defined earlier in this configuration
match address 110
--- Specifyies the traffic to be encrypted
crypto map mymap 20 ipsec-isakmp
set peer 200131
set transform-set myset
match address 120
interface Loopback0
ip address 10111 2552552550
interface Ethernet0
ip address 200111 2552552550
no ip route-cache
--- You must enable process switching for IPSec
--- to encrypt outgoing packets This command disables fast switching
no ip mroute-cache
crypto map mymap
--- Configures the interface to use the
--- crypto map "mymap" for IPSec
--- Output suppressed
ip classless
ip route 1721610 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
ip http server
access-list 110 permit ip 10110 000255 1721610 000255
access-list 110 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 10110 000255 19216810 000255
access-list 120 permit ip 1721610 000255 19216810 000255
--- This crypto ACL-permit identifies the
--- matching traffic flows to be protected via encryption
Spoke 1 Router
2509a#show running-config
Building configuration
Current configuration : 1203 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2509a
enable secret 5 class="main">
路由器和路由器之間的配置代碼
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 110
interface Loopback0
ip address 1721611 2552552550
interface Ethernet0
ip address 200121 2552552550
no ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 110 permit ip 1721610 000255 10110 000255
access-list 110 permit ip 1721610 000255 19216810 000255
end
2509a#
Spoke 2 Router
2509#show running-config
Building configuration
Current configuration : 1117 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
hostname 2509
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 120
interface Loopback0
ip address 19216811 2552552550
interface Ethernet0
ip address 200131 2552552550
--- No ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 1721600 25525500 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 120 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 19216810 000255 10110 000255
end
2509#
路由器和路由器之間的配置代碼
上一篇:路由器測試技術方法大全
精選文章
-
路由器測試技術方法大全
路由器需要連接兩個或多個邏輯端口,至少擁有一個物理端口。路由器根據收到的數據包中網絡層地址以及路由器內部維護的路由表決定輸出端口以及下一
-
如何用終端控制臺訪問路由器
路由器是我們常用到的網絡設備,本文主要介紹了訪問路由器可以用終端控制臺,TTY線路,VTY線路,基于SNMP網管和RMON等方法,詳細的敘述請閱讀本文。 終端控
-
存儲路由器和SAN路由器知識大全
存儲路由器的主要的特點是極大地提高了容災系統(tǒng)的數據可用性,整體的可靠性和穩(wěn)定性,利用存儲路由器構建的多個SAN存儲體系互通的連接。 存儲路由器
-
路由器的作用與功能知識大全
路由器的原理與作用路由器是一種典型的網絡層設備。它是兩個局域網之間接幀傳輸數據,在OSI/RM之中被稱之為中介系統(tǒng),完成網絡層中繼或第三層中繼的