月亮雨小组 YLY Studio

cisco1841上加了hwic-4esw后怎么配置

Luyouqi#sh run
Building configuration...
Current configuration : 815 bytes
!
version 12.4
no service timestamps 搜索log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Luyouqi
!
!
!
!
ip dhcp excluded-address 192.168.0.254
!
ip dhcp pool cisco
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1/0
switchport mode access
!
interface FastEthernet0/1/1
switchport mode access
!
interface FastEthernet0/1/2
switchport mode access
!
interface FastEthernet0/1/3
switchport mode access
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
!
ip classless
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end

作者:mysy 分类:网络技术 浏览:141 评论:0

CISCO 路由器 HWIC-4ESW 配置案例

 

在2块HWIC-4ESW之间,一定要用一根网线连接起来,否则,VLAN无法使用,切记!

这次在一台路由器上配备了两块HWIC-4ESW,开始时没有注意,根本没法用这两块以太网交换模块,搞得自己很紧张,以为碰到不良总代,出了O货,后来到官网上查了一下,原来还有这么一说,算是思科的一个小小硬伤吧,为什么不在机框总线里把这个问题处理好,却一定要在外面飞线呢?

看来思科每次在嘲笑华为时,应该摸下自己的脸是否有点红了。

思科官方的文档:
Configuring Stacking
Stacking is the connection of two switch modules resident in the same chassis so that they behave as a single switch. When a chassis is populated with two switch modules, the user must configure both of them to operate in stacked mode. This is done by selecting one port from each switch module and configuring it to be a stacking partner. The user must then connect with a cable the stacking partners from each switch module to physically stack the switch modules. Any one port in a switch module can be designated as the stacking partner for that switch module.

作者:mysy 分类:网络技术 浏览:124 评论:0

思科2811及其它路由器SSLVPN配置(非固定IP地址)

  一: 上传软件

   R1#copy tftp flash
   Address or name of remote host []? 192.168.10.100
   Source filename []? sslclient-win-1.1.2.169.pkg
   Destination filename [sslclient-win-1.1.2.169.pkg]?
   Accessing tftp://192.168.10.100/sslclient-win-1.1.2.169.pkg...
   Loading sslclient-win-1.1.2.169.pkg from 192.168.10.100 (via FastEthernet0/0): !!
   [OK - 415090 bytes]

作者:mysy 分类:网络技术 浏览:124 评论:0

ASA ipsec vpn1

 
 
实验配置步骤参考:
1、设备初始化
3、配置路由
4、配置NAT
5、配置ISAKMP/IKE阶段1
6、配置ISAKMP/IKE阶段2
7、测试
-----------------------------------------------------------------------------------------
1、设备初始化
ciscoasa(config)#hostname ASA5520
ASA5520(config)#int e0/0
ASA5520(config-if)#nameif outside
ASA5520(config-if)#security-level 0
ASA5520(config-if)#ip add 172.16.2.1 255.255.255.0
ASA5520(config-if)#no sh
ASA5520(config)#int e0/1
ASA5520(config-if)#nameif inside
ASA5520(config-if)#security-level 100
ASA5520(config-if)#ip add 192.168.20.254 255.255.255.0
ASA5520(config-if)#no sh
2811-R1(config)#hostname 2811-R1
2811-R1(config)#int e0/0
2811-R1(config-if)#ip add 172.16.1.1 255.255.255.0
2811-R1(config-if)#no sh
2811-R1(config)#int e0/1
2811-R1(config-if)#ip add 192.168.10.254 255.255.255.0
2811-R1(config-if)#no sh
internet(config)#int e0/0
internet(config-if)#ip add 172.16.1.254 255.255.255.0
internet(config-if)#no sh
internet(config)#int e0/1
internet(config-if)#ip add 172.16.2.254 255.255.255.0
internet(config-if)#no sh
2、配置路由(作用:保证VPN加/解密点之间能通信)
ASA5520(config)#route outside 0.0.0.0 0.0.0.0 172.16.2.254
2811-R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.254
3、配置NAT
ASA5520(config)#access-list NONAT permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0---(不进行NAT转换)
ASA5520(config)#nat (inside) 0 access-list NONAT------表示NAT豁免技术
ASA5520(config)#nat (inside) 1 192.168.20.0 255.255.255.0
ASA5520(config)#global (outside) 1 interface
2811-R1(config)#ip access-list extended NAT    定义什么流量进行NAT转
2811-R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255------这是VPN的流量,所以不进行NAT转换
2811-R1(config-ext-nacl)#permit ip any any     允许其他流量进行NAT转换
2811-R1(config)#ip nat inside source list NAT interface e0/0 overload
2811-R1(config)#int e0/0
2811-R1(config-if)#ip nat outside
2811-R1(config)#int e0/1
2811-R1(config-if)#ip nat inside
--------------------------------------------------------------------------------------------------------------------
4、配置ISAKMP/IKE阶段1(作用:建立VPN的管理连接)
1)配置ISAKMP/IKE策略
ASA5520(config)#crypto isakmp enable outside    启用ISAKMP协议
ASA5520(config)#crypto isakmp policy 1     定义第一阶段ISAKMP/IKE策略
ASA5520(config-isakmp)#hash md5         哈希使用md5
ASA5520(config-isakmp)#encryption des    加密方式使用3DES(对称)
ASA5520(config-isakmp)#group 2             DH加密算法强度
ASA5520(config-isakmp)#authentication pre-share   验证用预共享密钥
2811-R1(config)#crypto isakmp policy 1    定义第一阶段ISAKMP/IKE策略
2811-R1(config-isakmp)#hash md5          哈希算法使用md5
2811-R1(config-isakmp)#encryption des    加密方式使用3DES(对称)
2811-R1(config-isakmp)#group 2              DH加密算强度
2811-R1(config-isakmp)#authentication pre-share   验证用预共享密钥
2)配置预共享密钥
ASA5520(config)#crypto isakmp key  cisco address 172.16.1.1
2811-R1(config)#crypto isakmp key  0 cisco address 172.16.2.1
5、配置ISAKMP/IKE阶段2(作用:建立VPN的数据连接)
1)、配置ACL定义VPN连接所保护的流量
ASA5520(config)#access-list VPN permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
2811-R1(config)#ip access-list extended VPN    定义vpn感兴趣流
2811-R1(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
2)、定义Ipsec传输集(转换集)
ASA5520(config)#crypto ipsec transform-set ESP-T esp-des esp-md5-hmac
2811-R1(config)#crypto ipsec transform-set ESP-T esp-des esp-md5-hmac
3)、配置crypto map加密映射(作用:关联ACL和ipsec传输集设置)
ASA5520(config)#crypto map VPN-MAP 1 ipsec-isakmp     全局启用ipsec-ISAKMP协议
ASA5520(config)#crypto map VPN-MAP 1 match address VPN
ASA5520(config)#crypto map VPN-MAP 1 set peer 172.16.1.1    指定对方的加/解点
ASA5520(config)#crypto map VPN-MAP 1 set transform-set ESP-T
2811-R1(config)#crypto map VPN-MAP 1 ipsec-isakmp     默认已开启
2811-R1(config-crypto-map)#set transform-set ESP-T  调用转换集
2811-R1(config-crypto-map)#match address VPN      匹配需加密的流量
2811-R1(config-crypto-map)#set peer 172.16.2.1     指明对方加(解)密点
4)、crypto map接口应用
ASA5520(config)#crypto map VPN-MAP interface outside
2811-R1(config)#int e0/0
2811-R1(config-if)#crypto map VPN-MAP    端口调用加密映射
6、测试
1)路由器VPN查看与排错命令:
Show crypto isakmp policy    显示所有尝试的策略以及最后的默认策略设置:
clear cry session  清除VPN连接
Show crypto ipsec transform-set  显示ipsec传输集设置
Show crypto map    显示crypto map相关配置
Show cyrpto isakmp sa   显示ISAKMP/IKE阶段1安全联盟SA---VPN连接
Show crypto ipsec sa     显示ISAKMP/IKE阶段2安全联盟SA
Show crypto engine connction active   显示VPN连接加\解密的数据包数量
2)ASA防火墙VPN查看与排错命令:
show vpn-sessiondb l2l   查看l2l vpn的连接状态信息

作者:mysy 分类:网络技术 浏览:125 评论:0

思科2800 l2tp vpn基本配置

                                         
                                                                               
User Access Verification                                                       
                                                                               
Username: zqshuiku                                                             
Password:                                                                      
                                                                               
Router#show run                                                                
Building configuration...                                                      
                                                                               
Current configuration : 3190 bytes                                             
!                                                                              
! Last configuration change at 13:58:58 UTC Tue Nov 19 2013 by l2tp            
version 15.1                                                                   
service timestamps debug datetime msec                                         
service timestamps log datetime msec                                           
no service password-encryption                                                 
!                                                                              
hostname Router                                                                
!                                                                              
boot-start-marker                                                              
boot system flash flash:c2800nm-advsecurityk9-mz.151-4.M4.bin                  
boot-end-marker                                                                
!                                                                              
!                                                                              
enable password zqshuiku                                                       
!                                                                              
aaa new-model                                                                  
!                                                                              
!                                                                              
aaa authentication ppp default local                                           
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
aaa session-id common                                                          
!                                                                              
!                                                                              
dot11 syslog                                                                   
ip source-route                                                                
!                                                                              
!                                                                              
ip cef                                                                         
!                                                                              
!                                                                              
!                                                                              
!                                                                              
multilink bundle-name authenticated                                            
!                                                                              
vpdn enable                                                                    
!                                                                              
vpdn-group l2tp                                                                
 ! Default L2TP VPDN group                                                     
 accept-dialin                                                                 
  protocol l2tp                                                                
  virtual-template 1                                                           
 no l2tp tunnel authentication                                                 
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
license udi pid CISCO2811 sn FHK1453F27K                                       
username zqshuiku password 0 123456                                            
username daiming password 0 daiming                                            
username l2tp password 0 cisco                                                 
!                                                                              
redundancy                                                                     
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
interface FastEthernet0/0                                                      
 ip address 122.228.121.10 255.255.255.252                                     
 ip nat outside                                                                
 ip virtual-reassembly in                                                      
 duplex auto                                                                   
 speed auto                                                                    
!                                                                              
interface FastEthernet0/1                                                      
 ip address 192.168.1.1 255.255.255.0                                          
 ip nat inside                                                                 
 ip virtual-reassembly in                                                      
 duplex auto                                                                   
 speed auto                                                                    
!                                                                              
interface Virtual-Template1                                                    
 ip address 192.168.100.1 255.255.255.0                                        
 ip nat inside                                                                 
 ip virtual-reassembly in                                                      
 peer default ip address pool l2tp                                             
 ppp authentication chap                                                       
!                                                                              
ip local pool l2tp 192.168.100.2 192.168.100.200                               
ip forward-protocol nd                                                         
no ip http server                                                              
no ip http secure-server                                                       
!                                                                              
!                                                                              
ip nat inside source list 1 interface FastEthernet0/0 overload                 
ip nat inside source static tcp 192.168.1.88 80 122.228.121.10 80 extendable   
ip nat inside source static udp 192.168.1.88 80 122.228.121.10 80 extendable   
ip nat inside source static tcp 192.168.1.88 3389 122.228.121.10 3389 extendable
ip nat inside source static udp 192.168.1.88 3389 122.228.121.10 3389 extendable
ip nat inside source static tcp 192.168.1.88 5002 122.228.121.10 5002 extendable
ip nat inside source static udp 192.168.1.88 5002 122.228.121.10 5002 extendable
ip nat inside source static tcp 192.168.1.88 8081 122.228.121.10 8081 extendable
ip nat inside source static udp 192.168.1.88 8081 122.228.121.10 8081 extendable
ip nat inside source static tcp 192.168.1.88 8082 122.228.121.10 8082 extendable
ip nat inside source static udp 192.168.1.88 8082 122.228.121.10 8082 extendable
ip nat inside source static tcp 192.168.1.88 8085 122.228.121.10 8085 extendable
ip nat inside source static udp 192.168.1.88 8085 122.228.121.10 8085 extendable
ip nat inside source static tcp 192.168.1.88 8086 122.228.121.10 8086 extendable
ip nat inside source static udp 192.168.1.88 8086 122.228.121.10 8086 extendable
ip nat inside source static tcp 192.168.1.88 8087 122.228.121.10 8087 extendable
ip nat inside source static udp 192.168.1.88 8087 122.228.121.10 8087 extendable
ip nat inside source static tcp 192.168.1.88 8088 122.228.121.10 8088 extendable
ip nat inside source static udp 192.168.1.88 8088 122.228.121.10 8088 extendable
ip route 0.0.0.0 0.0.0.0 122.228.121.9                                         
!                                                                              
access-list 1 permit any                                                       
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
!                                                                              
control-plane                                                                  
!                                                                              
!                                                                              
!                                                                              
line con 0                                                                     
line aux 0                                                                     
line vty 0 4                                                                   
 privilege level 15                                                            
 password zqshuiku                                                             
 transport input all                                                           
line vty 5 15                                                                  
 transport input all                                                           
!                                                                              
scheduler allocate 20000 1000                                                  
end                                                                            
                                                                               
Router#                            

作者:mysy 分类:网络技术 浏览:142 评论:0

路由器cisco2811上怎么配置VPN

 IPSec VPN配置:
crypto isakmp policy 1
encryption aes
authentication pre-share
group 1
exit搜索

crypto isakmp key PASSWORD address 61.139.2.69
crypto ipsec transform-set VPN1 esp-sha-hmac esp-3des

exit

crypto map VPN1 10 ipsec-isakmp
set transform-set VPN1
set peer 61.139.2.69
match address 110
exit

access-list 110 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255

int g0/1
crypto map VPN1

作者:mysy 分类:网络技术 浏览:127 评论:0

CISCO2811路由器EasyVPN配置范例

  interface FastEthernet0/1

  description ToInternet

  ip address 20.165.8.73 255.255.255.192

  ip nat outside

  ip nat enable

  ip virtual-reassembly

  duplex auto

  speed auto

  no cdp enable

作者:mysy 分类:网络技术 浏览:131 评论:0

cisco 2811 pppoe拨号 点对点 ipsec vpn 成功配置案例

 

九天的努力全在这边了!!

摸索中前进啊!!

Using 2109 out of 196600 bytes

!

! Last configuration change at 10:23:00 UTC Fri May 3 2013

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

作者:mysy 分类:网络技术 浏览:131 评论:0

美主持人播天气预报 一只狗“路过”令人捧腹

 

据外媒报道,近日,美国新罕布什尔州(NH) 曼彻斯特市 Manchester 一名天气预报主持人在播报节目时,一只狗突然闯入镜头,并不紧不慢的路过,使主持人措手不及。据悉,这位“不速之客”的到来反而受到了观众欢迎。据报道,在狗狗路过主持人时,主持人沉默片刻后笑着说,“……我身后是一条狗。”

作者:mysy 分类:旅行游记 浏览:124 评论:0