下载文档原格式
神州数码路由交换配置命令(全)路由 ssh aaa authentication login ssh local aaa authentication enable default enable enable password 0 123456 username admin password 0 123456 ip sshd enable ip sshd auth-methodssh ip sshd auth-retries 5 ip sshd timeout 60 TELNETR1_config#aaa authentication login default local R1_config#aaaauthentication enable default enable R1_config#enable password0 ruijie R1_config#line vty 0 4 R1_config_line#loginauthentication default R1_config_line#password 0 cisco 方法2,不需要经过3A认证R1_config#aaa authentication login default none R1_config#aaa authentication enable default enable R1_config#enable password 0 cisco R1_config#line vty 0 4 R1_config_line#login authentication default CHAP认证单向认证,密码可以不一致R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp R2_config_s0/2#ppp authentication chap test R2_config_s0/2#ppp chap hostname R1 R1_config#aaa authentication ppp test local R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp R1_config_s0/1#ppp authentication chap test R1_config_s0/1#ppp chap hostname R2 pap认证双向认证,密码要求一致R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp R2_config_s0/2#pppauthentication pap test R2_config_s0/2#ppp pap sent-usernameR1 password 123456 R1_config#aaa authentication ppp test localR1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp R1_config_s0/1#ppp authentication pap testR1_config_s0/1#ppp pap sent-username R2 password 123456 FR Router-A_config_s1/1#encapsulation frame-relay !封装帧中继协议 Router-A_config_s1/1#frame-relay local-dlci 17 !设置本地DLCI 号Router-A_config_s1/1# frame-relay intf-type dce !配置FR的DCE Router-A_config_s1/1# frame-relay map 192.168.1.2 pvc 17 broadcast !配置DLCI 与对端IP的映射Vrrp Int g0/4 vrrp 1 associate 192.168.20.254 255.255.255.0 vrrp 1 priority 120 设置优先级,为主 vrrp 1 preempt 开启抢占 vrrp 1 track interface Serial0/1 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级Int g0/6 vrrp 1 associate 192.168.20.254 255.255.255.0 vrrp 1 priority 100 设置优先级,为备,默认为100 vrrp 1 preempt 开启抢占vrrp 1 track interface Serial0/2 30 追踪上行接口,防止上行接口DOWN了,自动降低优先级RIP 验证,只有V2支持验证interface Serial0/2 接口起验证和配密码 ip rip authentication simple iprip password 123456RIP改单播router rip nei 192.168.1.1 RIP定时器router rip timers update 10 更新时间 timers exipire 30 失效时间 timers hosddown 50 抑制时间ospf router os 1 net 192.168.1.0 255.255.255.0 ar 0 不能写32位掩码 OSPF 虚链路 ROUTER OS2 进程起用AR 1 VI 2.2.2.2 对方ROUTER-ID OSPF 汇总ROUTER OS 2 进程起用 ar 0 range 192.168.0.0 255.255.252.0 OSPF 验证 ROUTER OS 2 明文 AR 0 AUTHEN SP 进程给需要验证的区域启用验证 INT S0/1 IP OS passw 123456 接口配置密码密文 router os 2 ar 0 authen me int s0/1 ip os me 1 md5 123456 bgp router bgp 100 no synchronization bgp全互联必须要关闭同步检查nei 192.168.12.1 remot 200 与AS外部路由建立邻居nei 2.2.2.2 remot 100 与AS内部路由建立邻居nei 2.2.2.2 up lo0 改更新接口为环回接口 nei 2.2.2.2 next-hop-self 改下一跳为自己 net 2.2.2.0 通告路由表里面有的路由ACL 路由上面的ACL要写子网掩码,不能写反掩码基于时间的ACL time-range acl 定义一个时间范围periodic weekdays 09:00 to 12:00 periodic weekdays 14:00 to 17:00 IP access-list extended time 写一个基于时间的acl,调用时间段deny ip 192.168.10.0 255.255.255.0 any time-range acl permit ip any any int g0/4 应用到接口 ip access-group time in int g0/6 ip access-group time in 静态NAT ip route 0.0.0.0 0.0.0.0 192.168.12.2 ip nat inside source static 192.168.10.10 192.168.12.1 int g0/6 ip nat in ints0/1 ip nat out NAPT ip access-list standard NAT 定义要转换的IP网段permit192.168.10.0 255.255.255.0 ip nat pool NAT 192.168.23.10192.168.23.20 255.255.255.0 创建转换的IP地址池 ip nat inside source list NAT pool NAT overload 关联要转换的IP网段和地址池 ip route default 192.168.23.3 写一条缺省路由,下一跳为出口网关的下一跳 router rip 如果跑路由协议,要把缺省重分发到动态路由 redistribute staticinterface Serial0/1 运用到内网接口ip nat inside interface Serial0/2 运用到外网接口 ip nat outside route-map ip acce sta acl 定义要匹配的流量 per 192.168.20.0255.255.255.0 route-map SHENMA 10 permit ma ip add acl 调用ACL set ip next-hop 192.168.12.1 改下一跳 int g0/3 ip po route-map SHENMA 定义到原接口 DHCP 给路由接口分配IP,不能是S口R1 ip dhcpd enable ip dhcpd pool 1network 192.168.12.0 255.255.255.0 range 192.168.12.10 192.168.12.20 R2 interface GigaEthernet0/6 ip address dhcp 给PC分配IP,底层网络要起路由互通实验全网起了RIP协议R1 ip dhcpd enable ip dhcpd pool 2 network 192.168.1.0255.255.255.0 range 192.168.1.10 192.168.1.20 default-router192.168.1.1 R2 ip dhcpd enable 要开启DHCP服务! interface GigaEthernet0/4ip address 192.168.1.1 255.255.255.0 ip helper-address192.168.12.2 设置DHCP服务器IP VPN (GRE) int t0 ipadd 172.168.10.1 255.255.255.0 给T0配IP t so s0/2 源,路由的出接口 t de 192.168.23.3 目的,对端的出接口IP,注意,要可达 t key 123456 T0口密码,两端要一致 exit ip route 192.168.20.0 255.255.255.0 t0 用T0口写一条要到达网段的静态路由int t0 ip add 172.168.10.3255.255.255.0 t so s0/1 t de 192.168.12.1 t key 123456 exit ip route 192.168.10.0 255.255.255.0 t0 VPN (IPSEC) R1 crypto ipsec transform-set SHENMA 设置转换集transform-type esp- des esp-md5-hmac 转换集的加密方式ip access-list extended 100 匹配感兴趣流 permit ip 192.168.10.0 255.255.255.0192.168.20.0 255.255.255.0 crypto map HAN 10 ipsec-isakmpset peer 192.168.23.3 设置对等体set transform-setSHENMA 关联转换集 match address 100 关联感兴趣流 interface Serial0/2 进接口调用 crypto mapHAN R3 crypto ipsec transform-set SHENMA 设置转换集transform-type esp-des esp-md5-hmac 转换集的加密方式,两端要一致ip access-list extended 100 匹配感兴趣流permit ip192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 cryptomap HAN 10 ipsec-isakmp set peer 192.168.12.1 设置对等体 set transform-set SHENMA 关联转换集 matchaddress 100 关联感兴趣流interface Serial0/1 进接口调用crypto map HAN VPN (IKE) crypto isakmp key SHENMA 192.168.23.3 255.255.255.0 设置公共用密钥crypto isakmp policy 10 设置IKE策略 hash md5 aupre enc des group 1 lifetime 86400 crypto ipsec transform-set SHENMA 设置转换集transform-type esp-Des esp-Md5-hmac ip access-list extended 100 匹配感兴趣流permit ip 192.168.10.0 255.255.255.0 192.168.30.0 255.255.255.0 crypto map SHENMA 10 ipsec-isakmp 设置IPSEC加密映射set peer 192.168.23.3 set transform-set SHENMA match address 100 int s0/2 调用到接口 crypto map SHENMA QOS int g0/4 ipadd 192.168.10.1 255.255.255.0 no shutint g0/6 ip add 192.168.20.1 255.255.255.0 no shut int s0/1 ipadd 192.168.12.1 255.255.255.0 phy spe 64000 no shut ip route0.0.0.0 0.0.0.0 192.168.12.2 ip access-list ex 1 定义ACL抓取流量permit ip 192.168.10.0 255.255.255.0 2.2.2.0 255.255.255.0ip access-list ex 2 permit ip 192.168.20.0 255.255.255.0 2.2.2.0 255.255.255.0 priority 1 protocol ip high list 1 写一个IP协议的优先列表,调用ACL 1里面的地址,级别为HIGH priority 1 protocol ip low list 2 写一个IP协议的优先列表,调用ACL 2里面的地址,级别为LOW int s0/1 进接口调用priority 1 交换banner motd 系统登录标题 telnet telnet-server enable 开启TELNET telnet-server max-connection 16 最大连接数 ssh username ssh password 0 123456 ssh-server enable 开启SSH ssh-server timeout 60 连接超时时间ssh-server max-connection 16 最大连接数ssh-server authentication-retries 5 重连次数ssh-server host-key create rsa 创建新的主机密钥vrrp 1,首先要给所有的VLAN配上IP INT VLAN 10 IP ADD 192.168.10.1 255.255.255.0 NO SHUT 2,创建一个VRRP组ROUTER VRRP 10 VIRTUAL-IP 192.168.10.254 给虚拟IP INT VLAN 10 关联VLAN PRIORITY 120 给优先级(默认100)ENABLE 激活STP SW1 spanning-tree 开启STP spanning-tree mode mstp 改为MSTP模式spanning-tree mst configurtaion 配置域 name shenma 域名 revision-level 3 修正级别instance 1 vlan 10;20 在实例里面关联VLAN instance 2 vlan 30;40 exit spanning-tree mst 1 priority 4096 给实例配置优先级,越小的级别越高spanning-tree mst 2 priority 8192 SW2 spanning-tree 开启STP spanning-tree mode mstp 改为MSTP模式spanning-tree mst configurtaion 配置域name shenma 域名revision-level 3 修正级别 instance 1 vlan 10;20 在实例里面关联VLAN instance 2 vlan 30;40 exit spanning-tree mst 1 priority 8192 给实例配置优先级,越小的级别越高spanning-tree mst 2 priority 4096 SW21 spanning-tree 开启STP spanning-tree mode mstp 改为MSTP模式 spanning-tree mst configurtaion 配置域 name shenma 域名 revision-level 3 修正级别 instance 1 vlan 10;20 在实例里面关联VLANinstance 2 vlan 30;40 AM端口安全 am enable int e1/0/1 am port am mac-ip-pool 0000.1111.2222 192.168.10.1 端口镜像monitor session 1 source int e1/0/1 both monitor session 1 destination int e1/0/15 RIP Router rip Net 192.168.1.0/24 Router os 1 Net 192.168.1.0 0.0.0.255 ar 0 Acl Firewall enableIp access-list ex 100 Per ip 192.168.1.0 0.0.0.255 192.168.2.00.0.0.255 单臂路由R1 int g0/5 no shut interface GigaEthernet0/5.1 encapsulation dot1Q 100 ip address 192.168.10.1 255.255.255.0 interface GigaEthernet0/5.2 encapsulation dot1Q 200 ip address 192.168.20.1 255.255.255.0 interface GigaEthernet0/5.3 encapsulation dot1Q 300 ip address 192.168.30.1 255.255.255.0SW1 vlan 100\ sw int e1/0/1-2 vlan 200 sw int e1/0/3-4 vlan 300 sw int e1/0/5-6 int e1/0/20 sw mo tr sw tr all vlan all 端口聚合 PORT-GROUP 1 创建一个组 INT E1/0/17-18 聚合端口要设置为TRUNK SW MO TR SW TR ALL VLAN ALL PORT-GROUP 1 MO ON 设置聚合端口的模式为自动匹配EXIT INT PORT-CHANNAL 1 进入聚合端口配置模式,也要设置为TRUNK SW MO TR SW TR ALL VLAN ALL EXIT dhcp SERV DHCP 开启DHCP服务IP DHCP POOL VLAN10 创建地址池NETW 192.168.10.0 255.255.255.0 def 192.168.10.1 le 2 dns 8.8.8.8 ipdhcp ex 192.168.10.1 192.168.10.10 排除地址范围 dhcp 中继serv dhcp ip for udp boot int vlan 10 ip he 192.168.12.2dhcp snooping serv dhcp 开启DHCP服务ip dhcp snooping enable 开启DHCP SNOOPING 功能ip dhcp snooping binding enable 开启SNOOPING 绑定功能 int e1/0/20 ip dhcp snooping trust 设置接口为信任接口,一般是与服务器相连的接口 int e1/0/1 ip dhcp snooping binding user-control 设置端口自动绑定获取DHCP的地址设置端口手动绑定MAC,VLAN,IP,端口信息(全局模式)ip dhcp snooping binding user 00-11-22-33-44-55 address 192.168.22.22 vlan 1 int e1/0/5 ipv6 6 to 4 greipv6 unicast-routing 允许单播路由interface Tunnel0 ipv6enable 开启IPV6 ipv6 address 2001:23::1/64 tunnel source 192.168.12.1 本端接口地址 tunnel destination 192.168.12.2 对端接口地址tunnel mode gre ip 隧道模式改为GRE tunnel key 123456 隧道密码,两端一致 ipv6 route 3::/64 Tunnel0 写一条下一跳为TUNNEL 0的IPV6静态,不能写默认静态nat Internet(config)#ip route 0.0.0.0 0.0.0.0 fa0/1ipv4网络要可达NAT-PT(config)#ip route 0.0.0.0 0.0.0.0fa0/1NAT-PT(config)#ipv6 nat prefix 2001:db8:feed::/96 设置一个全局NAT前缀,掩码必须96位NAT-PT(config)#ipv6 nat v4v6 source 10.10.10.2 2001:db8:feed::2 写4 TO 6 地址转换,需要到达的地址都要写, 不需要与本地同一网段NAT-PT(config)#ipv6 nat v4v6 source 192.168.1.10 2001:db8:feed::3 NAT-PT(config)#ipv6 nat v6v4 source 2001:db8:cafe:ffff::2 10.10.20.5 写6 to 4 地址转换,需要到达的地址都要写,不需要与本地同一网段 int g0/4 调用到接口,进出都要调用 ipv6 natint g0/4 ipv6 nat pat ipv4 网络要可达NAT-PT(config)#ipv6 nat prefix 2001:db8:feed::/96 设置一个全局NAT前缀,掩码必须96位NAT-PT(config)#ipv6 nat v4v6 source 10.10.10.2 2001:db8:feed::2 写4 TO 6 地址转换,需要到达的地址都要写NAT-PT(config)#ipv6 nat v4v6 source 192.168.1.10 2001:db8:feed::3 不需要与本地同一网段NAT-PT(config)#ipv6 access-list cafe 把IPV6要转换的网段匹配出来NAT-PT(config-ipv6-acl)#permit ipv6 2001:db8:cafe::/48 any NAT-PT(config-ipv6-acl)#exit NAT-PT(config)#ipv6 nat v6v4 pool ipv4 10.10.20.5 10.10.20.6 prefix-length 24 写一个6 TO 4 的NAT地址池,不需要已知网段 NAT-PT(config)#ipv6 nat v6v4 source list cafe pool ipv4 overload 把要转换的网段与地址池关联int g0/4 ipv6 nat int g0/4 ipv6 nat riping ipv6 router rip 100 全局创建RIP实例,名字为100 exit interface GigaEthernet0/4ipv6 enable 开启IPV6 ipv6 address 2001::1/64 ipv6 rip 100 enable 启动为100的实例需要宣告的接口要设置ospfv3 ipv6 router ospf 1 全局创建ospf,进程为1 int g0/6 ipv6 enable ipv6 address 2001::1/64 ipv6 ospf 1 area 0 宣告本接口为 area 0 需要宣告的接口要设置。
实验内容目录交换机部分实验内容交换机部分-实验1:使用sniffer软件捕获数据包并进行分析交换机部分-实验2:交换机带外管理、带内管理方式和enable密码配置。
交换机部分-实验3:交换机常用配置指令交换机部分-实验4:交换机配置文件的上传和下载交换机部分-实验5:单交换机Vlan的划分和结果验证交换机部分-实验6:跨交换机Vlan的划分配置及结果验证交换机部分-实验7:交换机堆叠的配置交换机部分-实验8:交换机链路聚合的配置和结果验证交换机部分-实验9:交换机端口与地址的绑定和结果验证交换机部分-实验10:交换机端口镜像的配置和嗅探验证交换机部分-实验11:生成树协议配置和结果验证路由器部分实验内容路由器部分-实验1:认识路由器的接口和路由器配置模式路由器部分-实验2:路由器的密码管理路由器部分-实验3:路由器配置文件的上传和下载,常用指令的使用。
路由器部分-实验4:路由器网络接口的IP地址设置及HDLC封装/PPP封装路由器部分-实验5:路由器静态路由配置路由器部分-实验6:路由器动态路由配置扩展部分实验内容扩展部分-实验1:通过独臂路由实现Vlan之间互访扩展部分-实验2:通过三层交换实现Vlan之间互访扩展部分-实验3:交换机DHCP服务配置(路由器DHCP服务类似)扩展部分-实验4:交换机ACL访问控制配置扩展部分-实验5:路由器的NAT功能神州数码网络实验室实验手册(交换机部分)实验1:使用sniffer软件捕获数据包并进行分析●实验线路连接图●实验内容:(1)在测试机A上配置IP地址为192.168.1.1。
(2)在测试机A上安装sniffer软件,配置sniffer软件的过滤功能,只捕获tcp数据报的ftp报文。
(3)在测试机A上使用windows的IIS将测试机A配置成ftp服务器。
(4)在测试机A上启动sniffer捕获功能。
(5)在测试机B上配置IP地址为192.168.1.2。
神州数码路由器的基本配置神州数码路由器的基本配置⒈硬件准备在进行神州数码路由器的基本配置之前,请确保您已经完成以下硬件准备:●神州数码路由器设备●电源适配器●网络电缆(Ethernet cable)●电脑或其他设备⒉连接路由器将神州数码路由器与电脑或其他设备连接起来,按照以下步骤进行操作:⑴将电源适配器插入神州数码路由器的电源口。
⑵使用网络电缆将一端插入神州数码路由器的LAN口(标有LAN或Ethernet的端口)。
⑶使用另一端将网络电缆插入电脑或其他设备的网卡接口。
⒊访问路由器管理界面通过以下步骤,访问神州数码路由器的管理界面:⑴打开您的浏览器(如Chrome、Firefox等)。
⑵在浏览器的地址栏中,输入默认的神州数码路由器IP地址(例如19⑴6⒏⑴)。
⑶按下Enter键,访问路由器管理界面。
⒋登录路由器登录神州数码路由器的管理界面,您需要进行以下操作:⑴在登录页面中输入默认的用户名和密码。
您可以在路由器的说明书或官方网站上找到这些信息。
⑵登录按钮,确认您的用户名和密码是否正确。
⑶如果登录成功,您将进入路由器的管理界面。
⒌基本设置在路由器的管理界面中,您可以进行路由器的基本配置。
以下是一些常见的基本设置:⑴更改路由器的名称(SSID):在Wireless设置中,您可以修改路由器的名称,使其更容易识别。
⑵设置无线密码:在Security设置中,您可以设置一个强密码以保护您的无线网络。
⑶ DHCP设置:在DHCP设置中,您可以启用或禁用DHCP服务,并设置IP地址范围。
⑷ WAN设置:在WAN设置中,您可以配置路由器连接到互联网的方式,例如ADSL、动态IP或静态IP等。
⒍保存配置完成基本设置后,确保保存或应用按钮来保存所做的更改。
附件:无法律名词及注释:●IP地址:网络中设备的唯一标识符,用来进行网络通信。
●LAN:Local Area Network,局域网的简称,是指一定范围内的局部网络。
第一部分交换机配置一、基础配置1、模式进入Switch>Switch>enSwitch#configSwitch(Config)#interface ethernet 0/22、配置交换机主机名命令:hostname <主机名>3、配置交换机IP地址Switch(Config)#interface vlan 1Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0Switch(Config-If-Vlan1)#no shut4、为交换机设置Telnet授权用户和口令:登录到Telnet的配置界面,需要输入正确的用户名和口令,否则交换机将拒绝该Telnet用户的访问。
该项措施是为了保护交换机免受非授权用户的非法操作。
若交换机没有设置授权Telnet用户,则任何用户都无法进入交换机的Telnet配置界面。
因此在允许Telnet方式配置管理交换机时,必须在Console的全局配置模式下使用命令username <username>privilege <privilege> [password (0 | 7) <password>]为交换机设置Telnet授权用户和口令并使用命令authentication line vty login local打开本地验证方式,其中privilege选项必须存在且为15。
例:Switch>enableSwitch#configSwitch(config)#username test privilege 15 password 0 testSwitch(config)#authentication line vty login localSwitch(Config)#telnet-user test password 0 testSwitch (Config)#telnet-server enable://启动远程服务功能5、配置允许Telnet管理交换机的地址限制(单独IP或IP地址段)(1)限制单个IP允许Telnet登录交换机switch(config)#authentication security ip 192.168.1.2(2)限制允许IP地址段Telnet登录交换机switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255switch(config)#authentication ip access-class 1 in5、为交换机设置Web授权用户和口令:web-user <用户名>password {0|7} <密码>例:Switch(Config)#web-user admin password 0 digital6、设置系统日期和时钟:clock set <HH:MM:SS> <YYYY/MM/DD>7、设置退出特权用户配置模式超时时间exec timeout <minutes > //单位为分钟,取值范围为0~3008、保存配置:write9、显示系统当前的时钟:Switch#show clock10、指定登录用户的身份是管理级还是访问级Enable [level {visitor|admin} [<密码>]]11、指定登录配置模式的密码:Enable password level {visitor|admin}12、配置交换机的用户名密码:username admin privilege 15 password 0 admin00013、配置enable密码为ddd:enable password 0 ddd level 1514、配置登录时认证:authentication line vty login local15、设置端口的速率和双工模式(接口配置模式下)命令:speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | {{force1g-half | force1g-full} [nonegotiate [master | slave]] } }no speed-duplex二、单交换机VLAN划分1、VLAN基本配置(1)新建VLAN:vlan <vlan-id>(2)命名VLAN:name <vlan-name>(3)为VLAN 分配交换机端口Switch(Config-If-Vlan1)#switchport interface Ethernet 0/2(4)设置Trunk 端口允许通过VLAN:Switch(Config-ethernet0/0/5)#switchport trunk allowed vlan 1;3;5-202、划分VLAN:(1)进入相应端口:Switch(config)#interface Ethernet 0/2(2)修改模式:Switch(Config-ethernet0/0/5)switchport mode access(3)划分VLAN:Switch(Config-ethernet0/0/5)#switchport access vlan 4三、跨交换机VLAN划分(两台交换机作相同操作)1、新建VLAN2、划分VLAN3、修改链路模式(1)进入相应端口:Switch(config)#interface Ethernet 0/1(2)修改模式:Switch(config-if)#switchport mode trunk四、VLAN间主机的通信1、新建VLAN2、划分VLAN3、修改链路模式(1)进入相应端口:Switch(config)#interface Ethernet 0/1(2)修改模式:Switch(config-if)#switchport mode trunk注意:如果是三层交换机,在修改模式先封装802.1协议:Switch(config-if)#switchport trunk encapsulation dot1q4、建立VLAN子接口(1)、进入VLAN接口模式:Switch(config)#interface vlan 2(2)、设置VLAN子接口地址:Switch(config-if)#ip address 192.168.0.1 255.255.255.0 (3)、打开端口:Switch(config-if)#no shutdown5、设置各主机IP地址、子网掩码、网关注意:(1)各主机IP地址应与其所在的VLAN在同一网段。
引言概述:神州数码路由器是一种网络设备,用于连接互联网和局域网,帮助用户实现网络连接、数据传输和网络安全等功能。
正确的配置神州数码路由器对于确保网络的稳定性和安全性至关重要。
本文将详细介绍如何配置神州数码路由器,以确保网络的高效运行和保障用户的网络安全。
正文内容:1.基础设置1.1网络连接方式设置1.1.1确定是通过广域网连接还是局域网连接;1.1.2根据连接方式选择合适的网络设置;1.1.3设置IP地质、子网掩码和默认网关等参数。
1.2管理员账户设置1.2.1创建管理员账户并设置密码;1.2.2限制管理员账户的访问权限;1.2.3定期更改管理员账户密码以增强安全性。
2.网络安全设置2.1防火墙设置2.1.1启用基本防火墙功能;2.1.2配置入站和出站规则;2.1.3使用防火墙日志监控网络流量。
2.2无线网络安全设置2.2.1启用WPA2加密方式保护无线网络;2.2.2设置强密码,并定期更换密码;2.2.3启用MAC地质过滤,限制无线网络的访问。
2.3路由器访问控制2.3.1禁用不必要的服务和远程管理接口;2.3.2设置访问控制列表(ACL)以限制特定IP地质或IP地质范围的访问;2.3.3配置路由器的登录认证机制,如使用RADIUS认证或者802.1x认证。
3.网络性能优化3.1无线网络信号优化3.1.1选择合适的无线信道;3.1.2避免干扰源,如电磁设备和其他无线网络;3.1.3调整无线信号的传输功率。
3.2路由策略优化3.2.1配置动态路由协议,如OSPF或RIP;3.2.2设置合适的带宽控制策略;3.2.3调整MTU值以优化数据传输效率。
3.3网络QoS设置3.3.1根据不同应用的需求,设置不同的服务质量(QoS)级别;3.3.2配置带宽限制和优先级规则,以确保关键业务的优先传输。
4.远程管理和监控4.1启用远程管理功能,方便对路由器进行远程配置和监控;4.2设置报警和日志记录功能,及时发现异常情况;4.3定期备份路由器的配置文件以防止设置丢失。
Telnet远程Shell管理•设置交换机IP地址–Switch(config)#interface vlan 1–Switch(config-If-Vlan1)#ip address 10.1.1.1 255.255.255.0–Switch(config-If-Vlan1)#no shutdown•交换机设置Telnet授权用户和口令;若交换机没有设置授权Telnet用户,则任何用户都无法进入交换机的CLI配置界面。
–Switch(config)#telnet-user test password 0 testHTTP远程图形管理•设置交换机IP地址–Switch(config)#interface vlan 1–Switch(config-If-Vlan1)#ip address 10.1.1.1 255.255.255.0–Switch(config-If-Vlan1)#no shutdown•交换机启动HTTP Server功能–Switch(config)#ip http server•交换机设置Web授权用户和口令;若交换机没有设置授权Web用户,则任何用户都无法进入交换机的Web配置界面。
–Switch(config)#web-user test password 0 testSSH配置•Switch(Config)#ssh-user test password 0 test•Switch(Config)#ssh-server enableVLAN的基本配置•划分VLAN 100和VLAN 200,并加入端口;–Switch(Config)#vlan 100–Switch(Config-Vlan100)#switchport interface e0/0/1-5–Switch(Config)#vlan 200–Switch(Config-Vlan200)#switchport interface e0/0/6-10•配置0/0/24端口为级联端口–Switch(Config)#interface ethernet 0/0/24–Switch(Config-ethernet0/0/24)#switchport mode trunk–switchport trunk allowed vlan 100;200–/#Trunk端口缺省允许通过所有VLAN;用户可以通过上述命令设置哪些VLAN 的流量可以通过Trunk口,没有包含的VLAN流量则被禁止。
Hostname: HaiNanZFXYS9303:sysname HaiNanZFXY(1)全局配置密码:admingyS9303:super password admingy123(2)用户:zfxygf admingyzfxy adminS9303:aaaLocal-user zfxy password cipher admingyLocal-user zfxy level 3(3)远程登录认证:Radius + Local (Radius server ip 查看?)Authentication Security ip :125.217.112.230192.168.7.248125.217.113.254125.217.112.235125.217.112.227192.168.99.248S9303:radius-server template renzhengradius-serverradius-server shared-keyradius-server retransmit 2aaaauthentication-scheme defaultauthentication-mode radius localauthorization-scheme defaultaccounting-scheme defaultdomain defaultuser-interface vty 0 4authentication-mode aaauser privilege level 3acl 3001rule 0 permit ip source 125.217.112.230 0 destination anyrule 1 permit ip source 192.168.7.248 0 destination anyrule 2 permit ip source 125.217.113.254 0 destination anyrule 3 permit ip source 125.217.112.235 0 destination anyrule 4 permit ip source 125.217.112.227 0 destination anyrule 5 permit ip source 192.168.99.248 0 destination anyrule 6 deny ip source any destination anyuser-interface vty 0 4acl 3001 inboundacl 3001 outbound(4)dhcp server:转发udp bootp 协议Help ip 125.217.112.235S9303:Dhcp enabledhcp server group dhcprelaydhcp-server 125.217.112.235(5)Firewall:启用(6)VLAN:Vlan 1Vlan 10Vlan 13Vlan 16Vlan 17Vlan 18Vlan 19Vlan 20Vlan 22Vlan 25Vlan 26Vlan 27Vlan 28Vlan 48Vlan 49Vlan 70Vlan 200Vlan 222Vlan 254Vlan 2000Vlan 6Description zonghelouVlan 8Description1jiaoxuelouVlan 11Description2jiao6louVlan 12Description peixunlouVlan 21Vlan 23Description8jifang Vlan 24Description9jifang Vlan 30Description internet Vlan 33Description servers Vlan 34Description DMZVlan 38Description15#(1-2)new Vlan 40Description jiaoyuwang Vlan 41Description girlhouse-4 Vlan 42Description girlhouse11 Vlan 43Description boyhouse5 Vlan 44Description boyhouse15 Vlan 45Description15_1-3 Vlan 46Description15_5Vlan 47Description15_6Vlan 50Description shitang Vlan 51Description safeVlan 52Description11#(1-3) Vlan 53Description15#(1-2) Vlan 54Description tushuguan Vlan 55Description16#-1Vlan 56Description16#-2Vlan 57Vlan 58Description16#-4Vlan 59:Description16#-5Vlan 60Description16#-6Vlan 71Description shixunlou-1louVlan 72Description shixunlou-2louVlan 73Description shixunlou-3louVlan 74Description shixunlou-4louVlan 75Description shixunlou-5louVlan 76Description shixunlou-6louVlan 77Description shixunlou-4lou-dianjin Vlan 78Description shixunlou-4lou-zhongxin Vlan 79Description shixunlou-401Vlan 80Description shixunlou-403Vlan 81Description shixunlou-405Vlan 82Description shixunlou-406Vlan 83Description shixunlou-407Vlan 100Description guanlivlanVlan 300Description to16#beiVlan 301Description to15#nanVlan 302Description to11#Vlan 303Description to5#Vlan 304Vlan 500Description jinlongkaVlan 1000Description CRPcuncuVlan 3000Description hnzfwifi(7)ACL:Deny ip any-source 192.168.(21-28,31-38).0 0.0.0.255S9303:rule 5001 deny ip source 10.1.7.0 0.0.0.255 destination 10.1.2.0 0.0.0.255进入端口模式Acl 5001 inboundAcl 5001 outound(8)Port interface:9个千兆口1/1 UP/UP a-100M a-FULL 33 FE netlogguanli 1/2 UP/UP a-100M a-FULL 40 FE jiaoyuwang 1/3 A-DOWN/DOWN auto auto 1 FE1/4 UP/UP a-100M a-FULL 34 FE1/5 UP/UP a-100M a-FULL 34 FE bgwOAserver 1/6 UP/UP a-100M a-FULL 33 FE1/7 DOWN/DOWN auto auto 40 FE1/8 UP/UP a-100M a-FULL 34 FE1/9 UP/UP a-100M a-FULL 34 FE1/10 UP/UP a-100M a-FULL 33 FE1/11 UP/UP a-100M a-FULL 33 FE1/12 UP/UP a-100M a-FULL 33 FE DHCP-SERVER 1/13 UP/UP a-100M a-FULL 33 FE1/14 UP/UP a-100M a-FULL 500 FE1/15 DOWN/DOWN auto auto 500 FE1/16 UP/UP a-100M a-FULL 33 FE1/17 UP/UP a-100M a-FULL 34 FE1/18 UP/UP a-100M a-FULL 33 FE1/19 UP/UP a-100M a-FULL trunk FE1/20 UP/UP a-100M a-FULL 34 FE1/21 UP/UP a-100M a-FULL 33 FE1/22 DOWN/DOWN auto auto 33 FE1/23 UP/UP a-100M a-FULL 33 FE1/24 DOWN/DOWN auto auto 54 FE1/25 UP/UP a-1G a-FULL 30 G-Combo:Copper dianxin 1/26 UP/UP a-100M a-FULL trunk G-Combo:Copper1/27 UP/UP a-1G a-FULL 33 G-Combo:Copper1/28 DOWN/DOWN auto auto trunk G-Combo2/1 UP/UP a-1G a-FULL 1000 G-TX CRPchunchu 2/2 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/3 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/4 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/5 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/6 UP/UP a-1G a-FULL 1000 G-TX CRP-chunchu 2/7 UP/UP a-100M a-FULL trunk G-TX2/8 DOWN/DOWN auto auto 34 G-TX huangbingwen 2/9 DOWN/DOWN auto auto 34 G-TX guoyi2/10 DOWN/DOWN auto auto 34 G-TX liuyun 2/11 DOWN/DOWN auto auto 2000 G-TX2/12 UP/UP a-1G a-FULL trunk G-TX guoyitrunk 2/13 DOWN/DOWN auto auto 33 G-Combo2/14 DOWN/DOWN auto auto 51 G-Combo2/15 DOWN/DOWN auto auto 1 G-Combo2/16 DOWN/DOWN auto auto 1 G-Combo2/17 DOWN/DOWN auto auto 1 G-Combo2/18 DOWN/DOWN auto auto 1 G-Combo2/19 DOWN/DOWN auto auto 1 G-Combo2/20 UP/UP a-100M a-FULL 3000 G-Combo:Copper2/21 DOWN/DOWN auto auto 1 G-Combo2/22 DOWN/DOWN auto auto 1 G-Combo2/23 DOWN/DOWN auto auto 1 G-Combo2/24 DOWN/DOWN auto auto 1 G-Combo2/25 DOWN/DOWN auto auto 1 XFP3/1 UP/UP a-1G a-FULL trunk SFP zonghelou 3/2 UP/UP a-1G a-FULL trunk SFP peixunlou 3/3 UP/UP a-1G a-FULL trunk SFP 15#3/4 UP/UP a-1G a-FULL trunk SFP 11#3/5 UP/UP a-1G a-FULL trunk SFP 5#3/6 UP/UP a-1G a-FULL trunk SFP 4#3/7 UP/UP a-1G a-FULL trunk SFP xijing3/8 DOWN/DOWN auto auto 54 SFP tushuguan 3/9 UP/UP a-1G a-FULL trunk SFP 35523/10 UP/UP a-1G a-FULL trunk SFP 16#3/11 UP/UP a-1G a-FULL trunk SFP jiashu9#3/12 UP/UP a-1G a-FULL trunk SFP sushe-10# E1/1:guanli access vlan 33E1/2:jiaoyuwang access vlan 40E1/4:access vlan 34E1/5:access vlan 34E1/6:access vlan 33E1/7:access vlan 40E1/8:access vlan 34E1/9:access vlan 34E1/10:access vlan 33E1/11:access vlan 33E1/12:access vlan 33E1/13:access vlan 33E1/14:access vlan 500E1/15:access vlan 500E1/16:access vlan 33E1/17:access vlan 34E1/18:access vlan 33E1/19:trunk allow vlan 51,71-83,254,500E1/20:access vlan 34E1/21:access vlan 33E1/22:access vlan 33E1/23:access vlan 33E1/24:access vlan 54E1/25:dianxin access vlan 30E1/26:trunkE1/27:access vlan 33E1/28:trunk allow vlan 1,28E2/1:CRPcuncu access vlan 1000E2/2:CRPcuncu access vlan 1000E2/3:CRPcuncu access vlan 1000E2/4:CRPcuncu access vlan 1000E2/5:CRPcuncu access vlan 1000E2/6:CRPcuncu access vlan 1000E2/7:trunkE2/8:huangbingwen access vlan 34E2/9:guoyi access vlan 34E2/10:liuyan access vlan 34E2/11:access vlan 2000E2/12:guoyitrunk trunk vlan 8;10-11;13;30;33-34;40;51 E2/13:access vlan 33E2/14:access vlan 51E2/15:E2/16:E2/17:E2/18:E2/19:E2/20:access vlan 3000E2/21:E2/22:E2/23:E2/24:E2/25:E3/1:description zonghelou trunk allowed vlan 1;6;40;48-49;51E3/2:description peixunlou trunk allowed vlan 1;12;16;30;33;40;50;500 E3/3:description 15# trunk allowed vlan 1;301;500E3/4:description 11# trunk allowed vlan 1;302;500E3/5:description 5# trunk allowed vlan 1;43;303;500E3/6:description 4# trunk allowed vlan 1;8;41;304;500E3/7:description xijingswitchport mode trunkswitchport trunk allowed vlan 1;10-11;13;21-22;24;30;33-34;40switchport trunk allowed vlan add 51E3/8:description tushuguan switchport access vlan 54E3/9:description 3552switchport mode trunkswitchport trunk allowed vlan 1;8;10-11;13;16-20;23;25-28;30switchport trunk allowed vlan add 33-34;40;50-51;76;500E3/10:description 16# trunk allowed vlan 1;30;33-34;55-60;300;500E3/11:description jiashu9# trunk allowed vlan 26-27;500E3/12:description sushe-10# trunk allowed vlan 1;28S9303:interface GigabitEthernet 2/0/0undo port hybrid vlan 1023description guanliport link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/1undo port hybrid vlan 1023description jiaoyuwangport link-type accessport default vlan 40undo shutdowninterface GigabitEthernet 2/0/3undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/4undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/5 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/7 undo port hybrid vlan 1023 port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/8 undo port hybrid vlan 1023 port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/9 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/10 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/11 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/12 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/13undo port hybrid vlan 1023port link-type accessport default vlan 500undo shutdowninterface GigabitEthernet 2/0/15undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/16undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/17undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/18undo port hybrid vlan 1023port link-type trunkport trunk allow-pass vlan 51 71 to 83 254 500 undo shutdowninterface GigabitEthernet 2/0/19undo port hybrid vlan 1023port link-type accessport default vlan 34undo shutdowninterface GigabitEthernet 2/0/20undo port hybrid vlan 1023port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/22undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/24 undo port hybrid vlan 1023 description dianxinport link-type accessport default vlan 30undo shutdowninterface GigabitEthernet 2/0/25 undo port hybrid vlan 1023 port link-type trunkundo shutdowninterface GigabitEthernet 2/0/26 undo port hybrid vlan 1023 port link-type accessport default vlan 33undo shutdowninterface GigabitEthernet 2/0/28 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/29 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/30 undo port hybrid vlan 1023 description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/31undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/32undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/33undo port hybrid vlan 1023description CRPcuncuport link-type accessport default vlan 1000undo shutdowninterface GigabitEthernet 2/0/34undo port hybrid vlan 1023port link-type trunkundo shutdowninterface GigabitEthernet 2/0/39undo port hybrid vlan 1023description guoyitrunkport link-type trunkport trunk allow-pass vlan 8 10 to 11 13 30 33 to 34 40 to 51 undo shutdowninterface GigabitEthernet 2/0/47undo port hybrid vlan 1023port link-type accesseport default vlan 3000undo shutdowninterface GigabitEthernet 5/1/0undo port hybrid vlan 1023combo-port fiberdescription zonghelouport link-type trunkport trunk allow-pass vlan 1 6 40 48 to 49 51 undo shutdowninterface GigabitEthernet 5/1/1undo port hybrid vlan 1023combo-port fiberdescription peixunlouport link-type trunkport trunk allow-pass vlan 1 12 16 30 33 40 50 500 undo shutdowninterface GigabitEthernet 5/1/2undo port hybrid vlan 1023combo-port fiberdescription 15#port link-type trunkport trunk allow-pass vlan 1 301 500undo shutdowninterface GigabitEthernet 5/1/3undo port hybrid vlan 1023combo-port fiberdescription 11#port link-type trunkport trunk allow-pass vlan 1 302 500undo shutdowninterface GigabitEthernet 5/1/4undo port hybrid vlan 1023combo-port fiberdescription 5#port link-type trunkport trunk allow-pass vlan 1 43 303 500undo shutdowninterface GigabitEthernet 5/1/5undo port hybrid vlan 1023combo-port fiberdescription 4#port link-type trunkport trunk allow-pass vlan 1 8 41 304 500undo shutdowninterface GigabitEthernet 5/1/6undo port hybrid vlan 1023combo-port fiberdescription xijingport link-type trunkport trunk allow-pass vlan 1 10 11 13 21 22 24 30 33 34 40 51undo shutdowninterface GigabitEthernet 5/1/8undo port hybrid vlan 1023combo-port fiberdescription 3552port link-type trunkport trunk allow-pass vlan 1 8 10 11 13 16 to 20 23 25 to 28 30 33 34 40 50 51 76 500undo shutdowninterface GigabitEthernet 5/1/9undo port hybrid vlan 1023combo-port fiberdescription 16#port link-type trunkport trunk allow-pass vlan 1 30 33 34 55 to 60 300 500undo shutdowninterface GigabitEthernet 5/1/10undo port hybrid vlan 1023combo-port fiberdescription jiashu9#port link-type trunkport trunk allow-pass vlan 26 27 500undo shutdowninterface GigabitEthernet 5/1/11undo port hybrid vlan 1023combo-port fiberdescription sushe-10#port link-type trunkport trunk allow-pass vlan 1 28undo shutdown(9)vlan interface:interface Vlan 1ip address 192.168.200.1 255.255.255.0interface Vlan 6ip address 125.217.113.1 255.255.255.128interface Vlan 8ip address 192.168.30.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 10ip address 192.168.6.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 11ip address 125.217.112.1 255.255.255.128 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 12ip address 192.168.9.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 13ip address 125.217.112.129 255.255.255.192 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 16ip address 192.168.10.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 17ip address 192.168.11.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 18ip address 192.168.12.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 19ip address 192.168.13.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 20ip address 192.168.14.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 21ip address 192.168.15.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 22ip address 192.168.16.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 23ip address 192.168.17.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 24ip address 192.168.18.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 25ip address 125.217.113.129 255.255.255.224interface Vlan 26ip address 125.217.113.161 255.255.255.224interface Vlan 27ip address 125.217.113.193 255.255.255.224interface Vlan 28ip address 125.217.113.225 255.255.255.224interface Vlan 30ip address 192.168.100.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 33ip address 125.217.112.225 255.255.255.224interface Vlan 34ip address 192.168.99.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 38dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 40ip address 210.37.29.50 255.255.255.240interface Vlan 41dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 42dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 43dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 44dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 45dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 46dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 47dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 48ip address 192.168.27.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 49ip address 192.168.28.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 50ip address 192.168.8.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 51ip address 192.168.7.1 255.255.255.0dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 52dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 53dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 54ip address 125.217.115.254 255.255.255.224interface Vlan 55dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 56dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 57dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 58dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 59dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 60dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 70ip address 192.168.19.1 255.255.255.192 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 71ip address 192.168.71.1 255.255.255.0interface Vlan 72ip address 192.168.72.1 255.255.255.0interface Vlan 73ip address 192.168.73.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 74ip address 192.168.74.1 255.255.255.0interface Vlan 75ip address 192.168.75.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 76ip address 192.168.76.1 255.255.255.0interface Vlan 77ip address 192.168.77.1 255.255.255.0interface Vlan 78ip address 192.168.78.1 255.255.255.0interface Vlan 79ip address 192.168.79.1 255.255.255.0interface Vlan 80ip address 192.168.80.1 255.255.255.0interface Vlan 81ip address 192.168.81.1 255.255.255.0interface Vlan 82ip address 192.168.82.1 255.255.255.0interface Vlan 83ip address 192.168.83.1 255.255.255.0 interface Vlan 100interface Vlan 222ip address 172.16.222.1 255.255.255.0 dhcp relay server-select dhcprelaydhcp select relayinterface Vlan 254ip address 192.168.254.1 255.255.255.0interface Vlan 300ip address 192.168.201.254 255.255.255.252interface Vlan 301ip address 192.168.201.250 255.255.255.252interface Vlan 302ip address 192.168.201.246 255.255.255.252interface Vlan 303ip address 192.168.201.242 255.255.255.252interface Vlan 304ip address 192.168.201.238 255.255.255.252interface Vlan 500ip address 192.168.50.1 255.255.255.0interface Vlan 2000ip address 192.168.202.1 255.255.255.0interface Vlan 3000description HNZF-WIFIip address 172.17.0.1 255.255.240.0dhcp select relaydhcp relay server-select dhcprelay(10)no mac-address-learning cpu-control:S9303:mac-address learning disable(11)IP route-static:ip route-static 0.0.0.0/0 192.168.100.3ip route-static 58.154.0.0 15 210.37.29.49ip route-static 58.192.0.0 12 210.37.29.49ip route-static 59.50.76.0 24 192.168.100.3ip route-static 116.13.0.0 16 210.37.29.49ip route-static 116.56.0.0 15 210.37.29.49ip route-static 118.202.0.0 15 210.37.29.49ip route-static 118.228.0.0 15 210.37.29.49ip route-static 118.230.0.0 16 210.37.29.49ip route-static 121.48.0.0 15 210.37.29.49ip route-static 121.52.160.0 19 210.37.29.49ip route-static 121.192.0.0 14 210.37.29.49ip route-static 121.248.0.0 14 210.37.29.49ip route-static 122.204.0.0 14 210.37.29.49ip route-static 125.216.0.0 13 210.37.29.49ip route-static 125.217.115.0 24 125.217.115.253 ip route-static 162.105.0.0 16 210.37.29.49ip route-static 166.111.0.0 16 210.37.29.49ip route-static 192.168.20.0 24 192.168.201.237ip route-static 192.168.21.0 24 192.168.201.245ip route-static 192.168.22.0 24 192.168.201.241ip route-static 192.168.23.0 24 192.168.201.249ip route-static 192.168.24.0 24 192.168.201.249ip route-static 192.168.25.0 24 192.168.201.249ip route-static 192.168.26.0 24 192.168.201.249ip route-static 192.168.29.0 24 192.168.201.249ip route-static 192.168.31.0 24 192.168.201.245ip route-static 192.168.32.0 24 192.168.201.253ip route-static 192.168.33.0 24 192.168.201.253ip route-static 192.168.34.0 24 192.168.201.253ip route-static 192.168.35.0 24 192.168.201.253ip route-static 192.168.36.0 24 192.168.201.253ip route-static 192.168.37.0 24 192.168.201.253ip route-static 192.168.38.0 24 192.168.201.249ip route-static 202.4.128.0 19 210.37.29.49ip route-static 202.38.64.0 19 210.37.29.49ip route-static 202.38.96.0 19 210.37.29.49ip route-static 202.38.140.0 23 210.37.29.49ip route-static 202.38.184.0 21 210.37.29.49ip route-static 202.38.192.0 18 210.37.29.49ip route-static 202.112.0.0 13 210.37.29.49ip route-static 202.120.0.0 15 210.37.29.49ip route-static 202.127.216.0 21 210.37.29.49ip route-static 202.127.224.0 19 210.37.29.49ip route-static 202.179.240.0 20 210.37.29.49ip route-static 202.192.0.0 12 210.37.29.49ip route-static 203.91.120.0 21 210.37.29.49ip route-static 210.24.0.0 13 210.37.29.49ip route-static 210.24.0.0 16 192.168.100.3ip route-static 210.25.0.0 18 192.168.100.3ip route-static 210.32.0.0 12 210.37.29.49ip route-static 211.64.0.0 13 210.37.29.49ip route-static 211.80.0.0 13 210.37.29.49ip route-static 218.192.0.0 13 210.37.29.49ip route-static 219.216.0.0 13 210.37.29.49ip route-static 219.224.0.0 13 210.37.29.49ip route-static 219.240.0.0 13 210.37.29.49ip route-static 222.16.0.0 12 210.37.29.49ip route-static 222.192.0.0 12 210.37.29.49(12)ntp enableS9303:ntp-service unicast-server x.x.x.xundo ntp-service disable(13)no login(14) monitor session 1 source interface Ethernet1/25 txmonitor session 1 destination interface Ethernet1/26 S9303:observe-port 1 interface GigabitEthernet 2/0/25Interface GigabitEthernet 5/1/22port-mirroring to observe-port 1 bothdis mac-add ge x/x/xdis inter bdis arp | incl x.x.x.x。
神州数码路由器及交换机配置命令简介神州数码是一个中国的网络设备制造商。
它提供了多种路由器和交换机产品,包括SOHO、企业和运营商级别的产品。
在这篇文档中,我们将介绍对神州数码路由器及交换机进行配置的基本命令。
这些命令可用于启用和禁用端口、配置具有VLAN的端口以及管理路由和静态路由等。
命令列表所有设备通用命令以下是在所有神州数码路由器和交换机上都可以执行的通用命令。
1. 基本配置enable // 进入特权模式configure terminal // 进入全局配置模式hostname <name> // 配置设备名称banner motd #<message># // 设置登录提示信息interface <interface> // 进入具体端口的配置界面no shutdown // 开启端口shutdown // 关闭端口exit // 退出当前模式show running-config // 显示当前配置write memory // 将当前配置保存到FLASH文件系统中,以便重启后仍然存在2. VLAN 配置vlan <id> // 进入 VLAN 配置模式name <name> // 配置 VLAN 名称exit // 退出 VLAN 配置模式interface <interface> // 进入具体端口的配置界面switchport access vlan <id> // 配置端口所在VLAN号,使端口成为 ACCESS 端口switchport mode trunk // 配置端口为 TRUNK 端口,可同时传输多个 VLA N3. 静态路由ip route <destination_network> <destination_subnet_mask> <next_hop_a ddress> // 添加静态路由show ip route // 显示当前路由表某些设备具有的高级命令以下命令在某些神州数码路由器和交换机上可用。
神州数码路由器配置(一)引言概述:本文将介绍神州数码路由器的配置方法。
路由器是连接计算机与局域网之间的重要设备,正确配置路由器可以实现网络连接与数据传输的顺畅运行。
本文将从以下5个大点详细阐述路由器的配置方法。
正文:一、初次配置路由器1. 准备工作:确保路由器、电脑、网线等设备完好,连接电源并启动设备。
2. 连接路由器:使用网线将路由器与电脑相连。
3. 登录路由器:打开浏览器,在地址栏输入默认网关IP地址,进入路由器登录页面。
4. 输入用户名密码:根据用户手册提供的默认用户名和密码,输入登录路由器的账号和密码。
5. 修改密码:登录成功后,修改默认密码以提高安全性。
6. 配置网络:根据网络提供商提供的帐号和密码,设置PPPoE拨号或静态IP等网络连接方式。
二、无线网络配置1. 进入设置界面:在浏览器中输入路由器的IP地址,在登录页面输入用户名和密码登录路由器。
2. 开启无线功能:在路由器设置界面中找到“无线网络”选项,通过启用无线网络功能开启无线局域网。
3. 设置无线网络名称(SSID):为无线网络分配一个易于识别的名称。
4. 设置无线网络安全性:选择适当的加密方式,如WPA2-PSK,设置无线密码以保护网络安全。
5. 设定无线信道:选择一个较少干扰的信道以提高无线网络性能。
三、端口映射设置1. 进入路由器设置界面:在浏览器中输入路由器的IP地址,在登录页面输入用户名和密码登录路由器。
2. 找到“端口转发”或“虚拟服务器”选项:不同型号的路由器设置界面可能会有所不同。
3. 添加端口映射规则:输入需要映射的端口号、协议、局域网IP地址等相关信息。
4. 保存设置:点击保存或应用按钮保存端口映射设置。
5. 检查映射状态:可以使用在线端口检测工具检查端口映射是否成功。
四、家长控制设置1. 访问路由器设置界面:打开浏览器,输入路由器的IP地址,在登录界面输入用户名和密码登录路由器。
2. 找到“家长控制”或“访问控制”选项:在路由器设置界面中寻找家长控制相关选项。
