固定IP上網配置:
用戶使用電信的光纖線路接入Internet,用戶將電信提供的光纖接頭通過光纖轉換器與路由器的WAN口連接。用戶在WAN口上使用電信分配的廣域網地址218.5.19.2,在LAN口上使用內部網地址192.168.0.1,該地址即內部網關地址。用戶在LAN和WAN口上配置了NAT以使內部網用戶可以共享光纖線路來訪問Internet。
固定 IP地址接入典型配置示例
在這種情況下,就可以在NBR上如下配置即可:
Red-Giant>enable
!啟動快速配置功能
Red-Giant#setup
------------ 交互式系統配置 ----------------
輸入ctrl-c中止配置流程;默認配置參數在'[]'中。
!選擇是否進入快速配置流程
確定進入交互式系統配置? [yes]: yes
配置全局參數:
請輸入路由器名稱(只能用字母數字組合) [Red-Giant]: NBR
!配置進入特權用戶層的口令
請輸入特權用戶密碼:
private!配置允許遠程Telnet登陸的用戶密碼
請輸入telnet遠程登陸密碼: remoteuser
!啟動防止衝擊波病毒的功能
啟動防止衝擊波病毒功能會降低性能,如果確認沒有病毒,請不要啟動!
是否啟動此功能? [no]: yes
!選擇廣域網接入方式。這個示例中由於是通過電信的光纖接入,廣域網使用的是電信分配的固定IP地址,故這裡選擇模式1
請選擇上網模式:
1. 固定IP地址
2. PPPOE連接
3. DHCP分配IP
請輸入數字1---3: 1
!這裡為廣域網接口FastEthernet 0設置電信分配的固定IP地址以及掩碼。
配置廣域網口FastEthernet0:
請輸入IP地址: 218.5.19.2
請輸入地址掩碼 [255.255.255.0]:
!禁止廣域網上其他用戶ping廣域網口以防止來自廣域網上的Ping攻擊。
是否允許ping廣域網接口? [yes]: no
!配置本地局域網口FastEthernet 1的地址和掩碼,這也是內部網關的地址
配置局域網口FastEthernet1:
請輸入IP地址: 192.168.0.1
請輸入地址掩碼 [255.255.255.0]:
!配置廣域網路由信息,這裡設置的是廣域網下一跳路由。
配置廣域網缺省網關(下一跳IP地址):
請輸入缺省網關IP地址:218.5.19.1
!內部網絡的網絡主機使用的是固定IP地址,因此無需為內部主機開啟DHCP Server功能。
是否對內部局域網啟用DHCP SERVER功能? [no]:
!至此,快速配置生成的配置教本預覽
配置完畢,生成的配置腳本文件如下:
hostname NBR
ip routing
enable secret 5 $1$I3u0$.RIU6kH0S.fil.ivOe9td1
line vty 0 4
password remoteuser
!
!
interface FastEthernet0
no shutdown
ip address 218.5.19.2 255.255.255.0
ip access-group 100 in
ip nat outside
no ip unreachables
!
!
interface FastEthernet1
no shutdown
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
!
access-list 100 deny icmp any any echo
access-list 100 deny icmp any any echo-reply
ip route 0.0.0.0 0.0.0.0 218.5.19.1
!
ip nat inside source list 1 interface FastEthernet 0 overload
ip nat optimize
!
access-list 1 permit any
access-list 100 deny tcp any any eq 135
access-list 100 deny tcp any any eq 136
access-list 100 deny tcp any any eq 137
access-list 100 deny tcp any any eq 138
access-list 100 deny tcp any any eq 139
access-list 100 deny tcp any any eq 445
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 136
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny udp any any eq 139
access-list 100 deny udp any any eq 445
access-list 100 deny tcp any any eq 4444
access-list 100 deny udp any any eq tftp
access-list 100 deny icmp any any echo
access-list 100 deny icmp any any echo-reply
access-list 100 permit ip any any
!
end
!確定保存當前配置
是否應用此配置? [yes/no]: yes
Building configuration...
[OK]
在enabled 模式下使用'configure'命令可修改這些配置。
NBR#
%UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
%UPDOWN: Line protocol on Interface FastEthernet1, changed state to up
%CHANGED: Interface Dialer0, changed state to administratively down
%UPDOWN: Interface FastEthernet0, changed state to up
%UPDOWN: Interface FastEthernet1, changed state to up
!再次檢查配置.
NBR#show running-config
Building configuration...
Current configuration:
!
!
hostname "NBR"
!
enable secret 5 $1$I3u0$.RIU6kH0S.fil.ivOe9td1
!
!
!
ip subnet-zero
!
interface FastEthernet0
ip address 218.5.19.2 255.255.255.0
ip access-group 100 in
no ip unreachables
ip nat outside
!
interface FastEthernet1
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0 overload
ip nat optimize
ip classless
ip route 0.0.0.0 0.0.0.0 218.5.19.1
access-list 1 permit any
access-list 100 deny icmp any any echo
access-list 100 deny icmp any any echo-reply
access-list 100 deny tcp any any eq 135
access-list 100 deny tcp any any eq 136
access-list 100 deny tcp any any eq 137
access-list 100 deny tcp any any eq 138
access-list 100 deny tcp any any eq 139
access-list 100 deny tcp any any eq 445
access-list 100 deny udp any any eq 135
access-list 100 deny udp any any eq 136
access-list 100 deny udp any any eq netbios-ns
access-list 100 deny udp any any eq netbios-dgm
access-list 100 deny udp any any eq 139
access-list 100 deny udp any any eq 445
access-list 100 deny tcp any any eq 4444
access-list 100 deny udp any any eq tftp
access-list 100 permit ip any any
!
line con 0
line vty 0 4
password remoteuser
login
!
End
閱讀更多 弱電智能邦 的文章
