- 相關(guān)推薦
思科路由器廣域網(wǎng)協(xié)議設(shè)置
思科(Cisco)路由器是通過何種方式,來(lái)提供超越基本數(shù)據(jù)訪問的優(yōu)勢(shì),并作為可實(shí)現(xiàn)最高生產(chǎn)率和投資回報(bào)的集成路由系統(tǒng)的一部分,提供話音、安全和無(wú)線等服務(wù)。下面小編準(zhǔn)備了關(guān)于思科路由器廣域網(wǎng)協(xié)議設(shè)置,歡迎大家參考!
一、HDLC
HDLC是CISCO路由器使用的缺省協(xié)議,一臺(tái)新路由器在未指定封裝協(xié)議時(shí)默認(rèn)使用HDLC封裝。
1. 有關(guān)命令
端口設(shè)置
任務(wù) | 命令 |
設(shè)置HDLC封裝 | encapsulation hdlc |
設(shè)置DCE端線路速度 | clockrate speed |
復(fù)位一個(gè)硬件接口 | clear interface serial unit |
顯示接口狀態(tài) | show interfaces serial [unit] 1 |
Router#show interface serial 0
Serial 0 is up, line protocol is up
Hardware is MCI Serial
Internet address is 150.136.190.203, subnet mask is 255.255.255.0
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 0:00:07, output 0:00:00, output hang never
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Five minute input rate 0 bits/sec, 0 packets/sec
Five minute output rate 0 bits/sec, 0 packets/sec
16263 packets input, 1347238 bytes, 0 no buffer
Received 13983 broadcasts, 0 runts, 0 giants
2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 2 abort
22146 packets output, 2383680 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets, 0 restarts
1 carrier transitions
2. 舉例
設(shè)置如下: |
任務(wù) | 命令 |
進(jìn)入controller配置模式 | controller {t1 | e1} number |
選擇幀類型 | framing {crc4 | no-crc4} |
選擇line-code類型 | linecode {ami | b8zs | hdb3} |
建立邏輯通道組與時(shí)隙的映射 | channel-group number timeslots range1 |
顯示controllers接口狀態(tài) | show controllers e1 [slot/port]2 |
2.使用show controllers e1觀察controller狀態(tài),以下為幀類型為crc4時(shí)controllers正常的狀態(tài).
Router# show controllers e1
e1 0/0 is up.
Applique type is Channelized E1 - unbalanced
Framing is CRC4, Line Code is HDB3 No alarms detected.
Data in current interval (725 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours) 0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
以下例子為E1連接3條64K專線, 幀類型為NO-CRC4,非平衡鏈路,路由器具體設(shè)置如下:
shanxi#wri t
Building configuration...
Current configuration:
!
version 11.2
no service udp-small-servers
no service tcp-small-servers
!
hostname shanxi
!
enable secret 5 $1$XN08$Ttr8nfLoP9.2RgZhcBzkk/
enable password shanxi
!
!
ip subnet-zero
!
controller E1 0
framing NO-CRC4
channel-group 0 timeslots 1
channel-group 1 timeslots 2
channel-group 2 timeslots 3
!
interface Ethernet0
ip address 133.118.40.1 255.255.0.0
media-type 10BaseT
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0:0
ip address 202.119.96.1 255.255.255.252
no ip mroute-cache
!
interface Serial0:1
ip address 202.119.96.5 255.255.255.252
no ip mroute-cache
!
interface Serial0:2
ip address 202.119.96.9 255.255.255.252
no ip mroute-cache
!
no ip classless
ip route 133.210.40.0 255.255.255.0 Serial0:0
ip route 133.210.41.0 255.255.255.0 Serial0:1
ip route 133.210.42.0 255.255.255.0 Serial0:2
!
line con 0
line aux 0
line vty 0 4
password shanxi
login
!
end
二、PPP
PPP(Point-to-Point Protocol)是SLIP(Serial Line IP protocol)的繼承者,它提供了跨過同步和異步電路實(shí)現(xiàn)路由器到路由器(router-to-router)和主機(jī)到網(wǎng)絡(luò)(host-to-network)的連接。
CHAP(Challenge Handshake Authentication Protocol)和PAP(Password Authentication Protocol) (PAP)通常被用于在PPP封裝的串行線路上提供安全性認(rèn)證。使用CHAP和PAP認(rèn)證,每個(gè)路由器通過名字來(lái)識(shí)別,可以防止未經(jīng)授權(quán)的訪問。
CHAP和PAP在RFC 1334上有詳細(xì)的說(shuō)明。
1. 有關(guān)命令
端口設(shè)置
任務(wù) | 命令 |
設(shè)置PPP封裝 | encapsulation ppp1 |
設(shè)置認(rèn)證方法 | ppp authentication {chap | chap pap | pap chap | pap} [if-needed] [list-name | default] [callin] |
指定口令 | username name password secret |
設(shè)置DCE端線路速度 | clockrate speed |
2. 舉例
路由器Router1和Router2的S0口均封裝PPP協(xié)議,采用CHAP做認(rèn)證,在Router1中應(yīng)建立一個(gè)用戶,以對(duì)端路由器主機(jī)名作為用戶名,即用戶名應(yīng)為router2。同時(shí)在Router2中應(yīng)建立一個(gè)用戶,以對(duì)端路由器主機(jī)名作為用戶名,即用戶名應(yīng)為router1。所建的這兩用戶的password必須相同。
設(shè)置如下:
Router1:
hostname router1
username router2 password xxx
interface Serial0
ip address 192.200.10.1 255.255.255.0
clockrate 1000000
ppp authentication chap
!
Router2:
hostname router2
username router1 password xxx
interface Serial0
ip address 192.200.10.2 255.255.255.0
ppp authentication chap
三、x.25
1. X25技術(shù)
X.25規(guī)范對(duì)應(yīng)OSI三層,X.25的第三層描述了分組的格式及分組交換的過程。X.25的第二層由LAPB(Link Access Procedure, Balanced)實(shí)現(xiàn),它定義了用于DTE/DCE連接的幀格式。X.25的第一層定義了電氣和物理端口特性。
X.25網(wǎng)絡(luò)設(shè)備分為數(shù)據(jù)終端設(shè)備(DTE)、數(shù)據(jù)電路終端設(shè)備(DCE)及分組交換設(shè)備(PSE)。DTE是X.25的末端系統(tǒng),如終端、計(jì)算機(jī)或網(wǎng)絡(luò)主機(jī),一般位于用戶端,Cisco路由器就是DTE設(shè)備。DCE設(shè)備是專用通信設(shè)備,如調(diào)制解調(diào)器和分組交換機(jī)。PSE是公共網(wǎng)絡(luò)的主干交換機(jī)。
X.25定義了數(shù)據(jù)通訊的電話網(wǎng)絡(luò),每個(gè)分配給用戶的x.25 端口都具有一個(gè)x.121地址,當(dāng)用戶申請(qǐng)到的是SVC(交換虛電路)時(shí),x.25一端的用戶在訪問另一端的用戶時(shí),首先將呼叫對(duì)方x.121地址,然后接收到呼叫的一端可以接受或拒絕,如果接受請(qǐng)求,于是連接建立實(shí)現(xiàn)數(shù)據(jù)傳輸,當(dāng)沒有數(shù)據(jù)傳輸時(shí)掛斷連接,整個(gè)呼叫過程就類似我們撥打普通電話一樣,其不同的是x.25可以實(shí)現(xiàn)一點(diǎn)對(duì)多點(diǎn)的連接。其中x.121地址、htc均必須與x.25服務(wù)提供商分配的參數(shù)相同。X.25 PVC(永久虛電路),沒有呼叫的過程,類似DDN專線。
2. 有關(guān)命令:
任務(wù) | 命令 |
設(shè)置X.25封裝 | encapsulation x25 [dce] |
設(shè)置X.121地址 | x25 address x.121-address |
設(shè)置遠(yuǎn)方站點(diǎn)的地址映射 | x25 map protocol address [protocol2address2[...[protocol9 address9]]]x121-address [option] |
設(shè)置最大的雙向虛電路數(shù) | x25 htc citcuit-number1 |
設(shè)置一次連接可同時(shí)建立的虛電路數(shù) | x25 nvc count2 |
設(shè)置x25在清除空閑虛電路前的等待周期 | x25 idle minutes |
重新啟動(dòng)x25,或清一個(gè)svc,啟動(dòng)一個(gè)pvc相關(guān)參數(shù) | clear x25 {serial number | cmns-interface mac-address} [vc-number] 3 |
清x25虛電路 | clear x25-vc |
顯示接口及x25相關(guān)信息 |
show interfaces serial show x25 interface show x25 map show x25 vc |
2、虛電路計(jì)數(shù)從1到8,缺省為1。
3、在改變了x.25各層的相關(guān)參數(shù)后,應(yīng)重新啟動(dòng)x25(使用clear x25 {serial number | cmns-interface mac-address} [vc-number]或clear x25-vc命令),否則新設(shè)置的參數(shù)可能不能生效。同時(shí)應(yīng)對(duì)照服務(wù)提供商對(duì)于x.25交換機(jī)端口的設(shè)置來(lái)配置路由器的相關(guān)參數(shù),若出現(xiàn)參數(shù)不匹配則可能會(huì)導(dǎo)致連接失敗或其它意外情況。
3. 實(shí)例:
3.1. 在以下實(shí)例中每二個(gè)路由器間均通過svc實(shí)現(xiàn)連接。
路由器設(shè)置如下:
Router1:
interface Serial0
encapsulation x25
ip address 192.200.10.1 255.255.255.0
x25 address 110101
x25 htc 16
x25 nvc 2
x25 map ip 192.200.10.2 110102 broadcast
x25 map ip 192.200.10.3 110103 broadcast
!
Router2:
interface Serial0
encapsulation x25
ip address 192.200.10.2 255.255.255.0
x25 address 110102
x25 htc 16
x25 nvc 2
x25 map ip 192.200.10.1 110101 broadcast
x25 map ip 192.200.10.3 110103 broadcast
!
Router:
interface Serial0
encapsulation x25
ip address 192.200.10.3 255.255.255.0
x25 address 110103
x25 htc 16
x25 nvc 2
x25 map ip 192.200.10.1 110101 broadcast
x25 map ip 192.200.10.2 110102 broadcast
!
相關(guān)調(diào)試命令:
clear x25-vc
show interfaces serial
show x25 map
show x25 route
show x25 vc
3.2. 在以下實(shí)例中路由器router1和router2均通過svc與router連接,但router1和router2不通過svc直接連接,此三個(gè)路由器的串口運(yùn)行RIP路由協(xié)議,使用了子接口的概念。由于使用子接口,router1和router2均學(xué)習(xí)到了訪問對(duì)方局域網(wǎng)的路徑,若不使用子接口,router1和router2將學(xué)不到到對(duì)方局域網(wǎng)的路由。
子接口(Subinterface)是一個(gè)物理接口上的多個(gè)虛接口,可以用于在同一個(gè)物理接口上連接多個(gè)網(wǎng)。我們知道為了避免路由循環(huán),路由器支持split horizon法則,它只允許路由更新被分配到路由器的其它接口,而不會(huì)再分配路由更新回到此路由被接收的接口。
無(wú)論如何,在廣域網(wǎng)環(huán)境使用基于連接的接口(象 X.25和Frame Relay),同一接口通過虛電路(vc)連接多臺(tái)遠(yuǎn)端路由器時(shí),從同一接口來(lái)的路由更新信息不可以再被發(fā)回到相同的接口,除非強(qiáng)制使用分開的物理接口連接不同的路由器。Cisco提供子接口(subinterface)作為分開的接口對(duì)待。你可以將路由器邏輯地連接到相同物理接口的不同子接口, 這樣來(lái)自不同子接口的路由更新就可以被分配到其他子接口,同時(shí)又滿足split horizon法則。
Router1:
interface Serial0
encapsulation x25
ip address 192.200.10.1 255.255.255.0
x25 address 110101
x25 htc 16
x25 nvc 2
x25 map ip 192.200.10.3 110103 broadcast
!
router rip
network 192.200.10.0
!
Router2:
interface Serial0
encapsulation x25
ip address 192.200.11.2 255.255.255.0
x25 address 110102
x25 htc 16
x25 nvc 2
x25 map ip 192.200.11.3 110103 broadcast
!
router rip
network 192.200.11.0
!
Router:
interface Serial0
encapsulation x25
x25 address 110103
x25 htc 16
x25 nvc 2
!
interface Serial0.1 point-to-point
ip address 192.200.10.3 255.255.255.0
x25 map ip 192.200.10.1 110101 broadcast
!
interface Serial0.2 point-to-point
ip address 192.200.11.3 255.255.255.0
x25 map ip 192.200.11.2 110102 broadcast
!
router rip
network 192.200.10.0
network 192.200.11.0
四、Frame Relay
1. 幀中繼技術(shù)
幀中繼是一種高性能的WAN協(xié)議,它運(yùn)行在OSI參考模型的物理層和數(shù)據(jù)鏈路層。它是一種數(shù)據(jù)包交換技術(shù),是X.25的簡(jiǎn)化版本。它省略了X.25的一些強(qiáng)健功能,如提供窗口技術(shù)和數(shù)據(jù)重發(fā)技術(shù),而是依靠高層協(xié)議提供糾錯(cuò)功能,這是因?yàn)閹欣^工作在更好的WAN設(shè)備上,這些設(shè)備較之X.25的WAN設(shè)備具有更可靠的連接服務(wù)和更高的可靠性,它嚴(yán)格地對(duì)應(yīng)于OSI參考模型的最低二層,而X.25還提供第三層的服務(wù),所以,幀中繼比X.25具有更高的性能和更有效的傳輸效率。
幀中繼廣域網(wǎng)的設(shè)備分為數(shù)據(jù)終端設(shè)備(DTE)和數(shù)據(jù)電路終端設(shè)備(DCE),Cisco路由器作為 DTE設(shè)備。
幀中繼技術(shù)提供面向連接的數(shù)據(jù)鏈路層的通信,在每對(duì)設(shè)備之間都存在一條定義好的通信鏈路,且該鏈路有一個(gè)鏈路識(shí)別碼。這種服務(wù)通過幀中繼虛電路實(shí)現(xiàn),每個(gè)幀中繼虛電路都以數(shù)據(jù)鏈路識(shí)別碼(DLCI)標(biāo)識(shí)自己。DLCI的值一般由幀中繼服務(wù)提供商指定。幀中繼即支持PVC也支持SVC。
幀中繼本地管理接口(LMI)是對(duì)基本的幀中繼標(biāo)準(zhǔn)的擴(kuò)展。它是路由器和幀中繼交換機(jī)之間信令標(biāo)準(zhǔn),提供幀中繼管理機(jī)制。它提供了許多管理復(fù)雜互聯(lián)網(wǎng)絡(luò)的特性,其中包括全局尋址、虛電路狀態(tài)消息和多目發(fā)送等功能。
2. 有關(guān)命令:
端口設(shè)置
任務(wù) | 命令 |
設(shè)置Frame Relay封裝 | encapsulation frame-relay[ietf] 1 |
設(shè)置Frame Relay LMI類型 | frame-relay lmi-type {ansi | cisco | q933a}2 |
設(shè)置子接口 | interface interface-type interface-number.subinterface-number [multipoint|point-to-point] |
映射協(xié)議地址與DLCI | frame-relay map protocol protocol-address dlci [broadcast]3 |
設(shè)置FR DLCI編號(hào) | frame-relay interface-dlci dlci[broadcast] |
2.從Cisco IOS版本11.2開始,軟件支持本地管理接口(LMI)“自動(dòng)感覺”, “自動(dòng)感覺”使接口能確定交換機(jī)支持的LMI類型,用戶可以不明確配置LMI接口類型。
3.broadcast選項(xiàng)允許在幀中繼網(wǎng)絡(luò)上傳輸路由廣播信息。
3. 幀中繼point to point配置實(shí)例:
Router1:
interface serial 0
encapsulation frame-relay
!
interface serial 0.1 point-to-point
ip address 172.16.1.1 255.255.255.0
frame-reply interface-dlci 105
!
interface serial 0.2 point-to-point
ip address 172.16.2.1 255.255.255.0
frame-reply interface-dlci 102
!
interface serial 0.3 point-to-point
ip address 172.16.4.1 255.255.255.0
frame-reply interface-dlci 104
!
Router2:
interface serial 0
encapsulation frame-relay
!
interface serial 0.1 point-to-point
ip address 172.16.2.2 255.255.255.0
frame-reply interface-dlci 201
!
interface serial 0.2 point-to-point
ip address 172.16.3.1 255.255.255.0
frame-reply interface-dlci 203
!
相關(guān)調(diào)試命令:
show frame-relay lmi
show frame-relay map
show frame-relay pvc
show frame-relay route
show interfaces serial
go top
4. 幀中繼 Multipoint 配置實(shí)例:
Router1:
interface serial 0
encapsulation frame-reply
!
interface serial 0.1 multipoint
ip address 172.16.1.2 255.255.255.0
frame-reply map ip 172.16.1.1 201 broadcast
frame-reply map ip 172.16.1.3 301 broadcast
frame-reply map ip 172.16.1.4 401 broadcast
!
Router2:
interface serial 0
encapsulation frame-reply
!
interface serial 0.1 multipoint
ip address 172.16.1.1 255.255.255.0
frame-reply map ip 172.16.1.2 102 broadcast
frame-reply map ip 172.16.1.3 102 broadcast
frame-reply map ip 172.16.1.4 102 broadcast
!
五、ISDN
1. 綜合數(shù)字業(yè)務(wù)網(wǎng)(ISDN)
綜合數(shù)字業(yè)務(wù)網(wǎng)(ISDN)由數(shù)字電話和數(shù)據(jù)傳輸服務(wù)兩部分組成,一般由電話局提供這種服務(wù)。ISDN的基本速率接口(BRI)服務(wù)提供2個(gè)B信道和1個(gè)D信道(2B+D)。BRI的B信道速率為64Kbps,用于傳輸用戶數(shù)據(jù)。D信道的速率為16Kbps,主要傳輸控制信號(hào)。在北美和日本,ISDN的主速率接口(PRI)提供23個(gè)B信道和1個(gè)D信道,總速率可達(dá)1.544Mbps,其中D信道速率為64Kbps。而在歐洲、澳大利亞等國(guó)家,ISDN的PRI提供30個(gè)B信道和1個(gè)64Kbps D信道,總速率可達(dá)2.048Mbps。我國(guó)電話局所提供ISDN PRI為30B+D。
2. 基本命令
任務(wù) | 命令 |
設(shè)置ISDN交換類型 | isdn switch-type switch-type1 |
接口設(shè)置 | interface bri 0 |
設(shè)置PPP封裝 | encapsulation ppp |
設(shè)置協(xié)議地址與電話號(hào)碼的映射 | dialer map protocol next-hop-address[name hostname] [broadcast] [dial-string] |
啟動(dòng)PPP多連接 | ppp multilink |
設(shè)置啟動(dòng)另一個(gè)B通道的閾值 | dialer load-threshold load |
顯示ISDN有關(guān)信息 | show isdn {active | history | memory | services | status [dsl | interface-type number] | timers} |
按區(qū)域分關(guān)鍵字 | 交換機(jī)類型 |
Australia | |
basic-ts013 | Australian TS013 switches |
Europe | |
basic-1tr6 | German 1TR6 ISDN switches |
basic-nwnet3 | Norway NET3 switches (phase 1) |
basic-net3 | NET3 ISDN switches (UK, Denmark, and other nations); covers the Euro-ISDN E-DSS1 signalling system |
primary-net5 | NET5 switches (UK and Europe) |
vn2 | French VN2 ISDN switches |
vn3 | French VN3 ISDN switches |
Japan | |
ntt | Japanese NTT ISDN switches |
primary-ntt | Japanese ISDN PRI switches |
North America | |
basic-5ess | AT&T basic rate switches |
basic-dms100 | NT DMS-100 basic rate switches |
basic-ni1 | National ISDN-1 switches |
primary-4ess | AT&T 4ESS switch type for the U.S. (ISDN PRI only) |
primary-5ess | AT&T 5ESS switch type for the U.S. (ISDN PRI only) |
primary-dms100 | NT DMS-100 switch type for the U.S. (ISDN PRI only) |
New Zealand | |
basic-nznet3 | New Zealand Net3 switches |
設(shè)置如下:
Router1:
hostname router1
user router2 password cisco
!
isdn switch-type basic-net3
!
interface bri 0
ip address 192.200.10.1 255.255.255.0
encapsulation ppp
dialer map ip 192.200.10.2 name router2 572
dialer load-threshold 80
ppp multilink
dialer-group 1
ppp authentication chap
!
dialer-list 1 protocol ip permit
!
Router2:
hostname router2
user router1 password cisco
!
isdn switch-type basic-net3
!
interface bri 0
ip address 192.200.10.2 255.255.255.0
encapsulation ppp
dialer map ip 192.200.10.1 name router1 571
dialer load-threshold 80
ppp multilink
dialer-group 1
ppp authentication chap
!
dialer-list 1 protocol ip permit
!
Cisco路由器同時(shí)支持回?fù)芄δ,我們將路由器Router1作為Callback Server,Router2作為Callback Client。
與回?fù)芟嚓P(guān)命令:
任務(wù) | 命令 |
映射協(xié)議地址和電話號(hào)碼,并在接口上使用在全局模式下定義的PPP回?fù)艿挠成漕悇e。 | dialer map protocol address namehostname class classname dial-string |
設(shè)置接口支持PPP回?fù)?/td> | ppp callback accept |
在全局模式下為PPP回?fù)茉O(shè)置映射類別 | map-class dialer classname |
通過查找注冊(cè)在dialer map里的主機(jī)名來(lái)決定回?fù)? | dialer callback-server [username] |
設(shè)置接口要求PPP回?fù)?/td> | ppp callback request |
Router1:
hostname router1
user router2 password cisco
!
isdn switch-type basic-net3
!
interface bri 0
ip address 192.200.10.1 255.255.255.0
encapsulation ppp
dialer map ip 192.200.10.2 name router2 class s3 572
dialer load-threshold 80
ppp callback accept
ppp multilink
dialer-group 1
ppp authentication chap
!
map-class dialer s3
dialer callback-server username
dialer-list 1 protocol ip permit
!
Router2:
hostname router2
user router1 password cisco
!
isdn switch-type basic-net3
!
interface bri 0
ip address 192.200.10.2 255.255.255.0
encapsulation ppp
dialer map ip 192.200.10.1 name router1 571
dialer load-threshold 80
ppp callback request
ppp multilink
dialer-group 1
ppp authentication chap
!
dialer-list 1 protocol ip permit
!
相關(guān)調(diào)試命令:
debug dialer
debug isdn event
debug isdn q921
debug isdn q931
debug ppp authentication
debug ppp error
debug ppp negotiation
debug ppp packet
show dialer
show isdn status
舉例:執(zhí)行debug dialer命令觀察router2呼叫router1,router1回?fù)躵outer2的過程.
router1#debug dialer
router2#ping 192.200.10.1
router1#
00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:03:50: BRI0:1:PPP callback Callback server starting to router2 572
00:03:50: BRI0:1: disconnecting call
00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:03:50: BRI0:1: disconnecting call
00:03:50: BRI0:1: disconnecting call
00:03:51: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
00:03:52: callback to router2 already started
00:03:52: BRI0:2: disconnecting call
00:03:52: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:03:52: BRI0:2: disconnecting call
00:03:52: BRI0:2: disconnecting call
00:04:05: : Callback timer expired
00:04:05: BRI0:beginning callback to router2 572
00:04:05: BRI0: Attempting to dial 572
00:04:05: Freeing callback to router2 572
00:04:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
00:04:05: BRI0:1: No callback negotiated
00:04:05: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
00:04:05: dialer Protocol up for Vi1
00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state
to up
00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, chang
ed state to up
00:04:11: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 572
#router1
4. ISDN訪問首都在線263網(wǎng)實(shí)例:
本地局部網(wǎng)地址為10.0.0.0/24,屬于保留地址,通過NAT地址翻譯功能,局域網(wǎng)用戶可以通過ISDN上263網(wǎng)訪問Internet。263的ISDN電話號(hào)碼為2633,用戶為263,口令為263,所涉及的命令如下表:
任務(wù) | 命令 |
指定接口通過PPP/IPCP地址協(xié)商獲得IP地址 | ip address negotiated |
指定內(nèi)部和外部端口 | ip nat {inside | outside} |
使用ppp/pap作認(rèn)證 | ppp authentication pap callin |
指定接口屬于撥號(hào)組1 | dialer-group 1 |
定義撥號(hào)組1允許所有IP協(xié)議 | dialer-list 1 protocol ip permit |
設(shè)定撥號(hào),號(hào)碼為2633 | dialer string 2633 |
設(shè)定登錄263的用戶名和口令 | ppp pap sent-username 263 password 263 |
設(shè)定默認(rèn)路由 | ip route 0.0.0.0 0.0.0.0 bri 0 |
設(shè)定符合訪問列表2的所有源地址被翻譯為bri 0所擁有的地址 | ip nat inside source list 2 interface bri 0 overload |
設(shè)定訪問列表2,允許所有協(xié)議 | access-list 2 permit any |
hostname Cisco2503
!
isdn switch-type basic-net3
!
ip subnet-zero
no ip domain-lookup
ip routing
!
interface Ethernet 0
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shutdown
!
interface Serial 0
shutdown
no description
no ip address
!
interface Serial 1
shutdown
no description
no ip address
!
interface bri 0
ip address negotiated
ip nat outside
encapsulation ppp
ppp authentication pap callin
ppp multilink
dialer-group 1
dialer hold-queue 10
dialer string 2633
dialer idle-timeout 120
ppp pap sent-username 263 password 263
no cdp enable
no ip split-horizon
no shutdown
!
ip classless
!
! Static Routes
!
ip route 0.0.0.0 0.0.0.0 bri 0
!
! Access Control List 2
!
access-list 2 permit any
!
dialer-list 1 protocol ip permit
!
! Dynamic NAT
!
ip nat inside source list 2 interface bri 0 overload
snmp-server community public ro
!
line console 0
exec-timeout 0 0
!
line vty 0 4
!
end
5. Cisco765M通過ISDN撥號(hào)上263
由于Cisco765的設(shè)置命令與我們常用的Cisco路由器的命令不同,所以以下列舉了通過Cisco765上263訪問Internet的具體命令行設(shè)置步驟。
>set system c765
c765> set multidestination on
c765> set switch net3
c765> set ppp multilink on
c765> cd lan
c765:LAN> set ip routing on
c765:LAN> set ip address 10.0.0.1
c765:LAN> set ip netmask 255.0.0.0
c765:LAN> set briding off
c765:LAN>cd
c765> set user remotenet
New user remotenet being created
c765:remotenet> set ip routing on
c765:remotenet> set bridging off
c765:remotenet> set ip framing none
c765:remotenet> set ppp clientname 263
c765:remotenet> set ppp password client
Enter new Password: 263
Re-Type new Password: 263
c765:remotenet> set ppp authentication out none
c765:remotenet> set ip address 0.0.0.0
c765:remotenet> set ip netmask 0.0.0.0
c765:remotenet> set ppp address negotiation local on
c765:remotenet> set ip pat on
c765:remotenet> set ip route destination 0.0.0.0/0 gateway 0.0.0.0
c765:remotenet> set number 2633
c765:remotenet> set active
命令描述如下:
任務(wù) | 命令 |
設(shè)置路由器系統(tǒng)名稱 | set system c765 |
允許路由器呼叫多個(gè)目的地 | set multidestination on |
設(shè)置ISDN交換機(jī)類型為NET3 | set switch net3 |
允許點(diǎn)到點(diǎn)間多條通道連接實(shí)現(xiàn)負(fù)載均衡 | set ppp multilink on |
關(guān)掉橋接 | set briding off |
建立用戶預(yù)制文件用于設(shè)置撥號(hào)連接參數(shù)- 可以設(shè)置多個(gè)用戶預(yù)制文件用于相同的物理端口對(duì)應(yīng)于不同的連接。 | set user remotenet |
使用PPP/IPCP | set ip framing none |
設(shè)置上網(wǎng)用戶帳號(hào) | set ppp clientname 263 |
設(shè)置上網(wǎng)口令 |
set ppp password client Enter new Password: 263 Re-Type new Password: 263 |
不用PPP/CHAP或PAP做認(rèn)證 | set ppp authentication out none |
允許地址磋商 | set ppp address negotiation local on |
設(shè)置地址翻譯 | set ip pat on |
設(shè)置默認(rèn)路由 | set ip route destination 0.0.0.0/0 gateway 0.0.0.0 |
設(shè)置ISP的電話號(hào)碼 | set number 2633 |
激活用戶預(yù)制文件 | set active |
電話網(wǎng)絡(luò)(PSTN)是目前普及程度最高、成本最低的公用通訊網(wǎng)絡(luò),它在網(wǎng)絡(luò)互連中也有廣泛的應(yīng)用。電話網(wǎng)絡(luò)的應(yīng)用一般可分為兩種類型,一種是同等級(jí)別機(jī)構(gòu)之間以按需撥號(hào)(DDR)的方式實(shí)現(xiàn)互連,一種是ISP為撥號(hào)上網(wǎng)為用戶提供的遠(yuǎn)程訪問服務(wù)的功能。
1. 遠(yuǎn)程訪問
1.1.Access Server基本設(shè)置:
選用Cisco2511作為訪問服務(wù)器,采用IP地址池動(dòng)態(tài)分配地址.遠(yuǎn)程工作站使用WIN95撥號(hào)網(wǎng)絡(luò)實(shí)現(xiàn)連接。
全局設(shè)置:
任務(wù) | 命令 |
設(shè)置用戶名和密碼 | username username password password |
設(shè)置用戶的IP地址池 | ip local pool {default | pool-name low-ip-address [high-ip-address]} |
指定地址池的工作方式 | ip address-pool [dhcp-proxy-client | local] |
任務(wù) | 命令 |
設(shè)置封裝形式為PPP | encapsulation ppp |
啟動(dòng)異步口的路由功能 | async default routing |
設(shè)置異步口的PPP工作方式 | async mode {dedicated | interactive} |
設(shè)置用戶的IP地址 | peer default ip address {ip-address | dhcp | pool [pool-name]} |
設(shè)置IP地址與Ethernet0相同 | ip unnumbered ethernet0 |
任務(wù) | 命令 |
設(shè)置modem的工作方式 | modem {inout|dialin} |
自動(dòng)配置modem類型 | modem autoconfig discovery |
設(shè)置撥號(hào)線的通訊速率 | speed speed |
設(shè)置通訊線路的流控方式 | flowcontrol {none | software [lock] [in | out] | hardware [in | out]} |
連通后自動(dòng)執(zhí)行命令 | autocommand command |
Router:
hostname Router
enable secret 5 $1$EFqU$tYLJLrynNUKzE4bx6fmH//
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Async1
ip unnumbered Ethernet0
encapsulation ppp
keepalive 10
async mode interactive
peer default ip address pool Cisco2511-Group-142
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
!
line con 0
exec-timeout 0 0
password cisco
!
line 1 16
modem InOut
modem autoconfigure discovery
flowcontrol hardware
!
line aux 0
transport input all
line vty 0 4
password cisco
!
end
相關(guān)調(diào)試命令:
show interface
show line
1.2. Access Server通過Tacacs服務(wù)器實(shí)現(xiàn)安全認(rèn)證:
使用一臺(tái)WINDOWS NT服務(wù)器作為Tacacs服務(wù)器,地址為10.111.4.2,運(yùn)行Cisco2511隨機(jī)帶的Easy ACS 1.0軟件實(shí)現(xiàn)用戶認(rèn)證功能.
相關(guān)設(shè)置:
任務(wù) | 命令 |
激活A(yù)AA訪問控制 | aaa new-model |
用戶登錄時(shí)默認(rèn)起用Tacacs+做AAA認(rèn)證 | aaa authentication login default tacacs+ |
列表名為no_tacacs使用ENABLE口令做認(rèn)證 | aaa authentication login no_tacacs enable |
在運(yùn)行PPP的串行線上采用Tacacs+做認(rèn)證 | aaa authentication ppp default tacacs+ |
由TACACS+服務(wù)器授權(quán)運(yùn)行EXEC | aaa authorization exec tacacs+ |
由TACACS+服務(wù)器授權(quán)與網(wǎng)絡(luò)相關(guān)的服務(wù)請(qǐng)求。 | aaa authorization network tacacs+ |
為EXEC會(huì)話運(yùn)行記帳.進(jìn)程開始和結(jié)束時(shí)發(fā)通告給TACACS+服務(wù)器。 | aaa accounting exec start-stop tacacs+ |
為與網(wǎng)絡(luò)相關(guān)的服務(wù)需求運(yùn)行記帳包括SLIP,PPP,PPP NCPs,ARAP等.在進(jìn)程開始和結(jié)束時(shí)發(fā)通告給TACACS+服務(wù)器。 | aaa accounting network start-stop tacacs+ |
指定Tacacs服務(wù)器地址 | tacacs-server host 10.111.4.2 |
在Tacacs+服務(wù)器和訪問服務(wù)器設(shè)定共享的關(guān)鍵字,訪問服務(wù)器和Tacacs+服務(wù)器使用這個(gè)關(guān)鍵字去加密口令和響應(yīng)信息。這里使用tac作為關(guān)鍵字。 | tacacs-server key tac |
hostname router
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs+
aaa authorization exec tacacs+
aaa authorization network tacacs+
aaa accounting exec start-stop tacacs+
aaa accounting network start-stop tacacs+
enable secret 5 $1$kN4g$CvS4d2.rJzWntCnn/0hvE0
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Serial0
no ip address
shutdown
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
async mode interactive
peer default ip address pool Cisco2511-Group-142
no cdp enable
group-range 1 16
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
tacacs-server host 10.111.4.2
tacacs-server key tac
!
line con 0
exec-timeout 0 0
password cisco
login authentication no_tacacs
line 1 16
login authentication tacacs
modem InOut
modem autoconfigure type usr_courier
autocommand ppp
transport input all
stopbits 1
rxspeed 115200
txspeed 115200
flowcontrol hardware
line aux 0
transport input all
line vty 0 4
password cisco
!
end
2. DDR(dial-on-demand routing)實(shí)例
此例通過Cisco 2500系列路由器的aux端口實(shí)現(xiàn)異步撥號(hào)DDR連接。Router1撥號(hào)連接到Router2。其中采用PPP/CHAP做安全認(rèn)證,在Router1中應(yīng)建立一個(gè)用戶,以對(duì)端路由器主機(jī)名作為用戶名,即用戶名應(yīng)為Router2。同時(shí)在Router2中應(yīng)建立一個(gè)用戶,以對(duì)端路由器主機(jī)名作為用戶名,即用戶名應(yīng)為Router1。所建的這兩用戶的password必須相同。
相關(guān)命令如下:
任務(wù) | 命令 |
設(shè)置路由器與modem的接口指令 | chat-script script-name EXPECT SEND EXPECT SEND (etc.) |
設(shè)置端口在掛斷前的等待時(shí)間 | dialer idle-timeout seconds |
設(shè)置協(xié)議地址與電話號(hào)碼的映射 |
dialer map protocol next-hop-address[name hostname] [broadcast] [modem-script modem-regexp] [system-script system-regexp] [dial-string] |
設(shè)置電話號(hào)碼 | dialer string dial-string |
指定在特定線路下路由器默認(rèn)使用的chat-script | script {dialer|reset} script-name |
hostname Router1
!
enable secret 5 $1$QKI7$wXjpFqC74vDAyKBUMallw/
!
username Router2 password cisco
chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
!
interface Async1
ip address 192.200.10.1 255.255.255.0
encapsulation ppp
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 192.200.10.2 name Router2 modem-script cisco-default 573
dialer-group 1
ppp authentication chap
!
ip route 10.0.1.0 255.255.255.0 192.200.10.2
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
modem InOut
modem autoconfigure discovery
flowcontrol hardware
Router2:
hostname Router2
!
enable secret 5 $1$F6EV$5U8puzNt2/o9g.t56PXHo.
!
username Router1 password cisco
!
interface Ethernet0
ip address 10.0.1.1 255.255.255.0
!
interface Async1
ip address 192.200.10.2 255.255.255.0
encapsulation ppp
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 192.200.10.1 name Router1
dialer-group 1
ppp authentication chap
!
ip route 10.0.0.0 255.255.255.0 192.200.10.1
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
modem InOut
modem autoconfigure discovery
flowcontrol hardware
!
相關(guān)調(diào)試命令:
debug dialer
debug ppp authentication
debug ppp error
debug ppp negotiation
debug ppp packet
show dialer
3. 異步撥號(hào)備份DDN專線:
此例主連接采用DDN專線,備份線路為電話撥號(hào)。當(dāng)DDN專線連接正常時(shí),主端口S0狀態(tài)為up,line protocol亦為up,則備份線路狀態(tài)為standby,line protocol為down,此時(shí)所有通信均通過主接口進(jìn)行。當(dāng)主接口連接發(fā)生故障時(shí),端口狀態(tài)為down,則激活備份接口,完成數(shù)據(jù)通信。此方法不適合為X.25做備份。因?yàn),配置封裝為X.25的接口只要和X.25交換機(jī)之間的連接正常其接口及l(fā)ine protocol的狀態(tài)亦為 up,它并不考慮其它地方需與之通信的路由器的狀態(tài)如何,所以若本地路由器狀態(tài)正常,而對(duì)方路由器連接即使發(fā)生故障,本地也不會(huì)激活備份線路。例4將會(huì)描述如何為X.25做撥號(hào)備份。
以下是相關(guān)命令:
任務(wù) | 命令 |
指定主線路改變后,次線路狀態(tài)發(fā)生改變的延遲時(shí)間 | backup delay {enable-delay | never} {disable-delay | never} |
指定一個(gè)接口作為備份接口 | backup interface type number |
!
enable secret 5 $1$J5vn$ceYDe2FwPhrZi6qsIIz6g0
enable password cisco
!
username c4700 password 0 cisco
ip subnet-zero
chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-script reset atz
!
interface Ethernet0
ip address 16.122.51.254 255.255.255.0
no ip mroute-cache
!
interface Serial0
backup delay 10 10
backup interface Serial2
ip address 16.250.123.18 255.255.255.252
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
!
interface Serial2
physical-layer async
ip address 16.249.123.18 255.255.255.252
encapsulation ppp
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer map ip 16.249.123.17 name c4700 6825179
dialer-group 1
ppp authentication chap
!
interface Serial3
no ip address
shutdown
no cdp enable
!
interface Serial4
no ip address
shutdown
no cdp enable
!
interface Serial5
no ip address
no ip mroute-cache
shutdown
!
interface Serial6
no ip address
no ip mroute-cache
shutdown
!
interface Serial7
no ip address
no ip mroute-cache
shutdown
!
interface Serial8
no ip address
no ip mroute-cache
shutdown
!
interface Serial9
no ip address
no ip mroute-cache
shutdown
!
interface BRI0
no ip address
no ip mroute-cache
shutdown
!
router eigrp 200
network 16.0.0.0
!
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
line 2
script dialer cisco-default
script reset reset
modem InOut
modem autoconfigure discovery
rxspeed 38400
txspeed 38400
flowcontrol hardware
line aux 0
line vty 0 4
password cisco
login
!
end
c2522rb#
4. 異步撥號(hào)備份X.25:
設(shè)置X.25的撥號(hào)備份,首先X.25連接的端口必須運(yùn)行動(dòng)態(tài)路由協(xié)議,異步撥號(hào)口必須使用靜態(tài)路由.本例選擇EIGRP作為路由選擇協(xié)議,將靜態(tài)路由的Metric的值設(shè)置為200,由于EIGRP的默認(rèn)Metric為90,所以當(dāng)同時(shí)有兩條路徑通往同一網(wǎng)段時(shí),其中Metric值小的路徑生效,而當(dāng)X.25連接出現(xiàn)問題時(shí),路由器無(wú)法通過路由協(xié)議學(xué)習(xí)到路由表,則此時(shí)靜態(tài)路由生效,訪問通過撥號(hào)端口實(shí)現(xiàn)。當(dāng)X.25連接恢復(fù)正常時(shí),路由器又可以學(xué)習(xí)到路由表,則由于 Metric值的不同,靜態(tài)路由自動(dòng)被動(dòng)態(tài)路由所代替,這樣就實(shí)現(xiàn)了備份的功能。
路由器Router1配置如下:
hostname router1
!
enable secret 5 $1$UTvD$99YiY2XsRMxHudcYeHn.Y.
enable password cisco
!
username router2 password cisco
ip subnet-zero
chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-script reset atz
interface Ethernet0
ip address 202.96.38.100 255.255.255.0
!
interface Serial0
ip address 202.96.0.1 255.255.255.0
encapsulation x25
x25 address 10112227
x25 htc 16
x25 map ip 202.96.0.2 10112225 broadcast
!
interface Serial1
no ip address
shutdown
!
!
interface Async 1
ip address 202.96.1.1 255.255.255.252
encapsulation ppp
dialer in-band
dialer idle-timeout 60
dialer map ip 202.96.1.2 name router2 modem-script cisco-default 2113470
dialer-group 1
ppp authentication chap
!
router eigrp 200
redistribute connected
network 202.96.0.0
!
ip route 202.96.37.0 255.255.255.0 202.96.1.2 200
dialer-list 1 protocol ip permit
line con 0
line aux 0
script dialer cisco-default
script reset reset
modem InOut
modem autoconfigure discovery
transport input all
rxspeed 38400
txspeed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
路由器Router2配置如下:
hostname router2
!
enable secret 5 $1$T4IU$2cIqak8f/E4Ug6dLT0k.J0
enable password cisco
!
username router1 password cisco
ip subnet-zero
chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c
chat-script reset atz
!
interface Ethernet0
ip address 202.96.37.100 255.255.255.0
!
interface Serial0
ip address 202.96.0.2 255.255.255.0
no ip mroute-cache
encapsulation x25
x25 address 10112225
x25 htc 16
x25 map ip 202.96.0.1 10112227 broadcast
!
interface Serial1
no ip address
shutdown
!
interface Async1
ip address 202.96.1.2 255.255.255.252
encapsulation ppp
keepalive 30
async default routing
async mode dedicated
dialer in-band
dialer idle-timeout 60
dialer wait-for-carrier-time 120
dialer map ip 202.96.1.1 name router1 modem-script cisco-default 2113469
dialer-group 1
ppp authentication chap
!
router eigrp 200
redistribute static
network 202.96.0.0
!
no ip classless
ip route 202.96.38.0 255.255.255.0 202.96.1.1 200
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
line aux 0
script reset reset
modem InOut
modem autoconfigure discovery
transport input all
rxspeed 38400
txspeed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
【思科路由器廣域網(wǎng)協(xié)議設(shè)置】相關(guān)文章:
思科路由器怎么設(shè)置05-12
思科路由器設(shè)置界面11-11
思科linksys無(wú)線路由器怎么設(shè)置「圖文」06-03
思科路由器密碼恢復(fù)05-10
思科路由器故障診斷技術(shù)06-21
路由器怎么設(shè)置05-23
思科路由器及交換機(jī)的基本管理06-21
路由器web怎么設(shè)置06-20
- 思科網(wǎng)絡(luò)工程師認(rèn)證考試試題
- 思科認(rèn)證CCNA認(rèn)證試題中文版
- Cisco綜合技術(shù):VOIP占用帶寬計(jì)算方法
- 思科CCNP培訓(xùn):網(wǎng)絡(luò)管理實(shí)戰(zhàn)技巧經(jīng)驗(yàn)
- 思科路由器怎么設(shè)置
- Cisco路由器配置命令
- 思科路由器設(shè)置界面
- 思科認(rèn)證VOIP占用帶寬計(jì)算方法
- 思科IPSec基本命令
- 思科網(wǎng)絡(luò)高級(jí)工程師認(rèn)證就業(yè)趨向
- 崗位設(shè)置工作總結(jié)
- 三方協(xié)議
- 就業(yè)協(xié)議書
- 就業(yè)協(xié)議書范本
- 員工培訓(xùn)協(xié)議書
- 勞動(dòng)協(xié)議書范文
- 大學(xué)生就業(yè)協(xié)議
- 房屋指標(biāo)轉(zhuǎn)讓協(xié)議書
- 家庭助廉協(xié)議書
- 離職協(xié)議書范本