路由器和路由器之间的配置代码
Hub Router
2503#show running-config
Building configuration
Current configuration : 1466 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2503
ip subnet-zero
--- Configuration for IKE policies
crypto isakmp policy 10
--- Enables the IKE policy configuration (config-isakmp)
--- command mode, where you can specify the parameters that
--- are used during an IKE negotiation
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200121
crypto isakmp key cisco123 address 200131
--- Specifies the preshared key "cisco123" which should
--- be identical at both peers This is a global
--- configuration mode command
--- Configuration for IPSec policies
crypto ipsec transform-set myset esp-des esp-md5-hmac
--- Enables the crypto transform configuration mode,
--- where you can specify the transform sets that are used
--- during an IPSec negotiation
crypto map mymap 10 ipsec-isakmp
--- Indicates that IKE is used to establish
--- the IPSec security association for protecting the
--- traffic specified by this crypto map entry
set peer 200121
--- Sets the IP address of the remote end
set transform-set myset
--- Configures IPSec to use the transform-set
--- "myset" defined earlier in this configuration
match address 110
--- Specifyies the traffic to be encrypted
crypto map mymap 20 ipsec-isakmp
set peer 200131
set transform-set myset
match address 120
interface Loopback0
ip address 10111 2552552550
interface Ethernet0
ip address 200111 2552552550
no ip route-cache
--- You must enable process switching for IPSec
--- to encrypt outgoing packets This command disables fast switching
no ip mroute-cache
crypto map mymap
--- Configures the interface to use the
--- crypto map "mymap" for IPSec
--- Output suppressed
ip classless
ip route 1721610 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
ip http server
access-list 110 permit ip 10110 000255 1721610 000255
access-list 110 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 10110 000255 19216810 000255
access-list 120 permit ip 1721610 000255 19216810 000255
--- This crypto ACL-permit identifies the
--- matching traffic flows to be protected via encryption
Spoke 1 Router
2509a#show running-config
Building configuration
Current configuration : 1203 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2509a
enable secret 5 class="main">
路由器和路由器之间的配置代码
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 110
interface Loopback0
ip address 1721611 2552552550
interface Ethernet0
ip address 200121 2552552550
no ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 110 permit ip 1721610 000255 10110 000255
access-list 110 permit ip 1721610 000255 19216810 000255
end
2509a#
Spoke 2 Router
2509#show running-config
Building configuration
Current configuration : 1117 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
hostname 2509
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 120
interface Loopback0
ip address 19216811 2552552550
interface Ethernet0
ip address 200131 2552552550
--- No ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 1721600 25525500 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 120 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 19216810 000255 10110 000255
end
2509#
路由器和路由器之间的配置代码
上一篇:路由器测试技术方法大全
精选文章
-
路由器测试技术方法大全
路由器需要连接两个或多个逻辑端口,至少拥有一个物理端口。路由器根据收到的数据包中网络层地址以及路由器内部维护的路由表决定输出端口以及下一
-
如何用终端控制台访问路由器
路由器是我们常用到的网络设备,本文主要介绍了访问路由器可以用终端控制台,TTY线路,VTY线路,基于SNMP网管和RMON等方法,详细的叙述请阅读本文。 终端控
-
存储路由器和SAN路由器知识大全
存储路由器的主要的特点是极大地提高了容灾系统的数据可用性,整体的可靠性和稳定性,利用存储路由器构建的多个SAN存储体系互通的连接。 存储路由器
-
路由器的作用与功能知识大全
路由器的原理与作用路由器是一种典型的网络层设备。它是两个局域网之间接帧传输数据,在OSI/RM之中被称之为中介系统,完成网络层中继或第三层中继的