2024年2月15日发(作者:完颜恩)
中兴路由器配置
用黄色显示的是配置过的命令,其他的都为系统默认。
ZXR10#sh run
! ZXR10>en
!passward:zxr10
ZXR10#conf ter
ip dhcp enable #开启dhcp功能#
ip dhcp server dns 211.138.151.161 202.101.107.98 #设置分配给客户的dns地址#
ip dhcp server leasetime 18000
ip dhcp server update arp
!
ip dhcp-client disable
!
urpf log off
!
ip local pool conflict-ip 10
ip local pool dhcp 192.168.1.2 192.168.1.254 255.255.255.0 #配置地址池,地址池名字为dhcp,等下在接口下引用这个名字#
!
!
interface null1
!
interface fei_0/1 #连接公网的接口#
ip address 211.138.142.170 255.255.255.252 #配置公网口ip地址#
negotiation auto
ip nat outside #做为nat的outside口#
ipv6 nat enable
!
interface fei_0/2 #连接内网的接口#
ip address 192.168.1.1 255.255.255.0 #配置内网接口ip地址#
peer default ip pool dhcp #确定内网pc机使用哪个地址池,地址名字为dhcp#
negotiation auto
exit
ip dhcp mode server #在接口下使能dhcp功能#
ip dhcp server gateway 192.168.1.1 #配置分配的默认网关地址#
ip nat inside #座位nat的insdie接口#
!
interface fei_0/3
negotiation auto
!
!
reference clock local
!
ip nat max-entry-number 64
ip nat start #启用nat功能#
ip nat inside source list 1 interface fei_0/1 #配置允许内网地址进行nat转换,并且转换后的地址为外网口接口fei_0/1地址#
ip nat translation timeout class a 20
ip nat translation timeout class b 60
ip nat translation timeout class c 150
ip nat translation timeout class d 300
ip nat translation timeout class e 1200
ip nat translation timeout protocol icmp a
ip nat translation timeout protocol ip d
ip nat translation timeout protocol tcp port 80 a
ip nat translation timeout protocol tcp d
ip nat translation timeout protocol udp port 4000 d
ip nat translation timeout protocol udp port 4001 d
ip nat translation timeout protocol udp port 4002 d
ip nat translation timeout protocol udp port 4003 d
ip nat translation timeout protocol udp port 8000 d
ip nat translation timeout protocol udp port 8001 d
ip nat translation timeout protocol udp c
ip nat translation maximal default 65535
!
ip route 0.0.0.0 0.0.0.0 211.138.142.169 #添加一条默认出口路由(公网网关)#
!
voice class service 20100510
!
!
ipv6 nat enable
ipv6 nat translation tcp-time-out 300
ipv6 nat translation udp-time-out 300
ipv6 nat translation icmp-time-out 60
ipv6 nat translation max-dynamic-entries 32773
!
!
!
acl standard number 1 #配置访问列表,用于允许哪些地址进行nat转换,在上面被引用#
rule 1 permit 192.168.1.0 0.0.0.255
!
acl standard number 2
rule 1 permit any
!
!
!
ip tcp intercept mode intercept
ip tcp intercept drop-mode oldest
ip tcp intercept watch-timeout 30
ip tcp intercept finrst-timeout 5
ip tcp intercept connection-timeout 86400
ip tcp intercept max-incomplete high 1100
ip tcp intercept max-incomplete low 900
ip tcp intercept one-minute high 1100
ip tcp intercept one-minute low 900
!
nas
!
version V4.8.01.B.01
!
nvram mng-ip-address 10.40.88.173 255.255.0.0
!
nvram boot-username target
!
nvram boot-password target
!
nvram boot-server 10.40.88.172
!
nvram imgfile-location local
!
hostname ZXR10
!
forward re-fragment time 6
!
enable secret level 15 5 bDo8dPdlz3ZwZrNNt7F+kA==
!
username zxr10 password zsr
username quanyou password quanyou privilege 15 #配置一个远程管理用户#
!
user-authentication-type local
user-authorization-type local
!
line console 0
no login authentication
!
banner incoming @
*****************************************************
Welcome to ZXR10 ZSR Serial Router of ZTE Corporation
*****************************************************
@
!
!
lfap disable
lfap max-send-fun-size 100
lfap update-interval 60
lfap server-retry-interval 60
lfap message-response-interval 60
lfap ka-interval 60
lfap flow-expired-time 600
!
!
!
snmp-server location No.68 Zijinghua Rd. Yuhuatai District, Nanjing, China
snmp-server contact +86-25-52870000
snmp-server packetsize 1400
snmp-server engine-id 830289d64401
snmp-server view AllView internet included
snmp-server view DefaultView system included
!
!
logging on
logging buffer 200
logging mode fullcycle
logging console notifications
logging level notifications
logging cmdlog-interval 2880
logging timestamps datetime localtime
alarm cpuload-on
alarm cpuload-interval 30
alarm cpuload-threshold high-grade 95 middle-grade 85 low-grade 75
syslog-server facility local0
!
line console idle-timeout 120
line console absolute-timeout 1440
line telnet idle-timeout 120
line telnet absolute-timeout 1440
line telnet access-class 2
!
ssh server authentication ispgroup 1 2
ssh server authentication mode local
ssh server authentication type chap
no ssh server only
ssh server version 2
!
!
radius auto-change off
!
!
tacacs disable
tacacs-server timeout 5
tacacs-server packet 1024
!
!
amat disable
!
end
ZXR10#
2024年2月15日发(作者:完颜恩)
中兴路由器配置
用黄色显示的是配置过的命令,其他的都为系统默认。
ZXR10#sh run
! ZXR10>en
!passward:zxr10
ZXR10#conf ter
ip dhcp enable #开启dhcp功能#
ip dhcp server dns 211.138.151.161 202.101.107.98 #设置分配给客户的dns地址#
ip dhcp server leasetime 18000
ip dhcp server update arp
!
ip dhcp-client disable
!
urpf log off
!
ip local pool conflict-ip 10
ip local pool dhcp 192.168.1.2 192.168.1.254 255.255.255.0 #配置地址池,地址池名字为dhcp,等下在接口下引用这个名字#
!
!
interface null1
!
interface fei_0/1 #连接公网的接口#
ip address 211.138.142.170 255.255.255.252 #配置公网口ip地址#
negotiation auto
ip nat outside #做为nat的outside口#
ipv6 nat enable
!
interface fei_0/2 #连接内网的接口#
ip address 192.168.1.1 255.255.255.0 #配置内网接口ip地址#
peer default ip pool dhcp #确定内网pc机使用哪个地址池,地址名字为dhcp#
negotiation auto
exit
ip dhcp mode server #在接口下使能dhcp功能#
ip dhcp server gateway 192.168.1.1 #配置分配的默认网关地址#
ip nat inside #座位nat的insdie接口#
!
interface fei_0/3
negotiation auto
!
!
reference clock local
!
ip nat max-entry-number 64
ip nat start #启用nat功能#
ip nat inside source list 1 interface fei_0/1 #配置允许内网地址进行nat转换,并且转换后的地址为外网口接口fei_0/1地址#
ip nat translation timeout class a 20
ip nat translation timeout class b 60
ip nat translation timeout class c 150
ip nat translation timeout class d 300
ip nat translation timeout class e 1200
ip nat translation timeout protocol icmp a
ip nat translation timeout protocol ip d
ip nat translation timeout protocol tcp port 80 a
ip nat translation timeout protocol tcp d
ip nat translation timeout protocol udp port 4000 d
ip nat translation timeout protocol udp port 4001 d
ip nat translation timeout protocol udp port 4002 d
ip nat translation timeout protocol udp port 4003 d
ip nat translation timeout protocol udp port 8000 d
ip nat translation timeout protocol udp port 8001 d
ip nat translation timeout protocol udp c
ip nat translation maximal default 65535
!
ip route 0.0.0.0 0.0.0.0 211.138.142.169 #添加一条默认出口路由(公网网关)#
!
voice class service 20100510
!
!
ipv6 nat enable
ipv6 nat translation tcp-time-out 300
ipv6 nat translation udp-time-out 300
ipv6 nat translation icmp-time-out 60
ipv6 nat translation max-dynamic-entries 32773
!
!
!
acl standard number 1 #配置访问列表,用于允许哪些地址进行nat转换,在上面被引用#
rule 1 permit 192.168.1.0 0.0.0.255
!
acl standard number 2
rule 1 permit any
!
!
!
ip tcp intercept mode intercept
ip tcp intercept drop-mode oldest
ip tcp intercept watch-timeout 30
ip tcp intercept finrst-timeout 5
ip tcp intercept connection-timeout 86400
ip tcp intercept max-incomplete high 1100
ip tcp intercept max-incomplete low 900
ip tcp intercept one-minute high 1100
ip tcp intercept one-minute low 900
!
nas
!
version V4.8.01.B.01
!
nvram mng-ip-address 10.40.88.173 255.255.0.0
!
nvram boot-username target
!
nvram boot-password target
!
nvram boot-server 10.40.88.172
!
nvram imgfile-location local
!
hostname ZXR10
!
forward re-fragment time 6
!
enable secret level 15 5 bDo8dPdlz3ZwZrNNt7F+kA==
!
username zxr10 password zsr
username quanyou password quanyou privilege 15 #配置一个远程管理用户#
!
user-authentication-type local
user-authorization-type local
!
line console 0
no login authentication
!
banner incoming @
*****************************************************
Welcome to ZXR10 ZSR Serial Router of ZTE Corporation
*****************************************************
@
!
!
lfap disable
lfap max-send-fun-size 100
lfap update-interval 60
lfap server-retry-interval 60
lfap message-response-interval 60
lfap ka-interval 60
lfap flow-expired-time 600
!
!
!
snmp-server location No.68 Zijinghua Rd. Yuhuatai District, Nanjing, China
snmp-server contact +86-25-52870000
snmp-server packetsize 1400
snmp-server engine-id 830289d64401
snmp-server view AllView internet included
snmp-server view DefaultView system included
!
!
logging on
logging buffer 200
logging mode fullcycle
logging console notifications
logging level notifications
logging cmdlog-interval 2880
logging timestamps datetime localtime
alarm cpuload-on
alarm cpuload-interval 30
alarm cpuload-threshold high-grade 95 middle-grade 85 low-grade 75
syslog-server facility local0
!
line console idle-timeout 120
line console absolute-timeout 1440
line telnet idle-timeout 120
line telnet absolute-timeout 1440
line telnet access-class 2
!
ssh server authentication ispgroup 1 2
ssh server authentication mode local
ssh server authentication type chap
no ssh server only
ssh server version 2
!
!
radius auto-change off
!
!
tacacs disable
tacacs-server timeout 5
tacacs-server packet 1024
!
!
amat disable
!
end
ZXR10#