- 积分
- 87
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2011-3-21
- 最后登录
- 1970-1-1
- 阅读权限
- 20
- 听众
- 收听
助理工程师
|
最近工作,接触MPLS-VPN比较多,今天下午没什么事,于是花了半天时间写了一个关于MPLS-VPN的配置,希望对准备学MPLS-VPN的朋友有所帮助,由于内容确实太多,时间也很仓促,因些如果有错误的地方,敬请谅解!
我发了几次图片,发现图片都看不清楚,图片请看附件
top
一、配置说明:此配置我是模拟一个市的政府网络互联
这里的LONGQUAN、JINGTANG、QINGBAIJINAG、PUJINAG为这个市的四个区县,CORE1、CORE2为市政府总部的两台核心路由器分别两到了两个不同的出口、PC1、PC2为政府LONGQUAN 和PUJINAG下的两台PC,PIX1为出口1的防火墙连接到ISP1,PIX2为出口2的防火墙连接到ISP2,ISP1与ISP2模拟两个运营商,另外这里模拟了一个部门cddz_fazhiban(法制办),当然还有其它部门这里没有列出比如文化局、农委等。
要求:1、PC1、PC2通过DHCP获得地址
2、两台PC能相互通信(只能访问同一部门的,比如LONGQUAN的fazhiban只能访问其它区县的fazhiban不能访问其它部门
3、能够访问外网,但是有备份,正常情况下,LONGQUAN的走出口一,PUJINAG的走出口二
4、使用MPLS-VPN配置该网络
地址规划:本网络内部涉及到A B C三类私有地址,所用PC使用A类地址,举例10.1.3.1,10代表网络,1代表地区,比如1为LONGQUAN 2为PUJINAG 3为JINGTANG4为QINGBAIJIANG,地直的第三部分代表VLAN,这里为3代表VLAN3里的主机,最后一部分代表主机地址,这里为1,所有环回口地址使用192.168.40.0地址,比如192.168.40.1 40.2等。所有交换机与路由器相连使用192.168.1.0/24 作/30地址划分后的地址如192.168.1.0 /30 192.168.1.8/30等。所有防火墙与核心路由器相连使用172.16.1.0/30
172.16.2.0/30地址,ISP使用221.1.1.0 221.1.2.0 221.1.3.0 /30网段
设备说明:这里的交换机为:3600模拟、核心路由器为3600模拟,防火墙为PIX520,ISP、PC为2691
配置过程:
1、基本配置
2、所有路由器、交换机之间跑OSPF多区宣告环回口地址、直连地址(192.168.1.0网段)
3、接口下起MPLS IP
4、路由器、交换机之间起建立MP-BGP
5、建立VRF,把接口加入VRF,重分布直连及静态,在核心上重分布默认路由
6、防火墙配置静态路由、PAT
7、ISP之间跑EBGP
相关配置:
LONGQUAN
LONGQUAN#show run
Building configuration...
Current configuration : 2654 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LONGQUAN
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
!
ip dhcp pool cddz_fazhiban
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
dns-server 119.6.6.6 61.139.2.69
!
!
ip vrf cddz_fazhiban
rd 65000:3
route-target export 65000:3
route-target export 65000:5000
route-target import 65000:3
route-target import 65000:1000
!
mpls label range 16 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.40.1 255.255.255.255
!
interface FastEthernet0/0
switchport access vlan 3
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
switchport access vlan 801
!
interface FastEthernet0/15
switchport access vlan 800
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.184.221.1 255.255.255.0
!
interface Vlan3
ip vrf forwarding cddz_fazhiban
ip address 10.1.3.1 255.255.255.0
!
interface Vlan800
ip address 192.168.1.1 255.255.255.252
mpls ip
!
interface Vlan801
ip address 192.168.1.5 255.255.255.252
mpls ip
!
router ospf 1
router-id 192.168.40.1
log-adjacency-changes
network 10.184.221.0 0.0.0.255 area 0.0.0.5
network 192.168.1.0 0.0.0.3 area 0.0.0.5
network 192.168.1.4 0.0.0.3 area 0.0.0.5
network 192.168.40.1 0.0.0.0 area 0.0.0.5
!
router bgp 65000
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.40.5 remote-as 65000
neighbor 192.168.40.5 update-source Loopback0
neighbor 192.168.40.6 remote-as 65000
neighbor 192.168.40.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.5 activate
neighbor 192.168.40.5 send-community extended
neighbor 192.168.40.6 activate
neighbor 192.168.40.6 send-community extended
exit-address-family
!
address-family ipv4 vrf cddz_fazhiban
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
!
end
PUJINAG
PUJIANG#SHOW RUN
Building configuration...
*Mar 1 03:11:03.875: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.40.1 on Vlan801 from INIT to DOWN, Neighbor Down: Dead timer expired
Current configuration : 2618 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PUJIANG
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
!
ip dhcp pool cddz_fazhiban
network 10.2.3.0 255.255.255.0
dns-server 119.6.6.6 61.139.2.69
default-router 10.2.3.1
!
!
ip vrf cddz_fazhiban
rd 65000:3
route-target export 65000:3
route-target export 65000:5000
route-target import 65000:3
route-target import 65000:1001
!
mpls label range 101 200
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.40.2 255.255.255.255
!
interface FastEthernet0/0
switchport access vlan 3
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
switchport access vlan 801
!
interface FastEthernet0/15
switchport access vlan 800
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.184.222.1 255.255.255.0
!
interface Vlan3
ip vrf forwarding cddz_fazhiban
ip address 10.2.3.1 255.255.255.0
!
interface Vlan800
ip address 192.168.1.9 255.255.255.252
mpls ip
!
interface Vlan801
ip address 192.168.1.6 255.255.255.252
mpls ip
!
router ospf 1
router-id 192.168.40.2
log-adjacency-changes
network 10.184.222.0 0.0.0.255 area 0.0.0.5
network 192.168.1.4 0.0.0.3 area 0.0.0.5
network 192.168.1.8 0.0.0.3 area 0.0.0.5
network 192.168.40.2 0.0.0.0 area 0.0.0.5
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 192.168.40.5 remote-as 65000
neighbor 192.168.40.5 update-source Loopback0
neighbor 192.168.40.6 remote-as 65000
neighbor 192.168.40.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.5 activate
neighbor 192.168.40.5 send-community extended
neighbor 192.168.40.6 activate
neighbor 192.168.40.6 send-community extended
exit-address-family
!
address-family ipv4 vrf cddz_fazhiban
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
JINGTANG
JINGTANG#show run
Building configuration...
Current configuration : 2595 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname JINGTANG
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
!
ip dhcp pool cddz_fazhiban
network 10.3.3.0 255.255.255.0
dns-server 119.6.6.6 61.139.2.69
default-router 10.3.3.1
!
!
ip vrf cddz_fazhiban
rd 65000:3
route-target export 65000:3
route-target export 65000:5000
route-target import 65000:3
route-target import 65000:1000
!
mpls label range 201 300
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.40.3 255.255.255.255
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
switchport access vlan 801
!
interface FastEthernet0/15
switchport access vlan 800
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.184.223.1 255.255.255.0
!
interface Vlan3
ip vrf forwarding cddz_fazhiban
ip address 10.3.3.1 255.255.255.0
!
interface Vlan800
ip address 192.168.1.2 255.255.255.252
mpls ip
!
interface Vlan801
ip address 192.168.1.13 255.255.255.252
mpls ip
!
router ospf 1
router-id 192.168.40.3
log-adjacency-changes
network 10.184.223.0 0.0.0.255 area 0.0.0.5
network 192.168.1.0 0.0.0.3 area 0.0.0.5
network 192.168.1.12 0.0.0.3 area 0.0.0.5
network 192.168.40.3 0.0.0.0 area 0.0.0.5
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 192.168.40.5 remote-as 65000
neighbor 192.168.40.5 update-source Loopback0
neighbor 192.168.40.6 remote-as 65000
neighbor 192.168.40.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.5 activate
neighbor 192.168.40.5 send-community extended
neighbor 192.168.40.6 activate
neighbor 192.168.40.6 send-community extended
exit-address-family
!
address-family ipv4 vrf cddz_fazhiban
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
!
QINGBAIJIANG
QINGBAIJIANG#show run
Building configuration...
Current configuration : 2633 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname QINGBAIJIANG
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
!
ip dhcp pool cddz_fazhiban
network 10.4.3.0 255.255.255.0
dns-server 119.6.6.6 61.139.2.69
default-router 10.4.3.1
!
!
ip vrf cddz_fazhiban
rd 65000:3
route-target export 65000:3
route-target export 65000:5000
route-target import 65000:3
route-target import 65000:1001
!
mpls label range 301 400
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.40.4 255.255.255.255
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
switchport access vlan 801
!
interface FastEthernet0/15
switchport access vlan 800
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.184.224.1 255.255.255.0
!
interface Vlan3
ip vrf forwarding cddz_fazhiban
ip address 10.4.3.1 255.255.255.0
!
interface Vlan4
no ip address
!
interface Vlan800
ip address 192.168.1.10 255.255.255.252
mpls ip
!
interface Vlan801
ip address 192.168.1.17 255.255.255.252
mpls ip
!
router ospf 1
router-id 192.168.40.4
log-adjacency-changes
network 10.184.224.0 0.0.0.255 area 0.0.0.5
network 192.168.1.8 0.0.0.3 area 0.0.0.5
network 192.168.1.16 0.0.0.3 area 0.0.0.5
network 192.168.40.4 0.0.0.0 area 0.0.0.5
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 192.168.40.5 remote-as 65000
neighbor 192.168.40.5 update-source Loopback0
neighbor 192.168.40.6 remote-as 65000
neighbor 192.168.40.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.5 activate
neighbor 192.168.40.5 send-community extended
neighbor 192.168.40.6 activate
neighbor 192.168.40.6 send-community extended
exit-address-family
!
address-family ipv4 vrf cddz_fazhiban
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
!
CORE1
CORE1#show run
Building configuration...
Current configuration : 2978 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf cddz_chukou1
rd 65000:1000
route-target export 65000:1000
route-target import 65000:1000
route-target import 65000:1001
route-target import 65000:5000
!
mpls label range 401 500
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.40.5 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.14 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding cddz_chukou1
ip address 172.16.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 192.168.1.21 255.255.255.252
duplex auto
speed auto
mpls ip
!
router ospf 1
router-id 192.168.40.5
log-adjacency-changes
network 192.168.1.12 0.0.0.3 area 0.0.0.5
network 192.168.1.20 0.0.0.3 area 0.0.0.0
network 192.168.40.5 0.0.0.0 area 0.0.0.0
!
router bgp 65000
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.40.1 remote-as 65000
neighbor 192.168.40.1 update-source Loopback0
neighbor 192.168.40.1 route-reflector-client
neighbor 192.168.40.2 remote-as 65000
neighbor 192.168.40.2 update-source Loopback0
neighbor 192.168.40.2 route-reflector-client
neighbor 192.168.40.3 remote-as 65000
neighbor 192.168.40.3 update-source Loopback0
neighbor 192.168.40.3 route-reflector-client
neighbor 192.168.40.4 remote-as 65000
neighbor 192.168.40.4 update-source Loopback0
neighbor 192.168.40.4 route-reflector-client
neighbor 192.168.40.6 remote-as 65000
neighbor 192.168.40.6 update-source Loopback0
neighbor 192.168.40.6 route-reflector-client
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.1 activate
neighbor 192.168.40.1 send-community extended
neighbor 192.168.40.1 route-reflector-client
neighbor 192.168.40.2 activate
neighbor 192.168.40.2 send-community extended
neighbor 192.168.40.2 route-reflector-client
neighbor 192.168.40.3 activate
neighbor 192.168.40.3 send-community extended
neighbor 192.168.40.3 route-reflector-client
neighbor 192.168.40.4 activate
neighbor 192.168.40.4 send-community extended
neighbor 192.168.40.4 route-reflector-client
neighbor 192.168.40.6 activate
neighbor 192.168.40.6 send-community extended
neighbor 192.168.40.6 route-reflector-client
exit-address-family
!
address-family ipv4 vrf cddz_chukou1
redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
ip route vrf cddz_chukou1 0.0.0.0 0.0.0.0 172.16.1.2
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
CORE2
CORE2#SHOW RUN
Building configuration...
*Mar 1 03:12:47.939: %BGP-5-ADJCHANGE: neighbor 192.168.40.1 Down BGP Notification sent
*Mar 1 03:12:47.939: %BGP-3-NOTIFICATION: sent to neighbor 192.168.40.1 4/0 (hold time expired) 0 bytes
*Mar 1 03:12:47.943: %BGP-5-ADJCHANGE: neighbor 192.168.40.4 Down BGP Notification sent
Current configuration : 2978 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf cddz_chukou2
rd 65000:1001
route-target export 65000:1001
route-target import 65000:1001
route-target import 65000:5000
route-target import 65000:1000
!
mpls label range 501 600
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
!
!
--More--
*Mar 1 03:12:47.943: %BGP-3-NOTIFICATION: sent to neighbor 192.168.40.4 4/0 (hold time expired) 0 bytes
!
!
!
interface Loopback0
ip address 192.168.40.6 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.18 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding cddz_chukou2
ip address 172.16.2.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 192.168.1.22 255.255.255.252
duplex auto
speed auto
mpls ip
!
router ospf 1
router-id 192.168.40.6
log-adjacency-changes
network 192.168.1.16 0.0.0.3 area 0.0.0.5
network 192.168.1.20 0.0.0.3 area 0.0.0.0
network 192.168.40.6 0.0.0.0 area 0.0.0.0
!
router bgp 65000
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.40.1 remote-as 65000
neighbor 192.168.40.1 update-source Loopback0
neighbor 192.168.40.1 route-reflector-client
neighbor 192.168.40.2 remote-as 65000
neighbor 192.168.40.2 update-source Loopback0
neighbor 192.168.40.2 route-reflector-client
neighbor 192.168.40.3 remote-as 65000
neighbor 192.168.40.3 update-source Loopback0
neighbor 192.168.40.3 route-reflector-client
neighbor 192.168.40.4 remote-as 65000
neighbor 192.168.40.4 update-source Loopback0
neighbor 192.168.40.4 route-reflector-client
neighbor 192.168.40.5 remote-as 65000
neighbor 192.168.40.5 update-source Loopback0
neighbor 192.168.40.5 route-reflector-client
no auto-summary
!
address-family vpnv4
neighbor 192.168.40.1 activate
neighbor 192.168.40.1 send-community extended
neighbor 192.168.40.1 route-reflector-client
neighbor 192.168.40.2 activate
neighbor 192.168.40.2 send-community extended
neighbor 192.168.40.2 route-reflector-client
neighbor 192.168.40.3 activate
neighbor 192.168.40.3 send-community extended
neighbor 192.168.40.3 route-reflector-client
neighbor 192.168.40.4 activate
neighbor 192.168.40.4 send-community extended
neighbor 192.168.40.4 route-reflector-client
neighbor 192.168.40.5 activate
neighbor 192.168.40.5 send-community extended
neighbor 192.168.40.5 route-reflector-client
exit-address-family
!
address-family ipv4 vrf cddz_chukou2
redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
ip route vrf cddz_chukou2 0.0.0.0 0.0.0.0 172.16.2.2
!
!
!
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
!
!
PIX1
PIX1(config)# show run
: Saved
:
PIX Version 8.0(2)
!
hostname PIX1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.1.2 255.255.255.252
!
interface Ethernet1
nameif outside
security-level 0
ip address 221.1.1.1 255.255.255.252
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 221.1.1.2 1
route inside 10.0.0.0 255.0.0.0 172.16.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map ICMP
match default-inspection-traffic
!
!
policy-map ICMP
class ICMP
inspect icmp
!
service-policy ICMP global
prompt hostname context
Cryptochecksum:22ed3514f1d58ad456cba57206d853f4
: end
PIX2
PIX2# show run
: Saved
:
PIX Version 8.0(2)
!
hostname PIX2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.2.2 255.255.255.252
!
interface Ethernet1
nameif outside
security-level 0
ip address 221.1.2.1 255.255.255.252
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 221.1.2.2 1
route inside 10.0.0.0 255.0.0.0 172.16.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map ICMP
match default-inspection-traffic
!
!
policy-map ICMP
class ICMP
inspect icmp
!
service-policy ICMP global
prompt hostname context
Cryptochecksum:86e54023b7ed90c46693a19a725eca8b
: end
ISP1
ISP1#show run
Building configuration...
Current configuration : 844 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 221.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 221.1.3.1 255.255.255.252
duplex auto
speed auto
!
!
router bgp 1
no synchronization
bgp log-neighbor-changes
network 221.1.1.0 mask 255.255.255.252
network 221.1.3.0 mask 255.255.255.252
neighbor 221.1.3.2 remote-as 2
no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
ISP2
ISP2#show run
Building configuration...
Current configuration : 844 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 221.1.2.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 221.1.3.2 255.255.255.252
duplex auto
speed auto
!
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 221.1.2.0 mask 255.255.255.252
network 221.1.3.0 mask 255.255.255.252
neighbor 221.1.3.1 remote-as 1
no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
|
-
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2011-3-31 17:22:25
置顶卡
喧嚣卡
变色卡
千斤顶
楼主
