====== Оборудование уровня 3 Cisco Router ======
===== Настройка имени устройства =====
hostname router
===== Настройка интерфейсов =====
* [[https://www.cisco.com/c/ru_ru/support/docs/switches/catalyst-2950-series-switches/24042-158.html|Настройка транкинга EtherChannel и 802.1Q между коммутатором Catalyst с фиксированной конфигурацией L2 и маршрутизатором (InterVLAN Routing)]]
==== Базовая ====
!interface FastEthernet1/0
! description connection to LAN
! ip address 192.168.X.1 255.255.255.0
! no shutdown
!
!interface FastEthernet1/1
interface FastEthernet0/0
description connection to ISP
ip address 172.16.1.X 255.255.255.0
! duplex half
! speed 100
no ip unreachables ! for GNS
mac-address e418.08f2.5900+X ! for GNS
no shutdown
==== EtherChannel ====
interface Port-channel1
description connection to LAN
ip address 192.168.X.1 255.255.255.0
no shutdown
duplex full ! for GNS
interface FastEthernet1/0
channel-group 1
no shutdown
interface FastEthernet1/1
channel-group 1
! no shutdown ! for course with GNS
==== Trunk ====
!interface FastEthernet1/0.2
! description connection to LAN2
! encapsulation dot1Q 2
! ip address 192.168.100+X.1 255.255.255.0
! no shut
===== Настройка маршрута по умолчанию =====
ip route 0.0.0.0 0.0.0.0 172.16.1.254
Особенности GNS
ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.255.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
===== Настройка разрешения имен =====
==== c использованием DNS ====
!ip name-server 172.16.1.254
ip name-server 192.168.X.10
ip domain-name corpX.un
!ip domain-lookup
==== с использованием статических записей (аналог hosts) ====
!no ip domain-lookup
!ip host server 192.168.X.10 !Рекомендуется для rcmd
===== Настройка DHCP сервиса =====
ip dhcp excluded-address 192.168.X.1 192.168.X.100
ip dhcp excluded-address 192.168.X.110 192.168.X.254
ip dhcp pool LAN
network 192.168.X.0 255.255.255.0
default-router 192.168.X.1
! dns-server 172.16.1.254
dns-server 192.168.X.10
domain-name corpX.un
! option 150 ip 192.168.X.10
! bootfile pxelinux.0
! next-server 192.168.X.10
lease 0 10 0
#show ip dhcp binding
#clear ip dhcp binding 192.168.X.10N
===== Настройка NTP сервиса =====
clock timezone MSK 3
clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 2:00
ntp server 0.ru.pool.ntp.org
ntp server 1.ru.pool.ntp.org
ntp server 2.ru.pool.ntp.org
ntp server 3.ru.pool.ntp.org
ntp master
show ntp associations
===== Настройка пакетного фильтра =====
# cat /srv/tftp/firewall.acl
no ip access-list extended ACL_FIREWALL
ip access-list extended ACL_FIREWALL
permit tcp any host 192.168.X.10 eq 80
permit tcp any host 192.168.X.10 eq 22
permit icmp any 192.168.0.0 0.0.255.255
permit ip any host 172.16.1.X
permit udp any any
permit tcp any any established
deny ip any any ! log
interface FastEthernet0/0
ip access-group ACL_FIREWALL in
end
===== Настройка NAT сервиса =====
ip access-list standard ACL_NAT
permit 192.168.X.0 0.0.0.255
permit 192.168.100+X.0 0.0.0.255
deny any
ip nat inside source list ACL_NAT interface FastEthernet1/1 overload
ip nat inside source static udp 192.168.X.10 53 172.16.1.X 53 extendable
ip nat inside source static tcp 192.168.X.10 53 172.16.1.X 53 extendable
ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable
ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable
interface FastEthernet1/0
ip nat inside
interface FastEthernet1/1
ip nat outside
! ip nat log translations syslog
! ip nat log translations flow-export v9 ...
router# show ip nat tr
router# clear ip nat tr *
===== Управление политиками маршрутизации =====
ip access-list extended ACL_REDIRECT_HTTP
deny ip host 192.168.X.10 any
permit tcp 192.168.X.0 0.0.0.255 any eq www
route-map RM_REDIRECT_HTTP permit 10
match ip address ACL_REDIRECT_HTTP
set ip next-hop 192.168.X.10
interface FastEthernet1/0
description connection to LAN
ip policy route-map RM_REDIRECT_HTTP
===== Настройка экспорта статистики по протоколу NetFlow =====
ip flow-export version 5
ip flow-export destination server 2055
! ip flow-export destination server 9555
!interface FastEthernet1/0
interface Port-channel1
ip route-cache flow
!interface FastEthernet1/1
interface FastEthernet0/0
ip route-cache flow
===== Дополнительные материалы =====
==== Загрузка операционной системы по tftp ====
[server:~] # ls /tftpboot/c2600-js-mz.122-40.bin
router#more tftp://192.168.X.1/c2600-js-mz.122-40.bin
router#wr t
...
boot system tftp c2600-js-mz.122-40.bin 192.168.X.1
...
!
interface FastEthernet0/0
ip address 192.168.X.2 255.255.255.0
speed 100
full-duplex
!
switch#wr t
...
!
interface FastEthernet0/2
duplex full
speed 100
spanning-tree portfast
!
==== Загрузка операционной системы по TFTP из ROM монитора ====
rommon 1 > IP_ADDRESS=192.168.X.2
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > TFTP_SERVER=192.168.X.3
rommon 4 > DEFAULT_GATEWAY=192.168.X.3
rommon 5 > TFTP_FILE=c2600-js-mz.122-40.bin
rommon 6 > set
rommon 7 > tftpdnld
rommon 8 > reset
==== Управлением процессом конфигурции при загрузке помощью регистра конфигурации ====
rommon 1 > confreg 0x2142
rommon 2 > boot