hostname router
!interface FastEthernet1/0 ! description connection to LAN ! ip address 192.168.X.1 255.255.255.0 ! no shutdown ! !interface FastEthernet1/1 interface FastEthernet0/0 description connection to ISP ip address 172.16.1.X 255.255.255.0 ! duplex half ! speed 100 no ip unreachables ! for GNS mac-address e418.08f2.5900+X ! for GNS no shutdown
interface Port-channel1 description connection to LAN ip address 192.168.X.1 255.255.255.0 no shutdown duplex full ! for GNS interface FastEthernet1/0 channel-group 1 no shutdown interface FastEthernet1/1 channel-group 1 ! no shutdown ! for course with GNS
!interface FastEthernet1/0.2 ! description connection to LAN2 ! encapsulation dot1Q 2 ! ip address 192.168.100+X.1 255.255.255.0 ! no shut
ip route 0.0.0.0 0.0.0.0 172.16.1.254
Особенности GNS
ip route 10.0.0.0 255.0.0.0 Null0 ip route 172.16.0.0 255.255.0.0 Null0 ip route 192.168.0.0 255.255.0.0 Null0
!ip name-server 172.16.1.254 ip name-server 192.168.X.10 ip domain-name corpX.un !ip domain-lookup
!no ip domain-lookup !ip host server 192.168.X.10 !Рекомендуется для rcmd
ip dhcp excluded-address 192.168.X.1 192.168.X.100 ip dhcp excluded-address 192.168.X.110 192.168.X.254 ip dhcp pool LAN network 192.168.X.0 255.255.255.0 default-router 192.168.X.1 ! dns-server 172.16.1.254 dns-server 192.168.X.10 domain-name corpX.un ! option 150 ip 192.168.X.10 ! bootfile pxelinux.0 ! next-server 192.168.X.10 lease 0 10 0
#show ip dhcp binding #clear ip dhcp binding 192.168.X.10N
clock timezone MSK 3 clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 2:00 ntp server 0.ru.pool.ntp.org ntp server 1.ru.pool.ntp.org ntp server 2.ru.pool.ntp.org ntp server 3.ru.pool.ntp.org ntp master
show ntp associations
# cat /srv/tftp/firewall.acl
no ip access-list extended ACL_FIREWALL ip access-list extended ACL_FIREWALL permit tcp any host 192.168.X.10 eq 80 permit tcp any host 192.168.X.10 eq 22 permit icmp any 192.168.0.0 0.0.255.255 permit ip any host 172.16.1.X permit udp any any permit tcp any any established deny ip any any ! log interface FastEthernet0/0 ip access-group ACL_FIREWALL in end
ip access-list standard ACL_NAT permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 deny any ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source static udp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable interface FastEthernet1/0 ip nat inside interface FastEthernet1/1 ip nat outside ! ip nat log translations syslog ! ip nat log translations flow-export v9 ...
router# show ip nat tr router# clear ip nat tr *
ip access-list extended ACL_REDIRECT_HTTP deny ip host 192.168.X.10 any permit tcp 192.168.X.0 0.0.0.255 any eq www route-map RM_REDIRECT_HTTP permit 10 match ip address ACL_REDIRECT_HTTP set ip next-hop 192.168.X.10 interface FastEthernet1/0 description connection to LAN ip policy route-map RM_REDIRECT_HTTP
ip flow-export version 5 ip flow-export destination server 2055 ! ip flow-export destination server 9555 !interface FastEthernet1/0 interface Port-channel1 ip route-cache flow !interface FastEthernet1/1 interface FastEthernet0/0 ip route-cache flow
[server:~] # ls /tftpboot/c2600-js-mz.122-40.bin router#more tftp://192.168.X.1/c2600-js-mz.122-40.bin router#wr t ... boot system tftp c2600-js-mz.122-40.bin 192.168.X.1 ... ! interface FastEthernet0/0 ip address 192.168.X.2 255.255.255.0 speed 100 full-duplex ! switch#wr t ... ! interface FastEthernet0/2 duplex full speed 100 spanning-tree portfast !
rommon 1 > IP_ADDRESS=192.168.X.2 rommon 2 > IP_SUBNET_MASK=255.255.255.0 rommon 3 > TFTP_SERVER=192.168.X.3 rommon 4 > DEFAULT_GATEWAY=192.168.X.3 rommon 5 > TFTP_FILE=c2600-js-mz.122-40.bin rommon 6 > set rommon 7 > tftpdnld rommon 8 > reset
rommon 1 > confreg 0x2142 rommon 2 > boot