路由器基本配置培训教材

《路由器基本配置培训教材》由会员分享，可在线阅读，更多相关《路由器基本配置培训教材（20页珍藏版）》请在装配图网上搜索。

1、市教育城域网项目路由器基本配置培训神州数码网络20XX3月实验一：登陆路由器 一、实验目的1、 学习如何通过CONSOLE接口配置路由器2、 学习如何通过telnet 方式配置路由器3、 学习如何配置路由器的接口4、 学习如何配置路由器的enable密码和telnet 用户名和密码5、 保存配置二、应用环境1、 设备的初始设备一般都是通过CONSOLE接口进行。2、 给相应的接口配置了IP地址,开启了相应的服务后,才可以通过telnet的方式管理路由器。三、实验设备1、 DCR-2626一台2、 PC机一台3、 CONSOLE线缆一条,网线一条四、实验拓扑CONSOLE 口TP0网卡网线RS-

2、232串口五、实验要求TP0 IP地址：192.168.2.1 PC机IP地址：192.168.2.2六、实验步骤1、CONSOLE管理第一步：将配置线的一端与路由器的CONSOLE口相连,另一端与PC机的串口相连,如上图所示。第二步：在PC机上运行终端仿真程序,同时设置终端的硬件参数。打开超级终端2设置连接名称3选择连接的接口,一般情况下为COM14点击还原默认值设置端口属性,点击确定进入超级终端。第三步：路由器加电,超级终端会显示路由器的自检信息,自检结束出现命令提示Press RETURN to get startedSystem Bootstrap, Version 0.4.4Seri

3、al num:8IRTC24, ID num:501926Copyright 2006 by Digital China Networks LimitedDCR-2626 Series 2626Loading DCR26V1.3.3C.bin.Start Decompress DCR26V1.3.3C.bin# Decompress 4850012 byte,Please wait system up.Digitalchina Internetwork Operating System SoftwareDCR-2626 Series Software , Version 1.3.3C, REL

4、EASE SOFTWARESystem start up OKRouter console 0 is now availablePress RETURN to get startedJan 1 00:00:07 Router System started -Jan 1 00:00:16 Line on Interface Serial0/1, changed to downJan 1 00:00:16 Line on Interface Serial0/2, changed to down第四步：按回车键进入用户配置模式。DCR-2626路由器出厂时没有设置密码,输入enable , 按回车键

5、进入特权模式。需要帮助可以随时键入？查看命令。 Welcome to DCR Multi-Protocol 2626 SeriesRouterena -进入特权模式Router#Jan 1 00:09:19 Unknown user enter privilege mode from console 0, level = 15Router#? -查看可用命令 cd - Change directory chinese - Help message in Chinese chmem - Change memory of system chram - Change memory clear - C

6、lear something config - Enter configurative mode connect - Open a outgoing connection copy - Copy configuration or image data debug - Debugging functions delete - Delete a file dir - List files in flash memory disconnect - Disconnect an existing outgoing network connection download - Download with Z

7、MODEM enable - Turn on privileged commands english - Help message in English enter - Turn on privileged commands exec-script - Execute a script on a port or line exit - Exit / quit format - Format file system help - Description of the interactive help system history - Look up history keepalive - Kee

8、palive probe look - Display memory md - Create directory more - Display the contents of a file no - Negate configuration pad - Login to remote node using X.29 ping - Test network status pwd - Display current directory rd - Delete a directory reboot - Restart router rename - Rename a file resume - Re

9、sume an active outgoing network connection rlogin - Open a rlogin connection show - Show configuration and status telnet - Open a telnet connection terminal - Set terminal line parameters traceroute - Trace route to destination upload - Upload with ZMODEM where - Display all outgoing telnet connecti

10、on write - Save current configurationRouter#Router#Chinese - 设置中文帮助Router#? - 再次查看可用命令 cd - 改变当前目录 chinese - 中文帮助信息 chmem - 修改系统存数据 chram - 修改存数据 clear - 清除 config - 进入配置态 connect - 打开一个向外的连接 copy - 拷贝配置方案或存映像 debug - 分析功能 delete - 删除一个文件 dir - 显示闪存中的文件 disconnect - 断开活跃的网络连接 download - 通过ZMODEM协议下载

11、文件 enable - 进入特权方式 english - 英文帮助信息 enter - 进入特权方式 exec-script - 在指定端口运行指定的脚本 exit - 退回或退出 format - 格式化文件系统 help - 交互式帮助系统描述 history - 查看历史 keepalive - 保活探测 look - 显示存数据 md - 创建目录 more - 显示某个文件的容 no - 取消配置 pad - 通过X.29注册到远程节点 ping - 测试网络状态 pwd - 显示当前目录 rd - 删除一个目录 reboot - 重启动路由器 rename - 改变文件名 resu

12、me - 恢复活跃的网络连接 rlogin - 远程登录 show - 显示配置和状态 telnet - 打开一个telnet连接 terminal - 设置终端参数 traceroute - 跟踪到目的地的路由 upload - 通过ZMODEM协议上载文件 where - 显示所有向外的telnet连接 write - 保存当前配置Router#2、通过telnet方式管理路由器第一步：设置路由器以太网接口地址并验证。Router#sh run正在收集配置.当前配置:!version 1.3.3Cservice timestamps log dateservice timestamps d

13、ebug dateno service password-encryption!interface FastEthernet0/0 -查看TP0接口信息 no ip address no ip directed-broadcast!interface FastEthernet0/3 -More- Jan 1 00:16:41 Configured from console 0 by UNKNOWN no ip address no ip directed-broadcast!interface Serial0/1 no ip address no ip directed-broadcast!i

14、nterface Serial0/2 no ip address no ip directed-broadcast!interface Async0/0 no ip address no ip directed-broadcast!ip set-wan-count 1!Router#config -进入全局配置模式Router_config#interface fastEthernet 0/0 -进入接口模式Router_config_f0/0#ip address 192.168.2.1 255.255.255.0 -设置IP地址Router_config_f0/0#no shutdown

15、Router_config_f0/0#exitRouter_config#exitRouter#sh interface f0/0 -验证FastEthernet0/0 is up, line protocol is up -接口和协议都必须UPaddress is 00e0.0f9c.1e19 MTU 1500 bytes, BW 100000 kbit, DLY 10 usec Interface address is 192.168.2.1/24 Encapsulation ARPA, loopback not set Keepalive not set ARP type: ARPA,

16、ARP timeout 00:03:00 60 second input rate 0 bits/sec, 0 packets/sec! 60 second output rate 0 bits/sec, 0 packets/sec! Full-duplex, 100Mb/s, 100BaseTX, 11 ii, 1 oi 13 packets input, 1500 bytes, 200 rx_freebuf Received 0 unicasts, 0 lowmark, 11 ri, 0 input errors 0 overrun, 0 CRC, 0 framing, 0 busy, 0

17、 long, 0 discard, 0 throttles 1 packets output, 46 bytes, 50 tx_freebd, 0 output errors 0 underrun, 0 collisions, 0 late collisions, 0 deferred, 0 reTx expired 0 resets, 0 lost carrier, 0 no carrier 0 grace stop 0 bus error0 output buffer failures, 0 output buffers swapped out 0 tx errors第二步：设置PC机的I

18、P地址并测试连通性第三步：配置telnet的用户名和密码,以及enable密码Router_config#aaa authentication login default localRouter_config#aaa authentication enable default enableRouter_config#username admin password 0 adminRouter_config#enable password 0 admin第四步：在PC机telnet到路由器1运行 telnet 192.168.2.1,出现如下结果：七、保存配置Router_config#write

19、 正在保存当前配置.OK!Router_config#八、注意事项1、 在超级终端中的配置是对路由器的操作,这时PC机只是输入输出设备。2、 在telnet管理时,先测试连通性。实验二：NAT 地址转换的配置一、实验目的1、 掌握地址转换配置2、 掌握私有地址访问internet的配置方法二、应用环境1、 学校部使用私有地址的主机需要访问internet。三、实验设备1、 DCR-2626一台2、 PC机二台3、 CONSOLE线缆一条,网线二条四、实验拓扑PC2PC1TP0TP3网线网卡五、实验要求 PC1模拟学校部主机；PC2模拟外网网络设备。TP0 IP地址：192.168.2.1/24

20、 PC1机IP地址：192.168.2.2/24TP3IP地址：222.159.80.1/24 PC2机IP地址：222.159.80.2/24配置效果：PC1可以PING通PC2六、实验步骤1、配置网接口TP0Router_config#interface fastEthernet 0/0 -进入连接部局域网的接口网口Router_config_f0/0#ip address 192.168.2.1 255.255.255.0 -定义网口IP地址Router_config_f0/0#ip nat inside -定义此端口为网口Router_config_f0/0#exit2、配置外网接口T

21、P3Router_config#interface fastEthernet 0/3 -进入连接外部网络的接口外网口Router_config_f0/3#ip add 222.159.80.1 255.255.255.0 -定义外网口IP地址Router_config_f0/3#ip nat outside -定义此端口为外网口Router_config_f0/3#exit3、配置NAT访问控制列表Router_config#ip access-list extended test-创建一个判断是否符合NAT处理的控制列表Router_config_ext_nacl#permit ip 192

22、.168.2.0 255.255.255.0 any-允许192.168.2.0/24网段可以访问出去Router_config_ext_nacl#exit4、配置地址翻译Router_config#ip nat inside source list test interface fastEthernet 0/3-定义符合test的数据流的源地址在访问外网时翻译成外网口f0/3的IP地址。 5、配置静态路由Router_config#ip route default 222.159.80.2 -设置一条默认路由允许部网段可以访问出去。七、保存配置Router_config#write 正在保存

23、当前配置.OK!Router_config#八、测试C:Documents and Settingshuangweiping 222.159.80.2Pinging 222.159.80.2 with 32 bytes of data:Reply from 222.159.80.2: bytes=32 time1ms TTL=255Reply from 222.159.80.2: bytes=32 time1ms TTL=255Reply from 222.159.80.2: bytes=32 time1ms TTL=255Reply from 222.159.80.2: bytes=32 t

24、ime1ms TTL=255Ping statistics for 222.159.80.2:Packets: Sent = 4, Received = 4, Lost = 0 ,Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msC:Documents and Settingshuangwei实验三：路由器其他常用配置一、实验目的1、 掌握路由器常用配置命令,提高日常维护的能力。三、实验设备1、 DCR-2626一台2、 PC机一台3、 CONSOLE线缆一条,网线二

25、条四、实验拓扑PC2PC1TP0TP3网线网卡六、实验步骤1、删除telnet用户和密码 删除telnet 用户和密码有三种方式： Router_config#no username 123 -回车就可以删除原有用户名和密码 Router_config#no aaa authentication login default3若无法通过Console监控路由器,则只能通过Console进入监控模式,通过more startup-config查找明文方式配置下的密码,若非明文,只能保存有效配置,删除startup-config文件,重新配置。 测试：可以自行设置telnet的用户和密码,通过以上三

26、种方法删除用户和密码。看是否有效果。2、enable密码删除重启路由器,按住ctrl+break 键,通过Console进入监控模式 Welcome to DCR Multi-Protocol 2626 Series Routermonitor#?boot - reboot routercd - change directorychinese - help message in Chinesechram - change memorycopy - Copy file into the routerdate - set system datedelete - delete a filedir -

27、 list files in flash memorydownload - download with ZMODEMenglish - help message in Englishexit - exit / quitformat - format file systemip - IP configuration commandsmd - create directorymore - Display the contents of a filenopasswd - remove enable passwordping - Test network statuspwd - display cur

28、rent directoryquit - exit / quitrd - delete a directoryreboot - restart routerrename - rename a fileshow - show configuration and statusupload - upload with ZMODEMmonitor#delete startup-configmonitor#rebootDo you want to reboot the routery通过Console进入监控模式,通过more startup-config查找明文方式配置下的密码,若非明文,只能保存有效

29、配置,删除startup-config文件,重新配置。测试：可以自行设置enable用户和密码,通过以上方法删除密码。看是否有效果。3、配置访问控制表控制网络病毒 设置一条扩展访问控制列表Router_config#ip access-list extended attack-port2配置默认动作Router_config_ext_nacl# deny tcp any any eq 1433Router_config_ext_nacl# deny udp any any eq 1433Router_config_ext_nacl# deny tcp any any eq 1434Router

30、_config_ext_nacl# deny udp any any eq 1434Router_config_ext_nacl# deny tcp any any eq 139Router_config_ext_nacl# deny udp any any eq 139Router_config_ext_nacl# deny tcp any any eq 135Router_config_ext_nacl# deny udp any any eq 135Router_config_ext_nacl# deny tcp any any eq 136Router_config_ext_nacl#

31、 deny udp any any eq 136Router_config_ext_nacl# deny tcp any any eq 137Router_config_ext_nacl# deny udp any any eq 137Router_config_ext_nacl# deny tcp any any eq 138Router_config_ext_nacl# deny udp any any eq 138Router_config_ext_nacl# deny tcp any any eq 445Router_config_ext_nacl# deny udp any any

32、eq 445Router_config_ext_nacl# deny tcp any any eq 4444Router_config_ext_nacl# deny tcp any any eq 5000Router_config_ext_nacl# deny udp any any eq 5000Router_config_ext_nacl# permit ip any any3将accessl-list 绑定到特定端口的特定方向Router_config#interface f0/0Router_config_f0/0#ip access-group attack-port inRoute

33、r_config_f0/0#interface f0/3Router_config_f0/3#ip access-group attack-port inRouter_config_f0/3#exit4、撤销命令要撤销某个已经键入的命令或者恢复某种默认值,通常是在进入命令的命令模式,直接在原命令前加上关键字no就可以。如：将以太接口Fastethernet0/0的配置全部清除,恢复至默认值。可以在全局模式做如下配置：Router_config#no interface fastethernet 0/05、恢复出厂设置命令模式：特权模式或者监控模式命令：delete例：Router#delete

34、this file will be erased,are you sure?yno such fileRouter#rebootDo you want to reboot the router?y确认后重新启动路由器,即恢复到出厂设置。6、查看版本信息命令模式：特权模式、全局配置模式、接口模式、路由模式命令：show Version例：Router#show version Digitalchina Internetwork Operating System Software2626 Series Software, Version 1.3.3C , RELEASE SOFTWARECopyr

35、ight 2006 by Digital China Networks LimitedCompiled: 2006-11-01 17:33:15 by system, Image text-base: 0x6004ROM: System Bootstrap, Version 0.4.4Serial num:8IRTC24, ID num:501926System image file is DCR26V1.3.3C.binDCR-2626 Processor65536K bytes of memory,8192K bytes of flashRouter uptime is 0:00:29:37, The current time: 2002-01-01 00:29:37Slot 0: SCC Slot Port 0: 10/100Mbps full-duplex Ethernet Port 1: 2M full-duplex Serial Port 2: 2M full-duplex Serial Port 3: 10/100Mbps full-duplex EthernetRouter#19 / 20