一段学习用的路由设置

pailywen

User Access Verification
Password:
CEC_CAT_1>enable
Password:
CEC_CAT_1#show run
Building configuration...
Current configuration : 11945 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname CEC_CAT_1
!
boot system bootflash:cat4000-i5s-mz.122-20.EW.bin
enable password cisco
!
qos
ip subnet-zero
no ip domain-lookup
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
class-map match-all cec_zd_rate-limit
  match access-group 100
class-map match-all traffic-control
  match access-group 199
class-map match-all vlan4-rate-limit
  match access-group 104
!
!
policy-map traffic-control
  class traffic-control
police 3000000 bps 300000 byte conform-action transmit exceed-action drop
policy-map rate-limit
  class vlan4-rate-limit
police 768 kbps 1024 kbyte conform-action transmit exceed-action drop
  class cec_zd_rate-limit
police 768 kbps 1024 kbyte conform-action transmit exceed-action drop
!
!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode desirable
!
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/3
switchport mode trunk
!
interface GigabitEthernet2/4
switchport mode trunk
!
interface GigabitEthernet2/5
switchport mode trunk
!
interface GigabitEthernet2/6
switchport mode trunk
!
interface GigabitEthernet2/7
switchport mode trunk
!
interface GigabitEthernet2/8
switchport mode trunk
!
interface GigabitEthernet2/9
switchport mode trunk
!
interface GigabitEthernet2/10
switchport mode trunk
!
interface GigabitEthernet2/11
switchport mode trunk
!
interface GigabitEthernet2/12
switchport mode trunk
!
interface GigabitEthernet2/13
switchport mode trunk
!
interface GigabitEthernet2/14
switchport mode trunk
!
interface GigabitEthernet2/15
switchport mode trunk
!
interface GigabitEthernet2/16
switchport mode trunk
!
interface GigabitEthernet2/17
switchport mode trunk
!
interface GigabitEthernet2/18
switchport mode trunk
!
interface GigabitEthernet3/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/4
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/5
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/6
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/7
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/8
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/9
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/10
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/10
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/11
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/12
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/13
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/14
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/15
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/16
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/17
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/18
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/19
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/20
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet3/21
!
interface GigabitEthernet3/22
!
interface GigabitEthernet3/23
!
interface GigabitEthernet3/24
!
interface GigabitEthernet3/25
!
interface GigabitEthernet3/26
!
interface GigabitEthernet3/27
!
interface GigabitEthernet3/28
!
interface GigabitEthernet3/29
!
interface GigabitEthernet3/30
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet3/31
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet3/32
switchport access vlan 87
switchport mode access
!
interface GigabitEthernet3/33
switchport access vlan 87
switchport mode access
!
interface GigabitEthernet3/34
switchport access vlan 87
switchport mode access
!
interface GigabitEthernet3/35
switchport access vlan 87
switchport mode access
!
interface GigabitEthernet3/36
!
interface GigabitEthernet3/37
!
interface GigabitEthernet3/38
!
interface GigabitEthernet3/39
switchport access vlan 88
switchport mode access
!
interface GigabitEthernet3/40
switchport access vlan 88
switchport mode access
!
interface GigabitEthernet3/41
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet3/42
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet3/43
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet3/44
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet3/45
switchport access vlan 89
switchport mode access
!
interface GigabitEthernet3/46
switchport access vlan 89
switchport mode access
!
interface GigabitEthernet3/47
switchport access vlan 89
switchport mode access
!
interface GigabitEthernet3/48
switchport access vlan 89
switchport mode access
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip access-group vlan2_access in
standby ip 192.168.1.3
standby priority 200
standby preempt
!
interface Vlan3
no ip address
shutdown
!
interface Vlan4
ip address 192.168.3.1 255.255.255.0
ip access-group vlan4_access in
standby ip 192.168.3.3
standby priority 180
standby preempt
!
interface Vlan87
ip address 192.168.87.1 255.255.255.0
standby ip 192.168.87.3
standby priority 200
standby preempt
!
interface Vlan88
ip address 192.168.88.1 255.255.255.0
standby ip 192.168.88.3
standby priority 200
standby preempt
!
interface Vlan89
ip address 192.168.89.1 255.255.255.0
ip access-group capital in
standby ip 192.168.89.3
standby priority 180
standby preempt
!
interface Vlan90
ip address 192.168.90.1 255.255.255.0
ip access-group report in
standby ip 192.168.90.3
standby priority 200
standby preempt
!
router rip
version 2
redistribute static
network 192.168.1.0
network 192.168.3.0
network 192.168.87.0
network 192.168.88.0
network 192.168.89.0
network 192.168.90.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.211
no ip http server
!
!
!
ip access-list extended bacup
permit ip host 192.168.88.228 any
permit tcp host 192.168.88.228 any
permit icmp any any
permit ip 192.168.88.0 0.0.0.255 host 192.168.1.230
permit ip 192.168.88.0 0.0.0.255 host 192.168.1.231
permit ip 194.168.88.0 0.0.0.255 host 192.168.1.232
ip access-list extended capital
permit ip 192.168.89.0 0.0.0.255 192.168.89.0 0.0.0.255
permit ip 192.168.89.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.89.0 0.0.0.255
permit ip 192.168.89.0 0.0.0.255 host 192.168.88.228
permit ip 192.168.89.0 0.0.0.255 host 192.168.1.230
permit ip 192.168.89.0 0.0.0.255 host 192.168.1.231
permit ip 192.168.89.0 0.0.0.255 host 192.168.1.232
permit ip 192.168.89.0 0.0.0.255 host 192.168.2.94
permit ip host 192.168.2.94 192.168.89.0 0.0.0.255
permit icmp host 192.168.2.94 192.168.89.0 0.0.0.255
permit tcp host 192.168.2.94 192.168.89.0 0.0.0.255
ip access-list extended report
permit ip 192.168.90.0 0.0.0.255 192.168.90.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.90.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 host 192.168.88.228
permit ip 192.168.90.0 0.0.0.255 host 192.168.1.230
permit ip 192.168.90.0 0.0.0.255 host 192.168.1.231
permit ip 192.168.90.0 0.0.0.255 host 192.168.1.232
permit ip 192.168.3.0 0.0.0.255 192.168.90.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 host 192.168.2.94
permit ip host 192.168.2.94 192.168.90.0 0.0.0.255
permit icmp host 192.168.2.94 192.168.90.0 0.0.0.255
permit tcp host 192.168.2.94 192.168.90.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 192.168.90.0 0.0.0.255
ip access-list extended valn2_access
ip access-list extended vlan2_access
permit icmp host 192.168.1.223 192.168.3.0 0.0.0.255
permit ip host 192.168.1.223 192.168.3.0 0.0.0.255
permit ip host 192.168.2.94 192.168.89.0 0.0.0.255
permit tcp host 192.168.2.94 192.168.89.0 0.0.0.255
permit icmp host 192.168.2.94 192.168.89.0 0.0.0.255
permit tcp host 192.168.1.223 192.168.3.0 0.0.0.255
permit tcp host 192.168.1.223 192.168.88.0 0.0.0.255
permit tcp host 192.168.1.230 192.168.89.0 0.0.0.255 eq telnet
permit tcp host 192.168.1.230 192.168.89.0 0.0.0.255 eq ftp
permit ip host 192.168.2.94 192.168.90.0 0.0.0.255
permit tcp host 192.168.2.94 192.168.90.0 0.0.0.255
permit icmp host 192.168.2.94 192.168.90.0 0.0.0.255
permit tcp host 192.168.1.231 192.168.89.0 0.0.0.255 eq telnet
permit tcp host 192.168.1.231 192.168.89.0 0.0.0.255 eq ftp
permit tcp host 192.168.1.232 192.168.89.0 0.0.0.255 eq telnet
permit tcp host 192.168.1.232 192.168.89.0 0.0.0.255 eq ftp
deny   icmp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
deny   icmp 192.168.2.0 0.0.0.255 192.168.89.0 0.0.0.255
deny   tcp 192.168.1.0 0.0.0.255 192.168.89.0 0.0.0.255 eq telnet
deny   tcp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 eq telnet
deny   tcp 192.168.2.0 0.0.0.255 192.168.89.0 0.0.0.255 eq telnet
deny   tcp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 eq telnet
permit ip any any
ip access-list extended vlan4_access
permit icmp 192.168.3.0 0.0.0.255 host 192.168.1.223
permit ip 192.168.3.0 0.0.0.255 host 192.168.1.223
permit tcp 192.168.3.0 0.0.0.255 host 192.168.1.223
deny   icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
deny   icmp 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
deny   tcp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 eq telnet
deny   tcp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 eq ftp
deny   tcp 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 eq ftp
deny   tcp 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 eq telnet
permit ip 192.168.3.0 0.0.0.255 host 192.168.1.230
permit ip 192.168.3.0 0.0.0.255 host 192.168.1.231
permit ip 192.168.3.0 0.0.0.255 host 192.168.1.232
permit ip any any
!
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq ftp
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq smtp
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq pop3
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 104 permit tcp 192.168.3.0 0.0.0.255 any eq www
access-list 104 permit tcp 192.168.3.0 0.0.0.255 any eq ftp
access-list 104 permit tcp 192.168.3.0 0.0.0.255 any eq smtp
access-list 104 permit ip 192.168.3.0 0.0.0.255 any
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.87.0 0.0.0.255
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.88.0 0.0.0.255
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.89.0 0.0.0.255
access-list 199 deny   ip 192.168.1.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 199 permit ip 192.168.1.0 0.0.0.255 any
access-list 199 permit ip 192.168.2.0 0.0.0.255 any
access-list 199 permit ip 192.168.3.0 0.0.0.255 any
!
!
!
line con 0
stopbits 1
line vty 0 4
password cisco
login
!
end
CEC_CAT_1#


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/5521/showart_79424.html