RM新时代网站-首页

您好,歡迎來電子發(fā)燒友網(wǎng)! ,新用戶?[免費注冊]

您的位置:電子發(fā)燒友網(wǎng)>電子百科>網(wǎng)絡(luò)>路由器>

CISCO路由器之廣域網(wǎng)協(xié)議設(shè)置

2010年04月01日 13:42 hljzzgx.com 作者:佚名 用戶評論(0
關(guān)鍵字:路由器(110175)

CISCO路由器之廣域網(wǎng)協(xié)議設(shè)置

一、HDLC

HDLC是CISCO路由器使用的缺省協(xié)議,一臺新路由器在未指定封裝協(xié)議時默認(rèn)使用HDLC封裝。

1. ?????? 有關(guān)命令

端口設(shè)置

任務(wù)

命令

設(shè)置HDLC封裝

encapsulation hdlc

設(shè)置DCE端線路速度

clockrate speed

復(fù)位一個硬件接口

clear interface serial unit

顯示接口狀態(tài)

show interfaces serial [unit] 1

注:1.以下給出一個顯示Cisco同步串口狀態(tài)的例子.

Router#show interface serial 0

Serial 0 is up, line protocol is up

Hardware is MCI Serial

Internet address is 150.136.190.203, subnet mask is 255.255.255.0

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Last input 0:00:07, output 0:00:00, output hang never

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

Five minute input rate 0 bits/sec, 0 packets/sec

Five minute output rate 0 bits/sec, 0 packets/sec

16263 packets input, 1347238 bytes, 0 no buffer

Received 13983 broadcasts, 0 runts, 0 giants

2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 2 abort

22146 packets output, 2383680 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets, 0 restarts

1 carrier transitions???????

2. ?????? 舉例


設(shè)置如下:

Router1:

interface Serial0

?ip address 192.200.10.1 255.255.255.0

?clockrate 1000000

Router2:

interface Serial0

?ip address 192.200.10.2 255.255.255.0

!

3. ???? 舉例使用E1線路實現(xiàn)多個64K專線連接.

相關(guān)命令:

任務(wù)

命令

進入controller配置模式

controller {t1 | e1} number

選擇幀類型

?framing {crc4 | no-crc4}

選擇line-code類型

?linecode {ami | b8zs | hdb3}

建立邏輯通道組與時隙的映射

?channel-group number timeslots range1

顯示controllers接口狀態(tài)

show controllers e1 [slot/port]2

注: 1. 當(dāng)鏈路為T1時,channel-group編號為0-23, Timeslot范圍1-24; 當(dāng)鏈路為E1時, channel-group編號為0-30, Timeslot范圍1-31.?

2.使用show controllers e1觀察controller狀態(tài),以下為幀類型為crc4時controllers正常的狀態(tài).

Router# show controllers e1

e1 0/0 is up.

Applique type is Channelized E1 - unbalanced

Framing is CRC4, Line Code is HDB3? No alarms detected.

Data in current interval (725 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Total Data (last 24 hours)???? 0 Line Code Violations, 0 Path Code Violations,

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,

? 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

以下例子為E1連接3條64K專線, 幀類型為NO-CRC4,非平衡鏈路,路由器具體設(shè)置如下:

shanxi#wri t

Building configuration...

Current configuration:

!

version 11.2

no service udp-small-servers

no service tcp-small-servers

!

hostname shanxi

!

enable secret 5 $1$XN08$Ttr8nfLoP9.2RgZhcBzkk/

enable password shanxi

!

!

ip subnet-zero

!

controller E1 0

framing NO-CRC4

channel-group 0 timeslots 1

channel-group 1 timeslots 2

channel-group 2 timeslots 3

!

interface Ethernet0

ip address 133.118.40.1 255.255.0.0

media-type 10BaseT

!

interface Ethernet1

no ip address

shutdown

!

interface Serial0:0

ip address 202.119.96.1 255.255.255.252

no ip mroute-cache

!

interface Serial0:1

ip address 202.119.96.5 255.255.255.252

no ip mroute-cache

!

interface Serial0:2

ip address 202.119.96.9 255.255.255.252

no ip mroute-cache

!

no ip classless

ip route 133.210.40.0 255.255.255.0 Serial0:0

ip route 133.210.41.0 255.255.255.0 Serial0:1

ip route 133.210.42.0 255.255.255.0 Serial0:2

!

line con 0

line aux 0

line vty 0 4

password shanxi

login

!

end

二、PPP

PPP(Point-to-Point Protocol)是SLIP(Serial Line IP protocol)的繼承者,它提供了跨過同步和異步電路實現(xiàn)路由器到路由器(router-to-router)和主機到網(wǎng)絡(luò)(host-to-network)的連接。

CHAP(Challenge Handshake Authentication Protocol)和PAP(Password Authentication Protocol) (PAP)通常被用于在PPP封裝的串行線路上提供安全性認(rèn)證。使用CHAP和PAP認(rèn)證,每個路由器通過名字來識別,可以防止未經(jīng)授權(quán)的訪問。

CHAP和PAP在RFC 1334上有詳細(xì)的說明。

1. ?????? 有關(guān)命令

端口設(shè)置

任務(wù)

命令

設(shè)置PPP封裝

encapsulation ppp1

設(shè)置認(rèn)證方法

ppp authentication {chap | chap pap | pap chap | pap} [if-needed] [list-name | default] [callin]

指定口令

username name password secret

設(shè)置DCE端線路速度

clockrate speed

注:1、要使用CHAP/PAP必須使用PPP封裝。在與非Cisco路由器連接時,一般采用PPP封裝,其它廠家路由器一般不支持Cisco的HDLC封裝協(xié)議。 ?

2. ?????? 舉例

路由器Router1和Router2的S0口均封裝PPP協(xié)議,采用CHAP做認(rèn)證,在Router1中應(yīng)建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應(yīng)為router2。同時在Router2中應(yīng)建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應(yīng)為router1。所建的這兩用戶的password必須相同。

?
設(shè)置如下:

Router1:

hostname router1

username router2 password xxx

interface Serial0

ip address 192.200.10.1 255.255.255.0

clockrate 1000000

ppp authentication chap

!

Router2:

hostname router2

username router1 password xxx

interface Serial0

ip address 192.200.10.2 255.255.255.0

ppp authentication chap

三、x.25

1. ?????? X25技術(shù)

X.25規(guī)范對應(yīng)OSI三層,X.25的第三層描述了分組的格式及分組交換的過程。X.25的第二層由LAPB(Link Access Procedure, Balanced)實現(xiàn),它定義了用于DTE/DCE連接的幀格式。X.25的第一層定義了電氣和物理端口特性。

X.25網(wǎng)絡(luò)設(shè)備分為數(shù)據(jù)終端設(shè)備(DTE)、數(shù)據(jù)電路終端設(shè)備(DCE)及分組交換設(shè)備(PSE)。DTE是X.25的末端系統(tǒng),如終端、計算機或網(wǎng)絡(luò)主機,一般位于用戶端,Cisco路由器就是DTE設(shè)備。DCE設(shè)備是專用通信設(shè)備,如調(diào)制解調(diào)器和分組交換機。PSE是公共網(wǎng)絡(luò)的主干交換機。

X.25定義了數(shù)據(jù)通訊的電話網(wǎng)絡(luò),每個分配給用戶的x.25 端口都具有一個x.121地址,當(dāng)用戶申請到的是SVC(交換虛電路)時,x.25一端的用戶在訪問另一端的用戶時,首先將呼叫對方x.121地址,然后接收到呼叫的一端可以接受或拒絕,如果接受請求,于是連接建立實現(xiàn)數(shù)據(jù)傳輸,當(dāng)沒有數(shù)據(jù)傳輸時掛斷連接,整個呼叫過程就類似我們撥打普通電話一樣,其不同的是x.25可以實現(xiàn)一點對多點的連接。其中x.121地址、htc均必須與x.25服務(wù)提供商分配的參數(shù)相同。X.25 PVC(永久虛電路),沒有呼叫的過程,類似DDN專線。

2. ?????? 有關(guān)命令:

任務(wù)

命令

設(shè)置X.25封裝

encapsulation x25 [dce]

設(shè)置X.121地址

x25 address x.121-address

設(shè)置遠(yuǎn)方站點的地址映射

x25 map protocol address [protocol2 address2[...[protocol9 address9]]] x121-address [option]

設(shè)置最大的雙向虛電路數(shù)

x25 htc citcuit-number1

設(shè)置一次連接可同時建立的虛電路數(shù)

x25 nvc count2

設(shè)置x25在清除空閑虛電路前的等待周期

x25 idle minutes

重新啟動x25,或清一個svc,啟動一個pvc相關(guān)參數(shù)

clear x25 {serial number | cmns-interface mac-address} [vc-number] 3

清x25虛電路

clear x25-vc

顯示接口及x25相關(guān)信息

show interfaces serial

show x25 interface

show x25 map

show x25 vc

注:1、虛電路號從1到4095,Cisco路由器默認(rèn)為1024,國內(nèi)一般分配為16。

?? 2、虛電路計數(shù)從1到8,缺省為1。

?? 3、在改變了x.25各層的相關(guān)參數(shù)后,應(yīng)重新啟動x25(使用clear x25 {serial number | cmns-interface mac-address} [vc-number]或clear x25-vc命令),否則新設(shè)置的參數(shù)可能不能生效。同時應(yīng)對照服務(wù)提供商對于x.25交換機端口的設(shè)置來配置路由器的相關(guān)參數(shù),若出現(xiàn)參數(shù)不匹配則可能會導(dǎo)致連接失敗或其它意外情況。

3. ?????? 實例:

3.1. 在以下實例中每二個路由器間均通過svc實現(xiàn)連接。

路由器設(shè)置如下:

Router1:

interface Serial0

??? encapsulation x25

??? ip address 192.200.10.1 255.255.255.0

??? x25 address 110101

??? x25 htc 16

??? x25 nvc 2

??? x25 map ip 192.200.10.2 110102 broadcast

??? x25 map ip 192.200.10.3 110103 broadcast

!

Router2:

interface Serial0

??? encapsulation x25

??? ip address 192.200.10.2 255.255.255.0

??? x25 address 110102

??? x25 htc 16

??? x25 nvc 2

??? x25 map ip 192.200.10.1 110101 broadcast

??? x25 map ip 192.200.10.3 110103 broadcast

!

Router:

interface Serial0

??? encapsulation x25

??? ip address 192.200.10.3 255.255.255.0

??? x25 address 110103

??? x25 htc 16

??? x25 nvc 2

??? x25 map ip 192.200.10.1 110101 broadcast

??? x25 map ip 192.200.10.2 110102 broadcast

!

相關(guān)調(diào)試命令:

clear x25-vc

show interfaces serial

show x25 map

show x25 route

show x25 vc

3.2. 在以下實例中路由器router1和router2均通過svc與router連接,但router1和router2不通過svc直接連接,此三個路由器的串口運行RIP路由協(xié)議,使用了子接口的概念。由于使用子接口,router1和router2均學(xué)習(xí)到了訪問對方局域網(wǎng)的路徑,若不使用子接口,router1和router2將學(xué)不到到對方局域網(wǎng)的路由。

子接口(Subinterface)是一個物理接口上的多個虛接口,可以用于在同一個物理接口上連接多個網(wǎng)。我們知道為了避免路由循環(huán),路由器支持split horizon法則,它只允許路由更新被分配到路由器的其它接口,而不會再分配路由更新回到此路由被接收的接口。

無論如何,在廣域網(wǎng)環(huán)境使用基于連接的接口(象 X.25和Frame Relay),同一接口通過虛電路(vc)連接多臺遠(yuǎn)端路由器時,從同一接口來的路由更新信息不可以再被發(fā)回到相同的接口,除非強制使用分開的物理接口連接不同的路由器。Cisco提供子接口(subinterface)作為分開的接口對待。你可以將路由器邏輯地連接到相同物理接口的不同子接口, 這樣來自不同子接口的路由更新就可以被分配到其他子接口,同時又滿足split horizon法則。

Router1:

interface Serial0

encapsulation x25

ip address 192.200.10.1 255.255.255.0

x25 address 110101

x25 htc 16

x25 nvc 2

x25 map ip 192.200.10.3 110103 broadcast

!

router rip

network 192.200.10.0

!

Router2:

interface Serial0

encapsulation x25

ip address 192.200.11.2 255.255.255.0

x25 address 110102

x25 htc 16

?x25 nvc 2

x25 map ip 192.200.11.3 110103 broadcast

!

router rip

network 192.200.11.0

!

Router:

interface Serial0

encapsulation x25

x25 address 110103

x25 htc 16

x25 nvc 2

!

interface Serial0.1 point-to-point

ip address 192.200.10.3 255.255.255.0

x25 map ip 192.200.10.1 110101 broadcast

!

interface Serial0.2 point-to-point

ip address 192.200.11.3 255.255.255.0

x25 map ip 192.200.11.2 110102 broadcast

!

router rip

network 192.200.10.0

network 192.200.11.0

!

四、Frame Relay

1. ???? 幀中繼技術(shù)


幀中繼是一種高性能的WAN協(xié)議,它運行在OSI參考模型的物理層和數(shù)據(jù)鏈路層。它是一種數(shù)據(jù)包交換技術(shù),是X.25的簡化版本。它省略了X.25的一些強健功能,如提供窗口技術(shù)和數(shù)據(jù)重發(fā)技術(shù),而是依靠高層協(xié)議提供糾錯功能,這是因為幀中繼工作在更好的WAN設(shè)備上,這些設(shè)備較之X.25的WAN設(shè)備具有更可靠的連接服務(wù)和更高的可靠性,它嚴(yán)格地對應(yīng)于OSI參考模型的最低二層,而X.25還提供第三層的服務(wù),所以,幀中繼比X.25具有更高的性能和更有效的傳輸效率。

幀中繼廣域網(wǎng)的設(shè)備分為數(shù)據(jù)終端設(shè)備(DTE)和數(shù)據(jù)電路終端設(shè)備(DCE),Cisco路由器作為 DTE設(shè)備。

幀中繼技術(shù)提供面向連接的數(shù)據(jù)鏈路層的通信,在每對設(shè)備之間都存在一條定義好的通信鏈路,且該鏈路有一個鏈路識別碼。這種服務(wù)通過幀中繼虛電路實現(xiàn),每個幀中繼虛電路都以數(shù)據(jù)鏈路識別碼(DLCI)標(biāo)識自己。DLCI的值一般由幀中繼服務(wù)提供商指定。幀中繼即支持PVC也支持SVC。

幀中繼本地管理接口(LMI)是對基本的幀中繼標(biāo)準(zhǔn)的擴展。它是路由器和幀中繼交換機之間信令標(biāo)準(zhǔn),提供幀中繼管理機制。它提供了許多管理復(fù)雜互聯(lián)網(wǎng)絡(luò)的特性,其中包括全局尋址、虛電路狀態(tài)消息和多目發(fā)送等功能。 ?

2. ?????? 有關(guān)命令:?

端口設(shè)置

任務(wù)

命令

設(shè)置Frame Relay封裝

encapsulation frame-relay[ietf] 1

設(shè)置Frame Relay LMI類型

frame-relay lmi-type {ansi | cisco | q933a}2

設(shè)置子接口

interface interface-type interface-number.subinterface-number [multipoint|point-to-point]

映射協(xié)議地址與DLCI

frame-relay map protocol protocol-address dlci [broadcast]3

設(shè)置FR DLCI編號

frame-relay interface-dlci dlci [broadcast]

注:1.若使Cisco路由器與其它廠家路由設(shè)備相連,則使用Internet工程任務(wù)組(IETF)規(guī)定的幀中繼封裝格式。

2.從Cisco IOS版本11.2開始,軟件支持本地管理接口(LMI)“自動感覺”, “自動感覺”使接口能確定交換機支持的LMI類型,用戶可以不明確配置LMI接口類型。

3.broadcast選項允許在幀中繼網(wǎng)絡(luò)上傳輸路由廣播信息。

3. ?????? 幀中繼point to point配置實例:?


Router1:

interface serial 0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 172.16.1.1 255.255.255.0

frame-reply interface-dlci 105

!

interface serial 0.2 point-to-point

ip address 172.16.2.1 255.255.255.0

frame-reply interface-dlci 102

!

interface serial 0.3 point-to-point

ip address 172.16.4.1 255.255.255.0

frame-reply interface-dlci 104

!

Router2:

interface serial 0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 172.16.2.2 255.255.255.0

frame-reply interface-dlci 201

!

interface serial 0.2 point-to-point

ip address 172.16.3.1 255.255.255.0

frame-reply interface-dlci 203

!

相關(guān)調(diào)試命令:

show frame-relay lmi

show frame-relay map

show frame-relay pvc

show frame-relay route

show interfaces serial

go top

4. ?????? 幀中繼 Multipoint 配置實例:


?

Router1:

interface serial 0

encapsulation frame-reply

!

interface serial 0.1 multipoint

ip address 172.16.1.2 255.255.255.0

frame-reply map ip 172.16.1.1 201 broadcast

frame-reply map ip 172.16.1.3 301 broadcast

frame-reply map ip 172.16.1.4 401 broadcast

!

Router2:

interface serial 0

encapsulation frame-reply

!

interface serial 0.1 multipoint

ip address 172.16.1.1 255.255.255.0

frame-reply map ip 172.16.1.2 102 broadcast

frame-reply map ip 172.16.1.3 102 broadcast

frame-reply map ip 172.16.1.4 102 broadcast

!

五、ISDN

1. ?????? 綜合數(shù)字業(yè)務(wù)網(wǎng)(ISDN)

綜合數(shù)字業(yè)務(wù)網(wǎng)(ISDN)由數(shù)字電話和數(shù)據(jù)傳輸服務(wù)兩部分組成,一般由電話局提供這種服務(wù)。ISDN的基本速率接口(BRI)服務(wù)提供2個B信道和1個D信道(2B+D)。BRI的B信道速率為64Kbps,用于傳輸用戶數(shù)據(jù)。D信道的速率為16Kbps,主要傳輸控制信號。在北美和日本,ISDN的主速率接口(PRI)提供23個B信道和1個D信道,總速率可達1.544Mbps,其中D信道速率為64Kbps。而在歐洲、澳大利亞等國家,ISDN的PRI提供30個B信道和1個64Kbps D信道,總速率可達2.048Mbps。我國電話局所提供ISDN PRI為30B+D。

2. ?????? 基本命令

任務(wù)

命令

設(shè)置ISDN交換類型

isdn switch-type switch-type1

接口設(shè)置

interface bri 0

設(shè)置PPP封裝

encapsulation ppp

設(shè)置協(xié)議地址與電話號碼的映射

dialer map protocol next-hop-address [name hostname] [broadcast] [dial-string]

啟動PPP多連接

ppp multilink

設(shè)置啟動另一個B通道的閾值

dialer load-threshold load

顯示ISDN有關(guān)信息

show isdn {active | history | memory | services | status [dsl | interface-type number] | timers}

注:1.交換機類型如下表,國內(nèi)交換機一般為basic-net3。

按區(qū)域分關(guān)鍵字?????????????????

交換機類型

Australia

?

basic-ts013

Australian TS013 switches

Europe

?

basic-1tr6

German 1TR6 ISDN switches

basic-nwnet3

Norway NET3 switches (phase 1)

basic-net3

NET3 ISDN switches (UK, Denmark, and other nations); covers the Euro-ISDN E-DSS1 signalling system

primary-net5

NET5 switches (UK and Europe)

vn2

French VN2 ISDN switches

vn3

French VN3 ISDN switches

Japan

?

ntt

Japanese NTT ISDN switches

primary-ntt

Japanese ISDN PRI switches

North America

?

basic-5ess

AT&T basic rate switches

basic-dms100

NT DMS-100 basic rate switches

basic-ni1

National ISDN-1 switches

primary-4ess

AT&T 4ESS switch type for the U.S. (ISDN PRI only)

primary-5ess

AT&T 5ESS switch type for the U.S. (ISDN PRI only)

primary-dms100

NT DMS-100 switch type for the U.S. (ISDN PRI only)

New Zealand

?

basic-nznet3

New Zealand Net3 switches

3. ?????? ISDN實現(xiàn)DDR(dial-on-demand routing)實例:


設(shè)置如下:

Router1:

hostname router1

user router2 password cisco

!

isdn switch-type basic-net3

!

interface bri 0

ip address 192.200.10.1 255.255.255.0

encapsulation ppp

dialer map ip 192.200.10.2 name router2 572

dialer load-threshold 80

ppp multilink

dialer-group 1

ppp authentication chap

dialer-list 1 protocol ip permit

!

Router2:

hostname router2

user router1 password cisco

!

isdn switch-type basic-net3

!

interface bri 0

ip address 192.200.10.2 255.255.255.0

encapsulation ppp

dialer map ip 192.200.10.1 name router1 571

dialer load-threshold 80?

ppp multilink

dialer-group 1

ppp authentication chap

!

dialer-list 1 protocol ip permit

!

Cisco路由器同時支持回?fù)芄δ埽覀儗⒙酚善鱎outer1作為Callback Server,Router2作為Callback Client。

與回?fù)芟嚓P(guān)命令:

任務(wù)

命令

映射協(xié)議地址和電話號碼,并在接口上使用在全局模式下定義的PPP回?fù)艿挠成漕悇e。

dialer map protocol address name hostname class classname dial-string

設(shè)置接口支持PPP回?fù)?

ppp callback accept

在全局模式下為PPP回?fù)茉O(shè)置映射類別

map-class dialer classname

通過查找注冊在dialer map里的主機名來決定回?fù)?

?dialer callback-server [username]

設(shè)置接口要求PPP回?fù)?

ppp callback request?

設(shè)置如下:

Router1:

hostname router1

user router2 password cisco

!

isdn switch-type basic-net3

!

interface bri 0

ip address 192.200.10.1 255.255.255.0

encapsulation ppp

dialer map ip 192.200.10.2 name router2 class s3 572

dialer load-threshold 80

ppp callback accept

ppp multilink

dialer-group 1

ppp authentication chap

!

map-class dialer s3

dialer callback-server username

dialer-list 1 protocol ip permit

!

Router2:

hostname router2

user router1 password cisco

!

isdn switch-type basic-net3

!

interface bri 0

ip address 192.200.10.2 255.255.255.0

encapsulation ppp

dialer map ip 192.200.10.1 name router1 571

dialer load-threshold 80

ppp callback request?

ppp multilink

dialer-group 1

ppp authentication chap

!

dialer-list 1 protocol ip permit

!

相關(guān)調(diào)試命令:

debug dialer

debug isdn event

debug isdn q921

debug isdn q931

debug ppp authentication

debug ppp error

debug ppp negotiation

debug ppp packet

show dialer

show isdn status

舉例:執(zhí)行debug dialer命令觀察router2呼叫router1,router1回?fù)躵outer2的過程.

router1#debug dialer

router2#ping 192.200.10.1

router1#

00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

00:03:50: BRI0:1:PPP callback Callback server starting to router2 572

00:03:50: BRI0:1: disconnecting call

00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

00:03:50: BRI0:1: disconnecting call

00:03:50: BRI0:1: disconnecting call

00:03:51: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up

00:03:52: callback to router2 already started

00:03:52: BRI0:2: disconnecting call

00:03:52: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down

00:03:52: BRI0:2: disconnecting call

00:03:52: BRI0:2: disconnecting call

00:04:05: : Callback timer expired

00:04:05: BRI0:beginning callback to router2 572

00:04:05: BRI0: Attempting to dial 572

00:04:05: Freeing callback to router2 572

00:04:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

00:04:05: BRI0:1: No callback negotiated

00:04:05: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

00:04:05: dialer Protocol up for Vi1

00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to up

00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, chang

ed state to up

00:04:11: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 572

#router1

4. ???? ISDN訪問首都在線263網(wǎng)實例:


本地局部網(wǎng)地址為10.0.0.0/24,屬于保留地址,通過NAT地址翻譯功能,局域網(wǎng)用戶可以通過ISDN上263網(wǎng)訪問Internet。263的ISDN電話號碼為2633,用戶為263,口令為263,所涉及的命令如下表:

任務(wù)

命令

指定接口通過PPP/IPCP地址協(xié)商獲得IP地址

ip address negotiated

指定內(nèi)部和外部端口

ip nat {inside | outside}

使用ppp/pap作認(rèn)證

ppp authentication pap callin

指定接口屬于撥號組1

dialer-group 1

定義撥號組1允許所有IP協(xié)議

dialer-list 1 protocol ip permit

設(shè)定撥號,號碼為2633

dialer string 2633?

設(shè)定登錄263的用戶名和口令

ppp pap sent-username 263 password 263

設(shè)定默認(rèn)路由

ip route 0.0.0.0 0.0.0.0 bri 0

設(shè)定符合訪問列表2的所有源地址被翻譯為bri 0所擁有的地址

ip nat inside source list 2 interface bri 0 overload

設(shè)定訪問列表2,允許所有協(xié)議

access-list 2 permit any

具體配置如下:

hostname Cisco2503

!

isdn switch-type basic-net3

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Ethernet 0

ip address 10.0.0.1 255.255.255.0

ip nat inside

no shutdown

!

interface Serial 0

shutdown

no description

no ip address

!

interface Serial 1

shutdown

no description

no ip address

!

interface bri 0

ip address negotiated

ip nat outside

encapsulation ppp

ppp authentication pap callin

ppp multilink

dialer-group 1

dialer hold-queue 10

dialer string 2633?

dialer idle-timeout 120

ppp pap sent-username 263 password 263

no cdp enable

no ip split-horizon

no shutdown

!

ip classless

!

! Static Routes

!

ip route 0.0.0.0 0.0.0.0 bri 0

!

! Access Control List 2

!

access-list 2 permit any

!

dialer-list 1 protocol ip permit

!

! Dynamic NAT

!

ip nat inside source list 2 interface bri 0 overload

snmp-server community public ro

!

line console 0

exec-timeout 0 0

!

line vty 0 4

!

end

5. ?????? Cisco765M通過ISDN撥號上263

由于Cisco765的設(shè)置命令與我們常用的Cisco路由器的命令不同,所以以下列舉了通過Cisco765上263訪問Internet的具體命令行設(shè)置步驟。

>set system c765

c765> set multidestination on

c765> set switch net3

c765> set ppp multilink on

c765> cd lan

c765:LAN> set ip routing on

c765:LAN> set ip address 10.0.0.1

c765:LAN> set ip netmask 255.0.0.0

c765:LAN> set briding off

c765:LAN>cd

c765> set user remotenet

New user remotenet being created

c765:remotenet> set ip routing on

c765:remotenet> set bridging off

c765:remotenet> set ip framing none

c765:remotenet> set ppp clientname 263

c765:remotenet> set ppp password client

Enter new Password: 263

Re-Type new Password: 263

c765:remotenet> set ppp authentication out none

c765:remotenet> set ip address 0.0.0.0

c765:remotenet> set ip netmask 0.0.0.0

c765:remotenet> set ppp address negotiation local on

c765:remotenet> set ip pat on

c765:remotenet> set ip route destination 0.0.0.0/0 gateway 0.0.0.0

c765:remotenet> set number 2633

c765:remotenet> set active

命令描述如下:

任務(wù)

命令

設(shè)置路由器系統(tǒng)名稱

set system c765

允許路由器呼叫多個目的地

set multidestination on

設(shè)置ISDN交換機類型為NET3

set switch net3

允許點到點間多條通道連接實現(xiàn)負(fù)載均衡

set ppp multilink on

關(guān)掉橋接

set briding off

建立用戶預(yù)制文件用于設(shè)置撥號連接參數(shù)- 可以設(shè)置多個用戶預(yù)制文件用于相同的物理端口對應(yīng)于不同的連接。

set user remotenet

使用PPP/IPCP

set ip framing none

設(shè)置上網(wǎng)用戶帳號

set ppp clientname 263

設(shè)置上網(wǎng)口令

set ppp password client

Enter new Password: 263

Re-Type new Password: 263

不用PPP/CHAP或PAP做認(rèn)證

set ppp authentication out none

允許地址磋商

set ppp address negotiation local on

設(shè)置地址翻譯

set ip pat on

設(shè)置默認(rèn)路由

set ip route destination 0.0.0.0/0 gateway 0.0.0.0

設(shè)置ISP的電話號碼

set number 2633

激活用戶預(yù)制文件

set active

六、PSTN

  電話網(wǎng)絡(luò)(PSTN)是目前普及程度最高、成本最低的公用通訊網(wǎng)絡(luò),它在網(wǎng)絡(luò)互連中也有廣泛的應(yīng)用。電話網(wǎng)絡(luò)的應(yīng)用一般可分為兩種類型,一種是同等級別機構(gòu)之間以按需撥號(DDR)的方式實現(xiàn)互連,一種是ISP為撥號上網(wǎng)為用戶提供的遠(yuǎn)程訪問服務(wù)的功能。

1.???? 遠(yuǎn)程訪問


1.1.Access Server基本設(shè)置:

選用Cisco2511作為訪問服務(wù)器,采用IP地址池動態(tài)分配地址.遠(yuǎn)程工作站使用WIN95撥號網(wǎng)絡(luò)實現(xiàn)連接。

全局設(shè)置:

任務(wù)

命令

設(shè)置用戶名和密碼

username username password password

設(shè)置用戶的IP地址池

ip local pool {default | pool-name low-ip-address [high-ip-address]}

指定地址池的工作方式

ip address-pool [dhcp-proxy-client | local]

基本接口設(shè)置命令:

任務(wù)

命令

設(shè)置封裝形式為PPP

encapsulation ppp

啟動異步口的路由功能

async default routing

設(shè)置異步口的PPP工作方式

async mode {dedicated | interactive}

設(shè)置用戶的IP地址

peer default ip address {ip-address | dhcp | pool [pool-name]}

設(shè)置IP地址與Ethernet0相同

ip unnumbered ethernet0

line撥號線設(shè)置:

任務(wù)

命令

設(shè)置modem的工作方式

modem {inout|dialin}

自動配置modem類型

modem autoconfig discovery

設(shè)置撥號線的通訊速率

speed speed

設(shè)置通訊線路的流控方式

flowcontrol {none | software [lock] [in | out] | hardware [in | out]}

連通后自動執(zhí)行命令

autocommand command

訪問服務(wù)器設(shè)置如下:

Router:

hostname Router

enable secret 5 $1$EFqU$tYLJLrynNUKzE4bx6fmH//

!

interface Ethernet0

ip address 10.111.4.20 255.255.255.0

!

interface Async1

ip unnumbered Ethernet0

encapsulation ppp

keepalive 10

async mode interactive

peer default ip address pool Cisco2511-Group-142

!

ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36

!

line con 0

exec-timeout 0 0

password cisco

!

line 1 16

modem InOut

modem autoconfigure discovery

flowcontrol hardware

!

line aux 0

transport input all

line vty 0 4

password cisco

!

end ?

相關(guān)調(diào)試命令:

show interface

show line

1.2.?????? Access Server通過Tacacs服務(wù)器實現(xiàn)安全認(rèn)證:

使用一臺WINDOWS NT服務(wù)器作為Tacacs服務(wù)器,地址為10.111.4.2,運行Cisco2511隨機帶的Easy ACS 1.0軟件實現(xiàn)用戶認(rèn)證功能.

相關(guān)設(shè)置:

任務(wù)

命令

激活A(yù)AA訪問控制

aaa new-model

用戶登錄時默認(rèn)起用Tacacs+做AAA認(rèn)證

aaa authentication login default tacacs+

列表名為no_tacacs使用ENABLE口令做認(rèn)證

aaa authentication login no_tacacs enable

在運行PPP的串行線上采用Tacacs+做認(rèn)證

aaa authentication ppp default tacacs+

由TACACS+服務(wù)器授權(quán)運行EXEC

aaa authorization exec tacacs+

由TACACS+服務(wù)器授權(quán)與網(wǎng)絡(luò)相關(guān)的服務(wù)請求。

aaa authorization network tacacs+

為EXEC會話運行記帳.進程開始和結(jié)束時發(fā)通告給TACACS+服務(wù)器。

aaa accounting exec start-stop tacacs+

為與網(wǎng)絡(luò)相關(guān)的服務(wù)需求運行記帳包括SLIP,PPP,PPP NCPs,ARAP等.在進程開始和結(jié)束時發(fā)通告給TACACS+服務(wù)器。

aaa accounting network start-stop tacacs+

指定Tacacs服務(wù)器地址

tacacs-server host 10.111.4.2

在Tacacs+服務(wù)器和訪問服務(wù)器設(shè)定共享的關(guān)鍵字,訪問服務(wù)器和Tacacs+服務(wù)器使用這個關(guān)鍵字去加密口令和響應(yīng)信息。這里使用tac作為關(guān)鍵字。

tacacs-server key tac

訪問服務(wù)器設(shè)置如下:

hostname router

!

aaa new-model

aaa authentication login default tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default tacacs+

aaa authorization exec tacacs+

aaa authorization network tacacs+

aaa accounting exec start-stop tacacs+

aaa accounting network start-stop tacacs+

enable secret 5 $1$kN4g$CvS4d2.rJzWntCnn/0hvE0

!

interface Ethernet0

?ip address 10.111.4.20 255.255.255.0

!

interface Serial0

no ip address

shutdown

interface Serial1

no ip address

shutdown

!

interface Group-Async1

ip unnumbered Ethernet0

encapsulation ppp

async mode interactive

peer default ip address pool Cisco2511-Group-142

no cdp enable

group-range 1 16

!

ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36

tacacs-server host 10.111.4.2

tacacs-server key tac

!

line con 0

exec-timeout 0 0

password cisco

login authentication no_tacacs?

line 1 16

login authentication tacacs

modem InOut

modem autoconfigure type usr_courier

autocommand ppp

transport input all

stopbits 1

rxspeed 115200

txspeed 115200

flowcontrol hardware

line aux 0

transport input all

line vty 0 4

password cisco

!

end

2.????? DDR(dial-on-demand routing)實例


此例通過Cisco 2500系列路由器的aux端口實現(xiàn)異步撥號DDR連接。Router1撥號連接到Router2。其中采用PPP/CHAP做安全認(rèn)證,在Router1中應(yīng)建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應(yīng)為Router2。同時在Router2中應(yīng)建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應(yīng)為Router1。所建的這兩用戶的password必須相同。

相關(guān)命令如下:

任務(wù)

命令

設(shè)置路由器與modem的接口指令

chat-script script-name EXPECT SEND EXPECT SEND (etc.)

設(shè)置端口在掛斷前的等待時間

dialer idle-timeout seconds

設(shè)置協(xié)議地址與電話號碼的映射

dialer map protocol next-hop-address [name hostname] [broadcast] [modem-script

modem-regexp] [system-script system-regexp] [dial-string]

設(shè)置電話號碼

dialer string dial-string

指定在特定線路下路由器默認(rèn) 使用的chat-script

script {dialer|reset} script-name

Router1:

hostname Router1

!

enable secret 5 $1$QKI7$wXjpFqC74vDAyKBUMallw/

!

username Router2 password cisco

chat-script cisco-default? "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c

!

interface Ethernet0

ip address 10.0.0.1 255.255.255.0

!

interface Async1

ip address 192.200.10.1 255.255.255.0

encapsulation ppp

async default routing

async mode dedicated

dialer in-band

dialer idle-timeout 60

dialer map ip 192.200.10.2 name Router2 modem-script cisco-default 573

dialer-group 1

ppp authentication chap

!

ip route 10.0.1.0 255.255.255.0 192.200.10.2

dialer-list 1 protocol ip permit???

!

line con 0

line aux 0

modem InOut

modem autoconfigure discovery

flowcontrol hardware ??????????????????????????????????????????????????????????????????????????


Router2:

hostname Router2

!

enable secret 5 $1$F6EV$5U8puzNt2/o9g.t56PXHo.

!

username Router1 password cisco

!

interface Ethernet0

ip address 10.0.1.1 255.255.255.0

!

interface Async1

ip address 192.200.10.2 255.255.255.0

encapsulation ppp

async default routing

async mode dedicated

dialer in-band

dialer idle-timeout 60

dialer map ip 192.200.10.1 name Router1

dialer-group 1

ppp authentication chap

!

ip route 10.0.0.0 255.255.255.0 192.200.10.1

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

modem InOut

modem autoconfigure discovery

flowcontrol hardware

!

相關(guān)調(diào)試命令:

debug dialer

debug ppp authentication

debug ppp error

debug ppp negotiation

debug ppp packet

show dialer ???

3.??????? 異步撥號備份DDN專線:


?? 此例主連接采用DDN專線,備份線路為電話撥號。當(dāng)DDN專線連接正常時,主端口S0狀態(tài)為up,line protocol亦為up,則備份線路狀態(tài)為standby,line protocol為down,此時所有通信均通過主接口進行。當(dāng)主接口連接發(fā)生故障時,端口狀態(tài)為down,則激活備份接口,完成數(shù)據(jù)通信。此方法不適合為X.25做備份。因為,配置封裝為X.25的接口只要和X.25交換機之間的連接正常其接口及l(fā)ine protocol的狀態(tài)亦為 up,它并不考慮其它地方需與之通信的路由器的狀態(tài)如何,所以若本地路由器狀態(tài)正常,而對方路由器連接即使發(fā)生故障,本地也不會激活備份線路。例4將會描述如何為X.25做撥號備份。?


以下是相關(guān)命令:

任務(wù)

命令

指定主線路改變后,次線路狀態(tài)發(fā)生改變的延遲時間

backup delay {enable-delay | never} {disable-delay | never}

指定一個接口作為備份接口

backup interface type number

hostname c2522rb

!

enable secret 5 $1$J5vn$ceYDe2FwPhrZi6qsIIz6g0

enable password cisco

!

username c4700 password 0 cisco

ip subnet-zero

chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c

chat-script reset atz

!

interface Ethernet0

ip address 16.122.51.254 255.255.255.0

no ip mroute-cache

!

interface Serial0

backup delay 10 10

backup interface Serial2

ip address 16.250.123.18 255.255.255.252

no ip mroute-cache

no fair-queue

!

interface Serial1

no ip address

no ip mroute-cache

shutdown

!

interface Serial2

physical-layer async

ip address 16.249.123.18 255.255.255.252

encapsulation ppp

async mode dedicated

dialer in-band

dialer idle-timeout 60

dialer map ip 16.249.123.17 name c4700 6825179

dialer-group 1

ppp authentication chap

!

interface Serial3

no ip address

shutdown

no cdp enable

!

interface Serial4

no ip address

shutdown

no cdp enable

!

interface Serial5

no ip address

no ip mroute-cache

shutdown

!

interface Serial6

no ip address

no ip mroute-cache

shutdown

!

interface Serial7

no ip address

no ip mroute-cache

shutdown

!

interface Serial8

no ip address

no ip mroute-cache

shutdown

!

interface Serial9

no ip address

no ip mroute-cache

shutdown

!

interface BRI0

no ip address

no ip mroute-cache

shutdown

!

router eigrp 200

network 16.0.0.0

!

ip classless

!

dialer-list 1 protocol ip permit

!

line con 0

line 2

script dialer cisco-default

script reset reset

modem InOut

modem autoconfigure discovery

rxspeed 38400

txspeed 38400

flowcontrol hardware

line aux 0

line vty 0 4

password cisco

login

!

end

c2522rb#

4.?????? 異步撥號備份X.25:


??
?? 設(shè)置X.25的撥號備份,首先X.25連接的端口必須運行動態(tài)路由協(xié)議,異步撥號口必須使用靜態(tài)路由.本例選擇EIGRP作為路由選擇協(xié)議,將靜態(tài)路由的Metric的值設(shè)置為200,由于EIGRP的默認(rèn)Metric為90,所以當(dāng)同時有兩條路徑通往同一網(wǎng)段時,其中Metric值小的路徑生效,而當(dāng)X.25連接出現(xiàn)問題時,路由器無法通過路由協(xié)議學(xué)習(xí)到路由表,則此時靜態(tài)路由生效,訪問通過撥號端口實現(xiàn)。當(dāng)X.25連接恢復(fù)正常時,路由器又可以學(xué)習(xí)到路由表,則由于 Metric值的不同,靜態(tài)路由自動被動態(tài)路由所代替,這樣就實現(xiàn)了備份的功能。

路由器Router1配置如下:

hostname router1

!

enable secret 5 $1$UTvD$99YiY2XsRMxHudcYeHn.Y.

enable password cisco

!

username router2 password cisco

ip subnet-zero

chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c

chat-script reset atz

interface Ethernet0

ip address 202.96.38.100 255.255.255.0

!

interface Serial0

ip address 202.96.0.1 255.255.255.0

encapsulation x25

x25 address 10112227

x25 htc 16

x25 map ip 202.96.0.2 10112225 broadcast

!

interface Serial1

no ip address

shutdown

!

!

interface Async 1

ip address 202.96.1.1 255.255.255.252

encapsulation ppp

dialer in-band

dialer idle-timeout 60

dialer map ip 202.96.1.2 name router2 modem-script cisco-default 2113470

dialer-group 1

ppp authentication chap

!

router eigrp 200

redistribute connected

network 202.96.0.0

!

ip route 202.96.37.0 255.255.255.0 202.96.1.2 200

dialer-list 1 protocol ip permit

line con 0

line aux 0

script dialer cisco-default

script reset reset

modem InOut

modem autoconfigure discovery

transport input all

rxspeed 38400

txspeed 38400

flowcontrol hardware

line vty 0 4

password cisco

login

!

end

路由器Router2配置如下:

hostname router2

!

enable secret 5 $1$T4IU$2cIqak8f/E4Ug6dLT0k.J0

enable password cisco

!

username router1 password cisco

ip subnet-zero

chat-script cisco-default "" "AT" TIMEOUT 30 OK "ATDT \T" TIMEOUT 30 CONNECT \c

chat-script reset atz

!

interface Ethernet0

ip address 202.96.37.100 255.255.255.0

!

interface Serial0

ip address 202.96.0.2 255.255.255.0

no ip mroute-cache

encapsulation x25

x25 address 10112225

x25 htc 16

x25 map ip 202.96.0.1 10112227 broadcast

!

interface Serial1

no ip address

shutdown

!

interface Async1

ip address 202.96.1.2 255.255.255.252

encapsulation ppp

keepalive 30

async default routing

async mode dedicated

dialer in-band

dialer idle-timeout 60

dialer wait-for-carrier-time 120

dialer map ip 202.96.1.1 name router1 modem-script cisco-default 2113469

dialer-group 1

ppp authentication chap

!

router eigrp 200

redistribute static

network 202.96.0.0

!

no ip classless

ip route 202.96.38.0 255.255.255.0 202.96.1.1 200

dialer-list 1 protocol ip permit

!

line con 0

exec-timeout 0 0

line aux 0

script reset reset

modem InOut

modem autoconfigure discovery

transport input all

rxspeed 38400

txspeed 38400

flowcontrol hardware

line vty 0 4

password cisco

login

!

end

非常好我支持^.^

(0) 0%

不好我反對

(0) 0%

( 發(fā)表人:admin )

      發(fā)表評論

      用戶評論
      評價:好評中評差評

      發(fā)表評論,獲取積分! 請遵守相關(guān)規(guī)定!

      ?
      RM新时代网站-首页