Пользователь по умолчанию:
admin:passwordПрименение настроек:
commit #Временно на 5 минут
confirm #На всегда. Но сначала всё ещё надо прописать commitПосмотреть running config
show running-configБинд физических интерфейсов:
debug
show nic
nic bind mac <MAC> <gi1/0/1>Добавить маршрут по умолчанию:
configure
ip route 0.0.0.0/0 192.168.102.68Создание зон:
configure
security zone trusted
ex
security zone untrusted
exНастройка интерфейсов:
configure
interface gi1/0/1
description WAN
ip address 192.168.100.241/24
security-zone untrusted
ex
interface gi1/0/2
description LAN
ip address 192.168.102.65/27
security-zone trusted
exРазделение сетей на объектные подгруппы:
configure
object-group network LAN
ip address-range 192.168.102.65-192.168.102.94
ip address-range 192.168.102.97-192.168.102.126
ex
object-group network WAN
ip address-range 192.168.100.254 #Шлюз
exНастройка nat:
configure
security zone-pair trusted untrusted
rule 1
match source-address LAN
action permit
enable
ex
ex
nat sourсe
pool WAN
ip address-range 192.168.100.241
ex
ruleset SNAT
to zone untrusted
rule 1
match source-address LAN
action source-nat pool WAN
enable
ex
exНастройка dhcp-server:
configure
ip dhcp-server pool LAN
network 10.0.0.0/24
address-range 10.0.0.100-10.0.0.200
excluded-address-range 10.0.0.150
address 10.0.0.150 mac-address <mac>
default-router 10.0.0.1
default-server 1.1.1.1
ex
object-group service dhcp_server
port-range 67
ex
object-group service dhcp_client
port-range 68
ex
security zone-pair trusted self
rule 1
match protocol udp
match source-port dhcp_client
match destination-port dhcp_server
action permit
enable
ex
ex
ip dhcp-server #Что бы включить dhcp-server Настройка dhcp-relay:
configure
ip dhcp-relay #Что бы включить dhcp-relay
interface
ip helper-address 10.0.0.10 Настройrа gre+ospf туннеля:
configure
tunnel gre 1
ttl 16
security-zone WAN
local address 10.1.0.1
remote address 10.2.0.1
ip address 10.10.10.1/24
enable
exit
security ike proposal ike_prop1
authentication algorithm md5
encryption algorithm aes128
dh-group 2
exit
security ike policy ike_pol1
pre-shared-key ascii-text changeme
proposal ike_prop1
exit
security ike gateway ike_gw1
ike-policy ike_pol1
local address 10.1.0.1
local network 10.1.0.1/32 protocol gre
remote address 10.2.0.1
remote network 10.2.0.1/32 protocol gre
mode policy-based
exit
security ipsec proposal ipsec_prop1
authentication algorithm md5
encryption algorithm aes128
pfs dh-group 2
exit
security ipsec policy ipsec_pol1
proposal ipsec_prop1
exit
security ipsec vpn ipsec1
ike establish-tunnel route
ike gateway ike_gw1
ike ipsec-policy ipsec_pol1
enable
exitНастройка ospf:
configure
router ospf 10
area 1.1.1.1
enable
exit
enable
exit
interface gigabitethernet 1/0/1
ip ospf instance 10
ip ospf
exit
interface gigabitethernet 1/0/2
ip ospf instance 10
ip ospf
exit
tunnel gre 1
ip ospf instance 10
ip ospf
exit