Это старая версия документа.
hostname router
interface FastEthernet1/0 description connection to LAN ip address 192.168.X.1 255.255.255.0 no shutdown ! !interface FastEthernet0/0.2 ! description connection to LAN2 ! encapsulation dot1Q 2 ! ip address 192.168.100+X.1 255.255.255.0 ! no shut ! interface FastEthernet1/1 description connection to ISP ip address 172.16.1.X 255.255.255.0 ! duplex half ! speed 100 no shutdown
ip route 10.0.0.0 255.0.0.0 Null0 ip route 172.16.0.0 255.255.0.0 Null0 ip route 0.0.0.0 0.0.0.0 172.16.1.254
ip name-server 192.168.X.10 ip domain-name corpX.un
no ip domain-lookup ip host server 192.168.X.10
ip dhcp excluded-address 192.168.X.1 192.168.X.100 ip dhcp excluded-address 192.168.X.200 192.168.X.254 ip dhcp pool LAN network 192.168.X.0 255.255.255.0 default-router 192.168.X.1 dns-server 192.168.X.10 domain-name corpX.un ! option 150 ip 192.168.X.10 lease 0 0 10
clock timezone MSK 3 clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 2:00 ntp server 0.ru.pool.ntp.org ntp server 1.ru.pool.ntp.org ntp server 2.ru.pool.ntp.org ntp server 3.ru.pool.ntp.org ntp master
show ntp associations
no ip access-list extended ACL_FIREWALL ip access-list extended ACL_FIREWALL permit tcp any host 192.168.X.10 eq 80 permit tcp any host 192.168.X.10 eq 22 permit icmp any 192.168.X.0 0.0.0.255 permit ip any host 172.16.1.X permit udp any any permit tcp any any established deny ip any any log interface FastEthernet1/1 ip access-group ACL_FIREWALL in end
ip access-list standard ACL_NAT permit 192.168.X.0 0.0.0.255 permit 192.168.100+X.0 0.0.0.255 deny any ip nat inside source list ACL_NAT interface FastEthernet1/1 overload ip nat inside source static udp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 53 172.16.1.X 53 extendable ip nat inside source static tcp 192.168.X.10 22 172.16.1.X 22 extendable ip nat inside source static tcp 192.168.X.10 80 172.16.1.X 80 extendable interface FastEthernet1/0 ip nat inside interface FastEthernet1/1 ip nat outside
router# show ip nat tr router# clear ip nat tr *
ip access-list extended ACL_REDIRECT_HTTP deny ip host 192.168.X.10 any permit tcp 192.168.X.0 0.0.0.255 any eq www route-map RM_REDIRECT_HTTP permit 10 match ip address ACL_REDIRECT_HTTP set ip next-hop 192.168.X.10 interface FastEthernet1/0 description connection to LAN ip policy route-map RM_REDIRECT_HTTP
[server:~] # ls /tftpboot/c2600-js-mz.122-40.bin router#more tftp://192.168.X.1/c2600-js-mz.122-40.bin router#wr t ... boot system tftp c2600-js-mz.122-40.bin 192.168.X.1 ... ! interface FastEthernet0/0 ip address 192.168.X.2 255.255.255.0 speed 100 full-duplex ! switch#wr t ... ! interface FastEthernet0/2 duplex full speed 100 spanning-tree portfast !
rommon 1 > IP_ADDRESS=192.168.X.2 rommon 2 > IP_SUBNET_MASK=255.255.255.0 rommon 3 > TFTP_SERVER=192.168.X.3 rommon 4 > DEFAULT_GATEWAY=192.168.X.3 rommon 5 > TFTP_FILE=c2600-js-mz.122-40.bin rommon 6 > set rommon 7 > tftpdnld rommon 8 > reset
rommon 1 > confreg 0x2142 rommon 2 > boot