·¢²¼Ê±¼ä : ÐÇÆÚËÄ ÎÄÕºþ±±µçÐÅIP³ÇÓòÍøSR·ÓÉÆ÷(»ªÎªNE40E)ÅäÖù淶V1.0¸üÐÂÍê±Ï¿ªÊ¼ÔĶÁ
ºþ±±µçÐųÇÓòÍø·ÓÉÆ÷É豸ÅäÖù淶×ÜÔò
µÚ3Õ »ªÎªSRÉ豸»ù±¾ÅäÖù淶
3.1 ϵͳ»ù±¾ÅäÖù淶
3.1.1 É豸Ãû³ÆÅäÖÃ
ÅäÖÃ˵Ã÷£º
¹æ·¶É豸ÃüÃû£¬Î¨Ò»ÐÔ±êʶ³ÇÓòÍøÖеÄÿ̨É豸£¬ÓÃÓÚ¶Ô³ÇÓòÍøµÄÿ̨É豸½øÐÐÇø·Ö£¬·½±ãÉ豸¹ÜÀí£¬Ìá¸ß¿É¶ÁÐԺͿɹÜÀíÐÔ¡£
¹æ·¶ÒªÇó£º
É豸Ãû³ÆÒªÇó·ûºÏµÚ¶þÕÂÖС°IP³ÇÓòÍøÍøÂçÉ豸ÃüÃû¼°Á´Â·ÃèÊö¹æ·¶¡±Öй涨¡£
ÅäÖù淶£º
[sysname] sysname WH-ZBL-SR-1.MAN.NE40E 3.1.2 BannerÅäÖÃ
ÅäÖÃ˵Ã÷£º
ÔÚÁ¬½Óµ½Â·ÓÉÆ÷£¬ÊäÈëÓû§Ãû³ÆºÍ¿ÚÁî֮ǰ£¬ÏµÍ³ÏÔʾµÄÌáʾÐÅÏ¢£¬Í³Ò»Banner motdÓïÑÔ¡£
¹æ·¶ÒªÇó£º
ËùÓзÓÉÆ÷ÅäÖÃͳһµÄBannerÐÅÏ¢£¬µÇ½ʱÌáʾ£º
WARNING!!! Authorised access only, all of your done will be recorded! disconnect IMMEDIATELY if you are not an authorised user!
ÅäÖù淶£º
[sysname] #Banner motd ¡° WARNING!!! Authorised access only, disconnect IMMEDIATELY if you are not an authorised user! ¡± [sysname] # ÅäÖÃÑéÖ¤£º
µÇ½·ÓÉÆ÷ʱӦ¿´µ½bannerÌáʾ¡£
3.1.3 É豸×ÔÉíʱ¼ä¼°NTP
ÖйúµçÐźþ±±·Ö¹«Ë¾
µÚ9Ò³
ºþ±±µçÐųÇÓòÍø·ÓÉÆ÷É豸ÅäÖù淶×ÜÔò
NTPʵÏÖÍøÂçÉ豸ʱ¼äͬ²½¹¦ÄÜ£¬Óëʱ¼äÓйصÄÓ¦Óã¬ÀýÈçLogÐÅÏ¢£¬»ùÓÚʱ¼äÏÞÖÆ´ø¿íµÈ£¬¶¼ÐèÒª»ùÓÚÕýÈ·µÄʱ¼ä¡£
3.1.3.1 ʱÇøÅäÖà ÅäÖÃ˵Ã÷£º
ͳһÉ豸µÄʱÇøÅäÖᣠ¹æ·¶ÒªÇó£º
ÅäÖÃϵͳʱÇøΪGMT+8£¬±±¾©Ê±Çø¡£ ÅäÖù淶£º
[sysname] clock timezone GMT minus 08:00:00 #ÔÚÓû§Ä£Ê½ÏÂÅäÖà ÅäÖÃÑéÖ¤£º display clock 3.1.3.2 NTPʱ¼ä ÅäÖÃ˵Ã÷£º
ÉèÖÃÉ豸Ӳ¼þʱ¼äÓëNTP·þÎñÆ÷µÄʱ¼äͬ²½£¬Ê¹ÓÃNTP¶¨ÆÚ£¨×î¶Ì10·ÖÖÓ£©Í¬²½ÍøÂçÉÏËùÓÐÉ豸µÄʱ¼ä£¬±£Ö¤ÍøÂçÉ豸µÃµ½ÕýÈ·µÄʱ¼ä¡£
¹Ç¸ÉÉ豸Î人C1, Î人C2×÷Ϊºþ±±Ê¡ÄÚ³ÇÓòÍø³ö¿Ú·ÓÉÆ÷µÄNTP SERVER£»
³ÇÓòÍøÅäÖÃÖ÷ºÍ±¸Á½×éNTP·þÎñÆ÷£¬²¢·ÖΪÁ½¼¶½á¹¹£º
³ÇÓòÍø³ö¿Ú×÷ΪNTP CLIENT£¬ÅäÖÃÓë202.97.32.72 , 202.97.32.73ͬ²½Ê±ÖÓ£»³ÇÓòÍø³ö¿Ú×öΪNTP SERVER£¬ÅäÖÃNTP ËùÔÚÖ÷ʱÖÓ²ãÊýΪĬÈÏ£¬³ö¿ÚÒÔÏÂÉ豸ÔòÅäÖÃÏò³ö¿Ú·ÓÉÆ÷½øÐÐʱÖÓͬ²½¡£
Ö¸¶¨±¾µØ·¢³öNTPÏûÏ¢µÄ½Ó¿Ú¡£ ¹æ·¶ÒªÇó£º
ÅäÖÃNTP·þÎñÆ÷¸üÐÂÉ豸Ӳ¼þʱ¼ä£¬ÅäÖÃÖ÷ºÍ±¸Á½×éNTP·þÎñÆ÷£¬°æ±¾V3£¬Ö¸¶¨±¾µØ·¢³öNTPÏûÏ¢µÄ½Ó¿Úloopback0¡£
ÅäÖù淶£º
ntp-service source-interface LoopBack0 ntp-service unicast-server 202.97.32.72 preference #ÓÅÑ¡ÆäÖÐһ̨³ö¿ÚΪNTP SERVER ntp-service unicast-server 202.97.32.73 #Áíһ̨³ö¿ÚΪ±¸ÓÃNTP SERVER ÅäÖÃÑéÖ¤£º
ÖйúµçÐźþ±±·Ö¹«Ë¾
µÚ10Ò³
ºþ±±µçÐųÇÓòÍø·ÓÉÆ÷É豸ÅäÖù淶×ÜÔò
display clock display ntp-service status display ntp-service session 3.1.3.3 NTPÏûÏ¢Ô´µØÖ· ÅäÖÃ˵Ã÷£º
Ö¸¶¨É豸µÄ½Ó¿ÚIP×öΪNTPÏûÏ¢°üµÄÔ´IPµØÖ·£¬Ê¹ÓøÃIPÓëÆäËüNTPÉ豸½»»»ÏûÏ¢°ü¡£
¹æ·¶ÒªÇó£º
³ÇÓòÍøºËÐIJ㡢ҵÎñ¿ØÖƲãÉ豸µÄʹÓÃLoopback0 µØÖ·×÷ΪNTPÏûÏ¢Ô´µØÖ·¡£
ÅäÖù淶£º
ntp-service source-interface LoopBack0 ÅäÖÃÑéÖ¤£º
display clock display ntp-service status display ntp-service session 3.1.4 TelnetÅäÖÃ
3.1.4.1 Á¬½ÓÊýÏÞÖÆ ÅäÖÃ˵Ã÷£º
¶ÔͬʱԶ³ÌµÇ½µ½É豸ÉϵÄsessionÊý½øÐÐÏÞÖÆ£¬¿ÉÒÔ·ÀÖ¹´óÁ¿µÄsessionÁ¬½ÓÕ¼Óùý¶àϵͳ×ÊÔ´£¬Í¬Ê±±ãÓÚ¼¯ÖÐÔËά£¬±£Ö¤¹ÊÕÏÆÚ¼äµÄÕý³£´¦Àí¡£
¹æ·¶ÒªÇó£º
ÅäÖÃSR·ÓÉÆ÷Telnet×î´óÁ¬½ÓÊýÏÞÖÆΪ5¸ö¡£ ÅäÖù淶£º
user-interface maximum-vty 5 ÅäÖÃÑéÖ¤£º display user-interface maximum-vty ÅäÖÃ×¢Òâϸ½Ú£º »ªÎª¼°CISCOÉ豸 VTYÁ¬½ÓÊýÏÞÖÆĬÈÏΪ5£¬7750Ϊ7,°´Ä¬ÈÏÅäÖá£
ÖйúµçÐźþ±±·Ö¹«Ë¾
µÚ11Ò³
ºþ±±µçÐųÇÓòÍø·ÓÉÆ÷É豸ÅäÖù淶×ÜÔò
3.1.4.2 ¿ÕÏÐʱ¼ä ÅäÖÃ˵Ã÷£º
ÉèÖÃÁËTelnet³¬Ê±¹¦ÄÜ£¬µ±¿ÕÏÐʱ¼ä³¬¹ýÉ趨ֵºó£¬TelnetÏ̶߳Ͽª£¬·Àֹδ±»ÊÚȨµÄÈËÔ±ÔÚ²Ù×÷Ô±À뿪ºó½øÐзǷ¨²Ù×÷¡£
¹æ·¶ÒªÇó£º
¶ÔVTY¡¢Console¡¢AUXµÇ¼³¬Ê±ÉèÖýøÐÐÅäÖã¬ÉèÖÿÕÏÐʱ¼äΪ10·ÖÖÓ¡£ ÅäÖù淶£º
user-interface console 0 idle-timeout 10 0 user-interface aux 0 idle-timeout 10 0 user-interface vty 0 4 idle-timeout 10 0 ÅäÖÃÑéÖ¤£º
disp curr | b user-interface 3.1.4.3 TELNET·ÃÎÊ¿ØÖÆÁбí ÅäÖÃ˵Ã÷£º
ÏÞÖÆTelnetµÇ¼ÍøÂçµÄÔ´µØÖ·£¬´Ó¶øÔöÇ¿É豸µÄ°²È«ÐÔ£¬×î´óÏ޶ȷÀÖ¹·Ç·¨µÇ½³¢ÊÔ¡£
¹æ·¶ÒªÇó£º
ÅäÖÃTelnetÔ´µØÖ·ÏÞÖÆ£¬°üº¬Ê¡¹«Ë¾µØÖ·ºÍ×îС»¯µÄµØÊÐÍø¹ÜÖÐÐÄά»¤IPÍø¶Î¡£
ÅäÖù淶£º
acl number 2000 description this acl is used telnet rule 10 permit source x.x.x.x/y rule 20 permit source x.x.x.x/y rule 30 permit source x.x.x.x/y rule 3000 deny source any # user-interface vty 0 4 authentication-mode aaa #ÉèÖÃtelnetÓû§Í¨¹ýAAAÈÏÖ¤µÇ½ acl 2000 inbound #ÉèÖÃVTY¿ÚµÇ¼¿ØÖÆÁбíΪ2000 ÅäÖÃÑéÖ¤£º ÖйúµçÐźþ±±·Ö¹«Ë¾
µÚ12Ò³