买到一台Cisco 871W,替换掉RB450G,本打算把它的无线功能用上,可惜只支持BG。这台路由器是企业更换更换设备,做网络的外包公司早已倒闭,密码只能自己破解了。于是乎,拿出面条线,开干。
别的就不说了,直接贴配置档吧。
Router(config)#do show run
Building configuration…
Current configuration : 3976 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool home
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.0.1
lease 0 23
!
!
!
!
crypto pki trustpoint TP-self-signed-2642604096
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2642604096
revocation-check none
rsakeypair TP-self-signed-2642604096
!
!
crypto pki certificate chain TP-self-signed-2642604096
certificate self-signed 01
这一段是证书,不给看
quit
username root privilege 15 secret 5 密码
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username 用户名 password 0 密码
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end
这样配置好之后启动Dialer即可获得IP地址。
记得当时学习的时候,配置no ip domain-lookup,禁止查询DNS来加快配置速度,这样会导致DNS指向路由器的时候会无法解析IP,由于当时配置是把DNS指向公网上的DNS反而没什么问题。
通过下面的命令指定DNS,即可使客户端将DNS指向路由器,进行迭代查询。
Router(config)#ip name-server 114.114.114.114
这台路由器支持SDM,需要JRE1.4-1.6的运行环境。这里发生过奇怪的事情,安装说明里写JRE版本高于1.4,我电脑里有JRE1.8,不能运行。改为1.6后正常。
SDM加载信息
跑个测试
本想去Cisco网站上找SDM,登陆之后需要提供合同号,没想到在老司机到处开车的互联网找不到SDM。。。我把SDM和JRE打包放上来。
总体来说,路由器配置不算高,稳定性好的很,顺带说企业设备我拿来家用是不是太奢侈了点?
附:下载地址