路由备份实例
路由备份实例
银行的备份系统,总行cisco 3640,支行cisco1721分别走网通的e1和联通的e1,网通3640配置如下:不解释了,自己理解吧
sddzsr001#sh run
Building configuration...
Current configuration : 9572 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sddzsr001
!
enable password 7 0513510C354A1E5A4F
!
username sddzsr001 password 7 0000450A0D56525456
memory-size iomem 10
ip subnet-zero
!
!
no ip domain-lookup
!
!
key chain SDDZSADBC
key 1
key-string 7 060F5E38485E5F4D50
key chain SDDZSLXLADBC
key 1
key-string 7 150B5A05022D78757F
key chain SDDZSPYNADBC
key 1
key-string 7 061F5D374A58584B54
key chain SDDZSXAJADBC
key 1
key-string 7 1203521E14085E527E
key chain SDDZSWUCADBC
key 1
key-string 7 06155A395D4D514E51
key chain SDDZSQIHADBC
key 1
key-string 7 000C4317025E5D5659
key chain SDDZSYCLADBC
key 1
key-string 7 0313081E011E701918
key chain SDDZSLELADBC
key 1
key-string 7 011A50134B01535E75
key chain SDDZSLYMADBC
key 1
key-string 7 1111400E1C01595953
key chain SDDZSNGJADBC
key 1
key-string 7 010756144D1B545D78
key chain SDDZSQYLADBC
key 1
key-string 7 130945170F08537E7B
call rsvp-sync
!
!
!
!
!
!
controller E1 0/0
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 0/1
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 0/2
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 0/3
line-termination 75-ohm
channel-group 0 unframed
!
controller E1 2/0
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 2/1
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 2/2
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 2/3
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 3/0
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 3/1
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 3/2
framing NO-CRC4
channel-group 0 timeslots 1-31
!
controller E1 3/3
framing NO-CRC4
channel-group 0 timeslots 1-31
!
!
class-map match-all DATA-OUT-MIS
match ip dscp af41
class-map match-all DATA-IN-OA
match access-group name ACL-OA
class-map match-all DATA-IN-PROD
match access-group name ACL-PROD
class-map match-all DATA-IN-MIS
match access-group name ACL-MIS
class-map match-all DATA-OUT-OA
match ip dscp af31
class-map match-all DATA-OUT-PROD
match ip dscp ef
!
!
policy-map SETDSCP
class DATA-IN-PROD
set ip dscp ef
class DATA-IN-MIS
set ip dscp af41
class DATA-IN-OA
set ip dscp af31
policy-map QOS
class DATA-OUT-MIS
bandwidth percent 25
random-detect
class DATA-OUT-OA
bandwidth percent 10
random-detect
class DATA-OUT-PROD
priority 1000
!
!
!
interface Loopback0
ip address 136.24.254.253 255.255.255.255
!
interface FastEthernet0/0
ip address 136.24.0.2 255.255.255.0
service-policy input SETDSCP
duplex auto
speed auto
standby 1 ip 136.24.0.5
!
interface Serial0/0:0
description "to qingyun"
ip address 136.24.229.41 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSQYLADBC
service-policy output QOS
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1:0
no ip address
shutdown
!
interface Serial0/2:0
description "to yucheng"
ip address 136.24.229.25 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSYCLADBC
service-policy output QOS
!
interface Serial0/3:0
description "to sdr001"
ip address 136.254.219.54 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSADBC
service-policy output QOS
!
interface Serial1/0
ip address 9.57.127.91 255.255.255.0
ip nat outside
encapsulation x25
x25 address 39042169
x25 htc 16
x25 idle 2
x25 map ip 9.57.127.254 39042109
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
interface Serial2/0:0
description "to wucheng"
ip address 136.24.229.17 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSWUCADBC
service-policy output QOS
!
interface Serial2/1:0
description "to linyi"
ip address 136.24.229.33 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSLYMADBC
service-policy output QOS
!
interface Serial2/2:0
description "to xiajin"
ip address 136.24.229.13 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSXAJADBC
service-policy output QOS
!
interface Serial2/3:0
description "to leling"
ip address 136.24.229.29 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSLELADBC
service-policy output QOS
!
interface Serial3/0:0
description "to ningjin"
ip address 136.24.229.37 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSNGJADBC
service-policy output QOS
!
interface Serial3/1:0
description "to pingyuan"
ip address 136.24.229.9 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSPYNADBC
service-policy output QOS
!
interface Serial3/2:0
description "to qihe"
ip address 136.24.229.21 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSQIHADBC
service-policy output QOS
!
interface Serial3/3:0
description "to lingxian"
ip address 136.24.229.5 255.255.255.252
ip nat inside
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSLXLADBC
service-policy output QOS
!
router eigrp 1
redistribute static
network 136.24.0.0 0.0.0.255
network 136.24.1.0 0.0.0.255
network 136.24.3.0 0.0.0.255
network 136.24.254.254 0.0.0.0
network 136.24.0.0
network 136.254.219.0 0.0.0.255
distribute-list 22 out Serial0/0:0
distribute-list 22 out Serial0/2:0
distribute-list 33 out Serial0/3:0
distribute-list 22 out Serial2/0:0
distribute-list 22 out Serial2/1:0
distribute-list 22 out Serial2/2:0
distribute-list 22 out Serial2/3:0
distribute-list 22 out Serial3/0:0
distribute-list 22 out Serial3/1:0
distribute-list 22 out Serial3/2:0
distribute-list 22 out Serial3/3:0
distance 80 136.254.219.0 0.0.0.255 15
distance 80 136.24.0.3 0.0.0.0 16
distance 80 136.24.229.0 0.0.0.255 15
no auto-summary
no eigrp log-neighbor-changes
!
ip nat pool renhang 136.24.1.130 136.24.1.160 netmask 255.255.255.0
ip nat inside source list 111 pool renhang overload
ip classless
ip route 9.57.111.0 255.255.255.0 9.57.127.254
no ip http server
!
!
ip access-list extended ACL-MIS
ip access-list extended ACL-OA
permit tcp any any eq 3720
permit tcp any any eq 3721
permit tcp any any eq 3710
permit tcp any any eq 3711
permit tcp any any eq 3725
permit tcp any any eq 3726
permit tcp any any eq 3760
permit tcp any any eq 3761
permit tcp any any eq 50000
permit tcp any any eq 50001
permit tcp any any eq 3800
permit tcp any any eq 1352
ip access-list extended ACL-PROD
permit tcp any any range 6660 6669
permit tcp any any eq 7001
permit tcp any any eq 9999
permit ip any 188.3.3.0 0.0.0.255
access-list 3 permit 136.1.1.129
access-list 15 permit 188.1.0.0 0.0.255.255
access-list 15 permit 188.2.0.0 0.0.255.255
access-list 15 permit 136.1.0.0 0.0.255.255
access-list 15 permit 136.24.0.0 0.0.31.127
access-list 16 permit 9.56.47.21
access-list 16 permit 188.3.0.0 0.0.255.255
access-list 16 permit 136.3.0.0 0.0.255.255
access-list 16 permit 136.5.0.0 0.0.255.255
access-list 16 permit 136.24.0.128 0.0.31.63
access-list 22 permit 9.56.47.21
access-list 22 permit 188.1.0.0 0.0.255.255
access-list 22 permit 188.2.0.0 0.0.255.255
access-list 22 permit 188.3.0.0 0.0.255.255
access-list 22 permit 136.1.0.0 0.0.255.255
access-list 22 permit 136.3.0.0 0.0.255.255
access-list 22 permit 136.5.0.0 0.0.255.255
access-list 22 permit 136.24.1.0 0.0.0.255
access-list 22 permit 136.24.3.0 0.0.0.255
access-list 22 permit 9.57.111.0 0.0.0.255
access-list 33 deny 136.24.250.0 0.0.0.255
access-list 33 deny 136.24.230.0 0.0.0.255
access-list 33 deny 136.24.253.0 0.0.0.255
access-list 33 deny 9.57.111.0 0.0.0.255
access-list 33 permit any
access-list 111 permit ip 136.24.0.0 0.0.255.255 9.57.111.0 0.0.0.255
snmp-server community sdadbc RO
snmp-server community adbcsd RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps casa
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps bgp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps dlsw
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps voice poor-qov
snmp-server enable traps xgcp
snmp-server host 136.1.1.130 sdadbc
snmp-server host 188.1.1.33 sdadbc
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 03000D070F02781E17
login
!
end
1721配置如下:
sh run
Building configuration...
Current configuration : 5470 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sddzslxlr001
!
aaa new-model
aaa authentication login default group tacacs+ local enable
aaa authentication login ADMIN none
enable secret 5 $1$7xUy$davarilWDXUXLmhD/mmBL1
enable password 7 0822455D0A16
!
username sddzsr002 password 7 044E520D02291F1B5E
!
class-map DATA-OUT-MIS
match none
class-map DATA-OUT-OA
match access-group name ACL-OA
class-map DATA-OUT-PROD
match access-group name ACL-PROD
!
!
policy-map QOS
class DATA-OUT-PROD
priority 1000
class DATA-OUT-MIS
bandwidth percent 25
random-detect
class DATA-OUT-OA
bandwidth percent 10
random-detect
!
memory-size iomem 25
ip subnet-zero
no ip finger
no ip domain-lookup
!
!
key chain SDDZSLXLADBC
key 1
key-string 7 131C461B0D0B577B7C
chat-script call ABORT ERROR ABORT BUSY "" "ATDT\T" TIMEOUT 60 "CONNECT"
!
!
!
interface Loopback0
ip address 136.24.12.254 255.255.255.255
!
interface Serial0
ip address 136.24.229.6 255.255.255.252
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSLXLADBC
service-policy output QOS
!
interface Serial1
ip address 136.24.230.6 255.255.255.252
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 SDDZSLXLADBC
service-policy output QOS
!
interface FastEthernet0
ip address 136.24.12.190 255.255.255.192 secondary
ip address 136.24.12.126 255.255.255.128
ip access-group 100 out
speed auto
!
interface Async5
description to shihang
ip address 136.24.253.3 255.255.255.0
encapsulation ppp
dialer in-band
dialer map ip 136.24.253.1 name sddzsr001 modem-script call broadcast 02684664
dialer map ip 136.24.253.1 name sddzsr001 modem-script call broadcast 02684674
dialer map ip 136.24.253.1 name sddzsr001 modem-script call broadcast 02684684
dialer map ip 136.24.253.1 name sddzsr001 modem-script call broadcast 02684694
dialer-group 1
async default routing
async dynamic routing
async mode dedicated
ppp authentication chap
!
router eigrp 1
passive-interface Async5
network 136.24.0.0
network 136.254.0.0
distance 80 136.24.230.6 0.0.0.0 15
distance 80 136.24.229.6 0.0.0.0 16
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 9.57.111.0 255.255.255.0 136.24.229.5
ip route 136.24.1.0 255.255.255.0 136.24.253.1 200
ip route 188.0.0.0 255.0.0.0 136.24.253.1 200
no ip http server
!
!
ip access-list extended ACL-MIS
ip access-list extended ACL-OA
permit tcp any any eq 3720
permit tcp any any eq 3721
permit tcp any any eq 3710
permit tcp any any eq 3711
permit tcp any any eq 3725
permit tcp any any eq 3726
permit tcp any any eq 3760
permit tcp any any eq 3761
permit tcp any any eq 50000
permit tcp any any eq 50001
permit tcp any any eq 3800
permit tcp any any eq 1352
ip access-list extended ACL-PROD
permit tcp any any range 6660 6669
permit tcp any any eq 7001
permit tcp any any eq 9999
permit ip any 188.3.3.0 0.0.0.255
logging source-interface Loopback0
logging 136.1.1.129
access-list 3 permit 136.1.1.129
access-list 15 permit 9.56.47.21
access-list 15 permit 188.3.0.0 0.0.255.255
access-list 15 permit 136.3.0.0 0.0.255.255
access-list 15 permit 136.5.0.0 0.0.255.255
access-list 15 permit 136.24.0.0 0.0.255.255
access-list 16 permit 9.57.111.0 0.0.0.255
access-list 16 permit 188.1.0.0 0.0.255.255
access-list 16 permit 188.2.0.0 0.0.255.255
access-list 16 permit 136.1.0.0 0.0.255.255
access-list 16 permit 136.24.1.0 0.0.0.255
access-list 100 permit ip 9.57.111.0 0.0.0.255 136.24.12.0 0.0.0.127
access-list 100 permit ip host 136.1.1.200 136.24.12.0 0.0.0.127
access-list 100 permit ip 136.24.11.0 0.0.0.127 136.24.12.0 0.0.0.127
access-list 100 permit ip 136.24.1.0 0.0.0.255 136.24.12.0 0.0.0.127
access-list 100 deny ip 136.24.12.128 0.0.0.63 host 136.24.12.1
access-list 100 permit ip 136.24.12.128 0.0.0.63 136.24.12.0 0.0.0.127
access-list 100 deny ip any 136.24.12.0 0.0.0.127
access-list 100 permit ip 188.3.0.0 0.0.255.255 136.24.12.128 0.0.0.63
access-list 100 permit ip 136.3.0.0 0.0.255.255 136.24.12.128 0.0.0.63
access-list 100 permit ip 136.5.0.0 0.0.255.255 136.24.12.128 0.0.0.63
access-list 100 permit ip host 9.56.47.21 136.24.12.128 0.0.0.63
access-list 100 permit ip 136.24.3.0 0.0.0.255 136.24.12.128 0.0.0.63
access-list 100 permit ip host 136.24.1.3 136.24.12.128 0.0.0.63
access-list 100 permit ip host 136.24.1.4 136.24.12.128 0.0.0.63
access-list 100 permit ip 136.24.12.0 0.0.0.127 136.24.12.128 0.0.0.63
access-list 100 deny ip any 136.24.12.128 0.0.0.63
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
tacacs-server key k6pfn444
snmp-server community s7war754 RO 3
snmp-server community c7lwm714 RW 3
snmp-server community sdadbc RO
snmp-server community adbcsd RW
snmp-server trap-source Loopback0
snmp-server enable traps snmp
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps hsrp
--More--
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps frame-relay
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server host 136.1.1.129 s7war754
snmp-server host 136.1.1.130 sdadbc
snmp-server host 188.1.1.33 sdadbc
!
line con 0
login authentication ADMIN
transport input none
line aux 0
modem InOut
modem autoconfigure discovery
transport input all
speed 1200
flowcontrol hardware
line vty 0 4
password 7 07077158421B4F534F
!
end
