国产探花免费观看_亚洲丰满少妇自慰呻吟_97日韩有码在线_资源在线日韩欧美_一区二区精品毛片,辰东完美世界有声小说,欢乐颂第一季,yy玄幻小说排行榜完本

首頁(yè) > 學(xué)院 > 網(wǎng)絡(luò)通信 > 正文

路由器安全設(shè)置 詳解

2019-11-05 00:26:00
字體:
來(lái)源:轉(zhuǎn)載
供稿:網(wǎng)友

  hostname Perimeter-Router           ! 路由器名稱
enable secret ena-secret            ! 特權(quán)訪問(wèn)口令為 ena-secret

interface serial 0                   ! 定義接口
description To The Internet        ! 目的描述
ip address 161.71.73.33 255.255.255.248     ! 設(shè)置IP地址
ip access-list 101 in                           ! 定義入站過(guò)濾器
ip access-list 102 out                          ! 定義出站過(guò)濾器
access-list 101 permit tcp any any established Note 1     ! 答應(yīng)所有tcp業(yè)務(wù)流入,會(huì)話始于園區(qū)網(wǎng)內(nèi)


access-list 101 permit tcp any host 144.254.1.3 eq FTP     ! 答應(yīng) ftp 到不潔網(wǎng)
                                                            !(dirty net )中的ftp服務(wù)器
access-lsit 101 permit tcp any host 144.254.1.3 eq ! 答應(yīng) ftp 數(shù)據(jù)到不潔網(wǎng)中的ftp服務(wù)器
ftp-date                                                      
                                                             
access-list 101 deny ip 127.0.0.0 0.255.255.255 any ! 阻止來(lái)自Internet并以RFC
access-list 101 deny ip 10.0.0.0 0.255.255.255 any   !保留地址為源的數(shù)據(jù)包入站
access-list 101 deny ip 172.16.0.0 0.240.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny icmp any any echo-reply         ! 拒絕任何應(yīng)答
access-list 101 deny icmp any any host-unreachable ! 拒絕任何無(wú)法接通的主機(jī)
access-list 101 deny udp any any eq snmp             ! 拒絕引入的SNMP
access-list 101 deny udp any eq 2000                  ! 拒絕引入的openwindows
access-list 101 deny udp any any gt 6000             ! 拒絕引入的X-windows
access-list 101 deny tcp any any eq 2000                 ! 拒絕引入的openwindows
access-list 101 deny tcp any any gt 6000                ! 拒絕引入的X-windows
access-list 101 deny udp any any eq 69                   ! 拒絕引入的tftpd
access-list 101 deny udp any any eq 111                  ! 拒絕引入的SunRPC
access-list 101 deny udp any any eq 2049                 ! 拒絕引入的NFS
access-list 101 deny tcp any any eq 111                  ! 拒絕引入的SunRPC
access-list 101 deny tcp any any eq 2049                 ! 拒絕引入的 NFS
access-list 101 deny tcp any any eq 87                   ! 拒絕引入的連接
access-list 101 deny tcp any any eq 512      ! 拒絕引入的 BSD UNIX “r”指令
access-list 101 deny tcp any any eq 513      ! 拒絕引入的 BSD UNIX “r”指令
access-list 101 deny tcp any any eq 514      ! 拒絕引入的 BSD UNIX “r”指令
access-list 101 deny tcp any any eq 515      ! 拒絕引入的 lpd
access-list 101 deny tcp any any eq 540      ! 拒絕引入的  uUCpd

access-list 101 permit ip any any             ! 其它均答應(yīng)

access-list 102 permit ip 144.254.0.0 0.0.255.255 any  ! 只答應(yīng)有源的包
access-list 102 deny ip any any                 ! 園區(qū)網(wǎng)到Internet的地址

aaa new-model                                         ! 在全范圍實(shí)現(xiàn)AAA
aaa authentication login default tacacs+        !默認(rèn)登錄方法經(jīng)由 tacacs+
aaa authentication login staff tacacs+ local   !通過(guò)tacacs+鑒別工作人員用戶名...
                                          ! 假如無(wú)法連接服務(wù)器,退而求其次的方法是本地鑒別
aaa authorization exec tacacs+ local           ! 鑒別通過(guò)后,授權(quán)運(yùn)行 exec shell
aaa authorization commands 0 tacacs+ none     ! 鑒別與指定特權(quán)等級(jí)相關(guān)的運(yùn)行模式指令
aaa authorization commands 1 tacacs+ none     ! 假如無(wú)可用的tacacs+ 服務(wù)器,
aaa authorization commands 15 tacacs+ local   ! 15級(jí)權(quán)限指令就需要本地鑒別,其它
                                                      ! 不需要任何鑒別
aaa accounting update newinfo                    ! 每當(dāng)有新的記帳信息需要報(bào)告時(shí),中間記帳
                                                      ! 記錄將被送到服務(wù)器
aaa accounting exec start-stop tacacs+         ! 對(duì)終端會(huì)話進(jìn)行記帳
aaa accounting network start-stop tacacs+     ! 對(duì)所有 PPP, SLIP和ARAP連接記帳
username staff passWord 7 staffpassword       ! 創(chuàng)建本地口令并以加密格式存儲(chǔ)
tacacs-server host 144.254.5.9                  ! 定義tacacs+ 服務(wù)器地址
tacacs-server key thisisasecret                 ! 定義共享的 tacacs+ 密碼

line con 0
exec-timeout 5 30                        ! 確認(rèn)控制臺(tái)會(huì)話結(jié)束時(shí)間
login authentication staff             ! 只有用戶名工作人員可接入控制臺(tái)
line aux 0
transport input none                     ! 沒(méi)有telnet進(jìn)入
no exec                                    ! 該端口沒(méi)有得到運(yùn)行提示
line vty 0 3
exec-timeout 5 30                        ! 確認(rèn) telnet 會(huì)話結(jié)束時(shí)間
login authentication default           ! 通過(guò) tacacs+ 登錄鑒別
PRivilege level 15                       ! 獲得15級(jí)權(quán)限
line vty 4
exec-timeout 5 30                        ! 確認(rèn) telnet 會(huì)話結(jié)束時(shí)間
login authentication staff             ! 鑒別為工作人員
rotary 1
privilege level 1
logging on                                 ! 開(kāi)啟syslog
logging 144.254.5.5                      ! 定義syslog服務(wù)器地址
logging console information             ! 定義登錄的信息


發(fā)表評(píng)論 共有條評(píng)論
用戶名: 密碼:
驗(yàn)證碼: 匿名發(fā)表
主站蜘蛛池模板: 禹州市| 商河县| 普定县| 吉安县| 淅川县| 融水| 嘉兴市| 察雅县| 南陵县| 靖宇县| 民权县| 龙泉市| 淮北市| 正镶白旗| 常山县| 永济市| 博客| 泽库县| 永州市| 开化县| 老河口市| 台北县| 吉木乃县| 永顺县| 株洲市| 洛南县| 栾城县| 卢湾区| 奉新县| 广昌县| 成安县| 林西县| 博客| 黄石市| 浦县| 宁德市| 赫章县| 塔城市| 静乐县| 辽阳县| 三门峡市|