锐捷路由设置实例设置console口密码lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#line con 0lh(config-line)#password mimalh(config-line)#修改enable口令lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#enable password mimalh(config)#enable secret mimalh(config)#修改telnet口令lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)lh(config)#line vty 0 4lh(config-line)#loginlh(config-line)#password mimalh(config-line)#exitlh(config)#exitlh#exit出现攻击时掉线时请用console链接路由,保存好如下命令的相关内容,用以分析:1、show ver (版本信息)2、show run (配置信息)3、show arp (arp信息)4、show interface (端口信息)5、show ip nat trans (nat信息)6、show ip nat stat7、show ip nat statistics per-user (只要第1屏的信息)8、show ip cache (只要第1屏的信息)9、show ip nat statistics suspicious-pc发送免费arp:lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#int f 0/0(内网)lh(config)#arp gr int 1lh(config)#int f 1/0(外网)lh(config)#arp gr int 1lh(config)#endlh#wr端口映射:lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#ip nat source static tcp 192.168.3.99ip 80 219.128.102.110 80 permit-insidelh(config)#endlh#wr限制内网某机器不限速(192.168.2.80):lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#ip nat translation rate-limit iprange 192.168.2.2 192.168.2.79 inbound 500 outbound 1000lh(config)#ip nat translation rate-limit iprange 192.168.2.81 192.168.3.253 inbound 500 outbound 1000lh(config)#endlh#wr限制内网PC的链接线程数同限速:lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#ip nat translation per-user 0.0.0.0 250lh(config)#ip nat translation rate-limit default inbound 500 outbound 1000lh(config)#endlh#wr禁止公网访问IPlh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#access-list 3199 deny icmp any any echolh(config)#access-list 3199 deny tcp any any eq 135lh(config)#access-list 3199 deny tcp any any eq 139lh(config)#access-list 3199 deny udp any any eq netbios-sslh(config)#access-list 3199 deny tcp any any eq 445lh(config)#access-list 3199 deny tcp any host 219.128.102.110 eq wwwlh(config)#access-list 3199 permit ip any anylh(config)#endlh#wr禁止内网部分IP访问网关的lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#webaccess-list 3198 deny tcp 192.168.2.1 192.168.2.100 host 192.168.3.254 eq wwwlh(config)#access-list 3198 permit ip any anylh(config)#endlh#wr禁止IP访问网络lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#access-list 3001 deny ip host 202.96.128.166 anylh(config)#access-list 3001 permit anylh(config)#endlh#wrarp绑定lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#arp 192.168.3.1 0011.5b71.2869 arpalh(config)#endlh#wr取消arp绑定:lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#no arp 192.168.3.1lh(config)#endlh#wr防范DDOS攻击lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#security anti-wan-attack level highlh(config)#endlh#wr防范sysflood攻击lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#access-list 10 permit host 192.168.3.254lh(config)#int f 0/0lh(config)#rate-limit input access-group 10 64000 3000 3000 conform-action transmit exceed-action droplh(config)#endlh#wr禁止机器上网lh#conf tEnter configuration commands, one per line. End with CNTL/Z.lh(config)#acl 99 deny 192.168.1.2lh(config)#acc 99 deny 192.168.1.10lh(config)#acc 99 per anylh(config)#endlh#wr时间同步配置lh#conf tEnter configuration commands, one per line. End with CNTL/Z. lh(config)#sntp enablelh(config)#sntp interval 60lh(config)#sntp server 128.105.37.11lh(config)#clock uplh(config)#endlh#wrSNMP配置lh#conf tEnter configuration commands, one per line. End with CNTL/Z. lh(config)#snmp-server location ShunDelh(config)#snmp-server host 192.168.2.252 version 2 mrtglh(config)#snmp-server enable traps snmp authenticationlh(config)#snmp-server community public rolh(config)#endlh#wr日志服务器配置lh#conf tEnter configuration commands, one per line. End with CNTL/Z. lh(config)#logging 219.128.1.3lh(config)#endlh#wr现用配置lh(config)#show runBuilding configuration...Current configuration : 13406 bytes!version 8.5 (building 13) for NBRhostname lhenable password 7 10140b2e0d07195c74sntp enablesntp interval 60sntp server 128.105.37.11!!!!!!access-list 3198 deny tcp any any eq 135access-list 3198 deny tcp any any eq 445access-list 3198 permit ip any anyaccess-list 3199 deny icmp any anyaccess-list 3199 deny tcp any any eq 135access-list 3199 deny tcp any any eq 445access-list 3199 permit ip any anyaccess-list 99 permit any!no service password-encryption!!!!interface FastEthernet 0/2ip access-group 3199 inarp gratuitous-send interval 1duplex autospeed autoshutdown!interface Null 0!interface GigabitEthernet 0/0ip nat insideip access-group 3198 inno ip redirectsip address 192.168.3.254 255.255.254.0arp gratuitous-send interval 1duplex autospeed auto!interface GigabitEthernet 0/1ip nat outsideip access-group 3199 inip address 219.128.1.3 255.255.255.248arp gratuitous-send interval 1duplex autospeed autobandwidth 100000!!ip nat pool nbr_setup_build_pool prefix-length 24address 219.128.102.252 219.128.1.3 match interface GigabitEthernet 0/1!ip nat inside source static udp 192.168.3.99 27016 219.128.1.3 27016 permit-insideip nat inside source static udp 192.168.3.99 27015 219.128.1.3 27015 permit-insideip nat inside source static tcp 192.168.3.252 4899 219.128..3 5000 permit-insideip nat inside source static tcp 192.168.3.249 2531 219.128.1.3 2531 permit-insideip nat inside source static tcp 192.168.2.252 22 219.128.102.252 22 permit-insideip nat inside source static tcp 192.168.3.252 3389 219.128.1.3 3390 permit-insideip nat inside source list 99 pool nbr_setup_build_poolip nat translation max-entries 500000ip nat translation per-user 0.0.0.0 250ip nat translation rate-limit iprange 192.168.2.1 192.168.2.230 inbound 800 outbound 2000ip nat translation rate-limit iprange 192.168.3.1 192.168.3.82 inbound 800 outbound 2000ip nat translation udp-timeout 150ip nat translation icmp-timeout 30ip nat translation tcp-timeout 600ip nat translation finrst-timeout 20ip nat translation dns-timeout 30arp 192.168.2.168 0011.5b71.aa0c arpaarp 192.168.2.40 00e0.4c73.a55a arpaarp 192.168.2.232 0011.5b6f.6fc2 arpaarp 192.168.2.104 0011.5b71.2c8e arpaarp 192.168.2.136 0011.5b71.26b2 arpaarp 192.168.2.8 00e0.4c73.9e0a arpaarp 192.168.3.8 0011.5b71.3224 arpaarp 192.168.2.200 0011.5b6b.1386 arpaarp 192.168.2.72 0016.ec99.b9cd arpaarp 192.168.2.184 0011.5b71.286b arpaarp 192.168.2.56 00e0.4c73.9ee1 arpaarp 192.168.3.248 0016.ec99.51cd arpaarp 192.168.2.120 0011.5b71.2353 arpaarp 192.168.2.152 00e0.4c73.9f03 arpaarp 192.168.2.24 0011.5b69.0b3d arpaarp 192.168.2.216 0011.5b71.23dc arpaarp 192.168.2.88 0016.ec99.b49c arpaarp 192.168.2.160 00e0.4c73.9f30 arpaarp 192.168.2.32 00e0.4c73.a54a arpaarp 192.168.2.96 0011.5b6b.0c8e arpa arp 192.168.2.128 0011.5b69.0b43 arpa arp 192.168.2.192 0011.5b76.7605 arpa arp 192.168.2.64 00e0.4c73.a5e0 arpa arp 192.168.2.176 0011.5b71.b684 arpa arp 192.168.2.48 00e0.4c73.9dd0 arpa arp 192.168.2.240 0011.5b71.a824 arpa arp 192.168.2.112 0016.ec99.b775 arpa arp 192.168.2.144 0011.5b76.769a arpa arp 192.168.2.16 0011.5b76.77d2 arpa arp 192.168.3.16 0011.5b71.2ed9 arpa arp 192.168.2.208 0011.5b71.b302 arpa arp 192.168.2.80 0016.ec99.4a00 arpa arp 192.168.2.172 0011.5b71.299a arpa arp 192.168.2.44 00e0.4c73.a5a0 arpa arp 192.168.2.236 0011.5b71.2357 arpa arp 192.168.2.108 0011.5b71.23df arpa arp 192.168.2.140 0011.5b71.b9b5 arpa arp 192.168.2.12 0011.5b71.2c8b arpa arp 192.168.3.12 0011.5b71.a6ab arpa arp 192.168.2.204 0011.5b71.a83d arpa arp 192.168.2.76 0011.5b71.ba5e arpa arp 192.168.2.188 0011.5b71.3227 arpa arp 192.168.2.60 0014.7836.95ea arpa arp 192.168.3.252 000e.0c71.73cc arpa arp 192.168.2.252 000e.0c71.73cf arpa arp 192.168.2.124 0011.5b69.0360 arpa arp 192.168.2.156 00e0.4c73.a502 arpa arp 192.168.2.28 0011.5b71.b02a arpa arp 192.168.2.220 0011.5b6a.f7e6 arpa arp 192.168.2.92 0016.ec7d.990f arpa arp 192.168.2.164 0011.5b76.7d6c arpa arp 192.168.2.36 00e0.4c73.a54d arpa arp 192.168.2.228 0011.5b71.a800 arpa arp 192.168.2.100 0011.5b71.2246 arpa arp 192.168.2.132 0011.5b71.b9df arpa arp 192.168.3.4 0011.5b71.2c8d arpa arp 192.168.2.4 00e0.4c73.9ef7 arpa arp 192.168.2.196 0011.5b76.7300 arpa arp 192.168.2.68 0011.5b71.ab64 arpa arp 192.168.2.180 0011.5b6b.0a9c arpa arp 192.168.2.52 00e0.4c73.9dff arpa arp 192.168.3.244 0014.7837.6b76 arpaarp 192.168.2.148 0011.5b71.286e arpa arp 192.168.2.20 0011.5b71.a3b6 arpa arp 192.168.3.20 0011.5b6f.64da arpa arp 192.168.2.212 0011.5b29.8018 arpa arp 192.168.2.84 0016.ec97.5d5a arpa arp 192.168.2.170 0011.5b29.7f38 arpa arp 192.168.2.42 00e0.4c73.9f7b arpa arp 192.168.2.234 0011.5b71.ba8c arpa arp 192.168.2.106 0011.5b71.ad6a arpa arp 192.168.2.138 0011.5b71.2edf arpa arp 192.168.3.10 0011.5b29.8013 arpa arp 192.168.2.10 00e0.4c73.a597 arpa arp 192.168.2.202 0011.5b71.a6b0 arpa arp 192.168.2.74 0016.ec82.fe4b arpa arp 192.168.2.186 0011.5b71.ab59 arpa arp 192.168.2.58 00e0.4c73.9ea6 arpa arp 192.168.2.122 0011.5b76.734d arpa arp 192.168.2.154 00e0.4c73.9ee0 arpa arp 192.168.2.26 0011.5b6b.0c8e arpa arp 192.168.2.218 0011.5b71.a887 arpa arp 192.168.2.90 0016.ec98.f036 arpa arp 192.168.2.162 0011.5b71.a8a3 arpa arp 192.168.2.34 00e0.4c73.9e93 arpa arp 192.168.2.226 0011.5b6f.6aa4 arpa arp 192.168.2.98 0011.5b71.ac26 arpa arp 192.168.2.130 0011.5b71.3418 arpa arp 192.168.3.2 0011.5b71.358a arpa arp 192.168.2.2 00e0.4c73.a598 arpa arp 192.168.2.194 0011.5b76.84be arpa arp 192.168.2.66 0011.5b71.3665 arpa arp 192.168.2.178 0011.5b71.2ed8 arpa arp 192.168.2.50 00e0.4c73.9e2e arpa arp 192.168.2.114 0016.ec97.66bf arpa arp 192.168.2.146 0011.5b71.a7fe arpa arp 192.168.2.18 0011.5b69.0366 arpa arp 192.168.3.18 0011.5b76.7d6a arpa arp 192.168.2.210 0011.5b71.ab95 arpa arp 192.168.2.82 0016.ec99.b877 arpa arp 192.168.2.174 0011.5b6b.0a9d arpa arp 192.168.2.46 0011.5b71.2d02 arpa arp 192.168.2.238 0011.5b71.aad5 arpa arp 192.168.2.110 0016.ec99.4a05 arpa arp 192.168.2.142 0011.5b71.ab5d arpaarp 192.168.3.14 0011.5b71.a4ef arpa arp 192.168.2.206 0011.5b71.abca arpa arp 192.168.2.78 0011.5b63.bbb3 arpa arp 192.168.2.190 0011.5b71.26b0 arpa arp 192.168.2.62 00e0.4c73.a596 arpa arp 192.168.2.126 0011.5b76.84f7 arpa arp 192.168.2.158 00e0.4c73.a5e6 arpa arp 192.168.2.30 0011.5b71.ab5c arpa arp 192.168.2.222 0011.5b6f.6f88 arpa arp 192.168.2.94 0011.5b71.20ba arpa arp 192.168.2.166 0011.5b71.b9e0 arpa arp 192.168.2.38 00e0.4c73.a546 arpa arp 192.168.2.230 0011.5b71.b4a9 arpa arp 192.168.2.102 0011.5b71.2350 arpa arp 192.168.2.134 0011.5b69.0b3c arpa arp 192.168.2.6 00e0.4c73.9f00 arpa arp 192.168.3.6 0011.5b71.b4a6 arpa arp 192.168.2.198 0011.5b71.2eda arpa arp 192.168.2.70 00e0.4c73.9ee7 arpa arp 192.168.2.182 0011.5b71.2bd3 arpa arp 192.168.2.54 00e0.4c73.a543 arpa arp 192.168.3.246 0050.0900.2858 arpa arp 192.168.2.246 0011.5b69.0e8d arpa arp 192.168.2.118 0016.ec99.b774 arpa arp 192.168.2.150 0011.5b71.b303 arpa arp 192.168.2.22 0011.5b71.a885 arpa arp 192.168.2.214 0011.5b6f.2ccf arpa arp 192.168.2.86 0016.ec99.b76f arpa arp 192.168.2.169 0011.5b6f.6a6c arpa arp 192.168.2.41 00e0.4c73.9e26 arpa arp 192.168.2.233 0011.5b71.3413 arpa arp 192.168.2.105 0011.5b71.a885 arpa arp 192.168.2.137 0011.5b71.273b arpa arp 192.168.2.9 00e0.4c73.a527 arpa arp 192.168.3.9 0011.5b6f.6f82 arpa arp 192.168.2.201 0011.5b6c.c263 arpa arp 192.168.2.73 0016.ec98.eb9d arpa arp 192.168.2.185 0011.5b76.72c1 arpa arp 192.168.2.57 0014.7833.6874 arpa arp 192.168.2.249 0016.ec99.b774 arpa arp 192.168.3.249 0011.096b.8c92 arpa arp 192.168.2.121 0011.5b71.b62b arpa arp 192.168.2.153 00e0.4c73.9e95 arpaarp 192.168.2.217 0011.5b71.2246 arpa arp 192.168.2.89 0016.ec99.b780 arpa arp 192.168.2.161 00e0.4c73.a4e8 arpa arp 192.168.2.33 00e0.4c73.a4fc arpa arp 192.168.2.225 0011.5b69.045d arpa arp 192.168.2.97 0011.5b71.3665 arpa arp 192.168.2.129 0011.5b71.a6af arpa arp 192.168.3.1 0011.5b71.2869 arpa arp 192.168.2.1 00e0.4c73.9ef2 arpa arp 192.168.2.193 0011.5b71.aa06 arpa arp 192.168.2.65 0011.5b71.2cfe arpa arp 192.168.2.177 0011.5b71.b5fd arpa arp 192.168.2.49 00e0.4c73.a555 arpa arp 192.168.2.241 0011.5b76.77d3 arpa arp 192.168.2.113 0011.5b6a.fbb1 arpa arp 192.168.2.145 0011.5b71.a886 arpa arp 192.168.2.17 0011.5b6c.cb4e arpa arp 192.168.3.17 0011.5b76.76d2 arpa arp 192.168.2.209 0011.5b71.20c1 arpa arp 192.168.2.81 0016.ec99.4f54 arpa arp 192.168.2.173 0011.5b6f.6b01 arpa arp 192.168.2.45 00e0.4c73.9dd1 arpa arp 192.168.2.237 0011.5b71.20ba arpa arp 192.168.2.109 0011.5b76.7421 arpa arp 192.168.2.141 0011.5b6c.cb54 arpa arp 192.168.2.13 0011.5b6b.0bc7 arpa arp 192.168.3.13 0011.5b71.ba8b arpa arp 192.168.2.205 0011.5b71.2351 arpa arp 192.168.2.77 0016.ec99.4bea arpa arp 192.168.2.189 0011.5b6f.6fc6 arpa arp 192.168.2.61 00e0.4c73.a5bf arpa arp 192.168.3.253 0013.4665.b314 arpa arp 192.168.2.125 0011.5b6f.2a57 arpa arp 192.168.2.157 00e0.4c73.9f33 arpa arp 192.168.2.29 0011.5b6c.cb8a arpa arp 192.168.2.221 0011.5b6b.0aad arpa arp 192.168.2.93 0016.ec7d.9738 arpa arp 192.168.2.165 0011.5b71.ab5e arpa arp 192.168.2.37 00e0.4c73.9e20 arpa arp 192.168.2.229 0011.5b71.b07b arpa arp 192.168.2.101 0011.5b71.2c8a arpa arp 192.168.2.133 0011.5b76.77ce arpa arp 192.168.2.5 00e0.4c73.a4ff arpaarp 192.168.2.197 0011.5b76.779a arpa arp 192.168.2.69 00e0.4c73.a54b arpa arp 192.168.2.181 0014.2a15.60ea arpa arp 192.168.2.53 00e0.4c73.a5ef arpa arp 192.168.3.245 0000.0000.0001 arpa arp 192.168.2.117 0016.ec98.f03e arpa arp 192.168.2.149 0011.5b71.a825 arpa arp 192.168.2.21 0011.5b71.ab3a arpa arp 192.168.2.213 0011.5b6a.fbdf arpa arp 192.168.2.85 0016.ec99.4f47 arpa arp 192.168.2.171 0011.5b71.26b3 arpa arp 192.168.2.43 00e0.4c73.9e3c arpa arp 192.168.2.235 0011.5b69.0364 arpa arp 192.168.2.107 0011.5b6f.6aff arpa arp 192.168.2.139 0011.5b69.0b3f arpa arp 192.168.3.11 0011.5b71.2edc arpa arp 192.168.2.11 0011.5b69.0365 arpa arp 192.168.2.203 0011.5b71.b037 arpa arp 192.168.2.75 0016.ec99.b9da arpa arp 192.168.2.187 0011.5b71.3410 arpa arp 192.168.2.59 00e0.4c73.9dce arpa arp 192.168.3.251 000e.0c71.73cd arpa arp 192.168.2.123 0011.5b76.84f9 arpa arp 192.168.2.155 00e0.4c73.a5eb arpa arp 192.168.2.27 0011.5b71.3501 arpa arp 192.168.2.219 0011.5b29.7beb arpa arp 192.168.2.91 0016.ec98.ecd6 arpa arp 192.168.2.163 0011.5b6f.6aa9 arpa arp 192.168.2.35 00e0.4c73.a551 arpa arp 192.168.2.227 0011.5b71.3500 arpa arp 192.168.3.99 0011.d8e9.eb6c arpa arp 192.168.2.99 0011.5b71.23df arpa arp 192.168.2.131 0011.5b6f.297a arpa arp 192.168.2.3 00e0.4c73.9efd arpa arp 192.168.3.3 0011.5b71.b4d7 arpa arp 192.168.2.195 0011.5b71.3412 arpa arp 192.168.2.67 00e0.4c73.a540 arpa arp 192.168.2.179 0011.5b69.0367 arpa arp 192.168.2.51 00e0.4c73.9ee2 arpa arp 192.168.3.243 0016.ec99.51cd arpa arp 192.168.2.115 0016.ec99.4e7a arpa arp 192.168.2.147 0011.5b69.0419 arpa arp 192.168.2.19 0011.5b59.dea1 arpaarp 192.168.2.211 0011.5b76.76cd arpaarp 192.168.3.83 00e0.4cf7.3cf8 arpaarp 192.168.2.83 0011.5b71.3585 arpaarp 192.168.2.175 0011.5b71.20b9 arpaarp 192.168.2.47 00e0.4c73.9ded arpaarp 192.168.2.239 0011.5b71.b62a arpaarp 192.168.2.111 0016.ec99.b9d1 arpaarp 192.168.2.143 0011.5b6f.297e arpaarp 192.168.2.15 0011.5b71.b4dc arpaarp 192.168.3.15 0011.5b71.2c8c arpaarp 192.168.2.207 0011.5b71.322a arpaarp 192.168.2.79 0011.5b6f.7102 arpaarp 192.168.2.191 0011.5b71.b3d3 arpaarp 192.168.2.63 00e0.4c73.a572 arpaarp 192.168.2.127 0011.5b71.a379 arpaarp 192.168.2.159 00e0.4c73.9de1 arpaarp 192.168.2.31 00e0.4c73.a5f1 arpaarp 192.168.2.223 0011.5b76.734b arpaarp 192.168.2.95 0011.5b76.77d2 arpaarp 192.168.2.167 0011.5b76.7608 arpaarp 192.168.2.39 0011.5b76.84fa arpaarp 192.168.2.231 0011.5b71.2cff arpaarp 192.168.2.103 0011.5b76.76cd arpaarp 192.168.2.135 0011.5b71.ba88 arpaarp 192.168.2.7 00e0.4c73.9de8 arpaarp 192.168.3.7 0011.5b41.2d0d arpaarp 192.168.2.199 0011.5b29.7f39 arpaarp 192.168.2.71 0011.5b71.2c8e arpaarp 192.168.2.183 0011.5b76.7799 arpaarp 192.168.2.55 00e0.4c73.9e9d arpaarp 192.168.3.247 0011.5b6f.6fc7 arpaarp 192.168.2.119 0016.ec99.b783 arpaarp 192.168.2.151 0011.5b71.2998 arpaarp 192.168.2.23 0011.5b53.3e9b arpaarp 192.168.2.215 0011.5b69.0f36 arpaarp 192.168.2.87 0016.ec98.f033 arpasecurity anti-wan-attack level medium!ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/1 219.128.1.1 !snmp-server location ShunDesnmp-server host 192.168.2.252 version 2 mrtgsnmp-server enable traps snmp authenticationsnmp-server community public roline con 0line vty 0loginpassword 7 11082f0a07481c26417a79 line vty 1loginpassword 7 02594b380d042f047c4447 line vty 2loginpassword 7 100f1a2810105b0a72437e line vty 3loginpassword 7 123d0d1d5f0f3015787d50 line vty 4loginpassword 7 131f1a451823032c7f5410 !!end。