路由器配置N步曲
这几天把玩路由器,想把碰到的几个最常见的问题写出来,结果发现已经有人这样做了,而且比我想象得要完整,那就直接照抄得了,顺序略有改动,因为个人的配置习惯不同,参考:cisco路由器安全配置必用10条命令。
1:改名
Router(config)#hostname R1
2:增加用户名
Router(config)#username root secret mypassword
在增加了用户名之后,必须启用使用该用户名的端口:
Router(config)#line con 0
Router(config)#login local
Router(config)#line aux 0
Router(config)#login local
Router(config)#line vty 0 4
Router(config)#login local
3:取消端口线路上的消息日志和超时时间限制
Router(config)#line con 0
Router(config)#logging synchronous
Router(config)#exec-timeout 0 0
4:取消“Translating…. domain server (255.255.255.255)”信息
Router(config)#no ip domain-lookup
对于产生”Translating….domain server (255.255.255.255)”信息的原因,思科官方是这样解释的:
By default, when a command in user or enable mode is entered into a router and this command is not recognized, the router believes that this is the host name of a device that the user is attempting to reach using telnet. Therefore, the router tries to resolve the unrecognized command into an IP address by doing an IP domain lookup. If no specific domain server has been configured on the router, the router will issue a broadcast for the command to be translated into an IP address. It can take several seconds for the router prompt to return while the router waits for a response to its Domain Name System (DNS) broadcast.
Note: You can also use the transport preferred none command on the vty/con/aux lines to prevent the router from attempting to resolve an invalid command into an IP address. The DNS information is available in the output of other commands. However, when you have to initiate a telnet session from the router, place the telnet keyword before the hostname, since the router does not telnet automatically when you type a hostname. Remember to add the ip name-server command to specify the address of the name server.
5:禁用Web服务,cisco路由器在默认情况下启用了web服务,这是不安全的,如果不使用web服务需要禁用
Router(config)#no ip http server