show fib ÏÔʾ·ÓÉÐÅÏ¢ show snat ÏÔʾnat ÅäÖà no snatrule id ºÅ ɾ³ýNATÅäÖà show ip route ÏÔʾ·ÓÉÐÅÏ¢ save ±£´æÅäÖÃ
unset all Çå³þÅäÖÃ(»Ö¸´³ö³§Éè ÖᣠÅä½Ó¿Ú
(config)# interface Ethernet0/2
(config-if-0/2)# zone trust »ò/untrust ½¨Á¢ÇøÐÅÈÎ/²»ÐÅÈÎ (config-if-0/2)# ip add 192.168.1.1/24 (config-if-0/2)# manage ping ¿ªÍ¨PING (config-if-0/3)# manage http ¿ªÍ¨HTTP (config-if-0/3)# manage telnet ¿ªÍ¨telnet Åä·ÓÉ
(config)# ipvrouter trust-vr Õâ¸öÃüÁîÒâ˼ÊÇ¿ÉÒÔÅäÖöà¸ö·ÓÉ (config-route)# ip route 0.0.0.0/0 192.168.1.1
ÅäNAT (config)# nat
(config-nat)# snatrule id 1 from any to any trans-to eif-ip mode dynamicport (config)#policy
# rule from any to any server any dynamicport ϵͳ¹ÜÀí web£º
ϵͳ--É豸¹ÜÀí--»ù±¾ÐÅÏ¢ CLI£º
(config)# hostname (name) ÅäÖð²È«Íø¹ØÃû (config)# no hostname Çå³þ°²È«Íø¹ØÃû ¹ÜÀíÔ±ÃÜÂë²ßÂÔÅäÖÃģʽ
hostname(config)# password policy ½øÈë¹ÜÀíÔ±²ßÂÔÅäÖÃʽ
hostname(config-pwd-policy)# admin complexity 1 ÆôÓÃÃÜÂ븴ÔÓ¶ÈÏÞÖÆ
hostname(config=pwd-policy)# admin min-length (length value) ÆôÓÃÃÜÂë×îÉÙλÏÞÖÆ
ÅäÖÃϵͳ¹ÜÀíÔ±
(config)# admin user (user-name) ÅäÖùÜÀíÔ±Ãû³Æ (config)# no admin user (user-name) ɾ³ý¹ÜÀíÔ±Ãû³Æ
(config-hostname)# privilege PX/RXW ¹ÜÀíԱģʽÏ£ºÅäÖùÜÀíÔ±ÌØȨ PXÊǶÁ£¬Ö´ÐÐ PXW ÊǶÁ£¬Ö´ÐУ¬Ð´¡£
(config-hostname)# password password ÅäÖùÜÀíÔ±ÃÜÂë
(config-hostname)# access{console|https|ssh|telnet|any} ÅäÖùÜÀíÔ±µÄ·ÃÎÊ·½Ê½
show admin user ÏÔʾ¹ÜÀíÔ±ÐÅÏ¢
show admin user (user-name) ÏÔʾ¹ÜÀíÔ±ÅäÖÃÐÅÏ¢ ÅäÖÿÉÐÅÖ÷»ú
web£ºÏµÍ³--É豸¹ÜÀí--¿ÉÐÅÖ÷»ú
¿ÉÒÔÌí¼Ó×ÓÍø Èç192.168.1.0/24 Ò²¿ÉÒÔ°´IPrange Ìí¼Ó È磺192.168.1.1-192.168.1.100 CLI:
(config)# admin host 192.168.1.0 255.255.255.0 http |https |ssh |telnet| ÅäÖÿÉÐÅÖ÷»úIP Ö¸¶¨¿ÉÐÅÖ÷»úµÄµÇ¼·½Ê½
(config)# admin host any any ÅäÖÃÈÎÒâ¿ÉÐŵØÖ· ÔÊÐíÈÎÒâµÇ¼·½Ê½ (config)# no admin host 192.168.1.0 255.255.255.0 È¡Ïû¿ÉÐÅÖ÷»ú
(config)# no admin host 192.168.1.0 255.255.255.0 http| telnet | È¡Ïû¿ÉÐÅÖ÷»úµÇ¼·½Ê½
Óû§½Ó¿Ú
ÀàÐÍ£ºConsole telnet sshwebUI
¸÷ÖÖ·ÃÎÊ·½Ê½µÄ³¬Ê±Ê±¼ä£¬¶Ë¿ÚºÅÒÔ¼°httpsµÄPKIÐÅÈÎÓò
ÔÚÒ»·ÖÖÓÄÚÁ¬ÐøÈý´ÎµÇ¼ʧ°Ü£¬ÏµÍ³½«»á½«µÇ½ʧ°ÜµÄIPËø¶¨Á½·ÖÖÓ¡£±»Ëø¶¨µÄIPµØÖ·ÔÚÁ½·ÖÖÓÖ®ÄÚ²»Äܽ¨Á¢É豸µÄÁ¬½Ó
web£º
ϵͳ--É豸¹ÜÀí--Óû§½Ó¿Ú CLI£º
(config)# telnet timeout (timeout-value µ¥Î»·ÖÖÓ) ÅäÖÃtelnet³¬Ê±Ê±¼ä
(config)# telnet port (port-number¶Ë¿ÚºÅ) ÅäÖö˿ںÅ
(config)# telnet authorization-try-count (count-number´ÎÊýºÅ) ÅäÖÃtelnet×î´óµÇ½´ÎÊý
ÅäÖÃSSH¹ÜÀí½Ó¿Ú
(config)# ssh timeout (timeout-value) (config)# ssh port (port-unmber)