好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



MSR系列路由器

使用PKI认证建立IPSec隧道功能的配置

 

关键词:MSR;IPSec;IKE;PKI;RSA;Win2003;证书服务器

 

一、组网需求

如下面的组网图,使用Win2003作为证书服务器,2MSR路由器需要通过IKE建立IPSec隧道,IKE的认证方式使用PKI证书方式,证书服务器使用Win2003

设备清单:MSR系列路由器2台,Win2003主机一台

二、组网图:

三、配置步骤:

设备和版本:MSR系列、Version 5.20, Release 1509

配置前的操作步骤

//MSR1MSR2都执行如下操作,生成1024位的rsa本地密钥对(含公私钥

[MSR1]public-key local create rsa

The range of public key size is (512 ~ 2048).     

NOTES: If the key modulus is greater than 512,     

It will take a few minutes.    

Press CTRL+C to abort.

Input the bits of the modulus[default = 1024]:

Generating Keys...

..++++++

..........++++++

...++++++++

..++++++++

MSR1配置

#

//定义IKE提议,序号为1,优先度最高,使用rsa签名方式认证

ike proposal 1

 authentication-method rsa-signature

#

//pki实体msr1

pki entity msr1

  //实体的名字

  common-name msr1

  //所属组织部门,注意与CA保持一致

  organization-unit ts-msr

  //所属组织,与CA保持一致

  organization h3c

  //城市,与CA保持一致

  locality bj

  //所属国家,与CA保持一致,CN表示中国

  country CN

#

//pki认证域h3c

pki domain h3c

  //CA的名字,可以从后面介绍中获得

  ca identifier win2003

  //证书获取URL,可以从后面介绍获得

  certificate request url http://1.1.1.111//certsrv/mscep/mscep.dll

  //证书获取方式为RA,注册委员会,使用Win2003时必须配置

  certificate request from ra

  //指定注册实体为msr1

  certificate request entity msr1

  //指定注册模式和密钥长度

  certificate request mode auto key-length 1024

  //输入CA证书的指纹,即CA证书的缩略图,可以从后面的介绍中获得

  root-certificate fingerprint sha1 c4cb24743e26d601f23b7618b4e749a1061d9eb0

  //CRL,即证书吊销列表的获取URL

  crl url http://1.1.1.111/certenroll/win2003.crl

#

//建立IKE Peer MSR2

ike peer msr2

 remote-address 1.1.1.2

 local-address 1.1.1.1

 //指定证书域为h3c

 certificate domain h3c

#

//IPSec提议即安全提议

ipsec proposal default

#

//IPSec策略

ipsec policy msr2 1 isakmp

 security acl 3000

 ike-peer msr2

 proposal default

#

//定义安全流量的ACL

acl number 3000

 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255

#

interface Ethernet0/0

 port link-mode route

 ip address 1.1.1.1 255.255.255.0

 //在出接口上绑定IPSec策略

 ipsec policy msr2

#

interface Ethernet0/1

 port link-mode route

 ip address 192.168.1.1 255.255.255.0

#

 //指定访问对方私网的静态路由

 ip route-static 192.168.2.0 255.255.255.0 1.1.1.2

#

MSR2配置

#

//定义IKE提议,序号为1,优先度最高,使用rsa签名方式认证

ike proposal 1

 authentication-method rsa-signature

#

//pki实体msr2

pki entity msr2

  //实体的名字

  common-name msr2

  //所属组织部门,注意与CA保持一致

  organization-unit ts-msr

  //所属组织,与CA保持一致

  organization h3c

  //城市,与CA保持一致

  locality bj

  //所属国家,与CA保持一致,CN表示中国

  country CN

#

//pki认证域h3c

pki domain h3c

  //CA的名字,可以从后面介绍中获得

  ca identifier win2003

  //证书获取URL,可以从后面介绍获得

  certificate request url http://1.1.1.111//certsrv/mscep/mscep.dll

  //证书获取方式为RA,注册委员会,使用Win2003时必须配置

  certificate request from ra

  //指定注册实体为msr2

  certificate request entity msr2

  //指定注册模式和密钥长度

  certificate request mode auto key-length 1024

  //输入CA证书的指纹,即CA证书的缩略图,可以从后面的介绍中获得

  root-certificate fingerprint sha1 c4cb24743e26d601f23b7618b4e749a1061d9eb0

  //CRL,即证书吊销列表的获取URL

  crl url http://1.1.1.111/certenroll/win2003.crl

#

//建立IKE Peer MSR1

ike peer msr1

 remote-address 1.1.1.1

 local-address 1.1.1.2

 //指定证书域为h3c

 certificate domain h3c

#

//IPSec提议即安全提议

ipsec proposal default

#

//IPSec策略

ipsec policy msr1 1 isakmp

 security acl 3000

 ike-peer msr1

 proposal default

#

//定义安全流量的ACL

acl number 3000

 rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

#

interface Ethernet0/0

 port link-mode route

 ip address 1.1.1.2 255.255.255.0

 //在出接口上绑定IPSec策略

 ipsec policy msr1

#

interface Ethernet0/1

 port link-mode route

 ip address 192.168.2.1 255.255.255.0

#

 //指定访问对方私网的静态路由

 ip route-static 192.168.1.0 255.255.255.0 1.1.1.1

#

手工获取证书的操作

//做完上述配置之后,可以通过一些命令来检查证书是否可以正确获取

//第一步,获取CA证书,可以根据提示判断是否正确获得

[MSR2]pki retrieval-certificate ca domain h3c

Retrieving CA/RA certificates. Please wait a while......

Saving CA/RA certificates chain, please wait a moment......

%Dec 20 21:02:08:705 2006 2 PKI/4/Verify_CA_Root_Cert:CA root certificate of the domain h3c is trusted.

CA certificates retrieval success.

[MSR2]

%Dec 20 21:02:08:754 2006 2 PKI/4/Update_CA_Cert:Update CA certificates of the Domain h3c successfully.

%Dec 20 21:02:08:755 2006 2 PKI/4/CA_Cert_Retrieval:Retrieval CA certificates of the domain h3c successfully.

//上述信息提示正确获得CA证书,即根证书,第二步,获取CA签名的本地证书

[MSR2]pki request-certificate domain h3c

Certificate is being requested, please wait......

[MSR2]

Enrolling the local certificate,please wait a while......

Certificate request Successfully!

Saving the local certificate to device......

Done!

 

%Dec 20 21:02:29:02 2006 2 PKI/4/Local_Cert_Request:Request local certificate of the domain h3c successfully.

//上述信息提示本地证书获取成功,第三步,获取CRL,可以检查同一个CA签名的证书是否过期

[MSR2]pki retrieval-crl domain h3c

Connecting to server for retrieving CRL. Please wait a while.....

CRL retrieval success!

[MSR2]

%Dec 20 21:03:59:211 2006 MSR2 PKI/4/Update_CRL:Update CRL of the domain h3c successfully.

%Dec 20 21:03:59:212 2006 MSR2 PKI/4/Retrieval_CRL:Retrieval CRL of the domain h3c successfully.

[MSR2]

//显示CA证书

[MSR2]dis pki cert ca d h3c

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            613E1A31 00000000 0002

        Signature Algorithm: sha1WithRSAEncryption

        Issuer:

            CN=win2003

        Validity

            Not Before: Dec 20 12:08:59 2006 GMT

            Not After : Dec 20 12:18:59 2007 GMT

        Subject:

            C=CN

            ST=bj

            L=bj

            O=h3c

            OU=ts-msr

            CN=win2003

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00C2A4CE C5344632 263595CC 0680FA75

                    26E77572 D06E32F9 E717C20C 6D87A6C1

                    CF1F2C9A 46323DC6 0C72B06E 7B1D8C3E

                    0565EFF7 FEBEA570 F6DE66FF AD1EE75E

                    3E481A80 6A5FE282 CA41FD2B 92814482

                    6FB06093 E880F237 F984AA21 A53E52C8

                    7529C486 58965EB5 DFAEA99D 8A5B338D

                    FCAEAA1F AC1EA4B2 44F77393 E76EE67C

                    D1

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage: critical

            Digital Signature, Non Repudiation

            X509v3 Extended Key Usage:

            1.3.6.1.4.1.311.20.2.1

            1.3.6.1.4.1.311.20.2:

                .,.E.n.r.o.l.l.m.e.n.t.A.g.e.n.t.O.f.f.l.i.n.e

            X509v3 Subject Key Identifier:

            4E5E380E DB22491E 3C5EE3DA FB26ED51 F7DD47F5

            X509v3 Authority Key Identifier:

            keyid:C818C4A6 0A5C766B E7C51760 2789A402 75181ABD

 

            X509v3 CRL Distribution Points:

            URI:http://ts-msr/CertEnroll/win2003.crl

            URI:file://\\ts-msr\CertEnroll\win2003.crl

 

            Authority Information Access:

            CA Issuers - URI:http://ts-msr/CertEnroll/ts-msr_win2003.crt

            CA Issuers - URI:file://\\ts-msr\CertEnroll\ts-msr_win2003.crt

 

    Signature Algorithm: sha1WithRSAEncryption

        6DA0B262 BACC97AA 614CEEED 83300939

        E7C377F5 62F6B9E6 C21965DC D17FC116

        7957E7E5 6FAE97A3 97BD1A65 27ADC066

        92241702 7547DB45 74B5BC65 32CD45A6

        FC1F2D69 EA8F8055 91E48C06 3FC63D58

        18F1F130 37CDFF4B 6DCEC700 9DFAC050

        DF4BF36D 2EA4D4F8 F09726AA 5C24D9D6

        29708256 329BF4ED 69FA7948 E1C1058C

        D45E06FD E05BFE20 C0C01CCB 3146110B

        791B6573 68927EEA FBCA6283 6D2CA93A

        7E32A9E8 E42B49AC 0ACAF60B 85FFBC00

        FC2E427C 25EA55F0 DDE64A3F 06BF8001

        2CC5FBC6 96ED277D 0AF4308B EE06C7DD

        26364063 4D89FAF5 E26B681A 919D5F2D

        F7E8D6F7 BBD9F64D CD3C864B FC538A99

        DED85FA9 9910824A 084BA148 0A1BB899

 

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            613E1BA8 00000000 0003

        Signature Algorithm: sha1WithRSAEncryption

        Issuer:

            CN=win2003

        Validity

            Not Before: Dec 20 12:08:59 2006 GMT

            Not After : Dec 20 12:18:59 2007 GMT

        Subject:

            C=CN

            ST=bj

            L=bj

            O=h3c

            OU=ts-msr

            CN=win2003

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00B8C294 112CDA38 27FE4564 3DDDE52C

                    A428A819 0DF0DD94 7ECD7B74 F596294B

                    1373BA5E 6A324BE4 98978E30 96036AC1

                    2703324E B3D912FC E52DCDB1 24B05001

                    C26B2E08 46FCD00F C4518415 C912AF39

                    311BDE7F 7396AF31 AF9E0642 DB010702

                    E36B954F 5BB881D7 328BEC88 0EA1AA82

                    83900CBC E4E85A9B FE176046 136DF65D

                    FF

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage: critical

            Key Encipherment, Data Encipherment

            S/MIME Capabilities:

....80...+....  0'0

            X509v3 Extended Key Usage:

            1.3.6.1.4.1.311.20.2.1

            1.3.6.1.4.1.311.20.2:

                ...C.E.P.E.n.c.r.y.p.t.i.o.n

            X509v3 Subject Key Identifier:

            6A80370A A194479F 5C083027 A18CA358 BA43FD52

            X509v3 Authority Key Identifier:

            keyid:C818C4A6 0A5C766B E7C51760 2789A402 75181ABD

 

            X509v3 CRL Distribution Points:

            URI:http://ts-msr/CertEnroll/win2003.crl

            URI:file://\\ts-msr\CertEnroll\win2003.crl

 

            Authority Information Access:

            CA Issuers - URI:http://ts-msr/CertEnroll/ts-msr_win2003.crt

            CA Issuers - URI:file://\\ts-msr\CertEnroll\ts-msr_win2003.crt

 

    Signature Algorithm: sha1WithRSAEncryption

        B7E66039 EEFA866A 6C3D937E 0702775B

        49CF1C23 7D3ADD49 FC24AEBB DF525A91

        6898EA6B 0CDF345F 50847975 F73DE485

        3F055FB2 46AC212A 4D903852 5FA16E19

        626FCECE ED0BF5A3 56604253 BFA8F44E

        F7315A5F EE55E2A2 74A343CE A867BEE8

        2216AEFD 49AE27B7 81726DE5 F7D8CAC6

        D4C6A50E 4196058D 3E0D3D76 7BDF7F24

        733F7AFF 0CBA549D D3A15C2F 2E72D41D

        A105DBDF DA1D0093 84A9D124 6F22E8E4

        66763469 9286CD2F 2F54A676 BC41698B

        1C313885 E7A6ECD4 CC7ABE80 9BFAAB29

        23EB26AC AAB7D497 E19F3BBC 2EF1296F

        F7E31C3A 1CE462E6 F8BF881A B6472044

        AF9832A3 EAADDC49 D77AB1E6 87556F81

        FAD6985E 9BCD3A40 2ABB113E 63A8F226

 

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            26F6FBE6 C488F6A9 48165967 DEBF5922

        Signature Algorithm: sha1WithRSAEncryption

        Issuer:

            CN=win2003

        Validity

            Not Before: Dec 20 11:26:56 2006 GMT

            Not After : Dec 20 11:35:50 2011 GMT

        Subject:

            CN=win2003

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (2048 bit)

                Modulus (2048 bit):

                    00B972CC D4E25117 6FB7DC29 A7FAE842

                    2EBB1F4B FCCC7DBC 647C0279 5211E996

                    ECB9480A 40AD9083 49351523 114BDF69

                    5ACA6A53 4DE3BAE8 FF272B2D 34063AD0

                    78AB97EB BB436C8F 2BCEC1A0 AF7B24A2

                    6B20242F 68908441 862463DB 4DB35A7E

                    F27FB7AD 3A005654 1F6BEEAE 0159B1B8

                    1DDA3E2D 55DBAD94 39B20DC6 B4CC796B

                    1D72BC82 40E02532 363D7EB1 180AE197

                    40B76252 81B81A3A 99FC04DF 037D8557

                    0FF1C927 710AB91C A2C0F3F0 0B2CE823

                    4AE52781 F9F81982 506921AD 8BC21828

                    01139AD8 F1BBA955 19181DAD E5718244

                    832172F5 161383E1 31A9C164 BF0ADF6C

                    0F893FF7 093EFE72 204F8800 6BB19C4E

                    F5C3B580 21C91F3C CAD69E75 83C0D9EC

                    2F

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage:

            Digital Signature, Certificate Sign, CRL Sign

            X509v3 Basic Constraints: critical

            CA:TRUE

            X509v3 Subject Key Identifier:

            C818C4A6 0A5C766B E7C51760 2789A402 75181ABD

            X509v3 CRL Distribution Points:

            URI:http://ts-msr/CertEnroll/win2003.crl

            URI:file://\\ts-msr\CertEnroll\win2003.crl

 

            1.3.6.1.4.1.311.21.1:

                ...

    Signature Algorithm: sha1WithRSAEncryption

        9CC1B4CD 4D7ACB43 2853F3BC 0AA9C3A0

        B2EA0D54 FA4005E9 EDF6BE97 D4745A64

        9ADA54E7 37594F14 9C2AD46B 1559CABC

        CD9C4B1F B7E962EC 85BCC642 A09202A6

        C4428D15 E497C690 23568CD5 224B35DE

        2928884C 98CA687A E46B744E 38EE40FF

        6B82C9EE BF3CE970 26C6F3F8 F4A30750

        DD1BA047 98535CFA 43429DFC 2305D6A6

        790CF8D3 45D2B5B2 0C848AC1 E176CE1A

        2DC0FCEB 600CD283 8B13AD0C DFCD61E0

        6CE7010E 0B892551 A78CAEB3 BCF6977C

        7F410520 FD75AD34 A9A21061 13DD4D91

        7495FB9F 326C5FB2 4B5A71B5 1A81A81A

        2A3AAE73 A2132E17 4BDF858D 12C9B3B9

        3228BCE5 040560E4 BC0C4006 2DB479F1

        0E1F2464 BB225BCC 8BAFCD78 E8999DB3

 

//显示CA颁发的本地证书

[MSR2]dis pki cer lo d h3c

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            61608B93 00000000 0005

        Signature Algorithm: sha1WithRSAEncryption

        Issuer:

            CN=win2003

        Validity

            Not Before: Dec 20 12:46:36 2006 GMT

            Not After : Dec 20 12:56:36 2007 GMT

        Subject:

            C=CN

            L=bj

            O=h3c

            OU=ts-msr

            CN=msr2

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

            RSA Public Key: (1024 bit)

                Modulus (1024 bit):

                    00D4EB90 98FB12A7 41A15813 19985CDD

                    7DD83A29 AF0C9D10 9CD94786 C0AAADC5

                    73E5A23B 4CF3BE4D 7A408E5D F55EE37E

                    084586CB 7380528E CBCD06F9 A4BED5D7

                    104AE9B7 FCA53D0E FBE2D180 18AFC129

                    10A357A0 4EAF61C6 7B3158AE D1CF87D7

                    E6EF1F84 7242F29D DC9AADF3 C20A26DC

                    2E49BA05 20B960D2 5AC6D1FD 5A1AC51C

                    85

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Subject Key Identifier:

            6AE6C77D 21727F21 3A1970CF CABAD8F6 5C2820EE

            X509v3 Authority Key Identifier:

            keyid:C818C4A6 0A5C766B E7C51760 2789A402 75181ABD

 

            X509v3 CRL Distribution Points:

            URI:http://ts-msr/CertEnroll/win2003.crl

            URI:file://\\ts-msr\CertEnroll\win2003.crl

 

            Authority Information Access:

            CA Issuers - URI:http://ts-msr/CertEnroll/ts-msr_win2003.crt

            CA Issuers - URI:file://\\ts-msr\CertEnroll\ts-msr_win2003.crt

 

            1.3.6.1.4.1.311.20.2:

                .0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e

    Signature Algorithm: sha1WithRSAEncryption

        B022F111 82AF0DD8 AFECA34C 4C0CB048

        0DCA97C5 B2B532E1 0CB4349B 90051CDE

        C311DE4D 2CA1041A 45A5A984 CDBDA22C

        F6A79EF8 80304616 DDC14A69 F8DF49C4

        B3E9D16B 67AC787E 7325037A 24A55E36

        BCFC67E6 43183057 950542E1 4DA05968

        B33FA3E5 45EF00CE 54FA37A6 DC4AD003

        72171B1B E45727F5 5767EA21 2997823E

        F74A7DDD 7F07D850 40422816 06853709

        C558BA9A FD6F64AA 4B9D6A23 D8BD06B4

        46670EBF B87E9FC3 EDB2A805 D5041C85

        B676D667 9142963B 92025B10 647237BA

        997A183A 7B3A16DC 3A875E41 9A78FCBD

        F7434673 06BD185C 9D6E31F8 F8DD8073

        63A80207 54E1805E BB9D7FAD 40581678

        C2F33F8C 776B8C82 F1755E5F 888E3EDF

 

//显示CRL证书吊销列表

[MSR2]dis pki cr d h3c

Certificate Revocation List (CRL):

        Version 2 (0x1)

        Signature Algorithm: sha1WithRSAEncryption

        Issuer:

            CN=win2003

        Last Update: Dec 20 11:27:13 2006 GMT

        Next Update: Dec 27 23:47:13 2006 GMT

        CRL extensions:

            X509v3 Authority Key Identifier:

            keyid:C818C4A6 0A5C766B E7C51760 2789A402 75181ABD

 

            1.3.6.1.4.1.311.21.1:

                ...

            X509v3 CRL Number:

            1

            1.3.6.1.4.1.311.21.4:

061227113713Z   .

            1.3.6.1.4.1.311.21.14:

                0..0...........ldap:///CN=win2003,CN=ts-msr,CN=CDP,CN=Public%20Key%20Services,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectClass=cRLDistributionPoint

No Revoked Certificates.

    Signature Algorithm: sha1WithRSAEncryption

        9BF1D1AA 74562C8D D79D6A02 9E60FDE3

        F53476A1 9D6E2E0F 226958A8 93D14D7A

        9F030116 C0E93C62 EAA175B6 1DDBE9EA

        10A8A686 88FC6A93 247C35B9 78B862A8

        BFCA1CCC 053350C6 EA506D1A 75147A7D

        66841328 50B2EAA9 46915962 134BF910

        751AC201 8C3C0D95 4FEB57EA A90F70BC

        F4B9BB9E F349E067 008FD44B A1C574DD

        F886AB92 D0B43FAE 7AABA40C FE87088D

        7B8B3882 6ECAA1B2 DDE9082A A5499720

        CC68352E 29E14B27 131FEE59 3BF9D55F

        C49231FC 20E3170B 388969F1 63C25295

        4CC8F437 2F6FC8AE 0B78E0BB 76E14E81

        D80621F6 0834BC32 AA05F6A9 64E2D307

        04E09DDF 4830457F 21755B30 557A6080

        4A3DD73A 9132BCF7 4FCCF25A D04F9EBF

Win2003CA服务器的架设

1、安装CA服务器,选择左边的添加/删除Windows组件(A

2、在Windows组件向导中选择证书服务,把勾选上,然后点击下一步

3、出现提示框,选择“是”

4、选择独立根CA,然后点击下一步

5、输入CA的标识,这里使用win2003

6、证书数据库设置使用默认设置,点击下一步完成安装,注意:保证可以找到Win2003的安装盘或文件(安装文件的i386文件夹)

7、安装SCEP,可以从微软官方网站下载cepsetup.exeSCEPSimple Certificate Enrollment Protocol)是路由器用于获取证书的协议,默认Win2003是没有安装该协议的。

8、上图选择Yes后,点击下一步

9、把“Require SCEP Challenge Phrase to Enroll”复选框取消选后点击下一步

10、输入RA的信息,这里的信息和路由器申请证书时的信息相关,所以注意填写,如NameCompanyDepartmentCityCountry等。

11、上面填写完毕后,点击下一步就完成了

12、上图点击完成后,提示你证书申请的URL,即pki domain h3c中配置的certificate request url http://1.1.1.111//certsrv/mscep/mscep.dll,只是将“http://ts-msr”换成IP地址了

13、下面进入控制面板,选择管理工具

14、选择证书颁发机构

15、在win2003上点击右键,选择属性

16、把属性页面切换到“策略模块”,再选择属性

17、选择“如果可以的话……”,选择确定

18、系统提示重启证书服务

19、在桌面“我的电脑”右键选择管理

20、在目录树中选择服务和应用程序中的服务页面

21、在右边页面选择“Certificate Services”,点击右键选择重启,Win2003证书服务配置完毕

22、接15,在常规选项中,点击查看证书,获得RA的名字信息,用于路由器申请时指定RA的名字等信息

23、可以查看使用者是win2003,即pki domain h3c中配置的ca identifier win2003

24、可以获得微缩图算法和微缩图,就是路由器PKI Domain h3c中的root-certificate fingerprint

 

四、配置关键点

1) Win2003上的图形化配置远比路由器命令行配置复杂,需要耐心;

2) 可以参考《中低端路由器典型配置实例》中相关配置;

3) 路由器配置需要与服务器保持一致。*

X Close
X Close