2管理Cisco设备.ppt

第二章第二章 交换机和路由器简单配置交换机和路由器简单配置配置方式配置方式EXEC模式模式用户模式用户模式•对交换机和路由器的有限操作对交换机和路由器的有限操作•命令提示符为命令提示符为 主机名主机名>主要有两个命令模式提供命令键入主要有两个命令模式提供命令键入.模式一模式一:EXEC模式模式 (续续)特权特权(或或enabled)模式模式•对交换机和路由器更深入的操作对交换机和路由器更深入的操作•有配置和监视权力有配置和监视权力•是进入其它配置模式的前提是进入其它配置模式的前提•命令提示符为命令提示符为 主机名主机名#模式二模式二 (也是最常用的模式也是最常用的模式):Catalyst 2950 Switch启动界面启动界面 --- System Configuration Dialog --- At any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[ ]'.Continue with configuration dialog? [yes/no]: yesEnter IP address: ip_addressEnter IP netmask: ip_netmaskWould you like to enter a default gateway address? [yes]: yesIP address of the default gateway: ip_addressEnter a host name: host_nameEnter enable secret: secret_passwordWould you like to configure a Telnet password? [yes] yesEnter Telnet password: telnet_passwordWould you like to enable as a cluster command switch? noEnter cluster name: cls_nameLogging In to the Switch and Entering the Enable PasswordConfiguration Modes:•Global configuration mode –wg_sw_a#configure terminal–wg_sw_a(config)#•Interface configuration mode–wg_sw_a(config)#interface e0/1–wg_sw_a(config-if)#Configuring the Switch•Sets the local identity for the switchConfiguring Switch Identification配置交换机的管理配置交换机的管理IP地址地址SW2950(config)#interface vlan 1SW2950(config-if)#ip address 10.1.1.1 255.255.255.0SW2950(config-if)#no shutdown配置交换机的网关配置交换机的网关Switch(config)#ip default-gateway {ip address}例如:SW2950(config)#ip default-gateway 10.1.1.254Configuring the Switch IP AddressShowing Switch Initial Startup Statuswg_sw_a#show version •Displays the configuration of the system hardware, software version, names and sources of configuration files, and boot images wg_sw_a#show running-configuration •Displays the switch’s current active configuration filewg_sw_a#show interfaces•Displays statistics for all interfaces configured on the switchSwitch show version Commandsw2950#show versionCisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Tue 02-Sep-03 03:33 by antoninoImage text-base: 0x80010000, data-base: 0x805C0000ROM: Bootstrap program is CALHOUN boot loadersw2950 uptime is 1 minuteSystem returned to ROM by power-onSystem image "flash:/c2950-i6q4l2-mz.121-14.EA1a.bin"cisco WS-C2950-24 (RC32300) processor with 20710K bytes of memory.Last reset from system-resetRunning Standard Image24 FastEthernet/IEEE 802.3 interface(s)32K bytes of flash-simulated non-volatile configuration memory.Base ethernet MAC Address: 00:0F:72:DB:4E:C0Motherboard serial number: FOC0813Y1H6Configuration register is 0xFsw2950#show interfaces fastEthernet 0/1FastEthernet0/1 is down, line protocol is down (notconnect) Hardware is Fast Ethernet, address is 000f.72db.4ec1 (bia 000f.72db.4ec1) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:14:53, output hang never--More--Switch show interfaces Command路由器的简单配置－路由器的简单配置－任何时侯按任何时侯按Ctrl+C推出对话模式推出对话模式Router#setup --- System Configuration Dialog ---Continue with configuration dialog? [yes/no]: yesAt any point you may enter a question mark '?' for help.Use ctrl-c to abort configuration dialog at any prompt.Default settings are in square brackets '[]'.Basic management setup configures only enough connectivityfor management of the system, extended setup will ask youto configure each interface on the systemWould you like to enter basic management setup? [yes/no]: no出厂时的缺省配置出厂时的缺省配置Setup Interface SummaryFirst, would you like to see the current interface summary? [yes]:InterfaceIP-AddressOK?Method Status ProtocolBRI0unassignedYES unset administratively down downBRI0:1unassignedYES unset administratively down downBRI0:2unassignedYES unset administratively down downEthernet0unassignedYES unset administratively down downSerial0unassignedYES unset administratively down downInterfaces Found During StartupSetup Initial Global ParametersConfiguring global parameters: Enter host name [Router]:wg_ro_c The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: cisco The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: sanfran The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: sanjose Configure SNMP Network Management? [no]:Setup Initial Protocol Configurations Configure LAT? [yes]: no Configure AppleTalk? [no]: Configure DECnet? [no]: Configure IP? [yes]: Configure IGRP routing? [yes]: no Configure RIP routing? [no]: Configure CLNS? [no]: Configure IPX? [no]: Configure Vines? [no]: Configure XNS? [no]: Configure Apollo? [no]:Setup Interface ParametersBRI interface needs isdn switch-type to be configured Valid switch types are : [0] none..........Only if you don't want to configure BRI. [1] basic-1tr6....1TR6 switch type for Germany[2] basic-5ess....AT&T 5ESS switch type for the US/Canada[3] basic-dms100..Northern DMS-100 switch type for US/Canada [4] basic-net3....NET3 switch type for UK and Europe[5] basic-ni......National ISDN switch type[6] basic-ts013...TS013 switch type for Australia[7] ntt...........NTT switch type for Japan[8] vn3...........VN3 and VN4 switch types for France Choose ISDN BRI Switch Type [2]:Configuring interface parameters:Do you want to configure BRI0 (BRI d-channel) interface? [no]:Do you want to configure Ethernet0 interface? [no]: yes Configure IP on this interface? [no]: yes IP address for this interface: 10.1.1.33 Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24Do you want to configure Serial0 interface? [no]:Setup Script Review and UseThe following configuration command script was created:hostname Routerenable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0enable password sanfranline vty 0 4password sanjoseno snmp-server!no appletalk routingno decnet routingip routingno clns routingno ipx routingno vines routingno xns routingno apollo routingisdn switch-type basic-5essinterface BRI0shutdownno ip address!interface Ethernet0no shutdownip address 10.1.1.31 255.255.255.0no mop enabled!interface Serial0shutdownno ip addressend[0] Go to the IOS command prompt without saving this config.[1] Return back to the setup without saving this config.[2] Save this configuration to nvram and exit.Enter your selection [2]:Logging In to the Router•You can abbreviate a command to the fewest characters that make a unique character string.Router User-Mode Command Listwg_ro_c>?Exec commands: access-enable Create a temporary Access-List entry atmsig Execute Atm Signalling Commands cd Change current device clear Reset functions connect Open a terminal connection dir List files on given device disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC-- More --wg_ro_c#?Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-pro interface access-template Create a temporary Access-List entry bfe For manual emergency modes setting cd Change current directory clear Reset functions clock Manage the system clock configure Enter configuration mode connect Open a terminal connection copy Copy from one another debug Debugging functions (see also 'undebug') delete Delete a file dir List files on a disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands erase Erase a exit Exit from the EXEC help Description of the interactive help system-- More --•You can complete a command string by entering the unique character string, then pressing the Tab key.Router Privileged-Mode Command List帮助机制帮助机制上下文关联帮助上下文关联帮助错误信息提示错误信息提示指出所输入交换机命令的错误所指出所输入交换机命令的错误所在，以便于修改或纠正在，以便于修改或纠正.可以重新调出以前运行过的命令，可以重新调出以前运行过的命令，用来再次运行、查看或修改用来再次运行、查看或修改. 之前命令保存区之前命令保存区提供命令清单和与特定命令提供命令清单和与特定命令相关联的参数相关联的参数. 路由上下文帮助路由上下文帮助Router# clokTranslating "CLOK"% Unknown command or computer name, or unable to find computer addressRouter# clear clockRouter# % Incomplete command.Router# set Set the time and dateRouter# % Incomplete command.Router# hh:mm:ss Current TimeRouter# clock set 19:56:00% Incomplete command.Router# clock set 19:56:00 ?<1-31> Day of the monthMONTH Month of the yearRouter# clock set 19:56:00 04 8 ^% Invalid input detected at the '^' markerRouter# clock set 19:56:00 04 August% Incomplete command.Router# clock set 19:56:00 04 August ?<1993-2035> Year•Command Prompting•Syntax Checking•Command Promptingshow version Commandwg_ro_a#show versionCisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Mon 08-Feb-99 18:18 by phanguyeImage text-base: 0x03050C84, data-base: 0x00001000ROM: System Bootstrap, Version 11.0(10c), SOFTWAREBOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1)wg_ro_a uptime is 20 minutesSystem restarted by reloadSystem image "flash:c2500-js-l_120-3.bin"(output omitted)--More--Configuration register is 0x2102(一行中长字串会自动滚卷一行中长字串会自动滚卷).光标移动到命令行的开始位置光标移动到命令行的开始位置.光标移动到命令行的结束位置光标移动到命令行的结束位置.回移一个单词回移一个单词下移一个字符下移一个字符.回移一个字符回移一个字符.下移一个单词下移一个单词使用增强的编辑命令使用增强的编辑命令删除当前字符删除当前字符Router>$ value for customers, employees, and partners.Ctrl-P or Up arrow调出最近调出最近(前一前一)使用过的命令使用过的命令Ctrl-N or Down arrow调出更近使用过的命令调出更近使用过的命令Router> show history显示命令保存区内容显示命令保存区内容Router> terminal history size lines 设置命令缓冲区大小设置命令缓冲区大小查看之前用过的命令查看之前用过的命令Viewing the Configurationshow running-config and show startup-config Commandswg_ro_c#show startup-configUsing 1359 out of 32762 bytes!version 12.0!-- More --wg_ro_c#show running-configBuilding configuration...Current configuration:!version 12.0!-- More --In NVRAMIn RAM•Displays the current and saved configurationOverview of Router Modes基本实验操作基本实验操作Wisdom>enableWisdom#configure terminal Wisdom(config)#no ip domain-lookup Wisdom(config)#line console 0Wisdom(config-line)#logging synchronous Wisdom(config-line)#no exec-timeout Wisdom(config-line)#password ciscoWisdom(config-line)#loginWisdom(config-line)#exitWisdom(config)#line vty 0 4Wisdom(config-line)#logging synchronous Wisdom(config-line)#no exec-timeout Wisdom(config-line)#password ciscoWisdom(config-line)#loginWisdom(config-line)#endWisdom#configure terminalWisdom(config)#enable secret ciscoWisdom(config)#endWisdom#service password-encryption //手工加密手工加密,不再显示明文密码不再显示明文密码保存配置保存配置wg_ro_c#wg_ro_c#copy running-config startup-configDestination [startup-config]?Building configuration…wg_ro_c#•Copies the current configuration to NVRAM保存命令保存命令Copy running-config startup-config=write•Sets the local identity or message for the accessed router or interface配置路由器主机名等参数配置路由器主机名等参数配置路由器的密码配置路由器的密码两条常用的命令两条常用的命令Router(config)#line console 0Router(config-line)#exec-timeout 0 0 Router(config)#line console 0Router(config-line)#logging synchronous•阻止会话退出阻止会话退出•使光标还原到原来的位置，重新显示被覆盖的命里使光标还原到原来的位置，重新显示被覆盖的命里•Unique addressing allows communication between end stations.•Path choice is based on destination address.Location is represented by an addressIP地址规划地址规划主机通信对主机通信对IP地址的要求地址的要求1、网络中、网络中IP地址必须唯一地址必须唯一2、在一个交换网络中主机必须有相同的网络号才能通信、在一个交换网络中主机必须有相同的网络号才能通信3、在不同的交换网络中（用路由器分开的网络），主机不能有相同的网络号、在不同的交换网络中（用路由器分开的网络），主机不能有相同的网络号IP寻址寻址IP 地址分类地址分类不带子网的不带子网的IP寻址寻址带子网的带子网的IP寻址寻址(这里的子网掩码为这里的子网掩码为24位位)子网地址子网地址子网掩码子网掩码二进制子网掩码二进制子网掩码－子网掩码只能有这－子网掩码只能有这9个数字个数字•Subnets not in use—the default没有子网的子网掩码－缺省子网掩码没有子网的子网掩码－缺省子网掩码•Network number extended by eight bits有子网的子网掩码有子网的子网掩码有子网的子网掩码有子网的子网掩码 (续续)•Network number extended by ten bits划分子网的几个捷径划分子网的几个捷径: :1.你所选择的子网掩码将会产生多少个子网?:2的x次方-2(x代表掩码位,即2进制为1的部分)2.每个子网能有多少主机?: 2的y次方-2(y代表主机位,即2进制为0的部分)3.有效子网是?:有效子网号=256-10进制的子网掩码4.每个子网的广播地址是?:广播地址=下个子网号-15.每个子网的有效主机分别是?:忽略子网内全为0和全为1的地址剩下的就是有效主机地址.最后有效1个主机地址=下个子网号-2(即广播地址-1)子网划分子网划分子网划分子网划分Other subnets220.160.1.0220.160.1.32220.160.1.64申请到一段C类地址220.160.1.0，将这段地址分配给网络中的主机，要求有5个子网，每个子网最少有20台主机，地址分配的步骤：1、确定网络的主机位n，利用32-n算出网络位，然后算出子网掩码2、根据子网掩码，确定每段IP地址的范围配置路由器配置路由器IP地址地址wg_ro_c#configure terminalwg_ro_c(config)#interface ethernet 0wg_ro_c(config-if)#ip address 192.168.1.1 255.255.255.0wg_ro_c(config-if)#no shutdownwg_ro_c(config-if)#exitshow interfacesRouter#show interfacesEthernet0 is up, line protocol is up Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f) Internet address is 10.1.1.11/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:07, output 00:00:08, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 81833 packets input, 27556491 bytes, 0 no buffer Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort 0 input packets with dribble condition detected 55794 packets output, 3929696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 4 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers s out接口的几种状态接口的几种状态－诊断的步骤－诊断的步骤检查串口检查串口Router#show interface serial 0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.4.2/24 MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:09, output 00:00:04, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec(output omitted) BW 64 Kbit,检查检查串行线串行线是否连接好是否连接好Router#show controller serial 0HD unit 0, idb = 0x121C04, driver structure at 0x127078buffer size 1524 HD unit 0, V.35 DTE cable...•Shows the cable type of serial cablesV.35 DTE Cable。