>Enable (User --> Privileged)
#Disable (Privileged --> User)
#config terminal (Privileged --> Globel)
(config)#Interface ethernet 0/0 (global --> Interface)
(config-if)#exit (Interface --> Global)
(config)#router rip (Global -->Router)
(config-router)#end (router --> Privileged)
#config terminal (Privileged --> Global)
(config)#Line console 0 (Global --> Line)
(config-Line)#Ctrl + Z (line --> privileged)
基本指令:
show version :檢查版本
show processes
show protocols
show mem
show ip route
show startup-config
show running-config:查運作中的設定檔
show hardware
show flash :檢查IOS
show interfaces :查設備介面的狀態
show ip sockets :看到目前 Router 開了哪些埠
show tcp brief all :看到目前的連線狀態
show ip interface brief :看介面有無啟動
show ip cache flow :查看有無異常連線
show proc cpu :看Router 的cpu loading
若有以下面一行,則切子網(subnet)不用去頭尾兩段:
ip subnet-zero
若是並子網(supnet),則沒去頭尾兩段的問題
計算IP的Bid、Nid
題目1: 198.75.39.101 / 30 解: 1. 32-30 = 2
4. 2*25 = 100 Network ID = 198.75.39.100 Broadcast ID = 198.75.39.103 ================================ 題目2: 198.75.39.101 / 20 解: 1. 24-20 = 4
4. 16*2 = 32 Network ID = 198.75.32.0 Broadcast ID = 198.75.47.255 ================================ 題目3: 198.75.39.101 / 13 解: 1. 16-13 = 3
4. 8*9 = 72 Network ID = 198.72.0.0 Broadcast ID = 198.79.255.255
Spanning Tree Path Cost
Spanning Tree Path Cost -
Link Speed - Cost(IEEE'03)[Cost(IEEE'98)]
10Gbps - 2(1)
1Gbps - 4(1)
100Mbps - 19(10)
10Mbps - 100(100)
port-security sticky指令
Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface range fastEthernet 0/1 -24 Switch(config-if-range)#switchport port-security mac-address sticky Switch(config-if-range)#^Z
.切VLAN練習一
定vlan 1 為port 1 到 13
定名稱vlan66為port 14 到 24
config)#vlan 88
config-vlan vlan88
config)#int range fast 0/14 - 24
config-if-range)#switchport access vlan88
取消vlan 88
config)#no vlan88
只有vlan 1 能設ip
config)#int vlan 1
config-if)#ip address 192.168.1.1 255.255.255.0
config-if)#no shutdown
為switch 設gateway
config)#ip default-gateway 192.168.1.254
Cisco Switch 3500 XL
建立VLAN 2 及名字取為Lan002
#vlan database
(vlan)#vlan 2 name Lan002
把port 5、6、7、8 assign 給vlan 2
config)#interface GigabitEthernet 0/5
config-if)#switchport access vlan 2
config-if)#exit
config)#interface GigabitEthernet 0/6
config-if)#switchport access vlan 2
config-if)#exit
config)#interface GigabitEthernet 0/7
config-if)#switchport access vlan 2
config-if)#exit
config)#interface GigabitEthernet 0/8
config-if)#switchport access vlan 2
config-if)#exit
config)#exit.切VLAN練習範例二
1.Create VLan 10/20 於sw 1/2 sw1#config terminal (config)#vlan 10 (config-vlan)#interface fastethernet 0/5 (config-if)#switchport access vlan 10 sw2#config terminal (config)#vlan 20 (config-vlan)#interface fastethernet 0/5 (config-if)#switchport access vlan 20 2.show vlan 2.1.設定sw1 Fa0/1 為Trunk: (conifg)#interface fastethernet 0/1 (config-if)#switchport mode trunk 2.2. sw1、sw2之fa0/11 應設為Trunk (config)#interface fastethernet 0/11 (config-if)#switchport mode trunk 3.設定sw1 、sw2、pc1、pc2 的IP、gateway 3.1.sw1、sw2 要設定default gateway: (config)#ip default-gateway 192.168.1.1 4.Config Router (R1) #config terminal (config)#interface fastethernet 0/0 (config-if)#no shutdown (config-subif)#interface fastethernet 0/0.1 (config-subif)#encapsulation dot1q 1 (config-subif)#ip address 192.168.1.1 255.255.255.0 (config-subif)#interface fastethernet 0/0.10 (config-subif)#encapsulation dot1q 10 (config-subif)#ip address 192.168.10.1 255.255.255.0 若有此行,則切子網(subnet)不用去頭尾兩段: ip subnet-zero
若是並子網(supnet),則沒去頭尾兩段的問題 (config-subif)#interface fastethernet 0/0.20 (config-subif)#encapsulation dot1q 20 (config-subif)#ip address 192.168.20.1 255.255.255.0 5.注意switch 1、2有無交換vlan 資訊,若無,會有問題 6.Ping
pc1 --> pc2 sw1 --> sw2 pc1 --> R1
=======================================================
切VLAN練習三
Ex1: SW_1#vlan database 開創兩個vlan 並定義名字為Accounting、Marketing SW_1(vlan)#vlan 2 name Accounting Name: Accounting SW_1(vlan)#vlan 3 name Marketing Name: Marketing 刪除VLAN SW_1(vlan)#no vlan 2 SW_1(vlan)#no vlan 3 Ex2:指派port 10到20給 vlan 250 Cisco4500E#config t Cisco4500E(config)#vlan 250 Cisco4500E(config-vlan)#int range gi1/10 -20 Cisco4500E(config-if-range)#switchport access vlan 250 Cisco4500E(config-if-range)#switchport mode access Cisco4500E(config-if-range)#exit Cisco4500E(config)#exit
.VLAN 練習四
Vlan練的範例檔
1.清除Switch 、Router 的設定 #delete flash:vlan.dat #erase startup-config #reload #1.1 sw1(config)#int fa 0/5 sw1(config-if)#switchport node trunk sw1(config)#int fa 0/1 sw1(config-if)#switchport mode trunk #2.設定VLAN sw1(config)#vtp mode server sw1(config)#vtp domain PCCU sw2(config)#vtp mode client sw2(config)#vtp domain PCCU #3.新增vlan 10及20 SW1(config)#vlan 10 SW1(config)#end SW2(config)#vlan 20 (可以create嗎 ? why?---> client 不可create vlan) #4.於sw1及sw2 :show vlan #5.設定 fa0/3 vlan #SW1: SW1(config)#int fa 0/3 SW1(config-if)#switchport access vlan 10 SW2: SW2(config)#int fa 0/3 SW2(config-if)#switchport access vlan 20 6.config router 01 #config t R1(config)#int fa 0/0 R1(config-if)#no shutdown ============================ 第一組才設… R1(config)#int fa 0/0.1 R1(config-if)#encap dot1q 1 R1(config-if)#ip addr 10.1.1.254 255.255.255.0 R1(config)#int fa 0/0.10 R1(config-if)#encap dot1q 10 R1(config-if)#ip addr 10.10.10.254 255.255.255.0 R1(config)#int fa 0/0.20 R1(config-if)#encap dot1q 20 R1(config-if)#ip addr 10.20.20.254 255.255.255.0 7.pc1 ping pc2 sw1 ping sw2 註:sw-01、sw-02 的default gateway 要設core_switch(10.1.1.2)
=======================================================
Router RIP練習範例一
R1的設定 Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#no ip domain-lookup R1(config)#int fastEthernet 0/0 R1(config-if)#ip address 192.168.1.254 255.255.255.0 R1(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up R1(config-if)#int serial R1(config-if)#exit R1(config)#int serial 0/0 R1(config-if)#ip address 192.168.2.1 255.255.255.0 R1(config-if)#no shutdown %LINK-5-CHANGED: Interface Serial0/0, changed state to down R1(config-if)#clock rate 128000 R1(config-if)#exit R1(config)#router rip R1(config-router)#network 192.168.1.0 R1(config-router)#network 192.168.2.0 R1(config-router)#passive-interface fastEthernet 0/0 R1(config-router)#^Z %SYS-5-CONFIG_I: Configured from console by console R2的設定 Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R2 R2(config)#no ip domain-lookup R2(config)#int fastEthernet 0/0 R2(config-if)#ip address 192.168.3.254 255.255.255.0 R2(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up R2(config-if)#end R2(config)#int serial 0/0 R2(config-if)#ip address 192.168.2.2 255.255.255.0 R2(config-if)#no shutdown %LINK-5-CHANGED: Interface Serial0/0, changed state to down R2(config-if)#exit R2(config)#int serial 0/1 R2(config-if)#ip address 192.168.4.2 255.255.255.0 R2(config-if)#no shutdown %LINK-5-CHANGED: Interface Serial0/1, changed state to down R2(config-if)#router rip R2(config-router)#network 192.168.2.0 R2(config-router)#network 192.168.3.0 R2(config-router)#network 192.168.4.0 R2(config-router)#passive-interface fastEthernet 0/0 R2(config-router)#exit R2(config)# R3的設定 Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R3 R3(config)#no ip domain-lookup R3(config)#int fastEthernet 0/0 R3(config-if)#ip address 192.168.5.254 255.255.255.0 R3(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up R3(config-if)#exit R3(config)#int serial 0/0 R3(config-if)#ip address 192.168.4.1 255.255.255.0 R3(config-if)#no shutdown %LINK-5-CHANGED: Interface Serial0/0, changed state to down R3(config-if)#clock rate 128000 R3(config-if)#exit R3(config)#router rip R3(config-router)#network 192.168.4.0 R3(config-router)#network 192.168.5.0 R3(config-router)#passive-interface fastEthernet 0/0 R3(config-router)#^Z %SYS-5-CONFIG_I: Configured from console by console 測試: show ip rouer 在R1: Interface FastEthernet 0/0 ip access-group 101 in access-list 101 deny icmp host 192.168.1.2 host 192.168.5.1 access-list 101 permit ip any any
網路規劃練習
如圖中 Lan1及Lan2 各需50台電腦,Lan3及Lan4各
需20台電腦,Lan5、Lan6各需12台電腦
請以 192.168.1.0 / 24 做子網路切割,分配給圖中九個網段 每個switch後各拉出一個電腦,IP使用該網段中第一個可用IP
FastEthernet 介面使用每個網段的最後一個可用IP
再加上靜態路由,如附檔
靜態路由設定如下: HQ: ip route 192.168.1.128 255.255.255.224 Serial0/0/0 ip route 192.168.1.160 255.255.255.224 Serial0/0/0 ip route 192.168.1.192 255.255.255.240 Serial0/0/1 ip route 192.168.1.208 255.255.255.240 Serial0/0/1 指令說明: 若想往 192.168.1.128/224 網段須往HQ的Serial 0/0/0 介面出去 若想往 192.168.1.160/224 網段須往HQ的Serial 0/0/0 介面出去 若想往 192.168.1.192/240 網段須往HQ的Serial 0/0/1 介面出去 若想往 192.168.1.208/240 網段須往HQ的Serial 0/0/1 介面出去 Br1: ip route 192.168.1.0 255.255.255.192 192.168.1.225 ip route 192.168.1.64 255.255.255.192 192.168.1.225 ip route 192.168.1.192 255.255.255.240 192.168.1.230 ip route 192.168.1.208 255.255.255.240 192.168.1.230 指令說明: 若想往 192.168.1.0 /192 網段,Gateway設為HQ的S0/0/0的IP 若想往 192.168.1.64 /192 網段,Gateway設為HQ的S0/0/0的IP 若想往 192.168.1.192/240 網段,Gateway設為Br2的S0/0/1的IP 若想往 192.168.1.208/240 網段,Gateway設為Br2的S0/0/1的IP Br2: ip route 192.168.1.0 255.255.255.192 192.168.1.234 ip route 192.168.1.64 255.255.255.192 192.168.1.234 ip route 192.168.1.128 255.255.255.224 192.168.1.229 ip route 192.168.1.160 255.255.255.224 192.168.1.229 指令說明: 若想往 192.168.1.0 /192 網段,Gateway設為HQ的S0/0/0的IP 若想往 192.168.1.64 /192 網段,Gateway設為HQ的S0/0/0的IP 若想往 192.168.1.128/224 網段,Gateway設為Br2的S0/0/1的IP 若想往 192.168.1.160/224 網段,Gateway設為Br2的S0/0/1的IP
HQ 的show ip route :
HQ#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 8 subnets, 4 masks
C 192.168.1.0/26 is directly connected, FastEthernet0/0
C 192.168.1.64/26 is directly connected, FastEthernet0/1
S 192.168.1.128/27 is directly connected, Serial0/0/0
S 192.168.1.160/27 is directly connected, Serial0/0/0
S 192.168.1.192/28 is directly connected, Serial0/0/1
S 192.168.1.208/28 is directly connected, Serial0/0/1
C 192.168.1.224/30 is directly connected, Serial0/0/0
C 192.168.1.232/30 is directly connected, Serial0/0/1
RIP 不支援子網路切割
OSPF設定及練習設定檔案連結
HQ的route ospf設定 router ospf 1 network 192.168.1.0 0.0.0.63 area 0 network 192.168.1.64 0.0.0.63 area 0 network 192.168.1.224 0.0.0.3 area 0 network 192.168.1.232 0.0.0.3 area 0 Br1的route ospf設定 router ospf 1 network 192.168.1.128 0.0.0.31 area 0 network 192.168.1.160 0.0.0.31 area 0 network 192.168.1.224 0.0.0.3 area 0 network 192.168.1.232 0.0.0.3 area 0 Br2的route ospf設定 router ospf 1 network 192.168.1.192 0.0.0.15 area 0 network 192.168.1.208 0.0.0.15 area 0 network 192.168.1.228 0.0.0.3 area 0 network 192.168.1.232 0.0.0.3 area 0
OSPF 遮照寫法 (祥細的看最下方)
| /24 | 255.255.255.0 | 0.0.0.255 |
| /25 | 255.255.255.128 | 0.0.0.127 |
| /26 | 255.255.255.192 | 0.0.0.63 |
| /27 | 255.255.255.224 | 0.0.0.31 |
| /27 | 255.255.255.240 | 0.0.0.15 |
| /28 | 255.255.255.248 | 0.0.0.7 |
| /29 | 255.255.255.252 | 0.0.0.3 |
HQ 的show ip route :
HQ#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia -
IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 9 subnets, 4 masks
C 192.168.1.0/26 is directly connected, FastEthernet0/0
C 192.168.1.64/26 is directly connected, FastEthernet0/1
O 192.168.1.128/27 [110/65] via 192.168.1.226, 00:10:03, Serial0/0/0
O 192.168.1.160/27 [110/65] via 192.168.1.226, 00:10:03, Serial0/0/0
O 192.168.1.192/28 [110/65] via 192.168.1.233, 00:02:43, Serial0/0/1
O 192.168.1.208/28 [110/65] via 192.168.1.233, 00:02:43, Serial0/0/1
C 192.168.1.224/30 is directly connected, Serial0/0/0
O 192.168.1.228/30 [110/128] via 192.168.1.226, 00:10:03, Serial0/0/0
[110/128] via 192.168.1.233, 00:02:43, Serial0/0/1
C 192.168.1.232/30 is directly connected, Serial0/0/1
HQ#
Eigrp設定及練習設定檔案連結
HQ的route eigrp設定 router eigrp 1 network 192.168.1.0 0.0.0.63 network 192.168.1.64 0.0.0.63 network 192.168.1.224 0.0.0.3 network 192.168.1.232 0.0.0.3 Br1的route ospf設定 router ospf 1 network 192.168.1.128 0.0.0.31 network 192.168.1.160 0.0.0.31 network 192.168.1.224 0.0.0.3 network 192.168.1.232 0.0.0.3 Br2的route ospf設定 router ospf 1 network 192.168.1.192 0.0.0.15 network 192.168.1.208 0.0.0.15 network 192.168.1.228 0.0.0.3 network 192.168.1.232 0.0.0.3
OSPF 遮照寫法:類似 OSPF
HQ 的show ip route :
HQ#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia -
IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 9 subnets, 4 masks
C 192.168.1.0/26 is directly connected, FastEthernet0/0
C 192.168.1.64/26 is directly connected, FastEthernet0/1
D 192.168.1.128/27 [90/2172416] via 192.168.1.226, 00:20:40, Serial0/0/0
D 192.168.1.160/27 [90/2172416] via 192.168.1.226, 00:20:40, Serial0/0/0
D 192.168.1.192/28 [90/2172416] via 192.168.1.233, 00:17:33, Serial0/0/1
D 192.168.1.208/28 [90/2172416] via 192.168.1.233, 00:17:33, Serial0/0/1
C 192.168.1.224/30 is directly connected, Serial0/0/0
D 192.168.1.228/30 [90/2681856] via 192.168.1.226, 00:20:15, Serial0/0/0
[90/2681856] via 192.168.1.233, 00:17:10, Serial0/0/1
C 192.168.1.232/30 is directly connected, Serial0/0/1=======================================================
HQ#sh ip protocols
Routing Protocol is "eigrp 1 "
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
Automatic network summarization is in effect
Automatic address summarization:
Maximum path: 4
Routing for Networks:
192.168.1.0/26
192.168.1.64/26
192.168.1.224/30
192.168.1.232/30
Routing Information Sources:
Gateway Distance Last Update
192.168.1.226 90 912906
192.168.1.233 90 1101047
Distance: internal 90 external 170
HQ#
=======================================================
NAT 練習1
設定R1的S0/0 NAT成 23.1.1.10 去Ping R3 的loopback IP
| R1: | S0/0: 192.168.1.1 /24 GateWay: 192.168.1.254 |
| R2: | S0/0: 192.168.1.254 /24 S0/1: 23.1.1.1 /24 GateWay: 23.1.1.2 |
| R3: | S0/0: 23.1.1.2 /24 Loopback: 202.1.1.1 |
R1設定 hostname R1 interface Serial0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside clock rate 128000 ip route 0.0.0.0 0.0.0.0 192.168.1.254 R2設定: hostname R2 interface Serial0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside clock rate 128000 interface Serial0/1 ip address 23.1.1.1 255.255.255.0 ip nat outside clock rate 128000 ip nat inside source static 192.168.1.1 23.1.1.10 ip route 0.0.0.0 0.0.0.0 23.1.1.2 R3設定 hostname R3 interface Loopback1 ip address 202.1.1.1 255.255.255.0 interface Serial0/0 ip address 23.1.1.2 255.255.255.0
===============================================
設定Router名字:
Router(config)#hostname Router01
.清除Cisco switch 的組態
#erase startup-config
#delete vlan.dat
#reload
停用名稱解析:(config)#no ip domain-lookup
設定Privileged mode(enable mode)密碼:
config)#enable secret cisco (有加密)
config)#enable password cisco (無加密)
(此兩行不能同時設定)
若使用enable password 設定密碼,事後可用下一
行來做密碼加密
config)#service password-encryption
設定時區
必須先設定間區,才能設定時間
config)#clock timezone 8
config)#
介面定IP後,要下:
config-if)#no shutdown
設定Console 密碼:
設定console 的密碼為cisco
config)#line console 0
config-if)#password cisco
config-if)#login
.設定Telnet 密碼為cisco
config)#line vty 0 4
config-if)#password cisco
config-if)#login
設定log 訊息不干擾
config-line)#logging synchronous
設定若30分不動作,則自動登出
config-line)#exec-timeout 30
為switch 設gateway
config)#ip default-gateway 192.168.1.254
清除Router組態:
#erase startup-config
#reload
Router模擬成DCE用
上課時Router 對接才有此需求,一般來說,這是很少用的
#show controller serial 0/0
(config)#interface serial 0/0
(config)#clock rate 128000.Switch Port 設定Trunk、Access
把Fastethernet 0/1 指定為Trunk port
config)#int fast 0/1
config-if)#switchport mode trunk
=================================================
把Fastethernet 0/1 指定為Access port
config)#int fast 0/1
config-if)#switchport mode Access.查看鄰居路由
show cdp interface show cdp neighbors [detail] show cdp entry routerA
.停用CDP指令
停用 serial 介面的cdp
config)#int s 0/0
config-if)#no cdp enable
停用全部介面的cdp
config)# no cdp enable
從設default gateway為168.95.1.254 :
ip route 0.0.0.0 0.0.0.0 168.95.1.254
ip route 192.168.1.0 255.255.255.0 192.168.1.254
(即192.168.1.0會把192.168.1.254 當閘道)
.在router 或switch 上設定標題訊息
config)#banner motd %
************************************
* *
* Webcome to router *
* *
************************************
%
聽說有人真的在router 上打這個
結果有天被hacker 入侵了,也抓到了
但因為這句話 hacker 被判無罪 ~!
.關閉Spanning tree
cisco 預設spanning tree 是啟動的,故關閉方法如下:
(設定Fastethernet 0/24 為即插即用的連接埠)
config)#int fast 0/24
config-if)#spanning-tree portfast
.破解3COM SWITCH 登入密碼
以超級終端機登入時 登入帳密都打:recover 輸入後 30秒內重開機即可
.設定port mirror
config)#interface GigabitEthernet 0/2
config-if)# port monitor GigabitEthernet0/6
config-if)# port monitor GigabitEthernet0/7
config-if)#exit
完成
另一個練習:
sw(config)#monitor session 1 source interface gigabitEthernet 2/1
sw(config)#monitor session 1 source interface gigabitEthernet 2/2
sw(config)#monitor session 1 source interface gigabitEthernet 2/3
sw(config)#monitor session 1 source interface gigabitEthernet 2/4
sw(config)#monitor session 1 source interface gigabitEthernet 2/5
sw(config)#monitor session 1 destination interface Gi3/48
可簡化寫成如下兩行
sw(config)#monitor session 1 source interface Gi2/1 - 5
sw(config)#monitor session 1 destination interface Gi3/48
.開啟snmp指令
config)#snmp-server community public ro
TFTP的應用
將Router 的設定寫入nvram 後,備份nvram 的內容到TFTP
#copy startup-config tftp:
從TFTP還原startup-config
#copy tftp: nvram:
備份IOS 到TFTP
#copy flash: tftp:
升級或還原 IOS
#copy tftp: flash:
手動將startup-config 載入Ram
copy startup-config running-config
下write 指令
是寫到startup-config
.升級28xx系列Router的IOS
Step 1 請先安裝TFTP Server
Step 2 將欲升級之IOS image檔(例如: c2800nm-ipbase-mz.124-3g.bin)
放入TFTP Server的root目錄中,並啟動TFTP Server
Step 3 利用console cable連接router上之console port,並啟動終端機
連上router
Step 4 定義router之Ethernet Port的IP位置和遮蔽值,並利用ping 指令
確定TFTP Server和router間有訊號連結
Step 5 在Router#的模式下鍵入 copy tftp flash,終端機畫面會出現一連
串的指示﹕
Address or name of remote host [ ]? 192.168.1.20
(輸入Tftp Server IP位置)
Source filename [ ]? c2800nm-ipbase-mz.124-3g.bin
(輸入欲升級之IOS image檔名)
Destination filename [c2800nm-ipbase-mz.124-3g.bin]?
(按Enter)
Erase flash: before copying? [confirm]
(按 Enter)
Erasing the flash filesystem will remove all files! Continue?
[confirm] (按Enter)
Destination filename [c2800nm-ipbase-mz.124-3g.bin]? (按Enter)
Accessing tftp://192.168.1.20/c2800nm-ipbase-mz.124-3g.bin...
Erase flash: before copying? [confirm] (按Enter)
Erasing the flash filesystem will remove all files! Continue?
[confirm] (按Enter)
終端機畫面出現連續的”e”符號,表示router正在刪除現有
的IOS image檔。
終端機畫面出現連續的”!”符號,表示欲升級之IOS image檔
正被upload至router中,連續的”!”符號結束後表示升級完成
.備份與升級26xx系列Router的IOS
Step 1 請先安裝TFTP Server
Step 2 將欲升級之IOS image檔(例如: c2600-i-mz_120-5_T1.bin)放入
TFTP Server的root目錄中,並啟動TFTP Server
Step 3 利用console cable連接router上之console port,並啟動終端機
連上router
Step 4 定義router之Ethernet Port的IP位置和遮蔽值,並利用ping 指令
確定TFTP Server和router間有訊號連結
Step 5 在Router#的模式下鍵入copy tftp flash,終端機畫面會出現一連
串的指示﹕
Address or name of remote host [ ]? 192.168.1.20
(輸入Tftp Server IP位置)
Source filename [ ]? c2600-i-mz_120-5_T1.bin
(輸入欲升級之IOS image檔名)
Destination filename [c2600-i-mz_120-5_T1.bin]? (按Enter)
Erase flash: before copying? [confirm] (按下Enter)
Erasing the flash filesystem will remove all files! Continue?
[confirm] (按Enter)
Destination filename [c2600-i-mz_120-5_T1.bin]? (按Enter)
Accessing tftp://192.168.1.20/c2600-i-mz_120-5_T1.bin...
Erase flash: before copying? [confirm] (按Enter)
Erasing the flash filesystem will remove all files! Continue?
[confirm] (按Enter)
終端機畫面出現連續的”e”符號,表示router正在刪除現有的IOS image檔。
終端機畫面出現連續的”!”符號,表示欲升級之IOS image檔正被upload至
router中,連續的”!”符號結束後表示升級完成
如下連續操作步驟
備份 flash
R26#copy flash: tftp:
Source filename [c2691-i-mz.123-9.bin]?
Destination filename [c2691-i-mz.123-9.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8466872 bytes copied in 30.024 secs (282003 bytes/sec)
R26#
升級Flash
R26#copy tftp: flash:
Address or name of remote host []? 192.168.1.20
Source filename []? c2691-i-mz.123-9.bin
Destination filename [c2691-i-mz.123-9.bin]?
Accessing tftp://192.168.1.20/c2691-i-mz.123-9.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: complete
Loading c2691-i-mz.123-9.bin from 192.168.1.20 (via FastEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 8466872 bytes]
Verifying checksum... OK (0x8E58)
8466872 bytes copied in 239.992 secs (35280 bytes/sec)
每30分鐘清除Switch 的arp cache
config)#interface FastEthernet0/10 config-if)#arp timeout 30
在Rommon mode 清除Router 的密碼
1.更改 config-register 為 0x2142
在router 重開機時(POST),按 [ctrl] + [break] 進入 ROM Monitor
System Bootstrap, Version 12.2(6r), RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
PC = 0xfff0ac0c, Vector = 0x500, SP = 0x680127d0
PC = 0xfff0ac0c, Vector = 0x500, SP = 0x680127c0
C2600 platform with 65536 Kbytes of main memory
PC = 0xfff0ac0c, Vector = 0x500, SP = 0x800048ac
monitor: command "boot" aborted due to user interrupt
(出現 rommon 1 時,下指令)
rommon 1 > confreg 0x2142
(再來一定要看到這一行才行,沒出現表示失敗)
You must reset or power cycle for new config to take effect
rommon 2 >
|
2.再來要重新開機,或下 reset 重開機,之後不要進setup mode , 手動將startup-config 載入RAM 中
到出現:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
下 no [enter]
|
5.重新設定密碼
1.Privileged Mode=cisco
進入Privileged Mode:
>enable
#config terminal
(config) # enable secret cisco
2.Console Password 設為 cisco
config)#line console 0
config-line)#password cisco (密碼設為 cisco)
config-line)#login (啟動驗證)
config-line)#exit
config)#
3.VTY Password 設為 cisco
config)#Line vty 0 4 (port 0 到4)
config-line)#password cisco (密碼設為 cisco)
config-line)#login (啟動驗證)
config-line)#exit
config)#
|
改回config-register :config) #config-register 0x2102 6.下指令:write(寫入NVram) 7.重新啟動Router 則改密碼即完成 8.測試結果,清掉密碼後,連同nvram 也清掉了,所以要事先做好備份 9.上面是26系列,25系列的破解方法:開機時按Ctrl+PauseBreak後,按 "o" , 出現大於符號(>)後,輸入 o/r 0x2142,再輸入reload即可
在ROMMOM還原IOS
.先確認IOS備份到TFTP上 在ROMMOM1>模式下打tftpdnld 會出訊息如下 rommon 5 > tftpdnld Missing or illegal ip address for variable IP_ADDRESS Illegal IP address. usage: tftpdnld [-r] Use this command for disaster recovery only to recover an image via TFTP. Monitor variables are used to set up parameters for the transfer. (Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.) "ctrl-c" or "break" stops the transfer before flash erase begins. The following variables are REQUIRED to be set for tftpdnld: IP_ADDRESS: The IP address for this unit IP_SUBNET_MASK: The subnet mask for this unit DEFAULT_GATEWAY: The default gateway for this unit TFTP_SERVER: The IP address of the server to fetch from TFTP_FILE: The filename to fetch The following variables are OPTIONAL: TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=7) TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200) TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1) FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=Auto(deflt) Command line options: -r: do not write flash, load to DRAM only and launch image rommon 6 > IP_ADDRESS=172.16.1.5 指定的IP位址 rommon 7 > IP_SUBNET_MASK=255.255.255.0 指定的MASK rommon 8 > DEFAULT_GATEWAY=172.16.1.254 指定的GATEWAY rommon 9 > TFTP_SERVER=172.16.1.1 TFTP IP位址 rommon 10 > TFTP_FILE=c2600-i-mz.122-3.bin TFTP上面IOS檔名 rommon 11 > tftpdnld 都定義好了開始從TFTP下載IOS IP_ADDRESS: 172.16.1.5 IP_SUBNET_MASK: 255.255.255.0 DEFAULT_GATEWAY: 172.16.1.254 TFTP_SERVER: 172.16.1.1 TFTP_FILE: c2600-i-mz.122-3.bin Invoke this command for disaster recovery only. WARNING: all existing data in all partitions on flash will be lost! Do you wish to continue? y/n: [n]: y . Receiving c2600-i-mz.122-3.bin from 172.16.1.1 !!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!! File reception completed. Copying file c2600-i-mz.122-3.bin to flash. Erasing flash at 0x607c0000 program flash location 0x604f0000 rommon 14 > boot program load complete, entry point: 0x80008000, size: 0x4f9fbc Self decompressing the image : #################################### ################################################################### ################################################################### ################################################################### ################################################################### ################################################################### ################################################################### ################################################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ TYPE 0000A2 0X0010A400 C2600 Dual Fast Ethernet 0X000F3BB0 public buffer pools 0X00211000 public particle pools TOTAL: 0X0040EFB0 If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 5Mb. Using 15 percent iomem. [5Mb/32Mb] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 18-Jul-01 14:08 by pwade Image text-base: 0x80008088, data-base: 0x8097BEBC cisco 2621 (MPC860) processor (revision 0x600) with 27648K/5120K bytes of memory . Processor board ID JAD0605094W (2040291473) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n 完成................
練習:vlan、Trunk、VTP、Inter Vlan Routing
如圖 sw1:interface Vlan1 :192.168.1.1 /24 sw2:interface Vlan1 :192.168.1.2 /24 sw2:interface Vlan1 :192.168.1.3 /24 pc1:192.168.1.11 /24 pc1-1:192.168.1.12 /24 pc2:192.168.2.11 /24 pc2-1:192.168.2.12 /24 pc3:192.168.3.11 /24 pc3-1:192.168.3.12 /24 pc1-2:192.168.1.13 /24 pc2-2:192.168.2.13 /24 pc3-2:192.168.3.13 /24 RA: interface fa0/0 192.168.1.254 /24 fa0/0.2 192.168.2.254 /24 fa0/0.3 192.168.3.254 /24 .VTP domain: icnd .VTP password: cisco
==================
RA設定如下 interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 no shutdown interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 192.168.2.254 255.255.255.0 no shutdown interface FastEthernet0/0.3 encapsulation dot1Q 3 ip address 192.168.3.254 255.255.255.0 no shutdown
==================
SW1的port 1、24設成Trunk SW2的port 1、2 設成Trunk SW3的port 1 設成Trunk
Frame Relay 練習1
Cloud-PT configure Serial 0 LMI 選ANSI 以下打兩筆 DLCI : 102 Name: 102 DLCI : 103 Name: 103 Serial 1 LMI 選ANSI DLCI : 201 Name: 201 DLCI : 203 Name: 303 Serial 2 LMI 選ANSI DLCI : 302 Name: 302 DLCI : 301 Name: 301 Frame Relay 選項打兩筆 1.Serial 0 : 102 ,Serial 1 : 201 2.Serial 1 : 203 ,Serial 2 :302 R1設定: Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#interface serial 0/0/0 R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay lmi-type ansi R1(config-if)#ip address 192.168.1.1 255.255.255.252 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface fastethernet 0/0 R1(config-if)#ip address 10.1.1.254 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 192.168.1.0 R1(config-router)#network 10.0.0.0 R1(config-router)#^Z R3設定: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R3 R3(config)#int serial 0/0/0 R3(config-if)#ip address 192.168.1.6 255.255.255.252 R3(config-if)#no shutdown R3(config-if)#interface fastethernet 0/0 R3(config-if)#ip address 10.3.3.254 255.255.255.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#router rip R3(config-router)#version 2 R3(config-router)#network 192.168.1.0 R3(config-router)#network 10.0.0.0 R3(config-router)#^Z R2設定: Router#config terminal Router(config)#hostname R2 R2(config)#int serial 0/0/0 R2(config-if)#frame-relay lmi-type ansi R2(config-if)#encapsulation frame-relay R2(config-if)#no shutdown R2(config-subif)#ip address 192.168.1.2 255.255.255.252 R2(config-subif)#frame-relay interface-dlci 201 R2(config-subif)#interface serial 0/0/0.203 point-to-point R2(config-subif)#ip address 192.168.1.5 255.255.255.252 R2(config-subif)#frame-relay interface-dlci 203 R2(config-subif)#exit R2(config)#interface fastethernet 0/0 R2(config-if)#ip address 10.2.2.254 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#router rip R2(config-router)#version 2 R2(config-router)#network 192.168.1.0 R2(config-router)#network 10.0.0.0 R2(config-router)#^Z R2#
全站熱搜
留言列表
