Конфиг маршрутизаторов Cisco

1
32.973.26-018.2.75
42 681.3.07
""
. . ..
"" : info@williamspublishing.com,
http://www.williamspublishing.com
, , , .
42 Cisco, 2- . : . . . : "", 2001.
368 . : . , .
ISBN 5-8459-0219-3 (.)
, -,
IOS, Cisco Systems,
Inc. ZIP. ,
, ,
, Cisco.
32.973.26-018.2.75
.

, ,
, Cisco Press.
Authorized translation from the English language edition published by Cisco Press, Copyright 2001 All rights reserved. No
part of this book may be reproduced or transmitted in any form or by any
means, electronic or mechanical, including photocopying, recording or by any information storage
retrieval system, without permission from the Publisher.
Russian language edition published by Williams Publishing House according to the Agreement with
R&I Enterprises International, Copyright 2001
ISBN 5-8459-0219-3 ( )
ISBN 1-57870-241-0 (.)
"", 2001
Cisco Press 2001
1.
2.
3. Cisco
4. TCP/IP
5. AppleTalk
6. IPX
7.
8. IOS ZIP

Cisco Systems
1.

2.

- IOS

,

3. Cisco

show interfaces
encapsulation
shutdown
description

Ethernet IEEE802.3
Fast Ethernet
Fast Ethernet Ethernet
Gigabit Ethernet
Token Ring
FDDI

HDLC
Point-to Point
.25
X 25
Frame Relay
Frame Relay
Asynchronous Transfer Mode
ATM
Digital Subscriber Line
ISDN
ISDN

4. TCP/IP
/1-

IP-

IP-
IP-
IP-
IP-
IP-
Routing
Information Protocol

Cisco Systems Interior Gateway Routing Protocol

Open Shortest Path First Protocol
IP- IGRP
Cisco
Border
5
Gateway Protocol

IP-

IP-

ISDN-
IP-
IP

IP-
DHCP- IOS
IP-

5. AppleTalk
AppleTalk
AppleTalk

AppleTalk-
AppleTalk
AppleTalk

AppleTalk
,
AppleTalk
AppleTalk RTMP
AppleTalk EIGRP
AppleTalk

AppleTalk
AppleTalk
6. IPX
IPX
IPX-

IPX-
IPX-
IPX-

IPX-
, IPX
SAP
SAP
IPX RIP
NLSP
IPX EIGRP
IPX

IPX
IPX
IPX-

7.

Telnet SSH
SSH-
SSH

-
RADIUS
TACACS+
RADIUS TACACS+

-

8. IOS ZIP
-
SF-1
SF-2
SF-Core-1
SF-Core-2
-
Seoul-1
Seoul-2

SinglSDN
Sing2511

(Allan Leinwand) -
Telegis Networks, Inc. , Digital Island,
Inc.,
. Cisco
Systems, Inc. ,
. 1988
(. )
.
. ( ).
, . ,
Addison-Wesley Network
Management: Practical Perspective, Second Edition.
(Bruce Pinsky) Cisco
( 1045), - Telegis Networks, Inc.
. ,
, -
Digital Island, Inc.,

. Digital Island
Cisco
.
(. ) 1988

. Cisco
, ,
, ,
,
. , ,
,
.

(Henry Benjamin) Cisco ,
, , Cisco

Cisco.
Cisco, , IP-,
IGRP, EIGRP OSPF.

Cisco - . ,
Cisco
.
.
(Kevin Burgess) 10 ,
.
EDS .
Novell Cisco
Cisco .
- (Andre Paree-Huf!) ,
8 .
Compaq Computer Corporation
- ( ) III .
,
2 3 OSI.
, , .
Cisco
.
(Dave Sumter) Cisco
( 4942). ,
Cisco. Cisco
Systems, Inc. .

. ,
Cisco

.
(Michael Truett) Cisco ,
,
IP (VoIP). Cisco
.
, ,
, Frame Relay .
Cisco.
10

,
, ,
.
,

,
.
11
Cisco Systems, Inc.

. Cisco
100 000 , ,
. 80
Internet.
Cisco
.

Cisco (Cisco Internetwork Operating System
IOS). IOS ,

.
, IOS
, .
IOS,
: / TCP/IP
(Transmission Control Protocol/Internet Protocol), IPX
Novell (Internetwork Packet Exchange) AppleTalk Apple
Computer, Inc.

, IOS , .
Cisco IOS -
.
,
.
, IOS,
. ,
IOS IOS
.

Zoom Integrated Products (ZIP).
ZIP.

IOS.
IOS
.
,
, ,
.
, 1OS . ,
TCP/IP, AppleTalk IPX,
. , ,

,
, IOS Cisco.
12

1, " ",
( OSI) }
, ( ' ,
.
Zoom Integratec Products (ZIP).
2, " ", ,
Cisco,
. ; ,
, IOS, ,
.
, ,
,
IOS -.
3, " Cisco",
, Ciscc
: Ethernet, Fast Ethernet Gigabit Ethernet, Token Ring, Fiber
Distributed Data Interface (FDDI), High-Level Data Link Control (HDLC), Point-to-Point Protocol
(PPP), X.25, Frame Relay, Asynchronou Transfer Mode (ATM), Digital Subscriber Loop (DSL)
Integrated Services Digital Network (ISDN).
IOS .
4, " TCP/IP",
IP: . ;
IOS IP-, IP-, IP- (RIP,
IGRP, OSPF, EIGRP BGP4), IP- IP-
. , IOS
II (DNS),
IP-, DHCP- .
5, " AppleTalk", ,
AppleTalk. IOS
, , (RTMP), AppleTalk
AppleTalk- .
6, " IPX", IPX
, Service Advertising (SAP) .
IOS IPX-,
, , (RIP, NLSP
EIGRP), IPX- IPX-
.
7, " ",
IOS, .
, Secure Shell
, IOS, ,
, /. ,
Network Management Protocol,
Terminal Access Controller
System TACACS+),
Remote Authentication Dial-In User Service (RADIUS) Network Time
Protocol (NTP).
8, " IOS ZIP",
IOS ZIP.
, .
13

, ,
. ,
.
ZIP () .
, .
.

, , .
. , ,
.
. , ,
.
. ,
.
.
, , .
14
Cisco Systems
Cisco Systems (Len and Sandy Bosack),
, .
, .
, , .

Internet Protocol (IP).

. Cisco,
, . 1984 cisco
Systems, Inc., .
"" ;
.
, ,
, .
, San Francisco Systems,
. ,
. 1992
Cisco Systems, Inc. "" cisco
, Cisco Systems,
Inc., , , cisco Systems.
Cisco
(Advanced Gateway Server AGS),
(Mid-Range Gateway Server MGS), (Compact
Gateway Server MGS), (Integrated Gateway Server IGS)
(AGS+). .
1993 ,
Cisco 4000, Cisco 7000, 2000
3000. Cisco .
, Cisco 12000
Catalyst 6500.
1990- Cisco , , ,
: , ATM, , IBM
.
- Cisco, IOS

,
Cisco.
.
Cisco ,
IOS.
15

( OSI).
, .
.
: , , .
. ,
.
16

Internetwork Operating Systems Cisco ( IOS). IOS
"", Cisco
. IOS
, , .
Cisco IOS , IBM-
Windows 2000. Cisco,
.
IOS,
, .
,
.
. ,
( , ,
, ). ,
,
" ".
, "" OSI
, ,
. 2, " ",
Cisco.

(Open System Interconnection reference model)
, , ,
Cisco. OSI ,
(International Organization for
Standardization ISO) (International
Telecommunications Union-Telecommunications ITU-T).
,
.
.

,
. , ,
.
ISO
, , . ITU-T
,
, . ITU-T .
OSI .
.
, .
,
. OSI: ,
, , , ,
. . 1.1.
, .
17

,
.
: , Web-,
FTP . OSI
Web- Internet. Web- Internet
,
.
OSI,
.

,
.
. ,
, ,
Apple Computer, Inc.
, ,
.
(Abstract Syntax Notation One ASN.l). ,
(Simple Network Management Protocol SNMP),
.

.
. ,
,
, .

, , .
, ,
(,
), ,
,
,
.
, ,
, ,
-. ,
.
(multiplexing) ,
( )
. ,
, .
,
.

: (Transmission Control Protocol TCP),
Internet,
18
Novell (Streams Packet Exchange SPX) AppleTalk Apple

(AppleTalk Transport Protocol ATP).

, ,
. (Internet Protocol
IP) Internet;
Novell ,
(Internetwork Packet Exchange IPX)
-; , , AppleTalk Apple
Apple
(Datagram Delivery Protocol DDP) .
.

: .
.

.
.
, ,
, .
.
.
,
.
, .

.

2 ( ),
, . Ethernet, Fast Ethernet, Token
Ring, Frame Relay ATM (Asynchronous Transfer Mode )
, .
.

, .

OSI .
, .
, ,
, ..
, , : V.35, RS-232C, RJ-11, RJ-45,
AUI .
OSI , .
,
, OSI ,
, .
19

OS1
. , , ,
,
! ,
- -.
- . .

.

, .
.
,
( ) . OSI

, .
, . 1.2,
. .
,
.
, -
-.
.
.
, ,
, , .
OSI.
,
.
,
-.
, Web-
Web-. , www.telegis.net,
TCP Web-, www.telegis.net.
( , TCP,
, .) TCP
( IP) IP- - IP -.
, -, Ethernet.
-
, , . ,
, , ,
-
.
20
,
IP- -. IP-
, , ,
IP- .
Web- www.telegis.net.
Web-
( , - ).
Cisco OSI
, . ,
,
.
, IOS .
Cisco, , ,
. , , , . 1.3,
.
.
21

Cisco :
, . .

, .

. .
.
.
.
.
.
IOS ,
.
Token Ring.

.
, ,
.
.
,
. ,
,
. . 1.4 .
,
22
.

, ,
(Spanning Tree Protocol STP).
. ,
. ,
" " (broadcast storms)
.
, , ..
, , ,
, .
,
.
,
, .

,
,
. ,
Ethernet .
Ethernet,
.
Ethernet 2.
Ethernet Ethernet
, ,
Ethernet .
, ,
Ethernet.

. ,
Ethernet Token Ring,
. ,
, , ,
.

, .
Cisco ,
IOS. , ,
23
, .
, .
,
, . ,
OSI .
,
, Ethernet, ,
,
, , , ATM Fast Ethernet.
,
. ,
, , , Ethernet, Fast
Ethernet Gigabit Ethernet.
. 1.5 , .
. 1.5.
,
. :
IP, IPX AppleTalk.
. , ,
.
, ,
. , ..

, Cisco, ,
. 1.6,
, .
24
,
,
,
. (
) ,
.
.
, IOS.

, , ,
.
Internet , .
.
,
,
. , 16
Ethernet. ,
, , Ethernet,
. ,
IP, IPX AppleTalk, ,
.
, .

. 1.7 , .
IOS :
: Ethernet, Fast Ethernet, Gigabit Ethernet,
Token Ring Fiber Distributed Data Interface (FDDI) (. , "
Cisco").
: HDLC, , Frame
Relay, ATM ISDN (. 3).
IP- (. 4, " TCP/IP").
IPX- (. 6, " IPX").
25
AppleTalk- (. 5, " AppleTalk").
Zoom Integrated Products (ZIP),

-, .
. .
, Internet. ZIP
- ().
- ZIP
Frame Relay. ISDN
.
, Gigabit Ethernet,
, Fast Ethernet. Fast Ethernet
, , .

, .
HDLC-.
, - (), HDLC-,
, .
- Token Ring.
ZIP , IP, IPX AppleTalk.
Cisco ,
26
. ( . 1.7, .)
,
.
ZIP ,
.
. ,
. .
,
. ZIP ,
IOS Cisco,
.
, OSI,
, , .
Cisco.
.
Cisco IOS ,
Cisco.
Cisco OSI
, .
IOS OSI.

.

.
, .

, ,
:
1. Halsall, F. Data Communications, Computer Networks and Open Systems, Fourth
Edition. Reading, Massachusetts: Addison-Wesley Publishing Company, 1996,
2. Perlman, R. Interconnections: Bridges, Routers, Switches and Internetworking Protocols, Second
Edition. Reading, Massachusetts: Addison-Wesley Publishing Company, 1999.
3. Peterson, L. and B.S. Davie. Computer Networks: A System Approach, Second Edition. San
Francisco, California: Morgan Kaufmann Publishers, 1999.
27
2

.
IOS Cisco,

. IOS
.
Cisco
% . ,
Cisco, -
.
IOS, Cisco
,
. ,
IOS,
28
IOS,
.
. IOS,
, .

ZIP.

, IOS, . ,
,
, ,
, Cisco

,
( )
,
Cisco,
,
( 1), ,
.

Cisco 2500
, ,
,
(AUX) .
, , , , , .

IOS.

IOS
. Cisco ,
.
RS-232 RJ-45
"Console" ("").
,
. Cisco
. ,
RS-323C , RJ-45
.
, Cisco 7500,
RS-232C RJ-45, , Cisco
2500, . , , ,
DB-9,
RJ-45. RJ-45 (, ,
Cisco 2500 Cisco 3600),
RJ-45 ( RS-232C)
( DB-9).
29
,

. (
) , :
VT100;
9600 ;
;
8 ;
1 -.
.
, , Cisco
7206:
System Bootstrap, Version 12.1 (1), SOFTWARE'
Copyright (c) 1986-2000 by Cisco Systems
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set
forth in subparagraph (c)
of the
Commercial Computer Software - Restricted Rights clause at FAR sec.
19 and subparagraph (c)
(1)
(ii)
of the Rights
in Technical
and Computer Software clause at DFARS sec.
252.227-7013.
Cisco Systems,
Inc.
170 West Tasman Drive
San Jose,
California 95134-1706
Cisco Internetwork Operating System Software
IOS
(tm)
7200 Software
(C7200-P-M),
RELEASE SOFTWARE
12.0(5)
52.227Data
, IOS,
. .

, , - .
, , <Enter> <Return>.
, , ,
. ,
Getting Started Guide (" "),
Cisco.

. ,
, IOS.
,
.

.
System Configuration Dialog
At any point you may enter a question mark '?' for help.
Refer to the 'Getting Started' Guide for additional help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes]:
30

, . IOS , . Cisco 2500.

<Return> <Enter>:
Would you like to enter the initial configuration dialog?
[yes]:
First,
would you like to see the current interface summary?
[yes]:

: .
( NO
Ok?). IP- , IP Address
unassigned ( ). Method
not set ( ). , :
.
. Status ("") Protocol
(""). status , Protocol
.
down ("").
Interface IP-Address OK? Method Status Protocol
EthernetO unassigned NO not set down down
SerialO unassigned NO not set down down
, ,
Ethernet , Serial
. EthernetO
Ethernet, SerialO
.
.
3, " ".

, .. ,
, . .
ZIP :
Configuring global parameters:
Enter host name [Router]: Singapore
IOS .
.
, IOS
: .
. .
,
.
enable password,
enable secret. - ,
enable secret
31
. , IOS,
, enable secret.
, enable secret ! zippy2u,
enable password ! zippy4me:
The enable secret word is a one-way cryptographic secret that is
instead of the enable password word when it exists.
Enter enable secret:
\zippy2u
The enable password is used when there is no enable secret and when using
older software and some boot images.
Enter enable password:
!zippy4me
used
" "
, IOS. ,
IOS, Telnet-
( 0 4). ,
IOS
Telnet, .
, ,
enable secret
. Zipmein
:
Enter virtual terminal password: Zipmein

. ,
, ,
.

.
(Simple Network Management Protocol SNMP).
SNMP 7, "
". , SNMP,
public:
Configure SNMP Network Management?
Community string
[public]: public
[yes]:
yes

DECnet,
Digital Equipment Corporation. ZIP
, .
Configure DECnet?
[no]:
no
ZIP AppleTalk . (
AppleTalk 5, " Apple Talk".)
Configure AppleTalk? [no]: yes Multizone networks? [no]: yes
ZIP IPX:
Configure IPX? [no]: yes
Internet Protocol (IP)

ZIP. , .
IOS IP-,
.
Interior Gateway Routing
Protocol (IGRP) . IP32
4, " TCP/IP":
Configure
Configure
IP?
[yes]:
IGRP routing?
[yes]:
no
IOS
, .
.
3, ,
, IP-, IPX-,
AppleTalk, .
ZIP Ethernet
Frame Relay. IP, IPX AppleTalk
:
Configuring interface parameters:
Configuring interface EthernetO:
,
, .. ,
. EthernetO SerialO
:
Is this interface in use? [no]: yes
,
IP, IP- 131.108.1.1 255.255.255.128.
, IP-,
4.
Configure IP on this interface?
[no]: yes
IP address for this interface:
131.108.1.1
Number of bits in subnet field
[0]:
9
Class network is 131.108.0.0,
9 subnet bits,
mask is
/25
IP ZIP
IPX AppleTalk.
IPX- AppleTalk. IPX
6, " IPX", AppleTalk 5, " AppleTalk".
Configure IPX on this interface?
[no]: yes
IPX network number
[1]:
4010
Configure AppleTalk on this interface?
[no]:
Extended AppleTalk network?
[no]: yes
AppleTalk starting cable range
[0]:
4001
yes
SerialO
, :
Configuring interface SerialO:
Is this interface in use? [no]: yes Configure IP unnumbered on this interface?
[no]: no
IP address for this interface: 131.108.242.6
Number of bits in subnet field [0]: 14
Class network is 131.108.0.0, 8 subnet bits; mask is /30 Configure IPX on this
interface? [no]: yes
IPX network number [2]: 2902 Configure AppleTalk on this interface? [no]: yes
Extended AppleTalk network? [no]: yes
AppleTalk network number [1]: 2902
33

, .
,
,
. , ,
Cisco, IOS.
. , ,
, ,
:
hostname Singapore
enable secret 5 $2zu6m7$RMMZ8em/.8hksdkkh78p/TO
enable password
!zippy4me
line vty 0 4
password Zipmein
snmp-server community public
ip routing
!
ipx routing
appletalk routing
!
no decnet routing
!
interface EthernetO
ip address 131.108.1.1 255.255.255.128
ipx network 4010
appletalk cable-range 4001-4001
appletalk discovery
no mop enabled
!
interface SerialO
ip address 131.108.242.6 255.255.255.252
ipx network 100
no mop enabled
!
end
Use this configuration? [yes/no]: yes
[OK]
Use the enabled mode
'configure,'
command to modify this
Press RETURN to get started!
configuration.
<Return>
:
Singapore>
, EXEC,
IOS. ,
Help.

IOS ,
EXEC. , ,
, IOS . ,
"?", :
Singapore>?
34
Exec commands:
<1-99>
access-enable
access-profile
attach
clear
connect
disable
disconnect
enable
exit
help
lock
login
logout
mis
mrinfo
Session number to resume

Create a temporary Access-List entry
Apply user-profile to interface
Attach to system component
Reset functions
Open a terminal connection
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Exit from the EXEC
Description of the interactive help system
Lock the terminal
Log in as a particular user
Exit from the EXEC
Exec mis router commands
Request neighbor and version information from a
multicast router
Show statistics after multiple multicast traceroutes
Trace reverse multicast path from destination to source
Name an existing network connection
Open a X.29 PAD connection
Send echo messages
mstat
mtrace
name-connection
pad
ping
More
,
. EXEC
, IOS Cisco
(Cisco
IOS
Software
Command
Summary),
www.cisco.com/univercd/cc/td/doc/product/
software/ios!21/121cgcr/index.htm.
, ,
. ;
, ,
,
<>:
Singapore>lock ?
<>
Singapore>lock
,
. IOS ,
. , lock
IOS .

EXEC. , IOS
. show.
show.
Singapore>show
alps
backup
bootflash:
bootvar
calendar
cef
ces
clock
context
dialer
diskO:
diskl:
Alps information
Backup status
Display information about bootflash: file system
Boot and related environment variable
Display the hardware calendar
Cisco Express Forwarding
CES Show Commands
Display the system clock
Show context information about recent crash(s)
Dialer parameters and statistics
display information about diskO: file system
Display information about diskl: file system
35
drip
dss
flash:
fras-host
history
hosts
ipc
location
management
microcode
mis
modemcap
mpoa
ncia
PPP
rmon
rtr
sessions
sgbp
slotO:
slotl:
snmp
syscon
tacacs
terminal
traffic-shape
users
version
vpdn
DRiP DB
DSS information
Display information about flash: file system
FRAS Host Information
Display the session command history
IP domain-name, lookup style, nameservers, and host table
Interprocess communications commands
Display the system location
Display the management applications
Show configured microcode for downloadable hardware
Multilayer switching information
Show Modem Capabilities database
MPOA show commands
Native Client Interface Architecture
PPP parameters and statistics
Rmon statistics
Response Time Reporter (RTR)
Information about Telnet connections
SGBP group information
Display information about slotO: file system
Display information about slotl: file system
Snmp statistics
System Controller information
Shows tacacs+ server statistics
Display terminal configuration parameters
Traffic rate shaping configuration
Display information about terminal lines
System hardware and software status
VPDN information
Singapore>show
, IOS ,
.
IOS ,
<b>.
, , <b>, IOS
. show sessions,
Telnet-
.
Singapore>show sess
<b>, IOS :
Singapore>show sessions
, ,
Singapore>show s
IOS ,
show sessions show snmp. <b>
.
EXEC IOS
. , show sess show sessions .
show sessions sessions. sessions

. Cisco ,
.
36
(Route Switch Module RSM)

(Asynchronous Transfer Mode ATM)
Catalyst. ,
, session, . ,
Catalyst ATM, 3
(, , ),
:
Router>session 3
Trying ATM-3. . .
Connected to ATM-3.
Escape character is ^].
ATM>
, ATM-.
Telnet- :
ATM-.

EXEC . ]
.
", " (>), ,
:
Singapore>
,
IOS, -
.
,
(enable mode). ,
, enable secret
, enable:
Singapore>enable
Password:
Singapore#

enable secret ( !zippy2u),
.
">" "#" (
""). ,
EXEC disable:
Singapore #disable
Singapore>
,
, , :
Singaporett?
Exec commands:
<1-99>
access-enable
Session number to resume

37
access-profile
access-template
attach
bfe
calendar
cd
clear
clock
configure
connect
copy
debug
delete
dir
disable
disconnect
enable
erase
exit
format
help
lock
login
logout
microcode
mkdir
mls
more
mpoa
mrinfo
mstat
mtrace
name-connection
ncia
no
pad
ping
ppp
pwd
reload
rename
More
Apply user-profile to interface

Attach to system component
For manual emergency modes setting
Manage the hardware calendar
Change current directory
Reset functions
Manage the system clock
Enter configuration mode
Open a terminal connection
Copy from one file to another
Debugging functions (see also 'undebug')
Delete a file
List files on a filesystem
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Erase a filesystem
Exit from the EXEC
Format a filesystem
Description of the interactive help system
Lock the terminal
Log in as a particular user
Exit from the EXEC
Microcode commands
Create new directory
Exec mis router commands
Display the contents of a file
MPOA exec commands
Request neighbor and version information from a multicast router
Show statistics after multiple multicast traceroutes
Trace reverse multicast path from destination to source
Name an existing network connection
Start/Stop NCIA Server
Disable debugging functions
Open a X.29 PAD connection
Send echo messages
Start IETF Point-to-Point Protocol (PPP)
Display current working directory
Halt and perform a cold restart
Rename a file

Cisco .
, IOS.
,
,
, .
,
. .
, IOS
,
-. ,
( ).

, , ,
IOS, show runing-config.
IOS,
38
, :
Singapore#show running-config
Current configuration:
hostname Singapore
enable password !zippy4me
line vty 0 4
password Zipmein
ip routing
ipx routing
appletalk routing
no decnet routing
!
interface EthernetO
ip address 131.108.1.1 255.255.255.128
ipx network 4010
appletalk discovery
no mop enabled
!
More
.
.
, , .
, -
, ,
.
EXEC copy,
:
Singapore#copy running-config startup-config
[OK] Singapore#
, ,
.
,
, :
Singapore#copy startup-config running-config
[OK]
Singapore#
,
. ,
. ,
.
,
.
,
(. " "
).
EXEC show
startup-config:
Singapore#show startup-config
Using 1240 out of 7506 bytes
!hostname Singapore
39
enable password !zippy4me

line vty 0 4
password Zipmein
ip routing
ipx routing
appletalk routing
no decnet routing
!interface EthernetO
ip address 131.108.1.1 255.255.255.128
ipx network 4010
appletalk discovery
no mop enabled
!More
, ,
. , ,
, .
running-config
startup-config. , (
), ,

, .

erase startup-config:
Singapore#erase startup-config
Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Singapore#
,
EXEC reload,
. (
) ,
.
- IOS
- , Cisco
IOS, .
IOS . ,
IOS ,
IOS ,
.
IOS. - .
IOS, ,
IOS .
Cisco IOS
, TCP/IP,
(Trivial File Transfer Protocol TFTP),
(File Transfer Protocol FTP),
UNIX UNIX remote copy protocol (rep).
IOS
TFTP FTP. ,
1OS, -,
. ,
40
IOS
.
FTP TFTP .
(
).
,
TFTP ,
FTP.
( )
IOS. ,
, ,
TFTP ,
.
, FTP ,
IOS .
,
IOS . TFTP
. FTP
.
, IOS , .
IOS TFTP
IOS
TFTP-. , tftp flash.
, , IOS c-2500-i-1.1205.P.bin , . ,
-,
IP- TFTP- , IOS.
, .
Singapore#copy tftp flash
System flash directory:
File Length Name/status
Memory Configuration Issues 33
1 2980876 c2500-is-mz.lll-3.P.bin
[2980876 bytes used, 5407732 available, 8388608 total]
IP address or name of remote host [255.255.255.255]? 131.108.20.45
Name of file to copy ? c2500-i-1.120-5.P.bin
Copy c2500-i-1.120-5.P.bin from 131.108.20.45 into flash memory? [confirm]
Loading from 131.108.20.45:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!! [OK - 1906676/4194240 bytes] Verifying via checksum...
Flash verification successful. Length = 1906676, checksum = Oxl2AD
EXEC, -
, (!)
(.) .
, .. IOS TFTP-, EXEC copy flash
41
tftp. 1OS
.
, , IOS
.

copy tftp flash IOS.
- ,
EXEC show flash:
Singapore>show flash
1 1906676 c2500-i-1.120-5.bin
8192K bytes of processor board System flash
Cisco IOS,
-, , .
IOS TFTP-
Flash load helper ( -).
IOS FTP
TFTP, FTP
,
IOS, . , ,
FTP- IOS.
.
EXEC
copy ftp.

ip ftp username ip ftp password.
,
. ,
,
1OS
. FTP-
.
joebob getmysoftware.
TFTP, ,
IOS, FTP-. ,

EXEC
copy ftp://username:password flash.
, copy ftp://joebob: getmysoftware flash.
IOS c2500-i-l. 120-5.P.bin
- , . ,
-,
IP- F- , IOS.
, IP- F- IOS

ftp://username:passwordgftpservername/ios-image-name. ,
, .
42
Singapore#copy ftp://joebob:getmysoftware flash

System flash directory: File Length Name/status
1 2980876 c2500-is-mz.lll-3.P.bin
Copy c2500-i-1.120-5.P.bin from 131.108.20.45 into flash memory? [confirm] Loading
from 131.108.20.45:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!
[OK 1906676/4194240 bytes]
Verifying via checksum...
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Flash verification successful.
Length = 1906676,
checksum = Oxl2AD
, F-

IOS , ,
. FTP-
ip ftp username ip ftp password.
FTP- joebob getmysoftware,
IOS:
Singapore#configure terminal
Singapore(config)#ip ftp username joebob
Singapore(config)#ip ftp password getmysoftware
Singapore(config)#^Z
Singapore#copy ftp flash
1 2980876 c2500-is-mz.lll-3.P.bin
Copy c2500-i-1.120-5.P.bin from 131.108.20.45 into flash memory? [confirm]
Loading from 131.108.20.45:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!! [OK - 1906676/4194240 bytes] Verifying via checksum...
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvFla
sh verification successful. Length = 1906676, checksum = Oxl2AD
, IOS, " ".

, -, IP- F- , IOS.
TFTP,
- FTP- EXEC copy flash ftp.
43
, ,
F-.
.
IOS
.
, IOS, .

copy ftp flash
IOS.
-
, - IOS,
,
,
-. , ,
- .
-
EXEC erase flash. - ,
delete. , - IOS c2500-i1.120.P.bin EXEC delete c2500-i-1.120.P.bin.
Cisco,
-
(
, slotO), delete ,
, ,
-.
squeeze.

, IOS,
EXEC configure.
:
;
;
.
EXEC, EXEC IOS

.

<Enter>. .
<> , <!>
. ,
<Ctrl+P>,
<Ctrl+N>.
configure IOS ,
:
Singapore#configure
Configuring from terminal, memory, or network [terminal]?
, ,
.
IOS :
44
Singapore#configure
Enter configuration commands, one per line. End with CTRL+Z.
Singapore(config)#
, ,
.
<Ctrl+Z> (AZ).
hostname Singapore
Seoul:
Singapore #configure
Singapore(config)#hostname Seoul
Seoul(config)#^Z
Seoul!
, .
,
.

,
. ,
-
. configure
, copy startup-config running-config,
:
Seoul#configure
Configuring from terminal, memory, or network [terminal]? memory
Singapore#
TFTP:
Singapore#configure
Configuring from terminal, memory, or network [terminal]? network
Host or network configuration file [host]?
Address of remote host [255.255.255.255]? 131.108.20.45
Name of configuration file [singapore-confg]?
Configure using singapore-confg from 131.108.20.45? [confirm]
Loading singapore-confg !![OK]
Singapore#
configure IOS
( )
.
TFTP , IOS
TFTP-. TFTP IP-,
IP TFTP-.
IP- IP 4.
IOS TFTP-,
, ,
-confg. Singapore
45
singapore-confg:
Singapore#configure
Configuring from terminal, memory, or network [terminal]? network
Host or network configuration file [host]?
Address of remote host [255.255.255.255]? 131.108.20.45
Name of configuration file [singapore-confg]?
Configure using singapore-confg from 131.108.20.45? [confirm]
Loading singapore-confg ... [timed out]
Singapore#
-
IP- - TFTP.

.
, ,

TFTP configure.
, ,
EXEC. ,
, :
Singapore#hostaame ^ Seoul
%
Invalid input detected at
''
marker
, , .
Singapore#configure
Singapore(config)thostname Seoul
Seoul(config)#AZ
Seoul!
IOS :
;
;
.
, IOS.
hostname, enable
secret ip routing. ,
.
IOS,
. , hostname , enable secret
, ,
ip routing IP-.
.
.
interface EthernetO IOS ,

EthernetO. ip address IP- EthernetO:
Singapore#configure
Singapore(config)#interface EthernetO
Singapore(config-if)#ip address 131.108.1.1 255.255.255.128
Singapore(config-if)#^Z
46
Singapore#
, IOS interface EthernetO

. , Singapore
(config) Singapore (config-if) . ,
. interface EthernetO
.
. ,
ip address 131.108.1.1 255.255.255.128
.
.
IOS 12.0,
. ,
ATM-, 3,
interface atmO . pvc [name]
vpi/vci (vpi)
(vci).
ATM-,
VPI/VCI. , ATM-
VPI/VCI 5/42
(unspecified bit rate - UBR) 384 /:
Router#configure
Router(config)#interface atmO
Router(config-if)#pvc 5/42
Router(config-if)#ubr 384
Router(config-if)# ^Z
Router#
(
, ):
Route#show running-config
!
Current configuration:
interface ATMO
pvc 5/42
ubr 384
, ,
IOS, ,
TFTP configure network.

.
.
, configure
terminal.

IOS
.

(?).
, :
47
Singapore(config)#?
Configure commands:
aaa
access-list
alias
arp
async-bootp
banner
boot
bridge
buffers
busy-message
cdp
chat-script
clock
config-register
default-value
dialer-list
dnsix-dmdp
dnsix-nat
downward-compatible- config
enable
Authentication, Authorization and Accounting

Add an access list entry
Create command alias
Set a static ARP entry
Modify system bootp parameters
Define a login banner
Modify system boot parameters
Bridging Group
Adjust system buffer pool parameters
Display message when connection to host fails
Global CDP configuration subcommands
Define a modem chat -script
Configure time-of-day clock
Define the configuration register
Default character-bits values
Create a dialer list entry
Provide DMDP service for DNSIX
Provide DNSIX service for audit trails
Generate a configuration compatible with older software
Modify enable password parameters
More
.

, .
,
EthernetO IP:
Singapore#configure
Singapore(config-if)#ip ?
Interface IP configuration subcommands:
access-group
Specify access control for packets
accounting
Enable IP accounting on this interface
address
Set the IP address of an interface
bandwidth- rcent
Set EIGRP bandwidth limit
broadcast-address
Set the broadcast address of an interface
directed-broadcast
Enable forwarding of directed broadcasts
gdp
Gateway Discovery Protocol
hello-interval
Configures IP-EIGRP hello interval
helper-address
Specify a destination address for UDP broadcasts
hold-time
Configures IP-EIGRP hold time
irdp ICMP
Router Discovery Protocol
mask-reply
Enable sending ICMP Mask Reply messages
mobile
Mobile Host Protocol
mtu
Set IP Maximum Transmission Unit
policy
Enable policy routing
probe
Enable HP Probe support
proxy-arp
Enable proxy ARP
rarp-server
Enable RARP server for static arp entries
redirects
Enable sending ICMP Redirect messages
rip
Router Information Protocol
route-cache
Enable fast-switching cache for outgoing packets
More
, , .

48
. IP-,
EthernetO:
Singapore#configure
Singapore(config-if)#no ip address 131.108.1.1 255.255.255.0
Singapore#
(, )
.
, IOS ,
show running-config show startup-config.
, . ,
,
Cisco
(High-Level Data Link Control HDLC).
, encapsulation hdlc

.
IOS .
, , ,
default. IOS
,

no , . ,
IP-, EtehernetO :
Singapore#configure
Singapore(config)#interfaoe EthernetO
Singapore(config-if)#default ip address
Singapore(config-if)#*Z
Singapore#
.
default
.
Singapore#configure
Singapore(config)#default hostname
Singapore(config-if}#AZ
Router!
hostname ,
"Router".
49

. IOS
. , ,
.
snmp-server. ,
:
Singapore#configure
Singapore(config)#snmp-server community public
Singapore(config)# ^Z
Singapore#
snmp-server :
Singapore#configure
Singapore(config)#srmp-server community zipnet
Singapore#
snmp-server, snmpserver , ,
show running-config:
!
snmp-server community zipnet
!
snmp-server ,
:
Singapore#configure
Singapore(config)#no snmp-server community public
Singapore(config)#snmp-server community zipnet
Singapore#
hostname,
. :
Singapore#configure
Configuring from terminal,
memory,
or network
[terminal]?
Enter configuration commands,
one per line.
End with CTRL+Z.
Singapore(config)#hostname Sing-router
Sing-router(config)#^Z
Sing-router#
hostname .
show running-config
hostname:
!
hostname
!
Sing-router
50
IOS
.
,
.
.
IOS
enable secret.
EXEC ,
, ,
(. 2.1).
.
,
.
.
,
IOS.
. .
, ,
;
.
,
.
,
no.

, (. 2.2).
2.1. EXEC
configure
,

copy flash ftp
IOS - F-
copy flash tftp
IOS - TFTP-
copy ftp flash
IOS - F
copy running-config startup
config
copy startup-config running
config
copy tftp flash
IOS - F
delete IOS
IOS -
disable

enable

erase flash
erase startup-config

lock

session

show flash
-
show running-config

show sessions

show startup-config

51
squeeze
, -
52
2.2.
default
enable password
enable secret
hostname
interface
ip ftp password
ip ftp usernante
no
,

FTP IOS

FTP IOS

Cisco Web-
Cisco Systems, Inc.
Cisco Product Documentation : www.cisco.com/univercd/cc/td/ doc/product/index.htm.
53
3
Cisco

. ,
Cisco 1OS
. ,
Cisco, Ethernet/IEEE 802 3, Fast Ethernet, Gigabit Ethernet, Token
Ring/IEEE802.5 FDDI.

, Cisco, HDLC, , X 25, Frame
Relay, ATM, DSL ISDN
54

, Cisco.
.

?
,
, , . ,
,
, , ,
OSI .
; OSI.
Cisco
.
, , ,
2500 Ethernet
ethernetO, serialO ser .

/. ,
Ethernet, , ethernet
1/2.
interface.
/ .
0 Token Ring
1:
San-Jose# configure
San-Jose(config)#interface tokenring 1/0
San-Jose(config-if)#^Z
, , IOS config config-if.

IOS .
.
Cisco
(Versatile Interface Processor VIP). VIP-
. , ,
, , VIP-.
. (
VIP- Cisco 7000, 7500 12000)
/ / . ,
Token Ring ( 0), ,
, VIP- 2, token ring 2/0/1.
show interfaces
EXEC show interfaces
Cisco, Ethernet:
EthernetO is up, line protocol is up
Hardware is QUICC Ethernet, address is 0060.5cbc.Oef9
0060.5cbc.0ef9)
(bia
55
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
116547 packets input, 13397137 bytes, 0 no buffer
Received 3402 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
273769 packets output, 84816409 bytes, 0 underruns
0 output errors, 1 collisions, 1 interface resets
0 babbles, 0 late collision, 29 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
,
show interfaces. , ,
, (Ethernet) .
, ethernetO, ,
; , .
, , ,
,
.
.
: ,
.
.
" shutdown".
, show interfaces,
, .
.
,
. ,
, , ,
.
encapsulation

.
encapsulation.
,
serialO,
HDLC:
Singapore#configure
Enter configuration commands, one per line. End with CTRL+Z..
Singapore(config)#interface serial 0
Singapore(config-if)#encapsulation ?
atm-dxi
ATM-DXI encapsulation
frame-relay Frame Relay networks
hdlc
Serial HDLC synchronous
lapb
LAPB (X.25 Level 2)
ppp
Point-to-Point protocol
smds
Switched Megabit Data Service (SMDS)
x25
X.25
56
Singapore(config-if)#encapsulation hdlc
Singapore(config-if)# ^Z
shutdown
shutdown no shutdown ,
, , .
Cisco , .
, show interfaces,
, serialO :
SerialO is administratively down, line protocol is down
Hardware is 4T/MC68360
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/64/0 (size/threshold/drops)
Conversations 0/1 (active/max active)
Reserved Conversations 0/0 {allocated/max allocated)
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down
no shutdown
:
Singapore#configure
Singapore(config-if)#no shutdown
IOS shutdown
. ,
, , . , , . IOS ( ) .
,
,
. shutdown
:
Singapore#configure
57

Singapore(config-if)#shutdown
description
description
, show interfaces.
255 .

. ,
, ,
.

.

serialO ZIP ,
.
:
Singapore#configure
Singapore(config-if)#description IETF frame relay PVCs on Circuit Z234987-12-MS-01
show
interfaces serial 0:
SerialO is administratively down, .line protocol is down
Hardware is 4T/MC68360
Description: IETF frame relay PVCs on Circuit Z-234987-12-MS-01
Last input never, output never, output hang never
Reserved Conversations 0/0 (allocated/max allocated)
0 packets output, 0 bytes, 0 underrurts
DCD=down DSR=down DTR=down RTS=down CTS=down

Cisco .
:
58
Ethernet IEEE 802.3;

Fast Ethernet;
Gigabit Ethernet;
Token Ring;
Fiber Distributed Data Interface.
OSI
4
/ 1 /. . ,
, .

. 6-
. (Media Access
Control addresses) -. ,
. ,
. -
() ,
.
,
20- , 6- .
, Cisco 20- 0060.5 (
, ).
28 ,
-.
- Cisco
, show interfaces.
, - ZIP,
-:
Kuala-Lumpur>show interface ethernet0
Hardware is QUICC Ethernet, address is 0060.5cbc.Oef9 (bia
0060.5cbc.0ef9)
IOS. , . ,
.
59
Ethernet IEEE802.3
Ethernet IEEE 802.3,
(Institute of Electrical and Electronic Engineers IEEE),
. Ethernet
70- Xerox - ().
, 1978 ,
Digital Equipment
Corporation, Intel Corporation Xerox. IEEE ,
IEEE 802.3.
Ethernet IEEE 802.3 .
, ,
802,
.
10
/, ,
CSMA/CD. ,
CSMA/CD-, MOI ,
( ), ,
( ). CSMA/CD
.
, Ethernet IEEE 802.3,
, , . 3.1.
, Ethernet IEEE 802.3,

. ,
, , .
, .
, , Ethernet
IEEE 802.3, .
Ethernet-.
Ethernet
Cisco. ,
.
Cisco ,
, CSMA/CD-
. . 3.2 ,
Ethernet, Cisco.
()
()
60
. 3.2. () (6) Ethernet

Cisco. Ethernet- ,
,
.
Fast Ethernet
Ethernet CSMA/CD
Fast Ethernet. Fast Ethernet CSMA/CD,
100 /, ,
Ethernet IEEE 802 3. Fast Ethernet
, ( ,
), Ethernet,
10 100 /
.
Fast Ethernet CSMA/CD,
Fast Ethernet , Ethernet. ,
Ethernet, Fast Ethernet
. , Fast Ethernet,
, , ,
Ethernet (10 /) Fast Ethernet (100 /). ,
:
.
Fast Ethernet Cisco, ,
. Fast Ethernet
Ethernet . . 3.3
,
Ethernet Fast Ethernet.
Fast Ethernet .
Fast Ethernet
Ethernet
Cisco 4000 7000 Fast Ethernet
Ethernet ,
.
, mediatype. Seoul61
1:
Seoul-#lconfigure
Seoul-1(config)#interface ethernet 0
Seoul-1(config-if)#media-type lObaseT
Seoul-1(config-if)#^Z
Ethernet IEEE 802.3

(attachment unit interfaces AUI) RJ45 ( IOS 1OBaseT
" "). AUI 15- .
Fast Ethernet
(media independent interfaces ) RJ-45.
Fast Ethernet ,
full-duplex.
no full-duplex,
.
Fast Ethernet Seoul-1 :
S e o ul-l # c o n fi g ur e
C o n fi g u r i n g fr o m t e r mi n a l, m e m o r y, or n et wo r k [ t e r m i n a l]?
E nt er co nfi g ur atio n co mm a n d s, o n e p er line. E n d with C T R L + Z.
S e o u l - 1 ( c o n f i g ) # i n t e rf a c e e t h e r n e t 0
S e o u l - 1 ( c o n f i g - i f ) # f ul l -d u p l e x
S e o ul-1( c o nfi g -if)# ^ Z
Gigabit Ethernet
Fast Ethernet, Gigabit Ethernet ( IEEE 802.3z)
IEEE 802.3 Ethernet. , , ,
, , 1
/. , Fast Ethernet
Gigabit Ethernet ,
Fast Ethernet. , Fast Ethernet, Gigabit
Ethernet .
OSI,
Gigabit Ethernet Ethernet.
Gigabit Ethernet ,
, (Fiber Channel).
Gigabit Ethernet Fiber Channel
IEEE 802.3, Ethernet Fast Ethernet.
CSMA/CD, ,
. Gigabil
Ethernet IEEE 802..
7500 Catalyst 5500
Gigabit Ethernet. 7500
Gigabit Ethernet . , Gigabit
Ethernet 7500,
Gigabit Ethernet 2/0/0 ( / / ):
Router>show interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 is up, line protocol is up
Hardware is cyBus GigabitEthernet, address is 0000.Oca4.db61 (bia 0000.0ca4.db61)
Internet address is 10.0.0.2/8
62

Token Ring
Token Ring - , IBM (International
Business Machines) IEEE 802.5.
Token Ring , ,
, Ethernet. Token Ring
.
: 4 / 16 /.

. , Token Ring,
.

.
, ,
, .
, .
-
. ,
,
,
. 16- Token Ring -
,
, ,
(early token release). CSMD/CD,
, Token Ring
, . ,
, , .
Token Ring . ,
, ,
. Token Ring .
3.4.
CSMA/CD .
""
- . ,
, CSMA/CD.
63
E show
interfaces 0 Token Ring, 1 -:
San-Jose#show interfaces tokenring 1/0
Tokenring 1/0 is up,
line protocol is up
lardware is 16/4 Token Ring,
address is 5500.2000.dc27
(bia5500.2000.dc27)
Encapsulation SNAP, loopback not set, keepalive set (10 sec)
ARP type: SNAP, ARP Timeout 4:00:00
Ring speed: 16 Mbps
Single ring node, Source Route Bridge capable
Group Address: 0x00000000, Functional Address: 0x60840000
Five minute input rate 0 bits/sec, 0 packets/sec
Five minute output rate 0 bits/sec, 0 packets/sec
0 output errors, 0 collisions, 2 interface resets, 0 restarts
5 transitions
, .
Token Ring,
16 /.
Token Ring
Token Ring (4 / 16
/) IOS ring-speed.
Token Ring ;

.
.
16 /
, Token Ring
. ( Cisco
) Token Ring ,
.
Token Ring IOS
early-token-release.
Token Ring
16 / :
San-Jose#configure
San-Jose(config-if)#ring-speed 16
San-Jose(config-if)#early-token-release
San-Jose(config-if) #^Z
FDDI
(Fiber Distributed
Data Interface FDDI) .
FDDI ANSI X3T9.5
1980- . Token Ring, ,
, ,
.
64
FDDI , .
, , .
,
,
FDDI-. . 3.5.
Fast Ethernet FDDI 100

/. ,
FDDI

( ). ,
Cisco FDDI
, ,
. ZIP
- FDDI ,
. show
interfaces FDDI SF-Core-1:
SF-Core-l>show interfaces fddi /
FddiO/0 is up, line protocol is up
Hardware is cBus Fddi, address is 0000.Oc06.8de8 (bia 0000.Oc06.8de8)
Encapsulation SNAP, loopback not set, keepalive not set
ARP type: SNAP, ARP Timeout 4:00:00
Phy-A state is active, neighbor is B, cmt signal bits 008/20C, status
ILS
Phy-B state is connect, neighbor is unk, cmt signal bits 20C/000,
status QLS
ECM is insert, CFM is c_wrap_a, RMT is ring_op
token rotation 5000 usec, ring operational IdOl
Upstream neighbor 0000..8b7d, downstream neighbor ..8b7d
5 transitions, 0 traces
, ,
, (BW) 100 /
. (Phy-A
; Phy-B ) , .
65

Cisco
.
:
High-Level Data Link Control (HDLC);

Point-to-Point Protocol (PPP);
X.25;
Frame Relay;
Asynchronous Transfer Mode (ATM);
Digital Subscriber Line (DSL);
Integrated Services Digital Network (ISDN).
, ,
OS1.

.

.
, ( ),
.
HDLC, , "
",
. ,
,
, . X.25,
Frame Relay ATM ,
.
. DSL ,

, . ISDN
,
. ISDN , (
).
, , ,
, . ,
. , ,
, ,
, .
, .
,
, ,
.
, Cisco
( ).
, .
,
.
66
Frame Relay.
.
. ,
, .
, .
, Cisco,
: .
,
, .

.

.
,
. Frame Relay
.25.
ATM Switched Multimegabit Data Service (SMDS) ( SMDS
)
. ,
, ,
.
, -
, . . 3.1
, ,
.
,
OSI.
OSI.
OSI, IP, IPX Apple
Talk. Cisco ,
IP-, , Frame Relay.
3.1.
HDLC
25
Frame Relay
ATM
DSL
ISDN

IP-
, .
IP- Frame Relay,
, Frame Relay. ,
, Frame Relay.
Frame Relay
Frame Relay.
67
Frame Relay;
"" .
.
Frame Relay Ethernet, - ,
, Ethernet
.
HDLC
HDLC ,
(ISO).
Cisco . Cisco
HDLC-
.
Cisco HDLC,
HDLC .
- .
, HDLC SDLC
(Synchronous Data Link Control), IBM.
, ZIP -,
serialO/0, HDLC-:
San-Jose>show interface serial /
SerialO/0 is up, line protocol is up
Hardware is QUICC Serial
Output queue: 0/64/0 (size/threshold/drops
Reserved Conversations 0/0 (allocated/max allocated
Received 518019 broadcasts, 0 runts, 0 giants, 0 throttles
1824 input errors, 661 CRC, 542 frame, 0 overrun, 0 ignored, 621
abort
DCD=up DSR=up DTR=up RTS=up CTS=up
HDLC ( ,
Cisco). ,
show
interfaces serialO/0.
Point-to Point
(Point-to-Point) ,
Cisco. ,
, IP, IPX AppleTalk.
HDLC, .

, ,
68
.
. -
.
Link Control Protocol
(LCP), , ,
. (Network Control Protocol NCP)
(
OSI, ),
.
IP, IPX AppleTalk NCP- IPCP, IPXCP ATALKCP,
.

, encapsulation
ppp. seriall/1 -
:
San-Jose#configure
San-Jose(config)#nterface serial 1/1
San-Jose(config-if)#encapsulation ppp
San-Jose(config-if)# ^Z
,
interface serial 1/1 encapsulation ppp.
, ZIP -,
seriall/1, :
Seriall/1 is up, line protocol is up
Hardware is HD64570
Encapsulation PPP, loopback not set, keepalive not set
LCP Open
Open: IPGP
, LCP .
, IPCP. , IPCP,
,
IP-.
.25
.25 1970- .
, ,
69
, .
.25 (1TU)
, .
.25 , ,
.
, , .25
, , ,
. ,

. ,
. .25
(DTE)
(). DTE (, Cisco)
(, ), , ,
.25 , , DTE.
(D) ,
- . D
,
,
D DTE.
(DTE) , ,
-.
, . DTE
D (,
) , D.
"" .25 , DTE,
, , ,
. .25
. DTE-
DTE-. . 3.6.
.25 , .121.
.25
ITU-T Recommendation X.121. .25
, .121- - .
, .121,
14 .
(data network identification code DNIC).
70
.25
.25
Cisco, ,
.25.
encapsulation 25.
,
, ,
.121 .25 . ,
Cisco X.I21- ,
.25.
25 address. .25
,
( 128 ).
.25
Cisco
(ips) (ops) . 25 ips 25 ops.
.25
, .
.25
(win) (wout). (
2 .)
25 win 25 wout.
.25
.
DTE
.25 .
-
.25 .121-
537000000001. 256
7 :
San-Jose#configure
San-Jose(config)#interface serial 1
San-Jose(config-if)#encapsulation x25
San-Jose(config-if)#x25 address 537000000001
San-Jose(config-if)#x25 ips 256
San-Jose(config-if)#x25 ops 256
San-Jose(config-if)#x25 win 7
San-Jose(config-if)#x25 wout 7
San-Jose(config-if)#AZ
,
.
show interfaces
.25 :
Serial 0 is up, line protocol is up
Hardware is MCI Serial
Encapsulation X25-DTE, loopback not set, keepalive set
LAPB state is CONNECT, Tl 3000, N1 12000, N2 20, K7, TH 3000
Window is closed
IFRAMEs 12/28 RNRs 0/1 REJs 13/1 SABMs 1/13 FRMRs 3/0 DISCS 0/11
71

,
: .25 DTE.
Link Access Procedure, Balanced (LAPB).
LAPB , .25
HDLC. .25 ,
EXEC show x25 vc.
Frame Relay
Frame Relay ,
.
(Integrated Services Digital Network ISDN).
( ISDN .)
Frame Relay
(CCITT) 1984 .
,
. 1980- .
.25, Frame Relay
. Frame Relay
,
-
. Frame Relay ,
, .25.
, , Frame Relay.
.
,
.
, .25 .121, Frame Relay
, (data link connection identifiers
DLCI). DLCI Frame Relay
.
DLCI . ,
, , Frame
Relay DLCI-, Frame Relay
DLCI- ,
. Frame Relay . 3.7.
72
1990 Cisco, Digital Equipment Corporation, Northern Telecom StrataCom

, Frame Relay
.
Frame Relay, 1,
,
Frame Relay.
, (Local Management
Interface LMI), DTE- Frame Relay (, )
DCE- ,
Frame Relay.
LMI DLCI,
( ) .
LMI, Cisco, DEC, NT StrataCom

LMI, Cisco LMI.
LMI (ANSI)
LMI, Annex-D ( D),
Frame Relay .
Frame Relay

Cisco Frame Relay,
encapsulation frame-relay.
frame-relay interface-dlci
DLCI. Cisco Frame Relay
Cisco LMI. framerelay imi-type LMI
ZIP, Frame Relay
:
Singapore#configure
Singapore(config-if)#encapsulation frame
Singapore(config-if)#frame-relay interface-dlci 100
73
Singapore(config-if)#frame-relay Imi-type ansi

, Cisco .
,
,
, .
, IOS.

.
, IP,
AppleTalk.
interface serial slot/port.number. number ()
, slot/port.
: .
,
.
, .
,
"".
. 3.8.

( ).
serial 0.100:
Singapore#configure
memory,
or network
[terminal]?
one per line.
End with CTRL+Z.
Singapore(config-if}#encapsulation frame
Singapore(config-if)#interface serial 0.100 point-to-point
Singapore(config-subif)#frame-relay interface-dlci 100
Singapore(config-subif)#frame-relay Irai-type ansi
Singapore(config-subif)#^Z

. DLCI .
Frame Relay show interfaces.
74
show interfaces s 0 ZIP

:
SerialO is up,
line protocol is up
Hardware is HD64570
MTU 1500 bytes,
BW 256 Kbit,
DLY 20000 usec,
rely 255/255,
load 1/255
Encapsulation FRAME-RELAY,
loopback not set,
keepalive set
(10 sec)
LMI enq sent
459618, LMI stat recvd 459618,
LMI upd recvd 0,
DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 100 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 121505/0, interface
broadcasts 121505
Output queue: 0/64/0 {size/threshold/drops)
DCD=up DSR=up DTR=up RTS=up CTS=up
,
Frame Relay. LMI.
show interfaces s 0.100,
:
SerialO.100 is up,
line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 256 Kbit, DLY 20000
Encapsulation FRAME-RELAY
usec, rely
255/255, load 1/255
, ,
show interfaces. ,
,
( serialO).
Frame Relay ,
EXEC show frame pvc show frame svc maplist.
maplist.
,
.
DLCI- 100
ZIP :
PVC Statistics for interface Serial 0 (Frame Relay DTE)
DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
SerialO.100
input pkts 34263984 output pkts 29648752 in bytes 3135739012
out bytes 1083480465 dropped pkts 93 in FECN pkts 170
in BECN pkts 11741 out FECN pkts 0 out BECN pkts 0
in DE pkts 15741022 out DE pkts 0
pvc create time 7w5d, last time pvc status changed IdlOh
75
Asynchronous Transfer Mode

(Asynchronous Transfer Mode ATM)
ITU-T
. ATM 53
.
, ATM
, , . ATM
ATM (DCE) ATM (DTE).
ATM, .
, ATM.
ITU-T ATM
(Broadband Integrated Services Digital Network
BISDN), ,
. ATM,
,
ATM- , ATM
. -
(User-Network Interface UNI). UNI ,
LMI Frame Relay,
ATM- . ATM-
, ATM- (
- Private Network-to-Network Interface PNNI),
ATM-, LAN
Emulation (LANE).
, ATM
:
. ATM ,
. , ATM
: . ATM
.25 Frame Relay.
ATM- (virtual paths),
, (virtual path identifiers
VPI). , ATM
VPI.
.
ATM VPI
(virtual channel identifier VCI). VPI ,
, a VCI ,
VPI. VPI VCI
. DLCI Frame Relay,
. ATM VPI/VCI
(
-).
ATM .
, , ,
, . 3.9.
76
3.9. ,
ATM-
ATM- :
64 ( , )
(OSI Network Service Access Point
NSAP). .164 ITU-T, ,
NSAP, ATM-. .164
ATM-
, NSAP- ATM-, ,
, ATM- .
, ATM-
, .
ATM ,
ATM (ATM adaptation layer AAL). AAL- , '
OSI. AAL
ATM- OSI. AAL1
ATM-,
ATM- .
AAL1
. , AAL3/4,
, . AAL3/4
.
AAL3/4
(Switched Multimegabit Data Service
SMDS), , .
AAL, AAL5, .
AAL5 ,
SMDS-, , .
ATM- AAL5.
ATM
(Quality of Service QoS). ATM-
ATM-,
,
.
,
.

.
,
.
, .
ATM-

(, , ).
77
ATM
ATM Cisco
( VIP-). , ATM
encapsulation.
ATM. , , ,
, atm
pvc. PVC1
AAL5 VPI 0 VCI 100:
Router#configure
Router(config)#int atm2/0
Router(config-if)#atm pvc 1 0 100 aalSsnap
Router(config-if)#AZ
ATM- show interfaces.

show interface atm2/0
:
2/0 is up, line protocol is up
Hardware is cxBus ATM
MTU 4470 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255 Encapsulation
ATM, loopback not set, keepalive set (10 sec) Encapsulation(s): AAL5, PVC mode
256 TX buffers, 256 RX buffers, 1024 Maximum VCs, I Current VCs Signalling vc = 1,
vpi = 0, vci = 100
ATM NSAP address: BC.CDEF.01.234567.890A.BCDE.F012.3456.7890.1234.13 Last input
0:00:05, output 0:00:05, output hang never
, ATM ,
5-
. VC, VPI VCI .
, ATM NSAP-,
.
Digital Subscriber Line

Digital Subscriber Line (DSL) ,
. DSL
"",
" ".
64 / 8 /.
,
, , ,
DSL. ,

.
78
DSL.
xDSL.
(Asymmetric Digital Subscriber Line
ADSL), (Symmetric DSL SDSL)
(Very High Data Rate DSL - VDSL).
ADSL
.
( ), . ADSL
Internet- , Internet
, .
Internet- DSL-,
. ADSL-,
" ".
: ,
. ADSL-

.
, , ,
ADSL- , , Frame Relay
ATM.
.
, ADSL-,

. . 3.10.
Internet- , ADSL,
,
. , ,
.
SDSL
79
(
).
Internet. Internet-
SDSL- ,
ADSL. , ,
" ",
.
VDSL
" ". ,
DSL,
DSL-. VDSL ,
DSL-
. ,
13 55 /. ,
VDSL
, 1,6 2,3 /.
Cisco , 600,
DSL-.
DSL Ethernet ADSL SDSL.
IOS,
Cisco Broadband Operating System (CBOS).
IOS, Cisco
CBOS IOS.
Cisco, IOS CBOS,
, .
ISDN
(Integrated Service Digital
Network ISDN)
, ,
, .

ISDN
Internet,
. ISDN ISDN
,
. ISDN-
, .
, ISDN, .
: , ISDN
1 (1), , ISDN
2 (2). 2
ISDN (). 1 .
ISDN
(network termination device) 1 (NT1)
2 (NT2).
, ,
,
.
NT1
. ISDN-,
ISDN- ISDN-,
NT1. NT1
80
; ISDN- .
NT2, NT1
, -.
ISDN- . 3.11.
ISDN :
(Basic Rate Interface BRI)
(Primary Rate Interface PRI). BRI D- (2B+D). BRI -,
64 /, . BRI D-,
16 /,
ISDN. D-
. (,
.25.) - BRI
64 /, -
128 /.
PRI 23 - D-,
64 / (
). , PRI
23 . ,
ISDN- PRI 30 - D-,
64 /.
(service profile identifier SPID) ,
,
ISDN- . SPID
. ISDN- SPID ISDN, BRI
PRI. SPID ISDN
.
ISDN
ISDN Cisco,
IOS, , .
, ISDN- -
.
ISDN-,
, IOS,
isdn switch-type ?. ,
,
ISDN-.
, IOS,
isdn switch-type. Cisco
81
ISDN-, ,
. ISDN Cisco ,
.
ISDN BRI SPID,
isdn spidl isdn spid2.
SPID - ISDN-.
BRI SPID.
ISDN PRI Cisco,
.
,
Cisco 3600, Cisco 4000 Cisco 7000, Cisco 5300.
PRI ISDN- 1.
1 ,

.
. 1
seriall/0.
ESF (Extended Superframe),
8 B8ZS (binary 8-zero substitution).
, ISDN PRI 24 . ESF
, 1.
24 192 , 193- ,
. B8ZS ,
, .
8
, .
Router#configure
Router(config)#controller Tl 1/0
Router(config-if)#framing esf
Router(config-if)#linecode b8zs
Router(config-if)#pri-group timeslots 1-24
Router(config-if)#^Z
BRIO
ZIP . ISDN- DMS1000
Northern Telecom. ISDN-
. , ISDN ,
, (
) :
Seoul-ASl#configure
memory,
or network
[terminal]?
Seoul-ASl(config)#isdn switch-type basic-dmslOO
Seoul-ASl(config)#interface brio
Seoul-ASl(config-if)#encapsulation PPP
Seoul-ASl(config-if)#tisdn spidl 8864567832
Seoul-ASl(config-if)#isdn spid2 8864567833
Seoul-ASl(config-if)#^Z
ISDN- show interfaces.

BRIO Seoul-ASl:
82
BRIO is up, line protocol is up (spoofing)

Hardware is BRI with U interface and external S bus interface
Encapsulation PPP, loopback not set
Last input 00:00:02, output never, output hang never
, BRIO
(spoofing). , ISDN- ,
. ISDN-
,
IOS. ,
.
, , . ,
. ,
, ,
(dial-on-demand routing).
, ISDN- .
IOS ,
, . 3.2.
, OSI,
OSI
Cisco IP (Internet Protocol).
interface

, ,
VIP-.

description
. ,
show interfaces
shutdown
encapsulation

,
.
3.2. IOS

/
media-type {aui, lObaseT,
Ethernet Fast
,
mii, lOObasex}
Ethernet

AUI, RJ-45 MII
83
Fast Ethernet
Gigabit Ethernet
full-duplex
Token Ring
ring-speed {4116}

4 / 16 /
early-token-ring
x25 address .121
X 121
X
25
x25 ips; x25 ops
x25 win; x25 wout
Frame Relay
frame-relay interface-dlci
ATM
frame-relay Imi-type
DLCI

LMI
X25
atm pvc
DSL
ISDN
,
-
set bridging

(
CBOS)
set interface

( )
,
IOS
isdn switch-type
isdn spidl; isdn spid2

SPID
BRI
pri-group timeslots
framing
linecode

84

. 3.3 EXEC,
.
3.3. EXEC
show frame pvc

Frame
Relay
show frame
svc

Frame Relay
show interfaces

X 25
show x25 vc

, ,
.
1. Cisco Systems, at al. Internetworking Technologies Handbook, Third Edition. Indianapolis
Indiana: Cisco Press, 2001. (
, 2001 "".)
2. Stallings, W. Networking Standards: A Guide to OSI, ISDN, LAN and IVAN Standard.
Reading, Massachusetts: Addison-Wesley Publishing Company, 1993.
85
TCP/IP

TCP/IP- IP
IP-

IP-
, ,
, show.
IP-

distnbute-list, passive-interface no auto-summary
IP-
access-list, ip access list access-group
IP-
ISDN-
IP-

show, ping, trace debug
IP
, , IOS DHCP-
Hot Standby Router Protocol
86
,
Transmission Control Protocol/Internet Protocol (
/ ), ! TCP/IP,
IOS Cisco. 70-

(DARPA)
TCP/IP

TCP/IP
,

TCP/IP IOS Cisco TCP/IP
(
" ").
TCP/IP-
IP-, , ,
- , IP-
, .

TCP/IP ,
, ,
,

(IP) (UDP TCP)
OSI.
TCP/IP
TCP/IP . ,
.
,
Internet (Internet Engeneering Task Force IETF)
.
IETF , ,
,
(Request For Comment RFC). ,
, ,
TCP/IP.
, , ,
TCP/IP.
, Web- (Information Sciences Institute of the University of Southern
California ISI) no www.rf c-editor.org/rf.html
Internet Protocol (IP), TCP/IP,
, 3 OSI. ,
, IP ( ). IP- ,
( ),
.
4 OSI TCP/IP
: (User Datagram Protocol UDP) TCP.
87
,
, .
UDP , , ,
. ,
, - .
UDP TCP ,
-
. TCP
, ,
.
IP- 32- ,
8 , .
IP: , , . .
IP-, 32- , ,
, :
10101100.00010000.00000001
0 1.
00000000 11111111. 32 .
, TCP/IP ,
, IP- (
). ,
1, 255:
1
1
128 64
1
32
1
16
1 1 1 1 =
8 4 2 1 =
:
128+64+32+16+8+2+1
255
:
1
0 1
0 1 1 0 0 . 0
0
0 1 0 0
128 64 32 16
8 4 2 1
.128
64
32 16 8 4
128+0+32+0+8*4+0+0=172
0+0+0+16+0+0+0+0=16
0
0
0 0 0 0 0 1 . 0
0 0
0 0 0
128 64
32 16 8 4 2 1. 128
64 32
16 8 4
0+0+0+0+0+0+0+1=1
0+0+0+0+0+0+0+1=1
0 0 .
2 1.
0 1 .
2 1.
, IP- 172.16.1.1.
IP- IP-: ,
-.
. -

.
-, .

- -
.
"" -
.
88
, .
IP- ()
() (-).

.
, ,
, ,
1.
.

0,
. -.

,
-.
;
1, 0.
14 16 -.
.
;
1, 0.
22 8
-. ,

255 -.
D . D
,
1. -
, ,
,
IP- . , ,
,
,
.
IP. ,
. 1
.
. 4.1 , .
89
90
IP-
, 1, ,
. ,
, , ,
, -. , ,
, .
, , , , .
( ). IP-,
32- ,
. IP-
1 , IP-,
-.
, 2 5 5 . 2 5 5 . 0 . 0 ,
16 IP-, 16
, -. ,
, -, ,
255.255.254.0.
, 255.255.255.240. . 4.2
IP-.

,
. ,
, , 65 000 -,
( - 8 )
255 255 - . IP-
, ,
, -. , IP- 131.108. 3 . 4
25 5.25 5 .0. 0 131.108.0.0, 3 . 4 . IP- 131.108.3.4
255.255.255.0 131.108.0.0, 3
- 4.
,
, , IP-
. IP.
.
Internet, IP-,
IP- IP-
, IP-, IP .
IP-
, (classless
interdomain route block CIDR).
91
,
Internet- CIDR-.
.
255 , 2 0 9 . 3 2 . 0 . 0 209.32.255.0.
,
255.255.255.0.
2 0 9 . 3 2 . 0 . 0
255.255.0.0. , ClDR-,
,
.
.
1 2 . 0 . 0 . 0 2 5 5 . 0 . 0 . 0
Internet-.
,
. , 1 2 . 1 . 0 . 0 1 2 . 1 . 2 5 5 . 0
CIDR- 1 2 . 1 . 0 . 0
255.255.0.0.
IP- .

, ,
, . CIDR
. IP-
IP-.

"/",
92
, 1. 255.255.0.0
16 . /16 ( ", 16").
255.255.252.0 22 , /22.
(bit-count mask).
IP-, 131.108.0.0/16,
131.108.0.0 255.255.0.0.
, 206.220.224.0/22
206.220.224.0 255.255.252.0 ( CIDR-,
206.220.224.0 206.220.227.0, 255.255.255.0).
, 2, "
", ,
. Number of
bits in subnet field[0] ( [0])
, -,
,
. , 1 7 ,0 . 0.0 ,
24 -.
,
, IOS
255. 255.128 . 0.
IP-
- ,
,
, ,
.
, .
Internet Internet-
? ,
Internet- ?
(,
)?
?
- ?
?
Internet ,
. ,
, , Internet
. Internet
Internet- ,
,
, . :
Internet- (American Registry for Internet Numbers ARIN), IP-
(Reseaux IP Europeens RIPE) - (Asia
Pacific Network Information Center APNIC). Internet-
, - ,
.
-,
. IP- Internet. Internet-,
-. ,
93
-, , ,
, .
. ,
, . ,
Internet- (
). ,
, Internet.

Internet- .

IP- .
Internet
Internet.
IP-.
,
,
-.
,
. , - Internet
.
, , .
IP- , ,
Web- .
Internet- www.arin.net
IP- www.ripe.net
- www. apnic. net
Internet ,
(Network Address
Translation NAT), , Private Internet' Exchange (PIX)
( ) Cisco Systems,
IP-, ,
Internet (IETF) .
,
Internet Internet- .
, ,
. IP-
1918 " Internet"
:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Internet-
,
.
, -
, /
, .
IP-,
. IP- 10.0.0.0
94
-
/ . 24-
10.0.0.0. 255 - ,

.
IP- Internet- ,
, ,
. ,
,
, 30- .
, 255 ,
30- 64
.
, ,
,
. , , 10
, , 128 .
, -,
, ,
.
,
,
,
. ,
Cisco Systems IP Subnet Design
Calculator
(
IP-),
Cisco
www cisco.com/techtools/ip_addr.html.
IP-.

, , , ,
. , ,
.
, , , IP-
.
IP-

.
(Ethernet, Token Ring, Fast Ethernet, Gigabit Ethernet
FDDI), 3, " Cisco",
( -)
IP-, . ,
, ,
(Address Resolution Protocoll ARP).
IP- IP-,
, , IP-
IP-
. 4 3. ,
IP- , -.
, - ,
.
95
IP-
IP-.
IP-,
ZIP, . 4.1.
4.1. IP- ZIP

IP-

131.108.0.0/16
, Ethernet
131.108.1.0/25
-, Ethernet
131.108.2 .0/25
, Ethernet
131.108.3.0/25
-, Fast Ethernet
131.108.20.0/22
-, Token Ring
131.108.100.0/24
SF-1, Ethernet
131.108.101.0/24
SF-2, Ethernet
131.108.110.0/24
SF-2, Ethernet
131.108.120.0/24
SF--1->-,
131.108.240.0/30
SF-Core-2 ->Seoul-2,
131.108.240.4/30
HDLC
- ->Seoul-1,
131.108.241.0/30
HDLC
Seoul-1 -> -,
131.108.242.0/30
Frame Relay
Seoul-1 -> , 131.108.242.4/30
Frame Relay

131.108.254.0/32
ZIPnet -> Internet-, 192.7 .2.0/30 (

HDLC- Internet -
Internet-)
ZIPnet-> Internet-, 211.21.2.0/30 (
HDLC- Internet ,
Internet-)
96
. 4.4 IP- ZIP.
IP- IP , ZIP :
131.108.20. 45 SNMP-;
1 3 1. 1 08.21.70 DHCP- WINS-;
131.108.101.34 SMTP- DNS-;
131.108.101.35 SMTP- DNS-;
131.108.101.100 WWW- -;
131.108.110.33 Syslog, TACACS+ RADIUS-.
IP-
IOS ip address. ,
IP-, .
SF-2 IP-
. ip address
interface, ,
, ip address.
SF-2#configure
memory,
or network
[terminal]?
one per
line.
End with CNTL/Z.
SF-2(config)#interface ethernet 0
SF-2(config-if)#ip address 131.108.110.1 255.255.255.0
SF-2(config-if)#interface ethernet 1
SF-2(config-if)#interface fastethernet 0
SF-2(config-if}#ip address 131.108.20.2 255.255.252.0
SF-2(config-if)#^Z
97

IP-
.

,
IP-.
IP-
, .
,
0.
, 131.108.0.0, 131.108.0.0. ,
, .
SF-1 :
S F-1# configure
Enter configuration commands, one per line. End with CNTL/Z.
Bad mask 255.255.255.128 for address 131.108.0.1
SF-1(config-if)#^Z
,
, .
ZIP IP-,
131.108.0.0/25 .

.
, .
SF-1 ,
ip address IOS ip subnetzero.
S F-1# configure
SF-1{config)#ip subnet-zero
SF-1(config-if)#^Z

IP-
, .

.
, ,
Frame Relay, X.25, ISDN ATM,
IP-.
,
98
.

.
, , Frame Relay ATM, .
,
,
.
( ) IP-,
.

. ,
, .
, , , HDLC Frame
Relay, IP-, ip address (
, ).
, ip address IP-.
(
) IP-. ,
, , ip address
IOS interface. IP-
HDLC- Frame Relay
Seoul-1 ZIP:
Seoul-l#configure
Seoul-1(config)#interface serial 0.16 point-to-point
Seoul-1(config-if)#ip address 131.108.242.1 255.255.255.252
Seoul-1(config-if)#interface serial 0.17 point-to-point
Seoul-1(config-if)#interface serial 1
ZIP ,
, Seoul-2
. IP-
IOS ip unnumbered. IP, ,
IP-, .
, Ethernet Token Ring,
, .
, .. ,
, .
Seoul-2 ZIP:
Seoul-2#configure
Seoul-2(config)#interface serial 1
Seoul-2(config-if)#ip unnumbered loopback 0
Seoul-2(config-if)# ^Z
IP- . -,
(, Telnet)
99
SNMP
. (SNMP
; 7, "
".) IP-
,
. -,
, ,
. ,
- ,
, .

,
.
,
, IP-
. , , .25, ISDN,
ATM Frame Relay, ,
, .
IP- , ,
IP- -.
IP-
. ,
. Frame
Relay, ,
(Inverse ARP).
ZIP Frame Relay,

. ZIP .25, ISDN ATM.
3, Frame Relay ,
Frame Relay, DLCI-.
Frame Relay -1 ,
DLCI-.
IP-,
, IP- LCI-.
Frame
Relay ,
. Frame Relay.
Frame Relay
IOS frame-relay map
Inverse ARP.

,
IP-. Frame
Relay SF-Core-1 frame-relay map:
SF-Core-l#configure
SF-Core-1(config)#interface serial 1/1
SF-Core-1(config-if)#encapsulation frame-relay ietf
SF-Core-1(config-if}#no inverse-arp
SF-Core-1(config-if)#ip address 131.108.130.1 255.255.255.0
SF-Core-1(config-if)#frame-relay map ip 131.108.130.17 30 Cisco broadcast
SF-Core-1(config-if)#frame-relay map ip 131.108.130.20 50 broadcast
SF-Core-1(config-if)#frame-relay map ip 131.108.130.35 62 broadcast
100
SF-Core-1(config-if)#^Z
Inverse ARP
no inverse-arp. IP-
DLCI-.
DLCI 30 IP- 131.108.101.17
, Cisco "" (gang of four).
( IETF,
IOS encapsulation frame-relay ietf.)
broadcast frame-relay map
.

IOS, IP- ,
/ ,
, , .
.
IOS - Cisco
Connection Documentation Web- www.cisco
com.universd/home/home.
IP DLCI- , frame-relay map
. Inverse ARP
, Frame Relay
. , , ,
IP-
DLCI-. Inverse
ARP :
SF-Core-l#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-Core-1(config)#interface serial 1/1
SF-Core-1(config-if)#encapsulation frame-relay ietf
Frame Relay .
IP- DLCI- Inverse ARP,
,
.
, Frame Relay
IETF Cisco
" frame-relay map.
.25 ,
Frame Relay, .. static map.
IP- .25 121,
, .25.
- .121,
. .25
101
ZIP --1
25 map:
SF-re-1# configure
SF -Core-1(config)#interface serial 1/2
SF -Core-1(config-if)#encapsulation x25
SF -Core-1(config-if)#x25 address 44598631
SF -Core-1(config-if)#ip address 131.108.102.1 255.255.255.0
SF -Core-1(config-if)#x25 map ip 131.108.102.15 44593389 broadcast
SF -Core-1(config-if}#x25 map ip 131.108.102.29 44591165 broadcast
SF -Core-1(config-if)#tx25 map ip 131.108.102.176 44590712 broadcast
SF -Core-1(config-if)#^Z
ISDN , ,
Frame Relay .25.
,
.
, IP-
. IP-
, ISDN,
IOS dialer map.
IP- ,
dialer map name. , name

. ISDN BRI
(Basic Rate Interface )
ZIP Seoul-1:
Seoul-l#configure
Seoul -1(config)#interface bri 0
Seoul -1(config-if)#ip address 131.108.103.3 255.255.255.0
Seoul-1(config-if)#dialer map ip 131.108.103.1 name SF-Core-1 broadcast 14085551212
Seoul-1(config-if)#dialer map ip 131.108.103.2 name SF-Core-2 broadcast 14085551313
ATM, ,
ip address. ATM ,
IP- , ATM, .
.
/
(Logical link control/Subnetwork Access Protocol
(LLC/SNAP) encapsulation with PVC's). ATM
. IP-
.
LLC/SNAP .
IP-
ATM- . ATM-
, ATM-
IP-.
IP ARP. ATM IP- ,
ATM ARP-.
LLC/SNAP
102
IP-
IOS map-group
map-list. , , SFCore-1 ATM-
LLC/SNAP :
SF-Core-l#configure
Configuring from terminal, memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-Core-1(config)#interface atm 1/0
SF-Core-1(config-if)#atm pvc 3 0 21 aalSsnap
SF-Core-1(config-if)#atm pvc 5 0 22 aalSsnap
SF-Core-1 (config-if)#map-group zipl
SF-Core-1(config-if)#map-list zipl
SF-Core-1(config-map-list)#ip 131.108.104.2 atm-vc 3 broadcast
SF-Core-1(config-map-list)tip 131.108.104.7 atm-vc 5 broadcast
SF-Core-1(config-map-list)#^Z
LLC/SNAP
IP- (network service
access point NSAP), ATM, IOS map-group
map-list.
, ATM LLC/SNAP
SF-Core-1:
SF-Core-l#configure
SF-Core-1(config)tinterface atm 1/0
SF-Core-1(config-if)ttatm nsap
FE.DCBA.01.987654.3210.ABCD.EF12.3456.7890.1234.12
SF-Core-1(config-if)#map-group zipl
SF-Core-1(config-if)#map-list zipl
SF-Core-1(config-map-list)#ip 131.108.104.2 atm-nsap
Al.9876.AB.123456.7890.FEDC.BA.1234.5678.ABCD.12
SF-Core-1(config-map-list)#ip 131.108.104.7 atm-nsap
B2.9876.AB.123456.7890.FEDC.BA. 1234.5678.AB12.12
SF-Core-1(config-map-list)#^Z
IP ARP IP-
ip address. ATM-
ATM ARP-, IP- ATM NSAP, .
ATM- IP
ARP SF-Core-1:
SF-Core-l# configure
SF-Core-1(config)#interface atm 1/0
SF-Core-1(config-if)#atm nsap
FE.DCBA.01.987654.3210.ABCD.EF12.3456.7890.1234.12
SF-Core-1(config-if)#atm arp-server nsap
01.ABCD.22.030000.0000.0000.0000.0000.0000.0000.00
103
IP-
IP- IP-, ,
EXEC. IOS EXEC
show interface , IP-
. ,
. ,
. ,
the show interface ethernet 0
ZIP SF-2:
SF-2#show interface ethernet 0
Hardware is Lance, address is 0000.Oc07.b627 (bia 0000.Oc07.b627)
Internet address is 131.108.110.1 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,rely 255/255,load 1/255
Encapsulation ARPA,loopback not set,keepalive set (10 sec)
ARP type:ARPA,ARP Timeout 04:00:00
Last input 00:00:00,output 00:00:00,output hang never
Last clearing of "show interface " counters never
Queuing strategy:fifo
Output queue 0/40, 0 drops;input queue 0/75, 0 drops
IOS EXEC show ip interface

, IP- .
,
. ,
. show ip
interface ethernet 0 SF-2 ZIP:
SF-2#show ip interface ethernet 0
Internet address is 131.108.110.1 255.255.255.0
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is enabled
Router Discovery is disabled
104
IP output packet accounting is disabled

IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
show ip interface ,
IP- .
show ip interface brief.
show ip interface brief SF-2
ZIP:
SF-2#show ip
Interface
EthernetO
Ethernetl
FastEthernet
interface brief
IP-Address
131.108.110.1
131.108.120
0131.108.20.2
OK?Method
YES NVRAM
YES NVRAM
YES NVRAM
Status
up
up
up
Protocol
up
up
up
IP-
, IP-
.
IOS EXEC show frame-relay map, show atm map,
show x25 map show dialer maps. ,
show frame-relay map ZIP
Seoul-1:
Seoul-l#show frame-relay map
SerialO.16 (up): point-to-point dlci, dlci 16(0x10,0x400), broadcast,
status
defined, active
SerialO.17 (up): point-to-point dlci, dlci 17(0x11,0x410), broadcast,
status
defined, active
Seoul-l#

, , show frame-rel a y
map.
"TCP/I - ",
,
.
.
,
IOS EXEC terminal ip netmask format decimal.
.
ZIP Seoul-1:
Seoul-lttterminal ip netmask-format decimal
Seoul-It
,

ip netmask-format decimal.

ZIP Seoul-1:
105
Seoul-1#configure
Configuring from terminal, memory, or network [terminal] ?
Seoul-1(config)#line vty 0 4
Seoul-1(config-line)#ip netmask-format decimal
S e o u l - 1 ( c o n f i g - l i n e ) # ^Z
IP-
IP- ,
, .
IP-, ,
,
Internet. , ,
,
, IP-
.
, ,

, .

Internet .
, .
, , IP-
( , , , Internet).
, ,
.
,
.
.
,
.

. " IP-"
.
IP- .
IP-
IP-,
IOS ip routing. IOS
, IP- . ,
IP- ,
.
Cisco IP . ,
,
ip routing. , IP ZIP Seoul-1:
Seoul-1#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
Seoul-!(config)#ip routing
Seoul-1(config-line)#^Z
106
IP- ,
. IP-

. ,
. ,
,
,
.
, .
IP- EXEC show ip
route. ,
.
Seoul-1 ZIP,
- ,
:
Seoul-l#show ip route
Codes:
-connected,
S -static,
I -IGRP,
R -RIP,
M -mobile,
-BGP D -EIGRP,
EX -EIGRP external,
0 -OSPF,
IA -OSPF inter area
N1
-OSPF NSSA external type 1,
N2
-OSPF NSSA external type 2 El
-OSPF external type 1,
E2 -OSPF external type 2,
E -EGP i -IS-IS,
LI -IS-IS level-1, L2 -IS-IS level-2,
* - candidate default U - peruser static route,
-ODR
Gateway of last resort is not set
131.108.0.0/16 is variably subnetted,
4 subnets,
2 masks
131.108.3.0/25 is directly connected,

EthernetO

SerialO.16
131.108.242.4/30
is directly connected,
SerialO.17
131.108.241.0/30
Seriall
show ip route .
, ,
.
. , .
,
.
, ,
,
.
,
.

. ,
ZIP 1 3 1 . 1 0 8 . 0 . 0
. ,
,
. ,
IP-,
. ,
IP-
. - (
/30) 65536 ( ,
/16), -,
.
show ip route ,
. ,
,
107
, ,
IOS EXEC show ip route connected
,
. , show ip route static ,
.

. Seoul-1 ZIP
show ip route 131.108.3.0:
Seoul-l#show ip route 131.108.3.0
Routing entry for 131.108.3.0/25
Known via "connected ",
distance 0,
metric
Descriptor Blocks:
* directly connected,
via EthernetO
Route metric is 0,
traffic share count is 1
(connected) Routing
show ip route
" IP-".
" ".

, , ,
,
.

.
. , ,
.
, .
.

, .
.
,
.
Internet-.
- .
, .

. ,
, .

ip route. ,
, ,
, .
.
IP- .
,
.
, .
,
.
ZIP SF-Core-1.
, 131.108.230.0/24,
108
-,
131.108.240.2:
SF-Core-l#configure
SF-Core-l(config)#ip route 131.108.230.0 255.255.255.0 131.108.240.2
SF-Core-1(config)#^Z
,
, , .

. ,
.
ZIP SF-Core-1. ,
131.108.231.0/24, , - 131.108.100.0/24:
SF-Core-I#configure
SF-Core-1(config)lip route 131.108.231.0 255.255.255.0 131.108.100.0
SF-Core-1(config) #^Z
, , 131.108.231.0/24,
131.108.100.0/24.
131.108.231.0/24 , ,
131.108.100.0/24.

, , .
, ,
IP- . , IP
(
). Ethernet IP-
-. Frame Relay
Frame Relay,
Inverse ARP, DLCI-
IP-. ISDN
, IP- .

, ip route.
, , ,

.
, IP-
, .

ip route. 131.108.232.0/24
, Fast Ethernet
ZIP SF-Core-1:
109
SF-Core-l#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-Core-1(config)#ip route 131.108.232.0 255.255.255.0 fastethernet 0/0
SF-Core-1(config)# ^Z
SF-Core-1
:
SF-Core-l#show ip route
Codes:
-connected,
S -static,
I -IGRP,
R -RIP,
M -mobile,
-BGP D -EIGRP,
EX -EIGRP external,
0 -OSPF,
IA -OSPF inter area
N1 -OSPF NSSA external type 1,
N2
-OSPF NSSA external type 2 El
-OSPF external type 1,
E -EGP i -ISIS, LI -IS-IS level-1, L2 -IS-IS level-2,
* - candidate default U per-user static route,
-ODR
5 subnets,
3 masks
131.108.20.0/22
FastEthernetO/0

Seriall/0 , ,,,
S
131.108.230.0/24 [1/0]
via 131.108.240.2
S
131.108.231.0/24 [1/0]
via 131.108.100.0
S
131.108.232.0/24 [1/0]
FastEthernetO/0

,
IP-
. , IP- 131.108.21.6,
131.108.20.0/22, .
131.108.20.0/22 131.108.21.0/24,
131.108.21.0/24,
( ),
131.108.20.0/22. ZIP
131.108.0.0/16,
/30.

ZIP
. , CIDR- (
) , ,
, ,
. , CIDR- 206.220.224.0/24 (
206.220.224.0/24 206.220.227.0/24),
:
Ethernet 0 206.220.224.0/24;
Ethernet 1 206.220.225.0/24;
Ethernet 2 206.220.226.0/23.
. ,
206.220.224.5, Ethernet 0,
IP- .
Ethernet 1 206.220.225.9.
, 206.220.226.8 206.220.227.12,
Ethernet 2 206.220.226.0/23,
. - , Ethernet 2
CIDR- .
IP- CIDR-,
IOS ip classless.
110
ip classless ZIP SF-Core-1:

SF-Core-1#configure
SF-Core-1(config)#ip classless SF-Core-1(config)# ^Z

Internet.
, ,
,
Internet-.
,
.
.

. ,
, , IP-
.

. , ,
,
, ,
. ZIP, , 131.108.0.0/16
. ZIP
, 131.108.99.5, ,
, 131.108. S9.0/24, .
131.108.0.0/16,
.

, IP-
.
,
.
1OS ip default-network ip route.
ip default-network
, .
ip route, ,
. ,
ZIP Singapore.
131.108.0.0/16, ,
, 131.108.20.0,
SF-Core-1 SF-Core-2.
Singapore # configure
Singapore(config)#ip default-network 131.108.20.0
Singapore#configure
Singapore(config)#ip route 131.108.0.0 255.255.0.0 131.108.20.0
Singapore (config) #^Z
111
,
,
. show ip route
ZIP Singapore 131.108.0.0/16 ,
. ,
131.108.20.0 ZIP Seoul-1.
Singapore#show ip route
Codes: - connected, S - static, I - IGRP, R - RIP, M -mobile, - BGP D EIGRP, EX - EIGRP external, 0 - OSPF, IA -OSPF inter area N1 - OSPF NSSA
external type 1, N2 - OSPF NSSA external type 2 El - OSPF external type 1,
E2 - OSPF external type 2,E - EGP i - IS-IS, LI -IS-IS level-1, L2 -IS-IS
level-2, * - candidate default U - per-user static route, - ODR
131.108.0.0/16 is variably subnetted, 4 subnets, 4 masks
131.108.1.0/25 is directly connected, EthernetO
131.108.242.4/30 is directly connected, SerialO.100

D
131.108.20.0/22 [1/0] via 131.108.242.5, 20:10:45, SerialO.100
S
131.108.0.0/16 [1/0] via 131.108.20.0

,

, IOS ip default-network ip route
.
IP- ,
( Internet), ,
, IP-,
. , ZIP Web-
www.yahoo.com, , ZIP
131.108.0.0/16, Yahoo! 216.32.74.55/22.
, ZIP
216.32.74.55/22, CIDR-,
Yahoo!.
, , ZIP
Internet
. ZIP - Internet-
, , ,
ZIP ,
Web- Yahoo!,
Internet (, ,
).
, ,
,
, .
,
IP- , ,
. Internet
Internet-
Internet-, ,
Internet
Internet-. IP-, Internet , Internet
, ,
112
Internet- , , ,
Internet.
IOS.

.

.
0.0.0. 0.
,
,
Internet-.
, ,
IOS ip default-network.
:
,
, - . ZIP SF-Core-1
ip default-network 1 4 0 . 2 2 2 . 0 . 0 ,
Internet- ZIP:
SF-Core-1#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-Core-1 (config)#ip default-network 140.222.0.0
SF-Core-1 (config)# ^Z
,
, , show ip route
. ,
, ,
.
ZIP SF-Core-I :
Codes:
- connected,
S -static,
I -IGRP,
R -RIP,M -mobile,
BGP D - EIGRP,
EX -EIGRP external,
0 -OSPF,
IA -OSPF inter
area
N1
- OSPF NSSA external type 1,
N2 -OSPF NSSA external
type 2 El - OSPF external type 1,
E
-EGP i -IS-IS,
LI -IS-IS level-1,
L2 -IS-IS level-2,
* candidate default U - per-user static route,
-ODR
Gateway of last resort is 192.72.2.1 to network 140.222.0.0
5 subnets,
3 masks

FastEthernetO/0

Seriall/0
S
131.108.230.0/24
[1/0]
via 131.108.240.2
S
131.108.231.0/24
[1/0]
via 131.108.100.0
S
131.108.232.0/24
[1/0]
is directly connected, FastEthernetO/0

Seriall/1
B*
140.222.0.0/16
[20/19]
via 192.7.2.1,,3d08h
,
, ,
. ,
Internet-
.
SF-Core-l#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
113
SF-Core-1(config)#ip route 140.222.0.0 255.255.0.0

SF-Core-1(config)#ip default-network 140.222.0.0
SF-Core-1(config) #^Z
192.7.2.1
, , show ip route,
, ,
140.222.0.0 S (), .
Codes: - connected, S - static, I - IGRP, R - RIP, M - mobile, - BGP D EIGRP, EX - EIGRP external, 0 - OSPF, IA -OSPF inter area N1 - OSPF NSSA
external type 1, N2 - OSPF NSSA
external type 2 El - OSPF external type 1,
E2 - OSPF external type 2, E -EGP i -IS-IS, LI -IS-IS level-1, L2 -IS-IS
level-2, * - candidate default U -per-user static route, - ODR
131.108.0.0/16 is variably subnetted, 5 subnets, 3 masks
131.108.20.0/22 is directly connected, FastEthernetO/0
131.108.240.0/30 is directly connected, Seriall/0
S 131.108.230.0/24 [1/0] via 131.108.240.2
S 131.108.231.0/24 [1/0] via 131.108.100.0
S 131.108.232.0/24 [1/0] is directly connected, FastEthernetO/0
192.7.2.2/30 is directly connected, Seriall/1
S* 140.222.0.0/16 [20/19] via 192.7.2.1
,
UNIX ( )
(Routing Information Protocol RIP).
0 . 0 . 0 . 0 . .
UNIX RIP IP- .
IOS 0 . 0 . 0 . 0
. 0 . 0 . 0 . 0 0
IP- .
ip classless, IP-
, .
ip route ZIP SFCore-1 0 . 0 . 0 . 0 / 0 Internet-
IP- .
SF-Core-1#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-Core-l(config)#ip route 0.0.0.0 0.0.0.0 192.7.2.1
SF-Core-1(config)# ^Z
show ip route ,
0 . 0 . 0 . 0 . ,
0 . 0 . 0 . 0 S, .
SF-Core-1#show ip route
Codes:
-connected,
S -static,
I -IGRP,
R -RIP,
M mobile,
-BGP D -EIGRP,
EX -EIGRP external,
0 -OSPF,
IA OSPF inter area N1 -OSPF NSSA external type 1,
N2
-OSPF NSSA
external type 2 El -OSPF external type 1,
E2
-OSPF external
type 2,
E -EGP i -IS-IS,L1 -IS-IS level-1,
L2 -IS-IS level-2,
*
- candidate default U -per-user static route, -ODR
5 subnets,
3 masks
131.108.20.0/22 is directly
connected,
FastEthernetO/0

Seriall/0
S
131.108.230.0/24
[1/0]
via
131.108.240.2
S
131.108.231.0/24
[1/0]
via 131.108.100.0
114
S*
131.108.232.0/24
[1/0]
Seriall/1
0.0.0.0
[1/0]
via 192.7.2.1
FastEthernetO/0
ip classless, IP-
,
, .
,
IP-
. ip classless
, ,
, 0 . 0 . 0 . 0 ,
IP- .
,
.

, , Internet-,
0 . 0 . 0 . 0 / 0
.

Internet-

ip default-network.
Internet
Internet- () Internet

.
,
, ip default-network.
,

0.0.0.0/0,
Internet Internet-. ,
, ,
. , ,
. ,

,
ISDN
Frame Relay.
, ,

, , ISDN Frame Relay,
0 . 0 . 0 . 0 / 0 .
-
, Internet,
,
.
115

0 . 0 . 0 . 0 / 0 , ip classless
,
Internet- ,
. , ZIP
131.108.227.1 -
,
. Internet
, .
. . . /,
Internet-.
, Internet- , 131.108.227.1 ZIP (, 131.108.0. 0/16), Internet
ZIP. ,
0.0. 0.0/0,
Internet-. .
, .
,

Internet ZIP,
Internet. . 4.5
.
116

,
ZIP , ,
IP-,
ZIP. ,
Nail 0. ZIP ,
, IP 131.108 . 0. 2 5 5 . 2 5 5 . 0 . 0 Null 0.
Internet,
Internet.
IP-
, IP IOS EXEC show ip route.
,
IP-.
show ip route ,
IP-.
, ,
, ,
, .
show ip route ZIP SF-Core-1:
SF-Core-l<fshow ip route
Codes:
- connected,
S - static,
I - IGRP,
R - RIP,
M
mobile,
-BGP D -EIGRP,
EX - EIGRP external,
0 - OSPF,
IA - OSPF inter area N1 - OSPF NSSA external type 1,
N2 - OSPF
NSSA external type 2 El - OSPF external type 1,
E2
- OSPF
external type 2,
E - EGP i - IS-IS,LI -IS-IS level-1, L2 -IS-IS
level-2,* - candidate default U - per-user static route, -ODR
131.108.0.0/16 is variably subnetted,8 subnets,3 masks
FastEthernetO/0
Seriall/0
S 131.108.230.0/24
[1/0]
via 131.108.240.2
S 131.108.231.0/24
[1/0]
via 131.108.100.0
S 131.108.232.0/24 [1/0] is directly connected, FastEthernetO/0
Seriall/1
D 131.108.240.4/30 [90/307200] via 131.108.20.4,IdOOh,
FastEthernetO/0
D 131.108.241.0/30 [90/3182080] via 131.108.240.2,IdOOh,
Seriall/0
D 131.108.100.0/24 [90/3182080] via 31.108.240.2,IdOOh,
Seriall/0
S 131.108.0.0/16 is directly connected,
NullO
S* 0.0.0.0
[1/0]
via 192.7.2.1
.
,
.
IP-
( ).
,
(
), ,
.

, .
,
117
.
, .
,
.

. , . . 4.2
, IOS.
,
,
. ,
, , .
.
4.2.

IGRP
BGP

IGRP
IGRP
OSPF
IS-IS
RIP
EGP
BGP

1
5
20
90
100
110
115
120
140
200
255
, , IOS EXEC show ip masks.

,
, ,
.
, ,
.
show ip masks 131.108.0.0 ZIP SF-Core1, 131.108.0.0.
SF-Core-l#show ip masks 131.108.0.0
Mask
Reference count
255.255.255.255
9
255.255.255.252
5
255.255.255.128
3
255.255.255.0
4
255.255.252.0
1
255.255.0.0
1
SF-Core-l#
I
, .

, .
118

. , ,
,
. , ,
.
IOS
EXEC clear ip route. ,
, ,
, .
.

. ,
, ,
. ,

.
ZIP SF-Core-1:
SF-Core-l#clear ip route *
SF-Core-l#
ZIP SF-Core-1
131.108.3.0/25:
S F - C o r e - l # c l e a r i p ro u t e 1 3 1 . 1 0 8 . 3 . 0 2 5 5 .2 5 5 . 2 5 5. 1 2 8
S F - C o r e-l#
IP-

.
, ,
,
.
.
,
IP-,
.
, ,
. ,

.
:
(Interior Gateway Protocols ) (Exterior Gateway
Protocols EGP). IGP
, ..
,
. EGP
: .
EGP-
4 (Border Gateway Protocol version 4 BGP-4).
,
, Internet- ? Internet.
BGP-4 * "
Border Gateway Protocol".
119
, IGP ,
, .
:
.

.

.

.
, , ,
(Shortest Path First SPF),
) .
.

, ,
.
.

. , OSPF IS-IS,

(. 4.7).

.
.
. ,
,
OSPF EIGRP.
. ,
,
,
.
120
, ,
.
, , ,
, ,

.
, RIP 1 IGRP ,
EIGRP OSPF.
. ,
, ,
. ,

, RIP, ,

. , RIP Fast
Ethernet ,
56 /. ,
, , ,
, .
.
, , .
, ,
,
SPF-. ,

, '' ,
.
. , ,
,
. , RIP, IGRP EIGRP
.
, OSPF IS-IS ,
.
. IGP- -
, , ,
. , OSPF EIGRP,
, , MD5.

Technology Overview Briefs ( ),
Cisco
www.cisco.com/univercd/ac/td/doc/cisintwk/ito_doc/index.htm.

.
.
.
.
TCP/IP- .
,
.
, ,
,
121
, IP. , Cisco Systems

Designing Large-Scale IP Internetworks (
IP-),
.

Cisco www.Cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2003.htm .
ZIP EIGRP. ,
, , ,
.
, ,

. EIGRP
" IP- IGRP Cisco".
ZIP IGP,
.
, .
,
, "
".
Routing
Information Protocol
(Routing Information Protocol RIP)
, IP- .
1980- PUP Xerox.
RIP , UNIX-
Berkley Systems Distribution (BSD)
TCP/IP-. RIP TCP/IP 1058.
RIP ,
.
RIP 15. , 15 ,
16.
RIP
IP- UDP 520.
RIP 1
. RIP 2
CIDR-, ,
MD5
() .
RIP ZIP, ,
RIProuter.
RIP :
RIP,
,
. RIP
IOS router rip.

IOS version. version ,
1 2. , IOS
RIP 1 , 1, 2.
122
RIP 2:
RIProuter#configure
RIProuter (config)#router rip
RIProuter (config-router)#version 2
RIProuter (config-router)#^Z
,
RIP,
IOS network.
, .
network IP-,

.
, IP-,
.
, IP- 131.108.4.5
131.108.6.9, , IP- 172.16.3.6.
network 131.108.0.0 ,
131.108.0.0
, 131.108.0.0.
, 172.16.0.0,
network 172.16.0.0.
network
131.108.0.0:
RIProuter#configure
RIProuter(config)#router rip
RIProuter(config-router)#network 131.108.0.0
RIProuter(config-router)# ^Z
RIP 1 RIP 2,
1 2.
.

IOS ip rip send version ip rip receive version.

Cisco Systems Interior Gateway Routing
Protocol
Cisco Systems (Cisco Systems
Interior Gateway Routing Protocol IGRP)
, 1980- .
RIP
,
.
IGRP
, , ,
.
,
123
.

, IOS Cisco
.
RIP, IGRP
IP-. IGRP
.
UDP TCP. ( IGRP
, UDP.)
IGRP RIP . ,
255. -,
. -, ,
IGRP .
,
, .
1GRP
IGRProuter.
IGRP , :
1GRP ,
.
IGRP, IOS router
igrp. , " " (processfd). 1 65535.
,
. IGRP- ,
, , ,
.
IGRP-.
RIP, ,
IGRP
IOS network.
,
. network
IP-,
IGRP-.
, IP-, .
, IP- 131.108.4.5 131.108.6.9,
, IP- 172.16.3.6, network
131.108.0.0 ,
131.108.0.0 ,
131.108.0.0. ,
172.16.0.0, network
172.16.0.0.
IGRP-
131.108.0.0:
IGRProuter#configure
IGRProuter(config)#router igrp 25000
IGRProuter(config-router)#network 131.108.0.0
IGRProuter(config-router)#^Z
124

Open Shortest Path First Protocol
(Open Shortest Path! First

Protocol OSPF) 1980- ) OSPF
Internet (IETF).
IP- ,
, , ,

. OSPF 2 ( )
1583.
OSPF ,
.
(. . 4.7). ,
,
, .
OSPF- ,
OSPF ,
.
, OSPF ,
. RIP IGRP,
, OSPF-
,
. ,
,
. OSPF-
SPF (
(Dijkstra), ),
.
, ,
OSPF Hello.
, ,
" ", ,
.
,
OSPF. ,
, .
.
OSPF.
OSPF ,
,
, .
. ,
, , ,
OSPF-.
OSPF OSPF-
, . OSPF-
.
OSPF
OSPFrouter. OSPF-
. -, OSPF. -,
,
, ,
.
125
OSPF,
IOS router ospf.
OSPF-,
. ,
,
OSPF. , OSPF-,
.
,
OSPF, , ,
IOS network area.
. ,
IP-, .
IP- IP-.
" IP- ".
IP- ,
network area,
OSPF- . ,
, ,
.
, IP-.
, .
IP- 131.108.200.1, 131.108.201.1 131.108.202.1,
. 1, 0,
. ,
OSPF:
OSPFrouter#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
OSPFrouter(config)#router ospf 25000
OSPFrouter(config-router)#network 131.108.200.0 0.0.1.255 area 1
OSPFrouter(config-router)#network 131.108.202.0 0.0.0.255 area 0
OSPFrouter(config-router) #^Z
,
OSPF ,
network area.
OSPF , ,
.
, , ,
Frame Relay Frame Relay,
.
,

. ,
. OSPF

. , ( OSPF)
,
IOS ip ospf network.
:
broadcast ()
, ,
;
non-broadcast () ,
126
.

neighbour;
point-to-multipoint ( )
. " "
, ,
.
, ,
.
Frame Relay
OSPF
Frame Relay " ":
or network
[terminal]?
one per line.
End with CNTL/Z.
OSPFrouter(config)#interface serial 0.1 point-to-point
OSPFrouter(config-int)#ip ospf network broadcast
OSPFrouter(config-int)#interface serial 1
OSPFrouter(config-int)#ip ospf network point-to-multipoint
OSPFrouter(config-int)#^Z
IGP, OSPF
ip default-network.
OSPF , ,
OSPF- .
OSPF
IOS ip default-information originate.
ip default-information originate
ip default-network , ,
:
Configuring from terminal, memory, or
network [terminal]?
Enter configuration commands, one per
line.
End with CNTL/Z.
OSPFrouter(config)#ip default-network
140.222.0.0
OSPFrouter(config-router)#router ospf
25000
OSPFrouter(config-router)#ip default-information originate
OSPFrouter(config-router)# ^z
IP-
IGRP Cisco
(Enhanced Interior
Gateway Routing Protocol EGRP)
IGRP, Cisco Systems. EIGRP
, IGRP.
.
, IGRP, ,
.
, EIGRP , ,
OSPF,
. , EIGRP
, ,
, .
IGRP, EIGRP
. IGRP
127
,
. EIGRP
,
.
, , .
, EIGRP
,
. ,

, .
EIGRP
, EIGRP.
, ,

.
EIGRP
ZIP. .
EIGRP- :
EIGRP ,
.
EIGRP
IOS router eigrp.
EIGRP
. IGRP,
, EIGRP,
IOS network.
,
. network
IP- ,

EIGRP-. ,
IP-, .
, ZIP SF-Core-1 ,
131.108.0.0 1 9 2 . 7 . 2 . 0 . network 131.108.0.0 ,
131.108.0.0,
, 131.108 .0.0.
, ,
192 . 7 . 2 . ,
network 192 . 7. 2 .0. 1 92 . 7 . 2 .0 Internet-.
EIGRP-, Internet-
EIGRP.
EIGRP
ZIP SF-Core-1 131.108.0.0:
SF-Core-l#configure
Enter configuration commands,one per line.End with CNTL/Z.
SF-Core-1(config)#router eigrp 25000
SF-Core-1(config-router)#network 131.108.0.0
SF-Core-1(config-router)#^Z

Border Gateway Protocol
(Border Gateway Protocol BGP)
(Exterior Gateway Protocol EGP).
128
IGP,

, EGP
. BGP
, Internet
Internet.
EGP.
, . BGP
4. CIDR-.
BGP, IETF,
1163, 1267 1771. BGP 2, 3 4,
.
BGP- ,
TCP-,
.

TCP, . BGP-
,

BGP-, , BGP-.
, , /
.
, .
BGP-
BGP-.
,
IGP- BGP-
. BGP-
, ,
. ,

. ,
.
,
.
, BGP-.
BGP- - BGP-
(EBGP) BGP- (IBGP). BGP-,
,
EBGP-. EBGP-
, Internet ,

, .
BGP-,
, IBGP-. lBGP- ,
,
BGP-,
EBGP-.
BGP-
,
BGP-. ,
Internet Internet .
129
IBGP-
, EBGP-.
IBGP-
, EBGP-, - IGP, EIGRP
OSPF,
IGP- EBGP-
BGP-. "
",
.
,
IBGP- , , . ,
,
.
. 4.8 IBGP- EBGP-
ZIP. EBGP- Seoul-1 ISP-, SF-Core-1 ISPB. IBGP- Seoul-1 SF-Core-1. IBGP, Seoul-1 SF-Core-1
, ISP-A ISP-B,
, ZIP.
,
BGP- .
, ,
. , .
,
.
, , (Multi-Exit
Discriminator MED) (Local Preference),

.
130

BGP
,
, ,
.
2-
Internet Cisco Systems

Using the Border Gateway Protocol for Interdomain Routing (
).
Cisco
www.Cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm.
Internet-,
BGP, .
BGP, Internet-,
, .
BGP,

.
BGP ZIP SF-Core-1
Seoul-1, Internet Internet. BGP- :
,
, .
BGP
IOS router bgp.
, (ASN),
(RIPE, APNIC ARIN). ,
Internet,
ASN, .
ASN , -
. BGP ,
Internet, ASN
ASN 32768 64511.
ASN
,
EIGRP. ZIP .

IOS neighbor remote-as.
: IP- ASN. ASN,
remote-as, ASN,
router bgp, BGP-
(EBGP). IP- , EBGP-,
.
ASN, remote-as, ASN,
router bgp,
BGP- (IBGP). IP- ,
IBGP-, IP-
. IBGP-
( Internet131
), , ,
, (
Internet- ).
IP- IBGP-
, IBGP-

. -
, ,
IP- IGP- .
IP-
IBGP-,
IOS neighbor updatesouroe. update-source
.
BGP, , IP- ASN
.
IOS neighbor description,
, .
, EBGP, IOS
network. ,
, mask,
. ,
.
BGP , CIDR-.
EBGP-
IGBP- .
, BGP- BGP BGP-. , ,

EBGP-, Internet-,
IBGP-, , ,
Internet- EBGP-.
, ,
. ,
.
, distribute-lists
route-maps.
. (distribute lists)
.
, ZIP IPS-A
IPS-B, BGP- IGP-, BGP IOS no
synchronization.
EBGP-, ,
IGP-. ZIP
,
BGP.
BGP- ZIP
SF-Core-1 , 131.108.0.0 Internet-
132
EBGP-. SF-Core-I ASN 25000. ASN

1 IP- 192.7.2.1. IBGP SF-Core-1 Seoul-1 IP-
131.108.254.6.
IP- loopback 0.
SF-Core-l#configure
SF-Core-1(config)#router bgp 25000
SF-Core-1(config-router)#no synchronization
SF-Core-1(config-router)#network 131.108.0.0
SF-Core-1(config-router)#neighbor 192.7.2.1 remote-as 1
SF-Core-1(config-router)#neighbor 192.7.2.1 description Internet Connection to ISP-B
SF-Core-1(config-router)#neighbor 131.108.254.6 remote-as 25000
SF-Core-1(config-router)#neighbor 131.108.254.6 description IBGP to Seoul-1
SF-Core-1(config-router)#neighbor 131.108.254.6 update-source loopback 0
BGP-
ZIP Seoul-1, 131.108.0.0 Internet-
EBGP-. Seoul-1 ASN 25000. ASN
701 IP- 211.21.2.1. IBGP Seoul-1 SF-Core-1 IP-
131.108.254.3.
IP- loopback 0:
Seoul-l# configure
Seoul-1(config)#router bgp 25000
Seoul-1(config-router)#no synchronization
Seoul-1(config-router)#network 131.108.0.0
Seoul-1(config-router)#neighbor 211.21.2.1 remote-as 701
Seoul-1(config-router)#neighbor 211.21.2.1 description Internet Connection to ISP-A
Seoul-1(config-router)#neighbor 131.108.254.3 remote-as 25000
Seoul-1(config-router)#neighbor 131.108.254.3 description IBGP to SF-Core-1
Seoul-1(config-router)#neighbor 131.108.254.3 update-source loopback 0
Seoul-1(config-router)#^Z
BGP
, 131.108.0.0 ISP-A
ISP-B Seoul-1 SF-Core-1, .
EXEC IOS, "
",
.
IBGP- ,
EBGP-, , IBGP-
, EBGP-. ,
SF-Core-1 140.222.0.0/16 Internet ISP-B, 192.7 .2.1.
IBGP- Seoul-1,
BGP- Seoul-1,
192.7.2.1. BGP- Seoul-1,

. ,
ISP-A.
, IGP-
133
(, , Internet-),
IGP-
redistribute,
.
,
, .
, ,
,
, ,
. ,
.
IOS,
.

.
.

Internet-.

IOS distribute-list.
distribute-list IP-.

. ,
.
" IP- ".
distribute-list
.
, IP-,
in out, , ,
. ,
,
. ,
, (distribute list)
, .
distribute-list SF-Core-1
1 0 . 0 . 0 . 0 BGP-
.
SF-Core-1(config-router)#distribute-list 1 in
SF-Core-1(config-router)#access-list 1 deny 10.0.0.0 0.0.0.0
SF-Core-1(config)#access-list 1 permit any
134

-
,
, OSPF IS-IS, .
.
distribute-li st ,
, ,
.
, ,
BGP-. ,
BGP-,
distribute-list BGP-
BGP neighbor.
, , distribute-list
SF-Core-1 neighbor ,
EBGP-
1 0 . 0 . 0 . 0 .
SF-Core-1(config-router)#neighbor 192.7.2.1 distribute-list 1 in
SF-Core-1(config-router)#access-list 1 deny 10.0.0.0 0.0.0.0
SF-Core-1(config)#aceess-list 1 permit any
,
, ,
. , , ,
.
IOS passive-interface.
,
. ZIP SanJose passive-interface ,
Token Ring.
San-Jose#configure
or network
[terminal]?
one per line.
End with CNTL/Z.
San-Jose(config)#router eigrp 125000
San-Jose(config-router)#passive-interface tokenring 1/0
San-Jose(config-router)# ^Z
,
,
. , OSPF
, ,
.
,
-
.
IP- ,
, IOS neighbor.
passive-interface,
(
) . neighbor IP-
.
135
ZIP Seoul-2
UNIX , RIP
, Ethernet. passive-interface
, RIP .
Seoul-2# configure
Seoul-2(config)#router rip
Seoul-2(config-router)#passive-interface serial 0
Seoul-2(config-router)#passive-interface ethernet 0
Seoul-2(config-router)#neighbor 131.108.3.40
Seoul-2(config-router)#^Z
, , IOS
Cisco, ,
, . ,
ZIP EIGRP. UNIX-
PR,
RIP. , IOS

. .
,
IOS redistribute.
, .
static connected.
static
. connected

, ,
network.
, . IOS
.
RIP ,
1 ( ).
IGRP
, IGRP.
,
. IGRP ,
IGRP- .

, .
IOS defaultmetric.
, .
EIGRP R1P
ZIP Singapore. , passive-interface
RIP
3.
Singapore#configure
Singapore(config)#router rip
Singapore(config-router)#tdefault-metric 3
Singapore(config-router)#redistribute eigrp 25000
136
Singapore(config-router)#passive-interface serial 0
Singapore(config-router)# AZ
]

. ,
, ,
.
.
, passive-interface distribute-list,

.
,
IGP,
, . ,
ZIP 131.108.0.0 172.16.0.0
, EIGRP.
131.108.0.0, 172.16.0.0, ..
131.108.0.0 ,
131.108.0.0 172.16.0.0 131.108.0.0.
, .
IOS no auto-summari
\ .

ZIP SF-Core-1:
SF-Core-l#configure
SF-Core-1(config)#router eigrp 25000
SF-Core-1(config-router)#no auto-summary

EXEC IOS. :
- -. .
" IP-",
, -
,
EXEC IOS show ip route.
, ,
IOS EXEC show ip
protocols. summary.
summary
, .
show ip protocols summary ZIP
SF-Core-1:
SF-Core-l#show ip protocols
Index
Process Name
0
connected
1
static
summary
137
eigrp 25000
bgp 25000
show ip protocols
,
, ,
.
, show ip protocols
ZIP SF-Core-1, EIGRP :
SF-Core-l#show ip protocols
Routing Protocol is "eigrp 25000 "
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1,K2=0,K3=1,K4=0,K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing:connected,eigrp 1
Automatic network summarization is not in effect
Routing for Networks:
131.108.0.0
Routing Information Sources:
Gateway
Distance
Last Update
131.108.20.1
90
00:04:13
131.108.20.2
90
00:04:13
131.108.20.4
90
00:04:13
Distance:internal 90 external 170
Routing Protocol is "bgp 25000 "
Sending updates every 60 seconds,next due in 0 seconds
Outgoing update filter list for all interfaces is 2
Incoming update filter list for all interfaces is 1
IGP synchronization is disabled
Automatic route summarization is enabled
Neighbor(s):
Address
Filtln FiltOut Distln DistOut Weight RouteMap
192.7.2.1
150
Routing for Networks:
131.108.0.0
Routing Information Sources:
Gateway
Distance
Last Update
(this router)
200
Iw5d
192.7.2.1
20
Iw3d
Distance: external 20 internal 200 local 200
, EIGRP, OSPF BGP,

,
, . . 4.3, 4.4 4.5
EXEC IOS, ,
EIGRP, OSPF , .
4.3. IOS EXEC EIGRP
IOS
EXEC

EIGRP
show ip eigrp interfaces
, IP EIGRP
show ip eigrp neighbors
,
138
IP EIGRP
show ip eigrp topology
IP EIGRP
show ip eigrp traffic
,
() IP EIGRP
4.4. IOS EXEC OSPF

IOS
EXEC
OSPF
show ip ospf
OSPF
show ip ospf database
,
OSPF
show ip ospf database router

OSPF
show ip ospf database network

OSPF
show ip ospf database external
OSPF

show ip ospf database database-
summary
OSPF
show ip ospf border-routers

OSPF, "
" (Area Border Routers ABR) "
" (Autonomous System Boundary
RoutersASBR)
show ip ospf interface
OSPF

show ip ospf neighbor
OSPF-
4.5. IOS EXEC BGP
IOS
EXEC
BGP
show ip bgp cidr-only
BGP-,

show ip bgp filter-list
,

show ip bgp regexp ,
,
show ip bgp [network]
BGP-
[network-mask] [subnets]
show ip bgp neighbors
- BGP-

show ip bgp nieghbors [] ,
routes
BGP-
show ip bgp bgp nieghbors
, BGP-
[] advertised
139
show ip bgp bgp nieghbors

[] paths
show ip bgp paths
show ip bgp summary
,
BGP-
,
BGP
BGP
IP-
, , ,

, .
IOS Cisco,
, ,
. ,
, , - Internet.
, IP- IOS,
.
IP- .
IP- .
IP-, TCP ( ),
UDP ( ) ICMP (
Internet).
TCP , ,
sendmail Telnet.
UDP , ,
bootp NetBIOS.
ICMP, , -
ICMP.
. IP .
IOS ,
. access-list ip
access-list .
.
. distribute-list
.
ip access-group.
.

,
. IP- t
, ,
. .
.
IOS
access-list.
, ,
. , 1 99
IP-, 900 999 IPX-.
( IPX- 6, " IPX".)
140
IOS
access-list IP IPX,
. ,
, .
IP- ip access-list. ( IPX-
ipx access-list.)
, IP- :
. IP- IP ,
IP- , IP-,
.

IOS access-list. ,
access-list . IP-
1-99. IP- ,
100-199.
permit () deny (), IP, , .
IP-
ZIP SF-1, IP- 131.108.101.99,
131.108 .101. 0/24.
SF-1#configure
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-l(config)#accese-list 1 deny 131.108.101.99
SF-l(config)#access-list 1 permit 131.108.101.0 0.0.0.255
SF-l(config) #^Z
.
.
.
SF-1#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-1(config)#access-list 1 permit 131.108.101.0 0.0.0.255
SF-1(config)#access-list 1 deny 131.108.101.99
SF-1(config)#^Z
, IP- 131.108.101.99 ,
. deny
131.108.101. 99 .
, , .
, ,
1, . 0.0.0.255
0 255, IP-.
0 . 0 . 3 . 2 5 5 , ,
IP-, 0, 1, 2 3
.
, .
IP-
ZIP SF-1, IP- 131.108.101.99
141
TCP Simple Mail Transfer Protocol (SMTP) (

) (DNS) UDP. , any
0 . 0 . 0 . 0 255.255.255.255.
SF-1#configure
SF-1(config)#access-list 100 permit tcp any host 131.108.101.99 eq smtp
SF-1(config)#access-list 100 permit udp any host 131.108.101.99 eq domain
SF-1(config)#access-list 100 deny ip any any log
SF-1(config)#^Z
deny. , ,
,
.
, deny ,
log. ,
, ,
, ,
. (
7.) log
,
.
.
,
IP- . ,
,
.
IP- ip access-list.
extended ()
standard (), ,
.
ip access-list IOS
.
permit deny .
.
, .
SF-1#configure
SF-1(config)lip access-list standard sorrycharlie
SF-1(config-std-nacl)#deny 131.108.101.99
SF-l(config-std-nacl)#permit 131.108.101.0 0.0.0.255
SF-1(config)# ^Z
,
.
SF-1#con figure
SF-1(config)#ip access-list extended out-of-luck
SF-1(config-ext-nacl)#permit tcp any host 131.108.101.99 eq smtp
SF-1(config-ext-nacl)#permit udp any host 131.108.101.99 eq domain
SF-1(config-ext-nacl)#deny ip any any log
142
SF-1(config-ext-nacl)#^Z
, ,
-, .
IOS
( )
, . ,
,
.
IOS
, .
remark ()
permit deny IOS accesslist . ,
100 .
IP-,
ZIP SF-1:
SF-1#configure
SF-1 (config)#access-list 100 remark Allow smtp mail to John 's machine per Jane
SF-l(config)#access-list 100 permit tcp any host 131.108.101.99 eq smtp
SF-1 (config)#access-list 100 remark Allow DNS queries to John ' s machine per Jane
SF-1(config)#access-list 100 permit udp any host 131.108.101.99 eq domain
SF-1(config)#access-list 100 remark Nothing else gets through and gets logged
SF-1(config)#access-list 100 deny ip any any log
SF-1(config)#^Z

IP- remark. permit
deny, , remark
ip access-list
. ,
,
100 .
IP-,
ZIP SF-1:
SF-1#configure
SF-1(config)#ip access-list extended out-of-luck
SF-1(config-ext-nacl)#remark Allow smtp mail to John 's machine per Jane
SF-1(config-ext-nacl)#permit tcp any host 131.108.101.99 eq smtp
SF-l(config-ext-nacl)#remark Allow DNS queries to John 's machine per Jane
SF-1(config-ext-nacl)#permit udp any host 131.108.101.99 eq domain
SF-1(config-ext-nacl)#remark Nothing else gets through and gets logged
SF-1(config-ext-nacl)#deny ip any any log
SF-1(config-ext-nacl)# ^Z

, .
, .
, ,
.
143
IOS ip access-group.
in () out ().
, out.
1 Fast Ethernet
ZIP SF-1. ,
131.108.101.99, , Fast
Ethernet.
SF-l#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
SF-1(config)#tinterface fastethernet 0
SF-1(config-if)#ip access-group 1 out
SF-1(config-if)# AZ
outof-luck (" ") Fast Ethernet ZIP SF-1.

, - 131.108.101.99 SMTP DNS.
SF-1#configure
SF-1(config)#interface fastethernet 0
SF-1(config-if)#ip access-group out-of-luck out
SF-l(config-if)# ^Z
,
EXEC IOS show access-list show ip access-list.
, ,
IP- ( ).

.
, .
show access-list ZIP SF-1, ,
.
SF-l#show access-lists
Standard IP access list 1
deny 131.108.101.99 (50 matches)
permit 131.108.101.0 0.0.0.255 (576 matches)
Standard IP access list sorrycharlie
deny 131.108.101.99
permit
131.108.101.0 0.0.0.255
Extended IP access list 100
permit tcp any host 131.108.101.99 eq smtp
permit udp any host 131.108.101.99 eq domain
deny ip any any log
Extended IP access list out-of-luck
permit tcp any host 131.108.101.99 eq smtp
(987 matches)
permit udp any host 131.108.101.99 eq domain
(10987 matches)
deny ip any any log
(453245 matches)
SF-1#
, show access-list show ip access-list

, ,
, .

. ,
144
. ,
UDP out-of-luck ,
, ,
.
out-of-luck, ,
.
show access-list show ip access-list
EXEC IOS clear ip access-list counters.
IP-,
. ,
.
IP- out-of-luck
ZIP SF-1:
SF-l#clear ip access-list counters out-of-luck
SF-l#
, ,
. ip accessgroup, , show ip interfaces, ,
.
distribute-list,
show ip protocols ,
.
,
IOS.
.
IOS Cisco IP
, .
.
.
(.
" " ). , Cisco Systems
Increasing Security on IP Networks
(" IP-"), Cisco
WWW.Cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm.
IP-

IOS
. IOS
.

, ISDN.
IP-,
.
IP- , IOS.
,
IOS. , ,
, .
IP-,

145
.
-, .

, Cisco Systems: Dial-on-Demand
Routing (" ") Scaling Dial-on-Demand Routing
(" ").
Cisco
www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs002.htm
www.Cisco.com/
univercd/cc/td/doc/cisintwk/ics/cs012.htm, .

(, ISDN) IP , .

, , HDLC, SLIP (Serial Line IP) (
) Frame Relay.

.

:
;
;
IP-.
ZIP,
,
ISDN. Cisco 2511,
16 . ISDN- Cisco 4500
ISDN- BRI (Basic Rate Interface
).

, ,
. (
Cisco AS5200 AccessServer 3600), (
2511 AcessServer) ,
Cisco. . 4.9
,
.
, ,
,
,
. , ,
,
. 7
(vty)
IOS .
(tty)
.
146
, ,
IOS speed.
,
. ,
, (
, , 115200 /).
,
, IOS flowcontrol.
hardware () software ().
. 9 600 /
.
16 ZIP Singapore
115200 /.
, line,
1 16, .
Sing2511#configure
Sing2511(config)#line 1 16
Sing2511(config-line)#speed 115200
Sing2511(config-line)#flowcontrol hardware
Sing2511(config-line)# ^Z
,

.

. ,
,
.
,
, .
,
IOS modem.
modem autoconf igure.
discovery type. discovery
, . type

.
IOS , Courier Sportster U.S.
Robotics Telebit. ,
,
147
IOS modemcap.
dialin inout, modem.
ZIP Singapore
, U.S. Robotics Courier.
(dialin).
Sing2511#configure
Sing2511(config-line)#modem autoconfigure type usr_courier
Sing2511(config-line)#modem dialin
Sing2511(config-line)#^Z
,

(inout).
Telnet,
.
,
Telnet, Configuring Modems ("
"),
Cisco
w w w . c i s c o . c o m / u n i v e r c d / c c / t d / d o c / p r o d u c t / s o f t w a r e / i o s l l 3 e d / d s q c g / qcmodems.htm.
.
7, .
, .. , .

. IP-
,
.
7.
. ,
, , TACACS+ RADIUS. 7.
, , IP , .
IOS authentication .
default
, , local ( ) ,
, TACACS+. - ,
(
). authorization network.

. ZIP
-
,
:
Sing2511#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
Sing2511(config)#aaa authentication default ppp local
Sing2511(config)#aaa authorization network default if-authenticated
Sing2511(config)# ^Z
148
- ,
,
.
IOS username.
, , password
, .
,
, 7.
ZIP
: (John) (Jane).
Sing2511#configure
Sing2511(config)#username John password foo
Sing2511(config)#rusername jane password bar
Sing2511(config)#^Z
IP-
IP-,
IP- .
IP-
, ,
. ,
.
IP- ,
,
, .
,

.
IOS group-range, ,
.
description:
Sing2511#configure
Sing2511(config)#interface async 1
Sing2511(config-if)#description dialup pool on Singapore 2511
Sing2511(config-if)#interface asyno 2
Sing2511(config-if)#desoription dialup pool on Singapore 2511
Sing2511(config-if)#interfaea async 3
Sing2511(config-if}#^Z
, :
Sing2511#configure
or network
[terminal]?
one per line.
End with CNTL/Z.
Sing2511(config)#interface group-async 1
Sing2511(config-if)#group-range 1 3
Sing2511(config-if)#^Z
149
IP-
.
IP- .
IP-, ,
.
, IP .
IP .
,
IP.
IOS encapsulation
(, slip), , .
,

(..
, ,
, SLIP),
EXEC, .
async mode.
interactive dedicated,
.
( )
,
.

EXEC. EXEC,
. ,

EXEC, .
,
. ,
,
EXEC. .
IOS autoselect.
, , ,
, ( ).

- IP- .
, ,

- IP-.
, ,
. ,
,
. :
(Challenge Handshake Authentication Protocol CHAP), Microsoft (Microsoft Challenge Handshake
Authentication Protocol MS-CHAP) (Password
Authentication Protocol PAP).

IOS authentication.
chap, ms-chap pap,
.
, .
150
. callin,

.
, .
, .
,
- ,
.
Microsoft, , ,

Microsoft (Microsoft Point-to-Point Compression MPPC),
2118 "Microsoft Point-to-Point Compression Protocol" {"
Microsoft").
, ,
, .
, 28000
53000 /, .
,
,
IOS compress. compress
mppc, stac predictor, ,
.
stac predictor STAC Predictor,
. STAC ,
, ,
Windows 95, , Microsoft , Windows 95.
Predictor .
Microsoft mppc.
, Windows NT , Windows 95/98
, STAC,
,
Microsoft.
IP
ZIP. 16
.
- ,
. ,

CHAP, MS-CHAP PAP
Microsoft.
Sing2511#configure
Sing2511(config-if)#group-range 1 16
Sing2511(config-if)#encapsulation ppp
Sing2511(config-if)#async mode interactive
Sing2511(config-if)#ppp authentication chap ms-chap pap callin
Sing2511(config-if)#compress mppc
Sing2511(config-if)#line 1 16
Sing2511(config-line)#autoselect ppp
Sing2511(config-line)#autoselect during-login
Sing2511(config-line)# ^Z
151
,
IP-. ,
, IP-, (
,

). IP-
,
IP- . ,
,
. , IP-
. ,

. IP-,
1OBaseT.
IP- IP-,
.
.
. ,
- (
32- ) ARP- IP-,
.
IP-,
IP-
IOS ip unnumbered.
"
". , , :
.

ZIP :
Sing2511#configure
memory,
or network
[terminal]?
one per line. End with CNTL/Z.
Sing2511(config-if)#ip unnumbered ethernet 0
IP-
IP-,
. , IP- ,
IOS peer default ip address.
IP- ,
IP-.
IP-, , .
,
, parameter pool.
IP-
,
IP- , .
.
IOS ip
local pool. ,
. , I- IP-,
. , 152
, .
ZIP
, IP-
modem-users (" "). ,
16 , 16
.
Sing2511#configure
Sing2511(config-if)#peer default ip address pool modem-users
Sing2511(config-if)#ip local pool modem-users 131.108.1.111 131.108.1.126
IP-,
.
, ,
- (Dynamic Host Configuration
Protocol DHCP). , IOS
, DHCP- IP- .
peer default ip address
dhcp. ,
, IP- DHCP-,
IOS ip dhcp-server. ,
DHCP-, , IP-
. ZIP
IP- DHCP:
Sing2511#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
Sing2511(config-if)#peer default ip address dhcp
Sing2511(config-if)#ip dhcp-server 131.108.21.70
- ,
,
IP- DNS NetBIOS/WINS.
1877 " Internet Protocol
Control Protocol Extensions" ("
"). ,
(
Microsoft).
DNS
NetBIOS/WINS. IOS
async-bootp. IP-
() DNS-cep dns-server,
IP-. IP-
() NetBIOS/WINS-
nbns-server, IP-.
ZIP IP-
DNS NetBIOS/WINS 1877
async-bootp:
153
Sing2511#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
Sing2511(config)#async-bootp dns-server
131.108.101.34
131.108.101.35
Sing2511(config)#async-bootp nbns-server 131.108.21.70
Sing2511(config)#^Z
DNS NetBIOS/WINS
BOOT, async-boot
IOS
SLIP BOOT. ,

1877.
async-boot DNS
NetBIOS/WINS ,
IOS. ,
, ,
, .
, ,

.
IOS ipcp
.
IP- () DNS-
dns, IP-.
IP- () NetBIOS/WINS-
wins, IP-.
ZIP IP DNS NetBIOS/WINS
1877 ipcp:
Sing2511#configure
Sing2511(config-if)#ppp ipcp dns 131.108.101.34 131.108.101.35
Sing2511(config-if)#ppp ipcp wins 131.108.21.70
ISDN-
, ISDN-
,
,
. ISDN- ,
.
3,
ISDN-, ISDN-,
().
ISDN- ISDN-,
. . 4.10
,
ISDN RI-.
, IP154
, ISDN IP. , ,
,
ISDN-,
. ISDN-,
,
ISDN-, . 3
ISDN- (ISDN SPIDs)
ISDN- BRI. ISDN- ,
ISDN- .
ISDN- IP-
: IP-.
, ISDN-
.
ISDN- ,
(dialer interface). ISDN- -
ISDN , ,
SPID-. , , IP ,
. ISDN-,
, dialer
rotary-group. ,
, . , , dialer rotary-group 1,
1. ISDN
BRI- ISDN- ZIP
1:
SingISDN#configure
memory,
or network
[terminal]? Enter
configuration commands,
one per line.
End with CNTL/Z.
SinglSDN(config)#interface bri 4
SinglSDN(config-if)#dialer rotary-group 1
SingISDN(config-if)#interface bri 5
SingISDN(config-if)#dialer rotary-group 1
SinglSDN(config-if)# ^Z

IP-, .
155
, -
1OS authentication ppp
authorization network, . ,
, IOS username.
ISDN- ZIP
- ,
(Jim) (Janet):
SinglSDN#configure
SinglSDN (conf ig)#aaa authentication default ppp local
SinglSDN (config)#aaa authorization network default if-authenticated
SinglSDN (conf ig)#username jim password dog
SinglSDN (conf ig)#username Janet password house
SinglSDN (config)# ^Z
IP-, ISDN-, .
, IP ISDN- .
IP- ISDN-.
IP-, ,
.
IP,
, ISDN-.
IP ,
ISDN- IP
IOS encapsulation.
- IP-
IOS
ppp authentication. IOS compress mppc
Microsoft.
ISDN- ZIP
ISDN- ,
.
Microsoft:
SinglSDN#configure
SinglSDN (config)#interface dialer 1
SinglSDN (config-if )#encapsulation ppp
SinglSDN (conf ig-if)#ppp authentication chap ms-chap pap callin
SinglSDN(config-if)#compress mppc
SinglSDN(config-if)# ^Z
ISDN , ..
. ISDN-
.
ISDN- ?
.

,
.
IOS multilink.
ISDN-
IOS dialer-list .
156
,
( )
.
IP-
. , dialer-list,
IOS dialer-group,
.
ISDN- ZIP
. 102.
SinglSDN#configure
SinglSDN(config)#interfaoe dialer 1
SinglSDN(config-if)#ppp multilink
SinglSDN(config-if)#dialer-group 1
SinglSDN(config-if)#dialer-list 1 protocol ip list 102
SinglSDN(config)#access-list 102 permit top any any eq telnet
SinglSDN(config)#access-list 102 permit tcp any any eq www
SinglSDN(config)#access-list 102 permit udp any any eq domain
SinglSDN(config)#access-list 102 permit tcp any any eq ftp
SinglSDN(config)#^Z

2125 "Bandwidth Allocation
Control Protocol (BACP)" (" ").
(Bandwidth Allocation Protocol ),
, ,
,

. ,

. IOS 11.3.
IP- ISDN-
,
. ISDN- ISDN , IP-.

IOS ip unnumbered. IP-

peer default ip address.
IP-, ISDN-,
IP-, ISDN-,
IP-, ISDN- DHCP-.
ISDN- ZIP
ISDN- IP-
isdn-users ("ISDN-"):
SinglSDN#configure
SinglSDN(config)#interface dialer 1
SinglSDN(config-if)#peer default ip address pool isdn-users
SinglSDN(config-if)#ip local pool isdn-users 131.108.1.91 131.108.1.106
SinglSDN(config-if)#^Z
157
IP- DNS NetBIOS/WINS ISDN , 1877.

, ISDN-
IOS async-bootp dns-server
async-bootp nbns-server ipcp dns ipcp
wins. IP- .
ISDN- ZIP
IP- DNS NetBIOS/WINS ISDN-
async-bootp:
SingISDN#configure
SinglSDN(config)#async-bootp dns-server 131.108.101.34 131.108.101.35
SinglSDN(config)#async-bootp nbns-server 131.108.21.70
SinglSDN(config)#^Z
ISDN- ZIP
IP- DNS NetBIOS/WINS ISDN-
ipcp:
SinglSDN#configure
SinglSDN(config)#interface dialer 1
SinglSDN(config-if)#ppp ipcp dns 131.108.101.34 131.108.101.35
SinglSDN(config-if)#ppp ipcp wins 131.108.21.70
SinglSDN(config-if)#^Z
ISDN
.

Cisco Systems, , , Using ISDN Effectively in
Multiprotocol Networks (" ISDN
"),
Cisco
www.cisco.com/univerad/cc/td/doc/cisintwk/ics/cs008.htro .
IP-
,
.
, ,
,
( ), .
, , , ,

IP- .
, , -
, IP .
show ip route, .
, ,

IP- . ,
,
,
158
. , , (, -
), , ,
.
, ,
, . UNIX
ping,
Packet Internet Groper (" "). ping,
, (IP Control
Message Protocol ICMP) - IP- . ,
1--, ICMP--. , -,
, - , .
ZIP SF-Core-1 ping ,
-:
SF-Core-l#ping 131.108.100.1
Type escape sequence to abort.
Sending 5,100-byte ICMP Echos to 131.108.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent
(5/5),
round-trip min/avg/max = 25/25/25 ms
SF-Core-ltt
ICMP-- (!) ,
. -
- . ,
, .
IP- ,
, , -,
ping. - ,
- IP- ARP-.
ARP- , .
. 4.6 ,
ping.
4.6. ping

!

-

.
,
-, , ,

U

IP-
- ICMP--
1 "destination unreachable" (" ")
N

IP-

ICMP- "network unreachable"
159
(" ")
IP- ICMP-
ICMP- "protocol unreachable" ("
")
IP-
,
ICMP "source quench message" ("
"),
, ""
, "Do Not Fragment" ("
") 1
ICMP- "could not fragment" ("
")
,

ICMP- "administratively
unreachable" (" ")

ping , .
EXEC
IP-. ,
EXEC, -, ,
, , IP- ,
- .
ping, SF-Core-1.
IP- Fast Ethernet, - 131.108.100.1,
1500 .
SF-Core-l#ping
Protocol [ip]:
Target IP address: 131.108.100.1
Repeat count [5]:
Datagram size [100]:1500
Timeout in seconds [2]:
Extended commands [n]:y
Source address or interface: 131.108.20.3
Type of service [0] :
Set DF bit in IP header? [no]:
Validate reply data? [no] :
Data pattern [OxABCD]:
Loose, Strict, Record, Timestamp,Verbose[none]:Sweep range of sizes [n]:
Sending 5, 1500-byte ICMP Echos to 131.108.100.1, timeout is 2 seconds:
i i i i i
Success
rate is
100 percent
(5/5),
round-trip min/avg/max = 29/29/29 ms
SF-Core-l#
160
, -
, ,
, trace, IP . trace
UNIX. ping, EXEC IOS trace
, .
IP- ,
.
, IP-
, trace ICMP- "TTL-Expired" (TTL Time To
Live) (" ") (TTL " "). -
UDP- TTL 1.
TTL
. ( 0),
.
ICMP- "TTL-Expired",
.
- UDP-, TTL
2. , 1
TTL .
, TTL 0
, .
- ICMP- "TTL-Expired", -
, . ,
IP- . UDP-
, 33434,
. IP- ICMP- "Port
Unreachable" (" "), - ,
.
ZIP SF-Core-1 trace
, Seoul-1:
SF-Core-l#trace 131.108.3.5
Tracing the route to testy.zipnet.com (131.108.3.5)
1 sO/0-SanJose-sj.zipnet.com (131.108.240.2) 25 msec 25 msec 25 msec
2 sl-Seoull-kr.zipnet.com (131.108.241.2) 176 msec *176 msec
3 testy.zipnet.com (131.108.3.5) 178 msec 178 msec 178 msec
SF-Core-l#
IP- ,
, . ,

, . IP-
: .
,
ICMP-. .
, -
, .
.
, . ,
IOS Cisco, ICMP .
, ICMP-,
ICMP-
161
"TTL-Expired". TTL ,
ICMP- ,
. ICMP-
-.
.
trace
trace:
SF-Core-l#trace 131.108.3.5
Tracing the route to testy.zipnet.com (131.108.3.5)
1 sO/0-SanJose-sj.zipnet.com (131.108.240.2) 25 msec 25 msec 25 msec
2 * * *
3 testy.zipnet.com (131.108.3.5) 178 msec 178 msec 178 msec
SF-Core-l#
4
trace ,
, IP- -,
, TTL-,
TTL .
trace, .
.
SF-Core-ltrace
Protocol tip]:
Target IP address: 131.108.3.5
Source address:
Numeric display [n]:
Timeout in seconds [3] :
Probe count [3]:
Minimum Time to Live [1] :
Maximum Time to Live [30]:
Pert Number [33434]:
Loose, Strict, Record, Timestamp, Verbose [none]:
Tracing the route to 131.108.3.5
1 131.108.240.2 25 msec 25 msec 25 msec
2 131.108.241.2 176 msec * 176 msec
3 131.108.3.5 178 msec 178 msec 178 msec
SF-Core-l#
,
, , , IP-
-. -, ,
IOS EXEC show ip arp
IP-, , 48 - ARP- .
, IP ARP-.
IP-ARP-, ,
ARP- ( ARP- ARP-
.) show ip arp ZIP SF-Core-1:
S F - C o r e-l# s h o w ip a r p
P r oto c ol A d d r e s s
Inter net 1 3 1.108.2 0.
I nter net 13 1.1 0 8. 2 0. 2
Inter net 13 1.1 0 8.2 0.4
I n t e r n e t 1 3 1 . 1 0 8 . 2 0 . 11
Inter net 13 1.1 0 8.2 0.9 9
S F - C o r e-l #
A g e( mi n)
4
2
2
0
H a r d war e A d d r
0 0 0 0. Oc 0 7.b 6 2 7
0000. Oc6 7.b 6 2 c
0000. O cf1.a9cl
0000. O cb8.02bc
Inco mplete
T ype I
ARP A
ARP A
ARP A
ARP A
ARP A
I nterface
Fast Ether net O/0
FastEthernet O/0
FastEthernet O/0
FastEthernetO/0
162
ARP- 1 3 1 . 1 0 8 . 2 0 . 9 9
- incomplete ( ), ,
ARP-, ARP-
. ,
, , , .
IP
show ip traffic.
, ,
, ICMP/UDP/TCP-
. ,
ICMP--, IP- ( ), ,
, . show
ip traffic , -. ,
show ip traffic ZIP SF-Core-1:
SF-Core-l#show ip traffic
IP statistics:
Rcvd: 4686565 total, 2623438 local destination
0 format errors, 0 checksum errors, 77 bad hop count 0 unknown protocol,
1 not a gateway 0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 , basic security, 0 loose source route 0 timestarap, 0
extended
security, 0 record route 0 stream ID,0 strict source route,0 alert,0
other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented,0 couldn 't fragment
Bcast: 5981 received,0 sent
Mcast: 2482184 received,3581861 sent
Sent: 3893477 generated,2062048 forwarded
954 encapsulation failed,208 no route
ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 5 redirect, 5070 unreachable
3 echo, 16 echo reply, 0 mask requests
0 parameter,0 timestamp,0 info request,0 other
0 irdp solicitations,0 irdp advertisements
Sent: 0 redirects, 18050 unreachable, 66 echo, 3 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 7 time exceeded, 0 parameter problem
0 irdp solicitations,0 irdp advertisements
UDP statistics:
Rcvd: 52836 total, 4 checksum errors, 18085 no port
Sent: 50699 total, 5949 forwarded broadcasts
TCP statistics:
Rcvd: 47895 total,0 checksum errors,1 no port
Sent: 46883 total
Probe statistics:
Rcvd: 0 address requests,0 address replies
0 proxy name requests,0 where-is requests,0 other
Sent: 0 address requests, 0 address replies (0 proxy)
0 proxy name replies, 0 where-is replies
EGP statistics:
Rcvd: 0 total, 0 format errors, 0 checksum errors,
Sent: 0 total
JGRP statistics:
Rcvd: 0 total, 0 checksum errors
Sent: 0 total
OSPF statistics:
Rcvd: 0 total,0 checksum errors
0 hello, 0 database desc, 0 link state req
163
0 link state updates, 0 link state acks

Sent: 0 total
IP-IGRP2 statistics:
Rcvd: 2105381 total
Sent: 3140121 total
PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0, Register Stops:
IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0,
Host Queries: 0/0, Host Reports:
DVMRP: 0/0, PIM: 0/0
ARP statistics:
Rcvd: 8540 requests, 4 replies,0 reverse, 0 other
Sent: 89 requests, 9018 replies (0 proxy), 0 reverse
SF-Core-1#
, show ip traffic,
, , .
, , ARP ARP- ,
, . ICMP--
, -
, .
,
, IOS EXEC debug,
IP . debug
, ,

, . debug,
TCP/IP, . 4.7.
4.7. IP
debug ip
routing
debug ip packet
debug ip udp
debug ip icmp
debug ip arp
,

IP- ,
. debug
, .
UDP-
ICMP-,

ARP-,
,
d e bu g
i p rip, d e bu g ip ei grp, debug ip i grp, debug i p ospf debug ip bgp.
,
.
,
.
- Cisco Connection Documentation (
Cisco) www.
Cisco. com/univercd/home/home. htm.
164

He debug, ,
.
IOS no logging console
logging bufferd
.
. ,
,
, .
IOS
EXEC show log. ,
.
IP
IOS,
Cisco , ,
.
,
.

TCP/I- ,
IP-, , IP-. ,
IP-.
DNS. DNS- IP, IP-,
.
DNS IOS. , ,
IOS ip domainlookup. DNS IOS
, , IP-
DNS, .
IOS ip domainname. DNS-
IOS ip name-server. ip name-server
IP- . IOS
DNS-, ,
, ,
IOS ip domain-list.
DNS ZIP SFCore-1. zipnet.com, IP-
131.108.110.34 131.108.110.35.
SF--1# configure
SF-Core-1(config)#ip domain-lookup
SF-Core-1(config)#ip domain-name zipnet.com
SF-Core-1(config)#ip domain-list zipnet.com
SF-Core-1(config)#ip domain-list zipnet.net
SF-Core-1(config)#ip name-server 131.108.110.34 131.108.110.35
165
DNS
IOS EXEC show host. , show host , IP-, .
show host ZIP SFCore-1:
SF-Core-l#show host
Default domain is
zipnet.com
Domain list:
zipnet.com,
zipnet.net
Name/address
lookup uses domain service
Name servers are 131.108.110.34,
131.108.110.35
Host
Flags
Age
testy.zipnet.com
(temp,OK)
1
sl-Seoull-kr.zipnet.com
(temp,OK)
1
sO/0-SanJose-s].zipnet.com
(temp,OK)
1
SF-Core-l#
Type
IP
IP
IP
Address(es)
131.108.3.5
131.108.241.2
131.108.240.2
- IP-
. , DNS- ,
, DNS, IP . IP-
IOS ip host.
-, Telnet
IP-, -.
- IP-
ZIP SF-Core-1:
SF-Core-1#configure
SF-Core-1(config)lip host grouchy 131.108.3.5
SF-Core-1(config)tip host grouchy-console 2001 131.108.3.50
SF-Core-1(config)#ip host farout 131.108.3.88 131.108.3.150
- IP-
show host.
- IP- ZIP SF-Core-1:
SF-Core-l#show host
Default domain is zipnet.com
Domain list: zipnet.com, zipnet.net
Name/address lookup uses domain service
Name servers are 131.108.110.34, 131.108.110.35
Host
Flags
Age
testy.zipnet.com
(temp,OK)
1
sl-Seoull-kr.zipnet.com
(temp,OK)
1
sO/0-SanJose-sj.zipnet.com
(temp,OK)
1
grouchy
(perm,OK)
2
grouchy-console
(perm,OK)
2
farout
(perm,OK)
2
Type
IP
IP
IP
IP
IP
IP
Address(es)
131.108.3.5
131.108.241.2
131.108.240.2
131.108.3.5
131.108.3.50
131.108.3.88
131.108.3.150
SF-Core-1#
- ,
DNS, Flags () -.
temp ( ) ,
DNS .
perm ( ) ,
.
IP-xocr- IOS
166
EXEC clear host. -

-. .
ZIP SF-Core- -
IP- - HMCHBIV t e s t y.z i pn et.co m :
SF-Core-l#clear host testy.zipnet.com
SF-Core-l#
IP-

IP - .
IP- (ARP-) ,
(
) .
IP- UDP-,
, . ,
, NetBIOS IP,
UDP-
.
, , .
, , DHCP (Bootstrap Protocol
), UDP-, IP-
IP- ;
, . ,
IP- IP-.

, IOS UDP-
- . ,
IP-,
IOS ip helper-address
IOS ip forward-protocol.
DHCP- ,
DHCP-, . 4.11.
SF-2,
ZIP -.
ZIP - SF-2 ,
Microsoft Windows 95/98, NT Windows 2000, DHCP
IP-.
Ethernet 0 Ethernet 1 SF-2. DHCP-
Fast Ethernet 0. Ethernet
, , , DHCP-
Fast Ethernet DHCP-.
Ethernet,
, ip helper-address.
ip helper-address IP- -
IP-. DHCP-,
, DHCP-.
167
ZIP SF-2 ip
helper-address,
DHCP- 131.108.21.70.
SF-2#configure
SF-2(config-if)#ip helper-address 131.108.21.70
SF-2(config)#^Z
DHCP-
, DHCP- .
, DHCP-.

IP- , DHCP-:
SF-2 # configure
SF-2(config-if)#ip helper-address 131.108.23.255
SF-2(config-if)#^Z
ip
helper-address
,
ip
forward-protocol
,
UDP- .
ip helper-address, HI
UDP-.
(TFTP) ( 69).
( 53).
( 37).
NetBIOS ( 137).
NetBIOS ( 138).
()
( 67 68).
TACACS ( 49).
, ,
,
ip forward-protocol,
,

. ip forward-protocol
, ( UDP),
168
, .
,
UDP- 1965, NetBIOS
ZIP SF-2:
SF-2#configure
memory,
or network
[terminal]? Enter
one per line.
End with CNTL/Z. SF-2(config)#ip
forward-protocol udp 1965
SF-2(config)#no ip forward-protocol udp 137
SF-2(config)#no ip forward-protocol udp 138
SF-2(config)#^Z
, ip helper-address,
show ip interface.
:

. ,
IP- >
DHCP BOOT,
. , . ,
(""),
,
.
.

, , UDP-
. Cisco Systems
,
. Cisco
www.Cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm.
DHCP-
IOS
IP DHCP- .
, , DHCP-. - DHCP ,

DHCP-. DHCP-
, , UNIX Windows NT ,
DHCP .
,
1OS .
DHCP- IOS DHCP- ,
/
, .
, , 1-() DNS-cepBepa(oB),
. DHCP- IOS
DHCP-,
- DHCP, .
169

DHCP-, IOS Cisco Systems
DNS- DHCP-, Cisco Network Registrar
, Solaris, HP-UX Microsoft Windows.
DHCP- IOS
: , ,
, ,
. DHCP-
IOS
.
DHCP-

.
DHCP- IOS :
DHCPOFFER DHCPACK. . 4.12 DHCP DHCP-. DHCP-
DHCPDISCOVER, DHCP-. DHCP-cep
DHCPOFFER. DHCP-
DHCP-
DHCPREQUEST. DHCP DHCPACK, ,
. , . 4.12,
, ]
, DHCPDECLINE,
2131 "Dynamic ; Configuration Protocol" ("
-").
IOS
DHCP- .
,
.
IP-, .
, .
,
.
DHCP- IOS
ZIP -.
DHCP- IOS * ,
DHCF (
). , ,
TFTP, FTP RCP.
,
DHCF . , *
, DHCP-.
170
IOS ip dhcp
database.
(URL), , .
,
.
DHCP- ZIP -
IP- 1 3 1 . 1 0 8 . 2 . 7 7 kl-dhcp-info.
TFTP.
Kuala-Lumpur#configure
Kuala-Lumpur(config)#ip dhcp database tftp://131.108.2.77/kl-dhcp-info
Kuala-Lumpur(config)#^Z
DHCP- IOS ,
. DHCP ping-. ,
,
.
DHCP- , ip dhcp
database ,
DHCP-.
IOS no ip dhcp conflict logging.
ZIP - TFTP-,
DHCP-, :
Kuala-Lumpur(config)#no ip dhcp conflict logging
,
.
,
,
DHCP-.
IOS ip dhcp excluded-address.
IP-, ,
IP-.
, ,
, IP . ZIP
- IP- 131.108.2.1 131.108.2.10 IP-
131.108.2.57:
Kuala-Lumpur(config)#ip dhcp excluded-address 131.108.2.1 131.108.2.10
Kuala-Lumpur(config)#ip dhcp excluded-address 131.108.2.57
DHCP- IOS IP-,

. ,
DHCP- ( ),
171
DHCP-. DHCP-

, -
, DHCP- IOS
. IOS ip
dhcp pool. ,
, .
DHCP-,
(config-dhcp) #, .
DHCP- kl-users
-
DHCP- .
Kuala-Lumpur(config)#ip dhcp pool kl-users
Kuala-Lumpur(config-dhcp)#^Z
, DHCP-,
DHCP- IOS network. network
: IP-
.
, . DHCP-
, ,
network, ,
.
- DHCP- kl-users network,
, DHCP- (
255.255.255.128 /25):
Kuala-Lumpur #configure
Kuala-Lumpur(config-dhcp)#network 131.108.2.0 /25
131.108.2.0 /25
, DHCP- 131.308.2.1
131.8.2.128 ( ).
/25
255.255.255.128.
DHCP-,
DHCP- IOS
DHCP-, .

, DNS-, NetBIOS/WINS. ,
.
DHCP-:
domain-name DNS-, ;
dns-server IP- DNS-,
IP-;
netbios-name-server IP- NetBIOS/WINS-, NetBIOS ( , Windows)
172
;
netbios-node-type NetBIOS- ;
default-router IP- ,
;
lease , (lease )
.
dns-server, netbios-name-sarver default-router
IP-,
. domain-name
, DNS- . lease
, , ,
.
infinit, , .
netbios-node-type b, , m h,
, , NetBIOS-, ,
, .
, .
, -
DHCP- , DHCP-
ZIP:
Kuala-Lumpur(config-dhcp)#dns-server 131.108.101.34 131.108.101.35
Kuala-Lumpur(config-dhcp)#domain-name zipnet.com
Kuala-Lumpur(config-dhcp)#netbios-name-server 131.108.21.70
Kuala-Lumpur(config-dhcp)#netbios-node-type h
Kuala-Lumpur(config-dhcp)#default-router 131.108.2.1
Kuala-Lumpur(config-dhcp)#lease 0 1
, DHCP- IOS
DHCP- . DHCP- DHCP . DHCP- ,
DHCP- .
, ,
. , ,
DHCP-
. , , ,
. ZIP
-.
kl-users 131.108.2.0/25.
, DNS-,
. 131.108.2.128/25
,
. , -
:
Kuala-Lumpur(config)#ip dhcp excluded-address 131.108.2.129 131.108.2.135
Kuala-Lumpur(config)#ip dhcp pool kl-users-2
Kuala-Lumpur(config-dhcp)#network 131.108.2.128/25
173
Kuala-Lumpur(config-dhcp)#domain-naine zipnet.com
kl-users-2 ,
kl-users,
.
kl-users kl-users-2,
,
. , ,
. -
131.108.2.0/24, ,
. , klusers kl-users-2 .
DHCP- -,
kl-users kl-users-2 , klcommon:
Kuala-Lumpur(config)#ip dhcp pool lei-common
Kuala-Lumpur(config-dhcp)#domain-name zipnet.com
Kuala-Lumpur(config-dhcp)#ip dhcp pool kl-users
Kuala-Lumpur(config-dhcp)#ip dhcp pool kl-users-2
Kuala-Lumpur(config-dhcp)# ^Z
, 131.108.2.0/25 131.108.2.128/25
131.108.2.0/24,
. default-router
IP-, .
, DHCP- IOS
IP-, DHCP-
EXEC IOS. , DHCP- IOS

, EXEC IOS show ip dhcp database.

URL. , . show ip dhcp
database ZIP -:
Kuala-Lumpur>show
URL
:
Read
:
Written
:
Status
:
Delay
:
ip dhcp database
tftp://131.108.2.77/kl-dhcp-info
Never
Jun 30 2000 12:01 AM
Last Write Successful.
300 seconds
174
Timeout
:
Failures
:
Successes
:
Kuala-Lumpur>
300 seconds
0
72
show ip dhcp database

, ,

.
, EXEC IOS show ip dhcp binding.
IP-,
.
. show ip dhcp binding
ZIP -,
, - DHCP :
Kuala-Lumpur>show ip dhcp binding
IP address
Hardware address
131.108.2.89
OOaO.9802.32de
131.108.2.156
OOaO.9478.43ae
Kuala-Lumpur>
Lease expiration
Jul 01 2000 12:00 AM
Jul 01 2000 1:00 AM
Type
Automatic
Automatic
, , DHCP- IOS
DHCP-, show ip dhcp
conflict. IP-,
( );
.
show ip dhcp conflict ZIP , IP-, ,
.
Kuala-Lumpur>show ip dhcp conflict
IP address
Detection Method
131.108.2.126 PingJul 02 2000
131.108.2.254 Gratuitous ARP
Kuala-Lumpur>
Detection time
12:28 AM
Jul 02 2000 01:12 AM
Detection Method ( ) ,
DHCP- IOS .
ping, , DHCP-
. Gratuitious
ARP ( ) , DHCP IOS ARP- ARP-
. , , ,
( , , ,
- ).
, DHCP- IOS DHCP-,
IOS EXEC show ip dhcp server
statistics. ,
, , DHCP-,
DHCP- ,
. show ip dhcp server
statistics ZIP -:
175
Kuala-Lumpur>show ip
Memory usage
Address pools
Database agents
Automatic bindings
Manual bindings
Expired bindings
Malformed messages
Message
BOOTREQUEST
DHCPDISCOVER
DHCPREQUEST
DHCPDECLINE
DHCPRELEASE
DHCPINFORM
Message
BOOTREPLY
DHCPOFFER
DHCPACK
DHCPNAK
Kuala-Lumpur>
dhcp server statistics

40392
3
1
48
0
7
0
Received
22
175
168
0
Sent
17
166
155
3
IP-

.
,
, ,
. ( )
IP-,
,
, .
,
.
IP- , ,
. , , ,
, IP-
. , , ,
IP-
,
.
,
Cisco Systems (Hot Standby
Router Protocol HSRP). HSRP ,
,
IP- .
HSRP .
,
HSRP . IP-
.
,
IP-.
,
. HSRP-
, HSRP , ,
, IP176
,

.
HSRP .
, HSRP-, ,
( ),
( ,
)
.
HSRP ZIP,
. (Seoul-1 Seoul-2)
IP- 131.108.3.0. ,
,
HSRP. IP, IP- .
, - .
HSRP
IOS standby ip. IP-,
IP- .
IP-,
HSRP-. HSRP
ZIP Seoul-1 Seoul-2 standby ip
IP- 131.108.3.3:
Seoul-l#configrure
Seoul-1(config-if)#standby ip 131.108.3.3
Seoul-1(config-if)# AZ
Seoul-2#configure
Seoul-2(config-if)#standby ip 131.108.3.3
HSRP- ,
, . ARP IP- - IP-.
, IP-,
.
, - IP- Ethernet, Fast Ethernet,
Gigabit Ethernet FDDI 0000. Oc07 .acXX,
HSRP-. - IP- Token
Ring 1000...
show ip arp 131.108.3.3 ZIP
Seoul-1 HSRP:
Seoul-l#show ip arp 131.108.3.3
Protocol
Address
Age (min)
Internet
131.108.3.3
Seoul-l#
Hardware Addr
0000.Oc07.acOO
Type
ARPA
Interface
EthernetO
177

Token Ring - IP-
.
IOS standby use-bia,
IP- HSRP ,
, HSRP-rpy .
, ,
HSRP.

IOS standby priority. ,
0 255. HSRP-
. ZIP Seoul-1
HSRP- 100, Seoul-2 95,
Seoul-1:
Seoul-1#configure
Configuring from terminal, memory, or network [terminal]? Enter
configuration commands, one per line. End with CNTL/Z.
Seoul-1(config-if)#standby priority 100
Seoul-1(config-if)#^2
Seoul-2#configure
Seoul-2(config-if)#standby priority 95
, ,
. ,
, .

, IOS standby
preempt. Seoul-2 ,
Seoul-1. Seoul-1 ,
Seoul-2. standby preempt Seoul-1
Seoul-2 . standby preempt
, ZIP Seoul-1
, HSRP-:
Seoul-1#configure
memory,
or network
[terminal]?
one per line.
End with CNTL/Z.
Seoul-1 (config)#interface ethemet 0
Seoul-1(config-if)#standby preempt
,
. ,
HSRP- .
ZIP Seoul-1 -, ,
, -. Seoul-2 -. Seoul-1
, , Seoul-1,
, - -.
178
, ,
Seoul-1 Seoul-2
.
. , Seoul-2
, - .
IOS HSRP-, Seoul-1
HSRP- HSRP- Ethernet 0 ,
Seoul-2.
IOS standby track.
,
, , , , HSRP . ,
.
standby track
ZIP Seoul-1 ,
Serial 1 Seoul-2:
Seoul-l#configure
Seoul-1 (config) #interface ethemet 0
Seoul-1(config-if)#standby track serial 1
Seoul-1(config-if) #^Z
HSRP EXEC IOS

show standby. ,
,
HSRP. ,
HSRP . ,
show standby Seoul-1 Seoul-2:
Seoul-l#show standby
EthernetO - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:01.880
Hot standby IP address is 131.108.3.3 configured
Active router is local
Standby router is 131.108.3.2 expires in 00:00:07
Tracking interface states for 1 interface, 1 up:
Up SerialO Seoul-l#
Seoul-2#show standby
EthernetO - Group 0
Local state is Standby,priority 95, may preempt
Hellotime 3 holdtime 10
Next hello sent in 00:00:01.380
Hot standby IP address is 131.108.3.3 configured
Active router is 131.108.3.1 expires in 00:00:06
Standby router is local
Seoul-2#
show standby HSRP,

, HSRP-
. IP IP- () HSRP.
HSRP ,

179
. , ,
.
, IOS
HSRP-. HSRP, IP-,
. , ZIP Seoul-1 Seoul-2, HSRP IP- 131.108.3.3 Seoul-1,
- HSRP-.
HSRP- IP- 131.108.3.4,
Seoul-2,
HSRP- HSRP-,
Seoul-1. HSRP- Seoul-1
, a Seoul-2 , HSRP- Seoul-2
, a Seoul-1 .
HSRP- IP-,
-
, - .
,
,
.
HSRP-
standby. , standby I ip address 131.108.3.3 standby 1 priority 100
, HSRP-
1. standby 2 address 131.108.3.4 standby 2 priority 100 ,
HSRP- 2.
ZIP
TCP/IP.
IOS, ,
, .
,
IOS
.
.
IP- 32- .

.
,
.
IP- IP-
. IP-
, .
Internet .
IP-
IP- .
IP-
IP-. ,
, .
,
,
.
, ,
180
.
IP-
, .
:
.
:
. IOS

,
.
IP- IP-
.
:
,
, .
IP-
ISDN-,
.
IP- ,
show ip route ping. trace debug

, , .
IP-, , ,
.
, DHCP,
. IOS DHCP-

,
, Hot Standby Router Protocol

.
. 4 8 EXEC IP
4.8. EXEC IP
clear host
IP--
Clear ip access list counters
IP-
clear ip route
ping ip-
show {frame-relay | atm | 25 |
dialer) map
show access-list
show host
show interface
show ip access-list
show ip arp
show ip dhcp binding
IP-
IP-

,
DNS
-,
IP-
, IP-

IP-,
IP-,
-
,
DHCP- IOS
181
show ip dhcp conflict

show ip dhcp database
show ip dhcp server statistics

show ip interface brief
show ip interface
show ip masks
show ip protocols
show ip route
show ip route connected
show ip route ip-
IP-,
DHCP- IOS
,
DHCP- IOS DHCP
,
DHCP- IOS
IP-
,
, IP-
,
,

summary
,
IP-
,

show standby
,

IP
HSRP
terminal ip netmask-format {decimal

I bit-count | hexidecimal}
trace ip-
, ,
IP-
show ip route static

show ip traffic
. 4. 9 IP
4.9. IP
aaa authentication ppp

aaa authorization network
access-list
arp-server
ATM ARP-, IP- ATM NSAP-
asyn c-b oot p d ns -se rve r

ip
IP- () DNS,

async-bootp nbns-server
ip
IP- ()
NetBIOS/WINS- ,

async mode {interactive |

dedicated}

,
182
autoselect during-login
autoselect
compress
default-metric
default-router
p ec
IP-
, DHCP- DHCP IOS
dialer-group
,
, ,
dialer-lis t
protocol
,
, ,

dialer map ip
IP-
ISDN-
dialer rotary-group

distribute-list
ISDN

dns-server
IP- DNS-,
DHCP- DHCP- OCIOS
domain-name
DNS- , DHCP DHCP- IOS
flowcontrol {hardware |
software)
frame-relay map ip
group-range
ip access-group list
(in I
out}
ip access-list
{extended | standard}
IP-

ip address ip-
IP-
ip classless

, IP-
,
IP- DLCI- Frame Relay
183
CIDR-
ip default-information
originate
OSPF
OSPF-
ip default-network
{no}
ip dhcp conflxct
logging
DHCP- IDS

ip dhcp database url
DHCP
ip dhcp excluded-address
IP-
DHCP-
DHCP- IOS
i p d h c p p o o l
DHCP- , DHCP
ip d hcp -se rve r i p-a dpe c
IP- DHCP- IP-
i p d o m a i n - l x s t
ip d oma in- loo kup
DNS-
ip domain-name
ip forward-protocol udp
type
UDP-
ip helper-address ip
UDP-
IP-
ip host
IP- ()
ip local pool (default |

pool-name}
ip- ip-adpec
IP-
IP-

ip name-server ip-adpec
DNS- ()
ip netmask-format {decxmal |
bxt-count | hexxdecxmal}

ip ospf network {broadcast
| non-broadcast
|p o x n t - t o - m u l t i p o i n t }
ip rip {send I recexve)
versxon
ip route 0.0.0.0 0.0.0.0
OSPF
RIP

0.0.0.0
184
ip-adpec
ip route
ip-
ip route
ip-adpec
ip routing
IP-
ip subnet-zero

( )
ip unnumbered
IP
map-group
IP ATM-
map-list
IP-
ATM
modem autooonf igure

{discovery | ]
m o d e m { d ai l in | i n o ut )
neighbor ip-adpec
IP-

neighbor ip-adpec
description
BGP- neighbor
neighbor ip-adpec
distribute-list
BGP-
neighbor ip-adpec remote-as

asn

BGP
neighbor ip-adpec updatesource
IP-
BGP-

netbios-name-server
IP-
NetBIOS/WINS- DHCP DHCP- IOS
netbios-no de-type
NetBIOS, DHCP DHCP- IOS
network
, , ,

network area

, ,
,
185

OSPF,

network [ |
}
IP-,
DHCP- DHCP-
DHCP-
no auto-summary
no inverse-arp
IP- DLCI- Frame Relay
passive-interface
,
,
peer default ip
address {pool | dhcp
ip-adpec}
, IP-
,

autentication
, -

ipcp {dns
IP- () DNS
NetBIOS/WINS-
wins}
multilink
redistribute protocol
router {rip | igrp | ospf

| eigrp | bgp)
speed
standby ip ip-adpec
IP- IP- HSRP-
standby preempt

HSRP-
,
standby priority
HSRP-

standby track
HSRP-
s t a n b y u s e- b i a

-
IP-
{no} synchronization

IGP-
EBGP-
username
186
password
version RIP
RIP,
,

25 map ip
IP- X 121

.
1. Bellovin, S.M., and W.R. Cheswick, Firewalls and Internet Security: Repelling the Wily
Hacker. Reading, Massachusetts: Addison-Wesley, 1994.
2. Comer, D.E. Internetworking with TCP/IP. Volume I, Fourth Edition. Englewood Cliffs,
New Jersey: Prentice Hall, 2000. (
, "" 2002 . .)
3. , -. Internet, 2-
. "", 2001 .
4. Halabi ., and D. McPherson. Internet Routing Architectures, Second Edition Indianapolis,
Indiana: Cisco Press, 2000.
5. Zwicky, E.D., et al. Building Internet Firewalls, Second Edition. Sebastopol, California:
O'Reilly & Associates, 2000.
187

AppleTalk
AppleTalk
AppleTalk
AppleTalk,

AppleTalk
AppleTalk
AppleTalk-
,
AppleTalk
RTMP EIGRP
AppleTalk
AppleTalk
acc ess-lis t
a pp l et alk a c c es s - group

AppleTalk IOS
, AppleTalk
AppleTalk
show, ping debug
AppleTalk
AppleTalk
-. 1980- Apple Computer
Macintosh,
, , 1
.
AppleTalk
,
,
.
,
AppleTalk ,
AppleTalk,
,
,
,
, , IP
-
Dynamic
Host
Configuration
Protocol
(DHCP)
. 5.1 ,
AppleTalk.
188
, ,
(AppleTalk Address Resolution Protocol AARP),
(Datagram Delivery Protocol DDP),
(Routing Table Maintenace Protocol RTMP),
(Name Binding Protocol NBP) - (AppleTalk
Echo Protocol AEP). "
AppleTalk "
(Zone Information Protocol ZIP) ,
. 5.1, , , ,
.
IOS Cisco AppleTalk

, IOS, , Desktop Protocol Suite.
AppleTalk
TCP/IP, 4, " TCP/IP",
AppleTalk Apple Computers.

.
AppleTalk,
( )
189
,
AppleTalk.
AppleTalk- 24- ,
16- 8- .
,
. .
. , 52.6 6
52. TCP/IP,
, AppleTalk .
AppleTalk DDP,
AppleTalk-, .

, TCP/IP-.
AppleTalk
: AppleTalk 1 2. AppleTalk 1
.
AppleTalk 2 ,
(cable-range),
.
,
-. , 100-100
, 100,
50-64 , 15 50 64.
, AppleTalk,
. , ,
- , AppleTalk
. , AppleTalk 1 2
.
AppleTalk 1 254 : 127
127 .
1 .
AppleTalk 1 127 AppleTalk--. ,
, AppleTalk 2.
AppleTalk 2
, .
2
253 .
, 1 253.
2 1 253.
, (
),
. ,
. ,
, -
.
2 LocalTalk, . LocalTalk

(CSMA/CD). LocalTalk AppleTalk 1
. AppleTalk 2
190
AppleTalk .
AppleTalk 1 2, ,
AppleTalk 1
2.
Cisco LocalTalk,
AppleTalk 1
,
Cisco 2.
,
, AppleTalk.

AARP .
, , AppleTalk,
, , ,
. , AARP-, ,
. ,
, ,
AARP-, ,
. . 5.2
.
AppleTalk,
Apple .
, 5 10 8 20,
. Apple ,

.

,
, ,
. , ,
, .
- ,
.
.
, ,
. ,
, ,
, .
191
, ,

. , , "
" "", ,
, "" "". ,
, NBP
.
NBP .
, , ,
. NBP,
10.5, 20. 8,
: " " -
"" "". NBP
, ,
(DNS) TCP/IP.
NBP, IOS
, hostname. Cisco NBP
192
ciscoRouter. , NBP, ,
IOS EXEC show appietalk nbp.
" AppleTalk
".
,
AppleTalk. AppleTalk

.
. 5.1 .
5.1. AppleTalk 1 2
AppleTalk 1
AppleTalk 2
,

1
65279
( )

254*
253**

127

;
253

127

;
253
,
1
1 (); 255

()

( );
1
(
)
1 255 .
** 0, 254 255 .
AppleTalk
AppleTalk
. ,
. .

.

;
.

.

50 .

193
.
,
ZIP,
-. . 5.2 AppleTalk ZIP,
-.
ZIP
. -
11000. ZIP,
, , . , 1~ 1000 . 1-10
, 11900
, . ,
9011000 .
5.2. AppleTalk ZIP,
-

1-10
11-100
1-
FDDI

101-200
2-
201-900
901-901
- --
902-902
- -
903-1000
,
AppleTalk.

Cisco,
AppleTalk, .
. .
1,
2.
,
, .
TCP/IP (Ethernet/IEEE
802.3, Fast Ethernet, Gigabit Ethernet, Token Ring/IEEE 802.5 FDDI), 3,
" Cisco",
- AppleTalk-, .
AARP,
. , AppleTalk,
AppleTalk-, ,
,
AppleTalk-. ,
, , - AppleTalk, -.
(ARP Address Resolution Protocol)
194
TCP/IP AARP -,
, .

AppleTalk-. ,
,
AppleTaik-.
AppleTalk 3
. AppleTalk
(IEEE 802.2 SNAP LLC), Apple
AppleTalk .
AppleTalk Ethernet EtherTalk, Token
Ring TokenTalk FDDI FDDITalk.
Apple ,
AppleTalk .
EtherTalk (EtherTalk Link Access Protocol ELAP),
TokenTalk (TokenTalk Link Access Protocol TLAP)
FDDITalk (FDDITalk Link Access Protocol FLAP).
,
SNAP-. Ethernet, FDDI Token Ring
SNAP- , , IEEE 802.3,
IEEE 802.5 FDDI IEEE 802.2 SNAP LLC.
AppleTalk
,
Apple, AppleTalk.
AppleTalk 1 ,
IOS appletalk address.
..
,
. .
, .
ZIP 2,
SF-1 ethtrnet 1
AppleTalk 1:
SF-1#configure
SF-1(config-if)#appletalk address 201.1
SF-1(config-if)#^Z
AppleTalk 2

IOS appletalk cable-range.
-,
, .

, .

.,
.
SF-2 AppleTalk 2:
195
SF-2#configure
SF-2 (config)#interface ethernet 0
SF-2 (config-if)#appletalk cable-range 151-200
SF-2 (config-if)#interface ethernet 1
SF-2 {config-if)#interface fddi 0
SF-2 (config-if)#^Z
AppleTalk

IOS appletalk zone. ,
. ,
, Macintosh.
.
appletalk zone
.
.
,
AppleTalk , . ,
, SF-2
:
S F - 2 # c o n fi g u r e
SF-2 (config)#interface ethernet 0
SF-2 (config-if)#appletalk zone Marketing
SF-2 (config-if)#interface ethernet 1
SF-2 (config-if)#appletalk zone Sales
SF-2 (config-if)#interface fddi 0
SF-2 (config-if)#appletalk zone SF Zone
SF-2 (config-if)#^Z
AppleTalk IOS Cisco

() .
, ,
.
. -,
, ()
( ,
, IOS, ,
). , ,
.
,
, ,
, .

.
, ,
, .
,
AppleTalk .
AppleTalk
196
IOS appletalk discovery.

appletalk address appletalk cable-range. ,
, . 0.0 appletalk address
appletalk cable-range. , ,
appletalk zone . ZIP
, AppleTalk
tokenring / , -:
San-Jose#configure
San-Jose(config-if)#appletalk discovery
San-Jose(config-if)^Z

AppleTalk ,
.. appl etal k
address appl etalk cable-range apll etal k zone.
AppleTalk .
AppleTalk-
. ,
(, .25 Frame Relay),
AppleTalk.
AppleTalk- ,
.

4 IP,
. AppleTalk-
,
. ,
, ,
AppleTalk- .
AppleTalk-
IOS aplletalk address
1 IOS appletalk cable-range
2. (
) AppleTalk-
. AppleTalk-
IOS appletalk zone. , , Seoul-1
( Frame Relay
(High-Level
Data Link Control HDLC)):
Seoul-1#configure
Seoul-1 (config)#interface serial 0.16 point-to-point
Seoul-1 (config-if)#appletalk cable-range 2901-2901
Seoul-1 (config-if)#appletalk zone WAN Zone
Seoul-1 (config-if)#interface serial 0.17 point-to-point
Seoul-1 (config-if)#appletalk zone WAN Zone
Seoul-1 (config-if)#interface serial 1
197

Seoul-1 (config-if}#appletalk zone WAN Zone
Seoul-1 (config-if)#^Z

,
4 IP.
IP, AppIeTalk
, Frame Relay, X.25, ISDN ATM.
AppleTalk- IOS appletalk
address appletalk cable-range. ,
AppIeTalk IOS
appletalk zone.
AppIeTalk
. AppIeTalk.
. ,
, ..
,
, .
applet al k addres s a p p l et al k cable-ra n ge.
Frame Relay
(DLCI) Frame Relay .
AppleTalk. DLCI-
AppleTalk Frame Relay Inverse ARP.
DLCI-,
AppleTalk, ,
frame-relay map appletalk.
.25
Frame Relay ,
. .25
. AppleTalk X. 121,
.
.121, .

AppleTalk .121,
25 map appletalk.
ISDN
. AppleTalk, IP, ISDN-
,
ISDN-. . AppleTalk
, ISDN-,
IOS dialer map appletalk.
ATM
/ .
AppleTalk ATM ATM . AppleTalk
, ATM-
/
(LLC/SNAP). ATM ,
AppleTalk- .
AppleTalk-
ATM- . ATM198
,
ATM- AppleTalk- ..
LLC/SNAP-
IOS map-group
IOS map-list AppleTalk- .
. LLC/SNAP-

IOS map-group IOS map-lis t
AppleTalk- (Network Service
Access Point NSAP), ATM-.
AppleTalk-
AppleTalk- AppleTalk,
, : show
appletalk interface. -1,
AppleTalk .
, ,
. sho w
appletalk interface ethernet 0 ZIP SF-2:
F-2#show appletalk interface ethernet 0
EthernetO is up, line protocol is up AppleTalk cable range is 151-200
AppleTalk address is 198.72, Valid
AppleTalk zone is "Marketing "
AppleTalk address gleaning is disabled
AppleTalk route cache is enabled

. AppleTalk
, ,
.
AppleTalk-. .
, - .
, .
, -
AppleTalk, , .
" AppleTalk
".
IOS EXEC show appletalk interface ,
AppleTalk-
.
show a p p l e t a l k i n t e r f a c e b r i e f .
show appletalk interface brief
ZIP SF-2:
SF-2#show appletalk interface brief
Interface
EthernetO
Ethernetl
FddiO
Loopbackl
Address
198.72
120.45
7.12
unassigned
Config
Extended
Extended
Extended
not config'd
Status/LineProtocol
up
up
up
up
Atalk
up
up
up
n/a
Protocol
AppleTalk ,
, AppleTalk- .
.
IOS EXEC show frame-relay map, show atm map show
199
dialer map, .

AppleTalk
AppleTalk- IOS
, ,
AppleTalk.
AppleTalk
, . AppleTalk-
,
. AppleTalk ,
IP, ,

, .
AppleTalk-
,
.
AppleTalk ,
. AppleTalk-
.
,
AppleTalk-, . AppleTalk
,
" ,
AppleTalk".

AppleTalk
AppleTalk
AppleTalk-, AppleTalk
. IOS
AppleTalk.
AppleTalk,
IOS appletalk routing.
AppleTalk ZIP SF-2:
SF-2#configure
memory,
or network
[terminal]? Enter
one per line.
End with CTRL+Z.
SF-2
(config)#appletalk routing
SF-2(config)#^Z
AppleTalk ,
, . ,
AppleTalk-
, ,
AppleTalk- .
, .
,
AppleTalk-.
, .

(Routing Table Maintenance Protocol RTMP).
200
AppleTalk
IOS EXEC show appletalk route. ,
AppleTalk.
SF-2 ZIP,
:
SF-2#show appletalk route
Codes:
R - RTMP derived,
E - EIGRP derived, -connected, A - AURP S - static
P proxy 3 routes in internet
The first zone listed for each entry is its default
(primary)
zone.
Net 1-10 directly connected,
FddiO,
zone SF Zone
Ethernetl,
zone Sales
EthernetO,
zone Marketing
show appletalk route .

, ,
AppleTalk- .
, show ip route,
IP-, 4.

. , .
AppleTalk
AppleTalk-, , , ,
, , . ""
,
AppleTalk-. show appletalk route
"
AppleTalk".
4 IP-
IP-,
. AppleTalk-.
AppleTalk- AppleTalk-
appletalk static.
SF-2 ZIP ,
AppleTalk-, 40000-40000, 5.10,
FDDI. SF Zone 4000040000 appletalk static.
SF-2#configure
SF-2 (config)#appletalk static cable-range 40000-40000 to 5.10 zone SF Zone
SF-2 (config)t^Z
show appletalk route,

SF-2:
Codes: R RTMP derived, E EIGRP derived, -connected,
A - AURP S
static P proxy
4 routes in internet
The first zone listed for each entry is its default (primary) zone.
201
Net
Net
Net
Net
1-10 directly connected, FddiO, zone SF Zone

101-150 directly connected, Ethernetl, zone Sales
151-200 directly connected, EthernetO, zone Marketing
40000-40000 [1/G ] via 5.10, 315 sec,FddiO, zone SF Zone
AppleTalk-
IOS EXEC show apple static:
SF-2#show apple static
AppleTalk
Static
Entries:
-------------------------------------------------------------Network
NextIR
Zone
Status
40000-40000
5.10
SF Zone
A
AppleTalk
, AppleTalk-
IOS EXEC show appletalk route.
,
AppleTalk.
show appletalk route
AppleTalk.
, ,
, , .
AppleTalk-
. , show appletalk
route ZIP SF-2:
Codes: R RTMP derived, E EIGRP derived, -connected, A - AUR, S static, P proxy 5 routes in internet
Net 1-10 directly connected, FddiO, zone SF Zone
Net 101-150 directly connected, Ethernetl, zone Sales
Net 151-200 directly connected, EthernetO, zone Marketing
R Net 11-100 [1/G] via 2.12, 10 sec, FddiO, zone Operations
S Net 40000-40000 [1/G] via 5.10, 315 sec, FddiO, zone SF Zone

SF-2 AppleTalk- AppleTalk- 11-100,
SF-1
AppleTalk- RTMP.
.
. AppleTalk-
(
).
,
( ), ,
,
.
( )
, ,
.
. (..
), , G, S , .
, 20
, . 20-
(G)
202
(S) (S) (). 1

. , ,
. ,
, ,
.
show ip route, show appletalk route,
, ,
AppleTalk- ,
EXEC clear appletalk route, ,
AppleTalk-, ,
, how appletalk route, ,
.
AppleTalk ,
1OS EXEC show appletalk zone.
, . ,
show appletalk zone
ZIP SF-2:
SF-2#show appletalk zone
Name
Network(s)
SF Zone
1-10 40000-40000
Sales
101-150
Marketing
151-200
Operations
11-100
Total of 4 zones
AppleTalk-,
. , AppleTalk AppleTalk-,
IOS EXEC show appletalk neighbors. ,
show appletalk neighbors
ZIP SF-2. , SF-2 AppleTalk SF-1 SF-1
RTMP.
SF-2#show appletalk neighbors
AppleTalk neighbors:
2.12
SF-l.FddiO
FddiO, uptime 33:27,
Neighbor is reachable as a RTMP peer
2 sees
, AppleTalk
4, ,
, . ,
,
AppleTalk.
IOS Cisco
AppleTalk: (Routing Table Maintenance
Protocol RTMP) AppleTalk EIGRP. TCP/IP, AppleTalk
: RTMP,
. AppleTalk EIGRP
IOS . ,
EIGRP ,
IOS, AppleTalk-, IOS,

203
RTMP.
ZIP RTMP,
E1GRP. EIGRP
,
RTMP. AppleTalk-
, RTMP, , .

EIGRP.

RTMP EIGRP.
AppleTalk RTMP
RTMP AppleTalk
. Routing
Information Protocol IP (IP RIP). AppleTalk RTMP ,
. AppleTalk, , AppleTalk.
IP RIP
4. AppleTalk RTMP
(IGP). AppleTalk
(EGP),
Internet.
AppleTalk RTMP AppleTalk- ,
appletalk routing.
AppleTalk,
RTMP
, ,
.
RTMP "" :
10 . ,

.
IP RIP, AppleTalk RTMP
. ,
, .
, AppleTalk RTMP, 30.
, 30 , .
show appletalk route SF-2 ,
AppleTalk- 11-100 1 ,
AppleTalk- [1/G]:
Codes:
R - RTMP derived, E - EIGRP derived, - connected, A - AURP,
S - static, P - proxy 5 routes in internet
Net 1-10 directly connected, FddiO, zone SF Zone
Net 101-150 directly connected, Ethernetl, zone Sales
Net 151-200 directly connected, EthernetO, zone Marketing
R Net 11-100 [1/G] via 2.12, 10 sec, FddiO, zone Operations
S Net 40000-40000 [1/G] via 5.10, 315 sec, FddiO, zone SF Zone

AppleTalk-. IP,
204
. AppleTalk ,
appletalk maximum-paths. , appletalk maximum-paths 2

AppleTalk. ,
, AppleTalk.
,
AppleTalk.
AppleTalk EIGRP
AppleTalk EIGRP
(Interior Gateway Routing Protocol IGRP)
Cisco, AppleTalk-. AppleTalk
EIGRP , DUAL
, EIGRP IP-,
4. AppleTalk EIGRP ,
, , ,
. EIGRP
,
, ,
RTMP, .
EIGRP , , ,
, ,
.
AppleTalk EIGRP
: EIGRP
, EIGRP-.
AppleTalk EIGRP,
IOS appletalk routing eigrp.
, ,
IP EIGRP IP BGP.
AppleTalk EIGRP,
25000:
Singapore#configure
memory,
or network
[terminal]?
one per line.
End with CTRL+Z.
Singapore (config) #appletalk routing eigrp 25000
Singapore (config)#^Z
AppleTalk EIGRP ,
, EIGRP-
. ,
AppleTalk- ,
IOS appletalk protocol.
eigrp rtmp.
ZIP EIGRP .
EIGRP
ZIP :
Singapore#configure
Singapore(config)#interface serial 0.100
Singapore(config-if)#appletalk protocol eigrp
205
RTMP AppleTalk- ,
, EIGRP,
EIGRP, RTMP. ,
show appletalk interface,
ZIP :
Singapore#show appletalk interface serial 0.100
SerialO.100 is up, line protocol is up
AppleTalk cable range is 2902-2902
AppleTalk address is 2902.2,Valid
AppleTalk zone is "WAN Zone "
Routing protocols enabled: RTMP EIGRP
AppleTalk address gleaning is not supported by hardware
AppleTalk route cache is not initialized
, ,
AppleTalk EIGRP,
AppleTalk EIGRP RTMP.
, ,
EIGRP- RTMP- .
, AppleTalk EIGRP,
IOS appletalk route-redistribution,
.
, EIGRP-
, RTMP, .
.
, ,
1OS Cisco, RTMP- ,
.
RTMP , AppleTalk-
, , AppleTalk-, IOS.
RTMP
AppleTalk. ZIP RTMP
, AppleTalk-,
IOS. RTMP, IOS no appletalk protocol rtmp.
RTMP
ZIP :
Singapore#configure
memory,
or network
[terminal]?
one per line.
End with CTRL+Z.
Singapore(config)#interface serial 0.100
Singapore(config-if)#no appletalk protocol rtmp Singapore(config-if}#^z
, RTMP
AppleTalk-, AppleTalk-
AppleTalk-, 1OS. ,
AppleTalk- (
), RTMP-

. ,
,
RTMP- ,
.
206
,
, appletalk
rtmp-stub. ZIP ,
,
Ethernet :
Singapore#configure
Singapore(config)#interface ethernet
Singapore(config-if)#appletalk rtmp-stub
AppleTalk EIGRP, RTMP

show appletalk route.
AppleTalk EIGRP
IOS EXEC, . 5.3.
5.3. IOS EXEC AppleTalk EIGRP
IOS EXEC
EIGRP
show appletalk eigrp interfaces
show appletalk eigrp neighbors

show appletalk eigrp topology
show appletalk eigrp traffic
,

AppleTalk EIGRP
, AppleTalk EIGRP
AppleTalk
EIGRP
,

() AppleTalk EIGRP

AppleTalk

AppleTalk IOS Cisco
, ,
AppleTalk-, , ,
, .
TCP/IP,
AppleTalk-.

AppleTalk ,
TCP/IP. ,
AppleTalk-. ,
AppleTalk NBP
. ,
. , ,
207
.
-
AppleTalk , .

,
. ,
,
. ,
, , .
AppleTalk,
AppleTalk,
NBP, .
AppleTalk,
.
NBP .
AppleTalk
IOS access-list ,
600699.
IP (Internetwork Packet
Exchange IPX), AppleTalk
. AppleTalk
.
-, .
, permit network
, deny network .
,
.
permit network ,
deny network.
-, AppleTalk
,
.
,
.
,
, :
access-list other-access (
);
access-list additional-zones (
);
access-list other-nbps (
NBP-).
. IOS
access-list deny other-access .
access-list deny additional-zones access-list deny
other-nbps NBP-, .

, ,
, .
,
NBP,
AppleTalk npb.
, , ,
NBP-.
208
NBP- -, ,
-,
. (
" " (Engineering
Public)), (AppleTalk-- AFPServer) ,
( - (San Jose Zone)). deny other-nbps
.
San-Jose#configure
Enter configuration commands, one per line. End with CTRL+2.
San-Jose(config)#access-list 601 permit nbp 1 object Engineering Publio
San-Jose(config)#access-list 601 permit nbp 1 type AFPServer
San-Jose(config)#access-list 601 permit nbp 1 zone San Jose Zone
San-Jose(config)#access-list 601 deny other-nbps
San-Jose(config)#^Z
,
. ,
.
AppleTalk zone.
,
Operations Zone ( ),
additional-zones:
Singapore#configure
Singapore(config)#access-list 605 deny zone Operations
"
Singapore(config)#access-list 605 permit additional-zones

AppleTalk,
, .
,
.
.
.
AppleTalk, NBP-,
1OS appletalk access-group.
in out, , ,
out.
AppleTalk 601
-, ZIP
:
San-Jose#configure
San-Jose(config)#interface serial 0/0
San-Jose(config-if)#appletalk access-group 601
San-Jose(config-if)#interface serial 1/0
San-Jose(config-if)#appletalk access-group 601
209
, AppleTalk,
, ,
.

(Zone Information Protocol ZIP).
, ZIP
(Zone Information Table ZIT)
ZIP- , .
ZIP ,
, RTMP EIGRP.
ZIP- .
Macintosh Apple
(Chooser),
ZIP. AppleTalk, .
Zone Information Protocol (ZIP)

Zoom Integrated Products (ZIP).
ZIP,
AppleTalk.
IOS appletalk zip-reply-filter.
, ZIP-
, .
, appletalk zip-reply-filter ,
.
Ethernet
605 AppleTalk ,
Operations Zone:
Singapore #configure
Singapore(config)#interface ethernet 0
Singapore(config-if)#appletalk zip-reply-filter 605
,
IOS appletalk getzonelist-filter. ,
ZIP- ,
. appletalk zip-reply-filter,

, getzonelist-filter.
Ethernet
605 AppleTalk ,

Operations Zone:
Singapore#configure
Singapore(config-if)#appletalk getzonelist-filter 605
210

, ,
ZIP- GetZoneList .
, , ,
, .
,
, .
,
.
, , ,
IOS,
, IOS,
.

IOS EXEC show access-list show appletalk access-list.
, ,
AppleTalk.
. .
, . show appletalk access-list
:
Singapore#show appletalk access-lists
AppleTalk access list 605:
deny zone Operations
permit additional-zones
IOS EXEC show appletalk interface ,

AppleTalk.
, AppleTalk
605 zip-reply- getzonelist-:
Singapore#show appletalk interface ethernet 0
AppleTalk cable range is 4001-4010
AppleTalk address is 4008.30,Valid
AppleTalk zone is "Manufacturing "
AppleTalk address gleaning is disabled
AppleTalk route cache is enabled
AppleTalk GetZoneList filter is 605
AppleTalk Zip Reply filter is 605

AppleTalk
IOS
AppleTalk. 1OS Cisco
AppleTalk-, ,
IP.
AppleTalk AppleTalk
211
,
.
IOS AppleTalk
ISDN-.
AppleTalk,
AppleTalk (AppleTalk Remote Access Protocol ARAP) AppleTalk-
(AppleTalk Control Protocol ATCP) (Point-to-Point
Protocol PPP). AppleTalk- ISDN
,
.
4 IP-
,
, -,
. AppleTalk
,
4 IP.
ARAP
. AppleTalk-, ARAP,
-, , ,
-, IP
7, " ". ,
ARAP, , AppleTalk PPP,

.
,
, ARAP. ARAP-

. ARAP,
ARAP
.
IOS arap enable
, ARAP .
IOS arap authentication default
ARAP ,
. , IOS autoselect

ARAP.
Sing2511, IP , ARAP:
Sing2511#configure
Sing2511(config-line)#arap enable
Sing2511(config-line)#arap authentication default
Sing2511(config-line)#autoselect arap
Sing2511(config-line)#^Z
, ARAP,
-.
ARAP-,
authentication arap.
. ,
212
ARAP
, ,
TACACS+ (Terminal Access Controller Access Control System).

auth-guest, , ARAP ,

EXEC IOS.
, ARAP,
AppleTalk- ,
. ARAP-
IOS arap network.

Sing2511
AppleTalk, ARAP- AppleTalk.
ARAP-
AppleTalk- 2500 Macdailup Zone ("-" ):
Sing2511#configure
Sing2511(config)#aaa authentication arap default auth-guest local
Sing2511(config)#arap network 2500 Mac-dialup
Sing2511(config)#^Z
AppleTalk
,
, 4
IP- .
ARAP, AppleTalk - AppleTalk- ,
. ARAP ,
-
IOS.
-
AppleTalk -. IOS appletalk
virtual-net. .
IOS appletalk client-mode
, .
AppleTalk-,
.
Sing2511 AppleTalk -,
AppleTalk- 2501 Zone Mac-dialup:
Sing2511#configure
Configuring from terminal memory or network [terminal]?
Enter configuration commands one per line. End with CTRL+Z.
Sing2511(config)#apple virtual-net 2501 Mac-dialup
Sing2511(config)#interface group-as nc 1
Sing2511(config-if)#appletalk client-mode
Sing2511(config-if)#AZ
AppleTalk

IOS
AppleTalk,
213
.
IOS EXEC show, debug ,
.
IOS EXEC show appletalk interface
,
.

. ,
Ethernet 0
ZIP SF-2:
SF-J#show
EthernetO
AppleTalk
AppleTalk
AppleTalk
AppleTalk
AppleTalk
AppleTalk
appletalk interface ethernet 0

is up line protocol is up
node down Port configuration error
able range is 151-200
address is 198.72 Invalid
zone is not set.
address gleaning is disabled
route cache is enabled
IOS EXEC show appletalk nbp ,

. .,
, NBP. ,
, . .
show appletalk nbp
ZIP SF-1, ,
NBP:
SF-l#show appletalk nbp
Net Adr Skt Name
2
12 254
SF-l.FddiO
22 7
254
SF-l.EthernetO
Type
ciscoRouter
ciscoRouter
Zone
SF Zone
Operations
, , ,
.
AppleTalk- - IOS
EXEC show appletalk arp.
AppleTalk- .. , Apple Talk ARP. AppleTalk- , , ARP-. ( ARP- ARP-.)
show appletalk arp
ZIP SF-1:
SF-l#show appletalk arp
Address Age(min)
Type
2.12
Hardware
9.159
Hardware
5.20
Dynamic
Hardware Addr
0000.OcOc.34dl.0000
000.OcOc.23dl.0000
0000.030.Ilc4.0000
Encap
SNAP
SNAP
SNAP
Interface
FddiO
Ethernetl
FddiO
TCP/IP, AppleTalk - /,
- AppleTalk (AppleTalk Echo Protocol AEP).
AppleTalk- - . ,
- -.
AppleTalk-, . IOS
ping appletalk.
ping appletalk ,
214
- ,
. IOS EXEC ping appletalk,
SF-1, - 100 AppleTalk:
SF-l#ping appletalk 5.20
Sending 5 100-byte AppleTalk Echos to 5.20 timeout is 2 seconds:
! ! ! ! !
Success rate is 100 percent (5/5)round-trip min/avg/max = 1/2/4 ms
- (!) ,
. -
-. .
, .
. 5.4 ,
ping AppleTalk.
5.4. ping
()

, ,

-, ,

- -
ping appletalk, IP-, . EXEC

AppleTalk-. ,
EXEC, , , ,
.
ping appletalk, SF-1;
500 :
SF-l#ping appletalk
Target AppleTalk address:
5.20
Repeat count
[5]:
Datagram size
[100]:
500
Timeout in seconds
[2] :
Verbose
[n]:
Sweep range of sizes [n]:
Sending 5 500-byte AppleTalk Echos to 5.20 timeout is 2 seconds:
! ! ! ! !
215
Success
rate is
100 percent
(5/5)
round-trip min/avg/max =
1/4/6 ms
AppleTalk
Cisco ,
IOS EXEC. show appletalk traffic
, ,
, ,
RTMP EIGRP ,
AppleTalk -. show
appletalk traffic .
IOS EXEC clear appletalk traffic
- .
, show appletalk traffic,
ZIP :
Singapore#show appletalk traffic
AppleTalk statistics:
Rcvd: 90 total, 0 checksum errors, 0 bad hop count
45 local destination, 0 access denied, 0 fast access denied
0 for MacIP, 0 bad MacIP, 0 no client
0 port disabled, 0 no listener
0 ignored, 0 martians Beast: 0 received, 18766 sent
Sent: 18766 generated, 0 forwarded, 0 fast forwarded, 45 loopback
0 forwarded from MacIP, 0 MacIP failures
25 encapsulation failed, 0 no route, 0 no source
DDP: 135 long, 0 short, 0 macip, 0 bad size
NBP: 30 received, 0 invalid, 0 proxies
0 replies sent, 55 forwards, 25 lookups, 0 failures
RTMP: 0 received, 0 requests, 0 invalid, 0 ignored
17624 sent, 0 replies ATP:
0 received
ZIP: 0 received, 20 sent, 0 netinfo
Echo: 40 received, 0 discarded, 0 illegal
20 generated, 20 replies sent
Responder: 0 received, 0 illegal, 0 unknown
0 replies sent,0 failures
AARP: 0 requests, 0 replies, 0 probes
0 martians, 0 bad encapsulation, 0 unknown
153 sent, 0 failures, 0 delays, 25 drops
Lost: 0 no buffers
Unknown: 0 packets
Discarded: 0 wrong encapsulation, 0 bad SNAP discriminator
AURP:0 Open Requests, 0 Router Downs
0 Routing Information sent, 0 Routing Information received
0 Zone Information sent, 0 Zone Information received
0 Get Zone Nets sent, 0 Get Zone Nets received
0 Get Domain Zone List sent, 0 Get Domain Zone List received
0 bad sequence
EIGRP: 0 received, 0 hellos, 0 updates, 0 replies, 0 queries, 1097 sent,
0 hellos, 0 updates, 0 replies, 0 queries
IOS,
AppleTalk, show appletalk globals.
,
AppleTalk,
, .
, ,
.
show appletalk globals
ZIP SF-1:
216
SF-l#show appletalk globals

AppleTalk global information:
Internet is incompatible with older, AT Phasel, routers.
There are 16 routes in the internet.
There are 11 zones defined.
Logging of significant AppleTalk events is disabled.
ZIP resends queries every 10 seconds.
RTMP updates are sent every 10 seconds.
RTMP entries are considered BAD after 20 seconds.
RTMP entries are discarded after 60 seconds.
AARP probe retransmit count: 10, interval: 200 msec.
AARP request retransmit count: 5, interval: 1000 msec.
DDP datagrams will be checksummed.
RTMP datagrams will be strictly checked.
RTMP routes may not be propagated without zones.
Routes will be distributed between routing protocols.
Routing between local devices on an interface will not be performed.
IPTalk uses the udp base port of 768 (Default).
EIGRP router id is: 2500
EIGRP maximum active time is 3 minutes
Alternate node address format will not be displayed.
Access control of any networks of a zone hides the zone.
,
, EXEC IOS
debug, AppleTalk
. debug ,
, ,
, . ,
debug appletalk errors
. debug
AppleTalk . 5.5.
5.5. AppleTalk
debug appletalk arp

AARP- ,
AARP (AARP ager)
debug appletalk eigrp-packet
AppleTalk EIGRP,

debug appletalk eigrp-update
AppleTalk EIGRP
debug appletalk errors
,
AppleTalk
debug appletalk events
AppleTalk,

debug appletalk nbp
NBP
debug appletalk packet
AppleTalk- ,
. debug ip
packet, , . ,

debug appletalk routing
,
EIGRP RTMP
217
debug appletalk rtmp
debug appletalk
zip
,

RTMP-

ZIP
ZIP ,
AppleTalk.
AppleTalk-,
,
AppleTalk. Web-, " ",
,
. .
AppleTalk 1
.
2 ,
-..
2 ,
2 .
AARP.

.
, IOS Cisco
AppleTalk, RTMP EIGRP. RTMP
,
AppleTalk appletalk routing. EIGRP
.
- AppleTalk
.
, NBP, .
AppleTalk
, IP IPX.
, , ,
.

,
.
.
AppleTalk
show, debug ping (. . 5.3, 5.5 5.6).
5.6. EXEC AppleTalk
clear appletelk route

clear appletalk traffic
p i n g a p p l e t a l k .
show appletalk access-list
,
,
show appletalk traffic

AppleTalk-
AppleTalk 218
show appletalk globals

show appletalk interface brief
show appletalk interface
show appletalk nbp
show appletalk neighbors
show appletalk route
show appletalk static
show appletalk traffic
show appletalk zone
,

AppleTalk
AppleTalk-

, AppleTalk
,
AppleTalk,
,
,

AppleTalk
AppleTalk-,
5.7.
AppleTaik
authentication ,
ARAP
-
access-list

access-list [permit| deny]
additional zones
,

access-list [permit I deny] other- access
,

access-list [permit I deny] other- nbps

,

NBP
appletalk access-group

appletalk address .
1

appletalk cable-range -
2
appletalk client-mode
AppleTaik -
,
appletalk discovery

() ()
appletalk getzonelist-filter

ZIP,

219
appletalk maximum-paths
appletalk protocol [eigrp|rtmp]
appletalk route-redistribution
appletalk routing
appletalk routing eigrp
-
appletalk rtmp-stub
appletalk static
apple talk virtual-net
appletalk zip-reply-filter
appletalk zone
arap authentication default
arap enable
arap network
autoselect arap
dialer map appletalk
frame-relay map appletalk
map-group
map-list
x25 map appletalk
AppleTaik

, (EIGRP
RTMP)
AppleTalk-, EIGRP

EIGRP RTMP

AppleTaik
Appletalk
EIGRP

,
AppleTalk-
-
,

, ZIP- ,

ARAP .

ARAP
ARAP-
ARAP
,
AppleTalk- .
ISDN-
AppleTalk- DLCI Frame Relay

AppleTalk--
ATM

AppleTalk-

ATM
AppleTalk-
X121

1. Cisco Systems. Troubleshooting Internetworking Systems: AppleTalk Connectivity.
(
. Cisco,

220
www.cisco.com/univercd/cc/td/doc/cisintwk/tis_doc/76523.htm.
2. Sidhu, G., R. Andrews, and A. Oppenheimer. Inside AppleTalk, 2nd Edition. Reading,
Massachusetts: Addison-Wesley, 1990.
3. Vandersluis, K. and A. Eissa. Troubleshooting Macintosh Networks: A Comprehencive
Guide to Troubleshooting and Debugging Macintosh Networks. Indianapolis, Indiana:
IDG Books Worldwide, 1993.
221

IPX
IPX .
IPX-. IPX,

IPX-.
IPX IPX.
, IPX.
IPX RIP NLSP
.
IPX .
access-list ipx accessgroup.

IPX. IPX-
.
IPX
show, ping debug.
IPX- 20. JOS
IPX- 20.
222
IPX
1970- Xerox XNS (Xerox
Network Systems Xerox),
, Novell, Inc. 1980-
Novell ,
(Internet Packet Exchange Protocol IPX),
NetWare. XNS
NetWare (Streams Packet Exchange SPX) Novell NetWare
IPX/SPX, TCP/IP.
NetWare
( - -)
- . Novell NetWare
, ,
NetWare,
, .
. 6.1 ,
NetWare. .
,
: IPX, IPX- (IPX Routing
Information Protocol IPX RIP), (NetWare Link State Protocol NLSP),
(Service Advertisement Protocol SAP) SPX.
. 6.1 ,
, , .
he IOS Cisco IPX. , IOS, ,

Desktop Protocol Suite.
IPX
IPX
. IPX,
IPX- ( NetWare
223
) , IPX, .
IPX- : 32- ,
, 48- ,
.
, 48- ( 2 OSI)
. , IPX ,
, , , .
.,
. IPX-
, ,
IP- .
IPX- , IP-
. IPX-, IPX-
Cisco, ,
.
NetWare IPX- , IPX-
. IPX-
NetWare .
SAP
Cisco IPX-
ipx internal-network.
" NLSP".
, IPX-
. IPX- ,
48-
.
IPX- ,
, .
, ,
Ethernet TokenRing. IPX- IPX- .
. IPX- 10 Ethernet
0802.044d.d88f IPX- 10. 0802.044d.d88f
48- .
48- IPX-
IPX. ,
, . ,
, IOS
. IPX-,

IPX-. ,
Ethernet 0 0000.0cll.12ab. Ethernet 0
, IPX-
10 IPX- 20, IPX- 10 10.0000.Ocll.12ab,
IPX- 20 20.0000.Ocll.12ab.
, IOS, IPX- (
IPX RIP, )
IOS ipx routing. ,
IPX-
. IPX-
ZIP SF-2:
SF-2#configure
224
SF-2(config)#ipx routing
SF-2 (config)#^Z
,
IPX-, ipx routing.
12 IPX-,
.
IPX-
, IPX-
. ,
, ARP,
. 4, " TCP/IP".
IPX-
IPX-
Cisco.
IPX
.

Cisco,
IPX, IPX- .
. ,
, .
IPX-
IOS ipx network. IPX-,
, ipx
routing. IPX-
SF-2:
SF-2#configure
SF-2(config-if)#ipx network 200
SF-2(config-if)interface ethernet 1
SF-2(config-if)#interface fddi 0
SF-2(config-if )#^Z

IPX
. 6.1, IPX
. IPX Ethernet.
, , IEEE 802.3, IEEE 802.5
FDDI,
. , NetWare
. IPX

, Ethernet.
IPX
225
IOS Cisco. . 6.1

IPX IOS.
6.1. IPX
IOS

IOS Cisco
IPX
Ethernet_802 2
sap
Ethernet_802.3
novell-ether
Ethernet_II
arpa
Ethernet_Snap
snap
Token-Ring
sap
Token-Ring_Snap
snap
Fddi_Snap
snap
Fddi_802 2
sap
Fddi Raw
novell-fddi
Cisco Ethernet
IOS novell-ether. , Token Ring sap, FDDI snap.
IOS sap NetWare 4.0.
(LLC) IEEE 802.2
( , SAP). IEEE 802.2
LLC
. Token Ring sap,
,
IEEE 802.5,
IEEE 802.2 LLC. , FDDI
FDDI, 1 802.2 LLC.
IEEE 802.2 LLC SAP ( SAP

) SAP ( ) NetWare.
NetWare SAP .
novell-ether IOS Cisco
Ethernet_802.3 Novell
Ethernet. novell-ether

802.3, IPX , FFFF.
novell-ether
NetWare 3.11 IOS
Cisco.
Ethernet,
TCP/IP IPX,
Novell Ethernet_II ( IOS Cisco
).
226
Ethernet, IPX.
snap IOS Ethernet
IEEE 802.3, IEEE 802.2 SNAP LLC.
SNAP
IEEE-. Token Ring FDDI SNAP-
IEEE 802.5 FDDI, IEEE 802.2
SNAP LLC.
FDDI novell-fddi IOS
Cisco Fddi_Raw Novell.
FDDI,
IPX , FFFF.
: Ethernet
(sap, arpa, novell-ether snap), FDDI (sap, snap
novell-fddi) Token Ring (sap snap). . 6.2
Ethernet.
IPX ,
NetWare,
(NetWare 3.11 NetWare 4.0).
IPX-
. NetWare-, NetWare-
Cisco.

ipx network encapsulation.
snap Ethernet 0 ZIP SF-2:
SF-2#configure terminal
SF-2(config-if)#ipx network 200 encapsulation snap
SF-2(config-if)#^Z

NetWare . ,
IPX- NetWare 3.11
NetWare 4.0, .
, ,
, NetWare.
IPX-
Cisco
, NetWare.

. IPX-, IPX. .
, ,
ipx network secondary. Ethernet 0
ZIP SF-2 :
SF-2#configure
227
Enter onfiguration commands one per line. End with CTRL+Z.

SF-2(config-if)#ipx network 201 encapsulation arpa secondary
SF-2(config-if)#^Z

IPX, ,
ipx network.
IPX-
. 3, " Cisco", ,
(, .25
Frame Relay) .
, IPX.

4 IP,
. IPX-

IPX- .
,
IPX- .
IPX-
ipx network.
IPX- (
Frame Relay HDLC-) Seoul- 1:
Seoull#configure
Seoul-1 (config)#interface serial 0.16 point-to-point
Seoul-1 (config-if ) #ipx network 2901
Seoul-1 (config-if ) #interface serial 0.17 point-to-point
Seoul-1 (config-if) #ipx network 2902
Seoul-1 (config-if ) #interface serial 1
Seoul-1 (config-if ) #ipx network 1901
Seoul-1 (config-if) #^Z

4
IP. IP, IPX
, Frame Relay, X.25,
ISDN ATM.
IPX- ipx
network. IPX-
- .
Frame Relay
DLCI- IPX- ..
Inverse ARP Frame
Relay.
frame-relay map ipx DLCI- Frame Relay IPX . , .
.25
Frame Relay ,
. .25
IPX- X. 121,
228
.
X. 121, .
IPX- .121,
25 map ipx.
ISDN
. ISDN
, .
IPX- ,
ISDN,
IOS dialer map ipx.
ATM,
/ (VPI/VCI-), IPX-
ATM -
IPX LLC/SNAP ATM , .
-
, IPX-
. IPX ATM-.
ATM- IPX-, .
LLC/SNAP-
, IOS map-group
IOS map-list IPX-
. LLC/SNAI
, IOS
map-group IOS map-list
IPX- (NSAP network service
access point), ,
ATM-.
IPX-
IPX- IPX-, ,
EXEC show ipx interface.
, IPX
.
, , .
show i] interface ethernet 0
ZIP SF-2:
SF-2#show ipx interface ethernet 0
EthernetO is up line protocol is up
IPX address is 200.0000.OcOc.llbb NOVELL-ETHER [up]
Delay of this IPX network in ticks is 1 throughput 0 link delay 0
IPXWAN processing not enabled on this interface.
IPX SAP update interval is 60 seconds
IPX type 20 propagation packet forwarding is disabled
Incoming access list is not set
Outgoing access list is not set
IPX helper access list is not set
SAP GNS processing enabled delay 0 ms output filter list is 1010
SAP Input filter list is not set
SAP Output filter list is not set
SAP Router filter list is not set
Input filter list is not set
229
Output filter list is not set

Router filter list is not set
Netbios Input bytes access list is not set
Netbios Output host access list is not set
Netbios Output bytes access list is not set
Updates each 60 seconds aging multiples RIP: 3 SAP: 3
SAP interpacket delay is 55 ms
RIP interpacket delay is 55 ms
IPX accounting is disabled
IPX fast switching is configured (enabled)
RIP packets received 6
RIP packets sent 1861
SAP packets received 330
SAP packets sent 4
.
IPX- . IPX.
IPX- ,
.
IOS EXEC show ipx interface ,
IPX-
.
show ipx interface brief. show
ipx interface brief ZIP SF-2:
SF-2#show ipx interface brief
Interface
IPX Network
EthernetO
200
Ethernet1
150
FddiO
0
Loopbackl
unassigned
not
Encapsulation
NOVELL-ETHER
NOVELL-ETHER
SNAP
config'd up
Status
up
up
up
n/a
IPX State
[up]
[up]
[up]
IPX- , ,
.
IPX
IPX-
. IOS
EXEC show frame-relay map, show atm map, show x25 map show dialer maps.
IPX-
IPX- . IOS
IPX-.
IPX-.
, IP-, IPX IPX- . ,
IPX-, ,
, .
IPX ,
. IPX .
, IPX, . IPX
, "
, IPX".
IPX-
230
, 1>
ipx routing
IPX ,
. ,
IPX-, , IPX-
.
, .
, IPX
, .
,
.
IPX-, IOS
EXEC show ipx route. ,
IPX-.
ZIP SF-2,
, :
SF-2#show ipx route
Codes: - Connected primary network - Connected secondary network
S - Static F - Floating static L - Local (internal) W - IPXWAN R - RIP E EIGRP N - NLSP X - External A - Aggregate s - seconds u - uses U - Per-user
static
3 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.
No default route known.
10 (NOVELL-FDDI)
FdO
150 (NOVELL-ETHER)
Etl
200 (NOVELL-ETHER)
EtO
show ipx route

, IP" .

4 show ip route, IP-.
.
, .
IPX- IPX-,
, IPX ,
. "' ,
IPX-. show ipx route
; " IPX-".

4 ] .
IPX-. IPX IPX-
ipx route.
IPX-
, IPX-
IOS EXEC show ipx route.
, IPX.
show ip route ,
IPX-.
, ,
, , ,
231
. IPX-
.
show ip route ZIP SF-2:
SF-2#show ipx route
Codes: - Connected primary network
- Connected secondary network
S - Static F - Floating static L - Local (internal) W - IPXWAN R - RIP
E - EIGRP N - NLSP X - External A - Aggregate, s -seconds u - uses
10 (NOVELL-FDDI)
FdO
150 (NOVELL-ETHER)
Etl
200 (NOVELL-ETHER)
EtO
R 100 [02/01] via 100.0000.Ic2c.23bb, 19s, FdO
, IPX-,
SF-2, IPX- 100,
IPX RIP SF-1.
, show ip route, ,
show ipx route ,
EXEC clear ipx route, IPX-
.
, , show ipx route ,
.

,
IPX
4 ,
.
.
.
.
.
().
!
.
.
IOS IPX-.
, .
,
, SAP,
IPX-.
SAP IPX- IPX
RIP, NLSP IPX EIGRP.
SAP
(Service Advertisement Protocol SAP)
Novell, NetWare IPX. , ,
, IPX-. ,
. Novell,
NetWare. , SAP
4 NetWare, SAP 7
.
232
, NetWare,
SAP- 60 , .
NetWare SAP- ,
,
SAP-.
Cisco SAP
, IPX. SAP-
SAP, NetWare-
. SAP- Cisco
IOS EXEC show ipx servers.
show ipx servers ZIP SF-1:
SF-l#show ipx servers
Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail 2 Total
IPX Servers
Table ordering is based on routing andserver info
Type Name
Net Address
PortRoute Hops Itf
P
4 SF-MAIN 100.0001.0002.0006:04512/01 1
EtO
P
4 SF-ENG 100.0809.0001.0002:04512/01 1
EtO
, SF-1 IPX-,
( 4
). IPX- IPX- ,
, IPX- ,
. ,
SAP (
). IPX
" NLSP" " IPX EIGRP".
, IPX-,
SAP-. SAP-
ipx sap. ,
.
SAP-, NetWare, . IPX ( IPX Get Neareast
Server GNS), , .
NetWare-, , ,
IPX-. Cisco IPX , SAP- .
Cisco GNS- ,
, , , GNS- .
, SAP-
. ,
Cisco , .
, NetWare- GNS . ,
IPX- ,
.
ipx gnsround-robin, GNS-
.
GNS-,
233
SAP
IOS Cisco
, SAP- SAP- .
SAP
SAP .
IPX- SAP
SAP-, ,
. SAP
IPX-, ,
. ,
, IOS, SAP , "" IPX-.
IPX- "
IPX ".
SAP- IPX- SAP-,
access-list. SAP
1000 1099.
IP Apple Talk,
.
access-list IPX-.
ZIP - SAP, , NetWare 10. 0000.0000. a0b0:
San-Jose#configure
San-Jose(config)#access-list 1000 permitlO.0000.0000.b
San-Jose(config)#access-list 1000 deny -1
San-Jose(config)#^Z
SAP ( IPX
, ) IPX- -1
IPX-. ,
1000 SAP-.
IP, IPX
.
IPX- -1.
SAP
, < IOS.
ipx input-sap-filte ipx output-sap-filter
SAP,
, . SAP-,
1000, SAP
Serial 0 -:
San-Jose#configure
San-Jose(config-if)#ipx output-sap-filter 1000
234
San-Jose(config)#^Z
SAP-,

. SAP-, (
4) ( 7). Serial
0 ZIP -:
San-Jose#configure
San-Jose(config)#access-list 1005 permit -1 4
San-Jose(config)#access-list 1005 permit -1 7
San-Jose(config-if)#ipx output-sap-filter 1005
SAP- NetWare IPX-

. ,
. SAP-
ipx router-sapfilter. SAP-
FDDI / ZIP SF-Core-1, NetWare
:
memory,
or network
[terminal]?
one per line.
End with CTRL+Z.
SF-Core-1(config)#access-list 1001 permit aa.0207.0104.0874
SF-Core-1(config)#interface fddi 0/0
SF-Core-1(config-if)#ipx router-sap-filter 1001
IOS SAP, GNS-, NetWare-. GNS ,

, , GNS-
. , , SFCore-1 IPX, GNS NetWare-. GNS FDDI / SF-Core-1 ipx output-gns-filter:
SF-Core-1#configure
SF-Core-1(config)#access-list 1010 permit aa.0207.0104.0874
SF-Core-1(config)#interface fddi 0/0
SF-Core-1(config-if)#ipx output-gns-filter 1010
IPX RIP
IPX RIP NetWare,
IP RIP. ,
IPX- 1- NetWare-.
4 IP RIP
. IPX RIP
235
(IGP). IPX (EGP),

NetWare
Internet. IPX RIP
ipx routing.
IPX-,

, , ,
.
, NLSP IPX EIGRP,
IPX.
IP RIP ,
IPX RIP ,
. .

, .
show ip route SF-2 IPX- 100
, IPX-
[02/01]:
SF-2#show ipx route
Codes:
- Connected primary network, - Connected secondary
network, S -Static, F - Floating static, L - Local (internal), W -IPXWAN,
R - RIP, E - EIGRP, N - NLSP, X - External, A -Aggregate, s - seconds, u
- uses
10 (NOVELL-FDDI), FdO
150 (NOVELL-ETHER), Etl
200 (NOVELL-ETHER), EtO

R 100 [02/01] via 100.0000.Ic2c..23bb, 19s, FdO

, IP) RIP, ,
, ,
. IP RIF IPX RIP
16. ,
IOS, IPX RIP
( ),

.
, IOS,
IPX- .

,
show ipx route: "Up to 1
parallel
paths and 16 hops allowed" (" 1 16
").
NetWare, IPX-,
. ,
.
IPX-
, ipx maximum-paths.
236
, ipx maximum-paths 2
.
, , IPX-.
Cisco
IPX-
. ,
IPX- ,
.
IDS ipx per-host-load-share.
NLSP
NLSP
IPX-. , "
" (IS-IS), ,
, OSPF.
,
.
IPX- NLSP
. IPX-
, IP-.
NLSP .
NLSP IPX- ;
OSPF, IP- . , NLSP 1 . NLSP-
2. NLSP-,
2, ,
. NLSP-
3. . 6.3 , NLSP.
NLSP , IPX. IOS ipx
internal-network, "
IPX".
NLSP,
IOS ipx router nlsp.
, NLSP- IOS.
, NLSP-,
IOS area-address. area-address
: IPX- . ,
, .
ZIP NLSP,
NLSP .
area-address 16 ,
4000 400F:
Singapore#configure
Singapore(config)#ip router nlsp 1
Singapore(config-ipx-router)#area-address 4000 FFFO
Singapore(config-ipx-router)#^Z
237
NLSP
IOS ipx nlsp enable.
NLSP,
. Ethernet 0
NLSP- 1:
Singapore#configure
Enter configuration commands, one per line. End with CTRL+z.
Singapore(config-if)#ipx nlsp 1 enable
IPX EIGRP
EIGRP IPX. , EIGRP
, (
), ,
(
).
EIGRP 1>
ipx router eigrp.
, ! EIGRP.
IPX- -1
, IPX EIGRP.
network IPX- EIGRP, !
IPX- . !
IPX EIGRP
25000. EIGRP
238
IPX- 4010 2902:

Singapore#configure
Singapore(config)#ipx router eigrp 25000
Singapore(config)ttnetwork 4010
Singapore(config-ipx-router)#network 2902
Singapore(config-ipx-router)#^Z
EIGRP IPX-, ipx router eigrp network all.

IPX EIGRP IOS SAP-
, SAP-.
EIGRP SAP- ,
SAP IPX- .
SAP- ,
EIGRP ,
IPX- .
, EIGRP,
, SAP-
SAP-.
, , IOS,
SAP-,
.
, EIGRP, IOS
SAP SAP-.
SAP- SAP-,
IOS ipx sap incrementaleigrp.
EIGRP. IOS EXEC show ipx servers ,
IPX-
SAP EIGRP.

IPX

IPX- IOS Cisco
, ,
. SAP-, IP/
. SAP
SAP-. IPX-
IPX-
.

IPX, 8 899,
IPX- .
.
239
IPX, 900 %
, .
NetWare (, RIP,
SAP SPX), IPX-. I-
NetWare .
, log.
7, "
".
ZIP SF-2
IPX, , IPX 10, IPX- 200:
SF-2#configure
Configuring from terminal, memory, or network [terminal]? Enter configuration
commands, one per line. End with CTRL+Z.
SF-2(config)#access-list 800 permit 10 200
SF-2(config)#^Z
IP, IPX .
,
, .
IPX
IOS ipx access-list.
, , SAP-.
IPX ZIP
SF-2 pass-marketing (" "):
SF-2 #configure
Configuring from terminal, memory, or network [terminal] ?
SF-2(config)#ipx access-list standard pass-marketing
SF-2(config-ipx-std-nacl)#permit 10 200
SF-2(config-ipx-std-nacl)#^Z

,
.
, .
, .
, .
IOS ipx access-group.
in out ("" ""),
, , out.
800
FDDI 0 ZIP SF-1:
SF-l#configure
or network
[terminal]?
one per line.
End with CTRL+Z.
SF-1(config)#interface fddi 0
SF-1(config-if)#ipx access-group 800 out
SF-1(config-if)#^Z

IOS EXEC show access-lists show ipx access-lists.
, ,
IPX.
240
, .
, .
show ipx access-lists ZIP SF-1
:
SF-l#show ipx access-lists
IPX standard access list 800
permit 10 200
IPX standard access list pass-marketing permit 10 200
, IOS EXEC show

SF-1 , IPX
IPX-:
ipx interface.
SF-2#show ipx interface fddi 0

FddiO is up, line protocol is up
IPX address is 10.0000.OcOc.llbb, SNAP [up]
Delay of this IPX network, in ticks is 1 throughput 0 link delay 0
IPXWAN processing not enabled on this interface.
IPX SAP update interval is 60 seconds
IPX type 20 propagation packet forwarding is disabled
Incoming access list is not set
Outgoing access list is 800
IPX helper access list is not set
SAP GNS processing enabled, delay 0 ms, output filter list is not set
SAP Input filter list is not set
SAP Output filter list is not set
SAP Router filter list is not set
Input filter list is not set
Output filter list is not set
Router filter list is not set
Netbios Input host access list is not set
Netbios Input bytes access list is not set
Netbios Output host access list is not set
Netbios Output bytes access list is not set
Updates each 60 seconds, aging multiples RIP:3 SAP:3
SAP interpacket delay is 55 ms, maximum size is 480 bytes
RIP interpacket delay is 55 ms, maximum size is 432 bytes
IPX accounting is disabled
IPX fast switching is configured (enabled)
RIP packets received 54353, RIP packets sent 214343
SAP packets received 94554422, SAP packets sent 93492324

IPX
IPX,
1OS Cisco.
IPX- ,
,
IP AppleTalk. IPX
< NetWare ,
.
IOS
ISDN-.
IPX , IPX-,
. IPX- ISDN
241

, .
,
, - ,
, .
IPX , IP, 4.
IPX- ,
-
. 7.
IPX ,
, IPX-
Loopback 0, IOS ipx network
( ). IPX-,
IPX-. IOS
ipx ppp-client loopback IPX- Loopback 0. sing2511 ZIP :
Sing2511#configure
Sing2511(config)#interface loopback 0
Sing2511(config-if)#ipx network 2500
Sing2511(config-if)#interface group-asyncl
Sing2511(config-if)#ipx ppp-client loopback 0
IPX- IPX RIP

SAP.
60 ,
ipx update interval.
sap rip
. Sing2511
IPX RIP SAP 10 (36 000 ).
ipx update interval , IPX 10 .
Sing2511#configure
Configuring from terminal, memory, or network
Enter configuration commands, one per line.
Sing2511(config)#interface group-asyncl
Sing2511(config-if)#ipx update interval sap
Sing2511(config-if)#ipx update interval rip
Sing2511(config-if)#AZ
[terminal]?
End with CTRL+Z.
36000
36000

IPX
IPX-o IPX-, . IPX
. - Cisco (
Cisco); - ,
IOS. - Novell,
; IOS, NetWare-,
242
NLSP, 1.0 .
IOS , EXEC,
- Cisco, IOS
EXEC ping ipx. - Cisco
IPX IPX-, SFCore-1:
SF-Core-l#ping ipx 10.0000..23
Sending 5,
100-byte IPX cisco Echoes to 10.0000.OcOc.23ce,timeout is 2
seconds:
! ! ! ! !
Success rate is 100 percent
(5/5),
round-trip min/avg/max =1/1/4 ms
, IPX-- Cisco
. . 6.2 ,
I-.
6.2. , ipx ping
!

.
,
U
IPX-
IPX-
I

?
IPX-
&
IPX-
IOS ping EXEC
- Cisco, - N> ping
, , -.
: ZIP SF-Core-1 IPX- ping
:
SF-Core-l#ping
Protocol [ip]:ipx
Target IPX address:10.0000.OcOc.23ce
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Novell Standard Echo [n]:
Sending 5 100-byte IPX echoes to 10.0000.OcOc.23ce,timeout is 2 seconds.
! ! ! ! !
Success rate is 100 percent (5/5)
IPX Cisco
, show ipx traffic.
, ,
, SAP, IPX RIP,
EIGRP NLSP, , IPX-. show ipx traffic
- .
show ipx traffic ZIP SF-Core-1:
SF-Core-l#show ipx traffic
System Traffic for 0.0000.0000.0001 System-Name:zipnet
243
Rcvd: 603143 total, 94947 format errors, 0 checksum errors, 0 bad hop
count,
0 packets pitched, 401 local destination, 0 multicast
Beast: 406 received, 6352 sent
Sent:
6355 generated, 0 forwarded
0 encapsulation failed, 19 no route
SAP:
368 SAP requests, 0 SAP replies, 2 servers
0 SAP Nearest Name requests, 0 replies
0 SAP General Name requests, 0 replies
27 SAP advertisements received, 138 sent
20 SAP flash updates sent, 0 SAP format errors
RIP:
6 RIP requests, 0 RIP replies, 5 routes
5629 RIP advertisements received, 6139 sent
0 RIP flash updates sent, 0 RIP format errors
Echo:
Rcvd 0 requests, 0 replies
Sent 0 requests, 0 replies
0 unknown: 0 no socket, 0 filtered, 0 no helper
0 SAPs throttled, freed NDB len 0
Watchdog:
0 packets received, 0 replies spoofed
Queue lengths:
IPX input: 0, SAP 0, RIP 0, GNS 0
SAP throttling length: 0/(no limit), 0 nets pending lost route reply
Delayed process creation: 0
EIGRP: Total received 0, sent 0
Updates received 0, sent 0
Queries received 0, sent 0
Replies received 0, sent 0
SAPs received 0, sent 0
NLSP:
Level-1 Helios received 0, sent 0
,
, EXEC
debug, IPX .
debug ,
,
, .
debug, IPX, 6.3.
6.3. debug IPX
debug ipx eigrp

IPX EIGRP,

debug ipx nlsp
NLSP,
debug ipx packet
IPX-

debug ipx routing IPX-,

debug ipx sap
SAP,
IPX 20
NetWare /
(NetBIOS), IPX-.
.
NetWare- NetBIOS-, IPX,
244
20 IPX-,
. NetBIOS
. , , NetWare IPX-.
IPX- NetBIOS
IPX. , , Cisco no
, IPX-
20. 20,
NetWare-, NetBIOS,
, ! ,
.
IOS ipx type-20-propagation
20 IPX-,
. , IOS IPX-
20 : ,
.
IPX- 20
IPX-,
, IPX-. IPX-
20 IPX-
IOS ipx type-20-helpered. IOS ipx helper-address
IPX-, 20. ipx type20-helpered ipx type-20-propagation . IOS
20 ,
IPX-.
IPX- 20 ZIP
Ethernet 0 IPX- IPX- .0005. 0112.0474:
Singapore#configure
Singapore(config)#ipx type-20-helpered
Singapore(config-if)#ipx helper-address aa.0005.0112.0474
, ,
IPX, IPX-,
, IPX-. ,
IPX-, .
.
IPX- ., 32- ,
, 48- ,
. .
48- .
NetWare-, NetWare- Cisco
IPX-,
IPX-.
NetWare.
245
IP-, IPX-
. IPX
RIP, NLSP EIGRP. RIP IPX
ipx routing.
SAP , ,
IPX-.
IPX .
SAP SAP.
Cisco
NetBIOS,
ipx type-20-propagation ipx type-20-helpered.
IPX-
show, debug ping. , . 6.4,
. 6.5.
6.4. EXEC
IPX
clear ipx route

IPX- , ,
ping .
IPX-

pi n g ipx .
-
Cisco, - Novell IPX
show ipx access-list IPX,
show ipx interface brief IPX-

s h o w i p x i n t e r fa c e
, IPX
show ipx route

IPX-
show ipx route
IPX-
,
show ipx servers
IPX-
show ipx traffic
IPX
6.5. IPX-
access-list

area-address NLSP
dialer map ipx
IPX-
ISDN-
frame-relay map ipx
IPX- DLCI- Frame
Relay
ipx access-group

[in | out]

ipx access-list {extended I IPX
sap I standard}

246

,
GNS-
ipx input-sap-filter ,
SAP-

ipx internal-network
NLSP
ipx maximum paths -
IPX-
ipx network
IPX- ,
[encapsulation |
(, snap ),
secondary]
, ,

ipx output-gns-filter
,
GNS-

ipx output-sap-filter
,
SAP-

ipx ppp-client loopback
, IPX-
IPX -
ipx route
IPX-
ipx router eigrp
EIGRP

IPX
ipx router nlsp
NLSP
1>
ipx router-sap-filter
SAP

ipx routing
IPX-
ipx sap
SAP-
ipx sap-incremental-eigrp ,
SAP- SAP-
ipx update interval {rip I , IPX RIP
sap)
SAP-
ipx gns-round-robin
map group
map list
network
25 map ipx

IPX ATM

IPX-
ATM-
IPX- EIGRP
IPX- X

.
1. Currid, . and A. Currid. Novell's Introduction to Networking. Foster City, Califc
2. Heywood, D. Novell's Guide to TCP/IP and Intranetware. Foster City, Califc
247
3. Siyan, K..S. et al. Novell Intranetware Professional Reference. Indianapolis, Inc

New Riders Publishing, 1997.
248

.
IOS RADIUS
TACACS+.
,
IOS
Internet (DoS).
.
(Simple Network Management Protocol SNMP)
IOS Cisco.
.
Network Time Protocol Cisco
249

, IOS,

Cisco,
, ,
IOS Cisco.

IOS Cisco ,

, , ,

.

Telnet
,
( 2)
(vty).
,

Telnet Shell (SSH)

,
,
854 1OS Telnet-
;
" SSH-".
SSH ,
SSH- , .

Telnet. Telnet-, SSH-
. SSH-
.
, Telnet- SSH- ,
. IOS
Telnet-, SSH-,
EXEC telnet ssh.
SSH: SSH 1 SSH 2.

IOS SSH 1.
SSH-
, (Rivest),
(Shamir) (Adelman) ( RSA). SSH- RSA SSH- IOS Cisco.
IOS
. SSH- IOS RSA
250
,
, .
SSH
DES (56- ) Triple
DES (168- ). , IOS
DES Triple DES. show version
, , ,
.
( 56-
)
. ,
IOS, .
SSH-
SSH- SSH-
, IOS
- . ,
hostname
ip domain-name.
SSH- RSA-
.
, IOS,
crypto key generate rsa. RSA-
SSH- .
RSA- crypto key
zeroize rsa, SSH-.
, show running-config show startup-config,

crypto key generate rsa .
SSH- !
ip ssh:
SF-1#configure
Enter configuration commands one per line. End with CNTL/Z.
SF-1(config)#crypto key generate rsa
SF-1(config)#ip hss
SF-1(config)#^Z
SSH
RSA-, SSH, !
EXEC show crypto key mypubkey rsa:
SF-l>show crypto key mypubkey rsa
% Key pair was generated at: 19:01:46 EOT Aug 7 2000 Key name: SF-l.zipnet. om
Usage: General Purpose Key Key Data:
305C300D 06092A86 4886F70D 01010105 00034BOO 30480241 OOC6F6D1 CCBF8B9A
6D3E451F C362DD75 866F084B 04F43C95 OB68BA44 OB8D5B8C 35264CFA 04B8B532
OFF6473C 4768C46F CD820DAF B7CA8C75 4977CF6E 7ED1ACE3 FF020301 0001
% Key pair was generated at: 23:14:52 EOT Aug 29 2000
Key name: SF-l.zipnet. om.server
Usage: Encryption Key
Key Data:
251
307C300D
17BOBA2B
8112755C
4FB98167
06092A86
C31C9521
307AC527
8616F964
4886F70D
8543AE24
14B955FO
E067604A
01010105
F19E0988
AODD29AD
F852A27D
00036BOO
BF2901DC
AE53BAOO
1F9B7AFF
30680261
11D723EF
4D84657B
3EC73F5C
OOC5D98C
3512DD29
4C605E8E
75020301
E628790E
C28DBC53
6EBDDB6E
0001
, , IOS,
show ip ssh SSH-:
SF-l#show ip ssh
Connection
Version
0
1.5
Encryption
3DES
State
Username
admin

, IOS,
, IOS line
console 0 password.
line vty 4 password.
access-class line, IP-,

, 1OS. , in out
.
, IP- -
. access-class
IOS
,
.
SF-1 Zipmein
:
SF-1#configure
SF-1(config)#line console 0
SF-1(config)#password Zipmein
SF-1(config)#line vty 0 4
SF-1 (config)#password Zipmein
SF-1(config)#^Z

. ,
EXEC (, show running-config show startup-config),
service password-encryption.

EXEC.
Cisco.

.
: , ,
. ( , authentication, authorization, accounting. . .)
.
IOS , .
, , ,
-.
, .
- : ,
252
, IOS Cisco,
, .
, Cisco
, ,
(The Remote Authentication Dial-In User Service RADIUS)

(Terminal Access Controller Access Control System TACACS+).
, Telnet-
, .

:
% telnet Singapore
Trying...
Password:
, EXEC .

( ).
, , , . ,
.
,
,
v .
, IOS,
, :
% telnet Singapore
Trying...
Username: allan
Password:
1.
2.
3.
4.
, ' IOS,
.
Telnet,
.

.

. , ,
.
.

. ,
, ,
.

. 7.1.
253
-
- IOS,
new-model.
, authentication,
authorization accounting, -
, . -
.
, -,
,
. ,
- ,
. IOS
. ,
.
,
, ,
. ,
.
IOS
"' ,
. , - ,
,
.
- RADIUS TACACS+,
.
authentication, aaa authorization accounting
RADIUS , group radius, TACACS+
group tacacs+.
authentication
,
. authorization
EXEC EXEC
( ). ,
. , accounting
, ,
, ( .
, -.
IOS, (, ARAP) -.
- -
TACACS+, RADIUS.
254
-
. authentic login
- .
TACACS+. TACACS+
,
enable
secret enable password. authentication login
group tacacs+, enable.
IOS
-.
, ,
.
authorization accounting ,
authenticate.
authorization exec network,
xec ( ).
if-authenticated -,
.
, -
TACACS+, ,
accounting.
Singapore#configure
Singapore(config)#aaa new-model
Singapore(config)#aaa authentication login default group tacacs+ enable
Singapore(config)#aaa authorization exec group tacacs+ if-authenticated
Singapore(config)#aaa authorization network group radius if-authenticated
Singapore(config)#aaa accounting exec stop-only group tacacs+
group tacacs+ IOS

S+-, tacacs-server host,
" TACACS+".
server group server,
- .
- , ,
-, ,
-. (, RADIUS). -
-. -
,
RADIUS-
.
RADIUS- TACACS+-
-.
RADIUS
RADIUS Livingston
Enterprises, Inc., -
RADIUS- . RADIUS ;
255
RADIUS. RADIUS-
,
RADIUS - , ,
Livingston, Merit Microsoft. IP- RADIUS-,
IOS, radius-server
host.
RADIUS ,
. RADIUS- IOS
. IOS,
radius-server key.
ZIP - RADIUS-
:
San Jose#configure
San Jose(config)#radius-server host 131.108.110.33
San Jose(config)#radius-server key Radius4Me
San Jose(config)#AZ
TACACS+
TACACS+ -,
RADIUS. TACACS+ TACACS.
Extended TACACS XTACACS ( TACACS). TACACS+
Cisco, ,
IOS, S+-.
TACACS+ ,
Cisco ( CiscoSecure) ,
. IP- TACACS+-,
IOS,
tacacs-server host.
TACACS+ .
TACACS+- IOS
. IOS,
t a c a c s -ser v e r k ey.
ZIP SF-1 TACACS+-
:
SF-Core-l#configure
SF-Core-l(config)#tacacs-server host 131.108.110.33
SF-Core-1(config)#tacacs-server key ZIPSecure
SF-Core-l(config)#^Z
RADIUS TACACS+
RADIUS TACACS+ ,
, , . RADIUS, ,
UDP. TACACS+, ,
TCP. RADIUS
IP-, TACACS+ .
RADIUS ,
, TACACS-K ,
RADIUS , ,
TACACS+ .
, ,
"" . Cisco .
256
, RADIUS,
.
Cisco, , ,
TACACS+.

IOS TCP-

: TCP SYN IP- .
,
, , ,
. , TCP
SYN () , TCP SYN ( TCP-) IP-
. IP- , ..
. ,
, .
-
TCP- SYN-
TCP-
. TCP-
TCP SYN- TCP-,
.
TCP SYN-
- TCP SYN.
TCP-,
. TCP
TCP SYN .
TCP- .
TCP SYN -
.
TCP-,
.
TCP TCP SYN,
- -.

IP- , .
TCP-, , TCP-
.
TCP- ,
IOS .
TCP- ip
tcp intercept mode. ip tcp intercept list
IP- , ,
. ip tcp intercept watch-timeout ,
TCP-,
-.
TCP-, 30 .
SF-Core-1 TCP 131.108.0.0 , 15 :
257
SF-Core-l#configure
SF-Core-1(config)#access-list 120 permit ip any 131.108.0.0 0.0.255.25
SF-Core-1(config)#ip tcp intercept mode watch
SF-Core-1(config)tip tcp intercept list 120
SF-Core-1(config)lip tcp intercept watch -timeout 15
EXEC show tcp intercept connections

TCP-. ) show tcp intercept statistics
-.

(unicast reverse path forwarding)
- IP-
( IP-). IP-
IP- IP-
. IP-
IP- ,
, .
TO
, - Cisco (Cisco
Express Forwarding CEF). CEF ,
I-.
CEF ,
IOS.

, IP-
. , IP, , ,
IP- .
IP- , ,
. , ,
,
,
,

, , , , ,
, . I-
, ,
IP- .

, ,
. ,
, .
Internet He

, IP-

ip verify unicast reverse-path.
258
(
, ) ,
Internet.
, IOS,

, .
, . 7.1.
7.1. IOS
0

1

2
,
3
,
4
,

5
, ,
6
7

IOS coo6(
), .
. ( 0)
, ( 7) .
.
, logging trap.
, log ging
buffered.
, logging
console.
, logging
monitor.
logging ,
, .
,
. ,
, ,
.
,
, .
4096 . , logging
buffered, . , logging buffered 8192
8192. ,
,
.

( )
.
,
259
,
, EXEC terminal monitor.
.

logging
trap. IOS

logging, IP- -,
.
,
. , 7
. -
. ZIP Seoul-1
,
:
Seoul-1#configure
Seoul-1(config)#logging 131.108.110.33
Seoul-1(config)#logging trap debugging
Seoul-1(config)#logging console emergencies
Seoul-1(config)#^Z
syslog
UNIX- .
IOS , . UNIX , local? ,
, IOS.
( ), /etc/syslog.
config :
Local7.debug
/var/adm/router.log
UNIX- syslog,
:
% kill -HUP 'cat /etc/syslog.pid'
, IOS UNIX.
IOS ,
EXEC show logging.
, Seoul-1 ,
, show logging
:
Seoul-l>show logging
Syslog logging: enabled (0 messages dropped 0 flushes 0 overruns)
Console logging: level debugging
2 messages logged
Monitor logging:
level debugging
2 messages logged
Trap logging:
level debugging
2 message lines logged Logging to
131.108.110.33
2 message lines logged
Buffer logging:
level debugging
2 messages logged
Log Buffer
(4096 bytes):
260
Mar 17 17:45:56: %LINK-3-UPDOWN: Interface SerialO, changed state

Mar 17 18:23:10: %LINK-3-UPDOWN: Interface SerialO, changed state
to down
to up
,
. ,
, ( monitor logging) .
, , .

( 6).
.
" " ,
.
(debug)
.
, IOS.
logging trap debug,
.

, ,
, .
,
.
(ISO Network Management Forum)
, ,
, , .
,
.
OpenView Hewlett-Packard, Spectrum
Cabletron, Solstice Enterprise Manager Sun, NetView/AIX IBM
CiscoWorks2000 Cisco.
,
. .
,
. , ,
,
. , ,
- .
,
.
,
(management information ase-MI). ,
, .
, .
. 7.2 .
261
:
. , MIB-II ( 1213),
,
. , MIB-II
, ,
, IP.
, , ,
, Frame Relay ( 1285) Token Ring ( 1315). , ,
. ,
, ,
.

.

(Simple Network Management Protocol SNMP),
1157. SNMP UDP
IP . ,
.
SNMP-
:
Get-Request ( );
Get-Next-Request ( );
Set-Request ( );
Get-Response ( );
Trap ().
Get-Request ,
, ,
, , . Get-Next-Request
,

.
, IP-. Set-Request
, ,
. Get-Request, Get-NextRequest Set-Request Get-Response,

, . Trap
, .
SNMP- ,
(community string).
262

. .
SCII.
SNMP-. (
, .)

IOS snmp-server community.
, , "
", "-". Get-Request GetNext-Request ; Set-Request
-. ,
-, RO RW, .

public, -
private.
IP- -,
.

zipnet ZlPprivate. , access-list 2,
131.108.20.45 .
,
snmp-server community, .
Singapore#configure
Singapore(config)#access-list 2 permit 131.108.20.45
Singapore(config)#snmp-server community Zipnet RO 2
Singapore(config)#snmp-server community ZlPprivate RW 2
SNMP- IOS
. , snmp-server community access-list
-,
SNMP.
SNMP- Trap
IOS. 1157
SNMP-, :
coldStart ( );
warmStart ( );
linkUp ( );
HnkDown ( );
authenticationFailure ( );
egpNeighborLoss ( EGP-).
coldStart , . warmStart
, .
coldStart,
, ,
. linkUp HnkDown
. authenticationFailure ,
SNMP- . , ,
263
egpNeighborLoss ,
(EGP) . Trap- ,
EGP BGP4.
Trap- , Trap- SNMP, .
Trap-,
, : ISDN, Frame Relay BGP4.
IOS Trap-
IOS, BGP, Frame Relay, ISDN,
X.25, IOS.
IOS Trap- SNMP
. IP- ,
Trap-, snmp-server host.
ZIP Trap-
SNMP IP- 131.108.20.45 Zipnet.
snap-server host , Trap SNMP, Frame Relay
IOS.
Singapore#configure
Enter onfiguration commands cone per line. End with CNTL/Z.
Singapore(config)#snrap-server host 131.108.20.45 Zipnet snmp frame-ralay config
SNMP- Trap-
, . Trap- SNMP
,
.
IOS SNMP-
.
.
snmp-server location snmp-server contact.
255
.
:
Singapore # configure
Enter configuration commands one per line. End with CNTL/Z. Singapore(config) #snmpserver location 1 Raffles Place, Singapore Singapore(config)#snmp-server contact
Allan Leinwand, allanOtelegis.i
EXEC show snmp SNMP

. SNMP
.
:
Singapore>show snmp
Chassis: 25014624
Contact: Allan Leinwand allan@digisle.net
Location: 45 Raffles Place Singapore
4620211 SNMP packets input
0 Bad SNMP version errors
264
0 Unknown community name

0 Illegal operation for community name supplied
0 Encoding errors
23493606 Number of requested variables
0 Number of altered variables
576553 Get-request PDUs
4043613 Get-next PDUs
0 Set-request PDUs 4623230 SNMP packets output
0 Too big errors (Maximum packet size 1500)
1757 No such name errors
0 Bad values errors
0 General errors
4620166 Get-response PDUs 3064 SNMP trap PDUs SNMP logging: enabled
Logging to 131.108.20.45 0/10 3064 sent, 0 dropped.

SNMP. ,
Cisco.
,
,
snmp-server contact snmpserver location. SNMP , SNMP- , SNMP- (
), . SNMP .
SNMP-
, SNMP
Trap-. ,
Trap- ( "
SNMP"), IP- , Trap- Trap, .

IOS Cisco ,
.
, ,
,
SNMP.
Cisco 7000 .
1 1993 .
.
, IOS,
. ,
, , .
,
EXEC show clock:
SF-l>show clock
06:56:50 .314
PST
Fri
M ar
30
200 1
Cisco 7000 , ,
.
.
. , ,
,
( Network Time Protocol, NTP,
). ,
265
EXEC show calendar:

SF-l>show calendar
06:57:26 PST Fri Mar 30 2001
,
, . IOS
, ,
( IOS
summer-time). ,
.
, IOS
, KOY service
time stamps. ,

. service
timestamps log datetime localtime service timestamps debug datetime localtime.
service timestamps log datetime localtime
, service timestamps debug datetime localtime
.
.
:
;
NTP;
SNTP.
.

, IOS,
,
.
. ,
.
IOS,
clock timezone.
, ,
. ,
(Pacific Standard Time PST),
, : clock, timezone PST -8.
, , ,
clock summer-time recurring.
, ,
(Pacific Daylight Time PDT).
clock set. SF-1
PST, (
PDT) 17 2001 , 14:25:
SF-1#configure
SF-1(config)#clock timezone PST -8
SF-1(config)#clock summer-time PDT recurring
SF-1(config)#clock set 14:25 17 3 2001
266
SF-1(config)#AZ
Cisco 7000
calendar set.
IOS,
clock calendar-valid.

(Network Time Protocol NTP),
1305, , IP-
. 1OS Cisco NTP-,
NTP-. NTP,
.
NTP ,
. , IOS ,
, ,
, .
NTP .
, .
, NTP
, , ,
. , 1,
, 2 1 .
1.
NTP- IOS Cisco
. NTP-, Cisco,
,
. NTP ,
,
, .
, NTP, NTP, . IOS Cisco
ntp server ntp peer.
, IOS
, .
. ,
NTP-
. . 7.3 NTP- ,
IOS.
267

,
Internet. ,
Web-, (
NTP).
, ,
Internet. ,
Internet ,
NTP
.
Cisco 7000 NTP
.
ntp update-calendar.
NTP-
,
NTP-, .
NTP-
ntp broadcast client.
NTP- ,
ntp broadcast. ,
IOS,
, Internet
, NTP-
,
NTP-. SF-1 NTP Internet,

,
NTP
NTP- (Ethernet 0):

SF-1#configure
SF-l(config)#ntp server 192.216.191.10
SF-1(config)#ntp server 129.189.134.11
SF-1(config)#ntp update-calendar
SF-l(config)#interface (Ethernet 0)
SF-1(config)#ntp broadcast
SF-1(config)#^Z
NTP-, , IOS,
EXEC show ntp associations.
,
( ).
,
. :
SF-l>show ntp assoc
address
ref
lock
st
*~192.216.191.10
.GPS.
1
+~129.189.134.11
.PPS.
1
* master
(synced)
# master
(unsynced)
when
poll
reach
delay
offset
127
512
377
285.5
7.57
207
512
377
147.2 -22.19
+ selected - candidate
~
configured
disp
32.8
18.4
EXEC show ntp status, NTP.

, NTP ,
2
268
I- 192.216.191.10:
SF-l>show ntp status
Clock is synchronized
stratum 2
reference is 192.216.191.10
nominal freq is 250.0000 Hz
actual freq is 250.0003 Hz
precision is 2**24
reference time is B853B821.9813EB8D
(06:58:10 PST Fri Mar 30 2001)
lock offset is -7.3067 msec
root delay is 285.46 msec
root dispersion is 41.95 msec
peer dispersion is 32.82 msec
NTP
ntp disable. ntp access-group
NTP-, ,
IOS. ,
IP-, IP- .
.
NTP-. ,
, SF-1
131.108.0.0:
SF-1#configure
SF-1(config)#access-list 50 permit 131.108.0.0 0.0.255.255
SF-1(config)#ntp access-group serve 50
SF-1(config)#^Z

Cisco 1003, 1004 1005
(Simple Network Time Protocol SNTP),
2030. SNTP NTP,
NTP-. SNTP
. ,
Cisco, , Cisco 1000

. SNTP
100 .
IOS.
SNTP
sntp server. SNTP , NTP,
sntp braodcast client.
,
,
, .
SNTP , EXEC show
sntp.
,
,
IOS, ZIP.
IOS
.
269

, (AAA-).
IOS RADIUS TACACS+.
, IOS,
.
. ,
, , .

. SNMP.
SNMP
-.
, -,
1OS SNMP. ,
SNMP , Trap- ,
.
IOS , NTP
SNTP.
. 7.2 .
7.2.

accounting

authentication

authorization

new-model
- IOS
server-group
-
access-class in

access-class out

calendar set

clock calendar-valid
, ,
IOS
clo c k s et

clock summer-time recurring
clock timezone
IOS
crypto key generate rsa
RSA-
SSH- . SSH-

crypto key zeroize rsa
RSA-
SSH-
SSH-
lp ssh
SSH-
ip top intercept list
IP- ,

TCP- -
ip top intercept mode
TCP-
{intercept I watch)

ip top intercept
TCP-,
watch-timeout
,
ip verify unicast

reverse-path

line console 0

270
line vty
logging buffered
logging

ntp access-group
ntp broadcast
ntp broadcast client

ntp peer
ntp server
ntp update-calendar
password
radius-server host
radius-server key
server
service
password-encryption
service timedtamps
snmp-server community
snmp-server contact
snmp-server host
snmp-server location
sntp broadcast client
sntp server
tacacs-server host
tacacs-server key

NTP- IOS,
, IP-

NTP-

NTP-

NTP-

IOS NTP

7000 NTP

RADI US-, !
IOS

RADIUS- IOS
- IP -
IOS
, EXEC
IOS

SNMP
,
,
IOS
IP- ,
Trap-
,
IOS
SNTP-
N-
SNTP

S+-,
IOS

TACACS+- IOS
. 7.3 EXEC .
271
7.3. EXEC

272

show clock
show calendar
show crypto key mypubkey rsa
show ip ssh
show logging
show ntp associations
show ntp status
show snmp
show sntp
show tcp intercept connections
show tcp intercept statistics
Cisco 7000
RSA-,
SSH
SSH

NTP-
NTP
SNMP SNMP-
IOS
SNTP IOS

TCP-

1. Carasik, Anne. UNIX SSH: Using Secure Shell. New York: McGraw-Hill Companies
Inc., 1999.
2. Case, J.D., M. Fedor, M.L. Scoffstall, and C. Davin. RFC 1157, "Simple Netwoi
Management Protocol (SNMP)". May 1990.
3. Ferguson, P., and D. Senie. RFC 2827, "Network Ingress Filtering: Defeating Dena
of Service Attacks Which Employ IP Sourse Address Spoofing". May 2000.
4. Finseth, C. RFC 1492, "An Access Control Protocol, Sometimes Called TACACS
July 1993.
5. Leinwand, Allan, and Karen Fang-Conroy. Network Management: A Practical Perspecth
Second Edition. Reading, Massachusetts: Addison-Wesley Publishing, 1996.
6. McCloghrie, K., and M. Rose. RFC 1213, "Management Information Base f
Management Information of TCP/IP-based Internets: MIBII". March 1991.
7. Mills, D. RFC 1305, "Network Time Protocol (Version 3) Specification, Implementatio
and Analysis". March 1992.
8. Mills, D. RFC 2030, "Simple Network Time Protocol (SNTP) Version 4 for IPv
IPv6, and OSI". October 1996.
9.
Postel, J., and J. Reynolds. RFC 854, "The Telnet Specification". May 1983.
lO.Rigney, C. RFC 2866, "RADIUS Accounting". June 2000.
11. Rigney, C., S.Willens, A. Rubens, and W. Simpson. RFC 2865, "Remote Authenticati Dail-In User
Service (RADIUS)". June 2000.
273
8

-
SF-1
SF-2
SF-Core-1
SF-Core-2
-
Seoul -1
Seoul-2

SingISDN
Sing2511
274
IOS
ZIP
IOS
, ZIP.
,
IOS, EXEC show running-config.
.
ZIP IOS 12 1

IOS , .
, ,
ZIP, ,
Cisco.
IOS ,

(') ,
, OC IOS .
IP, Apple Talk IPX
ZIP EIGRP.
, ZIP
RADIUS TACACS+.
-
ZIP -
Cisco 2501. .
- Ethernet.
- Seoul-1 Frame
Relay.
DHCP- -
IP- DHCP- IOS.
- :
version 12.1
service timestamps debug datetime localtime
service password-encryption
!
hostname Kuala-Lumpur
!
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authorization exec group tacacs+ if-authenticated
aaa authorization network group radius if-authenticated
aaa acounting exe stop-only group tacacs+
enable secret 5 $2$5toY$IJQPTVD4.aEDLwZSnPrvX.
!
ip domain-list zipnet.com
ip domain-list zipnet.net
ip domain-name zipnet.com
ip name-server 131.108.110.34
ip dhcp database tftp://131.108.2.77/kl-dhcp-info
ip dhcp excluded-address 131.108.2.1 131.108.2.10
ip dhcp excluded-address 131.108.2.57
ip dhcp excluded-address 131.108.2.129 131.108.2.135

!
ip dhcp pool kl-common
network 131.108.2.0/24
dns-server 131.108.101.34 131.108.101.35
domain-name zipnet. om
netbios-name-server 131.108.21.70
netbios-node-type h
lease 0 1
!
ip dhcp pool kl-users
network 131.108.2.0/25
default-router 131.108.2.1
!
ip dhcp pool kl-users-2
network 131.108.2.128/25
!
appletalk routing eigrp 25000
routing 0000.b1.2
clock timezone MST +8
!
interface Loopbackl
description Kuala-Lumpur router loopback
ip address 131.108.254.9 255.255.255.255
!
interface EthernetO
description Kuala-Lumpur LAN Segment
ip address 131.108.2.1 255.255.255.128
ntp broadcast
appletalk zone Asia Manufacturing
ipx network 3010
!
interface SerialO
description IETF frame relay PVCs on circuit M234563KL
no ip address
encapsulation frame-relay ietf
bandwidth 128
frame-relay Imi-type ansi
!
interface SerialO.100 point-to-point
description FR PVC 100 to Seoul-1
ip address 131.108.242.2 255.255.255.252
bandwidth 128
frame-relay interface-dlci 100
appletalk zone WAN Zone
appletalk protocol eigrp
no appletalk protocol rtmp
ipx network 2901
!
interface Seriall
no ip address
shutdown
!
router eigrp 25000
network 131.108.0.0
no auto-summary
!
ip classless
logging trap debugging
logging console emergencies
logging 131.108.110.33
acess-list 1 permit 131.108.0.0 0.0.255.255
276
acess-list 2 permit host 131.108.20.45

!
ipx router eigrp 25000
network 2901
network 3010
tacacs-server host 131.108.110.33
tacacs-server key ZIPSecure
radius-server host 131.108.110.33
radius-server key Radius4Me
snmp-server community Zipnet RO 2
snmp-server community ZIPprivate RW 2
snmp-server host 131.108.20.45 Zipnet snmp frame-relay config
snmp-server location 1 KLCC Towers Kuala Lumpur Malaysia
snmp-server contact Allan Leinwand allan@telegis.net
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
acess-class 1 in
!
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
SF-1
SF-1 ZIP Cisco 4700.
.
- Fast
Ethernet.
-
Ethernet.
- IPX- GNS.
SF-1 :
version 12.1
!
hostname SF-1
!
aaa new-model
aaa authorization exe group tacacs+ if-authenticated
aaa acounting exe stop-only group tacacs+
!
ip domain-name zipnet. om
ipx routing 0000.1 2 .23bb
!
clock timezone PST -8
277
clock sunnier-time PDT recurring

!
interface Loopbackl
description SF-1 router loopback
ip address 131.108.254.1 255.255.255.255
!
interface FastEthernetO
description San Francisco FastEthernet backbone LAN
ip address 131.108.20.1 255.255.252.0
appletalk zone SF Zone
ipx network 1010
full-duplex
!
interface EthernetO
description SF-1 LAN Segment
ip address 131.108.101.1 255.255.255.0
ip helper-address 131.108.21.70
media-type lOBaseT
ntp broadcast
appletalk zone Operations
ipx network 100
ipx output-gns-filter 1010
!
interface Ethernetl
no ip address
shutdown
!
router eigrp 25000
network 131.108.0.0
no auto-summary
!
ip classless
logging 131.108.110.33
access-list 1 permit 131.108.0.0 0.0.255.255
access-list 2 permit host 131.108.20.45
access-list 1010 permit aa.0207.0104.0874

access-list 1010 deny -1
!
network 100
network 1010 i
snmp-server location 22 Cable Car Drive, San Francisco, CA, USA
snmp-server contact Allan Leinwand allan@telegis.net
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in I
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
278
end
SF-2
SF-2 ZIP Cisco 4700.
.
- Fast
Ethernet.
- Ethernet.
- IPX-
GNS-.
SF-2 :
version 12.1
!
hostname SF-2
!
aaa new-model
aaa accounting exec stop-only group tacacs+
enable secret 5 $2$5toY$IJQPTVD4.aEDLwZ8nPrvX.
i
ipx routing 0000.OcOc.llbb
!
clock summer-time PDT recurring
!
interface Loopbackl
description SF-2 router loopback
ip address 131.108.254.2 255.255.255.255
!
interface FastEthernetO
ip address 131.8.20.2 255.255.252.0
ipx network 10
!
interface EthernetO
description SF-2 LAN Segment 1
ip address 131.108.110.1 255.255.255.0
media-type lOBaseT
ntp broadcast
appletalk zone Marketing
ipx network 200
ipx output-gns-filter 1010
!
interface Ethernetl
description SF-2 LAN Segment 2
ip address 131.108.120.1 255.255.255.0
279
media-type lOBaseT
ntp broadcast
appletalk zone Sales
ipx network 150
!
router eigrp 25000
network 131.108.0.0
no auto-summary
!
ip classless
logging 131.108.110.33
!
network 10
network 150
network 200
!
snmp-server contact Allan Leinwand, allan@telegis.net
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update-calendar n
tp server 192.216.191.10
ntp server 129.189.134.11
!
end
SF-Core-1
SF-Core-1 ZIP Cisco
7505. .
- Fast
Ethernet.
HDLC- -.
HDLC- Internet ZIP.
SF-Core-1 SF-Core-2 HSRP-rpynny.
ZIP Internet--
EBGP. ,
, .
EIGRP-
.
ZIP Internet
IP- .
280
FastEthernet- IPX SAP-.

SF-Core-1 :
Version 12.1
Service timestamps debug datetime localtime
Service timestamps log datetime localtime
Service password-encryption
!
hostname SF-Core-1
!
aaa
new-model
aaa
authentication login default group tacacs+ enable
aaa
authorization exec group tacacs+ if-authenticated
aaa
authorization network group radius if-authenticated
aaa
accounting exec stop-only group tacacs+
!
ip tcp intercept mode watch
ip top intercept list 120
ip tcp intercept watch-timeout 15
ip domain-name zipnet. om
ipx routing 0000.OeOd.lebO
!
lock timezone PST -8
lock summer-time PDT recurring!
interface Loopbackl
description SF-Core-1 router loopback
ip address 131.108.254.3 255.255.255.255
!
interface FastEthernetO/0
ip address 131.108.20.3 255.255.252.0
ipx network 10
standby ip 131.108.20.5
standby preempt
ipx router-sap-filter 1001
!
interface Seriall/0
description HDLC leased line on circuit 456WS34209 to San-Jose
ip address 131.108.240.1 255.255.255.252
appletalk cable-range 901-901 appletalk zone WAN Zone
appletalk protocol eigrp no
appletalk protocol rtmp
ipx network 901
!
interface Seriall/1
description HDLC leased line on circuit 789WS34256 to IS2-B
ip address 192.7.2.2 255.255.255.252
ip access-group 101 in
!
interface Seriall/2
no ip address
shutdown
!
interface Seriall/3 no ip address
shutdown
!
281
router eigrp 25000

redistribute static
redistribute bgp 25000 network 131.108.0.0
distribute-list 1300 out
no auto-summary
!
router bgp 25000
no synchronization
network 131.108.0.0
neighbor 192.7.2.1 remote-as 1
neighbor 192.7.2.1 description Internet Connection to ISP-B
neighbor 192.7.2.1 distribute-list ISP-routes in
neighbor 192.7.2.1 distribute-list ZIP-routes out
remote-as 25000 description IBGP to Seoul-1 update-source Loopback 0
!
ip classless
ip default-network 131.119.0.0
ip default-network 140.222.0.0
ip route 131.108.232.0 255.255.255.0 FastEthernetO/0
ip route 131.108.0.0 255.255.0.0 NullO
logging 131.108.110.33
ip access-list standard ZIP-routes
permit 131.108.0.0
ip access-list standard ISP-routes
deny host 0.0.0.0 deny 127.0.0.0 0.255.255.255
deny 10.0.0.0 0.255.255.255
deny 172.16.0.0 0.15.255.255
deny 192.168.0.0 0.0.255.255
deny 192.0.2.0 0.0.0.255
deny 128.0.0.0 0.0.255.255
deny 191.255.0.0 0.0.255.
deny 192.0.0.0 0.0.0.255
deny 223.255.255.0 0.0.0.255
deny 224.0.0.0 31.255.255.255
permit any
access-list 101 remark Permits NTP DNS WWW and SMTP
access-list 101 deny tcp host 192.7.2.2 host 192.7.2.2 log
access-list 101 deny ip 131.108.0.0 0.0.255.255 any log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip host 192.7.2.1 host 192.7.2.2
access-list 101 deny ip any host 192.7.2.2
access-list 101 permit udp any 131.108.101.99 eq domain
access-list 101 permit udp host 15.255.160.64 host 131.108.254.3 eq ntp
access-list 101 permit tcp host 192.52.71.4 host 131.108.101.34 eq domain
access-list 101 permit tcp any host 131.108.101.34 eq smtp
access-list 101 permit tcp any host 131.108.101.100 eq www
access-list 101 permit tcp any host 131.108.101.100 eq ftp
access-list 101 permit tcp any host 131.108.101.100 eq ftp-data
access-list 101 permit tcp any gt 1023 host 131.108.101.100 gt 1023
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any port-unreachable
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 22
282
access-list 101 deny tcp any any eq ident

access-list 101 deny ip any any log
access-list 120 permit ip any 131.108.0.0 0.0.255.255
access-list 1300 permit 131.119.0.0
access-list 1300 pemit!40.222. 0. 0
!
network 10
network 901
!
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
SF-Core-2
SF-Core-2 ZIP Cisco 7505.
.
- Fast
Ethernet.
HDLC- -.
SF-Core-1 SF-Core-2 HSRP-rpynny.
EIGRP-
.
FastEthernet- IPX SAP-.
SF-Core-2 :
version 12.1
!
hostname SF-Core-2
!
aaa new-model
283

!
ipx routing OOOO.cOc.OlOb
!
!
interface Loopbackl
description SF-Core-2 router loopback
ip address 131.108.254.4 255.255.255.255
!
interface FastEthernetO/0
ip address 131.108.20.4 255.255.252.0
appletalk able-range 1-10
ipx network 10
standby ip 131.108.20.5
standby preempt
ipx router-sap-filter 1001
!
interface Seriall/0
description HDLC leased line on circuit WSZ02980189 to Seoul-2
ip address 131.108.240.5 255.255.255.252
ipx network 902
!
interface Seriall/1
no ip address
shutdown
!
interface Seriall/2
no ip address
shutdown
!
interface Seriall/3
no ip address
shutdown
router eigrp 25000
redistribute static
network 131.108.0.0
no auto-summary
!
ip classless
ip route 131.108.0.0 255.255.0.0 NullO
logging 131.108.110.33
!
network 10
284
network 902
!
snmp-server
community Zipnet RO 2
snmp-server
community ZIPprivate RW 2
snmp-server
contact Allan Leinwand, allan@telegis.net
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
-
ZIP - Cisco
3640. .
- Token Ring 16
.
HDLC- SF-Core-1.
HDLC- Seoul-1.

AppleTalk, .
IPX-
SAP- IPX.
- :
version 12.1
!
hostname San-Jose
!
aaa new-model
!
285
ipx routing OOOO.clOe.lOOd

!
i
interface Loopbackl
description San-Jose router loopback
ip address 131.108.254.4 255.255.255.255
!
interface TokenRingO/0
no ip address
shutdown
!
interface SerialO/0
description HDLC leased line on circuit BCS20198ASL to SF-Core-1
ip address 131.108.240.2 255.255.255.252
ipx network 901
ipx output-sap-filter 1000
appletalk access-group 601
!
interface SerialO/1
no ip address
shutdown
!
interface TokenRingl/0
description San Jose LAN Segment
ip address 131.108.100.1 255.255.255.128
ring-speed 16
early-token-release
ntp broadcast
appletalk zone Engineering
ipx network 1010
!
interface Seriall/0
description HDLC leased line on circuit BCS1014343-9901 to Seoul-1
ip address 131.108.241.2 255.255.255.252
ipx network 1901
ipx output-sap-filter 1000
appletalk access-group 601
!
interface Seriall/1
no ip address
shutdown
!
router eigrp 25000
network 131.108.0.0
no auto-suiranary
!
ip classless
logging 131.108.110.33
access-list 601 permit nbp 1 object Engineering Public
access-list 601 permit nbp 1 type AFPServer
286
access-list 601 permit nbp 1 zone San Jose Zone

access-list 601 deny other-nbps
access-list 1000 permit 10.0000.0000.aObO
!
network 901
network 1010
network 1901
!
snmp-server location 20 Market Street, San Jose, CA, USA
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update- clendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
Seoul-1
Seoul-1 ZIP Cisco 4700.
.
Ethernet.
HSRP- .
-
Frame Relay.
Seoul-1 :
version
service
service
service
12.1
timestamps debug datetime localtime
timestamps log datetime localtime
password-encryption
hostname Seoul-1
!
aaa new-model
aaa accounting exec
stop-only group tacacs+
!
ip tcp intercept mode watch
ip tcp intercept list 120
ip tcp intercept watch-timeout 15
287
ipx routing 0000.0011.bceb
!
clock timezone KST 9
!
interface Loopbackl
description Seoul-1 router loopback
ip address 131.108.254.6 255.255.255.255
!
interface EthernetO
description Seoul LAN Segment
ip address 131.108.3.1 255.255.255.128
no ip redirects
media-type lOBaseT
ntp broadcast
appletalk zone Asia Distribution
ipx network 2010
standby 1 ip 131.108.3.3
standby 1 priority 100
standby 1 track Seriall
standby 1 preempt
standby 2 ip 131.108.3.4
standby 2 preempt
!
interface SerialO
description IETF frame relay PVCs on circuit S123789y
no ip address
bandwidth 256
!
description FR PVC 16 to Kuala-Lumpur
ip address 131.108.242.1 255.255.255.252
bandwidth 128
ipx network 2901
!
description FR PVC 17 to Singapore
ip address 131.108.242.5 255.255.255.252
bandwidth 128
ipx network 2902
!
interface Seriall
description HDLC leased line on circuit MC23-01-KL889 to San Jose
ip address 131.108.241.2 255.255.255.252
288

ipx network 1901
!
interface Serial2
description HDLC leased line on circuit ZW2390-1-H to ISP-A
ip address 211.21.2.2 255.255.255.252
ip access-group 101 in
interface Serial3
no ip address
shutdown
!
router eigrp 25000
redistribute bgp 25000 network 131.108.0.0
distribute-list 1300 out
no auto-summary
!
router bgp 25000
no synchronization
network 131.108.0.0
neighbor 211.21.2.1 description Internet Connection to ISP-A
neighbor 211.21.2.1 distribute-list ISP-routes in
neighbor 211.21.2.1 distribute-list ZIP-routes out
neighbor 131.108.254.3 des ription IBGP to SF-Core-1
neighbor 131.108.254.3 update-source Loopback 0
!
ip classless
logging 131.108.110.33
ip access-list standard ZIP-routes
permit 131.108.0.0
ip access-list standard ISP-routes
deny host 0.0.0.0
deny 127.0.0.0 0.255.255.255
deny 10.0.0.0 0.255.255.255
deny 172.16.0.0 0.15.255.255
deny 192.168.0.0 0.0.255.255
deny 192.0.2.0 0.0.0.255
deny 128.0.0.0 0.0.255.255
deny 191.255.0.0 0.0.255.
deny 192.0.0.0 0.0.0.255
deny 223.255.255.0 0.0.0.255
deny 224.0.0.0 31.255.255.255
permit any
access-list 101 remark Permits NTP DNS WWW and SMTP
access-list 101 deny tcp host 192.7.2.2 host 192.7.2.2 log
access-list 101 deny ip 131.108.0.0 0.0.255.255 any log
access-list 101 permit ip host 192.7.2.1 host 192.7.2.2
access-list 101 deny ip any host 192.7.2.2
access-list 101 permit udp any 131.108.101.99 eq domain
289

access-list 101 permit tcp any host 131.108.101.100 eq www
access-list 101 permit tcp any host 131.108.101.100 eq ftp
access-list 101 permit tcp any host 131.108.101.100 eq ftp-data
access-list 101 permit tcp any gt 1023 host 131.108.101.100 gt 1023
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any port-unreachable
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 22
access-list 101 deny tcp any any eq ident
access-list 101 deny ip any any log access-list 120 permit ip any
131.108.0.0
0.0.255.255
!
network 1901
network 2010
network 2901
!
snmp-server location 251 Second Street, Seoul, Korea
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update- calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
Seoul-2
Seoul-2 ZIP Cisco 4700.
.
Ethernet.
HSRP-rpyrm .
HDLC- SF-Core-2.
Seoul-2 :
version 12.1
!
hostname Seoul-2
290
!
aaa new-model
!
ipx routing 0000.d ec.elbO
!
clock timezone KST +9
!
interface Loopbackl
description Seoul-2 router loopback
ip address 131.108.254.7 255.255.255.255
!
interface EthernetO
description Seoul LAN Segment
ip address 131.108.3.2 255.255.255.128
no ip redirects
media-type lOBaseT
ntp broadcast
appletalk zone Asia Distribution
ipx network 2010
standby 1 preempt
standby 1 ip 131.108.3.3
standby 2 track SerialO
standby 2 preempt
standby 2 ip 131.108.3.4
!
interface SerialO
description HDLC leased line on circuit ZW983800-03 to SF-Core-2
ip address 131.108.240.6 255.255.255.252
ipx network 902
!
interface Seriall
no ip address
shutdown
!
router eigrp 25000
network 131.108.0.0
no auto-summary
!
ip classless
logging 131.108.110.33
access-list I permit 131.108.0.0 0.0.255.255
!
291
network 902
network 2010
!
ta cacs-server host 131.108.110.33
snmp-server host 131.108.20.45 Zipnet snmp frame-relay
snmp-server location 251 Second Street, Seoul, Korea
!
line con 0
password 7 095B59
line aux 0
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
config

ZIP Cisco
2501. .
Ethernet.
Seoul-1
Frame
Relay.
RIP
EIGRP RIP.

version 12.1
!
hostname Singapore
!
aaa new-model
!
ipx routing 0000.ceec.eebb
!
clock timezone SST +8
292
i
interface Loopbackl
description Singapore router loopback
ip address 131.108.254.8 255.255.255.255
!
interface EthernetO
description Singapore LAN Segment
ip address 131.108.1.1 255.255.255.128
ntp broadcast
ipx network 4010
!
interface SerialO
description IETF frame relay PVCs on Circuit Z-234987-12-MS-01
no ip address
bandwidth 128
!
description FR PVC 100 to Seoul-1
ip address 131.108.242.6 255.255.255.252
bandwidth 128
frame-relay interface-dl i 100
ipx network 2902
!
interface Seriall
no ip address
shutdown
!
router eigrp 25000
network 131.108.0.0
no auto-summary
!
router rip
redistribute eigrp 25000
passive-interface SerialO.100
network 131.108.0.0
default-metric 3
!
ip classless
logging 131.108.110.33
!
network 4010
network 2902
!
snmp-server
community Zipnet RO 2
snmp-server
community ZIPprivate RW 2
snmp-server location 1 Raffles Place, Singapore
snmp-server
contact Allan Leinwand, allan@telegis.net
!
293
line on 0
password 7 095B59
line aux 0
line vty 0 4
password 1 095B59
access-class 1 in
!
ntp update-calendar
ntp server 192.216.191.10
ntp server 129.189.134.11
!
end
SinglSDN
SinglSDN ZIP Cisco
4500. , ISDN
IP,
ZIP. ,
,
.
.
IP- ISDN-.
.
ISDN- ISDN BRI-.
-
PAP, CHAP MS-CHAP.
IP-,
.
SinglSDN :
version 12.1
!
hostname SinglSDN
!
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication ppp default group tacacs+ local
aaa authentication arap default local
aaa authorization exec local group tacacs+ if-authenticated
aaa authorization network local group radius if-authenticated
aaa accounting network stop-only group tacacs+
enable secret 5 $2$5toY$IJQPTVD4.aEDLwZ8nPrvX.
!
username jim password 7 53633635
username Janet password 7 878743465
ip address-pool local
async-bootp dns-server 131.108.101.34 131.108.101.35
async-bootp nbns-server 131.108.21.70
294
isdn switch-type basic-dmslOO

!
!
interface LoopbackO
ip address 131.108.254.11 255.255.255.255
!
interface EthernetO
description Singapore User LAN
ip address 131.108.1.81 255.255.255.128
media-type lOBaseT
!
interface BRIO
no ip address
encapsulation ppp
isdn spidl 98050101
isdn spid2 98060101
isdn answerl 50101
isdn answer2 60101
dialer rotary-group 1
!
interface BRI1
no ip address
encapsulation ppp
isdn spidl 98070101
isdn spid2 98080101
isdn answerl 70101
isdn answer2 80101
!
interface BRI2
no ip address
encapsulation ppp
isdn spidl 91470102
isdn spid2 91490102
isdn answerl 70102
isdn answer2 90102
!
interface BRI3
no ip address
encapsulation ppp
isdn spidl 91350102
isdn spid2 91390102
isdn answerl 50102
isdn answer2 90102
!
interface Ethernetl
no ip address
shutdown
i
interface Dialerl
description Singapore ISDN Dialup Pool
ip unnumbered EthernetO
encapsulation ppp
peer default ip address pool isdn-users
dialer in-band
dialer idle-timeout 300
dialer-group 1
ppp authentication chap ms-chap pap call-in
ppp multiljnk
compress mpcc
!
router eigrp 25000
network 131.108.0.0
295
no auto-summary
!
ip local pool isdn-users 131.108.1.91 131.108.1.106
ip classless
logging 131.108.110.33
access-list 102 permit tcp any any eq telnet
access-list 102 permit tcp any any eq www
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq ftp
snmp-server host 131.108.20.45 Zipnet snmp frame-relay isdn
dialer-list 1 protocol ip list 102
!
line con 0
password 7 052C092B284B47
line aux 0
password 7 095B59
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp clock-period 17179886
ntp server 192.216.191.10
ntp server 129.189.134.11
end
config
Sing2511
Sing2511 ZIP Cisco
2511. , IP,
AppleTalk IPX .
ZIP.
, ,
.
.

IP, AppleTalk IPX.
.
IP-
IP-,
.
16
.

.
Sing2511 :
version
service
service
service
12.1
timestamps debug datetime localtime
timestamps log datetime localtime
password-encryption
296
!
hostname Sing2511
!
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication ppp default group tacacs+ local
aaa authentication arap default auth-guest local
aaa authorization exec local group tacacs+ if-authenticated
aaa authorization network local group radius if-authenticated
aaa accounting network stop-only group tacacs+
!
username John password 7 15140403446A
username jane password 7 121B0405
ip address-pool local
appletalk virtual-net 3000 Ma -dialup
arap network 2500 Mac-dialup
!
!
interface LoopbackO
ip address 131.108.254.10 255.255.255.255
ipx netwrok 2500
!
interface EthernetO
description Singapore User LAN
ip address 131.108.1.80 255.255.255.128
ipx network 4010
!
interface SerialO
no ip address
shutdown
!
interface Seriall
no ip address
shutdown
!
interface Group-Async 1
description dialup pool on Singapore 2511
ip unnumbered EthernetO
encapsulation ppp
async mode interactive
appletalk client-mode
ipx ppp-client Loopback 0
ipx update interval rip 36000
ipx update interval sap 36000
peer default ip address pool modem-users
ppp authentication pap ms-chap chap call-in
ppp ipcp dns 131.108.101.34 131.108.101.35
ppp ipcp wins 131.108.21.70
compress mpcc
group-range 1 16
!
router eigrp 25000
network 131.108.0.0
no auto-summary
297
!
ip local pool modem-users 131.108.1.111 131.108.1.126
ip classless
logging 131.108.110.33
!
network 25000
network 4010
!
snmp-server host 131.108.20.45 Zipnet snmp frame-relay
snmp-server ontact Allan Leinwand, allan@telegis.net
!
line con 0
password 7 052C092B284B47
line 1 16
session-timeout 30
autoselect arap
autoselect during-login
autoselect ppp
arap enable
arap authentication default
session-dis onne t-warning 60
login authentication default
modem Dialin
modem auto configure type usr_courier
stopbits 1
rxspeed 115200
txspeed 115200
flow control hardware
line aux 0
password 7 095B59
line vty 0 4
password 7 095B59
access-class 1 in
!
ntp clock-period 17179886
ntp server 192.216.191.10
ntp server 129.189.134.11
end
config
IOS
ZIP.
, .
298

Конфиг маршрутизаторов Cisco

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Конфиг маршрутизаторов Cisco

Загружено:

Авторское право:

Доступные форматы

1

Cisco Systems, Inc.

Novell (Streams Packet Exchange SPX) AppleTalk Apple

AppleTalk- (. 5, " AppleTalk").

Zoom Integrated Products (ZIP),

Internet Protocol (IP)

Session number to resume

(Route Switch Module RSM)

Session number to resume

Apply user-profile to interface

enable password !zippy4me

Singapore#copy ftp://joebob:getmysoftware flash

, IOS, " ".

EXEC, EXEC IOS

, IOS interface EthernetO

Authentication, Authorization and Accounting

, , IOS config config-if.

Enter configuration commands, one per line. End with CTRL+Z.

Ethernet IEEE 802.3;

, Ethernet IEEE 802.3,

. 3.2. () (6) Ethernet

Ethernet IEEE 802.3

ARP type: ARPA, ARP Timeout 04:00:00

Fast Ethernet FDDI 100

High-Level Data Link Control (HDLC);

Last input 0:00:00, output 0:00:00, output hang never

1990 Cisco, Digital Equipment Corporation, Northern Telecom StrataCom

LMI, Cisco, DEC, NT StrataCom

Singapore(config-if)#frame-relay Imi-type ansi

show interfaces s 0 ZIP

255/255, load 1/255

Asynchronous Transfer Mode

ATM- show interfaces.

Digital Subscriber Line

ISDN- show interfaces.

BRIO is up, line protocol is up (spoofing)

x25 address .121

x25 ips; x25 ops

x25 win; x25 wout

isdn spidl; isdn spid2

show frame pvc

ZIPnet -> Internet-, 192.7 .2.0/30 (

. 4.4 IP- ZIP.

IOS EXEC show ip interface

IP output packet accounting is disabled

131.108.3.0/25 is directly connected,

131.108.242.0/30 is directly connected,

131.108.240.0/30 is directly connected,

ip classless ZIP SF-Core-1:

131.108.1.0/25 is directly connected, EthernetO

131.108.242.4/30 is directly connected, SerialO.100

31.108.20.0/22 is directly connected,

131.108.240.0/30 is directly connected,

192.7.2.2/30 is directly connected,

SF-Core-1(config)#ip route 140.222.0.0 255.255.0.0

131.108.240.0/30 is directly connected,

, , IOS EXEC show ip masks.

, IP. , Cisco Systems

(Open Shortest Path! First

Internet Cisco Systems

, BGP- BGP BGP-. , ,

EBGP-. SF-Core-I ASN 25000. ASN

, EIGRP, OSPF BGP,

show ip eigrp traffic