Вы находитесь на странице: 1из 12

...

file:///C:/Documents and Settings/Lanos/ / ...


():

WIKI

(+)

MAN'

/ "Cisco "

( | )


Cisco
: , , Cisco Systems
: http://www.banknet.kz/~info/

:
1. Cisco2511 Cisco1600
2. Cisco
2.1
2.2 enable secret password
3. - NVRAM
4. Serial X25
5. AAA (authentication, authorization, accounting), tacacs+, RADIUS
6.
7.

1. Cisco2511 Cisco1600
Cisco 1601
Cisco 1601 ,
Ethernet, Internet ,
, ISDN,
.

Cisco 1601 Ethernet-, WAN-


WAN-.

, -
. Cisco 1600
. 1601
:

. 1 12

115.2 / (
PPP, SLIP)
2.048 / ( Frame Relay,
SMDS, X.25, HDLC, LAPB, PPP)

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

Cisco 1601:

Cisco 2500
Cisco 2509 ,
.
:

1 Ethernet
2
8
Cisco 2500 Flash- EPROM,
.
(feature set)
Cisco IOS, ,
, .
- IP
Cisco, APPN RMON.
, , AUI Ethernet. DB-60 ,
(V.35, RS-232, ..). 8
68 . RJ-45,
AUX, ,
.
Cisco 2511:

2. Cisco
, ( PC TELEMATE) (
Cisco, ),
(, Ethernet, ),
.
IOS -
, , ,
. , IOS setup - .
IOS .
, . setup
:
Router#setup
:
1. :

. 2 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

telnet Router - Cisco


-Cisco>

: conf term
NVRAM: conf memory
: conf network
2. WWW ( 11.0(6), 11.1(5), , 12.0 -
): ip http server
3. ClickStart ( Cisco 1003, 1004 1005).
:
1. help - "?" - .
2. .
3. , emacs
bash ( UNIX ).
4. no,
.
: 16 - 0 15.
, 0 - : ""
. 15 - : .
:
enable [ ]
, ;
, ;
( help-
).
:
1.
2. :

. 3 12

1.
2. :
1.
2.
1.
2. a (serial Frame Relay)
3. (T1)
4. (cisco 2500 - ethernet)
5. (ATM FrameRelay)
6. (Quality of Service over Switched Virtual Circuit - ATM,
FrameRelay dialer)
7.
8. (bgp, egp, igrp, eigrp, is-is, iso-igrp, mobile, OSPF, RIP,
static)
9. IPX-
10.
11. (RIP authentication)
12.
13. LANE (ATM)
14. APPN (advance peer-to-peer Networking -
SNA)
15. IBM (Cisco 7000 CIP)
16. TN3270
17. ( IP ACL) 18.
( )
19.

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

3. ROM ( break 60 , help).



: terminal history size .
/ : Ctrl-P/Ctrl-N /.
/ : [no] terminal editing.
/: Ctrl-F/Ctrl-B /.
/ : Ctrl-A/Ctrl-E
/: Esc F/Esc B
: Tab Ctrl-I
/ : Ctrl-Y/Esc Y
/ : Delete/Ctrl-D
/ : Ctrl-U/Ctrl-K
/ : Ctrl-W/Esc D
: Ctrl-L/Ctrl-R
: Ctrl-T
: Ctrl-V Esc Q
, NVRAM .
2.1
1. COM
.
2. Term95 Telix ( 9600
kb/s). 8N1. .
3.
4. - , :
Router>enable
Router#erase startup configuration
Router#reload
5. :
Would you like to enter the initial dialog? [yes]:no
6. :
Router>

:
Router>enable
> #
7. :
Router#configure terminal
8. :
Router(config)#hostname Router ( )
9. :
Router (config)#enable secret cisco ( )
10. :
Router(config)#ip subnet-zero
Router(config)#ip classless
11. DNS, :
Router(config)#no ip domain-lookup
12. :
Router(config)#exit
Router#

13. :
Router(config)#exit
Router#write
14. :
Router#exit
Router>

15. (vty) Cisco :


Router#configure terminal ( conf t)
Router(config)#line vty 0 4

. 4 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

Router(config-line)#login
Router(config-line)#password isco
Router(config-line)#session-timeout 10 output
Router(config-line)#exit trl^Z
Router#write terminal (wr - )

16. Ethernet Cisco IP :


Router#configure terminal
Router(config)#interface Ethernet0 int E0
Router(config-if)#ip address 172.16.150.1 255.255.255.0
Router(config-if)#no shutdown - ,
.
2.2 enable secret password
.
1. Break 60 . Break
Ctrl Break Ctrl ^ C (
)
2. . , ROM Monitor
> ( Cisco):
>confreg 0x141 ( 1000/1600/3600/4500)
>o/r 0x141 ( 2500/4000)

3. Enter
>reset ( 1000/1600/3600/4500)
>i ( 2500/4000)
4. initial conf dialog? n
5. Router(boot)>enable
6. Router(boot)#copy start run ( authorisation,
)
7. Router#config term
8. Router(config)#enable secret _
9.
Router (config)#config-reg 0x2102
10. Router(config)#end
11. Router(boot)#copy run start
12. Router(boot)#reload

3. - (
IOS) NVRAM ()
Cisco : ROM ( -
BREAK ); boot ROM - ROM (
IOS - 9.1 -
ROM ) - , .
NVRAM. , (IOS
ROM). : IOS 9.1
"enable password", "enable secret"!
, Sun' TFTP ,
UDP ( ). TFTP
rcp (rsh), . ,
: show flash all
System flash directory:
File Length Name/status
addr fcksum ccksum
1
3243752 igs-i-l.110-1
0x40 0xB5C4 0xB5C4
[3243816 bytes used, 950488 available, 4194304 total]
4096K bytes of processor board System flash (Read ONLY)

. 5 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

Chip Bank Code Size Name


1 1 89A2 1024KB INTEL 28F008SA
2 1 89A2 1024KB INTEL 28F008SA
3 1 89A2 1024KB INTEL 28F008SA
4 1 89A2 1024KB INTEL 28F008SA
Executing current image from System flash

, ( )
(IOS - - !). l
, . ,
: show flash err
tftp: copy flash tftp, ,
( 666).
TFTP Windows95/NT. .
. TFTP
Windows95/NT (),
.
tftp: copy startup-config/running-config tftp
Router#copy tftp
Router#copy tftp flash
**** NOTICE ****
Flash load helper v1.0
This process will accept the copy options and then terminate
the current system image to use the ROM based image for the copy.
Routing functionality will not be available during that time.
If you are logged in via telnet, this connection will terminate.
Users with console access can see the results of the copy operation.
---- ******** ---[There are active users logged into the system]
Proceed? [confirm]y
System flash directory:
File Length Name/status
1 5010180 c2500-ras-113.6
[5010244 bytes used, 3378364 available, 8388608 total]
Address or name of remote host 172.16.150.2
Source file name? c2500-ras-113.6 name of file in flash
Destination file name [c2500-ras-113.6]y
Accessing file 'c2500-ras-113.6' on 172.16.150.2...

TFTP .
tftp: copy tftp startup-config/running-config (-,
, , ).
tftp ( !!!): copy tftp flash
, IOS , ( , ;).
(copy run start). - , , - .
, - tftp . p.s.
- ROM ( ROM , ROM IOS),
4 0-0-0-1.
: show version
: verify flash
: configure memory
: erase startup
/ : show run/start
NVRAM , .
, ;)
TFTP c ,
(IOS), .

4. Serial X25
:
1. :
Router#configure terminal
2. , X25:
. 6 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

Router(config)#x25 routing

3. 0:
Router(config)#interface serial 0
4. X25
Router(config-if)#encapsulation x25 dte (dce)
dte dce , , .
. dte.
5. X25 . DCE ,
, Cisco ( X25):
Router(config-if)#x25 address 232420023 X25
Router(config-if)#x25 ips 128
Router(config-if)#x25 ops 128
Router(config-if)#x25 win 2 .
Router(config-if)#x25 wout 2 .
Router(config-if)#x25 htc 28 -
6. :
Router(config-if)#no shutdown
Router(config-if)#exit
7. serial 1, ( Cisco2509).
8. X25 , .
X25, default
Router(config)#x25 route .* interface Serial0
* - ,
Router(config)#x25 route 2324200 .* interface Serial0
9. X25 TCP/IP. IP :
Router(config-if)#ip address 10.1.1.1 255.255.255.0
Router(config-if)#x25 map ip 10.1.1.2 232420024 ompress
IP address X25 address ,
( ) compress - .
10. X25:
Roter#show x25 route
Roter#show x25 map
11. :
Roter#copy running-config startup-config
12. ():
Router(config)#ip route 172.16.160.0 255.255.255.0 10.1.1.2 permanent
172.16.160.0 255.255.255.0 - , ., 10.1.1.2 , cisco X25
Router(config)#exit
Router#show config
Router#copy run start

5. AAA (authentication, authorization, accounting), tacacs+,


RADIUS
(tacacs+, RADIUS) - , UNIX-
: , .
AAA authentication ( ), authentication (
) accounting ( ).
, .
AAA IOS ""
. ( ), IOS
. ,
. , default.
- ,
default .
aaa new-model # tacacs+,
aaa processes # , AAA (
). 10%
1-, , ,

. 7 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

show ppp queues # , AAA (


)
tacacs-server host IP--tacacs+- [single-connection] [port (49)] [timeout ] [key
-] # tac_plus 4.0.2 single-connection;
,
tacacs-server key key <> # ,
tacacs+
tacacs-server retransmit retries # ( - 2)
tacacs-server timeout seconds # , , (
- 5 )
ip tacacs source-interface subinterface-name # IP- TACACS
tacacs-server directed-request # ;
: @; , (,
, )
, - .
restricted.
authentication

.
:
aaa authentication login {- | default } 1 [ 2 ] ...
:
tacacs+ - TACACS+
none -
enable - (enable password)
krb5 - Kerberos 5
krb5-telnet - Kerberos 5 telnet
line - ,
local -
radius - RADIUS
kerberos IOS .
():
line - - [----]
login authentification { default | -- }
:
aaa authentication login default tacacs+ enable # -
tacacs+ , ,
. .. default, .
RAS PPP, ,

PPP, ( default ):
aaa authentication ppp {- | default } 1 [ 2 ] ...
(if-needed TACACS XTACACS, callin
, one-time
):
interface - -
ppp authentication {chap | pap | chap pap | pap chap} [if-needed] {default | list-name}
[callin] [one-time]
PPP- :
tacacs+ - TACACS+
radius - RADIUS
none -
local -
krb5 - Kerberos 5
if-needed - ,
:
aaa authentication ppp default if-needed none # PPP,
, ( ?), ..
default, .
:

. 8 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

aaa authentication enable default 1 [ 2 ] ...


:
enable - (enable password)
line - ,
none -
tacacs+ - TACACS+
radius - RADIUS
(access-profile, ip trigger-authentication, show ip trigger-authentication,
clear ip trigger-authentication) , - .
AAA ( AAA , )
( ), 80 (
):
password
login
( , password autocommand ..
, -
), CHAP ( CHAP-
, .. ):
username [nopassword | password - | password ][callback-dialstring
-] [callback-rotary --rotary] [callback-line[tty] line-number [endingline-number]] [access-class -ACL] [privilege ][autocommand ] [noescape ]
[nohangup ]
:
8 . ( 25 ,
, - ) - IOS. CHAP 11 . tac_plus , crypt - 8 .
:
enable [secret] [level - ] {password | encryption-type encrypted-password}
secret ( ).
, 15 -
, (enable, disable, exit, help)
. encryption-type:
7 ( enable secret, , )
5 ( enable secret, )
0 ( ) ( )
service password-encryption (
clear line ;)
privilege mode level level command ( mode - : exec, configure, interface, line
.) , (
)
privilege level level

show privilege
( EXEC)
enable
:
aaa authentication local-override #
, (
EXEC , .. )
timeout login response seconds # IOS (30
, )
aaa authentication password-prompt text-string ( ) aaa
authentication username-prompt text-string ( )
aaa authentication banner delimiter string delimiter
aaa authentication fail-message delimiter string delimiter
chap pap PPP (.. encapsulation ppp )(
):
ppp authentication {chap | chap pap | pap chap | pap | ms-chap } [if-needed] [list-name |
default] [callin] [one-time] list-name one-time ,
AAA if-needed TACACS XTACACS ( AAA)

. 9 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

,
(PAP)
ppp pap sent-username username password password
CHAP ( ):
ppp chap refuse [callin]
CHAP , (
):
ppp chap wait secret
( NAS) ,
:
ppp chap hostname hostname
( 11 ) CHAP ,
:
ppp chap password secret
( 3):
tacacs-server attempts count
authorization
() :
exec ( )
command ( , .. ) network (
PPP, SLIP, ARAP)
reverse access ( telnet, ),
tacacs+ radius

. ,
default . ,
, AAA NAS , TACACS+,
/ RADIUS .
:
tacacs+ - TACACS+ AV
if-authenticated -
none -
local - BD, username (
)
:
aaa authorization [network | exec | command level | reverse-access ] [ | default ]{ tacacs+
| if-authenticated | none | local | radius | krb5-instance}
, ,
. (
):
authorization {arap | commands level | exec | reverse-access} {default | list-name}
( SLIP) ppp authorization
{default | list-name}
:
no aaa authorization config-command
:
aaa authorization exec default tacacs+ if-authenticated # EXEC (shell
) tacacs+, , ,
- tacacs+
( telnet ppp)
aaa authorization commands 1 default tacacs+ if-authenticated #
1 () tacacs+, ,
,
aaa authorization commands 15 default tacacs+ if-authenticated #
15 () tacacs+, ,
,
aaa authorization network default tacacs+ if-authenticated # , -
, tacacs+, , ,

. 10 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...


accounting

. default.
, .
:
tacacs+ - AV tacacs+
radius - AV RADIUS
:
network - PPP, SLIP ARAP ,
exec - EXEC-
command - ?
connection - (telnet, rlogin, LAT, TN3270, PAD)
system - ( default tacacs+)
:
stop-only -
wait-start - ,
TACACS+ RADIUS
(, tac_plus)
start-stop -
none -
:
aaa accounting {system | network | exec | connection | commands level} {default | list-name}
{start-stop | wait-start | stop-only | none} [method1 [method2...] ]

accounting {arap | exec | connection | commands level} {default | list-name}
( SLIP)
ppp accounting {default | list-name}
:
aaa accounting suppress null-username # , (aaa authentication login method-list none)
aaa accounting update {newinfo | periodic number} #
/ ( update newinfo)
:
show accounting

6.
, .
:
1. :
Router#configure terminal
Router(config)#x25 routing
2. :
Router(config)#interface async 1
3. PPP (point-to-point) :
Router(config-if)#encapsulation ppp
4. PPP :
Router(config-if)#async mode interactive
Router(config-if)#ppp authentication chap
5. IP address:
Router(config-if)#ip address 192.168.20.1 255.255.255.0
6. :
Router(config-if)#no shutdown
Router(config-if)#exit
Router#write
7. async, ( Cisco2509).

7.
. 11 12

26.02.2013 0:09

...

file:///C:/Documents and Settings/Lanos/ / ...

show ?
, .
show async status
show interface async
show compress
show controller -
show interface accounting
show interface
clear counters
show protocols
show version
clear interface
clear line
shutdown
no shutdown
show ip route
show x25 route

Linux Format 2012!


"Linux Format" ( )-
,
Linux .
IT-, IT-, ,
,
. :
OpenSource, ,
.
, , ,
2005-2011 ..
pdf-.


. 12 12

Created 1996-2013 by Maxim Chirkov


, , ,

26.02.2013 0:09