Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 1

Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 2
Contenido:
I. Routers
II. Routers Cisco
III. IOS
IV. Interface de usuario
V. Configuracin inicial Routers Cisco: setup program
VI. Configuracin de Routers Cisco
VII. Configuracin Interfaces - Parte I
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 3
Contenido:
VIII. Verificacin de la operacin del router
IX. Miscelneos
X. Ruteo IP - Parte I
XI. Listas de Acceso y Filtros
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 4
Routers ltima generacin:
Diversidad de interfaces LAN & WAN
Bridging & Protocol Translation
Multiprotocol Routing
Gateway protocols
Tunneling
Application gateways
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 5
Documentacin Cisco On-Line
http://www.cisco.com/univercd/home/home.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 6
Serie 1600
1601: 1 ethernet, 1 serial (2Mbps sync/115.2Kbps async), opc:
1 serial
Serie 1700
1720: 1 ethernet 10/100, 2 slots para 2 seriales c/u (2Mbps
sync/115.2Kbps async)
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 7
Serie 2500
2501: 1 ethernet, 2 seriales (2Mbps sync), 1 async (38.4Kbps)
p/ backup
2511: 1 ethernet, 2 seriales (2Mbps sync), 16 async
(115.2Kbps)
Serie 2600
2610: 1 ethernet, 2 slots para 2 seriales c/u (2Mb sync/115.2K
async), un slot para hasta 8 sync/async o 32 async o ATM25
2620: idem 2610 pero con 1 ethernet 10/100
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 8
Serie 3600
3640: 4 slots, uno lleva 1 ethernet y mdulos para 2 seriales,
c/u de los otros puede llevar hasta 4 sync de alta velocidad, o
8 sync/async, o 32 async, o 1 OC3, o 1 HSSI, o ATM25
Serie 4000
4500-M: 3 slots, p.ej: 1xfast ethernet, 1xE1 o E3 o OC3 o
FDDI, 1x2 sync+16 sync/async
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 9
Serie 7200
7206: 6 slots de hasta 8 sync o 8 ethernet o 2 E1 o 1 FDDI o 1
fast ethernet.
Serie 7500
lnea de routers con chasis conectables,
el chasis mas grande es 7513 con 13 slots.
cada slot puede tener hasta 1 OC3 o 1 E3 o 1 FDDI o 2
fast ethernet o 8 seriales.
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 10
Versiones:
9.x
9.0: OSPF
9.1: Priority Queueing
9.21: Inbound access lists, Tunneling, Custom Queueing,
EIGRP, PPP
10.x
10.0: 6/94 Routing filters, Classless Routing(CIDR), BGP4,
TFTP
10.2:10/94 SNMPv2, CHAP
10.3:3/95 Extended IP access list, TACACS+
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 11
11.x
11.0: 9/95 Weighted Fair Queuing, Policy routing
11.1: 3/96 RIPv2, RMON basico, RADIUS, Kerberos
11.2:10/96 NAT, named IP ACL, RSVP, Traffic shaping
11.3:12/97 Reflexive ACL, EIGRP authentication
12.x
12.0: Cisco IOS IPSec, Dial on Demand, PPP over FR
12.1: H.323 Version 2, MPLS Virtual Public Networks
12.2: DHCP, FRF-11 y FRF-12
Links: http://www.cisco.com/warp/public/732/abc/releases/
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 12
Command Modes
Configuration Modes
ROM Monitor Mode
Help
Command Syntax
Command History
Funcionalidades de edicin
Menus
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 13
User EXEC Command Mode
Proceso de login --> Router>
Router> logout
Privileged EXEC Command Mode
Router> enable --> Router#
Router# disable
Router# quit
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 14
Global Configuration Mode
Router# configure [terminal]--> Router(config)#
16 Configuration Modes:
interface, subinterface, line, router, ...
Router(config)# exit --> Router#
Router(config)# CTRL-Z (o end) --> Router#
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 15
Interface Configuration Mode
Router(config)# interface type nbr --> Router(config-if)#
Router(config)# interface serial 0
Router(config-if)# exit --> Router(config)#
Router(config-if)# CTRL-Z (o end) --> Router#
Line Configuration Mode
Router(config)# line {aux|con|tty|vty} line-nbr ending-line-nbr -->
Router(config-line)#
Router(config-line)# exit --> Router(config)#
Router(config-line)# CTRL-Z (o end) --> Router#
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 16
IP Routing Configuration Mode
Router(config)# router routingprotocol --> Router(config-router)#
Router(config)# router rip
Router(config-router)# exit --> Router(config)#
Router(config-router)# CTRL-Z (o end) --> Router#
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 17
El Router va al ROM Monitor Mode si no encuentra una system
image vlida o si la secuencia de booteo es interrumpida
Router# reload & Break (en los primeros 60 segundos)
> ?
B [filename] [TFTP Server]
C
H
I
L [filename] [TFTP Server]
> Continue --> Router>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 18
router# help
word help
router# comando_abreviado?
router# co?
configure connect copy
command syntax help
router# comando ?
router# configure ?
memory
network
terminal
<cr>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 19
Comandos abreviados
no command
router# no comando
Errores
%Incomplete command
%Invalid input detected at ^ marker
Nota: usar CTRL-P para repetir la lnea de comando previa
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 20
Default history size: 10
Router# terminal history [size nbr]
Router# show history
CTRL-P (o flecha para arriba)
CTRL-N (o flecha para abajo)
Router# no terminal history
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 21
Router# terminal editing
Router# comando_abreviado<TAB>
Router# conf<TAB> --> Router# configure
Lines that wrap:
Router# $linethatwrap$
CTRL-B (o flecha para la izquierda), CTRL-A
Delete/Backspace, CTRL-D
Redisplay: CTRL-L o CTRL-R
---More---
Router# no terminal editing
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 22
Router> menu MenuName
Menu title and banner
Menu selection items
Representa una sla lnea de comando
Mximo 18 menu items
Itemselection nbr
Itemselection text
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 23
Para ms detalles, consultar el documento Configuration
Fundamentals Overview que se encuentra en el WEB
Site de Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios122/122cgcr/ffun_c/fcfoverv.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 24
setup command
Para la configuracin rapida del router
Router# setup
Si no hay startup-config (First time configuration)
erase startup-config ( write erase)
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 25
Interface summary
Hostname
Enable secret
Enable password
Virtual terminal password
SNMP?
Community
Decnet?
AppleTalk?
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 26
IPX?
IP?
IGRP?
Async lines?
Config interface parameters
IP? IP unnumbered? IP address, SubnetBits (no MaskBits)
Interface Ethernet0, Serial0, ...
Use this config?
Router# copy running-config startup-config
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 27
Para ms detalles, consultar el documento Modifying,
Downloading, and Maintaining Configuration Files
que se encuentra en el Web Site de Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios120/12cgcr/fun_c/fcprt2/fccfgfil.htm#xtocid131721
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 28
Memoria del router
Secuencia de arranque
Proceso de configuracin
Comandos para el manejo de configuracin
Comandos para el manejo de system image
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 29
RAM
sist. operativo (IOS)
running-config
tablas
buffers
NVRAM
startup-config
configuration register
FLASH System Image (IOS)
ROM
programa de bootstrap
subset del IOS
show version
show processes cpu, protocols
show running-config
show mem, stacks, buffers
show startup-config
show flash
show version
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 30
Carga y ejecucion del programa de bootstrap (ROM)
Localizacion, carga y ejecucion del IOS
en funcion del config-register, desde:
flash
TFTP server
ROM
Localizacion y carga de la configuracion
en funcion del config-register, desde:
NVRAM (startup-config)
TFTP server
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 31
Efectuar los Cambios
Examinar Resultados
OK?
no . . . .
copy startup running
copy tftp running
reload
Si
No
show running
copy running startup
copy running tftp
Salvar la configuracin
Restauro la configuracin
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 32
configure terminal
show running-config (write terminal)
show startup-config (show configuration)
copy running-config startup-config (write mem)
reload
copy startup-config tftp
copy running-config tftp (write network)
copy tftp startup-config (configure overwrite-network)
copy tftp running-config (configure network) (cuidado!)
erase startup-config (write erase)
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 33
show flash
verify flash (copy verify flash)
copy tftp flash
erase flash (copy erase flash)
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 34
Para ms detalles, consultar el documento Loading
System Images, Microcode Images, and Configuration
Files que se encuentra en el WEB Site de Cisco y cuyo
URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios120/12cgcr/fun_c/fcprt2/fcimages.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 35
VII.1. Generalidades en la configuracin de Interfaces
VII.2. Configuracin de Interfaces LAN: Ethernet
VII.3. Configuracin de Interfaces serial punto a punto
VII.4. Configuracin de Interfaces de soft: loopback, null
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 36
Tipos de Interfaces
show interfaces
Configuration Modes
Interface Description
Interface IP Address
Interface Shutdown
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 37
Interfaces Fsicas:
Ethernet, Token Ring, FDDI,
Async Serial, Sync Serial, HSSI,
Channelized E1, Channelized T1
ISDN BRI, ISDN PRI,
ATM
Sub-Interfaces Fsicas:
Frame Relay, X25
Interfaces Virtuales:
Loopback, Null, Tunnel
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 38
Router# show interfaces
Ethernet 0 is up, line protocol is up
Hardware is MCI Ethernet, address is 0000.0c00.750c (bia 0000.0c00.750c)
Internet address is 131.108.28.8, subnet mask is 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit, DLY 100000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 4:00:00
Last input 0:00:00, output 0:00:00, output hang never
Last clearing of "show interface" counters 0:00:00
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Five minute input rate 0 bits/sec, 0 packets/sec
---More---
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 39
Global Configuration Mode
Router# configure [terminal]
Router(config)#
Interface Configuration Mode
Router(config)# interface type nbr
Router(config-if)#
Router(config-if)# exit --> Router(config)#
Router(config-if)# CTRL-Z (o end) --> Router#
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 40
description <descripcin>
interface serial 0
description Enlace con el ISP
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 41
ip address <ip-addr> <netmask> [secondary]
interface ethernet 0
ip address 10.1.1.1 255.255.255.0
ip unumbered type nbr
interface serial 0
ip unumbered ethernet 0
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 42
shutdown
interface serial 1
shutdown
no shutdown
interface serial 1
no shutdown
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 43
Para ms detalles, consultar el documento Configuring
Serial Interfaces que se encuentra en el WEB Site de
Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios121/121cgcr/inter_c/icdserin.htm
Para ms detalles, consultar el documento Configuring
LAN Interfaces que se encuentra en el WEB Site de
Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios121/121cgcr/inter_c/icdlanin.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 44
interface ethernet <number>|<slot>/<port>
[ encapsulation {arpa | sap | snap } ]
[ media-type {aui | 10baset} ]
[ no ip directed-broadcast ]
interface fastethernet <number>|<slot>/<port>
Para ms detalles, consultar el documento Configuring Interfaces -
Pag. I-204 que se encuentra en el Cisco Documentation CD y cuyo
URL es el file:///E|/data/doc/software/11_2/cfun/1cintrfc.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 45
interface serial {<number> | <slot>/<port>}
[ encapsulation { hdlc | lapb | ppp } ]
[ transmit-clock-internal ]
[ clock rate <bps> ]
[ ignore-dcd ]
[ bandwidth <Kbps> ]
Para ms detalles, consultar el documento Configuring Interfaces -
Pag. I-227 que se encuentra en el Cisco Documentation CD y cuyo
URL es el file:///E|/data/doc/software/11_2/cfun/1cintrfc.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 46
interface loopback <number>
(solo se suele configurar una descripcion y el numero de IP)
interface null <number>
(no acepta numero de IP ni otros datos)
[ no ip unreachables ]
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 47
Para ms detalles, consultar el documento Configuring
Logical Interfaces que se encuentra en el WEB Site de
Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios120/12cgcr/inter_c/iclogint.htm
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 48
show
ping
trace
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 49
Router# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 11.3(2), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 23-Feb-98 21:25 by ccai
Image text-base: 0x030317CC, data-base: 0x00001000
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a),
RELEASE SOFTWARE (fc1)
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 50
Router uptime is 1 day, 20 hours, 17 minutes
System restarted by power-on at 18:19:21 ARG Mon May 18 1998
System image file is "flash:c2500-d-l_113-2", booted via flash
cisco 2511 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 05363195, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
16 terminal line(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 51
Router# show logging
Syslog logging: enabled
Console logging: disabled
Monitor logging: level debugging, 266 messages logged.
Trap logging: level informational, 266 messages logged.
Logging to 131.108.2.238
SNMP logging: disabled, retransmission after 30 seconds
0 messages logged
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 52
Router# show interfaces
Ethernet 0 is up, line protocol is up
Hardware is MCI Ethernet, address is 0000.0c00.750c (bia 0000.0c00.750c)
Internet address is 131.108.28.8, subnet mask is 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit, DLY 100000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 4:00:00
Last input 0:00:00, output 0:00:00, output hang never
Last clearing of "show interface" counters 0:00:00
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Five minute input rate 0 bits/sec, 0 packets/sec
---More---
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 53
Router# show protocols
Global values:
Internet Protocol routing is enabled
DECNET routing is enabled
XNS routing is enabled
Appletalk routing is enabled
X.25 routing is enabled
Ethernet 0 is up, line protocol is up
Internet address is 131.108.1.1, subnet mask is 255.255.255.0
Decnet cost is 5
XNS address is 2001.AA00.0400.06CC
AppleTalk address is 4.129, zone Twilight
Serial 0 is up, line protocol is up
Internet address is 192.31.7.49, subnet mask is 255.255.255.240
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 54
Router# show ip route
Codes: I - IGRP derived, R - RIP derived, O - OSPF derived
C - connected, S - static, E - EGP derived, B - BGP derived
* - candidate default route, IA - OSPF inter area route
E1 - OSPF external type 1 route, E2 - OSPF external type 2 route
Gateway of last resort is 131.119.254.240 to network 129.140.0.0
O E2 150.150.0.0 [160/5] via 131.119.254.6, 0:01:00, Ethernet2
E 192.67.131.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
O E2 192.68.132.0 [160/5] via 131.119.254.6, 0:00:59, Ethernet2
O E2 130.130.0.0 [160/5] via 131.119.254.6, 0:00:59, Ethernet2
E 128.128.0.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 129.129.0.0 [200/129] via 131.119.254.240, 0:02:22, Ethernet2
E 192.65.129.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 131.131.0.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 192.75.139.0 [200/129] via 131.119.254.240, 0:02:23, Ethernet2
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 55
Router> ping 192.31.7.27
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 56
Router# ping
Protocol [ip]:
Target IP address: 192.31.7.27
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.31.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 57
Router# trace ip ABA.NYC.mil
Type escape sequence to abort.
Tracing the route to ABA.NYC.mil (26.0.0.73)
1 DEBRIS.CISCO.COM (131.108.1.6) 1000 msec 8 msec 4 msec
2 BARRNET-GW.CISCO.COM (131.108.16.2) 8 msec 8 msec 8 msec
3 EXTERNAL-A-GATEWAY.STANFORD.EDU (192.42.110.225) 8 msec 4 msec 4 msec
4 BB2.SU.BARRNET.NET (131.119.254.6) 8 msec 8 msec 8 msec
5 SU.ARC.BARRNET.NET (131.119.3.8) 12 msec 12 msec 8 msec
6 MOFFETT-FLD-MB.in.MIL (192.52.195.1) 216 msec 120 msec 132 msec
7 ABA.NYC.mil (26.0.0.73) 412 msec 628 msec 664 msec
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 58
Router# trace
Protocol [ip]:
Target IP address: mit.edu
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to MIT.EDU (18.72.2.1)
1 ICM-DC-2-V1.ICP.NET (192.108.209.17) 72 msec 72 msec 88 msec
2 ICM-FIX-E-H0-T3.ICP.NET (192.157.65.122) 80 msec 128 msec 80 msec
--- More ---
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 59
Router# show clock detail
15:29:03.158 PST Mon Mar 1 1993
Time source is NTP
Router# show ntp status
Clock is synchronized, stratum 4, reference is 131.108.13.57
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19
reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)
clock offset is 7.33 msec, root delay is 133.36 msec
root dispersion is 126.28 msec, peer dispersion is 5.98 msec
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 60
Router# show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 131.108.42.112 120 0000.a710.4baf ARPA Ethernet3
Internet 131.108.42.114 105 0000.a710.859b ARPA Ethernet3
Internet 131.108.42.121 42 0000.a710.68cd ARPA Ethernet3
Internet 131.108.36.9 - 0000.3080.6fd4 SNAP TokenRing0
Internet 131.108.33.9 - 0000.0c01.7bbd SNAP Fddi0
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 61
IX.1. Seguridad
IX.2. IP: subnetzero, classless
IX.3. Router & Host Names
IX.4. Usuarios: Autenticacin & Control de Acceso
IX.5. SYSLOG
IX.6. DNS
IX.7. SNMP
IX.8. NTP
IX.9. Line commands
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 62
service password-encryption
no service finger
no service tcp-small-servers
no service udp-small-servers
no ip source-route
no ip bootp server
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 63
ip subnet-zero
ip classless
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 64
hostname <name>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 65
service password-encryption
enable secret < password >
[ enable password < password > ]
username <name> priv <priv> password <password>
line con 0 0
login local
line vty 0 4
no password
login local
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 66
clock timezone ARG -3
service timestamps {debug | log} datetime localtime
logging buffered 4096 informational
(show logging)
logging <IP>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 67
ip domain-name <domain name>
ip name-server <IP>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 68
snmp-server community <community-name> {RO | RW}
<access-list-number>
snmp-server location <location-string>
snmp-server host <IP> <community-string>
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 69
ntp server 192.5.41.40 prefer
ntp server 192.5.41.41
ntp access-group peer 98
access-list 98 permit 192.5.41.40
access-list 98 permit 192.5.41.41
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 70
line vty 0 4
exec-timeout 30 0
transport preferred none
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 71
Para ms detalles, consultar el documento Cisco IOS
Security Configuration que se encuentra en el WEB
Site de Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios121/121cgcr/secur_c/index.htm.
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 72
X.1. Tabla de ruteo
X.2. Configuracin de rutas estticas
X.3. Configuracin de RIP
X.4. Configuracin de EIGRP
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 73
Router# show ip route
Codes: I - IGRP derived, R - RIP derived, O - OSPF derived
C - connected, S - static, E - EGP derived, B - BGP derived
* - candidate default route, IA - OSPF inter area route
E1 - OSPF external type 1 route, E2 - OSPF external type 2 route
Gateway of last resort is 131.119.254.240 to network 129.140.0.0
O E2 150.150.0.0 [160/5] via 131.119.254.6, 0:01:00, Ethernet2
E 192.67.131.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
O E2 192.68.132.0 [160/5] via 131.119.254.6, 0:00:59, Ethernet2
O E2 130.130.0.0 [160/5] via 131.119.254.6, 0:00:59, Ethernet2
E 128.128.0.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 129.129.0.0 [200/129] via 131.119.254.240, 0:02:22, Ethernet2
E 192.65.129.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 131.131.0.0 [200/128] via 131.119.254.244, 0:02:22, Ethernet2
E 192.75.139.0 [200/129] via 131.119.254.240, 0:02:23, Ethernet2
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 74
ip route <prerfix> <mask> {<address> | <interface>}
[<distance>] [permanent]
ip route 10.0.0.0 255.0.0.0 131.108.3.4
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 75
router rip
network <network-number>
[ passive-interface <type> <number> ]
[ neighbor ip-address ]
[ redistribute connected ]
[ redistribute static]
[ version {1 | 2} ]
[ no auto-summary ]
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 76
router eigrp <process-number>
network <network-number>
[ passive-interface <type> <number> ]
[ neighbor ip-address ]
[ redistribute connected ]
[ redistribute static]
[ variance <multiplier> ]
[ no auto-summary ]
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 77
XI.1. Listas de control de acceso (ACL)
XI.2. Filtros de acceso
XI.3. Filtros de paquetes
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 78
Listas IP standart (1-99)
no access-list <access-list-number >
access-list <access-list-number >{deny | permit} <source>
[<source-wildcard>]
any = 0.0.0.0 255.255.255.255
termina en un deny any implicito
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 79
Listas IP extendidas (100-199)
IP
access-list <access-list-number> {deny | permit} ip <source>
<source-wildcard> <destination> <destination-wildcard>
[precedence <precedence>] [tos <tos>] [log]
Shortcuts:
any = 0.0.0.0 255.255.255.255
host x.x.x.x = x.x.x.x 0.0.0.0
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 80
Listas IP extendidas (100-199)
ICMP
access-list <access-list-number> {deny | permit} icmp <source>
<source-wildcard> <destination> <destination-wildcard>
[<icmp-type> [<icmp-code>] | <icmp-message>] [precedence
<precedence>] [tos <tos>] [log]
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 81
Listas IP extendidas (100-199)
UDP
access-list <access-list-number> {deny | permit} udp <source>
<source-wildcard> [<operator> port [<port>]] <destination>
<destination-wildcard> [<operator> port [<port>]] [precedence
<precedence>] [tos <tos>] [log]
TCP
access-list <access-list-number> {deny | permit} tcp <source>
<source-wildcard> [<operator> port [<port>]] <destination>
<destination-wildcard> [<operator> port [<port>]]
[established] [precedence <precedence>] [tos <tos>] [log]
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 82
Nota: Si se aplica a la interface por la que se controla al
router, la primera linea conviene que sea:
access-list <access-list-number> permit tcp any any established
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 83
Listas con nombre (IOS 11.2)
ip access-list standart <filter-tag>
{deny | permit} <source> [<source-wildcard>]
Listas con nombre (IOS 11.2)
ip access-list extended <filter-tag>
{deny | permit} ip ...
{deny | permit} icmp ...
{deny | permit} udp ...
{deny | permit} tcp ...
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 84
line vty <number> [<number>]
access-class <std-access-list-number> {in | out}
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 85
cuando se aplica
donde se aplica
como se aplica
interface <type> {<number> | <slot>/<port>}
ip access-group <access-list-number> {in | out}
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 86
interface Serial1/0
description Linea con Telintar
ip address 209.14.97.58 255.255.255.252
ip access-group filtro-entrante in
ip access-group filtro-saliente out
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 87
ip access-list extended filtro-entrante
deny ip host 0.0.0.0 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip host 255.255.255.255 any log
deny ip 209.14.116.0 0.0.3.255 any log
deny ip host 209.14.97.58 any log
permit ip any 209.14.116.0 0.0.3.255
permit ip any host 209.14.97.58
deny ip any any log
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 88
ip access-list extended filtro-saliente
deny ip any host 0.0.0.0 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any host 255.255.255.255 log
deny ip any 209.14.116.0 0.0.3.255 log
deny ip any host 209.14.97.58 log
permit ip 209.14.116.0 0.0.3.255 any
permit ip host 209.14.97.58 any
deny ip any any log
Mayo 2002 CETR -U&R - Logtel/ECR - Curso Config Routers IP (Cisco) Parte I 89
Para ms detalles, consultar el documento Cisco IOS IP
and IP Routing Configuration Guide que se encuentra
en el WEB Site de Cisco y cuyo URL es:
http://www.cisco.com/univercd/cc/td/doc/product/software
/ios121/121cgcr/ip_c/index.htm